X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FRemoteJcrAuthenticationProvider.java;h=87208b2a32bf5d7a1bf8545fef22aa5fa2daa486;hb=3a3d316af102ba410d1d9e6de349d0c8f7ac044f;hp=7087536a338490d4298c0b7ccd07e8c6df6a4281;hpb=1d5afdce3e91054f07ddd3c98309c363b4cf1d46;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java index 7087536a3..87208b2a3 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2012 Mathieu Baudier + * Copyright (C) 2007-2012 Argeo GmbH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,11 +16,10 @@ package org.argeo.security.jcr; import java.util.ArrayList; -import java.util.HashMap; +import java.util.Dictionary; +import java.util.Hashtable; import java.util.List; -import java.util.Map; -import javax.jcr.Credentials; import javax.jcr.Node; import javax.jcr.Repository; import javax.jcr.RepositoryException; @@ -32,8 +31,9 @@ import javax.jcr.Value; import org.argeo.ArgeoException; import org.argeo.jcr.ArgeoJcrConstants; import org.argeo.jcr.ArgeoNames; -import org.argeo.jcr.JcrUtils; +import org.argeo.jcr.UserJcrUtils; import org.argeo.security.NodeAuthenticationToken; +import org.osgi.framework.BundleContext; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; import org.springframework.security.BadCredentialsException; @@ -45,49 +45,70 @@ import org.springframework.security.providers.AuthenticationProvider; public class RemoteJcrAuthenticationProvider implements AuthenticationProvider, ArgeoNames { private RepositoryFactory repositoryFactory; + private BundleContext bundleContext; + + public final static String ROLE_REMOTE = "ROLE_REMOTE"; public Authentication authenticate(Authentication authentication) throws AuthenticationException { NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication; String url = siteAuth.getUrl(); - if (url == null) - return null; + if (url == null)// TODO? login on own node + throw new ArgeoException("No url set in " + siteAuth); Session session; - Node userProfile; + Node userProfile; try { SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), siteAuth.getCredentials().toString().toCharArray()); // get repository - Repository repository = getRepository(url, sp); - if (repository == null) - return null; - - String workspace = siteAuth.getSecurityWorkspace(); - session = repository.login(sp, workspace); - Node userHome = JcrUtils.getUserHome(session); - if (userHome == null || !userHome.hasNode(ArgeoNames.ARGEO_PROFILE)) - throw new ArgeoException("No profile for user " - + siteAuth.getName() + " in security workspace " - + siteAuth.getSecurityWorkspace() + " of " - + siteAuth.getUrl()); - userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE); + Repository repository = new RemoteJcrRepositoryWrapper( + repositoryFactory, url, sp); + if (bundleContext != null) { + Dictionary serviceProperties = new Hashtable(); + serviceProperties.put(ArgeoJcrConstants.JCR_REPOSITORY_ALIAS, + ArgeoJcrConstants.ALIAS_NODE); + serviceProperties + .put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); + bundleContext.registerService(Repository.class.getName(), + repository, serviceProperties); + } + // Repository repository = ArgeoJcrUtils.getRepositoryByUri( + // repositoryFactory, url); + // if (repository == null) + // throw new ArgeoException("Cannot connect to " + url); + + session = repository.login(sp, null); + + userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID()); + JcrUserDetails.checkAccountStatus(userProfile); + + // Node userHome = UserJcrUtils.getUserHome(session); + // if (userHome == null || + // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE)) + // throw new ArgeoException("No profile for user " + // + siteAuth.getName() + " in security workspace " + // + siteAuth.getSecurityWorkspace() + " of " + // + siteAuth.getUrl()); + // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE); } catch (RepositoryException e) { throw new BadCredentialsException( "Cannot authenticate " + siteAuth, e); } try { - JcrUserDetails.checkAccountStatus(userProfile); + // Node userHome = UserJcrUtils.getUserHome(session); // retrieve remote roles List authoritiesList = new ArrayList(); - if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) { + if (userProfile != null + && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) { Value[] roles = userProfile.getProperty( ArgeoNames.ARGEO_REMOTE_ROLES).getValues(); for (int i = 0; i < roles.length; i++) authoritiesList.add(new GrantedAuthorityImpl(roles[i] .getString())); } + authoritiesList.add(new GrantedAuthorityImpl(ROLE_REMOTE)); // create authenticated objects GrantedAuthority[] authorities = authoritiesList @@ -104,13 +125,6 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider, } } - protected Repository getRepository(String url, Credentials credentials) - throws RepositoryException { - Map parameters = new HashMap(); - parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url); - return repositoryFactory.getRepository(parameters); - } - @SuppressWarnings("rawtypes") public boolean supports(Class authentication) { return NodeAuthenticationToken.class.isAssignableFrom(authentication); @@ -120,4 +134,8 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider, this.repositoryFactory = repositoryFactory; } + public void setBundleContext(BundleContext bundleContext) { + this.bundleContext = bundleContext; + } + }