Make data admin log-in more robust and easier to use.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / jaas.cfg

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
index 4c7ebb328c7b7f766e3278011629b1c5ce2744b8..e54277a3c73fcb1b9dbcc2a4fe5c1908db9f3ad1 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/jaas.cfg
@@ -1,26 +1,20 @@
 USER {
-    org.argeo.cms.auth.HttpLoginModule requisite;
-    org.argeo.cms.auth.UserAdminLoginModule requisite;
-    org.argeo.cms.auth.NodeUserLoginModule requisite;
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.IdentLoginModule optional;
+    org.argeo.cms.auth.UserAdminLoginModule sufficient;
 };
 
 ANONYMOUS {
-    org.argeo.cms.auth.UserAdminLoginModule requisite anonymous=true;
-    org.argeo.cms.auth.NodeUserLoginModule requisite;
+    org.argeo.cms.auth.HttpSessionLoginModule sufficient;
+    org.argeo.cms.auth.AnonymousLoginModule sufficient;
 };
 
 DATA_ADMIN {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
+    org.argeo.node.DataAdminLoginModule requisite;
 };
 
-SYSTEM {
-    org.argeo.cms.auth.DataAdminLoginModule requisite;
-};
-
-
-HARDENED_KERNEL {
-    com.sun.security.auth.module.UnixLoginModule requisite;
-    com.sun.security.auth.module.KeyStoreLoginModule requisite keyStoreURL="${osgi.instance.area}/node.p12" keyStoreType=PKCS12;
+NODE {
+    org.argeo.node.DataAdminLoginModule requisite;
 };
 
 KEYRING {
@@ -28,7 +22,6 @@ KEYRING {
 };
 
 SINGLE_USER {
-    com.sun.security.auth.module.UnixLoginModule requisite;
     org.argeo.cms.auth.SingleUserLoginModule requisite;
 };