org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java

   1 package org.argeo.cms.internal.kernel;
   2
   3 import javax.jcr.RepositoryException;
   4 import javax.security.auth.spi.LoginModule;
   5
   6 import org.apache.commons.logging.Log;
   7 import org.apache.commons.logging.LogFactory;
   8 import org.argeo.cms.CmsException;
   9 import org.argeo.security.UserAdminService;
  10 import org.argeo.security.core.InternalAuthentication;
  11 import org.argeo.security.core.InternalAuthenticationProvider;
  12 import org.argeo.security.core.ThreadedLoginModule;
  13 import org.argeo.security.jcr.SimpleJcrSecurityModel;
  14 import org.argeo.security.jcr.jackrabbit.JackrabbitUserAdminService;
  15 import org.eclipse.rap.rwt.RWT;
  16 import org.eclipse.swt.widgets.Display;
  17 import org.osgi.framework.BundleContext;
  18 import org.osgi.framework.ServiceRegistration;
  19 import org.springframework.security.authentication.AnonymousAuthenticationProvider;
  20 import org.springframework.security.authentication.AnonymousAuthenticationToken;
  21 import org.springframework.security.authentication.AuthenticationManager;
  22 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  23 import org.springframework.security.core.Authentication;
  24 import org.springframework.security.core.AuthenticationException;
  25 import org.springframework.security.provisioning.UserDetailsManager;
  26
  27 /** Authentication and user management. */
  28 class NodeSecurity implements AuthenticationManager {
  29         private final static Log log = LogFactory.getLog(NodeSecurity.class);
  30
  31         private final BundleContext bundleContext;
  32
  33         private final InternalAuthenticationProvider internalAuth;
  34         private final AnonymousAuthenticationProvider anonymousAuth;
  35         private final JackrabbitUserAdminService jackrabbitUserAdmin;
  36         private Login loginModule;
  37
  38         private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
  39         private ServiceRegistration<UserAdminService> userAdminReg;
  40         private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
  41         private ServiceRegistration<LoginModule> loginModuleReg;
  42
  43         public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
  44                         throws RepositoryException {
  45                 this.bundleContext = bundleContext;
  46
  47                 internalAuth = new InternalAuthenticationProvider(
  48                                 KernelConstants.DEFAULT_SECURITY_KEY);
  49                 anonymousAuth = new AnonymousAuthenticationProvider(
  50                                 KernelConstants.DEFAULT_SECURITY_KEY);
  51
  52                 // user admin
  53                 jackrabbitUserAdmin = new JackrabbitUserAdminService();
  54                 jackrabbitUserAdmin.setRepository(node);
  55                 jackrabbitUserAdmin.setSecurityModel(new SimpleJcrSecurityModel());
  56                 jackrabbitUserAdmin.init();
  57
  58                 loginModule = new Login();
  59         }
  60
  61         public void publish() {
  62                 authenticationManagerReg = bundleContext.registerService(
  63                                 AuthenticationManager.class, this, null);
  64                 userAdminReg = bundleContext.registerService(UserAdminService.class,
  65                                 jackrabbitUserAdmin, null);
  66                 userDetailsManagerReg = bundleContext.registerService(
  67                                 UserDetailsManager.class, jackrabbitUserAdmin, null);
  68                 // userAdminReg =
  69                 // bundleContext.registerService(UserDetailsService.class,
  70                 // jackrabbitUserAdmin, null);
  71
  72                 loginModuleReg = bundleContext.registerService(LoginModule.class,
  73                                 loginModule, null);
  74         }
  75
  76         void destroy() {
  77                 try {
  78                         jackrabbitUserAdmin.destroy();
  79                 } catch (RepositoryException e) {
  80                         log.error("Error while destroying Jackrabbit useradmin");
  81                 }
  82                 userDetailsManagerReg.unregister();
  83                 userAdminReg.unregister();
  84                 authenticationManagerReg.unregister();
  85                 loginModuleReg.unregister();
  86         }
  87
  88         @Override
  89         public Authentication authenticate(Authentication authentication)
  90                         throws AuthenticationException {
  91                 Authentication auth = null;
  92                 if (authentication instanceof InternalAuthentication)
  93                         auth = internalAuth.authenticate(authentication);
  94                 else if (authentication instanceof AnonymousAuthenticationToken)
  95                         auth = anonymousAuth.authenticate(authentication);
  96                 else if (authentication instanceof UsernamePasswordAuthenticationToken)
  97                         auth = jackrabbitUserAdmin.authenticate(authentication);
  98                 if (auth == null)
  99                         throw new CmsException("Could not authenticate " + authentication);
 100                 return auth;
 101         }
 102
 103         private class Login extends ThreadedLoginModule {
 104
 105                 @Override
 106                 protected LoginModule createLoginModule() {
 107                         SpringLoginModule springLoginModule = new SpringLoginModule();
 108                         springLoginModule.setAuthenticationManager(NodeSecurity.this);
 109                         if (Display.getCurrent() != null) {
 110
 111                         }
 112                         return springLoginModule;
 113                 }
 114
 115         }
 116 }