]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change system username from 'system' to 'admin'
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / OsJcrAuthenticationProvider.java
1 /*
2 * Copyright (C) 2007-2012 Mathieu Baudier
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.security.jcr;
17
18 import javax.jcr.Node;
19 import javax.jcr.Repository;
20 import javax.jcr.RepositoryException;
21 import javax.jcr.Session;
22
23 import org.argeo.ArgeoException;
24 import org.argeo.jcr.JcrUtils;
25 import org.argeo.security.OsAuthenticationToken;
26 import org.argeo.security.SecurityUtils;
27 import org.argeo.security.core.OsAuthenticationProvider;
28 import org.springframework.security.Authentication;
29 import org.springframework.security.AuthenticationException;
30 import org.springframework.security.BadCredentialsException;
31 import org.springframework.security.GrantedAuthority;
32 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
33 import org.springframework.security.userdetails.UserDetails;
34
35 /** Relies on OS to authenticate and additionally setup JCR */
36 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
37 private Repository repository;
38 private Session nodeSession;
39
40 private UserDetails userDetails;
41 private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
42
43 private final static String JVM_OSUSER = System.getProperty("user.name");
44
45 public void init() {
46 try {
47 nodeSession = repository.login();
48 } catch (RepositoryException e) {
49 throw new ArgeoException("Cannot initialize", e);
50 }
51 }
52
53 public void destroy() {
54 JcrUtils.logoutQuietly(nodeSession);
55 }
56
57 public Authentication authenticate(Authentication authentication)
58 throws AuthenticationException {
59 if (authentication instanceof UsernamePasswordAuthenticationToken) {
60 // deal with remote access to internal server
61 // FIXME very primitive and unsecure at this sSession adminSession =tage
62 // consider using the keyring for username / password authentication
63 // or certificate
64 UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
65 if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
66 throw new BadCredentialsException("Wrong credentials");
67 UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
68 authentication.getPrincipal(),
69 authentication.getCredentials(), getBaseAuthorities());
70 authen.setDetails(userDetails);
71 return authen;
72 } else if (authentication instanceof OsAuthenticationToken) {
73 OsAuthenticationToken authen = (OsAuthenticationToken) super
74 .authenticate(authentication);
75 try {
76 // WARNING: at this stage we assume that the java properties
77 // will have the same value
78 GrantedAuthority[] authorities = getBaseAuthorities();
79 String username = JVM_OSUSER;
80 Node userProfile = jcrSecurityModel.sync(nodeSession, username,
81 SecurityUtils.authoritiesToStringList(authorities));
82 JcrUserDetails.checkAccountStatus(userProfile);
83
84 userDetails = new JcrUserDetails(userProfile, authen
85 .getCredentials().toString(), authorities);
86 authen.setDetails(userDetails);
87 return authen;
88 } catch (RepositoryException e) {
89 JcrUtils.discardQuietly(nodeSession);
90 throw new ArgeoException(
91 "Unexpected exception when synchronizing OS and JCR security ",
92 e);
93 } finally {
94 JcrUtils.logoutQuietly(nodeSession);
95 }
96 } else {
97 throw new ArgeoException("Unsupported authentication "
98 + authentication.getClass());
99 }
100 }
101
102 public void setRepository(Repository repository) {
103 this.repository = repository;
104 }
105
106 public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
107 this.jcrSecurityModel = jcrSecurityModel;
108 }
109
110 @SuppressWarnings("rawtypes")
111 public boolean supports(Class authentication) {
112 return OsAuthenticationToken.class.isAssignableFrom(authentication)
113 || UsernamePasswordAuthenticationToken.class
114 .isAssignableFrom(authentication);
115 }
116 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi