2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jcr
;
18 import java
.util
.ArrayList
;
19 import java
.util
.Collection
;
20 import java
.util
.List
;
22 import javax
.jcr
.Node
;
23 import javax
.jcr
.Property
;
24 import javax
.jcr
.RepositoryException
;
25 import javax
.jcr
.Session
;
27 import org
.argeo
.jcr
.ArgeoNames
;
28 import org
.argeo
.jcr
.UserJcrUtils
;
29 import org
.springframework
.security
.authentication
.BadCredentialsException
;
30 import org
.springframework
.security
.authentication
.DisabledException
;
31 import org
.springframework
.security
.authentication
.LockedException
;
32 import org
.springframework
.security
.core
.GrantedAuthority
;
33 import org
.springframework
.security
.core
.authority
.SimpleGrantedAuthority
;
34 import org
.springframework
.security
.core
.userdetails
.User
;
36 /** User details based on a user profile node. */
37 public class JcrUserDetails
extends User
implements ArgeoNames
{
38 private static final long serialVersionUID
= -8142764995842559646L;
39 private final String homePath
;
40 private final String securityWorkspace
;
42 /** Human readable user name */
43 private String displayName
;
45 protected JcrUserDetails(String securityWorkspace
, String homePath
,
46 String username
, String password
, boolean enabled
,
47 boolean accountNonExpired
, boolean credentialsNonExpired
,
48 boolean accountNonLocked
,
49 Collection
<?
extends GrantedAuthority
> authorities
)
50 throws IllegalArgumentException
{
51 super(username
, password
, enabled
, accountNonExpired
,
52 credentialsNonExpired
, accountNonLocked
, authorities
);
53 this.homePath
= homePath
;
54 this.securityWorkspace
= securityWorkspace
;
57 public JcrUserDetails(Node userProfile
, String password
,
58 Collection
<?
extends GrantedAuthority
> authorities
)
59 throws RepositoryException
{
61 userProfile
.getProperty(ARGEO_USER_ID
).getString(),
63 userProfile
.getProperty(ARGEO_ENABLED
).getBoolean(),
64 userProfile
.getProperty(ARGEO_ACCOUNT_NON_EXPIRED
).getBoolean(),
65 userProfile
.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED
)
66 .getBoolean(), userProfile
.getProperty(
67 ARGEO_ACCOUNT_NON_LOCKED
).getBoolean(), authorities
);
68 // human readable name
69 if (userProfile
.hasProperty(Property
.JCR_TITLE
)) {
70 displayName
= userProfile
.getProperty(Property
.JCR_TITLE
)
72 if (displayName
.trim().equals(""))
75 if (displayName
== null)
76 displayName
= userProfile
.getProperty(ARGEO_USER_ID
).getString();
77 // home is defined as the parent of the profile
78 homePath
= userProfile
.getParent().getPath();
79 securityWorkspace
= userProfile
.getSession().getWorkspace().getName();
83 * Convenience constructor
86 * the security session
90 * the password, can be null
92 * the granted authorities
94 public JcrUserDetails(Session session
, String username
, String password
,
95 Collection
<?
extends GrantedAuthority
> authorities
)
96 throws RepositoryException
{
97 this(UserJcrUtils
.getUserProfile(session
, username
),
98 password
!= null ? password
: "", authorities
);
102 * Check the account status in JCR, throwing the exceptions expected by
103 * Spring security if needed.
105 public static void checkAccountStatus(Node userProfile
) {
107 if (!userProfile
.getProperty(ARGEO_ENABLED
).getBoolean())
108 throw new DisabledException(userProfile
.getPath()
110 if (!userProfile
.getProperty(ARGEO_ACCOUNT_NON_LOCKED
).getBoolean())
111 throw new LockedException(userProfile
.getPath() + " is locked");
112 } catch (RepositoryException e
) {
113 throw new BadCredentialsException("Cannot check account status", e
);
117 /** Clone immutable with new roles */
118 public JcrUserDetails
cloneWithNewRoles(List
<String
> roles
) {
119 List
<GrantedAuthority
> authorities
= new ArrayList
<GrantedAuthority
>();
120 for (String role
: roles
) {
121 authorities
.add(new SimpleGrantedAuthority(role
));
123 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
124 getPassword(), isEnabled(), isAccountNonExpired(),
125 isAccountNonExpired(), isAccountNonLocked(), authorities
);
128 /** Clone immutable with new password */
129 public JcrUserDetails
cloneWithNewPassword(String password
) {
130 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
131 password
, isEnabled(), isAccountNonExpired(),
132 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
135 public String
getHomePath() {
140 public String
getSecurityWorkspace() {
141 return securityWorkspace
;
144 /** The human readable name of this user */
145 public String
getDisplayName() {
150 public String
toString() {
151 return getDisplayName();