Integrate JCR security with Spring

[lgpl/argeo-commons.git] / server / runtime / org.argeo.server.jcr / src / main / java / org / argeo / jcr / ThreadBoundJcrSessionFactory.java

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
index b94b9bf1645a98e94584e6f8897d5a42e6242b0d..ef044ce8b872e4ddbbc2bfa29a64bdab4ed9ec40 100644 (file)
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import javax.jcr.LoginException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -34,6 +35,7 @@ import org.argeo.ArgeoException;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.FactoryBean;
 
+/** Proxy JCR sessions and attach them to calling threads. */
 public class ThreadBoundJcrSessionFactory implements FactoryBean,
                DisposableBean {
        private final static Log log = LogFactory
@@ -47,6 +49,9 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
        private boolean destroying = false;
        private final Session proxiedSession;
 
+       private String defaultUsername = "demo";
+       private String defaultPassword = "demo";
+
        public ThreadBoundJcrSessionFactory() {
                Class<?>[] interfaces = { Session.class };
                proxiedSession = (Session) Proxy.newProxyInstance(getClass()
@@ -78,19 +83,36 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
        }
 
        protected Session login() {
+               Session newSession = null;
+               // first try to login without credentials, assuming the underlying login
+               // module will have dealt with authentication (typically using Spring
+               // Security)
                try {
-                       SimpleCredentials sc = new SimpleCredentials("demo", "demo"
-                                       .toCharArray());
-                       Session sess = repository.login(sc);
-                       if (log.isTraceEnabled())
-                               log.trace("Log in to JCR session " + sess + "; userId="
-                                               + sess.getUserID());
-                       // Thread.dumpStack();
-                       activeSessions.add(sess);
-                       return sess;
-               } catch (RepositoryException e) {
-                       throw new ArgeoException("Cannot log in to repository", e);
+                       newSession = repository.login();
+               } catch (LoginException e1) {
+                       log.warn("Cannot login without credentials: " + e1.getMessage());
+                       // invalid credentials, go to the next step
+               } catch (RepositoryException e1) {
+                       // other kind of exception, fail
+                       throw new ArgeoException("Cannot log in to repository", e1);
                }
+
+               // log using default username / password (useful for testing purposes)
+               if (newSession == null)
+                       try {
+                               SimpleCredentials sc = new SimpleCredentials(defaultUsername,
+                                               defaultPassword.toCharArray());
+                               newSession = repository.login(sc);
+                       } catch (RepositoryException e) {
+                               throw new ArgeoException("Cannot log in to repository", e);
+                       }
+
+               // Log and monitor new session
+               if (log.isTraceEnabled())
+                       log.trace("Logged in to JCR session " + newSession + "; userId="
+                                       + newSession.getUserID());
+               activeSessions.add(newSession);
+               return newSession;
        }
 
        public Object getObject() {
@@ -121,4 +143,12 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
                this.repository = repository;
        }
 
+       public void setDefaultUsername(String defaultUsername) {
+               this.defaultUsername = defaultUsername;
+       }
+
+       public void setDefaultPassword(String defaultPassword) {
+               this.defaultPassword = defaultPassword;
+       }
+
 }