X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.jackrabbit%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoLoginModule.java;h=c37ad0db3a3fe00c4a26430d7f0fecb27131e4a4;hb=2b3904582518de706357fd2a8216a47ca77dfc39;hp=2ff913dd2b07fdcb502ed89ccb86066900c40853;hpb=5e24d4b3694253125077489270a86f545378f21e;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index 2ff913dd2..c37ad0db3 100644
--- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule;
 import org.apache.jackrabbit.core.security.authentication.Authentication;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.security.SystemAuthentication;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -39,6 +38,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 /** Jackrabbit login mechanism based on Spring Security */
 public class ArgeoLoginModule extends AbstractLoginModule {
 	private String adminRole = "ROLE_ADMIN";
+	private String systemRole = "ROLE_SYSTEM";
 
 	/**
 	 * Returns the Spring {@link org.springframework.security.Authentication}
@@ -57,17 +57,19 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 		Set<Principal> principals = new LinkedHashSet<Principal>();
 		principals.add(authen);
 
-		if (authen instanceof SystemAuthentication) {
-			principals.add(new AdminPrincipal(authen.getName()));
-			// principals.add(new ArgeoSystemPrincipal(authen.getName()));
-		} else if (authen instanceof AnonymousAuthenticationToken) {
+		// if (authen instanceof SystemAuthentication) {
+		// principals.add(new AdminPrincipal(authen.getName()));
+		// // principals.add(new ArgeoSystemPrincipal(authen.getName()));
+		// } else
+		if (authen instanceof AnonymousAuthenticationToken) {
 			principals.add(new AnonymousPrincipal());
 		} else {
 			for (GrantedAuthority ga : authen.getAuthorities()) {
 				if (ga instanceof Principal)
 					principals.add((Principal) ga);
 				// FIXME: make it more generic
-				if (adminRole.equals(ga.getAuthority()))
+				String authority = ga.getAuthority();
+				if (adminRole.equals(authority) || systemRole.equals(authority))
 					principals.add(new AdminPrincipal(authen.getName()));
 			}
 		}