org.argeo.security.core/src/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jcr;
  17
  18 import java.util.ArrayList;
  19 import java.util.Dictionary;
  20 import java.util.Hashtable;
  21 import java.util.List;
  22
  23 import javax.jcr.Node;
  24 import javax.jcr.Repository;
  25 import javax.jcr.RepositoryException;
  26 import javax.jcr.RepositoryFactory;
  27 import javax.jcr.Session;
  28 import javax.jcr.SimpleCredentials;
  29 import javax.jcr.Value;
  30
  31 import org.argeo.ArgeoException;
  32 import org.argeo.jcr.ArgeoJcrConstants;
  33 import org.argeo.jcr.ArgeoNames;
  34 import org.argeo.jcr.UserJcrUtils;
  35 import org.argeo.security.NodeAuthenticationToken;
  36 import org.osgi.framework.BundleContext;
  37 import org.springframework.security.authentication.AuthenticationProvider;
  38 import org.springframework.security.authentication.BadCredentialsException;
  39 import org.springframework.security.core.Authentication;
  40 import org.springframework.security.core.AuthenticationException;
  41 import org.springframework.security.core.GrantedAuthority;
  42 import org.springframework.security.core.authority.SimpleGrantedAuthority;
  43
  44 /** Connects to a JCR repository and delegates authentication to it. */
  45 public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
  46                 ArgeoNames {
  47         private RepositoryFactory repositoryFactory;
  48         private BundleContext bundleContext;
  49
  50         public final static String ROLE_REMOTE = "ROLE_REMOTE";
  51
  52         public Authentication authenticate(Authentication authentication)
  53                         throws AuthenticationException {
  54                 NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
  55                 String url = siteAuth.getUrl();
  56                 if (url == null)// TODO? login on own node
  57                         throw new ArgeoException("No url set in " + siteAuth);
  58                 Session session;
  59
  60                 Node userProfile;
  61                 try {
  62                         SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
  63                                         siteAuth.getCredentials().toString().toCharArray());
  64                         // get repository
  65                         Repository repository = new RemoteJcrRepositoryWrapper(
  66                                         repositoryFactory, url, sp);
  67                         if (bundleContext != null) {
  68                                 Dictionary<String, String> serviceProperties = new Hashtable<String, String>();
  69                                 serviceProperties.put(ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
  70                                                 ArgeoJcrConstants.ALIAS_NODE);
  71                                 serviceProperties
  72                                                 .put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
  73                                 bundleContext.registerService(Repository.class.getName(),
  74                                                 repository, serviceProperties);
  75                         }
  76                         // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
  77                         // repositoryFactory, url);
  78                         // if (repository == null)
  79                         // throw new ArgeoException("Cannot connect to " + url);
  80
  81                         session = repository.login(sp, null);
  82
  83                         userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
  84                         JcrUserDetails.checkAccountStatus(userProfile);
  85
  86                         // Node userHome = UserJcrUtils.getUserHome(session);
  87                         // if (userHome == null ||
  88                         // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
  89                         // throw new ArgeoException("No profile for user "
  90                         // + siteAuth.getName() + " in security workspace "
  91                         // + siteAuth.getSecurityWorkspace() + " of "
  92                         // + siteAuth.getUrl());
  93                         // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
  94                 } catch (RepositoryException e) {
  95                         throw new BadCredentialsException(
  96                                         "Cannot authenticate " + siteAuth, e);
  97                 }
  98
  99                 try {
 100                         // Node userHome = UserJcrUtils.getUserHome(session);
 101                         // retrieve remote roles
 102                         List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
 103                         if (userProfile != null
 104                                         && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
 105                                 Value[] roles = userProfile.getProperty(
 106                                                 ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
 107                                 for (int i = 0; i < roles.length; i++)
 108                                         authoritiesList.add(new SimpleGrantedAuthority(roles[i]
 109                                                         .getString()));
 110                         }
 111                         authoritiesList.add(new SimpleGrantedAuthority(ROLE_REMOTE));
 112
 113                         // create authenticated objects
 114                         // GrantedAuthority[] authorities = authoritiesList
 115                         // .toArray(new GrantedAuthority[authoritiesList.size()]);
 116                         JcrUserDetails userDetails = new JcrUserDetails(userProfile,
 117                                         siteAuth.getCredentials().toString(), authoritiesList);
 118                         NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
 119                                         siteAuth, authoritiesList);
 120                         authenticated.setDetails(userDetails);
 121                         return authenticated;
 122                 } catch (RepositoryException e) {
 123                         throw new ArgeoException(
 124                                         "Unexpected exception when authenticating to " + url, e);
 125                 }
 126         }
 127
 128         @SuppressWarnings("rawtypes")
 129         public boolean supports(Class authentication) {
 130                 return NodeAuthenticationToken.class.isAssignableFrom(authentication);
 131         }
 132
 133         public void setRepositoryFactory(RepositoryFactory repositoryFactory) {
 134                 this.repositoryFactory = repositoryFactory;
 135         }
 136
 137         public void setBundleContext(BundleContext bundleContext) {
 138                 this.bundleContext = bundleContext;
 139         }
 140
 141 }