2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jackrabbit
;
18 import java
.security
.Principal
;
21 import javax
.jcr
.RepositoryException
;
22 import javax
.jcr
.Session
;
23 import javax
.security
.auth
.Subject
;
25 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
26 import org
.apache
.jackrabbit
.core
.DefaultSecurityManager
;
27 import org
.apache
.jackrabbit
.core
.security
.AMContext
;
28 import org
.apache
.jackrabbit
.core
.security
.AccessManager
;
29 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
30 import org
.apache
.jackrabbit
.core
.security
.authorization
.WorkspaceAccessManager
;
31 import org
.springframework
.security
.core
.Authentication
;
32 import org
.springframework
.security
.core
.context
.SecurityContextHolder
;
34 /** Integrates Spring Security and Jackrabbit Security users and roles. */
35 public class ArgeoSecurityManager
extends DefaultSecurityManager
{
37 public AccessManager
getAccessManager(Session session
, AMContext amContext
)
38 throws RepositoryException
{
39 synchronized (getSystemSession()) {
40 return super.getAccessManager(session
, amContext
);
45 public UserManager
getUserManager(Session session
)
46 throws RepositoryException
{
47 synchronized (getSystemSession()) {
48 return super.getUserManager(session
);
53 * Since this is called once when the session is created, we take the
54 * opportunity to make sure that Jackrabbit users and groups reflect Spring
55 * Security name and authorities.
58 public String
getUserID(Subject subject
, String workspaceName
)
59 throws RepositoryException
{
60 Authentication authentication
= SecurityContextHolder
.getContext()
62 if (authentication
!= null)
63 return authentication
.getName();
65 return super.getUserID(subject
, workspaceName
);
69 protected WorkspaceAccessManager
createDefaultWorkspaceAccessManager() {
70 WorkspaceAccessManager wam
= super
71 .createDefaultWorkspaceAccessManager();
72 return new ArgeoWorkspaceAccessManagerImpl(wam
);
75 private class ArgeoWorkspaceAccessManagerImpl
implements SecurityConstants
,
76 WorkspaceAccessManager
{
77 private final WorkspaceAccessManager wam
;
79 public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam
) {
84 public void init(Session systemSession
) throws RepositoryException
{
85 wam
.init(systemSession
);
88 public void close() throws RepositoryException
{
91 public boolean grants(Set
<Principal
> principals
, String workspaceName
)
92 throws RepositoryException
{
93 // TODO: implements finer access to workspaces