X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FDataAdminLoginModule.java;h=d4f402853b2174bdb1e568f906f70e5dd9b57e5f;hb=HEAD;hp=5c7b64377cd80422c952f9b3e4d2662251d43e9a;hpb=06acf73a99f0e3908fe8998f1ff08dee109c5562;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java index 5c7b64377..d4f402853 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java @@ -2,25 +2,30 @@ package org.argeo.cms.auth; import java.util.Map; +import javax.security.auth.AuthPermission; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.argeo.node.DataAdminPrincipal; +import org.argeo.api.cms.DataAdminPrincipal; +/** + * Log-in a system process as data admin. Protection is via + * {@link AuthPermission} on this login module, so if it can be accessed it will + * always succeed. + */ public class DataAdminLoginModule implements LoginModule { private Subject subject; @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, + Map options) { this.subject = subject; } @Override public boolean login() throws LoginException { - // TODO check permission? return true; } @@ -37,8 +42,7 @@ public class DataAdminLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - // remove ALL credentials (e.g. additional Jackrabbit credentials) - subject.getPrincipals().clear(); + subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class)); return true; }