1 package org
.argeo
.cms
.auth
;
3 import java
.security
.Principal
;
6 import javax
.naming
.InvalidNameException
;
7 import javax
.naming
.ldap
.LdapName
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.security
.auth
.x500
.X500Principal
;
11 //import org.apache.jackrabbit.core.security.AnonymousPrincipal;
12 //import org.apache.jackrabbit.core.security.SecurityConstants;
13 //import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
14 import org
.argeo
.cms
.CmsException
;
15 import org
.argeo
.cms
.internal
.auth
.ImpliedByPrincipal
;
16 import org
.argeo
.node
.security
.AnonymousPrincipal
;
17 import org
.argeo
.node
.security
.NodeSecurityUtils
;
18 import org
.osgi
.service
.useradmin
.Authorization
;
22 static void addAuthentication(Subject subject
, Authorization authorization
) {
23 assert subject
!= null;
24 assert authorization
!= null;
26 // required for display name:
27 subject
.getPrivateCredentials().add(authorization
);
29 Set
<Principal
> principals
= subject
.getPrincipals();
31 String authName
= authorization
.getName();
33 // determine user's principal
35 final Principal userPrincipal
;
36 if (authName
== null) {
37 name
= NodeSecurityUtils
.ROLE_ANONYMOUS_NAME
;
38 userPrincipal
= new AnonymousPrincipal();
39 principals
.add(userPrincipal
);
40 // principals.add(new AnonymousPrincipal());
42 name
= new LdapName(authName
);
43 NodeSecurityUtils
.checkUserName(name
);
44 userPrincipal
= new X500Principal(name
.toString());
45 principals
.add(userPrincipal
);
46 principals
.add(new ImpliedByPrincipal(NodeSecurityUtils
.ROLE_USER_NAME
, userPrincipal
));
49 // Add roles provided by authorization
50 for (String role
: authorization
.getRoles()) {
51 LdapName roleName
= new LdapName(role
);
52 if (roleName
.equals(name
)) {
55 NodeSecurityUtils
.checkImpliedPrincipalName(roleName
);
56 principals
.add(new ImpliedByPrincipal(roleName
.toString(), userPrincipal
));
57 // if (roleName.equals(ROLE_ADMIN_NAME))
59 // AdminPrincipal(SecurityConstants.ADMIN_ID));
63 } catch (InvalidNameException e
) {
64 throw new CmsException("Cannot commit", e
);
68 static void cleanUp(Subject subject
) {
70 subject
.getPrincipals().removeAll(subject
.getPrincipals(X500Principal
.class));
71 subject
.getPrincipals().removeAll(subject
.getPrincipals(ImpliedByPrincipal
.class));
73 // subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
74 // subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
77 private CmsAuthUtils() {