X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FDataAdminLoginModule.java;h=ea1046be9e00c2ed164f03a6fbcbed7d0da8dcf2;hb=6862cee138ca8ed2bbf6427b20b389a56b5df32f;hp=5c7b64377cd80422c952f9b3e4d2662251d43e9a;hpb=06acf73a99f0e3908fe8998f1ff08dee109c5562;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java index 5c7b64377..ea1046be9 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/DataAdminLoginModule.java @@ -2,25 +2,30 @@ package org.argeo.cms.auth; import java.util.Map; +import javax.security.auth.AuthPermission; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.argeo.node.DataAdminPrincipal; +import org.argeo.api.cms.DataAdminPrincipal; +/** + * Log-in a system process as data admin. Protection is via + * {@link AuthPermission} on this login module, so if it can be accessed it will + * always succeed. + */ public class DataAdminLoginModule implements LoginModule { private Subject subject; @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, + Map options) { this.subject = subject; } @Override public boolean login() throws LoginException { - // TODO check permission? return true; } @@ -37,9 +42,7 @@ public class DataAdminLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - // remove ALL credentials (e.g. additional Jackrabbit credentials) - subject.getPrincipals().clear(); + subject.getPrincipals().removeAll(subject.getPrincipals(DataAdminPrincipal.class)); return true; } - }