+/*
+ * Copyright (C) 2007-2012 Argeo GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.jackrabbit;
import java.security.Principal;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+/** Jackrabbit login mechanism based on Spring Security */
public class ArgeoLoginModule extends AbstractLoginModule {
private String adminRole = "ROLE_ADMIN";
+ @SuppressWarnings("unused")
+ @Override
+ public boolean login() throws LoginException {
+ boolean loginOk = super.login();
+ if (!loginOk) {
+ org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder
+ .getContext().getAuthentication();
+ }
+ return loginOk;
+ }
+
+ @SuppressWarnings("unused")
+ @Override
+ public boolean commit() throws LoginException {
+ boolean commitOk = super.commit();
+ if (!commitOk) {
+ org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder
+ .getContext().getAuthentication();
+ }
+ return commitOk;
+ }
+
/**
* Returns the Spring {@link org.springframework.security.Authentication}
* (which can be null)
}
protected Set<Principal> getPrincipals() {
+ // clear already registered Jackrabbit principals
+ // clearPrincipals(AdminPrincipal.class);
+ // clearPrincipals(AnonymousPrincipal.class);
+ // clearPrincipals(GrantedAuthorityPrincipal.class);
+
+ return syncPrincipals();
+ }
+
+ protected Set<Principal> syncPrincipals() {
// use linked HashSet instead of HashSet in order to maintain the order
// of principals (as in the Subject).
- Set<Principal> principals = new LinkedHashSet<Principal>();
- principals.add(principal);
-
org.springframework.security.Authentication authen = (org.springframework.security.Authentication) principal;
- if (authen instanceof SystemAuthentication)
+ Set<Principal> principals = new LinkedHashSet<Principal>();
+ principals.add(authen);
+
+ if (authen instanceof SystemAuthentication) {
principals.add(new AdminPrincipal(authen.getName()));
- else if (authen instanceof AnonymousAuthenticationToken)
+ principals.add(new ArgeoSystemPrincipal(authen.getName()));
+ } else if (authen instanceof AnonymousAuthenticationToken) {
principals.add(new AnonymousPrincipal());
- else
+ } else {
for (GrantedAuthority ga : authen.getAuthorities()) {
principals.add(new GrantedAuthorityPrincipal(ga));
// FIXME: make it more generic
if (adminRole.equals(ga.getAuthority()))
principals.add(new AdminPrincipal(authen.getName()));
}
+ }
+ // remove previous credentials
+ Set<SimpleCredentials> thisCredentials = subject
+ .getPublicCredentials(SimpleCredentials.class);
+ if (thisCredentials != null)
+ thisCredentials.clear();
// override credentials since we did not used the one passed to us
- credentials = new SimpleCredentials(authen.getName(), authen
- .getCredentials().toString().toCharArray());
+ // credentials = new SimpleCredentials(authen.getName(), authen
+ // .getCredentials().toString().toCharArray());
return principals;
}
@Override
public boolean logout() throws LoginException {
clearPrincipals(AdminPrincipal.class);
+ clearPrincipals(ArgeoSystemPrincipal.class);
clearPrincipals(AnonymousPrincipal.class);
clearPrincipals(GrantedAuthorityPrincipal.class);
- Set<SimpleCredentials> thisCredentials = subject
- .getPublicCredentials(SimpleCredentials.class);
- if (thisCredentials != null)
- thisCredentials.clear();
+
+ // we resync with Spring Security since the subject may have been reused
+ // in beetween
+ // TODO: check if this is clean
+ // subject.getPrincipals().addAll(syncPrincipals());
+
return true;
}