projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix various issues with security
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.jackrabbit / src / main / java / org / argeo / security / jackrabbit / ArgeoLoginModule.java
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index 1ab93edbb18f5678bfadd79f88c2b11ba8e7657c..73ec76a8f7c72b83c18a1de5b7390fa6a7b68bd9 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -50,6 +50,7 @@ public class ArgeoLoginModule extends AbstractLoginModule {
                        principals.add(new AnonymousPrincipal());
                else
                        for (GrantedAuthority ga : authen.getAuthorities()) {
+                               // FIXME: make it more generic
                                if (adminRole.equals(ga.getAuthority()))
                                        principals.add(new AdminPrincipal(authen.getName()));
                        }
@@ -61,6 +62,28 @@ public class ArgeoLoginModule extends AbstractLoginModule {
                return principals;
        }
 
+       /**
+        * Super implementation removes all {@link Principal}, the Spring
+        * {@link org.springframework.security.Authentication} as well. Here we
+        * simply clear Jackrabbit related {@link Principal}s.
+        */
+       @Override
+       public boolean logout() throws LoginException {
+               Set<AdminPrincipal> adminPrincipals = subject
+                               .getPrincipals(AdminPrincipal.class);
+               Set<AnonymousPrincipal> anonymousPrincipals = subject
+                               .getPrincipals(AnonymousPrincipal.class);
+               Set<SimpleCredentials> thisCredentials = subject
+                               .getPublicCredentials(SimpleCredentials.class);
+               if (thisCredentials != null)
+                       thisCredentials.clear();
+               if (adminPrincipals != null)
+                       adminPrincipals.clear();
+               if (anonymousPrincipals != null)
+                       anonymousPrincipals.clear();
+               return true;
+       }
+
        @SuppressWarnings("rawtypes")
        @Override
        protected void doInit(CallbackHandler callbackHandler, Session session,
Argeo Commons - Lightweight integration framework in pure Java/OSGi