- if (names.isEmpty() || names.size() > 1)
- throw new LoginException("Kernel must have been named");
- X500Principal name = names.iterator().next();
- if (!KernelHeader.ROLE_KERNEL.equals(name.getName()))
- throw new LoginException("Kernel must be named named "
- + KernelHeader.ROLE_KERNEL);
- // Private certificate
- Set<X500PrivateCredential> privateCerts = subject
- .getPrivateCredentials(X500PrivateCredential.class);
- X500PrivateCredential privateCert = null;
- for (X500PrivateCredential pCert : privateCerts) {
- if (pCert.getCertificate().getSubjectX500Principal().equals(name)) {
- privateCert = pCert;
+ if (names.isEmpty() || names.size() > 1) {
+ // throw new LoginException("Kernel must have been named");
+ // TODO set not hardened
+ subject.getPrincipals().add(
+ new X500Principal(AuthConstants.ROLE_KERNEL));
+ } else {
+ X500Principal name = names.iterator().next();
+ if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
+ throw new LoginException("Kernel must be named "
+ + AuthConstants.ROLE_KERNEL);
+ // Private certificate
+ Set<X500PrivateCredential> privateCerts = subject
+ .getPrivateCredentials(X500PrivateCredential.class);
+ X500PrivateCredential privateCert = null;
+ for (X500PrivateCredential pCert : privateCerts) {
+ if (pCert.getCertificate().getSubjectX500Principal()
+ .equals(name)) {
+ privateCert = pCert;
+ }