Moves Spring Security / Jackrabbit synchronization in JcrSecurityModel

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / OsJcrAuthenticationProvider.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java

index cb9146a8b662407593675de216655715d1c4504e..6c26d4627ec3ce291d03e7b3d1a5cb629f6f93cf 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
@@ -23,26 +23,27 @@ import javax.jcr.Session;
  import org.argeo.ArgeoException;
  import org.argeo.jcr.JcrUtils;
  import org.argeo.security.OsAuthenticationToken;
+import org.argeo.security.SecurityUtils;
  import org.argeo.security.core.OsAuthenticationProvider;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationException;
  import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
  import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
  import org.springframework.security.userdetails.UserDetails;
  
  /** Relies on OS to authenticate and additionally setup JCR */
  public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
         private Repository repository;
-       // private String securityWorkspace = "security";
-       // private Session securitySession;
         private Session nodeSession;
  
         private UserDetails userDetails;
-       private JcrSecurityModel jcrSecurityModel = new JcrSecurityModel();
+       private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
+
+       private final static String JVM_OSUSER = System.getProperty("user.name");
  
         public void init() {
                 try {
-                       // securitySession = repository.login();
                         nodeSession = repository.login();
                 } catch (RepositoryException e) {
                         throw new ArgeoException("Cannot initialize", e);
@@ -50,7 +51,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
         }
  
         public void destroy() {
-               // JcrUtils.logoutQuietly(securitySession);
                 JcrUtils.logoutQuietly(nodeSession);
         }
  
@@ -62,8 +62,7 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                         // consider using the keyring for username / password authentication
                         // or certificate
                         UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
-                       if (!upat.getPrincipal().toString()
-                                       .equals(System.getProperty("user.name")))
+                       if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
                                 throw new BadCredentialsException("Wrong credentials");
                         UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
                                         authentication.getPrincipal(),
@@ -76,16 +75,14 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                         try {
                                 // WARNING: at this stage we assume that the java properties
                                 // will have the same value
-                               String username = System.getProperty("user.name");
-                               Node userProfile = jcrSecurityModel.sync(nodeSession, username);
+                               GrantedAuthority[] authorities = getBaseAuthorities();
+                               String username = JVM_OSUSER;
+                               Node userProfile = jcrSecurityModel.sync(nodeSession, username,
+                                               SecurityUtils.authoritiesToStringList(authorities));
                                 JcrUserDetails.checkAccountStatus(userProfile);
  
-                               // each user should have a writable area in the default
-                               // workspace of the node
-                               // SecurityJcrUtils.createUserHomeIfNeeded(nodeSession,
-                               // username);
                                 userDetails = new JcrUserDetails(userProfile, authen
-                                               .getCredentials().toString(), getBaseAuthorities());
+                                               .getCredentials().toString(), authorities);
                                 authen.setDetails(userDetails);
                                 return authen;
                         } catch (RepositoryException e) {
@@ -102,10 +99,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                 }
         }
  
-       // public void setSecurityWorkspace(String securityWorkspace) {
-       // this.securityWorkspace = securityWorkspace;
-       // }
-
         public void setRepository(Repository repository) {
                 this.repository = repository;
         }
@@ -120,5 +113,4 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                                 || UsernamePasswordAuthenticationToken.class
                                                 .isAssignableFrom(authentication);
         }
-
-}
+}
+\ No newline at end of file