+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.jackrabbit;
import java.security.Principal;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+/** Jackrabbit login mechanism based on Spring Security */
public class ArgeoLoginModule extends AbstractLoginModule {
private String adminRole = "ROLE_ADMIN";
+ @Override
+ public boolean login() throws LoginException {
+ boolean loginOk = super.login();
+ if (!loginOk) {
+ org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder
+ .getContext().getAuthentication();
+ }
+ return loginOk;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ boolean commitOk = super.commit();
+ if (!commitOk) {
+ org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder
+ .getContext().getAuthentication();
+ }
+ return commitOk;
+ }
+
/**
* Returns the Spring {@link org.springframework.security.Authentication}
* (which can be null)
protected Set<Principal> getPrincipals() {
// clear already registered Jackrabbit principals
- clearPrincipals(AdminPrincipal.class);
- clearPrincipals(AnonymousPrincipal.class);
- clearPrincipals(GrantedAuthorityPrincipal.class);
+ // clearPrincipals(AdminPrincipal.class);
+ // clearPrincipals(AnonymousPrincipal.class);
+ // clearPrincipals(GrantedAuthorityPrincipal.class);
return syncPrincipals();
}
Set<Principal> principals = new LinkedHashSet<Principal>();
principals.add(authen);
- if (authen instanceof SystemAuthentication)
+ if (authen instanceof SystemAuthentication) {
principals.add(new AdminPrincipal(authen.getName()));
- else if (authen instanceof AnonymousAuthenticationToken)
+ principals.add(new ArgeoSystemPrincipal(authen.getName()));
+ } else if (authen instanceof AnonymousAuthenticationToken) {
principals.add(new AnonymousPrincipal());
- else
+ } else {
for (GrantedAuthority ga : authen.getAuthorities()) {
principals.add(new GrantedAuthorityPrincipal(ga));
// FIXME: make it more generic
if (adminRole.equals(ga.getAuthority()))
principals.add(new AdminPrincipal(authen.getName()));
}
+ }
// remove previous credentials
Set<SimpleCredentials> thisCredentials = subject
if (thisCredentials != null)
thisCredentials.clear();
// override credentials since we did not used the one passed to us
- credentials = new SimpleCredentials(authen.getName(), authen
- .getCredentials().toString().toCharArray());
+ // credentials = new SimpleCredentials(authen.getName(), authen
+ // .getCredentials().toString().toCharArray());
return principals;
}
@Override
public boolean logout() throws LoginException {
clearPrincipals(AdminPrincipal.class);
+ clearPrincipals(ArgeoSystemPrincipal.class);
clearPrincipals(AnonymousPrincipal.class);
clearPrincipals(GrantedAuthorityPrincipal.class);
// we resync with Spring Security since the subject may have been reused
// in beetween
// TODO: check if this is clean
- subject.getPrincipals().addAll(syncPrincipals());
+ // subject.getPrincipals().addAll(syncPrincipals());
return true;
}
projects / lgpl / argeo-commons.git / blobdiff