import org.argeo.cms.internal.auth.CmsSessionImpl;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
import org.argeo.cms.internal.http.WebCmsSessionImpl;
+import org.argeo.cms.internal.kernel.Activator;
import org.argeo.node.NodeConstants;
import org.argeo.node.security.AnonymousPrincipal;
import org.argeo.node.security.DataAdminPrincipal;
final static String SHARED_STATE_HTTP_REQUEST = "org.argeo.cms.auth.http.request";
final static String SHARED_STATE_SPNEGO_TOKEN = "org.argeo.cms.auth.spnegoToken";
final static String SHARED_STATE_SPNEGO_OUT_TOKEN = "org.argeo.cms.auth.spnegoOutToken";
+ final static String SHARED_STATE_CERTIFICATE_CHAIN = "org.argeo.cms.auth.certificateChain";
static void addAuthorization(Subject subject, Authorization authorization, Locale locale,
HttpServletRequest request) {
// required for display name:
subject.getPrivateCredentials().add(authorization);
+ if (Activator.isSingleUser()) {
+ subject.getPrincipals().add(new DataAdminPrincipal());
+ }
+
Set<Principal> principals = subject.getPrincipals();
try {
String authName = authorization.getName();
name = NodeSecurityUtils.ROLE_ANONYMOUS_NAME;
userPrincipal = new AnonymousPrincipal();
principals.add(userPrincipal);
- // principals.add(new AnonymousPrincipal());
} else {
name = new LdapName(authName);
NodeSecurityUtils.checkUserName(name);
userPrincipal = new X500Principal(name.toString());
principals.add(userPrincipal);
- principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME, userPrincipal));
+ // principals.add(new ImpliedByPrincipal(NodeSecurityUtils.ROLE_USER_NAME,
+ // userPrincipal));
}
// Add roles provided by authorization
LdapName roleName = new LdapName(role);
if (roleName.equals(name)) {
// skip
+ } else if (roleName.equals(NodeSecurityUtils.ROLE_ANONYMOUS_NAME)) {
+ // skip
} else {
NodeSecurityUtils.checkImpliedPrincipalName(roleName);
principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal));