2 * Copyright (C) 2007-2012 Mathieu Baudier
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jcr
;
18 import java
.util
.ArrayList
;
19 import java
.util
.List
;
20 import java
.util
.Properties
;
22 import javax
.jcr
.Node
;
23 import javax
.jcr
.Repository
;
24 import javax
.jcr
.RepositoryException
;
25 import javax
.jcr
.RepositoryFactory
;
26 import javax
.jcr
.Session
;
27 import javax
.jcr
.SimpleCredentials
;
28 import javax
.jcr
.Value
;
30 import org
.argeo
.ArgeoException
;
31 import org
.argeo
.jcr
.ArgeoJcrConstants
;
32 import org
.argeo
.jcr
.ArgeoNames
;
33 import org
.argeo
.jcr
.UserJcrUtils
;
34 import org
.argeo
.security
.NodeAuthenticationToken
;
35 import org
.osgi
.framework
.BundleContext
;
36 import org
.springframework
.security
.Authentication
;
37 import org
.springframework
.security
.AuthenticationException
;
38 import org
.springframework
.security
.BadCredentialsException
;
39 import org
.springframework
.security
.GrantedAuthority
;
40 import org
.springframework
.security
.GrantedAuthorityImpl
;
41 import org
.springframework
.security
.providers
.AuthenticationProvider
;
43 /** Connects to a JCR repository and delegates authentication to it. */
44 public class RemoteJcrAuthenticationProvider
implements AuthenticationProvider
,
46 private RepositoryFactory repositoryFactory
;
47 private BundleContext bundleContext
;
49 public Authentication
authenticate(Authentication authentication
)
50 throws AuthenticationException
{
51 NodeAuthenticationToken siteAuth
= (NodeAuthenticationToken
) authentication
;
52 String url
= siteAuth
.getUrl();
53 if (url
== null)// TODO? login on own node
54 throw new ArgeoException("No url set in " + siteAuth
);
59 SimpleCredentials sp
= new SimpleCredentials(siteAuth
.getName(),
60 siteAuth
.getCredentials().toString().toCharArray());
62 Repository repository
= new RemoteJcrRepositoryWrapper(
63 repositoryFactory
, url
, sp
);
64 if (bundleContext
!= null) {
65 Properties serviceProperties
= new Properties();
66 serviceProperties
.setProperty(
67 ArgeoJcrConstants
.JCR_REPOSITORY_ALIAS
,
68 ArgeoJcrConstants
.ALIAS_NODE
);
69 serviceProperties
.setProperty(
70 ArgeoJcrConstants
.JCR_REPOSITORY_URI
, url
);
71 bundleContext
.registerService(Repository
.class.getName(),
72 repository
, serviceProperties
);
74 // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
75 // repositoryFactory, url);
76 // if (repository == null)
77 // throw new ArgeoException("Cannot connect to " + url);
79 session
= repository
.login(sp
, null);
81 userProfile
= UserJcrUtils
.getUserProfile(session
, sp
.getUserID());
82 JcrUserDetails
.checkAccountStatus(userProfile
);
84 // Node userHome = UserJcrUtils.getUserHome(session);
85 // if (userHome == null ||
86 // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
87 // throw new ArgeoException("No profile for user "
88 // + siteAuth.getName() + " in security workspace "
89 // + siteAuth.getSecurityWorkspace() + " of "
90 // + siteAuth.getUrl());
91 // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
92 } catch (RepositoryException e
) {
93 throw new BadCredentialsException(
94 "Cannot authenticate " + siteAuth
, e
);
98 Node userHome
= UserJcrUtils
.getUserHome(session
);
99 // retrieve remote roles
100 List
<GrantedAuthority
> authoritiesList
= new ArrayList
<GrantedAuthority
>();
102 && userHome
.hasProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
)) {
103 Value
[] roles
= userHome
.getProperty(
104 ArgeoNames
.ARGEO_REMOTE_ROLES
).getValues();
105 for (int i
= 0; i
< roles
.length
; i
++)
106 authoritiesList
.add(new GrantedAuthorityImpl(roles
[i
]
110 // create authenticated objects
111 GrantedAuthority
[] authorities
= authoritiesList
112 .toArray(new GrantedAuthority
[authoritiesList
.size()]);
113 JcrUserDetails userDetails
= new JcrUserDetails(userProfile
,
114 siteAuth
.getCredentials().toString(), authorities
);
115 NodeAuthenticationToken authenticated
= new NodeAuthenticationToken(
116 siteAuth
, authorities
);
117 authenticated
.setDetails(userDetails
);
118 return authenticated
;
119 } catch (RepositoryException e
) {
120 throw new ArgeoException(
121 "Unexpected exception when authenticating to " + url
, e
);
125 @SuppressWarnings("rawtypes")
126 public boolean supports(Class authentication
) {
127 return NodeAuthenticationToken
.class.isAssignableFrom(authentication
);
130 public void setRepositoryFactory(RepositoryFactory repositoryFactory
) {
131 this.repositoryFactory
= repositoryFactory
;
134 public void setBundleContext(BundleContext bundleContext
) {
135 this.bundleContext
= bundleContext
;