]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add dep folder
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / OsJcrAuthenticationProvider.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
index d304dc36571d8e41da2dec883179be220bcdd57b..aa95e322d21ef8e8bfa6c05099e1f6d7b426a06b 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,27 +22,28 @@ import javax.jcr.Session;
 
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
-import org.argeo.jcr.security.SecurityJcrUtils;
 import org.argeo.security.OsAuthenticationToken;
+import org.argeo.security.SecurityUtils;
 import org.argeo.security.core.OsAuthenticationProvider;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
 import org.springframework.security.userdetails.UserDetails;
 
 /** Relies on OS to authenticate and additionally setup JCR */
 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
        private Repository repository;
-       private String securityWorkspace = "security";
-       private Session securitySession;
        private Session nodeSession;
 
        private UserDetails userDetails;
+       private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel();
+
+       private final static String JVM_OSUSER = System.getProperty("user.name");
 
        public void init() {
                try {
-                       securitySession = repository.login(securityWorkspace);
                        nodeSession = repository.login();
                } catch (RepositoryException e) {
                        throw new ArgeoException("Cannot initialize", e);
@@ -50,7 +51,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
        }
 
        public void destroy() {
-               JcrUtils.logoutQuietly(securitySession);
                JcrUtils.logoutQuietly(nodeSession);
        }
 
@@ -58,12 +58,12 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                        throws AuthenticationException {
                if (authentication instanceof UsernamePasswordAuthenticationToken) {
                        // deal with remote access to internal server
-                       // FIXME very primitive and unsecure at this stage
+                       // FIXME very primitive and unsecure at this sSession adminSession
+                       // =tage
                        // consider using the keyring for username / password authentication
                        // or certificate
                        UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
-                       if (!upat.getPrincipal().toString()
-                                       .equals(System.getProperty("user.name")))
+                       if (!upat.getPrincipal().toString().equals(JVM_OSUSER))
                                throw new BadCredentialsException("Wrong credentials");
                        UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
                                        authentication.getPrincipal(),
@@ -76,25 +76,21 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                        try {
                                // WARNING: at this stage we assume that the java properties
                                // will have the same value
-                               String username = System.getProperty("user.name");
-                               Node userProfile = SecurityJcrUtils.createUserProfileIfNeeded(
-                                               securitySession, username);
+                               GrantedAuthority[] authorities = getBaseAuthorities();
+                               String username = JVM_OSUSER;
+                               Node userProfile = jcrSecurityModel.sync(nodeSession, username,
+                                               SecurityUtils.authoritiesToStringList(authorities));
                                JcrUserDetails.checkAccountStatus(userProfile);
 
-                               // each user should have a writable area in the default
-                               // workspace of the node
-                               SecurityJcrUtils.createUserHomeIfNeeded(nodeSession, username);
                                userDetails = new JcrUserDetails(userProfile, authen
-                                               .getCredentials().toString(), getBaseAuthorities());
+                                               .getCredentials().toString(), authorities);
                                authen.setDetails(userDetails);
                                return authen;
                        } catch (RepositoryException e) {
-                               JcrUtils.discardQuietly(securitySession);
+                               JcrUtils.discardQuietly(nodeSession);
                                throw new ArgeoException(
                                                "Unexpected exception when synchronizing OS and JCR security ",
                                                e);
-                       } finally {
-                               JcrUtils.logoutQuietly(securitySession);
                        }
                } else {
                        throw new ArgeoException("Unsupported authentication "
@@ -102,19 +98,18 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                }
        }
 
-       public void setSecurityWorkspace(String securityWorkspace) {
-               this.securityWorkspace = securityWorkspace;
-       }
-
        public void setRepository(Repository repository) {
                this.repository = repository;
        }
 
+       public void setJcrSecurityModel(JcrSecurityModel jcrSecurityModel) {
+               this.jcrSecurityModel = jcrSecurityModel;
+       }
+
        @SuppressWarnings("rawtypes")
        public boolean supports(Class authentication) {
                return OsAuthenticationToken.class.isAssignableFrom(authentication)
                                || UsernamePasswordAuthenticationToken.class
                                                .isAssignableFrom(authentication);
        }
-
-}
+}
\ No newline at end of file
Argeo Commons - Lightweight integration framework in pure Java/OSGi