]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge https://www.argeo.org/bugzilla/show_bug.cgi?id=141
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / RemoteJcrAuthenticationProvider.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.security.jcr;
17
18 import java.util.ArrayList;
19 import java.util.List;
20 import java.util.Properties;
21
22 import javax.jcr.Node;
23 import javax.jcr.Repository;
24 import javax.jcr.RepositoryException;
25 import javax.jcr.RepositoryFactory;
26 import javax.jcr.Session;
27 import javax.jcr.SimpleCredentials;
28 import javax.jcr.Value;
29
30 import org.argeo.ArgeoException;
31 import org.argeo.jcr.ArgeoJcrConstants;
32 import org.argeo.jcr.ArgeoNames;
33 import org.argeo.jcr.UserJcrUtils;
34 import org.argeo.security.NodeAuthenticationToken;
35 import org.osgi.framework.BundleContext;
36 import org.springframework.security.Authentication;
37 import org.springframework.security.AuthenticationException;
38 import org.springframework.security.BadCredentialsException;
39 import org.springframework.security.GrantedAuthority;
40 import org.springframework.security.GrantedAuthorityImpl;
41 import org.springframework.security.providers.AuthenticationProvider;
42
43 /** Connects to a JCR repository and delegates authentication to it. */
44 public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
45 ArgeoNames {
46 private RepositoryFactory repositoryFactory;
47 private BundleContext bundleContext;
48
49 public final static String ROLE_REMOTE = "ROLE_REMOTE";
50
51 public Authentication authenticate(Authentication authentication)
52 throws AuthenticationException {
53 NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
54 String url = siteAuth.getUrl();
55 if (url == null)// TODO? login on own node
56 throw new ArgeoException("No url set in " + siteAuth);
57 Session session;
58
59 Node userProfile;
60 try {
61 SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
62 siteAuth.getCredentials().toString().toCharArray());
63 // get repository
64 Repository repository = new RemoteJcrRepositoryWrapper(
65 repositoryFactory, url, sp);
66 if (bundleContext != null) {
67 Properties serviceProperties = new Properties();
68 serviceProperties.setProperty(
69 ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
70 ArgeoJcrConstants.ALIAS_NODE);
71 serviceProperties.setProperty(
72 ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
73 bundleContext.registerService(Repository.class.getName(),
74 repository, serviceProperties);
75 }
76 // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
77 // repositoryFactory, url);
78 // if (repository == null)
79 // throw new ArgeoException("Cannot connect to " + url);
80
81 session = repository.login(sp, null);
82
83 userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
84 JcrUserDetails.checkAccountStatus(userProfile);
85
86 // Node userHome = UserJcrUtils.getUserHome(session);
87 // if (userHome == null ||
88 // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
89 // throw new ArgeoException("No profile for user "
90 // + siteAuth.getName() + " in security workspace "
91 // + siteAuth.getSecurityWorkspace() + " of "
92 // + siteAuth.getUrl());
93 // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
94 } catch (RepositoryException e) {
95 throw new BadCredentialsException(
96 "Cannot authenticate " + siteAuth, e);
97 }
98
99 try {
100 // Node userHome = UserJcrUtils.getUserHome(session);
101 // retrieve remote roles
102 List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
103 if (userProfile != null
104 && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
105 Value[] roles = userProfile.getProperty(
106 ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
107 for (int i = 0; i < roles.length; i++)
108 authoritiesList.add(new GrantedAuthorityImpl(roles[i]
109 .getString()));
110 }
111 authoritiesList.add(new GrantedAuthorityImpl(ROLE_REMOTE));
112
113 // create authenticated objects
114 GrantedAuthority[] authorities = authoritiesList
115 .toArray(new GrantedAuthority[authoritiesList.size()]);
116 JcrUserDetails userDetails = new JcrUserDetails(userProfile,
117 siteAuth.getCredentials().toString(), authorities);
118 NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
119 siteAuth, authorities);
120 authenticated.setDetails(userDetails);
121 return authenticated;
122 } catch (RepositoryException e) {
123 throw new ArgeoException(
124 "Unexpected exception when authenticating to " + url, e);
125 }
126 }
127
128 @SuppressWarnings("rawtypes")
129 public boolean supports(Class authentication) {
130 return NodeAuthenticationToken.class.isAssignableFrom(authentication);
131 }
132
133 public void setRepositoryFactory(RepositoryFactory repositoryFactory) {
134 this.repositoryFactory = repositoryFactory;
135 }
136
137 public void setBundleContext(BundleContext bundleContext) {
138 this.bundleContext = bundleContext;
139 }
140
141 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi