Use GrantedAuthority implementing Principal in order to optimise Jackrabbit login

[lgpl/argeo-commons.git] / org.argeo.security.core / src / org / argeo / security / jcr / jackrabbit / JackrabbitUserAdminService.java

diff --git a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
index fde3d850fcfb34b94ffcd3eabdbbd1af96d7251d..aceb5161293a50f7d144aac47f7bd85bd63cbcac 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
@@ -22,9 +22,11 @@ import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentia
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
+import org.argeo.security.NodeAuthenticationToken;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrSecurityModel;
 import org.argeo.security.jcr.JcrUserDetails;
+import org.argeo.security.login.GrantedAuthorityPrincipal;
 import org.springframework.dao.DataAccessException;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -32,7 +34,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -279,16 +280,16 @@ public class JackrabbitUserAdminService implements UserAdminService,
                if (username == null)
                        username = session.getUserID();
                User user = (User) getUserManager().getAuthorizable(username);
-               ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+               ArrayList<GrantedAuthorityPrincipal> authorities = new ArrayList<GrantedAuthorityPrincipal>();
                // FIXME make it more generic
-               authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+               authorities.add(new GrantedAuthorityPrincipal("ROLE_USER"));
                Iterator<Group> groups = user.declaredMemberOf();
                while (groups.hasNext()) {
                        Group group = groups.next();
                        // String role = "ROLE_"
                        // + group.getPrincipal().getName().toUpperCase();
                        String role = group.getPrincipal().getName();
-                       authorities.add(new SimpleGrantedAuthority(role));
+                       authorities.add(new GrantedAuthorityPrincipal(role));
                }
 
                Node userProfile = UserJcrUtils.getUserProfile(session, username);
@@ -300,8 +301,10 @@ public class JackrabbitUserAdminService implements UserAdminService,
        // AUTHENTICATION PROVIDER
        public synchronized Authentication authenticate(
                        Authentication authentication) throws AuthenticationException {
-               UsernamePasswordAuthenticationToken siteAuth = (UsernamePasswordAuthenticationToken) authentication;
+               NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
                String username = siteAuth.getName();
+               if (!(siteAuth.getCredentials() instanceof char[]))
+                       throw new ArgeoException("Only char array passwords are supported");
                char[] password = (char[]) siteAuth.getCredentials();
                try {
                        SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
@@ -332,8 +335,8 @@ public class JackrabbitUserAdminService implements UserAdminService,
                try {
                        JcrUserDetails userDetails = loadJcrUserDetails(adminSession,
                                        username);
-                       UsernamePasswordAuthenticationToken authenticated = new UsernamePasswordAuthenticationToken(
-                                       siteAuth, "", userDetails.getAuthorities());
+                       NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
+                                       siteAuth, userDetails.getAuthorities());
                        authenticated.setDetails(userDetails);
                        return authenticated;
                } catch (RepositoryException e) {