From: Mathieu Baudier <mbaudier@argeo.org>
Date: Mon, 1 Dec 2014 20:26:12 +0000 (+0000)
Subject: Standalone user management based on Jackrabbit working
X-Git-Tag: argeo-commons-2.1.30~500
X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=98da77614390f19ee7af36a63250f055d6865b06;p=lgpl%2Fargeo-commons.git

Standalone user management based on Jackrabbit working

git-svn-id: https://svn.argeo.org/commons/trunk@7553 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/demo/argeo_node_cms.properties b/demo/argeo_node_cms.properties
index 92759d88d..d53298060 100644
--- a/demo/argeo_node_cms.properties
+++ b/demo/argeo_node_cms.properties
@@ -1,12 +1,9 @@
 argeo.osgi.start.1.node=\
 org.springframework.osgi.extender,\
-org.argeo.server.ads.server,\
 
 argeo.osgi.start.3.node=\
 org.argeo.node.repo.jackrabbit,\
-org.argeo.security.dao.ldap,\
-
-#org.argeo.security.dao.jackrabbit,\
+org.argeo.security.dao.jackrabbit,\
 
 argeo.osgi.start.4.node.rap=\
 org.eclipse.equinox.http.jetty,\
diff --git a/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml b/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
index 32baed473..7f276a271 100644
--- a/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
+++ b/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
@@ -16,6 +16,7 @@
 		<property name="providers">
 			<list>
 				<ref bean="authByAdapterProvider" />
+				<ref bean="anonymousAuthenticationProvider" />
 				<ref bean="userDetailsManager" />
 			</list>
 		</property>
@@ -27,7 +28,13 @@
 		<property name="key" value="${argeo.security.systemKey}" />
 	</bean>
 
-	<!-- Dummy user manager -->
+	<bean id="anonymousAuthenticationProvider"
+		class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
+		<description><![CDATA[Anonymous authentication]]></description>
+		<property name="key" value="${argeo.security.systemKey}" />
+	</bean>
+
+	<!-- User manager -->
 	<bean id="userDetailsManager"
 		class="org.argeo.security.jackrabbit.JackrabbitUserAdminService"
 		init-method="init" destroy-method="destroy" depends-on="systemInit">
diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
index 79faeda5c..935581d7a 100644
--- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java
@@ -3,6 +3,7 @@ package org.argeo.security.jackrabbit;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.jcr.Node;
@@ -41,6 +42,9 @@ import org.springframework.security.userdetails.UsernameNotFoundException;
  */
 public class JackrabbitUserAdminService implements UserAdminService,
 		AuthenticationProvider {
+	final static String userRole = "ROLE_USER";
+	final static String adminRole = "ROLE_ADMIN";
+
 	private Repository repository;
 	private JcrSecurityModel securityModel;
 
@@ -54,10 +58,9 @@ public class JackrabbitUserAdminService implements UserAdminService,
 				.getAuthentication();
 		authentication.getName();
 		adminSession = (JackrabbitSession) repository.login();
-		Authorizable adminGroup = getUserManager()
-				.getAuthorizable("ROLE_ADMIN");
+		Authorizable adminGroup = getUserManager().getAuthorizable(adminRole);
 		if (adminGroup == null) {
-			adminGroup = getUserManager().createGroup("ROLE_ADMIN");
+			adminGroup = getUserManager().createGroup(adminRole);
 			adminSession.save();
 		}
 		Authorizable superUser = getUserManager()
@@ -82,15 +85,61 @@ public class JackrabbitUserAdminService implements UserAdminService,
 	@Override
 	public void createUser(UserDetails user) {
 		try {
-			getUserManager().createUser(user.getUsername(), user.getPassword());
-			securityModel.sync(adminSession, user.getUsername(), null);
+			// FIXME workaround for issue in new user wizard where
+			// security model is hardcoded and it already exists
+			if (getUserManager().getAuthorizable(user.getUsername()) == null) {
+				getUserManager().createUser(user.getUsername(),
+						user.getPassword());
+				securityModel.sync(adminSession, user.getUsername(), null);
+			}
+			updateUser(user);
 		} catch (RepositoryException e) {
 			throw new ArgeoException("Cannot create user " + user, e);
 		}
 	}
 
 	@Override
-	public void updateUser(UserDetails user) {
+	public void updateUser(UserDetails userDetails) {
+		try {
+			User user = (User) getUserManager().getAuthorizable(
+					userDetails.getUsername());
+
+			// new password
+			char[] newPassword = userDetails.getPassword().toCharArray();
+			SimpleCredentials sp = new SimpleCredentials(
+					userDetails.getUsername(), newPassword);
+			CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user
+					.getCredentials();
+			if (!credentials.matches(sp))
+				user.changePassword(new String(newPassword));
+
+			List<String> roles = new ArrayList<String>();
+			for (GrantedAuthority ga : userDetails.getAuthorities()) {
+				if (ga.getAuthority().equals(userRole))
+					continue;
+				roles.add(ga.getAuthority());
+			}
+
+			for (Iterator<Group> it = user.memberOf(); it.hasNext();) {
+				Group group = it.next();
+				if (roles.contains(group.getPrincipal().getName()))
+					roles.remove(group.getPrincipal().getName());
+				else
+					group.removeMember(user);
+			}
+
+			// remaining (new ones)
+			for (String role : roles) {
+				Group group = (Group) getUserManager().getAuthorizable(role);
+				if (group == null)
+					throw new ArgeoException("Group " + role
+							+ " does not exist,"
+							+ " whereas it was granted to user " + userDetails);
+				group.addMember(user);
+			}
+		} catch (Exception e) {
+			throw new ArgeoException("Cannot update user details", e);
+		}
 
 	}
 
@@ -109,8 +158,9 @@ public class JackrabbitUserAdminService implements UserAdminService,
 				.getAuthentication();
 		try {
 			SimpleCredentials sp = new SimpleCredentials(
-					authentication.getName(), authentication.getCredentials()
-							.toString().toCharArray());
+					authentication.getName(),
+					((UserDetails) authentication.getDetails()).getPassword()
+							.toCharArray());
 			User user = (User) getUserManager().getAuthorizable(
 					authentication.getName());
 			CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user
@@ -144,7 +194,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
 		LinkedHashSet<String> res = new LinkedHashSet<String>();
 		try {
 			Iterator<Authorizable> users = getUserManager().findAuthorizables(
-					null, null, UserManager.SEARCH_TYPE_USER);
+					"rep:principalName", null, UserManager.SEARCH_TYPE_USER);
 			while (users.hasNext()) {
 				res.add(users.next().getPrincipal().getName());
 			}
@@ -188,7 +238,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
 		LinkedHashSet<String> res = new LinkedHashSet<String>();
 		try {
 			Iterator<Authorizable> groups = getUserManager().findAuthorizables(
-					null, null, UserManager.SEARCH_TYPE_GROUP);
+					"rep:principalName", null, UserManager.SEARCH_TYPE_GROUP);
 			while (groups.hasNext()) {
 				res.add(groups.next().getPrincipal().getName());
 			}
@@ -212,6 +262,9 @@ public class JackrabbitUserAdminService implements UserAdminService,
 			throws UsernameNotFoundException, DataAccessException {
 		try {
 			User user = (User) getUserManager().getAuthorizable(username);
+			if (user == null)
+				throw new UsernameNotFoundException("User " + username
+						+ " cannot be found");
 			return loadJcrUserDetails(adminSession, username,
 					user.getCredentials());
 		} catch (RepositoryException e) {