Author: ajaquith
Date: Mon Mar 31 20:40:16 2008
New Revision: 643253
URL: http://svn.apache.org/viewvc?rev=643253&view=rev
Log:
The auth.login.*LoginModule classes are mildly re-factored to remove any need
to have knowledge of how to (or why) to inject JSPWiki Role principals.
Responsibility for injecting Roles moves to WikiSession. JSPWiki can use ANY
LoginModule for custom authentication now.
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AnonymousLoginModule.java
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModule.java
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAuthenticationLoginModule.java
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModule.java
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AbstractLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -59,6 +60,7 @@
* like a WikiPrincipal for the user cookie, or an IP address.
* These Principals are forcibly removed during the commit phase
* if login succeeds.
+ * @deprecated
*/
protected Collection m_previousWikiPrincipals;
@@ -76,6 +78,7 @@
* this module, or for the entire login configuration overall, fails.
* Generally, these will be Principals of type
* [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role}.
+ * @deprecated
*/
protected Collection m_principalsToRemove;
@@ -90,6 +93,7 @@
* <code>m_principalsToOverwrite</code> collection because when it
* succeeds, its own [EMAIL PROTECTED]
com.ecyrd.jspwiki.auth.authorize.Role#AUTHENTICATED}
* should over-write [EMAIL PROTECTED]
com.ecyrd.jspwiki.auth.authorize.Role#ANONYMOUS}.
+ * @deprecated
*/
protected Collection m_principalsToOverwrite;
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AnonymousLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AnonymousLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AnonymousLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/AnonymousLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -30,7 +31,6 @@
import org.apache.log4j.Logger;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
-import com.ecyrd.jspwiki.auth.authorize.Role;
/**
* <p>
@@ -48,9 +48,7 @@
* </ol>
* <p>
* After authentication, a generic WikiPrincipal based on the IP address will
be
- * created and associated with the Subject. Principals
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ANONYMOUS} will be
added.
+ * created and associated with the Subject.
* @see javax.security.auth.spi.LoginModule#commit()
* </p>
* @author Andrew Jaquith
@@ -70,24 +68,12 @@
* Logs in the user by calling back to the registered CallbackHandler with
an
* HttpRequestCallback. The CallbackHandler must supply the current servlet
* HTTP request as its response.
- * @return the result of the login; this will always be <code>false</code>
- * if the Subject's Principal set already contains either
- * [EMAIL PROTECTED] Role#ASSERTED} or [EMAIL PROTECTED]
Role#AUTHENTICATED}; otherwise,
- * always returns <code>true</code>.
+ * @return the result of the login; this will always be <code>true</code>.
* @see javax.security.auth.spi.LoginModule#login()
*/
public boolean login() throws LoginException
{
- // If already logged in or asserted, ignore this login module
- if ( m_subject.getPrincipals().contains( Role.AUTHENTICATED )
- || m_subject.getPrincipals().contains( Role.ASSERTED ) )
- {
- // If login ignored, remove anonymous role
- m_principalsToRemove.add( Role.ANONYMOUS );
- return false;
- }
-
- // Otherwise, let's go and make a Principal based on the IP address
+ // Let's go and make a Principal based on the IP address
HttpRequestCallback hcb = new HttpRequestCallback();
Callback[] callbacks = new Callback[]
{ hcb };
@@ -100,20 +86,10 @@
{
HttpSession session = request.getSession( false );
String sid = (session == null) ? NULL : session.getId();
- log.debug("Logged in session ID=" + sid);
- log.debug("Added Principals " + ipAddr +
",Role.ANONYMOUS,Role.ALL" );
+ log.debug("Logged in session ID=" + sid + "; IP=" + ipAddr);
}
// If login succeeds, commit these principals/roles
m_principals.add( ipAddr );
- m_principals.add( Role.ANONYMOUS );
- m_principals.add( Role.ALL );
-
- // If login succeeds, overwrite these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
-
- // If login fails, remove these roles
- m_principalsToRemove.add( Role.ANONYMOUS );
-
return true;
}
catch( IOException e )
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAssertionLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -34,7 +35,6 @@
import com.ecyrd.jspwiki.TextUtil;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
-import com.ecyrd.jspwiki.auth.authorize.Role;
import com.ecyrd.jspwiki.util.HttpUtil;
/**
@@ -52,9 +52,7 @@
* </ol>
* <p>
* After authentication, a generic WikiPrincipal based on the username will be
- * created and associated with the Subject. Principals
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ASSERTED} will be
added.
+ * created and associated with the Subject.
* </p>
* @see javax.security.auth.spi.LoginModule#commit()
* @see CookieAuthenticationLoginModule
@@ -77,23 +75,13 @@
* Logs in the user by calling back to the registered CallbackHandler with
* an HttpRequestCallback. The CallbackHandler must supply the current
* servlet HTTP request as its response.
- * @return the result of the login; if the subject Principal set already
- * possesses [EMAIL PROTECTED] Role#AUTHENTICATED}, always returns
<code>false</code>
- * to indicate that this module should be ignored. Otherwise, if a cookie
is
+ * @return the result of the login; if a cookie is
* found, this method returns <code>true</code>. If not found, this
* method throws a <code>FailedLoginException</code>.
* @see javax.security.auth.spi.LoginModule#login()
*/
public boolean login() throws LoginException
{
- // Ignore this module if already authenticated
- if ( m_subject.getPrincipals().contains( Role.AUTHENTICATED ) )
- {
- // If login ignored, remove asserted role
- m_principalsToRemove.add( Role.ASSERTED );
- return false;
- }
-
// Otherwise, let's go and look for the cookie!
HttpRequestCallback hcb = new HttpRequestCallback();
Callback[] callbacks = new Callback[]
@@ -116,20 +104,10 @@
if ( log.isDebugEnabled() )
{
- log.debug( "Logged in session ID=" + sid );
- log.debug( "Added Principals " + name +
",Role.ASSERTED,Role.ALL" );
+ log.debug( "Logged in session ID=" + sid + "; asserted=" +
name );
}
// If login succeeds, commit these principals/roles
m_principals.add( new WikiPrincipal( name, WikiPrincipal.FULL_NAME
) );
- m_principals.add( Role.ASSERTED );
- m_principals.add( Role.ALL );
-
- // If login succeeds, overwrite these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
- m_principalsToOverwrite.add( Role.ANONYMOUS );
-
- // If login fails, remove these roles
- m_principalsToRemove.add( Role.ASSERTED );
return true;
}
catch( IOException e )
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAuthenticationLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAuthenticationLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAuthenticationLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/CookieAuthenticationLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -36,7 +37,6 @@
import com.ecyrd.jspwiki.TextUtil;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
-import com.ecyrd.jspwiki.auth.authorize.Role;
import com.ecyrd.jspwiki.util.HttpUtil;
/**
@@ -60,9 +60,7 @@
* </ol>
* <p>
* After authentication, a generic WikiPrincipal based on the username will be
- * created and associated with the Subject. Principals
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#AUTHENTICATED}
will be added.
+ * created and associated with the Subject.
* </p>
* @see javax.security.auth.spi.LoginModule#commit()
* @see CookieAssertionLoginModule
@@ -131,19 +129,11 @@
if ( log.isDebugEnabled() )
{
- log.debug( "Logged in loginName=" + username );
- log.debug( "Added Principals
Role.AUTHENTICATED,Role.ALL" );
+ log.debug( "Logged in cookie authenticated name="
+ username );
}
// If login succeeds, commit these principals/roles
- m_principals.add( new PrincipalWrapper( new
WikiPrincipal( username, WikiPrincipal.LOGIN_NAME ) ) );
- m_principals.add( Role.AUTHENTICATED );
- m_principals.add( Role.ALL );
-
- // If login succeeds, overwrite these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
- m_principalsToOverwrite.add( Role.ANONYMOUS );
- m_principalsToOverwrite.add( Role.ASSERTED );
+ m_principals.add( new WikiPrincipal( username,
WikiPrincipal.LOGIN_NAME ) );
//
// Tag the file so that we know that it has been
accessed recently.
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/UserDatabaseLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -32,7 +33,6 @@
import com.ecyrd.jspwiki.auth.NoSuchPrincipalException;
import com.ecyrd.jspwiki.auth.WikiPrincipal;
-import com.ecyrd.jspwiki.auth.authorize.Role;
import com.ecyrd.jspwiki.auth.user.UserDatabase;
import com.ecyrd.jspwiki.auth.user.UserProfile;
@@ -53,9 +53,6 @@
* <p>
* After authentication, a Principals based on the login name will be created
* and associated with the Subject.
- * Also, principals [EMAIL PROTECTED]
com.ecyrd.jspwiki.auth.authorize.Role#ALL} and
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#AUTHENTICATED} will
be added to
- * the Subject's principal set.
* </p>
* @author Andrew Jaquith
* @since 2.3
@@ -93,22 +90,11 @@
{
if ( log.isDebugEnabled() )
{
- log.debug( "Logged in loginName=" + username );
- log.debug( "Added Principals Role.AUTHENTICATED,Role.ALL"
);
+ log.debug( "Logged in user database user " + username );
}
// If login succeeds, commit these principals/roles
- m_principals.add( new PrincipalWrapper( new WikiPrincipal(
username, WikiPrincipal.LOGIN_NAME ) ) );
- m_principals.add( Role.AUTHENTICATED );
- m_principals.add( Role.ALL );
-
- // If login succeeds, overwrite these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
- m_principalsToOverwrite.add( Role.ANONYMOUS );
- m_principalsToOverwrite.add( Role.ASSERTED );
-
- // If login fails, remove these roles
- m_principalsToRemove.add( Role.AUTHENTICATED );
+ m_principals.add( new WikiPrincipal( username,
WikiPrincipal.LOGIN_NAME ) );
return true;
}
Modified:
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
URL:
http://svn.apache.org/viewvc/incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java?rev=643253&r1=643252&r2=643253&view=diff
==============================================================================
---
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
(original)
+++
incubator/jspwiki/trunk/src/com/ecyrd/jspwiki/auth/login/WebContainerLoginModule.java
Mon Mar 31 20:40:16 2008
@@ -1,21 +1,22 @@
/*
JSPWiki - a JSP-based WikiWiki clone.
- Copyright (C) 2001-2007 Janne Jalkanen ([EMAIL PROTECTED])
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
*/
package com.ecyrd.jspwiki.auth.login;
@@ -60,10 +61,8 @@
* the value of getRemoteUser</li>
* </ol>
* <p>
- * After authentication, the Subject will contain principals
- * [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#ALL}
- * and [EMAIL PROTECTED] com.ecyrd.jspwiki.auth.authorize.Role#AUTHENTICATED},
- * plus the Principal that represents the logged-in user.</p>
+ * After authentication, the Subject will contain the Principal that
+ * represents the logged-in user.</p>
*
* @author Andrew Jaquith
* @since 2.3
@@ -118,25 +117,13 @@
}
if ( log.isDebugEnabled() )
{
- log.debug("Added Principal " + principal.getName() +
",Role.ANONYMOUS,Role.ALL" );
+ log.debug("Logged in container principal " +
principal.getName() + "." );
}
- m_principals.add( new PrincipalWrapper( principal ) );
+ m_principals.add( principal );
// Add any container roles
injectWebAuthorizerRoles( acb.getAuthorizer(), request );
- // If login succeeds, commit these roles
- m_principals.add( Role.AUTHENTICATED );
- m_principals.add( Role.ALL );
-
- // If login succeeds, remove these principals/roles
- m_principalsToOverwrite.add( WikiPrincipal.GUEST );
- m_principalsToOverwrite.add( Role.ANONYMOUS );
- m_principalsToOverwrite.add( Role.ASSERTED );
-
- // If login fails, remove these roles
- m_principalsToRemove.add( Role.AUTHENTICATED );
-
return true;
}
catch( IOException e )
@@ -175,7 +162,7 @@
foundRoles.add( roles[i] );
if ( log.isDebugEnabled() )
{
- log.debug("Added Principal " + roles[i].getName() +
"." );
+ log.debug("Added container role " + roles[i].getName()
+ "." );
}
}
}
@@ -183,9 +170,6 @@
// Add these container roles if login succeeds
m_principals.addAll( foundRoles );
-
- // Make sure the same ones are removed if login fails
- m_principalsToRemove.addAll( foundRoles );
}
}
