X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.jackrabbit%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoLoginModule.java;h=49bd304ed3564450adb53df65ae25b36cf3a8037;hb=72c5c4c7e5348ad96a451ef866a1e231db976dc7;hp=69bab52937fec3821e4ee53cade532e13aa9f839;hpb=fb4f7c451ea7d9025f7cf7fe032020f229df794a;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java index 69bab5293..49bd304ed 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java @@ -22,9 +22,30 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.context.SecurityContextHolder; import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; +/** Jackrabbit login mechanism based on Spring Security */ public class ArgeoLoginModule extends AbstractLoginModule { private String adminRole = "ROLE_ADMIN"; + @Override + public boolean login() throws LoginException { + boolean loginOk = super.login(); + if (!loginOk) { + org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder + .getContext().getAuthentication(); + } + return loginOk; + } + + @Override + public boolean commit() throws LoginException { + boolean commitOk = super.commit(); + if (!commitOk) { + org.springframework.security.Authentication authen = (org.springframework.security.Authentication) SecurityContextHolder + .getContext().getAuthentication(); + } + return commitOk; + } + /** * Returns the Spring {@link org.springframework.security.Authentication} * (which can be null) @@ -38,9 +59,9 @@ public class ArgeoLoginModule extends AbstractLoginModule { protected Set getPrincipals() { // clear already registered Jackrabbit principals - clearPrincipals(AdminPrincipal.class); - clearPrincipals(AnonymousPrincipal.class); - clearPrincipals(GrantedAuthorityPrincipal.class); + // clearPrincipals(AdminPrincipal.class); + // clearPrincipals(AnonymousPrincipal.class); + // clearPrincipals(GrantedAuthorityPrincipal.class); return syncPrincipals(); } @@ -53,17 +74,19 @@ public class ArgeoLoginModule extends AbstractLoginModule { Set principals = new LinkedHashSet(); principals.add(authen); - if (authen instanceof SystemAuthentication) + if (authen instanceof SystemAuthentication) { principals.add(new AdminPrincipal(authen.getName())); - else if (authen instanceof AnonymousAuthenticationToken) + principals.add(new ArgeoSystemPrincipal(authen.getName())); + } else if (authen instanceof AnonymousAuthenticationToken) { principals.add(new AnonymousPrincipal()); - else + } else { for (GrantedAuthority ga : authen.getAuthorities()) { principals.add(new GrantedAuthorityPrincipal(ga)); // FIXME: make it more generic if (adminRole.equals(ga.getAuthority())) principals.add(new AdminPrincipal(authen.getName())); } + } // remove previous credentials Set thisCredentials = subject @@ -71,8 +94,8 @@ public class ArgeoLoginModule extends AbstractLoginModule { if (thisCredentials != null) thisCredentials.clear(); // override credentials since we did not used the one passed to us - credentials = new SimpleCredentials(authen.getName(), authen - .getCredentials().toString().toCharArray()); + // credentials = new SimpleCredentials(authen.getName(), authen + // .getCredentials().toString().toCharArray()); return principals; } @@ -85,13 +108,14 @@ public class ArgeoLoginModule extends AbstractLoginModule { @Override public boolean logout() throws LoginException { clearPrincipals(AdminPrincipal.class); + clearPrincipals(ArgeoSystemPrincipal.class); clearPrincipals(AnonymousPrincipal.class); clearPrincipals(GrantedAuthorityPrincipal.class); // we resync with Spring Security since the subject may have been reused // in beetween // TODO: check if this is clean - //subject.getPrincipals().addAll(syncPrincipals()); + // subject.getPrincipals().addAll(syncPrincipals()); return true; }