2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.ldap
.jcr
;
18 import java
.util
.UUID
;
20 import javax
.jcr
.Node
;
21 import javax
.jcr
.Repository
;
22 import javax
.jcr
.RepositoryException
;
23 import javax
.jcr
.Session
;
25 import org
.argeo
.ArgeoException
;
26 import org
.argeo
.jcr
.ArgeoNames
;
27 import org
.argeo
.jcr
.JcrUtils
;
28 import org
.argeo
.jcr
.UserJcrUtils
;
29 import org
.argeo
.security
.jcr
.JcrUserDetails
;
30 import org
.springframework
.ldap
.core
.DirContextAdapter
;
31 import org
.springframework
.ldap
.core
.DirContextOperations
;
32 import org
.springframework
.security
.GrantedAuthority
;
33 import org
.springframework
.security
.userdetails
.UserDetails
;
34 import org
.springframework
.security
.userdetails
.ldap
.UserDetailsContextMapper
;
36 /** @deprecated Read only mapping from LDAP to user details */
38 public class JcrUserDetailsContextMapper
implements UserDetailsContextMapper
,
40 /** Admin session on the security workspace */
41 private Session securitySession
;
42 private Repository repository
;
43 private String securityWorkspace
= "security";
47 securitySession
= repository
.login(securityWorkspace
);
48 } catch (RepositoryException e
) {
49 JcrUtils
.logoutQuietly(securitySession
);
50 throw new ArgeoException(
51 "Cannot initialize LDAP/JCR user details context mapper", e
);
55 public void destroy() {
56 JcrUtils
.logoutQuietly(securitySession
);
59 /** Called during authentication in order to retrieve user details */
60 public UserDetails
mapUserFromContext(final DirContextOperations ctx
,
61 final String username
, GrantedAuthority
[] authorities
) {
63 throw new ArgeoException("No LDAP information for user " + username
);
64 Node userHome
= UserJcrUtils
.getUserHome(securitySession
, username
);
66 throw new ArgeoException("No JCR information for user " + username
);
69 // SortedSet<?> passwordAttributes = ctx
70 // .getAttributeSortedStringSet(passwordAttribute);
72 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
73 // throw new ArgeoException("No password found for user " + username);
75 // byte[] arr = (byte[]) passwordAttributes.first();
76 // password = new String(arr);
78 // Arrays.fill(arr, (byte) 0);
82 // we don't have access to password, so let's not pretend
83 String password
= UUID
.randomUUID().toString();
84 return new JcrUserDetails(userHome
.getNode(ARGEO_PROFILE
),
85 password
, authorities
);
86 } catch (RepositoryException e
) {
87 throw new ArgeoException("Cannot retrieve user details for "
92 public void mapUserToContext(UserDetails user
, final DirContextAdapter ctx
) {
93 throw new UnsupportedOperationException("LDAP access is read-only");