2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jcr
;
18 import java
.util
.ArrayList
;
19 import java
.util
.Dictionary
;
20 import java
.util
.Hashtable
;
21 import java
.util
.List
;
23 import javax
.jcr
.Node
;
24 import javax
.jcr
.Repository
;
25 import javax
.jcr
.RepositoryException
;
26 import javax
.jcr
.RepositoryFactory
;
27 import javax
.jcr
.Session
;
28 import javax
.jcr
.SimpleCredentials
;
29 import javax
.jcr
.Value
;
31 import org
.argeo
.ArgeoException
;
32 import org
.argeo
.jcr
.ArgeoJcrConstants
;
33 import org
.argeo
.jcr
.ArgeoNames
;
34 import org
.argeo
.jcr
.UserJcrUtils
;
35 import org
.argeo
.security
.NodeAuthenticationToken
;
36 import org
.osgi
.framework
.BundleContext
;
37 import org
.springframework
.security
.authentication
.AuthenticationProvider
;
38 import org
.springframework
.security
.authentication
.BadCredentialsException
;
39 import org
.springframework
.security
.core
.Authentication
;
40 import org
.springframework
.security
.core
.AuthenticationException
;
41 import org
.springframework
.security
.core
.GrantedAuthority
;
42 import org
.springframework
.security
.core
.authority
.SimpleGrantedAuthority
;
44 /** Connects to a JCR repository and delegates authentication to it. */
45 public class RemoteJcrAuthenticationProvider
implements AuthenticationProvider
,
47 private RepositoryFactory repositoryFactory
;
48 private BundleContext bundleContext
;
50 public final static String ROLE_REMOTE
= "ROLE_REMOTE";
52 public Authentication
authenticate(Authentication authentication
)
53 throws AuthenticationException
{
54 NodeAuthenticationToken siteAuth
= (NodeAuthenticationToken
) authentication
;
55 String url
= siteAuth
.getUrl();
56 if (url
== null)// TODO? login on own node
57 throw new ArgeoException("No url set in " + siteAuth
);
62 SimpleCredentials sp
= new SimpleCredentials(siteAuth
.getName(),
63 siteAuth
.getCredentials().toString().toCharArray());
65 Repository repository
= new RemoteJcrRepositoryWrapper(
66 repositoryFactory
, url
, sp
);
67 if (bundleContext
!= null) {
68 Dictionary
<String
, String
> serviceProperties
= new Hashtable
<String
, String
>();
69 serviceProperties
.put(ArgeoJcrConstants
.JCR_REPOSITORY_ALIAS
,
70 ArgeoJcrConstants
.ALIAS_NODE
);
72 .put(ArgeoJcrConstants
.JCR_REPOSITORY_URI
, url
);
73 bundleContext
.registerService(Repository
.class.getName(),
74 repository
, serviceProperties
);
76 // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
77 // repositoryFactory, url);
78 // if (repository == null)
79 // throw new ArgeoException("Cannot connect to " + url);
81 session
= repository
.login(sp
, null);
83 userProfile
= UserJcrUtils
.getUserProfile(session
, sp
.getUserID());
84 JcrUserDetails
.checkAccountStatus(userProfile
);
86 // Node userHome = UserJcrUtils.getUserHome(session);
87 // if (userHome == null ||
88 // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
89 // throw new ArgeoException("No profile for user "
90 // + siteAuth.getName() + " in security workspace "
91 // + siteAuth.getSecurityWorkspace() + " of "
92 // + siteAuth.getUrl());
93 // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
94 } catch (RepositoryException e
) {
95 throw new BadCredentialsException(
96 "Cannot authenticate " + siteAuth
, e
);
100 // Node userHome = UserJcrUtils.getUserHome(session);
101 // retrieve remote roles
102 List
<GrantedAuthority
> authoritiesList
= new ArrayList
<GrantedAuthority
>();
103 if (userProfile
!= null
104 && userProfile
.hasProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
)) {
105 Value
[] roles
= userProfile
.getProperty(
106 ArgeoNames
.ARGEO_REMOTE_ROLES
).getValues();
107 for (int i
= 0; i
< roles
.length
; i
++)
108 authoritiesList
.add(new SimpleGrantedAuthority(roles
[i
]
111 authoritiesList
.add(new SimpleGrantedAuthority(ROLE_REMOTE
));
113 // create authenticated objects
114 // GrantedAuthority[] authorities = authoritiesList
115 // .toArray(new GrantedAuthority[authoritiesList.size()]);
116 JcrUserDetails userDetails
= new JcrUserDetails(userProfile
,
117 siteAuth
.getCredentials().toString(), authoritiesList
);
118 NodeAuthenticationToken authenticated
= new NodeAuthenticationToken(
119 siteAuth
, authoritiesList
);
120 authenticated
.setDetails(userDetails
);
121 return authenticated
;
122 } catch (RepositoryException e
) {
123 throw new ArgeoException(
124 "Unexpected exception when authenticating to " + url
, e
);
128 @SuppressWarnings("rawtypes")
129 public boolean supports(Class authentication
) {
130 return NodeAuthenticationToken
.class.isAssignableFrom(authentication
);
133 public void setRepositoryFactory(RepositoryFactory repositoryFactory
) {
134 this.repositoryFactory
= repositoryFactory
;
137 public void setBundleContext(BundleContext bundleContext
) {
138 this.bundleContext
= bundleContext
;