2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jcr
;
18 import java
.util
.ArrayList
;
19 import java
.util
.List
;
21 import javax
.jcr
.Node
;
22 import javax
.jcr
.Property
;
23 import javax
.jcr
.RepositoryException
;
24 import javax
.jcr
.Session
;
26 import org
.argeo
.jcr
.ArgeoNames
;
27 import org
.argeo
.jcr
.UserJcrUtils
;
28 import org
.springframework
.security
.BadCredentialsException
;
29 import org
.springframework
.security
.DisabledException
;
30 import org
.springframework
.security
.GrantedAuthority
;
31 import org
.springframework
.security
.GrantedAuthorityImpl
;
32 import org
.springframework
.security
.LockedException
;
33 import org
.springframework
.security
.userdetails
.User
;
35 /** User details based on a user profile node. */
36 public class JcrUserDetails
extends User
implements ArgeoNames
{
37 private static final long serialVersionUID
= -8142764995842559646L;
38 private final String homePath
;
39 private final String securityWorkspace
;
41 /** Human readable user name */
42 private String displayName
;
44 protected JcrUserDetails(String securityWorkspace
, String homePath
,
45 String username
, String password
, boolean enabled
,
46 boolean accountNonExpired
, boolean credentialsNonExpired
,
47 boolean accountNonLocked
, GrantedAuthority
[] authorities
)
48 throws IllegalArgumentException
{
49 super(username
, password
, enabled
, accountNonExpired
,
50 credentialsNonExpired
, accountNonLocked
, authorities
);
51 this.homePath
= homePath
;
52 this.securityWorkspace
= securityWorkspace
;
55 public JcrUserDetails(Node userProfile
, String password
,
56 GrantedAuthority
[] authorities
) throws RepositoryException
{
58 userProfile
.getProperty(ARGEO_USER_ID
).getString(),
60 userProfile
.getProperty(ARGEO_ENABLED
).getBoolean(),
61 userProfile
.getProperty(ARGEO_ACCOUNT_NON_EXPIRED
).getBoolean(),
62 userProfile
.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED
)
63 .getBoolean(), userProfile
.getProperty(
64 ARGEO_ACCOUNT_NON_LOCKED
).getBoolean(), authorities
);
65 // human readable name
66 if (userProfile
.hasProperty(Property
.JCR_TITLE
)) {
67 displayName
= userProfile
.getProperty(Property
.JCR_TITLE
)
69 if (displayName
.trim().equals(""))
72 if (displayName
== null)
73 displayName
= userProfile
.getProperty(ARGEO_USER_ID
).getString();
74 // home is defined as the parent of the profile
75 homePath
= userProfile
.getParent().getPath();
76 securityWorkspace
= userProfile
.getSession().getWorkspace().getName();
80 * Convenience constructor
83 * the security session
87 * the password, can be null
89 * the granted authorities
91 public JcrUserDetails(Session session
, String username
, String password
,
92 GrantedAuthority
[] authorities
) throws RepositoryException
{
93 this(UserJcrUtils
.getUserProfile(session
, username
),
94 password
!= null ? password
: "", authorities
);
98 * Check the account status in JCR, throwing the exceptions expected by
99 * Spring security if needed.
101 public static void checkAccountStatus(Node userProfile
) {
103 if (!userProfile
.getProperty(ARGEO_ENABLED
).getBoolean())
104 throw new DisabledException(userProfile
.getPath()
106 if (!userProfile
.getProperty(ARGEO_ACCOUNT_NON_LOCKED
).getBoolean())
107 throw new LockedException(userProfile
.getPath() + " is locked");
108 } catch (RepositoryException e
) {
109 throw new BadCredentialsException("Cannot check account status", e
);
113 /** Clone immutable with new roles */
114 public JcrUserDetails
cloneWithNewRoles(List
<String
> roles
) {
115 List
<GrantedAuthority
> authorities
= new ArrayList
<GrantedAuthority
>();
116 for (String role
: roles
) {
117 authorities
.add(new GrantedAuthorityImpl(role
));
119 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
120 getPassword(), isEnabled(), isAccountNonExpired(),
121 isAccountNonExpired(), isAccountNonLocked(),
122 authorities
.toArray(new GrantedAuthority
[authorities
.size()]));
125 /** Clone immutable with new password */
126 public JcrUserDetails
cloneWithNewPassword(String password
) {
127 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
128 password
, isEnabled(), isAccountNonExpired(),
129 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
132 public String
getHomePath() {
137 public String
getSecurityWorkspace() {
138 return securityWorkspace
;
141 /** The human readable name of this user */
142 public String
getDisplayName() {
147 public String
toString() {
148 return getDisplayName();