name = NodeSecurityUtils.ROLE_ANONYMOUS_NAME;
userPrincipal = new AnonymousPrincipal();
principals.add(userPrincipal);
- // principals.add(new AnonymousPrincipal());
} else {
name = new LdapName(authName);
NodeSecurityUtils.checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
- principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, userPrincipal));
+ // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME,
+ // userPrincipal));
}
// Add roles provided by authorization
LdapName roleName = new LdapName(role);
if (roleName.equals(name)) {
// skip
+ } else if (roleName.equals(NodeSecurityUtils.ROLE_ANONYMOUS_NAME)) {
+ // skip
} else {
NodeSecurityUtils.checkImpliedPrincipalName(roleName);
principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal));
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
+import java.util.Set;
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
+import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.UserAdmin;
import org.osgi.util.tracker.ServiceTracker;
public String getName() {
return "Node User Admin";
}
+
+
+
+ @Override
+ protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
+ if(rawAuthorization.getName()==null) {
+ sysRoles.add(NodeConstants.ROLE_ANONYMOUS);
+ }else {
+ sysRoles.add(NodeConstants.ROLE_USER);
+ }
+ }
protected void postAdd(AbstractUserDirectory userDirectory) {
// JTA
Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
sysRoles.addAll(Arrays.asList(auth.getRoles()));
}
+ addAbstractSystemRoles(rawAuthorization, sysRoles);
Authorization authorization = new AggregatingAuthorization(rawAuthorization.getName(),
rawAuthorization.toString(), sysRoles, rawAuthorization.getRoles());
return authorization;
}
+ /**
+ * Enrich with application-specific roles which are strictly programmatic, such
+ * as anonymous/user semantics.
+ */
+ protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
+
+ }
+
//
// USER ADMIN AGGREGATOR
//
}
/**
- * Called before each user directory is destroyed, so that additional
- * actions can be performed.
+ * Called before each user directory is destroyed, so that additional actions
+ * can be performed.
*/
protected void preDestroy(AbstractUserDirectory userDirectory) {
}
}
public static void checkImpliedPrincipalName(LdapName roleName) throws IllegalArgumentException {
- if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
- throw new IllegalArgumentException(roleName + " cannot be listed as role");
+// if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
+// throw new IllegalArgumentException(roleName + " cannot be listed as role");
}
}