X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.api%2Fsrc%2Forg%2Fargeo%2Fapi%2FDataAdminLoginModule.java;fp=org.argeo.api%2Fsrc%2Forg%2Fargeo%2Fapi%2FDataAdminLoginModule.java;h=295196ad4282b672d6c885fc9aba250d0175d298;hb=5b3108fe285bca50565b58b63fa4feddc96c0765;hp=0000000000000000000000000000000000000000;hpb=e54c6091d38b6859dec42f36e7334da19e2a0227;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.api/src/org/argeo/api/DataAdminLoginModule.java b/org.argeo.api/src/org/argeo/api/DataAdminLoginModule.java
new file mode 100644
index 000000000..295196ad4
--- /dev/null
+++ b/org.argeo.api/src/org/argeo/api/DataAdminLoginModule.java
@@ -0,0 +1,48 @@
+package org.argeo.api;
+
+import java.util.Map;
+
+import javax.security.auth.AuthPermission;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+import org.argeo.api.security.DataAdminPrincipal;
+
+/**
+ * Log-in a system process as data admin. Protection is via
+ * {@link AuthPermission} on this login module, so if it can be accessed it will
+ * always succeed.
+ */
+public class DataAdminLoginModule implements LoginModule {
+	private Subject subject;
+
+	@Override
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+			Map<String, ?> options) {
+		this.subject = subject;
+	}
+
+	@Override
+	public boolean login() throws LoginException {
+		return true;
+	}
+
+	@Override
+	public boolean commit() throws LoginException {
+		subject.getPrincipals().add(new DataAdminPrincipal());
+		return true;
+	}
+
+	@Override
+	public boolean abort() throws LoginException {
+		return true;
+	}
+
+	@Override
+	public boolean logout() throws LoginException {
+		subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class));
+		return true;
+	}
+}