X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=83216d0484a96a896d6c4f95e1473bcce3ce1efe;hb=08fac35eeedb151c2fd1cc85ed4a36adf66e02fc;hp=be94cd5df7f3f6a716e68962ae38ff2ce75461e6;hpb=0a63088e055dcd5ff397ce4e98d008c62c84dc98;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index be94cd5df..83216d048 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -1,19 +1,29 @@ package org.argeo.cms.internal.kernel; -import java.net.URL; +import java.io.File; +import java.io.IOException; import javax.jcr.RepositoryException; +import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; +import org.argeo.cms.KernelHeader; +import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel; +import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService; +import org.argeo.osgi.useradmin.AbstractLdapUserAdmin; +import org.argeo.osgi.useradmin.LdapUserAdmin; +import org.argeo.osgi.useradmin.LdifUserAdmin; +import org.argeo.security.OsAuthenticationToken; import org.argeo.security.UserAdminService; import org.argeo.security.core.InternalAuthentication; import org.argeo.security.core.InternalAuthenticationProvider; -import org.argeo.security.jcr.SimpleJcrSecurityModel; -import org.argeo.security.jcr.jackrabbit.JackrabbitUserAdminService; +import org.argeo.security.core.OsAuthenticationProvider; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceRegistration; +import org.osgi.service.useradmin.Role; +import org.osgi.service.useradmin.UserAdmin; import org.springframework.security.authentication.AnonymousAuthenticationProvider; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationManager; @@ -28,30 +38,27 @@ class NodeSecurity implements AuthenticationManager { private final BundleContext bundleContext; + private final OsAuthenticationProvider osAuth; private final InternalAuthenticationProvider internalAuth; private final AnonymousAuthenticationProvider anonymousAuth; private final JackrabbitUserAdminService userAdminService; - // private final JcrUserAdmin userAdmin; + private final NodeUserAdmin userAdmin; private ServiceRegistration authenticationManagerReg; private ServiceRegistration userAdminServiceReg; private ServiceRegistration userDetailsManagerReg; - // private ServiceRegistration userAdminReg; + private ServiceRegistration userAdminReg; public NodeSecurity(BundleContext bundleContext, JackrabbitNode node) throws RepositoryException { - URL url = getClass().getClassLoader().getResource( - KernelConstants.JAAS_CONFIG); - System.setProperty("java.security.auth.login.config", - url.toExternalForm()); - this.bundleContext = bundleContext; + osAuth = new OsAuthenticationProvider(); internalAuth = new InternalAuthenticationProvider( - KernelConstants.DEFAULT_SECURITY_KEY); + Activator.getSystemKey()); anonymousAuth = new AnonymousAuthenticationProvider( - KernelConstants.DEFAULT_SECURITY_KEY); + Activator.getSystemKey()); // user admin userAdminService = new JackrabbitUserAdminService(); @@ -59,8 +66,41 @@ class NodeSecurity implements AuthenticationManager { userAdminService.setSecurityModel(new SimpleJcrSecurityModel()); userAdminService.init(); - // userAdmin = new JcrUserAdmin(bundleContext); - // userAdmin.setUserAdminService(userAdminService); + userAdmin = new NodeUserAdmin(); + + String baseDn = "dc=example,dc=com"; + String userAdminUri = KernelUtils + .getFrameworkProp(KernelConstants.USERADMIN_URI); + if (userAdminUri == null) + userAdminUri = getClass().getResource(baseDn + ".ldif").toString(); + + AbstractLdapUserAdmin businessRoles; + if (userAdminUri.startsWith("ldap")) + businessRoles = new LdapUserAdmin(userAdminUri); + else { + businessRoles = new LdifUserAdmin(userAdminUri); + } + businessRoles.init(); + userAdmin.addUserAdmin(baseDn, businessRoles); + + File osgiInstanceDir = KernelUtils.getOsgiInstanceDir(); + File homeDir = new File(osgiInstanceDir, "node"); + + String baseNodeRoleDn = KernelConstants.ROLES_BASEDN; + File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif"); + try { + FileUtils.copyInputStreamToFile( + getClass().getResourceAsStream("demo.ldif"), nodeRolesFile); + } catch (IOException e) { + throw new CmsException("Cannot copy demo resource", e); + } + LdifUserAdmin nodeRoles = new LdifUserAdmin(nodeRolesFile.toURI() + .toString()); + nodeRoles.setExternalRoles(userAdmin); + nodeRoles.init(); + // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP); + userAdmin.addUserAdmin(baseNodeRoleDn, nodeRoles); + } public void publish() { @@ -70,8 +110,8 @@ class NodeSecurity implements AuthenticationManager { UserAdminService.class, userAdminService, null); userDetailsManagerReg = bundleContext.registerService( UserDetailsManager.class, userAdminService, null); - // userAdminReg = bundleContext.registerService(UserAdmin.class, - // userAdmin, null); + userAdminReg = bundleContext.registerService(UserAdmin.class, + userAdmin, null); } void destroy() { @@ -83,7 +123,9 @@ class NodeSecurity implements AuthenticationManager { userDetailsManagerReg.unregister(); userAdminServiceReg.unregister(); authenticationManagerReg.unregister(); - // userAdminReg.unregister(); + + // userAdmin.destroy(); + userAdminReg.unregister(); } @Override @@ -96,6 +138,8 @@ class NodeSecurity implements AuthenticationManager { auth = anonymousAuth.authenticate(authentication); else if (authentication instanceof UsernamePasswordAuthenticationToken) auth = userAdminService.authenticate(authentication); + else if (authentication instanceof OsAuthenticationToken) + auth = osAuth.authenticate(authentication); if (auth == null) throw new CmsException("Could not authenticate " + authentication); return auth;