projects
/
lgpl
/
argeo-commons.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Improve CMS security layer documentation.
[lgpl/argeo-commons.git]
/
org.argeo.cms
/
src
/
org
/
argeo
/
cms
/
auth
/
CmsAuthUtils.java
diff --git
a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index 5e59187e0dad574a1283970aca39d851cf618342..e9462c3add31cb7dbd0ef16f48afb00e2225a611 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/
org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@
-17,10
+17,6
@@
import org.argeo.api.NodeConstants;
import org.argeo.api.security.AnonymousPrincipal;
import org.argeo.api.security.DataAdminPrincipal;
import org.argeo.api.security.NodeSecurityUtils;
import org.argeo.api.security.AnonymousPrincipal;
import org.argeo.api.security.DataAdminPrincipal;
import org.argeo.api.security.NodeSecurityUtils;
-//import org.apache.jackrabbit.core.security.AnonymousPrincipal;
-//import org.apache.jackrabbit.core.security.SecurityConstants;
-//import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.CmsException;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.http.WebCmsSessionImpl;
import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.http.WebCmsSessionImpl;
@@
-32,6
+28,7
@@
import org.osgi.framework.ServiceReference;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.http.HttpContext;
import org.osgi.service.useradmin.Authorization;
+/** Centrlaises security related registrations. */
class CmsAuthUtils {
// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
class CmsAuthUtils {
// Standard
final static String SHARED_STATE_NAME = AuthenticatingUser.SHARED_STATE_NAME;
@@
-75,8
+72,6
@@
class CmsAuthUtils {
NodeSecurityUtils.checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
NodeSecurityUtils.checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
- // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME,
- // userPrincipal));
if (Activator.isSingleUser()) {
principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_ADMIN_NAME, userPrincipal));
if (Activator.isSingleUser()) {
principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_ADMIN_NAME, userPrincipal));
@@
-99,10
+94,8
@@
class CmsAuthUtils {
}
} catch (InvalidNameException e) {
}
} catch (InvalidNameException e) {
- throw new
Cms
Exception("Cannot commit", e);
+ throw new
IllegalArgument
Exception("Cannot commit", e);
}
}
-
- // registerSessionAuthorization(request, subject, authorization, locale);
}
private static void checkSubjectEmpty(Subject subject) {
}
private static void checkSubjectEmpty(Subject subject) {
@@
-150,7
+143,7
@@
class CmsAuthUtils {
cmsSession.close();
cmsSession = null;
} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
cmsSession.close();
cmsSession = null;
} else if (!authorization.getName().equals(cmsSession.getAuthorization().getName())) {
- throw new
Cms
Exception("Inconsistent user " + authorization.getName()
+ throw new
IllegalState
Exception("Inconsistent user " + authorization.getName()
+ " for existing CMS session " + cmsSession);
}
// keyring
+ " for existing CMS session " + cmsSession);
}
// keyring
@@
-175,7
+168,7
@@
class CmsAuthUtils {
UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
.getUuid();
// if (storedSessionId.equals(httpSessionId.getValue()))
UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
.getUuid();
// if (storedSessionId.equals(httpSessionId.getValue()))
- throw new
Cms
Exception(
+ throw new
IllegalState
Exception(
"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
}
}
"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
}
}
@@
-191,7
+184,7
@@
class CmsAuthUtils {
sr = bc.getServiceReferences(CmsSession.class,
"(" + CmsSession.SESSION_LOCAL_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
sr = bc.getServiceReferences(CmsSession.class,
"(" + CmsSession.SESSION_LOCAL_ID + "=" + httpSessionId + ")");
} catch (InvalidSyntaxException e) {
- throw new
Cms
Exception("Cannot get CMS session for id " + httpSessionId, e);
+ throw new
IllegalArgument
Exception("Cannot get CMS session for id " + httpSessionId, e);
}
CmsSession cmsSession;
if (sr.size() == 1) {
}
CmsSession cmsSession;
if (sr.size() == 1) {
@@
-203,7
+196,7
@@
class CmsAuthUtils {
} else if (sr.size() == 0)
return null;
else
} else if (sr.size() == 0)
return null;
else
- throw new
Cms
Exception(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
+ throw new
IllegalState
Exception(sr.size() + ">1 web sessions detected for http session " + httpSessionId);
return cmsSession;
}
return cmsSession;
}