/*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.argeo.security.jcr;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
+import java.util.Properties;
-import javax.jcr.Credentials;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import org.argeo.ArgeoException;
import org.argeo.jcr.ArgeoJcrConstants;
-import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
+import org.argeo.jcr.UserJcrUtils;
import org.argeo.security.NodeAuthenticationToken;
+import org.osgi.framework.BundleContext;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
ArgeoNames {
private RepositoryFactory repositoryFactory;
+ private BundleContext bundleContext;
+
+ public final static String ROLE_REMOTE = "ROLE_REMOTE";
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
String url = siteAuth.getUrl();
- if (url == null)
- return null;
+ if (url == null)// TODO? login on own node
+ throw new ArgeoException("No url set in " + siteAuth);
Session session;
- Node userProfile;
+ Node userProfile;
try {
SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
siteAuth.getCredentials().toString().toCharArray());
// get repository
- Repository repository = getRepository(url, sp);
- if (repository == null)
- return null;
-
- String workspace = siteAuth.getSecurityWorkspace();
- session = repository.login(sp, workspace);
- Node userHome = ArgeoJcrUtils.getUserHome(session);
- if (userHome == null || !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
- throw new ArgeoException("No profile for user "
- + siteAuth.getName() + " in security workspace "
- + siteAuth.getSecurityWorkspace() + " of "
- + siteAuth.getUrl());
- userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
+ Repository repository = new RemoteJcrRepositoryWrapper(
+ repositoryFactory, url, sp);
+ if (bundleContext != null) {
+ Properties serviceProperties = new Properties();
+ serviceProperties.setProperty(
+ ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
+ ArgeoJcrConstants.ALIAS_NODE);
+ serviceProperties.setProperty(
+ ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
+ bundleContext.registerService(Repository.class.getName(),
+ repository, serviceProperties);
+ }
+ // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
+ // repositoryFactory, url);
+ // if (repository == null)
+ // throw new ArgeoException("Cannot connect to " + url);
+
+ session = repository.login(sp, null);
+
+ userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
+ JcrUserDetails.checkAccountStatus(userProfile);
+
+ // Node userHome = UserJcrUtils.getUserHome(session);
+ // if (userHome == null ||
+ // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
+ // throw new ArgeoException("No profile for user "
+ // + siteAuth.getName() + " in security workspace "
+ // + siteAuth.getSecurityWorkspace() + " of "
+ // + siteAuth.getUrl());
+ // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
} catch (RepositoryException e) {
throw new BadCredentialsException(
"Cannot authenticate " + siteAuth, e);
}
try {
- JcrUserDetails.checkAccountStatus(userProfile);
+ // Node userHome = UserJcrUtils.getUserHome(session);
// retrieve remote roles
List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
- if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
+ if (userProfile != null
+ && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
Value[] roles = userProfile.getProperty(
ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
for (int i = 0; i < roles.length; i++)
authoritiesList.add(new GrantedAuthorityImpl(roles[i]
.getString()));
}
+ authoritiesList.add(new GrantedAuthorityImpl(ROLE_REMOTE));
// create authenticated objects
GrantedAuthority[] authorities = authoritiesList
}
}
- protected Repository getRepository(String url, Credentials credentials)
- throws RepositoryException {
- Map<String, String> parameters = new HashMap<String, String>();
- parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
- return repositoryFactory.getRepository(parameters);
- }
-
@SuppressWarnings("rawtypes")
public boolean supports(Class authentication) {
return NodeAuthenticationToken.class.isAssignableFrom(authentication);
this.repositoryFactory = repositoryFactory;
}
+ public void setBundleContext(BundleContext bundleContext) {
+ this.bundleContext = bundleContext;
+ }
+
}