security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java

   1 /*
   2  * Copyright (C) 2007-2012 Mathieu Baudier
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jcr;
  17
  18 import java.util.ArrayList;
  19 import java.util.List;
  20 import java.util.Properties;
  21
  22 import javax.jcr.Node;
  23 import javax.jcr.Repository;
  24 import javax.jcr.RepositoryException;
  25 import javax.jcr.RepositoryFactory;
  26 import javax.jcr.Session;
  27 import javax.jcr.SimpleCredentials;
  28 import javax.jcr.Value;
  29
  30 import org.argeo.ArgeoException;
  31 import org.argeo.jcr.ArgeoJcrConstants;
  32 import org.argeo.jcr.ArgeoNames;
  33 import org.argeo.jcr.UserJcrUtils;
  34 import org.argeo.security.NodeAuthenticationToken;
  35 import org.osgi.framework.BundleContext;
  36 import org.springframework.security.Authentication;
  37 import org.springframework.security.AuthenticationException;
  38 import org.springframework.security.BadCredentialsException;
  39 import org.springframework.security.GrantedAuthority;
  40 import org.springframework.security.GrantedAuthorityImpl;
  41 import org.springframework.security.providers.AuthenticationProvider;
  42
  43 /** Connects to a JCR repository and delegates authentication to it. */
  44 public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
  45                 ArgeoNames {
  46         private RepositoryFactory repositoryFactory;
  47         private BundleContext bundleContext;
  48
  49         public Authentication authenticate(Authentication authentication)
  50                         throws AuthenticationException {
  51                 NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
  52                 String url = siteAuth.getUrl();
  53                 if (url == null)// TODO? login on own node
  54                         throw new ArgeoException("No url set in " + siteAuth);
  55                 Session session;
  56
  57                 Node userProfile;
  58                 try {
  59                         SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
  60                                         siteAuth.getCredentials().toString().toCharArray());
  61                         // get repository
  62                         Repository repository = new RemoteJcrRepositoryWrapper(
  63                                         repositoryFactory, url, sp);
  64                         if (bundleContext != null) {
  65                                 Properties serviceProperties = new Properties();
  66                                 serviceProperties.setProperty(
  67                                                 ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
  68                                                 ArgeoJcrConstants.ALIAS_NODE);
  69                                 serviceProperties.setProperty(
  70                                                 ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
  71                                 bundleContext.registerService(Repository.class.getName(),
  72                                                 repository, serviceProperties);
  73                         }
  74                         // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
  75                         // repositoryFactory, url);
  76                         // if (repository == null)
  77                         // throw new ArgeoException("Cannot connect to " + url);
  78
  79                         session = repository.login(sp, null);
  80
  81                         userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
  82                         JcrUserDetails.checkAccountStatus(userProfile);
  83
  84                         // Node userHome = UserJcrUtils.getUserHome(session);
  85                         // if (userHome == null ||
  86                         // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
  87                         // throw new ArgeoException("No profile for user "
  88                         // + siteAuth.getName() + " in security workspace "
  89                         // + siteAuth.getSecurityWorkspace() + " of "
  90                         // + siteAuth.getUrl());
  91                         // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
  92                 } catch (RepositoryException e) {
  93                         throw new BadCredentialsException(
  94                                         "Cannot authenticate " + siteAuth, e);
  95                 }
  96
  97                 try {
  98                         Node userHome = UserJcrUtils.getUserHome(session);
  99                         // retrieve remote roles
 100                         List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
 101                         if (userHome != null
 102                                         && userHome.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
 103                                 Value[] roles = userHome.getProperty(
 104                                                 ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
 105                                 for (int i = 0; i < roles.length; i++)
 106                                         authoritiesList.add(new GrantedAuthorityImpl(roles[i]
 107                                                         .getString()));
 108                         }
 109
 110                         // create authenticated objects
 111                         GrantedAuthority[] authorities = authoritiesList
 112                                         .toArray(new GrantedAuthority[authoritiesList.size()]);
 113                         JcrUserDetails userDetails = new JcrUserDetails(userProfile,
 114                                         siteAuth.getCredentials().toString(), authorities);
 115                         NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
 116                                         siteAuth, authorities);
 117                         authenticated.setDetails(userDetails);
 118                         return authenticated;
 119                 } catch (RepositoryException e) {
 120                         throw new ArgeoException(
 121                                         "Unexpected exception when authenticating to " + url, e);
 122                 }
 123         }
 124
 125         @SuppressWarnings("rawtypes")
 126         public boolean supports(Class authentication) {
 127                 return NodeAuthenticationToken.class.isAssignableFrom(authentication);
 128         }
 129
 130         public void setRepositoryFactory(RepositoryFactory repositoryFactory) {
 131                 this.repositoryFactory = repositoryFactory;
 132         }
 133
 134         public void setBundleContext(BundleContext bundleContext) {
 135                 this.bundleContext = bundleContext;
 136         }
 137
 138 }