import java.util.Map;
+import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.argeo.node.security.DataAdminPrincipal;
+import org.argeo.api.cms.DataAdminPrincipal;
-/** Logs a system process as data admin */
+/**
+ * Log-in a system process as data admin. Protection is via
+ * {@link AuthPermission} on this login module, so if it can be accessed it will
+ * always succeed.
+ */
public class DataAdminLoginModule implements LoginModule {
private Subject subject;
@Override
public boolean login() throws LoginException {
- // TODO check permission?
return true;
}
subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
return true;
}
+
}