org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java

   1 package org.argeo.cms.internal.kernel;
   2
   3 import java.net.URL;
   4
   5 import javax.jcr.RepositoryException;
   6
   7 import org.apache.commons.logging.Log;
   8 import org.apache.commons.logging.LogFactory;
   9 import org.argeo.cms.CmsException;
  10 import org.argeo.cms.internal.useradmin.JcrUserAdmin;
  11 import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel;
  12 import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService;
  13 import org.argeo.security.OsAuthenticationToken;
  14 import org.argeo.security.UserAdminService;
  15 import org.argeo.security.core.InternalAuthentication;
  16 import org.argeo.security.core.InternalAuthenticationProvider;
  17 import org.argeo.security.core.OsAuthenticationProvider;
  18 import org.osgi.framework.BundleContext;
  19 import org.osgi.framework.ServiceRegistration;
  20 import org.osgi.service.useradmin.UserAdmin;
  21 import org.springframework.security.authentication.AnonymousAuthenticationProvider;
  22 import org.springframework.security.authentication.AnonymousAuthenticationToken;
  23 import org.springframework.security.authentication.AuthenticationManager;
  24 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  25 import org.springframework.security.core.Authentication;
  26 import org.springframework.security.core.AuthenticationException;
  27 import org.springframework.security.provisioning.UserDetailsManager;
  28
  29 /** Authentication and user management. */
  30 class NodeSecurity implements AuthenticationManager {
  31         private final static Log log = LogFactory.getLog(NodeSecurity.class);
  32
  33         private final BundleContext bundleContext;
  34
  35         private final OsAuthenticationProvider osAuth;
  36         private final InternalAuthenticationProvider internalAuth;
  37         private final AnonymousAuthenticationProvider anonymousAuth;
  38         private final JackrabbitUserAdminService userAdminService;
  39         private final JcrUserAdmin userAdmin;
  40
  41         private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
  42         private ServiceRegistration<UserAdminService> userAdminServiceReg;
  43         private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
  44
  45         private ServiceRegistration<UserAdmin> userAdminReg;
  46
  47         public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
  48                         throws RepositoryException {
  49                 URL url = getClass().getClassLoader().getResource(
  50                                 KernelConstants.JAAS_CONFIG);
  51                 System.setProperty("java.security.auth.login.config",
  52                                 url.toExternalForm());
  53
  54                 this.bundleContext = bundleContext;
  55
  56                 osAuth = new OsAuthenticationProvider();
  57                 internalAuth = new InternalAuthenticationProvider(
  58                                 Activator.getSystemKey());
  59                 anonymousAuth = new AnonymousAuthenticationProvider(
  60                                 Activator.getSystemKey());
  61
  62                 // user admin
  63                 userAdminService = new JackrabbitUserAdminService();
  64                 userAdminService.setRepository(node);
  65                 userAdminService.setSecurityModel(new SimpleJcrSecurityModel());
  66                 userAdminService.init();
  67
  68                 userAdmin = new JcrUserAdmin(bundleContext, node);
  69                 userAdmin.setUserAdminService(userAdminService);
  70         }
  71
  72         public void publish() {
  73                 authenticationManagerReg = bundleContext.registerService(
  74                                 AuthenticationManager.class, this, null);
  75                 userAdminServiceReg = bundleContext.registerService(
  76                                 UserAdminService.class, userAdminService, null);
  77                 userDetailsManagerReg = bundleContext.registerService(
  78                                 UserDetailsManager.class, userAdminService, null);
  79                 userAdminReg = bundleContext.registerService(UserAdmin.class,
  80                                 userAdmin, null);
  81         }
  82
  83         void destroy() {
  84                 try {
  85                         userAdminService.destroy();
  86                 } catch (RepositoryException e) {
  87                         log.error("Error while destroying Jackrabbit useradmin");
  88                 }
  89                 userDetailsManagerReg.unregister();
  90                 userAdminServiceReg.unregister();
  91                 authenticationManagerReg.unregister();
  92
  93                 userAdmin.destroy();
  94                 userAdminReg.unregister();
  95         }
  96
  97         @Override
  98         public Authentication authenticate(Authentication authentication)
  99                         throws AuthenticationException {
 100                 Authentication auth = null;
 101                 if (authentication instanceof InternalAuthentication)
 102                         auth = internalAuth.authenticate(authentication);
 103                 else if (authentication instanceof AnonymousAuthenticationToken)
 104                         auth = anonymousAuth.authenticate(authentication);
 105                 else if (authentication instanceof UsernamePasswordAuthenticationToken)
 106                         auth = userAdminService.authenticate(authentication);
 107                 else if (authentication instanceof OsAuthenticationToken)
 108                         auth = osAuth.authenticate(authentication);
 109                 if (auth == null)
 110                         throw new CmsException("Could not authenticate " + authentication);
 111                 return auth;
 112         }
 113 }