Import hashed password directly for Jackrabbit users.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / useradmin / jackrabbit / JackrabbitUserAdminService.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java

index d35f996f49e7e78b074119748fa5ed70d2545f8e..983f8e4078529479958a90dcdbd8b547596c6a17 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
@@ -12,6 +12,7 @@ import javax.jcr.Repository;
  import javax.jcr.RepositoryException;
  import javax.jcr.Session;
  import javax.jcr.SimpleCredentials;
+import javax.jcr.Value;
  import javax.jcr.version.VersionManager;
  
  import org.apache.jackrabbit.api.JackrabbitSession;
@@ -28,6 +29,7 @@ import org.argeo.cms.internal.auth.JcrSecurityModel;
  import org.argeo.jcr.JcrUtils;
  import org.argeo.jcr.UserJcrUtils;
  import org.argeo.security.NodeAuthenticationToken;
+import org.argeo.security.SecurityUtils;
  import org.argeo.security.UserAdminService;
  import org.argeo.security.jcr.JcrUserDetails;
  import org.argeo.security.jcr.NewUserDetails;
@@ -50,6 +52,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
                 AuthenticationProvider {
         private final static String JACKR_ADMINISTRATORS = "administrators";
         private final static String REP_PRINCIPAL_NAME = "rep:principalName";
+       private final static String REP_PASSWORD = "rep:password";
  
         private Repository repository;
         private JcrSecurityModel securityModel;
@@ -63,7 +66,6 @@ public class JackrabbitUserAdminService implements UserAdminService,
                                 .getAuthentication();
                 authentication.getName();
                 adminSession = (JackrabbitSession) repository.login();
-               securityModel.init(adminSession);
                 Authorizable adminGroup = getUserManager().getAuthorizable(
                                 KernelHeader.ROLE_ADMIN);
                 if (adminGroup == null) {
@@ -79,6 +81,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
                         securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null);
                         adminSession.save();
                 }
+               securityModel.init(adminSession);
         }
  
         public void destroy() throws RepositoryException {
@@ -116,20 +119,29 @@ public class JackrabbitUserAdminService implements UserAdminService,
         @Override
         public void updateUser(UserDetails userDetails) {
                 try {
-                       User user = (User) getUserManager().getAuthorizable(
-                                       userDetails.getUsername());
+                       String username = userDetails.getUsername();
+                       User user = (User) getUserManager().getAuthorizable(username);
                         if (user == null)
                                 throw new ArgeoException("No user " + userDetails.getUsername());
  
                         // new password
                         String newPassword = userDetails.getPassword();
                         if (!newPassword.trim().equals("")) {
-                               SimpleCredentials sp = new SimpleCredentials(
-                                               userDetails.getUsername(), newPassword.toCharArray());
-                               CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user
-                                               .getCredentials();
-                               if (!credentials.matches(sp))
-                                       user.changePassword(new String(newPassword));
+                               if (newPassword.startsWith("{SHA-256}")) {
+                                       // Already hashed password                                      
+                                       Value v = adminSession.getValueFactory().createValue(
+                                                       newPassword);
+                                       user.setProperty(REP_PASSWORD, v);
+                               } else {
+                                       SimpleCredentials sp = new SimpleCredentials(
+                                                       userDetails.getUsername(),
+                                                       newPassword.toCharArray());
+                                       CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user
+                                                       .getCredentials();
+
+                                       if (!credentials.matches(sp))
+                                               user.changePassword(new String(newPassword));
+                               }
                         }
  
                         List<String> roles = new ArrayList<String>();
@@ -282,7 +294,10 @@ public class JackrabbitUserAdminService implements UserAdminService,
                                 Group group = (Group) groups.next();
                                 String groupName = group.getPrincipal().getName();
                                 String role = groupNameToRole(groupName);
-                               if (role != null && !role.equals(KernelHeader.ROLE_GROUP_ADMIN))
+                               if (role != null
+                                               && !role.equals(KernelHeader.ROLE_GROUP_ADMIN)
+                                               && !(role.equals(KernelHeader.ROLE_ADMIN) && !SecurityUtils
+                                                               .hasCurrentThreadAuthority(KernelHeader.ROLE_ADMIN)))
                                         res.add(role);
                         }
                         return res;