From dcd151c2cfabdf8196b8424a60f15c00429645fe Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Wed, 7 Sep 2016 10:34:30 +0000 Subject: [PATCH] Improve data admin log in git-svn-id: https://svn.argeo.org/commons/trunk@9099 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../org/argeo/node/DataAdminPrincipal.java | 3 ++- .../cms/internal/kernel/HomeRepository.java | 2 ++ .../SystemJackrabbitLoginModule.java | 19 +++++++------------ 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/org.argeo.cms.api/src/org/argeo/node/DataAdminPrincipal.java b/org.argeo.cms.api/src/org/argeo/node/DataAdminPrincipal.java index df9bf35b7..743c96f2e 100644 --- a/org.argeo.cms.api/src/org/argeo/node/DataAdminPrincipal.java +++ b/org.argeo.cms.api/src/org/argeo/node/DataAdminPrincipal.java @@ -4,7 +4,8 @@ import java.security.Principal; /** Allows to modify any data. */ public final class DataAdminPrincipal implements Principal { - private final String name = "ou=dataAdmin"; + // FIXME put auth constants in API + private final String name = "OU=node"; @Override public String getName() { diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java index 5b7c7773d..d1dfb7dd6 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java @@ -90,6 +90,8 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar return; if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) return; + if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) + return; if (checkedUsers.contains(username)) return; diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java index c041d276d..688791e2c 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java @@ -18,8 +18,8 @@ public class SystemJackrabbitLoginModule implements LoginModule { private Subject subject; @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, + Map options) { this.subject = subject; } @@ -30,21 +30,17 @@ public class SystemJackrabbitLoginModule implements LoginModule { @Override public boolean commit() throws LoginException { - Set initPrincipal = subject - .getPrincipals(DataAdminPrincipal.class); + Set initPrincipal = subject.getPrincipals(DataAdminPrincipal.class); if (!initPrincipal.isEmpty()) { - subject.getPrincipals().add( - new AdminPrincipal(SecurityConstants.ADMIN_ID)); + subject.getPrincipals().add(new AdminPrincipal(initPrincipal.iterator().next().getName())); return true; } - Set userPrincipal = subject - .getPrincipals(X500Principal.class); + Set userPrincipal = subject.getPrincipals(X500Principal.class); if (userPrincipal.isEmpty()) throw new LoginException("Subject must be pre-authenticated"); if (userPrincipal.size() > 1) - throw new LoginException("Multiple user principals " - + userPrincipal); + throw new LoginException("Multiple user principals " + userPrincipal); return true; } @@ -56,8 +52,7 @@ public class SystemJackrabbitLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - Set initPrincipal = subject - .getPrincipals(DataAdminPrincipal.class); + Set initPrincipal = subject.getPrincipals(DataAdminPrincipal.class); if (!initPrincipal.isEmpty()) { subject.getPrincipals(AdminPrincipal.class); return true; -- 2.30.2