X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FJcrAuthenticationProvider.java;h=c19e709a1547e91e7fd144c628e6507ce1c23698;hb=8b8ee149b20e2578a55e17413fa5f7399ff7ba14;hp=9791da8a017fa0988df49475107ac7ca98d00188;hpb=149023e5969377045847bbecf24b0898b18a67a9;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java index 9791da8a0..c19e709a1 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java @@ -1,17 +1,22 @@ package org.argeo.security.jcr; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javax.jcr.Credentials; import javax.jcr.Node; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.RepositoryFactory; import javax.jcr.Session; import javax.jcr.SimpleCredentials; +import javax.jcr.Value; import org.argeo.ArgeoException; import org.argeo.jcr.ArgeoJcrConstants; +import org.argeo.jcr.ArgeoNames; import org.argeo.jcr.JcrUtils; import org.argeo.security.SiteAuthenticationToken; import org.springframework.security.Authentication; @@ -21,7 +26,7 @@ import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.userdetails.UserDetails; -/** Connects to a JCR repository and delegate authentication to it. */ +/** Connects to a JCR repository and delegates authentication to it. */ public class JcrAuthenticationProvider implements AuthenticationProvider { public final static String ROLE_REMOTE_JCR_AUTHENTICATED = "ROLE_REMOTE_JCR_AUTHENTICATED"; @@ -37,31 +42,39 @@ public class JcrAuthenticationProvider implements AuthenticationProvider { return null; try { - Map parameters = new HashMap(); - parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); - - Repository repository = null; - repository = repositoryFactory.getRepository(parameters); + SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), + siteAuth.getCredentials().toString().toCharArray()); + // get repository + Repository repository = getRepository(url, sp); if (repository == null) return null; - SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), - siteAuth.getCredentials().toString().toCharArray()); String workspace = siteAuth.getWorkspace(); Session session; if (workspace == null || workspace.trim().equals("")) session = repository.login(sp); else session = repository.login(sp, workspace); + Node userHome = JcrUtils.getUserHome(session); - if (userHome == null) - throw new ArgeoException("No home found for user " - + session.getUserID()); - GrantedAuthority[] authorities = {}; + + // retrieve remote roles + Node userProfile = JcrUtils.getUserProfile(session); + List authorities = new ArrayList(); + if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) { + Value[] roles = userProfile.getProperty( + ArgeoNames.ARGEO_REMOTE_ROLES).getValues(); + for (int i = 0; i < roles.length; i++) + authorities.add(new GrantedAuthorityImpl(roles[i] + .getString())); + } JcrAuthenticationToken authen = new JcrAuthenticationToken( - siteAuth.getPrincipal(), siteAuth.getCredentials(), - authorities, url, userHome); + siteAuth.getPrincipal(), + siteAuth.getCredentials(), + authorities.toArray(new GrantedAuthority[authorities.size()]), + url, userHome); authen.setDetails(getUserDetails(userHome, authen)); + return authen; } catch (RepositoryException e) { throw new ArgeoException( @@ -69,6 +82,13 @@ public class JcrAuthenticationProvider implements AuthenticationProvider { } } + protected Repository getRepository(String url, Credentials credentials) + throws RepositoryException { + Map parameters = new HashMap(); + parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); + return repositoryFactory.getRepository(parameters); + } + /** * By default, assigns only the role {@value #ROLE_REMOTE_JCR_AUTHENTICATED} * . Should typically be overridden in order to assign more relevant roles.