Improve Commons API

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / auth / KernelLoginModule.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java

index 00d0085d1e25f35d9f357ded07ae1bb5812caffc..b042b3f9f4f817a5885b76323acf69e92c5f58f9 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java
@@ -1,98 +1,82 @@
  package org.argeo.cms.internal.auth;
  
-import java.security.Principal;
-import java.security.cert.CertPath;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-import javax.security.auth.x500.X500Principal;
-import javax.security.auth.x500.X500PrivateCredential;
-
-import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.auth.AuthConstants;
-
-public class KernelLoginModule implements LoginModule {
-       private Subject subject;
-
-       @Override
-       public void initialize(Subject subject, CallbackHandler callbackHandler,
-                       Map<String, ?> sharedState, Map<String, ?> options) {
-               this.subject = subject;
-       }
-
-       @Override
-       public boolean login() throws LoginException {
-               // TODO check permission at code level ?
-               return true;
-       }
-
-       @Override
-       public boolean commit() throws LoginException {
-               // Check that kernel has been logged in w/ certificate
-               // Name
-               Set<X500Principal> names = subject.getPrincipals(X500Principal.class);
-               if (names.isEmpty() || names.size() > 1) {
-                       // throw new LoginException("Kernel must have been named");
-                       // TODO set not hardened
-                       subject.getPrincipals().add(
-                                       new X500Principal(AuthConstants.ROLE_KERNEL));
-               } else {
-                       X500Principal name = names.iterator().next();
-                       if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
-                               throw new LoginException("Kernel must be named "
-                                               + AuthConstants.ROLE_KERNEL);
-                       // Private certificate
-                       Set<X500PrivateCredential> privateCerts = subject
-                                       .getPrivateCredentials(X500PrivateCredential.class);
-                       X500PrivateCredential privateCert = null;
-                       for (X500PrivateCredential pCert : privateCerts) {
-                               if (pCert.getCertificate().getSubjectX500Principal()
-                                               .equals(name)) {
-                                       privateCert = pCert;
-                               }
-                       }
-                       if (privateCert == null)
-                               throw new LoginException(
-                                               "Kernel must have a private certificate");
-                       // Certificate path
-                       Set<CertPath> certPaths = subject
-                                       .getPublicCredentials(CertPath.class);
-                       CertPath certPath = null;
-                       for (CertPath cPath : certPaths) {
-                               if (cPath.getCertificates().get(0)
-                                               .equals(privateCert.getCertificate())) {
-                                       certPath = cPath;
-                               }
-                       }
-                       if (certPath == null)
-                               throw new LoginException("Kernel must have a certificate path");
-               }
-               Set<Principal> principals = subject.getPrincipals();
-               // Add admin roles
-
-               // Add data access roles
-               principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
-
-               return true;
-       }
-
-       @Override
-       public boolean abort() throws LoginException {
-               return true;
-       }
-
-       @Override
-       public boolean logout() throws LoginException {
-               // clear everything
-               subject.getPrincipals().clear();
-               subject.getPublicCredentials().clear();
-               subject.getPrivateCredentials().clear();
-               return true;
-       }
+public class KernelLoginModule {//implements LoginModule {
+//     private Subject subject;
+//
+//     @Override
+//     public void initialize(Subject subject, CallbackHandler callbackHandler,
+//                     Map<String, ?> sharedState, Map<String, ?> options) {
+//             this.subject = subject;
+//     }
+//
+//     @Override
+//     public boolean login() throws LoginException {
+//             // TODO check permission at code level ?
+//             return true;
+//     }
+//
+//     @Override
+//     public boolean commit() throws LoginException {
+//             // Check that kernel has been logged in w/ certificate
+//             // Name
+//             Set<X500Principal> names = subject.getPrincipals(X500Principal.class);
+//             if (names.isEmpty() || names.size() > 1) {
+//                     // throw new LoginException("Kernel must have been named");
+//                     // TODO set not hardened
+//                     subject.getPrincipals().add(
+//                                     new X500Principal(AuthConstants.ROLE_KERNEL));
+//             } else {
+//                     X500Principal name = names.iterator().next();
+//                     if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
+//                             throw new LoginException("Kernel must be named "
+//                                             + AuthConstants.ROLE_KERNEL);
+//                     // Private certificate
+//                     Set<X500PrivateCredential> privateCerts = subject
+//                                     .getPrivateCredentials(X500PrivateCredential.class);
+//                     X500PrivateCredential privateCert = null;
+//                     for (X500PrivateCredential pCert : privateCerts) {
+//                             if (pCert.getCertificate().getSubjectX500Principal()
+//                                             .equals(name)) {
+//                                     privateCert = pCert;
+//                             }
+//                     }
+//                     if (privateCert == null)
+//                             throw new LoginException(
+//                                             "Kernel must have a private certificate");
+//                     // Certificate path
+//                     Set<CertPath> certPaths = subject
+//                                     .getPublicCredentials(CertPath.class);
+//                     CertPath certPath = null;
+//                     for (CertPath cPath : certPaths) {
+//                             if (cPath.getCertificates().get(0)
+//                                             .equals(privateCert.getCertificate())) {
+//                                     certPath = cPath;
+//                             }
+//                     }
+//                     if (certPath == null)
+//                             throw new LoginException("Kernel must have a certificate path");
+//             }
+//             Set<Principal> principals = subject.getPrincipals();
+//             // Add admin roles
+//
+//             // Add data access roles
+//             principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
+//
+//             return true;
+//     }
+//
+//     @Override
+//     public boolean abort() throws LoginException {
+//             return true;
+//     }
+//
+//     @Override
+//     public boolean logout() throws LoginException {
+//             // clear everything
+//             subject.getPrincipals().clear();
+//             subject.getPublicCredentials().clear();
+//             subject.getPrivateCredentials().clear();
+//             return true;
+//     }
  
  }