X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FOsJcrAuthenticationProvider.java;h=aa95e322d21ef8e8bfa6c05099e1f6d7b426a06b;hb=3ea877ebf1b76ffd20319f45b535da45b38e2439;hp=cb9146a8b662407593675de216655715d1c4504e;hpb=0450e423bd759c9e27b43044670e659271392d71;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java index cb9146a8b..aa95e322d 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2012 Mathieu Baudier + * Copyright (C) 2007-2012 Argeo GmbH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,26 +23,27 @@ import javax.jcr.Session; import org.argeo.ArgeoException; import org.argeo.jcr.JcrUtils; import org.argeo.security.OsAuthenticationToken; +import org.argeo.security.SecurityUtils; import org.argeo.security.core.OsAuthenticationProvider; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; +import org.springframework.security.GrantedAuthority; import org.springframework.security.providers.UsernamePasswordAuthenticationToken; import org.springframework.security.userdetails.UserDetails; /** Relies on OS to authenticate and additionally setup JCR */ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { private Repository repository; - // private String securityWorkspace = "security"; - // private Session securitySession; private Session nodeSession; private UserDetails userDetails; - private JcrSecurityModel jcrSecurityModel = new JcrSecurityModel(); + private JcrSecurityModel jcrSecurityModel = new SimpleJcrSecurityModel(); + + private final static String JVM_OSUSER = System.getProperty("user.name"); public void init() { try { - // securitySession = repository.login(); nodeSession = repository.login(); } catch (RepositoryException e) { throw new ArgeoException("Cannot initialize", e); @@ -50,7 +51,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { } public void destroy() { - // JcrUtils.logoutQuietly(securitySession); JcrUtils.logoutQuietly(nodeSession); } @@ -58,12 +58,12 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { throws AuthenticationException { if (authentication instanceof UsernamePasswordAuthenticationToken) { // deal with remote access to internal server - // FIXME very primitive and unsecure at this stage + // FIXME very primitive and unsecure at this sSession adminSession + // =tage // consider using the keyring for username / password authentication // or certificate UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication; - if (!upat.getPrincipal().toString() - .equals(System.getProperty("user.name"))) + if (!upat.getPrincipal().toString().equals(JVM_OSUSER)) throw new BadCredentialsException("Wrong credentials"); UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken( authentication.getPrincipal(), @@ -76,16 +76,14 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { try { // WARNING: at this stage we assume that the java properties // will have the same value - String username = System.getProperty("user.name"); - Node userProfile = jcrSecurityModel.sync(nodeSession, username); + GrantedAuthority[] authorities = getBaseAuthorities(); + String username = JVM_OSUSER; + Node userProfile = jcrSecurityModel.sync(nodeSession, username, + SecurityUtils.authoritiesToStringList(authorities)); JcrUserDetails.checkAccountStatus(userProfile); - // each user should have a writable area in the default - // workspace of the node - // SecurityJcrUtils.createUserHomeIfNeeded(nodeSession, - // username); userDetails = new JcrUserDetails(userProfile, authen - .getCredentials().toString(), getBaseAuthorities()); + .getCredentials().toString(), authorities); authen.setDetails(userDetails); return authen; } catch (RepositoryException e) { @@ -93,8 +91,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { throw new ArgeoException( "Unexpected exception when synchronizing OS and JCR security ", e); - } finally { - JcrUtils.logoutQuietly(nodeSession); } } else { throw new ArgeoException("Unsupported authentication " @@ -102,10 +98,6 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { } } - // public void setSecurityWorkspace(String securityWorkspace) { - // this.securityWorkspace = securityWorkspace; - // } - public void setRepository(Repository repository) { this.repository = repository; } @@ -120,5 +112,4 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { || UsernamePasswordAuthenticationToken.class .isAssignableFrom(authentication); } - -} +} \ No newline at end of file