View Javadoc
1   package org.argeo.security.jackrabbit;
2   
3   import java.util.Map;
4   import java.util.Set;
5   
6   import javax.security.auth.Subject;
7   import javax.security.auth.callback.CallbackHandler;
8   import javax.security.auth.login.LoginException;
9   import javax.security.auth.spi.LoginModule;
10  import javax.security.auth.x500.X500Principal;
11  
12  import org.apache.jackrabbit.core.security.AnonymousPrincipal;
13  import org.apache.jackrabbit.core.security.SecurityConstants;
14  import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
15  import org.argeo.api.security.DataAdminPrincipal;
16  
17  /** JAAS login module used when initiating a new Jackrabbit session. */
18  public class SystemJackrabbitLoginModule implements LoginModule {
19  	private Subject subject;
20  
21  	@Override
22  	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
23  			Map<String, ?> options) {
24  		this.subject = subject;
25  	}
26  
27  	@Override
28  	public boolean login() throws LoginException {
29  		return true;
30  	}
31  
32  	@Override
33  	public boolean commit() throws LoginException {
34  		Set<org.argeo.api.security.AnonymousPrincipal> anonPrincipal = subject
35  				.getPrincipals(org.argeo.api.security.AnonymousPrincipal.class);
36  		if (!anonPrincipal.isEmpty()) {
37  			subject.getPrincipals().add(new AnonymousPrincipal());
38  			return true;
39  		}
40  
41  		Set<DataAdminPrincipal> initPrincipal = subject.getPrincipals(DataAdminPrincipal.class);
42  		if (!initPrincipal.isEmpty()) {
43  			subject.getPrincipals().add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
44  			return true;
45  		}
46  
47  		Set<X500Principal> userPrincipal = subject.getPrincipals(X500Principal.class);
48  		if (userPrincipal.isEmpty())
49  			throw new LoginException("Subject must be pre-authenticated");
50  		if (userPrincipal.size() > 1)
51  			throw new LoginException("Multiple user principals " + userPrincipal);
52  
53  		return true;
54  	}
55  
56  	@Override
57  	public boolean abort() throws LoginException {
58  		return true;
59  	}
60  
61  	@Override
62  	public boolean logout() throws LoginException {
63  		subject.getPrincipals().removeAll(subject.getPrincipals(AnonymousPrincipal.class));
64  		subject.getPrincipals().removeAll(subject.getPrincipals(AdminPrincipal.class));
65  		return true;
66  	}
67  }