1 package org
.argeo
.security
.jcr
;
3 import java
.util
.ArrayList
;
4 import java
.util
.HashMap
;
8 import javax
.jcr
.Credentials
;
10 import javax
.jcr
.Repository
;
11 import javax
.jcr
.RepositoryException
;
12 import javax
.jcr
.RepositoryFactory
;
13 import javax
.jcr
.Session
;
14 import javax
.jcr
.SimpleCredentials
;
15 import javax
.jcr
.Value
;
17 import org
.argeo
.ArgeoException
;
18 import org
.argeo
.jcr
.ArgeoJcrConstants
;
19 import org
.argeo
.jcr
.ArgeoNames
;
20 import org
.argeo
.jcr
.JcrUtils
;
21 import org
.argeo
.security
.SiteAuthenticationToken
;
22 import org
.springframework
.security
.Authentication
;
23 import org
.springframework
.security
.AuthenticationException
;
24 import org
.springframework
.security
.GrantedAuthority
;
25 import org
.springframework
.security
.GrantedAuthorityImpl
;
26 import org
.springframework
.security
.providers
.AuthenticationProvider
;
27 import org
.springframework
.security
.userdetails
.UserDetails
;
29 /** Connects to a JCR repository and delegates authentication to it. */
30 public class JcrAuthenticationProvider
implements AuthenticationProvider
{
31 public final static String ROLE_REMOTE_JCR_AUTHENTICATED
= "ROLE_REMOTE_JCR_AUTHENTICATED";
33 private RepositoryFactory repositoryFactory
;
35 public Authentication
authenticate(Authentication authentication
)
36 throws AuthenticationException
{
37 if (!(authentication
instanceof SiteAuthenticationToken
))
39 SiteAuthenticationToken siteAuth
= (SiteAuthenticationToken
) authentication
;
40 String url
= siteAuth
.getUrl();
45 SimpleCredentials sp
= new SimpleCredentials(siteAuth
.getName(),
46 siteAuth
.getCredentials().toString().toCharArray());
48 Repository repository
= getRepository(url
, sp
);
49 if (repository
== null)
52 String workspace
= siteAuth
.getWorkspace();
54 if (workspace
== null || workspace
.trim().equals(""))
55 session
= repository
.login(sp
);
57 session
= repository
.login(sp
, workspace
);
59 Node userHome
= JcrUtils
.getUserHome(session
);
61 // retrieve remote roles
62 Node userProfile
= JcrUtils
.getUserProfile(session
);
63 List
<GrantedAuthority
> authorities
= new ArrayList
<GrantedAuthority
>();
64 if (userProfile
.hasProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
)) {
65 Value
[] roles
= userProfile
.getProperty(
66 ArgeoNames
.ARGEO_REMOTE_ROLES
).getValues();
67 for (int i
= 0; i
< roles
.length
; i
++)
68 authorities
.add(new GrantedAuthorityImpl(roles
[i
]
71 JcrAuthenticationToken authen
= new JcrAuthenticationToken(
72 siteAuth
.getPrincipal(),
73 siteAuth
.getCredentials(),
74 authorities
.toArray(new GrantedAuthority
[authorities
.size()]),
76 authen
.setDetails(getUserDetails(userHome
, authen
));
79 } catch (RepositoryException e
) {
80 throw new ArgeoException(
81 "Unexpected exception when authenticating to " + url
, e
);
85 protected Repository
getRepository(String url
, Credentials credentials
)
86 throws RepositoryException
{
87 Map
<String
, String
> parameters
= new HashMap
<String
, String
>();
88 parameters
.put(ArgeoJcrConstants
.JCR_REPOSITORY_URI
, url
);
89 return repositoryFactory
.getRepository(parameters
);
93 * By default, assigns only the role {@value #ROLE_REMOTE_JCR_AUTHENTICATED}
94 * . Should typically be overridden in order to assign more relevant roles.
96 protected GrantedAuthority
[] getGrantedAuthorities(Session session
) {
97 return new GrantedAuthority
[] { new GrantedAuthorityImpl(
98 ROLE_REMOTE_JCR_AUTHENTICATED
) };
101 /** Builds user details based on the authentication and the user home. */
102 protected UserDetails
getUserDetails(Node userHome
, Authentication authen
) {
104 // TODO: loads enabled, locked, etc. from the home node.
105 return new JcrUserDetails(userHome
.getPath(), authen
.getPrincipal()
106 .toString(), authen
.getCredentials().toString(),
107 isEnabled(userHome
), true, true, true,
108 authen
.getAuthorities());
109 } catch (Exception e
) {
110 throw new ArgeoException("Cannot get user details for " + userHome
,
115 protected Boolean
isEnabled(Node userHome
) {
119 @SuppressWarnings("rawtypes")
120 public boolean supports(Class authentication
) {
121 return SiteAuthenticationToken
.class.isAssignableFrom(authentication
);
124 public void register(RepositoryFactory repositoryFactory
,
125 Map
<String
, String
> parameters
) {
126 this.repositoryFactory
= repositoryFactory
;
129 public void unregister(RepositoryFactory repositoryFactory
,
130 Map
<String
, String
> parameters
) {
131 this.repositoryFactory
= null;