X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FJcrAuthenticationProvider.java;h=c19e709a1547e91e7fd144c628e6507ce1c23698;hb=8b8ee149b20e2578a55e17413fa5f7399ff7ba14;hp=ce7d9181232e8e0318cb3a9e157bf48a6745e085;hpb=ee0981fe4c265fd9cd01e1cc47599fd018bf363a;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java index ce7d91812..c19e709a1 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java @@ -1,17 +1,22 @@ package org.argeo.security.jcr; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javax.jcr.Credentials; import javax.jcr.Node; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.RepositoryFactory; import javax.jcr.Session; import javax.jcr.SimpleCredentials; +import javax.jcr.Value; import org.argeo.ArgeoException; import org.argeo.jcr.ArgeoJcrConstants; +import org.argeo.jcr.ArgeoNames; import org.argeo.jcr.JcrUtils; import org.argeo.security.SiteAuthenticationToken; import org.springframework.security.Authentication; @@ -21,7 +26,7 @@ import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.AuthenticationProvider; import org.springframework.security.userdetails.UserDetails; -/** Connects to a JCR repository and delegate authentication to it. */ +/** Connects to a JCR repository and delegates authentication to it. */ public class JcrAuthenticationProvider implements AuthenticationProvider { public final static String ROLE_REMOTE_JCR_AUTHENTICATED = "ROLE_REMOTE_JCR_AUTHENTICATED"; @@ -37,31 +42,39 @@ public class JcrAuthenticationProvider implements AuthenticationProvider { return null; try { - Map parameters = new HashMap(); - parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); - - Repository repository = null; - repository = repositoryFactory.getRepository(parameters); + SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), + siteAuth.getCredentials().toString().toCharArray()); + // get repository + Repository repository = getRepository(url, sp); if (repository == null) return null; - SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), - siteAuth.getCredentials().toString().toCharArray()); String workspace = siteAuth.getWorkspace(); Session session; if (workspace == null || workspace.trim().equals("")) session = repository.login(sp); else session = repository.login(sp, workspace); + Node userHome = JcrUtils.getUserHome(session); - if (userHome == null) - throw new ArgeoException("No home found for user " - + session.getUserID()); - GrantedAuthority[] authorities = {}; + + // retrieve remote roles + Node userProfile = JcrUtils.getUserProfile(session); + List authorities = new ArrayList(); + if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) { + Value[] roles = userProfile.getProperty( + ArgeoNames.ARGEO_REMOTE_ROLES).getValues(); + for (int i = 0; i < roles.length; i++) + authorities.add(new GrantedAuthorityImpl(roles[i] + .getString())); + } JcrAuthenticationToken authen = new JcrAuthenticationToken( - siteAuth.getPrincipal(), siteAuth.getCredentials(), - authorities, url, userHome); + siteAuth.getPrincipal(), + siteAuth.getCredentials(), + authorities.toArray(new GrantedAuthority[authorities.size()]), + url, userHome); authen.setDetails(getUserDetails(userHome, authen)); + return authen; } catch (RepositoryException e) { throw new ArgeoException( @@ -69,6 +82,13 @@ public class JcrAuthenticationProvider implements AuthenticationProvider { } } + protected Repository getRepository(String url, Credentials credentials) + throws RepositoryException { + Map parameters = new HashMap(); + parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); + return repositoryFactory.getRepository(parameters); + } + /** * By default, assigns only the role {@value #ROLE_REMOTE_JCR_AUTHENTICATED} * . Should typically be overridden in order to assign more relevant roles. @@ -79,21 +99,20 @@ public class JcrAuthenticationProvider implements AuthenticationProvider { } /** Builds user details based on the authentication and the user home. */ - protected UserDetails getUserDetails(Node userHome, - JcrAuthenticationToken authen) { + protected UserDetails getUserDetails(Node userHome, Authentication authen) { try { // TODO: loads enabled, locked, etc. from the home node. return new JcrUserDetails(userHome.getPath(), authen.getPrincipal() .toString(), authen.getCredentials().toString(), - isEnabled(userHome), - true, true, true, authen.getAuthorities()); + isEnabled(userHome), true, true, true, + authen.getAuthorities()); } catch (Exception e) { throw new ArgeoException("Cannot get user details for " + userHome, e); } } - - protected Boolean isEnabled(Node userHome){ + + protected Boolean isEnabled(Node userHome) { return true; }