org.argeo.security.core/src/org/argeo/security/jcr/JcrUserDetails.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jcr;
  17
  18 import java.util.ArrayList;
  19 import java.util.Collection;
  20 import java.util.List;
  21
  22 import javax.jcr.Node;
  23 import javax.jcr.Property;
  24 import javax.jcr.RepositoryException;
  25 import javax.jcr.Session;
  26
  27 import org.argeo.jcr.ArgeoNames;
  28 import org.argeo.jcr.UserJcrUtils;
  29 import org.springframework.security.authentication.BadCredentialsException;
  30 import org.springframework.security.authentication.DisabledException;
  31 import org.springframework.security.authentication.LockedException;
  32 import org.springframework.security.core.GrantedAuthority;
  33 import org.springframework.security.core.authority.SimpleGrantedAuthority;
  34 import org.springframework.security.core.userdetails.User;
  35
  36 /** User details based on a user profile node. */
  37 public class JcrUserDetails extends User implements ArgeoNames {
  38         private static final long serialVersionUID = -8142764995842559646L;
  39         private final String homePath;
  40         private final String securityWorkspace;
  41
  42         /** Human readable user name */
  43         private String displayName;
  44
  45         protected JcrUserDetails(String securityWorkspace, String homePath,
  46                         String username, String password, boolean enabled,
  47                         boolean accountNonExpired, boolean credentialsNonExpired,
  48                         boolean accountNonLocked,
  49                         Collection<? extends GrantedAuthority> authorities)
  50                         throws IllegalArgumentException {
  51                 super(username, password, enabled, accountNonExpired,
  52                                 credentialsNonExpired, accountNonLocked, authorities);
  53                 this.homePath = homePath;
  54                 this.securityWorkspace = securityWorkspace;
  55         }
  56
  57         public JcrUserDetails(Node userProfile, String password,
  58                         Collection<? extends GrantedAuthority> authorities)
  59                         throws RepositoryException {
  60                 super(
  61                                 userProfile.getProperty(ARGEO_USER_ID).getString(),
  62                                 password,
  63                                 userProfile.getProperty(ARGEO_ENABLED).getBoolean(),
  64                                 userProfile.getProperty(ARGEO_ACCOUNT_NON_EXPIRED).getBoolean(),
  65                                 userProfile.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED)
  66                                                 .getBoolean(), userProfile.getProperty(
  67                                                 ARGEO_ACCOUNT_NON_LOCKED).getBoolean(), authorities);
  68                 // human readable name
  69                 if (userProfile.hasProperty(Property.JCR_TITLE)) {
  70                         displayName = userProfile.getProperty(Property.JCR_TITLE)
  71                                         .getString();
  72                         if (displayName.trim().equals(""))
  73                                 displayName = null;
  74                 }
  75                 if (displayName == null)
  76                         displayName = userProfile.getProperty(ARGEO_USER_ID).getString();
  77                 // home is defined as the parent of the profile
  78                 homePath = userProfile.getParent().getPath();
  79                 securityWorkspace = userProfile.getSession().getWorkspace().getName();
  80         }
  81
  82         /**
  83          * Convenience constructor
  84          *
  85          * @param session
  86          *            the security session
  87          * @param username
  88          *            the username
  89          * @param password
  90          *            the password, can be null
  91          * @param authorities
  92          *            the granted authorities
  93          */
  94         public JcrUserDetails(Session session, String username, String password,
  95                         Collection<? extends GrantedAuthority> authorities)
  96                         throws RepositoryException {
  97                 this(UserJcrUtils.getUserProfile(session, username),
  98                                 password != null ? password : "", authorities);
  99         }
 100
 101         /**
 102          * Check the account status in JCR, throwing the exceptions expected by
 103          * Spring security if needed.
 104          */
 105         public static void checkAccountStatus(Node userProfile) {
 106                 try {
 107                         if (!userProfile.getProperty(ARGEO_ENABLED).getBoolean())
 108                                 throw new DisabledException(userProfile.getPath()
 109                                                 + " is disabled");
 110                         if (!userProfile.getProperty(ARGEO_ACCOUNT_NON_LOCKED).getBoolean())
 111                                 throw new LockedException(userProfile.getPath() + " is locked");
 112                 } catch (RepositoryException e) {
 113                         throw new BadCredentialsException("Cannot check account status", e);
 114                 }
 115         }
 116
 117         /** Clone immutable with new roles */
 118         public JcrUserDetails cloneWithNewRoles(List<String> roles) {
 119                 List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
 120                 for (String role : roles) {
 121                         authorities.add(new SimpleGrantedAuthority(role));
 122                 }
 123                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 124                                 getPassword(), isEnabled(), isAccountNonExpired(),
 125                                 isAccountNonExpired(), isAccountNonLocked(), authorities);
 126         }
 127
 128         /** Clone immutable with new password */
 129         public JcrUserDetails cloneWithNewPassword(String password) {
 130                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 131                                 password, isEnabled(), isAccountNonExpired(),
 132                                 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
 133         }
 134
 135         public String getHomePath() {
 136                 return homePath;
 137         }
 138
 139         /** Not yet API */
 140         public String getSecurityWorkspace() {
 141                 return securityWorkspace;
 142         }
 143
 144         /** The human readable name of this user */
 145         public String getDisplayName() {
 146                 return displayName;
 147         }
 148
 149         @Override
 150         public String toString() {
 151                 return getDisplayName();
 152         }
 153
 154 }