2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.cms
.internal
.auth
;
18 import java
.util
.ArrayList
;
19 import java
.util
.Dictionary
;
20 import java
.util
.Hashtable
;
21 import java
.util
.List
;
23 import javax
.jcr
.Node
;
24 import javax
.jcr
.Repository
;
25 import javax
.jcr
.RepositoryException
;
26 import javax
.jcr
.RepositoryFactory
;
27 import javax
.jcr
.Session
;
28 import javax
.jcr
.SimpleCredentials
;
29 import javax
.jcr
.Value
;
31 import org
.argeo
.ArgeoException
;
32 import org
.argeo
.jcr
.ArgeoJcrConstants
;
33 import org
.argeo
.jcr
.ArgeoNames
;
34 import org
.argeo
.jcr
.UserJcrUtils
;
35 import org
.argeo
.security
.NodeAuthenticationToken
;
36 import org
.argeo
.security
.jcr
.JcrUserDetails
;
37 import org
.argeo
.security
.jcr
.RemoteJcrRepositoryWrapper
;
38 import org
.osgi
.framework
.BundleContext
;
39 import org
.springframework
.security
.authentication
.AuthenticationProvider
;
40 import org
.springframework
.security
.authentication
.BadCredentialsException
;
41 import org
.springframework
.security
.core
.Authentication
;
42 import org
.springframework
.security
.core
.AuthenticationException
;
43 import org
.springframework
.security
.core
.GrantedAuthority
;
44 import org
.springframework
.security
.core
.authority
.SimpleGrantedAuthority
;
46 /** Connects to a JCR repository and delegates authentication to it. */
47 public class RemoteJcrAuthenticationProvider
implements AuthenticationProvider
,
49 private RepositoryFactory repositoryFactory
;
50 private BundleContext bundleContext
;
52 public final static String ROLE_REMOTE
= "ROLE_REMOTE";
54 public Authentication
authenticate(Authentication authentication
)
55 throws AuthenticationException
{
56 NodeAuthenticationToken siteAuth
= (NodeAuthenticationToken
) authentication
;
57 String url
= siteAuth
.getUrl();
58 if (url
== null)// TODO? login on own node
59 throw new ArgeoException("No url set in " + siteAuth
);
64 SimpleCredentials sp
= new SimpleCredentials(siteAuth
.getName(),
65 siteAuth
.getCredentials().toString().toCharArray());
67 Repository repository
= new RemoteJcrRepositoryWrapper(
68 repositoryFactory
, url
, sp
);
69 if (bundleContext
!= null) {
70 Dictionary
<String
, String
> serviceProperties
= new Hashtable
<String
, String
>();
71 serviceProperties
.put(ArgeoJcrConstants
.JCR_REPOSITORY_ALIAS
,
72 ArgeoJcrConstants
.ALIAS_NODE
);
74 .put(ArgeoJcrConstants
.JCR_REPOSITORY_URI
, url
);
75 bundleContext
.registerService(Repository
.class.getName(),
76 repository
, serviceProperties
);
78 // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
79 // repositoryFactory, url);
80 // if (repository == null)
81 // throw new ArgeoException("Cannot connect to " + url);
83 session
= repository
.login(sp
, null);
85 userProfile
= UserJcrUtils
.getUserProfile(session
, sp
.getUserID());
86 JcrUserDetails
.checkAccountStatus(userProfile
);
88 // Node userHome = UserJcrUtils.getUserHome(session);
89 // if (userHome == null ||
90 // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
91 // throw new ArgeoException("No profile for user "
92 // + siteAuth.getName() + " in security workspace "
93 // + siteAuth.getSecurityWorkspace() + " of "
94 // + siteAuth.getUrl());
95 // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
96 } catch (RepositoryException e
) {
97 throw new BadCredentialsException(
98 "Cannot authenticate " + siteAuth
, e
);
102 // Node userHome = UserJcrUtils.getUserHome(session);
103 // retrieve remote roles
104 List
<GrantedAuthority
> authoritiesList
= new ArrayList
<GrantedAuthority
>();
105 if (userProfile
!= null
106 && userProfile
.hasProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
)) {
107 Value
[] roles
= userProfile
.getProperty(
108 ArgeoNames
.ARGEO_REMOTE_ROLES
).getValues();
109 for (int i
= 0; i
< roles
.length
; i
++)
110 authoritiesList
.add(new SimpleGrantedAuthority(roles
[i
]
113 authoritiesList
.add(new SimpleGrantedAuthority(ROLE_REMOTE
));
115 // create authenticated objects
116 // GrantedAuthority[] authorities = authoritiesList
117 // .toArray(new GrantedAuthority[authoritiesList.size()]);
118 JcrUserDetails userDetails
= new JcrUserDetails(userProfile
,
119 siteAuth
.getCredentials().toString(), authoritiesList
);
120 NodeAuthenticationToken authenticated
= new NodeAuthenticationToken(
121 siteAuth
, authoritiesList
);
122 authenticated
.setDetails(userDetails
);
123 return authenticated
;
124 } catch (RepositoryException e
) {
125 throw new ArgeoException(
126 "Unexpected exception when authenticating to " + url
, e
);
130 @SuppressWarnings("rawtypes")
131 public boolean supports(Class authentication
) {
132 return NodeAuthenticationToken
.class.isAssignableFrom(authentication
);
135 public void setRepositoryFactory(RepositoryFactory repositoryFactory
) {
136 this.repositoryFactory
= repositoryFactory
;
139 public void setBundleContext(BundleContext bundleContext
) {
140 this.bundleContext
= bundleContext
;