projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improve ACR, introduce migration from JCR.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / DataAdminLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java
index 50a8788344abc533eebace5cce92239bb7c0428a..d4f402853b2174bdb1e568f906f70e5dd9b57e5f 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java
@@ -2,14 +2,19 @@ package org.argeo.cms.auth;
 
 import java.util.Map;
 
+import javax.security.auth.AuthPermission;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.argeo.node.security.DataAdminPrincipal;
+import org.argeo.api.cms.DataAdminPrincipal;
 
-/** Logs a system process as data admin */
+/**
+ * Log-in a system process as data admin. Protection is via
+ * {@link AuthPermission} on this login module, so if it can be accessed it will
+ * always succeed.
+ */
 public class DataAdminLoginModule implements LoginModule {
        private Subject subject;
 
@@ -21,7 +26,6 @@ public class DataAdminLoginModule implements LoginModule {
 
        @Override
        public boolean login() throws LoginException {
-               // TODO check permission?
                return true;
        }
 
@@ -41,4 +45,5 @@ public class DataAdminLoginModule implements LoginModule {
                subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
                return true;
        }
+
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi