import java.util.Map;
+import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.argeo.node.DataAdminPrincipal;
+import org.argeo.api.cms.DataAdminPrincipal;
+/**
+ * Log-in a system process as data admin. Protection is via
+ * {@link AuthPermission} on this login module, so if it can be accessed it will
+ * always succeed.
+ */
public class DataAdminLoginModule implements LoginModule {
private Subject subject;
@Override
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String, ?> sharedState, Map<String, ?> options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+ Map<String, ?> options) {
this.subject = subject;
}
@Override
public boolean login() throws LoginException {
- // TODO check permission?
return true;
}
@Override
public boolean logout() throws LoginException {
- // remove ALL credentials (e.g. additional Jackrabbit credentials)
- subject.getPrincipals().clear();
+ subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
return true;
}