X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.jackrabbit%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoLoginModule.java;h=c37ad0db3a3fe00c4a26430d7f0fecb27131e4a4;hb=2b3904582518de706357fd2a8216a47ca77dfc39;hp=6d8adeb086837653a35c0d485bd2f544fcc4b6e0;hpb=6e7769555f6ee64159bbdb5780e34957d6d8895e;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java index 6d8adeb08..c37ad0db3 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoLoginModule.java @@ -31,7 +31,6 @@ import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule; import org.apache.jackrabbit.core.security.authentication.Authentication; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; -import org.argeo.security.SystemAuthentication; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; @@ -39,6 +38,7 @@ import org.springframework.security.core.context.SecurityContextHolder; /** Jackrabbit login mechanism based on Spring Security */ public class ArgeoLoginModule extends AbstractLoginModule { private String adminRole = "ROLE_ADMIN"; + private String systemRole = "ROLE_SYSTEM"; /** * Returns the Spring {@link org.springframework.security.Authentication} @@ -57,16 +57,19 @@ public class ArgeoLoginModule extends AbstractLoginModule { Set principals = new LinkedHashSet(); principals.add(authen); - if (authen instanceof SystemAuthentication) { - principals.add(new AdminPrincipal(authen.getName())); - principals.add(new ArgeoSystemPrincipal(authen.getName())); - } else if (authen instanceof AnonymousAuthenticationToken) { + // if (authen instanceof SystemAuthentication) { + // principals.add(new AdminPrincipal(authen.getName())); + // // principals.add(new ArgeoSystemPrincipal(authen.getName())); + // } else + if (authen instanceof AnonymousAuthenticationToken) { principals.add(new AnonymousPrincipal()); } else { for (GrantedAuthority ga : authen.getAuthorities()) { - principals.add(new GrantedAuthorityPrincipal(ga)); + if (ga instanceof Principal) + principals.add((Principal) ga); // FIXME: make it more generic - if (adminRole.equals(ga.getAuthority())) + String authority = ga.getAuthority(); + if (adminRole.equals(authority) || systemRole.equals(authority)) principals.add(new AdminPrincipal(authen.getName())); } } @@ -85,20 +88,29 @@ public class ArgeoLoginModule extends AbstractLoginModule { * {@link org.springframework.security.Authentication} as well. Here we * simply clear Jackrabbit related {@link Principal}s. */ - @Override - public boolean logout() throws LoginException { - clearPrincipals(AdminPrincipal.class); - clearPrincipals(ArgeoSystemPrincipal.class); - clearPrincipals(AnonymousPrincipal.class); - clearPrincipals(GrantedAuthorityPrincipal.class); - return true; - } - - private void clearPrincipals(Class clss) { - Set principals = subject.getPrincipals(clss); - if (principals != null) - principals.clear(); - } + // @Override + // public boolean logout() throws LoginException { + // Set principals = subject.getPrincipals(); + // for (Principal principal : subject.getPrincipals()) { + // if ((principal instanceof AdminPrincipal) + // || (principal instanceof ArgeoSystemPrincipal) + // || (principal instanceof AnonymousPrincipal) + // || (principal instanceof GrantedAuthority)) { + // principals.remove(principal); + // } + // } + // // clearPrincipals(AdminPrincipal.class); + // // clearPrincipals(ArgeoSystemPrincipal.class); + // // clearPrincipals(AnonymousPrincipal.class); + // // clearPrincipals(GrantedAuthority.class); + // return true; + // } + + // private void clearPrincipals(Class clss) { + // Set principals = subject.getPrincipals(clss); + // if (principals != null) + // principals.clear(); + // } @SuppressWarnings("rawtypes") @Override