]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improve properties
[lgpl/argeo-commons.git] / org.argeo.security.jackrabbit / src / org / argeo / security / jackrabbit / ArgeoSecurityManager.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.security.jackrabbit;
17
18 import java.security.Principal;
19 import java.util.Set;
20
21 import javax.jcr.RepositoryException;
22 import javax.jcr.Session;
23 import javax.security.auth.Subject;
24 import javax.security.auth.x500.X500Principal;
25
26 import org.apache.jackrabbit.api.security.user.UserManager;
27 import org.apache.jackrabbit.core.DefaultSecurityManager;
28 import org.apache.jackrabbit.core.security.AMContext;
29 import org.apache.jackrabbit.core.security.AccessManager;
30 import org.apache.jackrabbit.core.security.SecurityConstants;
31 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
32
33 /** Integrates Spring Security and Jackrabbit Security users and roles. */
34 public class ArgeoSecurityManager extends DefaultSecurityManager {
35 @Override
36 public AccessManager getAccessManager(Session session, AMContext amContext)
37 throws RepositoryException {
38 synchronized (getSystemSession()) {
39 return super.getAccessManager(session, amContext);
40 }
41 }
42
43 @Override
44 public UserManager getUserManager(Session session)
45 throws RepositoryException {
46 synchronized (getSystemSession()) {
47 return super.getUserManager(session);
48 }
49 }
50
51 /**
52 * Since this is called once when the session is created, we take the
53 * opportunity to make sure that Jackrabbit users and groups reflect Spring
54 * Security name and authorities.
55 */
56 @Override
57 public String getUserID(Subject subject, String workspaceName)
58 throws RepositoryException {
59 Set<X500Principal> userPrincipal = subject
60 .getPrincipals(X500Principal.class);
61 if (userPrincipal.isEmpty())
62 return super.getUserID(subject, workspaceName);
63 if (userPrincipal.size() > 1)
64 throw new RuntimeException("Multiple user principals "
65 + userPrincipal);
66 return userPrincipal.iterator().next().getName();
67 // Authentication authentication = SecurityContextHolder.getContext()
68 // .getAuthentication();
69 // if (authentication != null)
70 // return authentication.getName();
71 // else
72 // return super.getUserID(subject, workspaceName);
73 }
74
75 @Override
76 protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
77 WorkspaceAccessManager wam = super
78 .createDefaultWorkspaceAccessManager();
79 return new ArgeoWorkspaceAccessManagerImpl(wam);
80 }
81
82 private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
83 WorkspaceAccessManager {
84 private final WorkspaceAccessManager wam;
85
86 public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
87 super();
88 this.wam = wam;
89 }
90
91 public void init(Session systemSession) throws RepositoryException {
92 wam.init(systemSession);
93 }
94
95 public void close() throws RepositoryException {
96 }
97
98 public boolean grants(Set<Principal> principals, String workspaceName)
99 throws RepositoryException {
100 // TODO: implements finer access to workspaces
101 return true;
102 }
103 }
104
105 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi