/*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.OsAuthenticationToken;
+import org.argeo.security.SecurityUtils;
import org.argeo.security.core.OsAuthenticationProvider;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetails;
/** Relies on OS to authenticate and additionally setup JCR */
public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
private Repository repository;
- private String securityWorkspace = "security";
- private Session securitySession;
private Session nodeSession;
private UserDetails userDetails;
+ private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
+
+ private final static String JVM_OSUSER = System.getProperty("user.name");
public void init() {
try {
- securitySession = repository.login(securityWorkspace);
nodeSession = repository.login();
} catch (RepositoryException e) {
throw new ArgeoException("Cannot initialize", e);
}
public void destroy() {
- JcrUtils.logoutQuietly(securitySession);
JcrUtils.logoutQuietly(nodeSession);
}
throws AuthenticationException {
if (authentication instanceof UsernamePasswordAuthenticationToken) {
// deal with remote access to internal server
- // FIXME very primitive and unsecure at this stage
+ // FIXME very primitive and unsecure at this sSession adminSession
+ // =tage
// consider using the keyring for username / password authentication
// or certificate
UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
- if (!upat.getPrincipal().toString()
- .equals(System.getProperty("user.name")))
+ if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
throw new BadCredentialsException("Wrong credentials");
UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
authentication.getPrincipal(),
try {
// WARNING: at this stage we assume that the java properties
// will have the same value
- String username = System.getProperty("user.name");
- Node userProfile = JcrUtils.createUserProfileIfNeeded(
- securitySession, username);
+ GrantedAuthority[] authorities = getBaseAuthorities();
+ String username = JVM_OSUSER;
+ Node userProfile = jcrSecurityModel.sync(nodeSession, username,
+ SecurityUtils.authoritiesToStringList(authorities));
JcrUserDetails.checkAccountStatus(userProfile);
- // each user should have a writable area in the default
- // workspace of the node
- JcrUtils.createUserHomeIfNeeded(nodeSession, username);
userDetails = new JcrUserDetails(userProfile, authen
- .getCredentials().toString(), getBaseAuthorities());
+ .getCredentials().toString(), authorities);
authen.setDetails(userDetails);
return authen;
} catch (RepositoryException e) {
- JcrUtils.discardQuietly(securitySession);
+ JcrUtils.discardQuietly(nodeSession);
throw new ArgeoException(
"Unexpected exception when synchronizing OS and JCR security ",
e);
- } finally {
- JcrUtils.logoutQuietly(securitySession);
}
} else {
throw new ArgeoException("Unsupported authentication "
}
}
- public void setSecurityWorkspace(String securityWorkspace) {
- this.securityWorkspace = securityWorkspace;
- }
-
public void setRepository(Repository repository) {
this.repository = repository;
}
+ public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
+ this.jcrSecurityModel = jcrSecurityModel;
+ }
+
@SuppressWarnings("rawtypes")
public boolean supports(Class authentication) {
return OsAuthenticationToken.class.isAssignableFrom(authentication)
|| UsernamePasswordAuthenticationToken.class
.isAssignableFrom(authentication);
}
-
-}
+}
\ No newline at end of file