2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.cms
.internal
.useradmin
.ldap
;
18 import java
.util
.Collection
;
19 import java
.util
.UUID
;
21 import javax
.jcr
.Node
;
22 import javax
.jcr
.Repository
;
23 import javax
.jcr
.RepositoryException
;
24 import javax
.jcr
.Session
;
26 import org
.argeo
.ArgeoException
;
27 import org
.argeo
.jcr
.ArgeoNames
;
28 import org
.argeo
.jcr
.JcrUtils
;
29 import org
.argeo
.jcr
.UserJcrUtils
;
30 import org
.argeo
.security
.jcr
.JcrUserDetails
;
31 import org
.springframework
.ldap
.core
.DirContextAdapter
;
32 import org
.springframework
.ldap
.core
.DirContextOperations
;
33 import org
.springframework
.security
.core
.GrantedAuthority
;
34 import org
.springframework
.security
.core
.userdetails
.UserDetails
;
35 import org
.springframework
.security
.ldap
.userdetails
.UserDetailsContextMapper
;
37 /** @deprecated Read only mapping from LDAP to user details */
39 public class JcrUserDetailsContextMapper
implements UserDetailsContextMapper
,
41 /** Admin session on the security workspace */
42 private Session securitySession
;
43 private Repository repository
;
44 private String securityWorkspace
= "security";
48 securitySession
= repository
.login(securityWorkspace
);
49 } catch (RepositoryException e
) {
50 JcrUtils
.logoutQuietly(securitySession
);
51 throw new ArgeoException(
52 "Cannot initialize LDAP/JCR user details context mapper", e
);
56 public void destroy() {
57 JcrUtils
.logoutQuietly(securitySession
);
60 /** Called during authentication in order to retrieve user details */
61 public UserDetails
mapUserFromContext(final DirContextOperations ctx
,
62 final String username
,
63 Collection
<?
extends GrantedAuthority
> authorities
) {
65 throw new ArgeoException("No LDAP information for user " + username
);
66 Node userHome
= UserJcrUtils
.getUserHome(securitySession
, username
);
68 throw new ArgeoException("No JCR information for user " + username
);
71 // SortedSet<?> passwordAttributes = ctx
72 // .getAttributeSortedStringSet(passwordAttribute);
74 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
75 // throw new ArgeoException("No password found for user " + username);
77 // byte[] arr = (byte[]) passwordAttributes.first();
78 // password = new String(arr);
80 // Arrays.fill(arr, (byte) 0);
84 // we don't have access to password, so let's not pretend
85 String password
= UUID
.randomUUID().toString();
86 return new JcrUserDetails(userHome
.getNode(ARGEO_PROFILE
),
87 password
, authorities
);
88 } catch (RepositoryException e
) {
89 throw new ArgeoException("Cannot retrieve user details for "
94 public void mapUserToContext(UserDetails user
, final DirContextAdapter ctx
) {
95 throw new UnsupportedOperationException("LDAP access is read-only");