Move Jackrabbit security model

[lgpl/argeo-commons.git] / org.argeo.security.core / src / org / argeo / security / jcr / jackrabbit / JackrabbitUserAdminService.java

diff --git a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
index b648f32c38b583481142f472ed82978b1d0f779d..aceb5161293a50f7d144aac47f7bd85bd63cbcac 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java
@@ -1,6 +1,7 @@
 package org.argeo.security.jcr.jackrabbit;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -21,9 +22,11 @@ import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentia
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
+import org.argeo.security.NodeAuthenticationToken;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrSecurityModel;
 import org.argeo.security.jcr.JcrUserDetails;
+import org.argeo.security.login.GrantedAuthorityPrincipal;
 import org.springframework.dao.DataAccessException;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -31,7 +34,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -278,16 +280,16 @@ public class JackrabbitUserAdminService implements UserAdminService,
                if (username == null)
                        username = session.getUserID();
                User user = (User) getUserManager().getAuthorizable(username);
-               ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+               ArrayList<GrantedAuthorityPrincipal> authorities = new ArrayList<GrantedAuthorityPrincipal>();
                // FIXME make it more generic
-               authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+               authorities.add(new GrantedAuthorityPrincipal("ROLE_USER"));
                Iterator<Group> groups = user.declaredMemberOf();
                while (groups.hasNext()) {
                        Group group = groups.next();
                        // String role = "ROLE_"
                        // + group.getPrincipal().getName().toUpperCase();
                        String role = group.getPrincipal().getName();
-                       authorities.add(new SimpleGrantedAuthority(role));
+                       authorities.add(new GrantedAuthorityPrincipal(role));
                }
 
                Node userProfile = UserJcrUtils.getUserProfile(session, username);
@@ -299,11 +301,14 @@ public class JackrabbitUserAdminService implements UserAdminService,
        // AUTHENTICATION PROVIDER
        public synchronized Authentication authenticate(
                        Authentication authentication) throws AuthenticationException {
-               UsernamePasswordAuthenticationToken siteAuth = (UsernamePasswordAuthenticationToken) authentication;
+               NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
                String username = siteAuth.getName();
+               if (!(siteAuth.getCredentials() instanceof char[]))
+                       throw new ArgeoException("Only char array passwords are supported");
+               char[] password = (char[]) siteAuth.getCredentials();
                try {
                        SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
-                                       siteAuth.getCredentials().toString().toCharArray());
+                                       password);
                        User user = (User) getUserManager().getAuthorizable(username);
                        if (user == null)
                                throw new BadCredentialsException("Bad credentials");
@@ -323,13 +328,15 @@ public class JackrabbitUserAdminService implements UserAdminService,
                } catch (Exception e) {
                        throw new BadCredentialsException(
                                        "Cannot authenticate " + siteAuth, e);
+               } finally {
+                       Arrays.fill(password, '*');
                }
 
                try {
                        JcrUserDetails userDetails = loadJcrUserDetails(adminSession,
                                        username);
-                       UsernamePasswordAuthenticationToken authenticated = new UsernamePasswordAuthenticationToken(
-                                       siteAuth, "", userDetails.getAuthorities());
+                       NodeAuthenticationToken authenticated = new NodeAuthenticationToken(
+                                       siteAuth, userDetails.getAuthorities());
                        authenticated.setDetails(userDetails);
                        return authenticated;
                } catch (RepositoryException e) {