security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrUserDetails.java

   1 /*
   2  * Copyright (C) 2007-2012 Mathieu Baudier
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jcr;
  17
  18 import java.util.ArrayList;
  19 import java.util.List;
  20
  21 import javax.jcr.Node;
  22 import javax.jcr.Property;
  23 import javax.jcr.RepositoryException;
  24 import javax.jcr.Session;
  25
  26 import org.argeo.jcr.ArgeoNames;
  27 import org.argeo.jcr.UserJcrUtils;
  28 import org.springframework.security.BadCredentialsException;
  29 import org.springframework.security.DisabledException;
  30 import org.springframework.security.GrantedAuthority;
  31 import org.springframework.security.GrantedAuthorityImpl;
  32 import org.springframework.security.LockedException;
  33 import org.springframework.security.userdetails.User;
  34
  35 /** User details based on a user profile node. */
  36 public class JcrUserDetails extends User implements ArgeoNames {
  37         private static final long serialVersionUID = -8142764995842559646L;
  38         private final String homePath;
  39         private final String securityWorkspace;
  40
  41         /** Human readable user name */
  42         private String displayName;
  43
  44         protected JcrUserDetails(String securityWorkspace, String homePath,
  45                         String username, String password, boolean enabled,
  46                         boolean accountNonExpired, boolean credentialsNonExpired,
  47                         boolean accountNonLocked, GrantedAuthority[] authorities)
  48                         throws IllegalArgumentException {
  49                 super(username, password, enabled, accountNonExpired,
  50                                 credentialsNonExpired, accountNonLocked, authorities);
  51                 this.homePath = homePath;
  52                 this.securityWorkspace = securityWorkspace;
  53         }
  54
  55         public JcrUserDetails(Node userProfile, String password,
  56                         GrantedAuthority[] authorities) throws RepositoryException {
  57                 super(
  58                                 userProfile.getProperty(ARGEO_USER_ID).getString(),
  59                                 password,
  60                                 userProfile.getProperty(ARGEO_ENABLED).getBoolean(),
  61                                 userProfile.getProperty(ARGEO_ACCOUNT_NON_EXPIRED).getBoolean(),
  62                                 userProfile.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED)
  63                                                 .getBoolean(), userProfile.getProperty(
  64                                                 ARGEO_ACCOUNT_NON_LOCKED).getBoolean(), authorities);
  65                 // human readable name
  66                 if (userProfile.hasProperty(Property.JCR_TITLE)) {
  67                         displayName = userProfile.getProperty(Property.JCR_TITLE)
  68                                         .getString();
  69                         if (displayName.trim().equals(""))
  70                                 displayName = null;
  71                 }
  72                 if (displayName == null)
  73                         displayName = userProfile.getProperty(ARGEO_USER_ID).getString();
  74                 // home is defined as the parent of the profile
  75                 homePath = userProfile.getParent().getPath();
  76                 securityWorkspace = userProfile.getSession().getWorkspace().getName();
  77         }
  78
  79         /**
  80          * Convenience constructor
  81          *
  82          * @param session
  83          *            the security session
  84          * @param username
  85          *            the username
  86          * @param password
  87          *            the password, can be null
  88          * @param authorities
  89          *            the granted authorities
  90          */
  91         public JcrUserDetails(Session session, String username, String password,
  92                         GrantedAuthority[] authorities) throws RepositoryException {
  93                 this(UserJcrUtils.getUserProfile(session, username),
  94                                 password != null ? password : "", authorities);
  95         }
  96
  97         /**
  98          * Check the account status in JCR, throwing the exceptions expected by
  99          * Spring security if needed.
 100          */
 101         public static void checkAccountStatus(Node userProfile) {
 102                 try {
 103                         if (!userProfile.getProperty(ARGEO_ENABLED).getBoolean())
 104                                 throw new DisabledException(userProfile.getPath()
 105                                                 + " is disabled");
 106                         if (!userProfile.getProperty(ARGEO_ACCOUNT_NON_LOCKED).getBoolean())
 107                                 throw new LockedException(userProfile.getPath() + " is locked");
 108                 } catch (RepositoryException e) {
 109                         throw new BadCredentialsException("Cannot check account status", e);
 110                 }
 111         }
 112
 113         /** Clone immutable with new roles */
 114         public JcrUserDetails cloneWithNewRoles(List<String> roles) {
 115                 List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
 116                 for (String role : roles) {
 117                         authorities.add(new GrantedAuthorityImpl(role));
 118                 }
 119                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 120                                 getPassword(), isEnabled(), isAccountNonExpired(),
 121                                 isAccountNonExpired(), isAccountNonLocked(),
 122                                 authorities.toArray(new GrantedAuthority[authorities.size()]));
 123         }
 124
 125         /** Clone immutable with new password */
 126         public JcrUserDetails cloneWithNewPassword(String password) {
 127                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 128                                 password, isEnabled(), isAccountNonExpired(),
 129                                 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
 130         }
 131
 132         public String getHomePath() {
 133                 return homePath;
 134         }
 135
 136         /** Not yet API */
 137         public String getSecurityWorkspace() {
 138                 return securityWorkspace;
 139         }
 140
 141         /** The human readable name of this user */
 142         public String getDisplayName() {
 143                 return displayName;
 144         }
 145
 146         @Override
 147         public String toString() {
 148                 return getDisplayName();
 149         }
 150
 151 }