import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.OsAuthenticationToken;
+import org.argeo.security.SecurityUtils;
import org.argeo.security.core.OsAuthenticationProvider;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.userdetails.UserDetails;
/** Relies on OS to authenticate and additionally setup JCR */
public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
private Repository repository;
- // private String securityWorkspace = "security";
- // private Session securitySession;
private Session nodeSession;
private UserDetails userDetails;
- private JcrSecurityModel jcrSecurityModel = new JcrSecurityModel();
+ private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
+
+ private final static String JVM_OSUSER = System.getProperty("user.name");
public void init() {
try {
- // securitySession = repository.login();
nodeSession = repository.login();
} catch (RepositoryException e) {
throw new ArgeoException("Cannot initialize", e);
}
public void destroy() {
- // JcrUtils.logoutQuietly(securitySession);
JcrUtils.logoutQuietly(nodeSession);
}
// consider using the keyring for username / password authentication
// or certificate
UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
- if (!upat.getPrincipal().toString()
- .equals(System.getProperty("user.name")))
+ if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
throw new BadCredentialsException("Wrong credentials");
UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
authentication.getPrincipal(),
try {
// WARNING: at this stage we assume that the java properties
// will have the same value
- String username = System.getProperty("user.name");
- Node userProfile = jcrSecurityModel.sync(nodeSession, username);
+ GrantedAuthority[] authorities = getBaseAuthorities();
+ String username = JVM_OSUSER;
+ Node userProfile = jcrSecurityModel.sync(nodeSession, username,
+ SecurityUtils.authoritiesToStringList(authorities));
JcrUserDetails.checkAccountStatus(userProfile);
- // each user should have a writable area in the default
- // workspace of the node
- // SecurityJcrUtils.createUserHomeIfNeeded(nodeSession,
- // username);
userDetails = new JcrUserDetails(userProfile, authen
- .getCredentials().toString(), getBaseAuthorities());
+ .getCredentials().toString(), authorities);
authen.setDetails(userDetails);
return authen;
} catch (RepositoryException e) {
}
}
- // public void setSecurityWorkspace(String securityWorkspace) {
- // this.securityWorkspace = securityWorkspace;
- // }
-
public void setRepository(Repository repository) {
this.repository = repository;
}
|| UsernamePasswordAuthenticationToken.class
.isAssignableFrom(authentication);
}
-
-}
+}
\ No newline at end of file