]> git.argeo.org Git - lgpl/argeo-commons.git/blob - jackrabbit/ArgeoSecurityManager.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / jackrabbit / ArgeoSecurityManager.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.security.jackrabbit;
17
18 import java.security.Principal;
19 import java.util.Set;
20
21 import javax.jcr.RepositoryException;
22 import javax.jcr.Session;
23 import javax.security.auth.Subject;
24
25 import org.apache.jackrabbit.api.security.user.UserManager;
26 import org.apache.jackrabbit.core.DefaultSecurityManager;
27 import org.apache.jackrabbit.core.security.AMContext;
28 import org.apache.jackrabbit.core.security.AccessManager;
29 import org.apache.jackrabbit.core.security.SecurityConstants;
30 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
31 import org.springframework.security.core.Authentication;
32 import org.springframework.security.core.context.SecurityContextHolder;
33
34 /** Integrates Spring Security and Jackrabbit Security users and roles. */
35 public class ArgeoSecurityManager extends DefaultSecurityManager {
36 @Override
37 public AccessManager getAccessManager(Session session, AMContext amContext)
38 throws RepositoryException {
39 synchronized (getSystemSession()) {
40 return super.getAccessManager(session, amContext);
41 }
42 }
43
44 @Override
45 public UserManager getUserManager(Session session)
46 throws RepositoryException {
47 synchronized (getSystemSession()) {
48 return super.getUserManager(session);
49 }
50 }
51
52 /**
53 * Since this is called once when the session is created, we take the
54 * opportunity to make sure that Jackrabbit users and groups reflect Spring
55 * Security name and authorities.
56 */
57 @Override
58 public String getUserID(Subject subject, String workspaceName)
59 throws RepositoryException {
60 Authentication authentication = SecurityContextHolder.getContext()
61 .getAuthentication();
62 if (authentication != null)
63 return authentication.getName();
64 else
65 return super.getUserID(subject, workspaceName);
66 }
67
68 @Override
69 protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
70 WorkspaceAccessManager wam = super
71 .createDefaultWorkspaceAccessManager();
72 return new ArgeoWorkspaceAccessManagerImpl(wam);
73 }
74
75 private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
76 WorkspaceAccessManager {
77 private final WorkspaceAccessManager wam;
78
79 public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
80 super();
81 this.wam = wam;
82 }
83
84 public void init(Session systemSession) throws RepositoryException {
85 wam.init(systemSession);
86 }
87
88 public void close() throws RepositoryException {
89 }
90
91 public boolean grants(Set<Principal> principals, String workspaceName)
92 throws RepositoryException {
93 // TODO: implements finer access to workspaces
94 return true;
95 }
96 }
97
98 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi