2 * Copyright (C) 2007-2012 Mathieu Baudier
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jcr
;
18 import javax
.jcr
.Node
;
19 import javax
.jcr
.Repository
;
20 import javax
.jcr
.RepositoryException
;
21 import javax
.jcr
.Session
;
23 import org
.argeo
.ArgeoException
;
24 import org
.argeo
.jcr
.JcrUtils
;
25 import org
.argeo
.security
.OsAuthenticationToken
;
26 import org
.argeo
.security
.SecurityUtils
;
27 import org
.argeo
.security
.core
.OsAuthenticationProvider
;
28 import org
.springframework
.security
.Authentication
;
29 import org
.springframework
.security
.AuthenticationException
;
30 import org
.springframework
.security
.BadCredentialsException
;
31 import org
.springframework
.security
.GrantedAuthority
;
32 import org
.springframework
.security
.providers
.UsernamePasswordAuthenticationToken
;
33 import org
.springframework
.security
.userdetails
.UserDetails
;
35 /** Relies on OS to authenticate and additionally setup JCR */
36 public class OsJcrAuthenticationProvider
extends OsAuthenticationProvider
{
37 private Repository repository
;
38 private Session nodeSession
;
40 private UserDetails userDetails
;
41 private JcrSecurityModel jcrSecurityModel
= new SimpleJcrSecurityModel();
43 private final static String JVM_OSUSER
= System
.getProperty("user.name");
47 nodeSession
= repository
.login();
48 } catch (RepositoryException e
) {
49 throw new ArgeoException("Cannot initialize", e
);
53 public void destroy() {
54 JcrUtils
.logoutQuietly(nodeSession
);
57 public Authentication
authenticate(Authentication authentication
)
58 throws AuthenticationException
{
59 if (authentication
instanceof UsernamePasswordAuthenticationToken
) {
60 // deal with remote access to internal server
61 // FIXME very primitive and unsecure at this sSession adminSession =tage
62 // consider using the keyring for username / password authentication
64 UsernamePasswordAuthenticationToken upat
= (UsernamePasswordAuthenticationToken
) authentication
;
65 if (!upat
.getPrincipal().toString().equals(JVM_OSUSER
))
66 throw new BadCredentialsException("Wrong credentials");
67 UsernamePasswordAuthenticationToken authen
= new UsernamePasswordAuthenticationToken(
68 authentication
.getPrincipal(),
69 authentication
.getCredentials(), getBaseAuthorities());
70 authen
.setDetails(userDetails
);
72 } else if (authentication
instanceof OsAuthenticationToken
) {
73 OsAuthenticationToken authen
= (OsAuthenticationToken
) super
74 .authenticate(authentication
);
76 // WARNING: at this stage we assume that the java properties
77 // will have the same value
78 GrantedAuthority
[] authorities
= getBaseAuthorities();
79 String username
= JVM_OSUSER
;
80 Node userProfile
= jcrSecurityModel
.sync(nodeSession
, username
,
81 SecurityUtils
.authoritiesToStringList(authorities
));
82 JcrUserDetails
.checkAccountStatus(userProfile
);
84 userDetails
= new JcrUserDetails(userProfile
, authen
85 .getCredentials().toString(), authorities
);
86 authen
.setDetails(userDetails
);
88 } catch (RepositoryException e
) {
89 JcrUtils
.discardQuietly(nodeSession
);
90 throw new ArgeoException(
91 "Unexpected exception when synchronizing OS and JCR security ",
94 JcrUtils
.logoutQuietly(nodeSession
);
97 throw new ArgeoException("Unsupported authentication "
98 + authentication
.getClass());
102 public void setRepository(Repository repository
) {
103 this.repository
= repository
;
106 public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel
) {
107 this.jcrSecurityModel
= jcrSecurityModel
;
110 @SuppressWarnings("rawtypes")
111 public boolean supports(Class authentication
) {
112 return OsAuthenticationToken
.class.isAssignableFrom(authentication
)
113 || UsernamePasswordAuthenticationToken
.class
114 .isAssignableFrom(authentication
);