X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FNodeUserLoginModule.java;h=a2f5863cb434008cf06f8ba02b27e5d79525d2f8;hb=19b5a36f4845c4720554fbe06a8354fbaf842671;hp=74fe4e421e747e0998b7e2763663ae0ab1be0f03;hpb=9dba7b01008499bdaf15c754190906d3200713fe;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java index 74fe4e421..a2f5863cb 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java @@ -68,49 +68,48 @@ public class NodeUserLoginModule implements LoginModule { @Override public boolean commit() throws LoginException { - if (authorization != null) { - Set principals = subject.getPrincipals(); - try { - String authName = authorization.getName(); - - // determine user's principal - final LdapName name; - final Principal userPrincipal; - if (authName == null) { - name = ROLE_ANONYMOUS_NAME; - userPrincipal = ROLE_ANONYMOUS_PRINCIPAL; - principals.add(userPrincipal); - principals.add(new AnonymousPrincipal()); + if (authorization == null) + throw new LoginException("Authorization should not be null"); + Set principals = subject.getPrincipals(); + try { + String authName = authorization.getName(); + + // determine user's principal + final LdapName name; + final Principal userPrincipal; + if (authName == null) { + name = ROLE_ANONYMOUS_NAME; + userPrincipal = ROLE_ANONYMOUS_PRINCIPAL; + principals.add(userPrincipal); + principals.add(new AnonymousPrincipal()); + } else { + name = new LdapName(authName); + checkUserName(name); + userPrincipal = new X500Principal(name.toString()); + principals.add(userPrincipal); + principals.add(new ImpliedByPrincipal(ROLE_USER_NAME, + userPrincipal)); + } + + // Add roles provided by authorization + for (String role : authorization.getRoles()) { + LdapName roleName = new LdapName(role); + if (roleName.equals(name)) { + // skip } else { - name = new LdapName(authName); - checkUserName(name); - userPrincipal = new X500Principal(name.toString()); - principals.add(userPrincipal); - principals.add(new ImpliedByPrincipal(ROLE_USER_NAME, + checkImpliedPrincipalName(roleName); + principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal)); + if (roleName.equals(ROLE_ADMIN_NAME)) + principals.add(new AdminPrincipal( + SecurityConstants.ADMIN_ID)); } - - // Add roles provided by authorization - for (String role : authorization.getRoles()) { - LdapName roleName = new LdapName(role); - if (roleName.equals(name)) { - // skip - } else { - checkImpliedPrincipalName(roleName); - principals.add(new ImpliedByPrincipal(roleName - .toString(), userPrincipal)); - if (roleName.equals(ROLE_ADMIN_NAME)) - principals.add(new AdminPrincipal( - SecurityConstants.ADMIN_ID)); - } - } - - return true; - } catch (InvalidNameException e) { - throw new CmsException("Cannot commit", e); } - } else - return false; + + return true; + } catch (InvalidNameException e) { + throw new CmsException("Cannot commit", e); + } } @Override @@ -121,14 +120,14 @@ public class NodeUserLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - // TODO better deal with successive logout if (subject == null) - return true; - // TODO make it less brutal + throw new LoginException("Subject should not be null"); + // Argeo subject.getPrincipals().removeAll( subject.getPrincipals(X500Principal.class)); subject.getPrincipals().removeAll( subject.getPrincipals(ImpliedByPrincipal.class)); + // Jackrabbit subject.getPrincipals().removeAll( subject.getPrincipals(AdminPrincipal.class)); subject.getPrincipals().removeAll(