X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=661cc6905fb9a33753348cfa1e81d5b47a508e47;hb=65a2d5025613ddb694ec81945d92605d2aba4991;hp=d50535eaefcedaa791f06b93342c94634f68b552;hpb=a5459b7f0a4ce0463b950efd5c776368fe169256;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java index d50535eae..661cc6905 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java @@ -19,6 +19,7 @@ import org.argeo.cms.CmsException; import org.argeo.cms.internal.auth.CmsSessionImpl; import org.argeo.cms.internal.auth.ImpliedByPrincipal; import org.argeo.cms.internal.http.WebCmsSessionImpl; +import org.argeo.cms.internal.kernel.Activator; import org.argeo.node.NodeConstants; import org.argeo.node.security.AnonymousPrincipal; import org.argeo.node.security.DataAdminPrincipal; @@ -38,6 +39,7 @@ class CmsAuthUtils { final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request"; final static String SHARED_STATE_SPNEGO_TOKEN = "org.argeo.cms.auth.spnegoToken"; final static String SHARED_STATE_SPNEGO_OUT_TOKEN = "org.argeo.cms.auth.spnegoOutToken"; + final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain"; static void addAuthorization(Subject subject, Authorization authorization, Locale locale, HttpServletRequest request) { @@ -48,6 +50,10 @@ class CmsAuthUtils { // required for display name: subject.getPrivateCredentials().add(authorization); + if (Activator.isSingleUser()) { + subject.getPrincipals().add(new DataAdminPrincipal()); + } + Set principals = subject.getPrincipals(); try { String authName = authorization.getName(); @@ -59,13 +65,13 @@ class CmsAuthUtils { name = NodeSecurityUtils.ROLE_ANONYMOUS_NAME; userPrincipal = new AnonymousPrincipal(); principals.add(userPrincipal); - // principals.add(new AnonymousPrincipal()); } else { name = new LdapName(authName); NodeSecurityUtils.checkUserName(name); userPrincipal = new X500Principal(name.toString()); principals.add(userPrincipal); - principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, userPrincipal)); + // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, + // userPrincipal)); } // Add roles provided by authorization @@ -73,6 +79,8 @@ class CmsAuthUtils { LdapName roleName = new LdapName(role); if (roleName.equals(name)) { // skip + } else if (roleName.equals(NodeSecurityUtils.ROLE_ANONYMOUS_NAME)) { + // skip } else { NodeSecurityUtils.checkImpliedPrincipalName(roleName); principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal));