From: Mathieu Baudier Date: Sun, 25 Jan 2015 21:39:59 +0000 (+0000) Subject: Adapt to CMS kernel X-Git-Tag: argeo-commons-2.1.30~437 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=a43673012d2827b0780c03f8a4fe862a6f7dfbf8;p=lgpl%2Fargeo-commons.git Adapt to CMS kernel git-svn-id: https://svn.argeo.org/commons/trunk@7698 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/demo/argeo_node_cms.properties b/demo/argeo_node_cms.properties index aba171da5..45826958b 100644 --- a/demo/argeo_node_cms.properties +++ b/demo/argeo_node_cms.properties @@ -1,17 +1,26 @@ -argeo.osgi.start.1.node=\ -org.eclipse.gemini.blueprint.extender +#argeo.osgi.start.1.node=\ +#org.eclipse.gemini.blueprint.extender + +#argeo.osgi.start.3.node=\ +#org.argeo.security.dao.jackrabbit,\ -argeo.osgi.start.3.node=\ -org.argeo.node.repo.jackrabbit,\ -org.argeo.security.dao.jackrabbit,\ +#org.argeo.node.repo.jackrabbit,\ -argeo.osgi.start.4.node.rap=\ +argeo.osgi.start.2.node.rap=\ +org.eclipse.equinox.http.servlet,\ org.eclipse.equinox.http.jetty,\ org.eclipse.rap.rwt.osgi -argeo.osgi.start.5.cms=\ +argeo.osgi.start.3.cms=\ org.argeo.cms,\ +argeo.osgi.start.4.node=\ +org.eclipse.gemini.blueprint.extender + +argeo.osgi.start.5.cms=\ +org.argeo.cms.core,\ + + # Jetty org.osgi.service.http.port=7070 org.eclipse.equinox.http.jetty.log.stderr.threshold=info diff --git a/demo/argeo_node_rap.properties b/demo/argeo_node_rap.properties index 8596df804..88d9c9785 100644 --- a/demo/argeo_node_rap.properties +++ b/demo/argeo_node_rap.properties @@ -1,11 +1,11 @@ -argeo.osgi.start.1.node=\ +argeo.osgi.start.5.node=\ org.eclipse.gemini.blueprint.extender #org.argeo.server.ads.server,\ -argeo.osgi.start.3.node=\ -org.argeo.node.repo.jackrabbit,\ -org.argeo.security.dao.jackrabbit +#argeo.osgi.start.3.node=\ +#org.argeo.node.repo.jackrabbit,\ +#org.argeo.security.dao.jackrabbit #org.argeo.security.dao.ldap,\ @@ -14,6 +14,7 @@ org.eclipse.equinox.http.jetty,\ org.eclipse.rap.rwt.osgi,\ argeo.osgi.start.5.node.rap=\ +org.argeo.cms,\ org.eclipse.equinox.http.registry,\ #argeo.osgi.start.5.workbench=\ diff --git a/org.argeo.security.core/bnd.bnd b/org.argeo.security.core/bnd.bnd index 9124816cb..ef3d1aa2e 100644 --- a/org.argeo.security.core/bnd.bnd +++ b/org.argeo.security.core/bnd.bnd @@ -2,4 +2,5 @@ Bundle-ActivationPolicy: lazy Import-Package:org.bouncycastle.*;resolution:=optional,\ org.springframework.util,\ javax.jcr.security,\ +org.apache.jackrabbit.*;resolution:=optional,\ * diff --git a/org.argeo.security.core/pom.xml b/org.argeo.security.core/pom.xml index a7e3252eb..2305b7d7e 100644 --- a/org.argeo.security.core/pom.xml +++ b/org.argeo.security.core/pom.xml @@ -20,6 +20,11 @@ org.argeo.server.jcr 2.1.13-SNAPSHOT + + org.argeo.commons + org.argeo.server.jackrabbit + 2.1.13-SNAPSHOT + diff --git a/org.argeo.security.core/src/org/argeo/security/core/InternalAuthenticationProvider.java b/org.argeo.security.core/src/org/argeo/security/core/InternalAuthenticationProvider.java index 0efabcde0..4b7e047ba 100644 --- a/org.argeo.security.core/src/org/argeo/security/core/InternalAuthenticationProvider.java +++ b/org.argeo.security.core/src/org/argeo/security/core/InternalAuthenticationProvider.java @@ -7,6 +7,13 @@ import org.springframework.security.core.AuthenticationException; public class InternalAuthenticationProvider implements AuthenticationProvider { private String key; + public InternalAuthenticationProvider() { + } + + public InternalAuthenticationProvider(String key) { + this.key = key; + } + @Override public Authentication authenticate(Authentication arg0) throws AuthenticationException { diff --git a/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java new file mode 100644 index 000000000..b648f32c3 --- /dev/null +++ b/org.argeo.security.core/src/org/argeo/security/jcr/jackrabbit/JackrabbitUserAdminService.java @@ -0,0 +1,355 @@ +package org.argeo.security.jcr.jackrabbit; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Set; + +import javax.jcr.Node; +import javax.jcr.Repository; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.SimpleCredentials; + +import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials; +import org.argeo.ArgeoException; +import org.argeo.jcr.JcrUtils; +import org.argeo.jcr.UserJcrUtils; +import org.argeo.security.UserAdminService; +import org.argeo.security.jcr.JcrSecurityModel; +import org.argeo.security.jcr.JcrUserDetails; +import org.springframework.dao.DataAccessException; +import org.springframework.security.authentication.AuthenticationProvider; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UsernameNotFoundException; + +/** + * An implementation of {@link UserAdminService} which closely wraps Jackrabbits + * implementation. Roles are implemented with Groups. + */ +public class JackrabbitUserAdminService implements UserAdminService, + AuthenticationProvider { + final static String userRole = "ROLE_USER"; + final static String adminRole = "ROLE_ADMIN"; + + private Repository repository; + private JcrSecurityModel securityModel; + + private JackrabbitSession adminSession = null; + + private String superUsername = "root"; + private String superUserInitialPassword = "demo"; + + public void init() throws RepositoryException { + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + authentication.getName(); + adminSession = (JackrabbitSession) repository.login(); + Authorizable adminGroup = getUserManager().getAuthorizable(adminRole); + if (adminGroup == null) { + adminGroup = getUserManager().createGroup(adminRole); + adminSession.save(); + } + Authorizable superUser = getUserManager() + .getAuthorizable(superUsername); + if (superUser == null) { + superUser = getUserManager().createUser(superUsername, + superUserInitialPassword); + ((Group) adminGroup).addMember(superUser); + securityModel.sync(adminSession, superUsername, null); + adminSession.save(); + } + } + + public void destroy() throws RepositoryException { + JcrUtils.logoutQuietly(adminSession); + } + + private UserManager getUserManager() throws RepositoryException { + return adminSession.getUserManager(); + } + + @Override + public void createUser(UserDetails user) { + try { + // FIXME workaround for issue in new user wizard where + // security model is hardcoded and it already exists + if (getUserManager().getAuthorizable(user.getUsername()) == null) { + getUserManager().createUser(user.getUsername(), + user.getPassword()); + securityModel.sync(adminSession, user.getUsername(), null); + } + updateUser(user); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot create user " + user, e); + } + } + + @Override + public void updateUser(UserDetails userDetails) { + try { + User user = (User) getUserManager().getAuthorizable( + userDetails.getUsername()); + if (user == null) + throw new ArgeoException("No user " + userDetails.getUsername()); + + // new password + String newPassword = userDetails.getPassword(); + if (!newPassword.trim().equals("")) { + SimpleCredentials sp = new SimpleCredentials( + userDetails.getUsername(), newPassword.toCharArray()); + CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user + .getCredentials(); + if (!credentials.matches(sp)) + user.changePassword(new String(newPassword)); + } + + List roles = new ArrayList(); + for (GrantedAuthority ga : userDetails.getAuthorities()) { + if (ga.getAuthority().equals(userRole)) + continue; + roles.add(ga.getAuthority()); + } + + for (Iterator it = user.memberOf(); it.hasNext();) { + Group group = it.next(); + if (roles.contains(group.getPrincipal().getName())) + roles.remove(group.getPrincipal().getName()); + else + group.removeMember(user); + } + + // remaining (new ones) + for (String role : roles) { + Group group = (Group) getUserManager().getAuthorizable(role); + if (group == null) + throw new ArgeoException("Group " + role + + " does not exist," + + " whereas it was granted to user " + userDetails); + group.addMember(user); + } + } catch (Exception e) { + throw new ArgeoException("Cannot update user details", e); + } + + } + + @Override + public void deleteUser(String username) { + try { + getUserManager().getAuthorizable(username).remove(); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot remove user " + username, e); + } + } + + @Override + public void changePassword(String oldPassword, String newPassword) { + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + String username = authentication.getName(); + try { + SimpleCredentials sp = new SimpleCredentials(username, + oldPassword.toCharArray()); + User user = (User) getUserManager().getAuthorizable(username); + CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user + .getCredentials(); + if (credentials.matches(sp)) + user.changePassword(newPassword); + else + throw new BadCredentialsException("Bad credentials provided"); + } catch (Exception e) { + throw new ArgeoException("Cannot change password for user " + + username, e); + } + } + + @Override + public boolean userExists(String username) { + try { + Authorizable authorizable = getUserManager().getAuthorizable( + username); + if (authorizable != null && authorizable instanceof User) + return true; + return false; + } catch (RepositoryException e) { + throw new ArgeoException("Cannot check whether user " + username + + " exists ", e); + } + } + + @Override + public Set listUsers() { + LinkedHashSet res = new LinkedHashSet(); + try { + Iterator users = getUserManager().findAuthorizables( + "rep:principalName", null, UserManager.SEARCH_TYPE_USER); + while (users.hasNext()) { + res.add(users.next().getPrincipal().getName()); + } + return res; + } catch (RepositoryException e) { + throw new ArgeoException("Cannot list users", e); + } + } + + @Override + public Set listUsersInRole(String role) { + LinkedHashSet res = new LinkedHashSet(); + try { + Group group = (Group) getUserManager().getAuthorizable(role); + Iterator users = group.getMembers(); + // NB: not recursive + while (users.hasNext()) { + res.add(users.next().getPrincipal().getName()); + } + return res; + } catch (RepositoryException e) { + throw new ArgeoException("Cannot list users in role " + role, e); + } + } + + @Override + public void synchronize() { + } + + @Override + public void newRole(String role) { + try { + getUserManager().createGroup(role); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot create role " + role, e); + } + } + + @Override + public Set listEditableRoles() { + LinkedHashSet res = new LinkedHashSet(); + try { + Iterator groups = getUserManager().findAuthorizables( + "rep:principalName", null, UserManager.SEARCH_TYPE_GROUP); + while (groups.hasNext()) { + res.add(groups.next().getPrincipal().getName()); + } + return res; + } catch (RepositoryException e) { + throw new ArgeoException("Cannot list groups", e); + } + } + + @Override + public void deleteRole(String role) { + try { + getUserManager().getAuthorizable(role).remove(); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot remove role " + role, e); + } + } + + @Override + public UserDetails loadUserByUsername(String username) + throws UsernameNotFoundException, DataAccessException { + try { + User user = (User) getUserManager().getAuthorizable(username); + if (user == null) + throw new UsernameNotFoundException("User " + username + + " cannot be found"); + return loadJcrUserDetails(adminSession, username); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot load user " + username, e); + } + } + + protected JcrUserDetails loadJcrUserDetails(Session session, String username) + throws RepositoryException { + if (username == null) + username = session.getUserID(); + User user = (User) getUserManager().getAuthorizable(username); + ArrayList authorities = new ArrayList(); + // FIXME make it more generic + authorities.add(new SimpleGrantedAuthority("ROLE_USER")); + Iterator groups = user.declaredMemberOf(); + while (groups.hasNext()) { + Group group = groups.next(); + // String role = "ROLE_" + // + group.getPrincipal().getName().toUpperCase(); + String role = group.getPrincipal().getName(); + authorities.add(new SimpleGrantedAuthority(role)); + } + + Node userProfile = UserJcrUtils.getUserProfile(session, username); + JcrUserDetails userDetails = new JcrUserDetails(userProfile, "", + authorities); + return userDetails; + } + + // AUTHENTICATION PROVIDER + public synchronized Authentication authenticate( + Authentication authentication) throws AuthenticationException { + UsernamePasswordAuthenticationToken siteAuth = (UsernamePasswordAuthenticationToken) authentication; + String username = siteAuth.getName(); + try { + SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), + siteAuth.getCredentials().toString().toCharArray()); + User user = (User) getUserManager().getAuthorizable(username); + if (user == null) + throw new BadCredentialsException("Bad credentials"); + CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user + .getCredentials(); + // String providedPassword = siteAuth.getCredentials().toString(); + if (!credentials.matches(sp)) + throw new BadCredentialsException("Bad credentials"); + + // session = repository.login(sp, null); + + Node userProfile = UserJcrUtils.getUserProfile(adminSession, + username); + JcrUserDetails.checkAccountStatus(userProfile); + } catch (BadCredentialsException e) { + throw e; + } catch (Exception e) { + throw new BadCredentialsException( + "Cannot authenticate " + siteAuth, e); + } + + try { + JcrUserDetails userDetails = loadJcrUserDetails(adminSession, + username); + UsernamePasswordAuthenticationToken authenticated = new UsernamePasswordAuthenticationToken( + siteAuth, "", userDetails.getAuthorities()); + authenticated.setDetails(userDetails); + return authenticated; + } catch (RepositoryException e) { + throw new ArgeoException( + "Unexpected exception when authenticating " + siteAuth, e); + } + } + + @SuppressWarnings("rawtypes") + public boolean supports(Class authentication) { + return UsernamePasswordAuthenticationToken.class + .isAssignableFrom(authentication); + } + + public void setRepository(Repository repository) { + this.repository = repository; + } + + public void setSecurityModel(JcrSecurityModel securityModel) { + this.securityModel = securityModel; + } + +} diff --git a/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml b/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml index 1923d1023..6a7bdeca5 100644 --- a/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml +++ b/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml @@ -36,7 +36,7 @@ diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java deleted file mode 100644 index 7835f1c8f..000000000 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitUserAdminService.java +++ /dev/null @@ -1,355 +0,0 @@ -package org.argeo.security.jackrabbit; - -import java.util.ArrayList; -import java.util.Iterator; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Set; - -import javax.jcr.Node; -import javax.jcr.Repository; -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.SimpleCredentials; - -import org.apache.jackrabbit.api.JackrabbitSession; -import org.apache.jackrabbit.api.security.user.Authorizable; -import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.api.security.user.User; -import org.apache.jackrabbit.api.security.user.UserManager; -import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials; -import org.argeo.ArgeoException; -import org.argeo.jcr.JcrUtils; -import org.argeo.jcr.UserJcrUtils; -import org.argeo.security.UserAdminService; -import org.argeo.security.jcr.JcrSecurityModel; -import org.argeo.security.jcr.JcrUserDetails; -import org.springframework.dao.DataAccessException; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UsernameNotFoundException; - -/** - * An implementation of {@link UserAdminService} which closely wraps Jackrabbits - * implementation. Roles are implemented with Groups. - */ -public class JackrabbitUserAdminService implements UserAdminService, - AuthenticationProvider { - final static String userRole = "ROLE_USER"; - final static String adminRole = "ROLE_ADMIN"; - - private Repository repository; - private JcrSecurityModel securityModel; - - private JackrabbitSession adminSession = null; - - private String superUsername = "root"; - private String superUserInitialPassword = "demo"; - - public void init() throws RepositoryException { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - authentication.getName(); - adminSession = (JackrabbitSession) repository.login(); - Authorizable adminGroup = getUserManager().getAuthorizable(adminRole); - if (adminGroup == null) { - adminGroup = getUserManager().createGroup(adminRole); - adminSession.save(); - } - Authorizable superUser = getUserManager() - .getAuthorizable(superUsername); - if (superUser == null) { - superUser = getUserManager().createUser(superUsername, - superUserInitialPassword); - ((Group) adminGroup).addMember(superUser); - securityModel.sync(adminSession, superUsername, null); - adminSession.save(); - } - } - - public void destroy() throws RepositoryException { - JcrUtils.logoutQuietly(adminSession); - } - - private UserManager getUserManager() throws RepositoryException { - return adminSession.getUserManager(); - } - - @Override - public void createUser(UserDetails user) { - try { - // FIXME workaround for issue in new user wizard where - // security model is hardcoded and it already exists - if (getUserManager().getAuthorizable(user.getUsername()) == null) { - getUserManager().createUser(user.getUsername(), - user.getPassword()); - securityModel.sync(adminSession, user.getUsername(), null); - } - updateUser(user); - } catch (RepositoryException e) { - throw new ArgeoException("Cannot create user " + user, e); - } - } - - @Override - public void updateUser(UserDetails userDetails) { - try { - User user = (User) getUserManager().getAuthorizable( - userDetails.getUsername()); - if (user == null) - throw new ArgeoException("No user " + userDetails.getUsername()); - - // new password - String newPassword = userDetails.getPassword(); - if (!newPassword.trim().equals("")) { - SimpleCredentials sp = new SimpleCredentials( - userDetails.getUsername(), newPassword.toCharArray()); - CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user - .getCredentials(); - if (!credentials.matches(sp)) - user.changePassword(new String(newPassword)); - } - - List roles = new ArrayList(); - for (GrantedAuthority ga : userDetails.getAuthorities()) { - if (ga.getAuthority().equals(userRole)) - continue; - roles.add(ga.getAuthority()); - } - - for (Iterator it = user.memberOf(); it.hasNext();) { - Group group = it.next(); - if (roles.contains(group.getPrincipal().getName())) - roles.remove(group.getPrincipal().getName()); - else - group.removeMember(user); - } - - // remaining (new ones) - for (String role : roles) { - Group group = (Group) getUserManager().getAuthorizable(role); - if (group == null) - throw new ArgeoException("Group " + role - + " does not exist," - + " whereas it was granted to user " + userDetails); - group.addMember(user); - } - } catch (Exception e) { - throw new ArgeoException("Cannot update user details", e); - } - - } - - @Override - public void deleteUser(String username) { - try { - getUserManager().getAuthorizable(username).remove(); - } catch (RepositoryException e) { - throw new ArgeoException("Cannot remove user " + username, e); - } - } - - @Override - public void changePassword(String oldPassword, String newPassword) { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - String username = authentication.getName(); - try { - SimpleCredentials sp = new SimpleCredentials(username, - oldPassword.toCharArray()); - User user = (User) getUserManager().getAuthorizable(username); - CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user - .getCredentials(); - if (credentials.matches(sp)) - user.changePassword(newPassword); - else - throw new BadCredentialsException("Bad credentials provided"); - } catch (Exception e) { - throw new ArgeoException("Cannot change password for user " - + username, e); - } - } - - @Override - public boolean userExists(String username) { - try { - Authorizable authorizable = getUserManager().getAuthorizable( - username); - if (authorizable != null && authorizable instanceof User) - return true; - return false; - } catch (RepositoryException e) { - throw new ArgeoException("Cannot check whether user " + username - + " exists ", e); - } - } - - @Override - public Set listUsers() { - LinkedHashSet res = new LinkedHashSet(); - try { - Iterator users = getUserManager().findAuthorizables( - "rep:principalName", null, UserManager.SEARCH_TYPE_USER); - while (users.hasNext()) { - res.add(users.next().getPrincipal().getName()); - } - return res; - } catch (RepositoryException e) { - throw new ArgeoException("Cannot list users", e); - } - } - - @Override - public Set listUsersInRole(String role) { - LinkedHashSet res = new LinkedHashSet(); - try { - Group group = (Group) getUserManager().getAuthorizable(role); - Iterator users = group.getMembers(); - // NB: not recursive - while (users.hasNext()) { - res.add(users.next().getPrincipal().getName()); - } - return res; - } catch (RepositoryException e) { - throw new ArgeoException("Cannot list users in role " + role, e); - } - } - - @Override - public void synchronize() { - } - - @Override - public void newRole(String role) { - try { - getUserManager().createGroup(role); - } catch (RepositoryException e) { - throw new ArgeoException("Cannot create role " + role, e); - } - } - - @Override - public Set listEditableRoles() { - LinkedHashSet res = new LinkedHashSet(); - try { - Iterator groups = getUserManager().findAuthorizables( - "rep:principalName", null, UserManager.SEARCH_TYPE_GROUP); - while (groups.hasNext()) { - res.add(groups.next().getPrincipal().getName()); - } - return res; - } catch (RepositoryException e) { - throw new ArgeoException("Cannot list groups", e); - } - } - - @Override - public void deleteRole(String role) { - try { - getUserManager().getAuthorizable(role).remove(); - } catch (RepositoryException e) { - throw new ArgeoException("Cannot remove role " + role, e); - } - } - - @Override - public UserDetails loadUserByUsername(String username) - throws UsernameNotFoundException, DataAccessException { - try { - User user = (User) getUserManager().getAuthorizable(username); - if (user == null) - throw new UsernameNotFoundException("User " + username - + " cannot be found"); - return loadJcrUserDetails(adminSession, username); - } catch (RepositoryException e) { - throw new ArgeoException("Cannot load user " + username, e); - } - } - - protected JcrUserDetails loadJcrUserDetails(Session session, String username) - throws RepositoryException { - if (username == null) - username = session.getUserID(); - User user = (User) getUserManager().getAuthorizable(username); - ArrayList authorities = new ArrayList(); - // FIXME make it more generic - authorities.add(new SimpleGrantedAuthority("ROLE_USER")); - Iterator groups = user.declaredMemberOf(); - while (groups.hasNext()) { - Group group = groups.next(); - // String role = "ROLE_" - // + group.getPrincipal().getName().toUpperCase(); - String role = group.getPrincipal().getName(); - authorities.add(new SimpleGrantedAuthority(role)); - } - - Node userProfile = UserJcrUtils.getUserProfile(session, username); - JcrUserDetails userDetails = new JcrUserDetails(userProfile, "", - authorities); - return userDetails; - } - - // AUTHENTICATION PROVIDER - public synchronized Authentication authenticate( - Authentication authentication) throws AuthenticationException { - UsernamePasswordAuthenticationToken siteAuth = (UsernamePasswordAuthenticationToken) authentication; - String username = siteAuth.getName(); - try { - SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(), - siteAuth.getCredentials().toString().toCharArray()); - User user = (User) getUserManager().getAuthorizable(username); - if (user == null) - throw new BadCredentialsException("Bad credentials"); - CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user - .getCredentials(); - // String providedPassword = siteAuth.getCredentials().toString(); - if (!credentials.matches(sp)) - throw new BadCredentialsException("Bad credentials"); - - // session = repository.login(sp, null); - - Node userProfile = UserJcrUtils.getUserProfile(adminSession, - username); - JcrUserDetails.checkAccountStatus(userProfile); - } catch (BadCredentialsException e) { - throw e; - } catch (Exception e) { - throw new BadCredentialsException( - "Cannot authenticate " + siteAuth, e); - } - - try { - JcrUserDetails userDetails = loadJcrUserDetails(adminSession, - username); - UsernamePasswordAuthenticationToken authenticated = new UsernamePasswordAuthenticationToken( - siteAuth, "", userDetails.getAuthorities()); - authenticated.setDetails(userDetails); - return authenticated; - } catch (RepositoryException e) { - throw new ArgeoException( - "Unexpected exception when authenticating " + siteAuth, e); - } - } - - @SuppressWarnings("rawtypes") - public boolean supports(Class authentication) { - return UsernamePasswordAuthenticationToken.class - .isAssignableFrom(authentication); - } - - public void setRepository(Repository repository) { - this.repository = repository; - } - - public void setSecurityModel(JcrSecurityModel securityModel) { - this.securityModel = securityModel; - } - -} diff --git a/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitContainer.java b/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitContainer.java index 9060b585a..82d58fb31 100644 --- a/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitContainer.java +++ b/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitContainer.java @@ -56,7 +56,9 @@ public class JackrabbitContainer extends JackrabbitWrapper implements // local private Resource configuration; + private Resource variables; + private RepositoryConfig repositoryConfig; private File homeDirectory; private Boolean inMemory = false; @@ -64,6 +66,10 @@ public class JackrabbitContainer extends JackrabbitWrapper implements /** Migrations to execute (if not already done) */ private Set dataModelMigrations = new HashSet(); + /** Straight (non spring) values */ + private Properties configurationProperties; + private InputSource configurationXml; + /** * Empty constructor, {@link #init()} should be called after properties have * been set @@ -107,11 +113,16 @@ public class JackrabbitContainer extends JackrabbitWrapper implements // process configuration file Properties vars = getConfigurationProperties(); - configurationIn = readConfiguration(); vars.put(RepositoryConfigurationParser.REPOSITORY_HOME_VARIABLE, getHomeDirectory().getCanonicalPath()); - repositoryConfig = RepositoryConfig.create(new InputSource( - configurationIn), vars); + InputSource is; + if (configurationXml != null) + is = configurationXml; + else { + configurationIn = readConfiguration(); + is = new InputSource(configurationIn); + } + repositoryConfig = RepositoryConfig.create(is, vars); // // Actual repository creation @@ -288,6 +299,9 @@ public class JackrabbitContainer extends JackrabbitWrapper implements /** Generates the properties to use in the configuration. */ protected Properties getConfigurationProperties() { + if (configurationProperties != null) + return configurationProperties; + InputStream propsIn = null; Properties vars; try { @@ -349,4 +363,12 @@ public class JackrabbitContainer extends JackrabbitWrapper implements this.configuration = configuration; } + public void setConfigurationProperties(Properties configurationProperties) { + this.configurationProperties = configurationProperties; + } + + public void setConfigurationXml(InputSource configurationXml) { + this.configurationXml = configurationXml; + } + } diff --git a/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitWrapper.java b/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitWrapper.java index f9f04c4cb..53a9ff1e2 100644 --- a/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitWrapper.java +++ b/org.argeo.server.jackrabbit/src/org/argeo/jackrabbit/JackrabbitWrapper.java @@ -339,8 +339,8 @@ public class JackrabbitWrapper extends JcrRepositoryWrapper implements } else { // assume this is in the same bundle exportingBundle = bundleContext.getBundle(); -// throw new ArgeoException("No OSGi exporting package found for " -// + resUrl); + // throw new ArgeoException("No OSGi exporting package found for " + // + resUrl); } return exportingBundle; } @@ -360,6 +360,10 @@ public class JackrabbitWrapper extends JcrRepositoryWrapper implements this.bundleContext = bundleContext; } + protected BundleContext getBundleContext() { + return bundleContext; + } + public void setForceCndImport(Boolean forceCndUpdate) { this.forceCndImport = forceCndUpdate; }