]> git.argeo.org Git - lgpl/argeo-commons.git/blob - jackrabbit/ArgeoLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / jackrabbit / ArgeoLoginModule.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.security.jackrabbit;
17
18 import java.security.Principal;
19 import java.security.acl.Group;
20 import java.util.LinkedHashSet;
21 import java.util.Map;
22 import java.util.Set;
23
24 import javax.jcr.Credentials;
25 import javax.jcr.RepositoryException;
26 import javax.jcr.Session;
27 import javax.security.auth.callback.CallbackHandler;
28 import javax.security.auth.login.LoginException;
29
30 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
31 import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule;
32 import org.apache.jackrabbit.core.security.authentication.Authentication;
33 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
34 import org.argeo.security.SystemAuthentication;
35 import org.springframework.security.authentication.AnonymousAuthenticationToken;
36 import org.springframework.security.core.GrantedAuthority;
37 import org.springframework.security.core.context.SecurityContextHolder;
38
39 /** Jackrabbit login mechanism based on Spring Security */
40 public class ArgeoLoginModule extends AbstractLoginModule {
41 private String adminRole = "ROLE_ADMIN";
42
43 /**
44 * Returns the Spring {@link org.springframework.security.Authentication}
45 * (which can be null)
46 */
47 @Override
48 protected Principal getPrincipal(Credentials credentials) {
49 return SecurityContextHolder.getContext().getAuthentication();
50 }
51
52 protected Set<Principal> getPrincipals() {
53 // use linked HashSet instead of HashSet in order to maintain the order
54 // of principals (as in the Subject).
55 org.springframework.security.core.Authentication authen = (org.springframework.security.core.Authentication) principal;
56
57 Set<Principal> principals = new LinkedHashSet<Principal>();
58 principals.add(authen);
59
60 if (authen instanceof SystemAuthentication) {
61 principals.add(new AdminPrincipal(authen.getName()));
62 // principals.add(new ArgeoSystemPrincipal(authen.getName()));
63 } else if (authen instanceof AnonymousAuthenticationToken) {
64 principals.add(new AnonymousPrincipal());
65 } else {
66 for (GrantedAuthority ga : authen.getAuthorities()) {
67 if (ga instanceof Principal)
68 principals.add((Principal) ga);
69 // FIXME: make it more generic
70 if (adminRole.equals(ga.getAuthority()))
71 principals.add(new AdminPrincipal(authen.getName()));
72 }
73 }
74
75 // remove previous credentials
76 // Set<SimpleCredentials> thisCredentials = subject
77 // .getPublicCredentials(SimpleCredentials.class);
78 // if (thisCredentials != null)
79 // thisCredentials.clear();
80
81 return principals;
82 }
83
84 /**
85 * Super implementation removes all {@link Principal}, the Spring
86 * {@link org.springframework.security.Authentication} as well. Here we
87 * simply clear Jackrabbit related {@link Principal}s.
88 */
89 // @Override
90 // public boolean logout() throws LoginException {
91 // Set<Principal> principals = subject.getPrincipals();
92 // for (Principal principal : subject.getPrincipals()) {
93 // if ((principal instanceof AdminPrincipal)
94 // || (principal instanceof ArgeoSystemPrincipal)
95 // || (principal instanceof AnonymousPrincipal)
96 // || (principal instanceof GrantedAuthority)) {
97 // principals.remove(principal);
98 // }
99 // }
100 // // clearPrincipals(AdminPrincipal.class);
101 // // clearPrincipals(ArgeoSystemPrincipal.class);
102 // // clearPrincipals(AnonymousPrincipal.class);
103 // // clearPrincipals(GrantedAuthority.class);
104 // return true;
105 // }
106
107 // private <T extends Principal> void clearPrincipals(Class<T> clss) {
108 // Set<T> principals = subject.getPrincipals(clss);
109 // if (principals != null)
110 // principals.clear();
111 // }
112
113 @SuppressWarnings("rawtypes")
114 @Override
115 protected void doInit(CallbackHandler callbackHandler, Session session,
116 Map options) throws LoginException {
117 }
118
119 @Override
120 protected boolean impersonate(Principal principal, Credentials credentials)
121 throws RepositoryException, LoginException {
122 throw new UnsupportedOperationException(
123 "Impersonation is not yet supported");
124 }
125
126 @Override
127 protected Authentication getAuthentication(final Principal principal,
128 Credentials creds) throws RepositoryException {
129 if (principal instanceof Group) {
130 return null;
131 }
132 return new Authentication() {
133 public boolean canHandle(Credentials credentials) {
134 return principal instanceof org.springframework.security.core.Authentication;
135 }
136
137 public boolean authenticate(Credentials credentials)
138 throws RepositoryException {
139 return ((org.springframework.security.core.Authentication) principal)
140 .isAuthenticated();
141 }
142 };
143 }
144
145 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi