projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add authorizations to JCR
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.jackrabbit / src / main / java / org / argeo / security / jackrabbit / ArgeoLoginModule.java
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index 73ec76a8f7c72b83c18a1de5b7390fa6a7b68bd9..a83b6d56b4e9a5708925d5d1ffec302b4dfec958 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -50,6 +50,7 @@ public class ArgeoLoginModule extends AbstractLoginModule {
                        principals.add(new AnonymousPrincipal());
                else
                        for (GrantedAuthority ga : authen.getAuthorities()) {
+                               principals.add(new GrantedAuthorityPrincipal(ga));
                                // FIXME: make it more generic
                                if (adminRole.equals(ga.getAuthority()))
                                        principals.add(new AdminPrincipal(authen.getName()));
@@ -69,21 +70,22 @@ public class ArgeoLoginModule extends AbstractLoginModule {
         */
        @Override
        public boolean logout() throws LoginException {
-               Set<AdminPrincipal> adminPrincipals = subject
-                               .getPrincipals(AdminPrincipal.class);
-               Set<AnonymousPrincipal> anonymousPrincipals = subject
-                               .getPrincipals(AnonymousPrincipal.class);
+               clearPrincipals(AdminPrincipal.class);
+               clearPrincipals(AnonymousPrincipal.class);
+               clearPrincipals(GrantedAuthorityPrincipal.class);
                Set<SimpleCredentials> thisCredentials = subject
                                .getPublicCredentials(SimpleCredentials.class);
                if (thisCredentials != null)
                        thisCredentials.clear();
-               if (adminPrincipals != null)
-                       adminPrincipals.clear();
-               if (anonymousPrincipals != null)
-                       anonymousPrincipals.clear();
                return true;
        }
 
+       private <T extends Principal> void clearPrincipals(Class<T> clss) {
+               Set<T> principals = subject.getPrincipals(clss);
+               if (principals != null)
+                       principals.clear();
+       }
+
        @SuppressWarnings("rawtypes")
        @Override
        protected void doInit(CallbackHandler callbackHandler, Session session,
Argeo Commons - Lightweight integration framework in pure Java/OSGi