org.argeo.cms/src/org/argeo/cms/internal/auth/RemoteJcrAuthenticationProvider.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.cms.internal.auth;
  17
  18 import java.util.ArrayList;
  19 import java.util.Dictionary;
  20 import java.util.Hashtable;
  21 import java.util.List;
  22
  23 import javax.jcr.Node;
  24 import javax.jcr.Repository;
  25 import javax.jcr.RepositoryException;
  26 import javax.jcr.RepositoryFactory;
  27 import javax.jcr.Session;
  28 import javax.jcr.SimpleCredentials;
  29 import javax.jcr.Value;
  30
  31 import org.argeo.ArgeoException;
  32 import org.argeo.jcr.ArgeoJcrConstants;
  33 import org.argeo.jcr.ArgeoNames;
  34 import org.argeo.jcr.UserJcrUtils;
  35 import org.argeo.security.NodeAuthenticationToken;
  36 import org.argeo.security.jcr.JcrUserDetails;
  37 import org.argeo.security.jcr.RemoteJcrRepositoryWrapper;
  38 import org.osgi.framework.BundleContext;
  39 import org.springframework.security.authentication.AuthenticationProvider;
  40 import org.springframework.security.authentication.BadCredentialsException;
  41 import org.springframework.security.core.Authentication;
  42 import org.springframework.security.core.AuthenticationException;
  43 import org.springframework.security.core.GrantedAuthority;
  44 import org.springframework.security.core.authority.SimpleGrantedAuthority;
  45
  46 /** Connects to a JCR repository and delegates authentication to it. */
  47 public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
  48                 ArgeoNames {
  49         private RepositoryFactory repositoryFactory;
  50         private BundleContext bundleContext;
  51
  52         public final static String ROLE_REMOTE = "ROLE_REMOTE";
  53
  54         public Authentication authenticate(Authentication authentication)
  55                         throws AuthenticationException {
  56                 NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
  57                 String url = siteAuth.getUrl();
  58                 if (url == null)// TODO? login on own node
  59                         throw new ArgeoException("No url set in " + siteAuth);
  60                 Session session;
  61
  62                 Node userProfile;
  63                 try {
  64                         SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
  65                                         siteAuth.getCredentials().toString().toCharArray());
  66                         // get repository
  67                         Repository repository = new RemoteJcrRepositoryWrapper(
  68                                         repositoryFactory, url, sp);
  69                         if (bundleContext != null) {
  70                                 Dictionary<String, String> serviceProperties = new Hashtable<String, String>();
  71                                 serviceProperties.put(ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
  72                                                 ArgeoJcrConstants.ALIAS_NODE);
  73                                 serviceProperties
  74                                                 .put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
  75                                 bundleContext.registerService(Repository.class.getName(),
  76                                                 repository, serviceProperties);
  77                         }
  78                         // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
  79                         // repositoryFactory, url);
  80                         // if (repository == null)
  81                         // throw new ArgeoException("Cannot connect to " + url);
  82
  83                         session = repository.login(sp, null);
  84
  85                         userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
  86                         JcrUserDetails.checkAccountStatus(userProfile);
  87
  88                         // Node userHome = UserJcrUtils.getUserHome(session);
  89                         // if (userHome == null ||
  90                         // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
  91                         // throw new ArgeoException("No profile for user "
  92                         // + siteAuth.getName() + " in security workspace "
  93                         // + siteAuth.getSecurityWorkspace() + " of "
  94                         // + siteAuth.getUrl());
  95                         // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
  96                 } catch (RepositoryException e) {
  97                         throw new BadCredentialsException(
  98                                         "Cannot authenticate " + siteAuth, e);
  99                 }
 100
 101                 try {
 102                         // Node userHome = UserJcrUtils.getUserHome(session);
 103                         // retrieve remote roles
 104                         List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
 105                         if (userProfile != null
 106                                         && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
 107                                 Value[] roles = userProfile.getProperty(
 108                                                 ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
 109                                 for (int i = 0; i < roles.length; i++)
 110                                         authoritiesList.add(new SimpleGrantedAuthority(roles[i]
 111                                                         .getString()));
 112                         }
 113                         authoritiesList.add(new SimpleGrantedAuthority(ROLE_REMOTE));
 114
 115                         // create authenticated objects
 116                         // GrantedAuthority[] authorities = authoritiesList
 117                         // .toArray(new GrantedAuthority[authoritiesList.size()]);
 118                         JcrUserDetails userDetails = new JcrUserDetails(userProfile,
 119                                         siteAuth.getCredentials().toString(), authoritiesList);
 120                         NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
 121                                         siteAuth, authoritiesList);
 122                         authenticated.setDetails(userDetails);
 123                         return authenticated;
 124                 } catch (RepositoryException e) {
 125                         throw new ArgeoException(
 126                                         "Unexpected exception when authenticating to " + url, e);
 127                 }
 128         }
 129
 130         @SuppressWarnings("rawtypes")
 131         public boolean supports(Class authentication) {
 132                 return NodeAuthenticationToken.class.isAssignableFrom(authentication);
 133         }
 134
 135         public void setRepositoryFactory(RepositoryFactory repositoryFactory) {
 136                 this.repositoryFactory = repositoryFactory;
 137         }
 138
 139         public void setBundleContext(BundleContext bundleContext) {
 140                 this.bundleContext = bundleContext;
 141         }
 142
 143 }