X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.jackrabbit%2Fsrc%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FSystemJackrabbitLoginModule.java;h=62f8fa02b1d23860011f456253e84b54cabadc9a;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=9977938eccb4029dc6ec683a4e1796a4e0370452;hpb=f7944a8accf7b9cfc3cffe6e6f5c611cd48f592c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java index 9977938ec..62f8fa02b 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java @@ -11,15 +11,15 @@ import javax.security.auth.x500.X500Principal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; -import org.argeo.security.SystemAuth; +import org.argeo.node.DataAdminPrincipal; public class SystemJackrabbitLoginModule implements LoginModule { private Subject subject; @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, + Map options) { this.subject = subject; } @@ -30,51 +30,19 @@ public class SystemJackrabbitLoginModule implements LoginModule { @Override public boolean commit() throws LoginException { - Set initPrincipal = subject - .getPrincipals(SystemAuth.class); + Set initPrincipal = subject.getPrincipals(DataAdminPrincipal.class); if (!initPrincipal.isEmpty()) { - subject.getPrincipals().add( - new AdminPrincipal(SecurityConstants.ADMIN_ID)); + subject.getPrincipals().add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); return true; } - Set userPrincipal = subject - .getPrincipals(X500Principal.class); + Set userPrincipal = subject.getPrincipals(X500Principal.class); if (userPrincipal.isEmpty()) throw new LoginException("Subject must be pre-authenticated"); if (userPrincipal.size() > 1) - throw new LoginException("Multiple user principals " - + userPrincipal); + throw new LoginException("Multiple user principals " + userPrincipal); return true; - - // Set principals = subject.getPrincipals(); - // if (principals.isEmpty()) {// system - // throw new LoginException("Subject must be pre-authenticated"); - // // subject.getPrincipals().add(new AdminPrincipal("admin")); - // // return true; - // } - // boolean isAdmin = false; - // boolean isAnonymous = false; - // // FIXME make it more generic - // for (Principal principal : principals) { - // if (principal.getName().equalsIgnoreCase( - // "cn=admin,ou=roles,ou=node")) - // isAdmin = true; - // else if (principal.getName().equalsIgnoreCase( - // "cn=anonymous,ou=roles,ou=node")) - // isAnonymous = true; - // } - // - // if (isAnonymous && isAdmin) - // throw new LoginException("Cannot be admin and anonymous"); - // - // // Add special Jackrabbit roles - // if (isAdmin) - // principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); - // if (isAnonymous)// anonymous - // principals.add(new AnonymousPrincipal()); - // return true; } @Override @@ -84,14 +52,11 @@ public class SystemJackrabbitLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - Set initPrincipal = subject - .getPrincipals(SystemAuth.class); + Set initPrincipal = subject.getPrincipals(DataAdminPrincipal.class); if (!initPrincipal.isEmpty()) { subject.getPrincipals(AdminPrincipal.class); return true; } - // subject.getPrincipals().removeAll( - // subject.getPrincipals(AdminPrincipal.class)); return true; } }