X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FNodeUserLoginModule.java;h=956b4a65cd512ba70f6575cf9d9105c803a3a33a;hb=54cba9d97464302cbcfad9d8a57cb23a17bdddb7;hp=79714b16aa845084646eece27479dec61a7e9e82;hpb=e7934b53bd71a084dc069f6500f7a168a28efdaf;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java index 79714b16a..956b4a65c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java @@ -21,24 +21,25 @@ import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.argeo.cms.CmsException; import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.node.NodeConstants; import org.osgi.service.useradmin.Authorization; public class NodeUserLoginModule implements LoginModule, AuthConstants { private Subject subject; private Map sharedState = null; - private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME; + private final static LdapName ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME; private final static List RESERVED_ROLES; private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL; static { try { - ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL); - ROLE_ADMIN_NAME = new LdapName(AuthConstants.ROLE_ADMIN); - ROLE_USER_NAME = new LdapName(AuthConstants.ROLE_USER); - ROLE_ANONYMOUS_NAME = new LdapName(AuthConstants.ROLE_ANONYMOUS); - RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_KERNEL_NAME, - ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN), - new LdapName(AuthConstants.ROLE_USER_ADMIN) })); + // ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL); + ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN); + ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER); + ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS); + RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_ADMIN_NAME, + ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN), + new LdapName(NodeConstants.ROLE_USER_ADMIN) })); ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString()); } catch (InvalidNameException e) { throw new Error("Cannot initialize login module class", e); @@ -124,12 +125,15 @@ public class NodeUserLoginModule implements LoginModule, AuthConstants { public boolean logout() throws LoginException { if (subject == null) throw new LoginException("Subject should not be null"); + // Clean up principals // Argeo subject.getPrincipals().removeAll(subject.getPrincipals(X500Principal.class)); subject.getPrincipals().removeAll(subject.getPrincipals(ImpliedByPrincipal.class)); // Jackrabbit subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class)); subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class)); + // Clean up private credentials + subject.getPrivateCredentials().clear(); cleanUp(); return true; } @@ -145,8 +149,7 @@ public class NodeUserLoginModule implements LoginModule, AuthConstants { } private void checkImpliedPrincipalName(LdapName roleName) { - if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName) - || ROLE_KERNEL_NAME.equals(roleName)) + if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName)) throw new CmsException(roleName + " cannot be listed as role"); } }