X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=13ecac4b09c1c599248420b2df2699114b1b3330;hb=d8b62960ec3c9d991840348c63dc0c8ce980233e;hp=3b5d78d897ff24f6a9ff5b2765af13eb79c1d35c;hpb=93a457cf047cebb0170abd0f37a9b4291a2ae3e9;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index 3b5d78d89..13ecac4b0 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -1,15 +1,19 @@ package org.argeo.cms.internal.kernel; -import java.net.URL; +import java.io.File; +import java.io.IOException; import javax.jcr.RepositoryException; +import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.internal.useradmin.JcrUserAdmin; +import org.argeo.cms.KernelHeader; import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel; import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService; +import org.argeo.osgi.useradmin.AbstractLdapUserAdmin; +import org.argeo.osgi.useradmin.LdapUserAdmin; import org.argeo.osgi.useradmin.LdifUserAdmin; import org.argeo.security.OsAuthenticationToken; import org.argeo.security.UserAdminService; @@ -18,6 +22,7 @@ import org.argeo.security.core.InternalAuthenticationProvider; import org.argeo.security.core.OsAuthenticationProvider; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceRegistration; +import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.UserAdmin; import org.springframework.security.authentication.AnonymousAuthenticationProvider; import org.springframework.security.authentication.AnonymousAuthenticationToken; @@ -37,7 +42,7 @@ class NodeSecurity implements AuthenticationManager { private final InternalAuthenticationProvider internalAuth; private final AnonymousAuthenticationProvider anonymousAuth; private final JackrabbitUserAdminService userAdminService; - private final LdifUserAdmin userAdmin; + private final NodeUserAdmin userAdmin; private ServiceRegistration authenticationManagerReg; private ServiceRegistration userAdminServiceReg; @@ -61,11 +66,41 @@ class NodeSecurity implements AuthenticationManager { userAdminService.setSecurityModel(new SimpleJcrSecurityModel()); userAdminService.init(); + userAdmin = new NodeUserAdmin(); + + String baseDn = "dc=example,dc=com"; String userAdminUri = KernelUtils .getFrameworkProp(KernelConstants.USERADMIN_URI); if (userAdminUri == null) - userAdminUri = getClass().getResource("demo.ldif").toString(); - userAdmin = new LdifUserAdmin(userAdminUri); + userAdminUri = getClass().getResource(baseDn + ".ldif").toString(); + + AbstractLdapUserAdmin businessRoles; + if (userAdminUri.startsWith("ldap")) + businessRoles = new LdapUserAdmin(userAdminUri); + else { + businessRoles = new LdifUserAdmin(userAdminUri); + } + businessRoles.init(); + userAdmin.addUserAdmin(baseDn, businessRoles); + + File osgiInstanceDir = KernelUtils.getOsgiInstanceDir(); + File homeDir = new File(osgiInstanceDir, "node"); + + String baseNodeRoleDn = KernelHeader.ROLES_BASEDN; + File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif"); + try { + FileUtils.copyInputStreamToFile( + getClass().getResourceAsStream("demo.ldif"), nodeRolesFile); + } catch (IOException e) { + throw new CmsException("Cannot copy demo resource", e); + } + LdifUserAdmin nodeRoles = new LdifUserAdmin(nodeRolesFile.toURI() + .toString()); + nodeRoles.setExternalRoles(userAdmin); + nodeRoles.init(); + // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP); + userAdmin.addUserAdmin(baseNodeRoleDn, nodeRoles); + } public void publish() { @@ -89,13 +124,15 @@ class NodeSecurity implements AuthenticationManager { userAdminServiceReg.unregister(); authenticationManagerReg.unregister(); - userAdmin.destroy(); + // userAdmin.destroy(); userAdminReg.unregister(); } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { +// throw new UnsupportedOperationException( +// "Authentication manager is deprectaed and should not be used."); Authentication auth = null; if (authentication instanceof InternalAuthentication) auth = internalAuth.authenticate(authentication);