X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.jackrabbit%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoLoginModule.java;h=2ff913dd2b07fdcb502ed89ccb86066900c40853;hb=2eb5af6e40362242aeec04ab0ad455c713b72d61;hp=a80f2668228acf6bc3a34ab525e282f2e8e0c309;hpb=b3b39d5606a0c48d64a804f4aff5459ea3addc31;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java index a80f26682..2ff913dd2 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java @@ -24,7 +24,6 @@ import java.util.Set; import javax.jcr.Credentials; import javax.jcr.RepositoryException; import javax.jcr.Session; -import javax.jcr.SimpleCredentials; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; @@ -41,49 +40,16 @@ import org.springframework.security.core.context.SecurityContextHolder; public class ArgeoLoginModule extends AbstractLoginModule { private String adminRole = "ROLE_ADMIN"; - @SuppressWarnings("unused") - @Override - public boolean login() throws LoginException { - boolean loginOk = super.login(); - if (!loginOk) { - org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) SecurityContextHolder - .getContext().getAuthentication(); - } - return loginOk; - } - - @SuppressWarnings("unused") - @Override - public boolean commit() throws LoginException { - boolean commitOk = super.commit(); - if (!commitOk) { - org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) SecurityContextHolder - .getContext().getAuthentication(); - } - return commitOk; - } - /** * Returns the Spring {@link org.springframework.security.Authentication} * (which can be null) */ @Override protected Principal getPrincipal(Credentials credentials) { - org.springframework.security.core.Authentication authen = SecurityContextHolder - .getContext().getAuthentication(); - return authen; + return SecurityContextHolder.getContext().getAuthentication(); } protected Set getPrincipals() { - // clear already registered Jackrabbit principals - // clearPrincipals(AdminPrincipal.class); - // clearPrincipals(AnonymousPrincipal.class); - // clearPrincipals(GrantedAuthorityPrincipal.class); - - return syncPrincipals(); - } - - protected Set syncPrincipals() { // use linked HashSet instead of HashSet in order to maintain the order // of principals (as in the Subject). org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) principal; @@ -93,12 +59,13 @@ public class ArgeoLoginModule extends AbstractLoginModule { if (authen instanceof SystemAuthentication) { principals.add(new AdminPrincipal(authen.getName())); - principals.add(new ArgeoSystemPrincipal(authen.getName())); + // principals.add(new ArgeoSystemPrincipal(authen.getName())); } else if (authen instanceof AnonymousAuthenticationToken) { principals.add(new AnonymousPrincipal()); } else { for (GrantedAuthority ga : authen.getAuthorities()) { - principals.add(new GrantedAuthorityPrincipal(ga)); + if (ga instanceof Principal) + principals.add((Principal) ga); // FIXME: make it more generic if (adminRole.equals(ga.getAuthority())) principals.add(new AdminPrincipal(authen.getName())); @@ -106,13 +73,10 @@ public class ArgeoLoginModule extends AbstractLoginModule { } // remove previous credentials - Set thisCredentials = subject - .getPublicCredentials(SimpleCredentials.class); - if (thisCredentials != null) - thisCredentials.clear(); - // override credentials since we did not used the one passed to us - // credentials = new SimpleCredentials(authen.getName(), authen - // .getCredentials().toString().toCharArray()); + // Set thisCredentials = subject + // .getPublicCredentials(SimpleCredentials.class); + // if (thisCredentials != null) + // thisCredentials.clear(); return principals; } @@ -122,26 +86,29 @@ public class ArgeoLoginModule extends AbstractLoginModule { * {@link org.springframework.security.Authentication} as well. Here we * simply clear Jackrabbit related {@link Principal}s. */ - @Override - public boolean logout() throws LoginException { - clearPrincipals(AdminPrincipal.class); - clearPrincipals(ArgeoSystemPrincipal.class); - clearPrincipals(AnonymousPrincipal.class); - clearPrincipals(GrantedAuthorityPrincipal.class); - - // we resync with Spring Security since the subject may have been reused - // in beetween - // TODO: check if this is clean - // subject.getPrincipals().addAll(syncPrincipals()); - - return true; - } - - private void clearPrincipals(Class clss) { - Set principals = subject.getPrincipals(clss); - if (principals != null) - principals.clear(); - } + // @Override + // public boolean logout() throws LoginException { + // Set principals = subject.getPrincipals(); + // for (Principal principal : subject.getPrincipals()) { + // if ((principal instanceof AdminPrincipal) + // || (principal instanceof ArgeoSystemPrincipal) + // || (principal instanceof AnonymousPrincipal) + // || (principal instanceof GrantedAuthority)) { + // principals.remove(principal); + // } + // } + // // clearPrincipals(AdminPrincipal.class); + // // clearPrincipals(ArgeoSystemPrincipal.class); + // // clearPrincipals(AnonymousPrincipal.class); + // // clearPrincipals(GrantedAuthority.class); + // return true; + // } + + // private void clearPrincipals(Class clss) { + // Set principals = subject.getPrincipals(clss); + // if (principals != null) + // principals.clear(); + // } @SuppressWarnings("rawtypes") @Override