org.argeo.cms/src/org/argeo/cms/internal/auth/OsJcrAuthenticationProvider.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.internal.auth;
  17
  18 import java.util.Collection;
  19
  20 import javax.jcr.Node;
  21 import javax.jcr.Repository;
  22 import javax.jcr.RepositoryException;
  23 import javax.jcr.Session;
  24
  25 import org.argeo.ArgeoException;
  26 import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel;
  27 import org.argeo.jcr.JcrUtils;
  28 import org.argeo.security.OsAuthenticationToken;
  29 import org.argeo.security.SecurityUtils;
  30 import org.argeo.security.core.OsAuthenticationProvider;
  31 import org.argeo.security.jcr.JcrUserDetails;
  32 import org.springframework.security.authentication.BadCredentialsException;
  33 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  34 import org.springframework.security.core.Authentication;
  35 import org.springframework.security.core.AuthenticationException;
  36 import org.springframework.security.core.GrantedAuthority;
  37 import org.springframework.security.core.userdetails.UserDetails;
  38
  39 /** Relies on OS to authenticate and additionally setup JCR */
  40 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
  41         private Repository repository;
  42         private Session nodeSession;
  43
  44         private UserDetails userDetails;
  45         private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
  46
  47         private final static String JVM_OSUSER = System.getProperty("user.name");
  48
  49         public void init() {
  50                 try {
  51                         nodeSession = repository.login();
  52                 } catch (RepositoryException e) {
  53                         throw new ArgeoException("Cannot initialize", e);
  54                 }
  55         }
  56
  57         public void destroy() {
  58                 JcrUtils.logoutQuietly(nodeSession);
  59         }
  60
  61         public Authentication authenticate(Authentication authentication)
  62                         throws AuthenticationException {
  63                 if (authentication instanceof UsernamePasswordAuthenticationToken) {
  64                         // deal with remote access to internal server
  65                         // FIXME very primitive and unsecure at this sSession adminSession
  66                         // =tage
  67                         // consider using the keyring for username / password authentication
  68                         // or certificate
  69                         UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
  70                         if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
  71                                 throw new BadCredentialsException("Wrong credentials");
  72                         UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
  73                                         authentication.getPrincipal(),
  74                                         authentication.getCredentials(), getBaseAuthorities());
  75                         authen.setDetails(userDetails);
  76                         return authen;
  77                 } else if (authentication instanceof OsAuthenticationToken) {
  78                         OsAuthenticationToken authen = (OsAuthenticationToken) super
  79                                         .authenticate(authentication);
  80                         try {
  81                                 // WARNING: at this stage we assume that the java properties
  82                                 // will have the same value
  83                                 Collection<? extends GrantedAuthority> authorities = getBaseAuthorities();
  84                                 String username = JVM_OSUSER;
  85                                 Node userProfile = jcrSecurityModel.sync(nodeSession, username,
  86                                                 SecurityUtils.authoritiesToStringList(authorities));
  87                                 JcrUserDetails.checkAccountStatus(userProfile);
  88
  89                                 userDetails = new JcrUserDetails(userProfile, authen
  90                                                 .getCredentials().toString(), authorities);
  91                                 authen.setDetails(userDetails);
  92                                 return authen;
  93                         } catch (RepositoryException e) {
  94                                 JcrUtils.discardQuietly(nodeSession);
  95                                 throw new ArgeoException(
  96                                                 "Unexpected exception when synchronizing OS and JCR security ",
  97                                                 e);
  98                         }
  99                 } else {
 100                         throw new ArgeoException("Unsupported authentication "
 101                                         + authentication.getClass());
 102                 }
 103         }
 104
 105         public void setRepository(Repository repository) {
 106                 this.repository = repository;
 107         }
 108
 109         public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
 110                 this.jcrSecurityModel = jcrSecurityModel;
 111         }
 112
 113         @SuppressWarnings("rawtypes")
 114         public boolean supports(Class authentication) {
 115                 return OsAuthenticationToken.class.isAssignableFrom(authentication)
 116                                 || UsernamePasswordAuthenticationToken.class
 117                                                 .isAssignableFrom(authentication);
 118         }
 119 }