X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FCmsAuthUtils.java;h=e9462c3add31cb7dbd0ef16f48afb00e2225a611;hb=3577df2ca5eee54db1ac39a7bd5ed7bdc8824a67;hp=9a60e913465eb530c4ebba7be3ecba72791681a9;hpb=b6e64316eb5472b68f4673cbda3f1e375defe8fe;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 9a60e9134..e9462c3ad 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -13,18 +13,14 @@ import javax.security.auth.x500.X500Principal;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
-//import org.apache.jackrabbit.core.security.AnonymousPrincipal;
-//import org.apache.jackrabbit.core.security.SecurityConstants;
-//import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.CmsException;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.security.AnonymousPrincipal;
+import org.argeo.api.security.DataAdminPrincipal;
+import org.argeo.api.security.NodeSecurityUtils;
 import org.argeo.cms.internal.auth.CmsSessionImpl;
 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
 import org.argeo.cms.internal.http.WebCmsSessionImpl;
 import org.argeo.cms.internal.kernel.Activator;
-import org.argeo.node.NodeConstants;
-import org.argeo.node.security.AnonymousPrincipal;
-import org.argeo.node.security.DataAdminPrincipal;
-import org.argeo.node.security.NodeSecurityUtils;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.InvalidSyntaxException;
@@ -32,6 +28,7 @@ import org.osgi.framework.ServiceReference;
 import org.osgi.service.http.HttpContext;
 import org.osgi.service.useradmin.Authorization;
 
+/** Centrlaises security related registrations. */
 class CmsAuthUtils {
 	// Standard
 	final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
@@ -44,6 +41,8 @@ class CmsAuthUtils {
 	final static String SHARED_STATE_SPNEGO_TOKEN = "org.argeo.cms.auth.spnegoToken";
 	final static String SHARED_STATE_SPNEGO_OUT_TOKEN = "org.argeo.cms.auth.spnegoOutToken";
 	final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain";
+	final static String SHARED_STATE_REMOTE_ADDR = "org.argeo.cms.auth.remote.addr";
+	final static String SHARED_STATE_REMOTE_PORT = "org.argeo.cms.auth.remote.port";
 
 	static void addAuthorization(Subject subject, Authorization authorization) {
 		assert subject != null;
@@ -73,8 +72,10 @@ class CmsAuthUtils {
 				NodeSecurityUtils.checkUserName(name);
 				userPrincipal = new X500Principal(name.toString());
 				principals.add(userPrincipal);
-				// principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME,
-				// userPrincipal));
+
+				if (Activator.isSingleUser()) {
+					principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_ADMIN_NAME, userPrincipal));
+				}
 			}
 
 			// Add roles provided by authorization
@@ -93,10 +94,8 @@ class CmsAuthUtils {
 			}
 
 		} catch (InvalidNameException e) {
-			throw new CmsException("Cannot commit", e);
+			throw new IllegalArgumentException("Cannot commit", e);
 		}
-
-		// registerSessionAuthorization(request, subject, authorization, locale);
 	}
 
 	private static void checkSubjectEmpty(Subject subject) {
@@ -144,7 +143,7 @@ class CmsAuthUtils {
 						cmsSession.close();
 						cmsSession = null;
 					} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
-						throw new CmsException("Inconsistent user " + authorization.getName()
+						throw new IllegalStateException("Inconsistent user " + authorization.getName()
 								+ " for existing CMS session " + cmsSession);
 					}
 					// keyring
@@ -169,7 +168,7 @@ class CmsAuthUtils {
 					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
 							.getUuid();
 					// if (storedSessionId.equals(httpSessionId.getValue()))
-					throw new CmsException(
+					throw new IllegalStateException(
 							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
 				}
 			}
@@ -185,7 +184,7 @@ class CmsAuthUtils {
 			sr = bc.getServiceReferences(CmsSession.class,
 					"(" + CmsSession.SESSION_LOCAL_ID + "=" + httpSessionId + ")");
 		} catch (InvalidSyntaxException e) {
-			throw new CmsException("Cannot get CMS session for id " + httpSessionId, e);
+			throw new IllegalArgumentException("Cannot get CMS session for id " + httpSessionId, e);
 		}
 		CmsSession cmsSession;
 		if (sr.size() == 1) {
@@ -197,7 +196,7 @@ class CmsAuthUtils {
 		} else if (sr.size() == 0)
 			return null;
 		else
-			throw new CmsException(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
+			throw new IllegalStateException(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
 		return cmsSession;
 	}