X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FNodeUserLoginModule.java;h=5dce3c61da1f8a46f3f19b00ebd975e3236632bf;hb=c90be8d8cf3c1b52480e51fb7841cd3e7a5a3796;hp=74fe4e421e747e0998b7e2763663ae0ab1be0f03;hpb=9dba7b01008499bdaf15c754190906d3200713fe;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java index 74fe4e421..5dce3c61d 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java @@ -12,6 +12,7 @@ import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import javax.security.auth.x500.X500Principal; @@ -61,56 +62,55 @@ public class NodeUserLoginModule implements LoginModule { Iterator auth = subject.getPrivateCredentials( Authorization.class).iterator(); if (!auth.hasNext()) - return false; + throw new FailedLoginException("No authorization available"); authorization = auth.next(); return true; } @Override public boolean commit() throws LoginException { - if (authorization != null) { - Set principals = subject.getPrincipals(); - try { - String authName = authorization.getName(); - - // determine user's principal - final LdapName name; - final Principal userPrincipal; - if (authName == null) { - name = ROLE_ANONYMOUS_NAME; - userPrincipal = ROLE_ANONYMOUS_PRINCIPAL; - principals.add(userPrincipal); - principals.add(new AnonymousPrincipal()); + if (authorization == null) + throw new LoginException("Authorization should not be null"); + Set principals = subject.getPrincipals(); + try { + String authName = authorization.getName(); + + // determine user's principal + final LdapName name; + final Principal userPrincipal; + if (authName == null) { + name = ROLE_ANONYMOUS_NAME; + userPrincipal = ROLE_ANONYMOUS_PRINCIPAL; + principals.add(userPrincipal); + principals.add(new AnonymousPrincipal()); + } else { + name = new LdapName(authName); + checkUserName(name); + userPrincipal = new X500Principal(name.toString()); + principals.add(userPrincipal); + principals.add(new ImpliedByPrincipal(ROLE_USER_NAME, + userPrincipal)); + } + + // Add roles provided by authorization + for (String role : authorization.getRoles()) { + LdapName roleName = new LdapName(role); + if (roleName.equals(name)) { + // skip } else { - name = new LdapName(authName); - checkUserName(name); - userPrincipal = new X500Principal(name.toString()); - principals.add(userPrincipal); - principals.add(new ImpliedByPrincipal(ROLE_USER_NAME, + checkImpliedPrincipalName(roleName); + principals.add(new ImpliedByPrincipal(roleName.toString(), userPrincipal)); + if (roleName.equals(ROLE_ADMIN_NAME)) + principals.add(new AdminPrincipal( + SecurityConstants.ADMIN_ID)); } - - // Add roles provided by authorization - for (String role : authorization.getRoles()) { - LdapName roleName = new LdapName(role); - if (roleName.equals(name)) { - // skip - } else { - checkImpliedPrincipalName(roleName); - principals.add(new ImpliedByPrincipal(roleName - .toString(), userPrincipal)); - if (roleName.equals(ROLE_ADMIN_NAME)) - principals.add(new AdminPrincipal( - SecurityConstants.ADMIN_ID)); - } - } - - return true; - } catch (InvalidNameException e) { - throw new CmsException("Cannot commit", e); } - } else - return false; + + return true; + } catch (InvalidNameException e) { + throw new CmsException("Cannot commit", e); + } } @Override @@ -121,14 +121,14 @@ public class NodeUserLoginModule implements LoginModule { @Override public boolean logout() throws LoginException { - // TODO better deal with successive logout if (subject == null) - return true; - // TODO make it less brutal + throw new LoginException("Subject should not be null"); + // Argeo subject.getPrincipals().removeAll( subject.getPrincipals(X500Principal.class)); subject.getPrincipals().removeAll( subject.getPrincipals(ImpliedByPrincipal.class)); + // Jackrabbit subject.getPrincipals().removeAll( subject.getPrincipals(AdminPrincipal.class)); subject.getPrincipals().removeAll(