org.argeo.cms/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java

   1 package org.argeo.security.jackrabbit;
   2
   3 import java.util.Map;
   4 import java.util.Set;
   5
   6 import javax.security.auth.Subject;
   7 import javax.security.auth.callback.CallbackHandler;
   8 import javax.security.auth.login.LoginException;
   9 import javax.security.auth.spi.LoginModule;
  10 import javax.security.auth.x500.X500Principal;
  11
  12 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  13 import org.apache.jackrabbit.core.security.SecurityConstants;
  14 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
  15 import org.argeo.api.security.DataAdminPrincipal;
  16
  17 /** JAAS login module used when initiating a new Jackrabbit session. */
  18 public class SystemJackrabbitLoginModule implements LoginModule {
  19         private Subject subject;
  20
  21         @Override
  22         public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
  23                         Map<String, ?> options) {
  24                 this.subject = subject;
  25         }
  26
  27         @Override
  28         public boolean login() throws LoginException {
  29                 return true;
  30         }
  31
  32         @Override
  33         public boolean commit() throws LoginException {
  34                 Set<org.argeo.api.security.AnonymousPrincipal> anonPrincipal = subject
  35                                 .getPrincipals(org.argeo.api.security.AnonymousPrincipal.class);
  36                 if (!anonPrincipal.isEmpty()) {
  37                         subject.getPrincipals().add(new AnonymousPrincipal());
  38                         return true;
  39                 }
  40
  41                 Set<DataAdminPrincipal> initPrincipal = subject.getPrincipals(DataAdminPrincipal.class);
  42                 if (!initPrincipal.isEmpty()) {
  43                         subject.getPrincipals().add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
  44                         return true;
  45                 }
  46
  47                 Set<X500Principal> userPrincipal = subject.getPrincipals(X500Principal.class);
  48                 if (userPrincipal.isEmpty())
  49                         throw new LoginException("Subject must be pre-authenticated");
  50                 if (userPrincipal.size() > 1)
  51                         throw new LoginException("Multiple user principals " + userPrincipal);
  52
  53                 return true;
  54         }
  55
  56         @Override
  57         public boolean abort() throws LoginException {
  58                 return true;
  59         }
  60
  61         @Override
  62         public boolean logout() throws LoginException {
  63                 subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
  64                 subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
  65                 return true;
  66         }
  67 }