final static String LOGIN_CONTEXT_USER = "USER";
final static String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS";
final static String LOGIN_CONTEXT_SYSTEM = "SYSTEM";
+ final static String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER";
// RESERVED ROLES
public final static String ROLE_ADMIN = "ROLE_ADMIN";
SecurityContextHolder.getContext().setAuthentication(null);
if (Display.getCurrent() != null) {
HttpServletRequest httpRequest = RWT.getRequest();
- HttpSession httpSession = httpRequest.getSession();
- if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
- httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
- // expire session
- httpSession.setMaxInactiveInterval(0);
+ if (httpRequest != null) {
+ HttpSession httpSession = httpRequest.getSession();
+ if (httpSession.getAttribute(SPRING_SECURITY_CONTEXT_KEY) != null)
+ httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY, null);
+ // expire session
+ httpSession.setMaxInactiveInterval(0);
+ }
}
return true;
}
--- /dev/null
+/*
+ * Copyright (C) 2007-2012 Argeo GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.cms.internal.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+
+import org.argeo.security.OsAuthenticationToken;
+import org.springframework.security.core.Authentication;
+
+/** Login module which caches one subject per thread. */
+public class SingleUserLoginModule extends AbstractLoginModule {
+ @Override
+ protected Authentication processLogin(CallbackHandler callbackHandler)
+ throws LoginException, UnsupportedCallbackException, IOException,
+ InterruptedException {
+ OsAuthenticationToken token = new OsAuthenticationToken();
+ return getAuthenticationManager().authenticate(token);
+ }
+}
import org.argeo.cms.internal.useradmin.JcrUserAdmin;
import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel;
import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService;
+import org.argeo.security.OsAuthenticationToken;
import org.argeo.security.UserAdminService;
import org.argeo.security.core.InternalAuthentication;
import org.argeo.security.core.InternalAuthenticationProvider;
+import org.argeo.security.core.OsAuthenticationProvider;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.useradmin.UserAdmin;
private final BundleContext bundleContext;
+ private final OsAuthenticationProvider osAuth;
private final InternalAuthenticationProvider internalAuth;
private final AnonymousAuthenticationProvider anonymousAuth;
private final JackrabbitUserAdminService userAdminService;
this.bundleContext = bundleContext;
+ osAuth = new OsAuthenticationProvider();
internalAuth = new InternalAuthenticationProvider(
Activator.getSystemKey());
anonymousAuth = new AnonymousAuthenticationProvider(
auth = anonymousAuth.authenticate(authentication);
else if (authentication instanceof UsernamePasswordAuthenticationToken)
auth = userAdminService.authenticate(authentication);
+ else if (authentication instanceof OsAuthenticationToken)
+ auth = osAuth.authenticate(authentication);
if (auth == null)
throw new CmsException("Could not authenticate " + authentication);
return auth;
KEYRING {
org.argeo.security.crypto.KeyringLoginModule required;
};
+
+SINGLE_USER {
+ com.sun.security.auth.module.UnixLoginModule requisite;
+ org.argeo.cms.internal.auth.SingleUserLoginModule requisite;
+ org.springframework.security.authentication.jaas.SecurityContextLoginModule requisite;
+};