X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FOsAuthenticationProvider.java;h=0e29ecd59a75e6fbfe0f422acce415508da73f4b;hb=3a3d316af102ba410d1d9e6de349d0c8f7ac044f;hp=fa70489fc4397b2f64e60358f9c185ea042cb62e;hpb=da55282938aaebf9fa148454dbc8add9c558501f;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java index fa70489fc..0e29ecd59 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java @@ -1,53 +1,56 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.core; -import java.security.AccessController; import java.util.ArrayList; import java.util.List; -import javax.security.auth.Subject; - import org.argeo.security.OsAuthenticationToken; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.AuthenticationProvider; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; -/** Validates an OS authentication. */ +/** + * Validates an OS authentication. The id is that it will always be + * authenticated since we are always runnign within an OS, but the fact that the + * {@link Authentication} works properly depends on the proper OS login module + * having been called as well. TODO make it more configurable (base roles, is + * admin) + */ public class OsAuthenticationProvider implements AuthenticationProvider { - private String osUserRole = "ROLE_OS_USER"; - private String userRole = "ROLE_USER"; - private String adminRole = "ROLE_ADMIN"; + final static String osUserRole = "ROLE_OS_USER"; + final static String userRole = "ROLE_USER"; + final static String adminRole = "ROLE_ADMIN"; - private Boolean isAdmin = true; + final static Boolean isAdmin = true; public Authentication authenticate(Authentication authentication) throws AuthenticationException { - final OsAuthenticationToken oat; - // if (authentication instanceof UsernamePasswordAuthenticationToken) { - // Subject subject = Subject.getSubject(AccessController.getContext()); - // if (subject == null) - // return null; - // oat = new OsAuthenticationToken(); - // } else - if (authentication instanceof OsAuthenticationToken) { - oat = (OsAuthenticationToken) authentication; - } else { - return null; - } - - // not OS authenticated -// if (oat.getUser() == null) -// return null; + return new OsAuthenticationToken(getBaseAuthorities()); + } + public static GrantedAuthority[] getBaseAuthorities() { List auths = new ArrayList(); auths.add(new GrantedAuthorityImpl(osUserRole)); auths.add(new GrantedAuthorityImpl(userRole)); if (isAdmin) auths.add(new GrantedAuthorityImpl(adminRole)); - return new OsAuthenticationToken( - auths.toArray(new GrantedAuthority[auths.size()])); + return auths.toArray(new GrantedAuthority[auths.size()]); } @SuppressWarnings("rawtypes") @@ -55,16 +58,4 @@ public class OsAuthenticationProvider implements AuthenticationProvider { return OsAuthenticationToken.class.isAssignableFrom(authentication); } - public void setOsUserRole(String osUserRole) { - this.osUserRole = osUserRole; - } - - public void setAdminRole(String adminRole) { - this.adminRole = adminRole; - } - - public void setIsAdmin(Boolean isAdmin) { - this.isAdmin = isAdmin; - } - }