2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.cms
.internal
.auth
;
18 import java
.util
.Collection
;
20 import javax
.jcr
.Node
;
21 import javax
.jcr
.Repository
;
22 import javax
.jcr
.RepositoryException
;
23 import javax
.jcr
.Session
;
25 import org
.argeo
.ArgeoException
;
26 import org
.argeo
.cms
.internal
.useradmin
.SimpleJcrSecurityModel
;
27 import org
.argeo
.jcr
.JcrUtils
;
28 import org
.argeo
.security
.OsAuthenticationToken
;
29 import org
.argeo
.security
.SecurityUtils
;
30 import org
.argeo
.security
.core
.OsAuthenticationProvider
;
31 import org
.argeo
.security
.jcr
.JcrUserDetails
;
32 import org
.springframework
.security
.authentication
.BadCredentialsException
;
33 import org
.springframework
.security
.authentication
.UsernamePasswordAuthenticationToken
;
34 import org
.springframework
.security
.core
.Authentication
;
35 import org
.springframework
.security
.core
.AuthenticationException
;
36 import org
.springframework
.security
.core
.GrantedAuthority
;
37 import org
.springframework
.security
.core
.userdetails
.UserDetails
;
39 /** Relies on OS to authenticate and additionally setup JCR */
40 public class OsJcrAuthenticationProvider
extends OsAuthenticationProvider
{
41 private Repository repository
;
42 private Session nodeSession
;
44 private UserDetails userDetails
;
45 private JcrSecurityModel jcrSecurityModel
= new SimpleJcrSecurityModel();
47 private final static String JVM_OSUSER
= System
.getProperty("user.name");
51 nodeSession
= repository
.login();
52 } catch (RepositoryException e
) {
53 throw new ArgeoException("Cannot initialize", e
);
57 public void destroy() {
58 JcrUtils
.logoutQuietly(nodeSession
);
61 public Authentication
authenticate(Authentication authentication
)
62 throws AuthenticationException
{
63 if (authentication
instanceof UsernamePasswordAuthenticationToken
) {
64 // deal with remote access to internal server
65 // FIXME very primitive and unsecure at this sSession adminSession
67 // consider using the keyring for username / password authentication
69 UsernamePasswordAuthenticationToken upat
= (UsernamePasswordAuthenticationToken
) authentication
;
70 if (!upat
.getPrincipal().toString().equals(JVM_OSUSER
))
71 throw new BadCredentialsException("Wrong credentials");
72 UsernamePasswordAuthenticationToken authen
= new UsernamePasswordAuthenticationToken(
73 authentication
.getPrincipal(),
74 authentication
.getCredentials(), getBaseAuthorities());
75 authen
.setDetails(userDetails
);
77 } else if (authentication
instanceof OsAuthenticationToken
) {
78 OsAuthenticationToken authen
= (OsAuthenticationToken
) super
79 .authenticate(authentication
);
81 // WARNING: at this stage we assume that the java properties
82 // will have the same value
83 Collection
<?
extends GrantedAuthority
> authorities
= getBaseAuthorities();
84 String username
= JVM_OSUSER
;
85 Node userProfile
= jcrSecurityModel
.sync(nodeSession
, username
,
86 SecurityUtils
.authoritiesToStringList(authorities
));
87 JcrUserDetails
.checkAccountStatus(userProfile
);
89 userDetails
= new JcrUserDetails(userProfile
, authen
90 .getCredentials().toString(), authorities
);
91 authen
.setDetails(userDetails
);
93 } catch (RepositoryException e
) {
94 JcrUtils
.discardQuietly(nodeSession
);
95 throw new ArgeoException(
96 "Unexpected exception when synchronizing OS and JCR security ",
100 throw new ArgeoException("Unsupported authentication "
101 + authentication
.getClass());
105 public void setRepository(Repository repository
) {
106 this.repository
= repository
;
109 public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel
) {
110 this.jcrSecurityModel
= jcrSecurityModel
;
113 @SuppressWarnings("rawtypes")
114 public boolean supports(Class authentication
) {
115 return OsAuthenticationToken
.class.isAssignableFrom(authentication
)
116 || UsernamePasswordAuthenticationToken
.class
117 .isAssignableFrom(authentication
);