security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jcr;
  17
  18 import javax.jcr.Node;
  19 import javax.jcr.Repository;
  20 import javax.jcr.RepositoryException;
  21 import javax.jcr.Session;
  22
  23 import org.argeo.ArgeoException;
  24 import org.argeo.jcr.JcrUtils;
  25 import org.argeo.security.OsAuthenticationToken;
  26 import org.argeo.security.SecurityUtils;
  27 import org.argeo.security.core.OsAuthenticationProvider;
  28 import org.springframework.security.Authentication;
  29 import org.springframework.security.AuthenticationException;
  30 import org.springframework.security.BadCredentialsException;
  31 import org.springframework.security.GrantedAuthority;
  32 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
  33 import org.springframework.security.userdetails.UserDetails;
  34
  35 /** Relies on OS to authenticate and additionally setup JCR */
  36 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
  37         private Repository repository;
  38         private Session nodeSession;
  39
  40         private UserDetails userDetails;
  41         private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
  42
  43         private final static String JVM_OSUSER = System.getProperty("user.name");
  44
  45         public void init() {
  46                 try {
  47                         nodeSession = repository.login();
  48                 } catch (RepositoryException e) {
  49                         throw new ArgeoException("Cannot initialize", e);
  50                 }
  51         }
  52
  53         public void destroy() {
  54                 JcrUtils.logoutQuietly(nodeSession);
  55         }
  56
  57         public Authentication authenticate(Authentication authentication)
  58                         throws AuthenticationException {
  59                 if (authentication instanceof UsernamePasswordAuthenticationToken) {
  60                         // deal with remote access to internal server
  61                         // FIXME very primitive and unsecure at this sSession adminSession
  62                         // =tage
  63                         // consider using the keyring for username / password authentication
  64                         // or certificate
  65                         UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
  66                         if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
  67                                 throw new BadCredentialsException("Wrong credentials");
  68                         UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
  69                                         authentication.getPrincipal(),
  70                                         authentication.getCredentials(), getBaseAuthorities());
  71                         authen.setDetails(userDetails);
  72                         return authen;
  73                 } else if (authentication instanceof OsAuthenticationToken) {
  74                         OsAuthenticationToken authen = (OsAuthenticationToken) super
  75                                         .authenticate(authentication);
  76                         try {
  77                                 // WARNING: at this stage we assume that the java properties
  78                                 // will have the same value
  79                                 GrantedAuthority[] authorities = getBaseAuthorities();
  80                                 String username = JVM_OSUSER;
  81                                 Node userProfile = jcrSecurityModel.sync(nodeSession, username,
  82                                                 SecurityUtils.authoritiesToStringList(authorities));
  83                                 JcrUserDetails.checkAccountStatus(userProfile);
  84
  85                                 userDetails = new JcrUserDetails(userProfile, authen
  86                                                 .getCredentials().toString(), authorities);
  87                                 authen.setDetails(userDetails);
  88                                 return authen;
  89                         } catch (RepositoryException e) {
  90                                 JcrUtils.discardQuietly(nodeSession);
  91                                 throw new ArgeoException(
  92                                                 "Unexpected exception when synchronizing OS and JCR security ",
  93                                                 e);
  94                         }
  95                 } else {
  96                         throw new ArgeoException("Unsupported authentication "
  97                                         + authentication.getClass());
  98                 }
  99         }
 100
 101         public void setRepository(Repository repository) {
 102                 this.repository = repository;
 103         }
 104
 105         public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
 106                 this.jcrSecurityModel = jcrSecurityModel;
 107         }
 108
 109         @SuppressWarnings("rawtypes")
 110         public boolean supports(Class authentication) {
 111                 return OsAuthenticationToken.class.isAssignableFrom(authentication)
 112                                 || UsernamePasswordAuthenticationToken.class
 113                                                 .isAssignableFrom(authentication);
 114         }
 115 }