1 package org
.argeo
.security
.jackrabbit
;
6 import javax
.security
.auth
.Subject
;
7 import javax
.security
.auth
.callback
.CallbackHandler
;
8 import javax
.security
.auth
.login
.LoginException
;
9 import javax
.security
.auth
.spi
.LoginModule
;
10 import javax
.security
.auth
.x500
.X500Principal
;
12 import org
.apache
.jackrabbit
.core
.security
.AnonymousPrincipal
;
13 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
14 import org
.apache
.jackrabbit
.core
.security
.principal
.AdminPrincipal
;
15 import org
.argeo
.api
.security
.DataAdminPrincipal
;
17 /** JAAS login module used when initiating a new Jackrabbit session. */
18 public class SystemJackrabbitLoginModule
implements LoginModule
{
19 private Subject subject
;
22 public void initialize(Subject subject
, CallbackHandler callbackHandler
, Map
<String
, ?
> sharedState
,
23 Map
<String
, ?
> options
) {
24 this.subject
= subject
;
28 public boolean login() throws LoginException
{
33 public boolean commit() throws LoginException
{
34 Set
<org
.argeo
.api
.security
.AnonymousPrincipal
> anonPrincipal
= subject
35 .getPrincipals(org
.argeo
.api
.security
.AnonymousPrincipal
.class);
36 if (!anonPrincipal
.isEmpty()) {
37 subject
.getPrincipals().add(new AnonymousPrincipal());
41 Set
<DataAdminPrincipal
> initPrincipal
= subject
.getPrincipals(DataAdminPrincipal
.class);
42 if (!initPrincipal
.isEmpty()) {
43 subject
.getPrincipals().add(new AdminPrincipal(SecurityConstants
.ADMIN_ID
));
47 Set
<X500Principal
> userPrincipal
= subject
.getPrincipals(X500Principal
.class);
48 if (userPrincipal
.isEmpty())
49 throw new LoginException("Subject must be pre-authenticated");
50 if (userPrincipal
.size() > 1)
51 throw new LoginException("Multiple user principals " + userPrincipal
);
57 public boolean abort() throws LoginException
{
62 public boolean logout() throws LoginException
{
63 subject
.getPrincipals().removeAll(subject
.getPrincipals(AnonymousPrincipal
.class));
64 subject
.getPrincipals().removeAll(subject
.getPrincipals(AdminPrincipal
.class));