X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.node.api%2Fsrc%2Forg%2Fargeo%2Fnode%2FDataAdminLoginModule.java;fp=org.argeo.node.api%2Fsrc%2Forg%2Fargeo%2Fnode%2FDataAdminLoginModule.java;h=307474821ee5a0008e5d40bd60dd750110cdbe19;hb=1f4ff4da0e5d85821b005267dfa9eece9f8ca9bb;hp=0000000000000000000000000000000000000000;hpb=0d46a59c2e2a704b617c1a665fa5155bd4e40682;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.node.api/src/org/argeo/node/DataAdminLoginModule.java b/org.argeo.node.api/src/org/argeo/node/DataAdminLoginModule.java
new file mode 100644
index 000000000..307474821
--- /dev/null
+++ b/org.argeo.node.api/src/org/argeo/node/DataAdminLoginModule.java
@@ -0,0 +1,48 @@
+package org.argeo.node;
+
+import java.util.Map;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.argeo.node.security.DataAdminPrincipal;
+
+/**
+ * Log-in a system process as data admin. Protection is via
+ * {@link AuthPermission} on this login module, so if it can be accessed it will
+ * always succeed.
+ */
+public class DataAdminLoginModule implements LoginModule {
+	private Subject subject;
+
+	@Override
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+			Map<String, ?> options) {
+		this.subject = subject;
+	}
+
+	@Override
+	public boolean login() throws LoginException {
+		return true;
+	}
+
+	@Override
+	public boolean commit() throws LoginException {
+		subject.getPrincipals().add(new DataAdminPrincipal());
+		return true;
+	}
+
+	@Override
+	public boolean abort() throws LoginException {
+		return true;
+	}
+
+	@Override
+	public boolean logout() throws LoginException {
+		subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
+		return true;
+	}
+}