From 041234a54c1b98bcba16e359c4c4905c4eed1768 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Sat, 18 Feb 2012 18:43:50 +0000 Subject: [PATCH] Introduce RAP anonymous Improve RAP UI (add user menu in toolbar, remove standard menus) Introduce user home perspective git-svn-id: https://svn.argeo.org/commons/trunk@5100 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../META-INF/spring/loginModules.xml | 16 ++ .../org.argeo.security.equinox/plugin.xml | 12 +- .../security.properties | 3 + .../security/equinox/SpringLoginModule.java | 45 ++++ .../META-INF/jaas_default.txt | 5 + .../META-INF/spring/commands.xml | 11 + .../META-INF/spring/osgi.xml | 14 ++ .../branding/public.html | 18 ++ .../build.properties | 3 +- .../icons/closeAll.gif | Bin 0 -> 204 bytes .../org.argeo.security.ui.rap/icons/exit.png | Bin 0 -> 214 bytes .../org.argeo.security.ui.rap/icons/home.gif | Bin 0 -> 583 bytes .../org.argeo.security.ui.rap/icons/main.gif | Bin 0 -> 310 bytes .../icons/password.gif | Bin 0 -> 564 bytes .../icons/preferences.png | Bin 0 -> 603 bytes .../org.argeo.security.ui.rap/plugin.xml | 103 ++++++++- .../plugins/org.argeo.security.ui.rap/pom.xml | 2 +- .../security/ui/rap/AnonymousEntryPoint.java | 103 +++++++++ .../security/ui/rap/RapActionBarAdvisor.java | 208 ++++++++++++++++++ .../rap/RapSecureWorkbenchWindowAdvisor.java | 37 ---- ...ndowAdvisor.java => RapWindowAdvisor.java} | 24 +- ...hAdvisor.java => RapWorkbenchAdvisor.java} | 13 +- .../ui/rap/SecureActionBarAdvisor.java | 141 ------------ .../security/ui/rap/SecureEntryPoint.java | 112 ++++------ .../security/ui/rap/SecureRapActivator.java | 24 +- .../security/ui/rap/commands/UserMenu.java | 15 ++ .../org.argeo.security.ui/icons/home.gif | Bin 0 -> 583 bytes .../org.argeo.security.ui/icons/user.gif | Bin 0 -> 310 bytes .../plugins/org.argeo.security.ui/plugin.xml | 43 ++-- .../security/ui/UserHomePerspective.java | 20 ++ .../argeo/security/ui/views/UserProfile.java | 22 ++ .../jackrabbit/ArgeoSecurityManager.java | 6 +- 32 files changed, 708 insertions(+), 292 deletions(-) create mode 100644 security/plugins/org.argeo.security.equinox/security.properties create mode 100644 security/plugins/org.argeo.security.ui.rap/META-INF/spring/commands.xml create mode 100644 security/plugins/org.argeo.security.ui.rap/META-INF/spring/osgi.xml create mode 100644 security/plugins/org.argeo.security.ui.rap/branding/public.html create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/closeAll.gif create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/exit.png create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/home.gif create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/main.gif create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/password.gif create mode 100644 security/plugins/org.argeo.security.ui.rap/icons/preferences.png create mode 100644 security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/AnonymousEntryPoint.java create mode 100644 security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapActionBarAdvisor.java delete mode 100644 security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapSecureWorkbenchWindowAdvisor.java rename security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/{SecureWorkbenchWindowAdvisor.java => RapWindowAdvisor.java} (64%) rename security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/{SecureWorkbenchAdvisor.java => RapWorkbenchAdvisor.java} (78%) delete mode 100644 security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureActionBarAdvisor.java create mode 100644 security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/commands/UserMenu.java create mode 100644 security/plugins/org.argeo.security.ui/icons/home.gif create mode 100644 security/plugins/org.argeo.security.ui/icons/user.gif create mode 100644 security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/UserHomePerspective.java create mode 100644 security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UserProfile.java diff --git a/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml b/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml index fe7bb602d..ed0a78860 100644 --- a/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml +++ b/security/plugins/org.argeo.security.equinox/META-INF/spring/loginModules.xml @@ -4,6 +4,14 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> + + + + osgibundle:security.properties + + + @@ -15,6 +23,14 @@ + + + + + + + diff --git a/security/plugins/org.argeo.security.equinox/plugin.xml b/security/plugins/org.argeo.security.equinox/plugin.xml index 4032022dc..2cc81f137 100644 --- a/security/plugins/org.argeo.security.equinox/plugin.xml +++ b/security/plugins/org.argeo.security.equinox/plugin.xml @@ -3,15 +3,19 @@ - + - - + + + + + + - + diff --git a/security/plugins/org.argeo.security.equinox/security.properties b/security/plugins/org.argeo.security.equinox/security.properties new file mode 100644 index 000000000..219b1c761 --- /dev/null +++ b/security/plugins/org.argeo.security.equinox/security.properties @@ -0,0 +1,3 @@ +argeo.security.systemKey=argeo + +argeo.security.anonymousRole=ROLE_ANONYMOUS diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java index 71ce5715b..4d0cb6de6 100644 --- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java +++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java @@ -1,6 +1,7 @@ package org.argeo.security.equinox; import java.util.Map; +import java.util.UUID; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -15,7 +16,10 @@ import org.argeo.security.NodeAuthenticationToken; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationManager; import org.springframework.security.BadCredentialsException; +import org.springframework.security.GrantedAuthority; +import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.context.SecurityContextHolder; +import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken; import org.springframework.security.providers.jaas.SecurityContextLoginModule; /** Login module which caches one subject per thread. */ @@ -33,6 +37,10 @@ public class SpringLoginModule extends SecurityContextLoginModule { private Long waitBetweenFailedLoginAttempts = 5 * 1000l; private Boolean remote = false; + private Boolean anonymous = false; + + private String key = null; + private String anonymousRole = "ROLE_ANONYMOUS"; public SpringLoginModule() { @@ -52,6 +60,10 @@ public class SpringLoginModule extends SecurityContextLoginModule { if (SecurityContextHolder.getContext().getAuthentication() != null) return super.login(); + if (remote && anonymous) + throw new LoginException( + "Cannot have a Spring login module which is remote and anonymous"); + // reset all principals and credentials if (log.isTraceEnabled()) log.trace("Resetting all principals and credentials of " @@ -63,6 +75,20 @@ public class SpringLoginModule extends SecurityContextLoginModule { if (subject.getPublicCredentials() != null) subject.getPublicCredentials().clear(); + // deals first with public access since it's simple + if (anonymous) { + // TODO integrate with JCR? + Object principal = UUID.randomUUID().toString(); + GrantedAuthority[] authorities = { new GrantedAuthorityImpl( + anonymousRole) }; + AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken( + key, principal, authorities); + Authentication auth = authenticationManager + .authenticate(anonymousToken); + registerAuthentication(auth); + return super.login(); + } + if (callbackHandler == null) throw new LoginException("No call back handler available"); @@ -154,7 +180,26 @@ public class SpringLoginModule extends SecurityContextLoginModule { this.authenticationManager = authenticationManager; } + /** Authenticates on a remote node */ public void setRemote(Boolean remote) { this.remote = remote; } + + /** + * Request anonymous authentication (incompatible with remote) + */ + public void setAnonymous(Boolean anonymous) { + this.anonymous = anonymous; + } + + /** Role identifying an anonymous user */ + public void setAnonymousRole(String anonymousRole) { + this.anonymousRole = anonymousRole; + } + + /** System key */ + public void setKey(String key) { + this.key = key; + } + } diff --git a/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt b/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt index 72b66eabf..3829f93bb 100644 --- a/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt +++ b/security/plugins/org.argeo.security.ui.rap/META-INF/jaas_default.txt @@ -8,6 +8,11 @@ SPRING { extensionId="org.argeo.security.equinox.springLoginModule"; }; +SPRING_ANONYMOUS { + org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient + extensionId="org.argeo.security.equinox.anonymousSpringLoginModule"; +}; + SPRING_SECURITY_CONTEXT { org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient extensionId="org.argeo.security.equinox.springSecurityContextLoginModule"; diff --git a/security/plugins/org.argeo.security.ui.rap/META-INF/spring/commands.xml b/security/plugins/org.argeo.security.ui.rap/META-INF/spring/commands.xml new file mode 100644 index 000000000..1dc8d53ce --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/META-INF/spring/commands.xml @@ -0,0 +1,11 @@ + + + + + + + diff --git a/security/plugins/org.argeo.security.ui.rap/META-INF/spring/osgi.xml b/security/plugins/org.argeo.security.ui.rap/META-INF/spring/osgi.xml new file mode 100644 index 000000000..9e357a36d --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/META-INF/spring/osgi.xml @@ -0,0 +1,14 @@ + + + + + \ No newline at end of file diff --git a/security/plugins/org.argeo.security.ui.rap/branding/public.html b/security/plugins/org.argeo.security.ui.rap/branding/public.html new file mode 100644 index 000000000..e50f6e943 --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/branding/public.html @@ -0,0 +1,18 @@ + + + +
+ + + + +
+ Refresh... +
+
+ + \ No newline at end of file diff --git a/security/plugins/org.argeo.security.ui.rap/build.properties b/security/plugins/org.argeo.security.ui.rap/build.properties index 572b0b491..5618fae36 100644 --- a/security/plugins/org.argeo.security.ui.rap/build.properties +++ b/security/plugins/org.argeo.security.ui.rap/build.properties @@ -1,5 +1,6 @@ bin.includes = plugin.xml,\ META-INF/,\ - branding/ + branding/,\ + icons/ source.. = src/main/java/ output.. = target/classes/ diff --git a/security/plugins/org.argeo.security.ui.rap/icons/closeAll.gif b/security/plugins/org.argeo.security.ui.rap/icons/closeAll.gif new file mode 100644 index 0000000000000000000000000000000000000000..28a3785aaca7c24373e69a73b2307fdb4331b725 GIT binary patch literal 204 zcmZ?wbhEHb6krfw*v!Dt(a|trLdS{~3vS%Fv0=l86+qU41v6&Mm;e+7$~81pR8$lc z6l7#%BqSvK|Nmd{CkrD313!Zf0}z1BU|^~IuvcM;=)qeJFP_d6<6(9$NpZ+va*#XV z$Tanv0@q6Ij$F;fM->-rkP#C*lC&X!LwxVz&)al#c-qnqcDm}#WIy(BLW0V%N5`2M zYBi)fD)t0U*`nI(nzTRThYA-TS95cdU1Kv3A5Uwk5NlIM^h7?h?zV>Mb~Eg!3Nly& E026Ie7ytkO literal 0 HcmV?d00001 diff --git a/security/plugins/org.argeo.security.ui.rap/icons/exit.png b/security/plugins/org.argeo.security.ui.rap/icons/exit.png new file mode 100644 index 0000000000000000000000000000000000000000..cfbf9d15eefae33fd12b8312e11bab985a5a02ba GIT binary patch literal 214 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!63?wyl`GbL!Wq?nJ>;M1%U-$=oD6jglY~_t< zGhgUiy)burVej?AJ?Mpk(TDV+g96GYHLNbi7oGHXIvMWuW8KP=_EtO1t*Q^7{{}RK zu_VYZn8D%MjWi&~+tbA{q~g}x^Oiyf6nLBin@%#N8Q%H7L1a@<`lnO&St5t@GXtDn zxXpdY@X_Ec<7~MnY;B_c9XzVeksM!RLs+(Q`$!(C%=hf;IH{B?(Il6LneC_)9y7e)Ys}kzgCpT_NZrqsBx;3M1 zYfjfr^Oy#Un1=ILZ(q4_=gaqB7ao7P|N7gr_usES|9bEBw__J?ox6Jb!jmu8UwnP~ z{`vgb@~XsXFsG`()# z)P`jC{<4g|#s1N)K&pC%tK(wV?&6UV6I0Yt5EGW+>Ef1>5|vq# o@xi~D$(7S6WrD(k7KTz1OCBW9Gn(60SWa+}gzo||X6OdpAC pniZ}UB2{8+qLvgXp{K+VYbvgzz|tvZD96;vC(6Ls8R^Ji4FH!Gg(Uz0 literal 0 HcmV?d00001 diff --git a/security/plugins/org.argeo.security.ui.rap/icons/password.gif b/security/plugins/org.argeo.security.ui.rap/icons/password.gif new file mode 100644 index 0000000000000000000000000000000000000000..a6b251fc8553fe59749bc1a6baa172ae3d9e2723 GIT binary patch literal 564 zcmZ?wbhEHb6krfwc*el6<-kp^tmVFWt9&x&CDd(8Yuetu_-sJgrktMr1^ov~CLOAn zcC=~EiMIKt{L426Rc;Qg+8kc9HL`A7Y~zlM&OMdWk4#;C`rflom+!s3@#uZmiZfU4 zzrFh4?c5#LcAUPm+k2& zU!HCI`+o1=4~PDKI{x?5$-ke^ZJVU>^;XB9hy8z^%=+_e-k)dl|2$i;v0HIVzw*I( z7Rx#15+*@oPB6j z@yTtS*G_M`d124zw-5h=0mEPdia%Kx85jZ>bU=;*#R&uZ#D;(-IW|_grjE`IUR6<+ zt_cA=@}kTWCvY=O@8VLIoi;mwQ$tBsjBz1{hOCs7jJK7Q=L8XjHIiO7ettF{UBW7I z;y#8>{{Fs(6NEG+-Cexh-MwAhy9AYGER78uw6)AEy95-aE%bD)ZFS5oy7<*3T=gBD iogGbGyV&^{-0V$iek@Qtd}3+3i;&tDF|8m425SKKG1WZ) literal 0 HcmV?d00001 diff --git a/security/plugins/org.argeo.security.ui.rap/icons/preferences.png b/security/plugins/org.argeo.security.ui.rap/icons/preferences.png new file mode 100644 index 0000000000000000000000000000000000000000..aa0dc0be98db6b2fb711b970e1e606c625d94b3d GIT binary patch literal 603 zcmV-h0;K(kP)S_CM`$0H`p`dRU zJj?(B2yDQgf6PEvFfepi1cK>rzyB~yDRL(m9@%|682|zZV!&UZ3xGN+y4Evvlm#+; z{P73qs{agyt?L;2fi9Z3^eDsc-;nV5@dFq(K-^XC&+r+j4j_O~T+mhualw0_0%j&g zhDo)-V4I5KY_PiE-H%@k009II17=`M{AZ}`-N4XX9Ki7Y`!Awg@c#R627my9djVu~ zLty}z{`B)VPz(|#fBpge8flGWFC=Du|NY1C5g5$?0R;B~C=8k=Ze*y-_h7C-OH0d~z8Wfl&_08jNVF5J_TsQ#M1}#5r&U00D%Q5*ZoVCv9Y? z%=KqjzUc(klvtVT$H2|Yi()oF03o6gXmxpxADE8tHD~ybY&qC=MsPrL^75k?01!aX p%*4cSXv + + + body="branding/public.html"> + + @@ -44,4 +57,90 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/security/plugins/org.argeo.security.ui.rap/pom.xml b/security/plugins/org.argeo.security.ui.rap/pom.xml index cfd6121cb..633a95297 100644 --- a/security/plugins/org.argeo.security.ui.rap/pom.xml +++ b/security/plugins/org.argeo.security.ui.rap/pom.xml @@ -31,7 +31,7 @@ org.argeo.security.ui.rap.SecureRapActivator lazy org.eclipse.rap.ui,org.eclipse.core.runtime - org.springframework.core,* + org.springframework.core,org.argeo.eclipse.spring,* diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/AnonymousEntryPoint.java new file mode 100644 index 000000000..aad267c34 --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/AnonymousEntryPoint.java @@ -0,0 +1,103 @@ +package org.argeo.security.ui.rap; + +import java.security.PrivilegedAction; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.ArgeoException; +import org.eclipse.equinox.security.auth.ILoginContext; +import org.eclipse.rwt.RWT; +import org.eclipse.rwt.lifecycle.IEntryPoint; +import org.eclipse.swt.widgets.Display; +import org.eclipse.ui.PlatformUI; + +/** + * RAP entry point which authenticates the subject as anonymous, for public + * unauthenticated access. + */ +public class AnonymousEntryPoint implements IEntryPoint { + private final static Log log = LogFactory.getLog(AnonymousEntryPoint.class); + + /** + * How many seconds to wait before invalidating the session if the user has + * not yet logged in. + */ + private Integer loginTimeout = 1 * 60; + private Integer sessionTimeout = 15 * 60; + + @Override + public int createUI() { + // Short login timeout so that the modal dialog login doesn't hang + // around too long + RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); + + if (log.isDebugEnabled()) + log.debug("Anonymous THREAD=" + Thread.currentThread().getId() + + ", sessionStore=" + RWT.getSessionStore().getId()); + + // create display + final Display display = PlatformUI.createDisplay(); + + // log in + final ILoginContext loginContext = SecureRapActivator + .createLoginContext(SecureRapActivator.CONTEXT_SPRING_ANONYMOUS); + Subject subject = null; + try { + loginContext.login(); + subject = loginContext.getSubject(); + } catch (LoginException e) { + throw new ArgeoException( + "Unexpected exception during authentication", e); + } + + // identify after successful login + if (log.isDebugEnabled()) + log.debug("Authenticated " + subject); + final String username = subject.getPrincipals().iterator().next() + .getName(); + + // Once the user is logged in, she can have a longer session timeout + RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); + + // Logout callback when the display is disposed + display.disposeExec(new Runnable() { + public void run() { + log.debug("Display disposed"); + logout(loginContext, username); + } + }); + + // + // RUN THE WORKBENCH + // + Integer returnCode = null; + try { + returnCode = Subject.doAs(subject, new PrivilegedAction() { + public Integer run() { + RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( + null); + int result = PlatformUI.createAndRunWorkbench(display, + workbenchAdvisor); + return new Integer(result); + } + }); + logout(loginContext, username); + } finally { + display.dispose(); + } + return returnCode; + } + + private void logout(ILoginContext secureContext, String username) { + try { + secureContext.logout(); + log.info("Logged out " + (username != null ? username : "") + + " (THREAD=" + Thread.currentThread().getId() + ")"); + } catch (LoginException e) { + log.error("Erorr when logging out", e); + } + } +} diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapActionBarAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapActionBarAdvisor.java new file mode 100644 index 000000000..68176dad2 --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapActionBarAdvisor.java @@ -0,0 +1,208 @@ +package org.argeo.security.ui.rap; + +import org.argeo.security.ui.rap.commands.UserMenu; +import org.eclipse.core.commands.Category; +import org.eclipse.core.commands.Command; +import org.eclipse.jface.action.ICoolBarManager; +import org.eclipse.jface.action.IMenuManager; +import org.eclipse.jface.action.IToolBarManager; +import org.eclipse.jface.action.ToolBarManager; +import org.eclipse.swt.SWT; +import org.eclipse.ui.IWorkbenchWindow; +import org.eclipse.ui.application.ActionBarAdvisor; +import org.eclipse.ui.application.IActionBarConfigurer; +import org.eclipse.ui.commands.ICommandService; + +/** Eclipse rap specific action bar advisor */ +public class RapActionBarAdvisor extends ActionBarAdvisor { + private final static String ID_BASE = "org.argeo.security.ui.rap"; + // private final static Log log = LogFactory + // .getLog(SecureActionBarAdvisor.class); + + /** Null means anonymous */ + private String username = null; + +// private IAction logoutAction; +// private IWorkbenchAction openPerspectiveDialogAction; +// private IWorkbenchAction showViewMenuAction; +// private IWorkbenchAction preferences; +// private IWorkbenchAction saveAction; +// private IWorkbenchAction saveAllAction; +// private IWorkbenchAction closeAllAction; + + public RapActionBarAdvisor(IActionBarConfigurer configurer, String username) { + super(configurer); + this.username = username; + } + + protected void makeActions(IWorkbenchWindow window) { +// preferences = ActionFactory.PREFERENCES.create(window); +// register(preferences); +// openPerspectiveDialogAction = ActionFactory.OPEN_PERSPECTIVE_DIALOG +// .create(window); +// register(openPerspectiveDialogAction); +// showViewMenuAction = ActionFactory.SHOW_VIEW_MENU.create(window); +// register(showViewMenuAction); +// +// // logout +// logoutAction = ActionFactory.QUIT.create(window); +// // logoutAction = createLogoutAction(); +// register(logoutAction); +// +// // Save semantics +// saveAction = ActionFactory.SAVE.create(window); +// register(saveAction); +// saveAllAction = ActionFactory.SAVE_ALL.create(window); +// register(saveAllAction); +// closeAllAction = ActionFactory.CLOSE_ALL.create(window); +// register(closeAllAction); + + } + + protected void fillMenuBar(IMenuManager menuBar) { +// MenuManager fileMenu = new MenuManager("&File", +// IWorkbenchActionConstants.M_FILE); +// MenuManager editMenu = new MenuManager("&Edit", +// IWorkbenchActionConstants.M_EDIT); +// MenuManager windowMenu = new MenuManager("&Window", +// IWorkbenchActionConstants.M_WINDOW); +// +// menuBar.add(fileMenu); +// menuBar.add(editMenu); +// menuBar.add(windowMenu); +// // Add a group marker indicating where action set menus will appear. +// menuBar.add(new GroupMarker(IWorkbenchActionConstants.MB_ADDITIONS)); +// +// // File +// fileMenu.add(saveAction); +// fileMenu.add(saveAllAction); +// fileMenu.add(closeAllAction); +// fileMenu.add(new GroupMarker(IWorkbenchActionConstants.MB_ADDITIONS)); +// fileMenu.add(new Separator()); +// fileMenu.add(logoutAction); +// +// // Edit +// editMenu.add(preferences); +// +// // Window +// windowMenu.add(openPerspectiveDialogAction); +// windowMenu.add(showViewMenuAction); + } + + @Override + protected void fillCoolBar(ICoolBarManager coolBar) { + if (username != null) { + ICommandService cmdService = (ICommandService) getActionBarConfigurer() + .getWindowConfigurer().getWorkbenchConfigurer() + .getWorkbench().getService(ICommandService.class); + Category userMenus = cmdService.getCategory(ID_BASE + ".userMenus"); + if (!userMenus.isDefined()) + userMenus.define("User Menus", "User related menus"); + + Command userMenu = cmdService.getCommand(ID_BASE + + ".userMenuCommand"); + if (userMenu.isDefined()) + userMenu.undefine(); + userMenu.define(username, "User menu actions", userMenus); + userMenu.setHandler(new UserMenu()); + + // userToolbar.add(new UserMenuAction()); + // coolBar.add(userToolbar); + } else {// anonymous + IToolBarManager userToolbar = new ToolBarManager(SWT.FLAT + | SWT.RIGHT); + //userToolbar.add(logoutAction); + coolBar.add(userToolbar); + } + // IToolBarManager saveToolbar = new ToolBarManager(SWT.FLAT | + // SWT.RIGHT); + // saveToolbar.add(saveAction); + // saveToolbar.add(saveAllAction); + // coolBar.add(saveToolbar); + } + + // class UserMenuAction extends Action implements IWorkbenchAction { + // + // public UserMenuAction() { + // super(username, IAction.AS_DROP_DOWN_MENU); + // // setMenuCreator(new UserMenu()); + // } + // + // @Override + // public String getId() { + // return "org.argeo.security.ui.rap.userMenu"; + // } + // + // @Override + // public void dispose() { + // } + // + // } + + // class UserMenu implements IMenuCreator { + // private Menu menu; + // + // public Menu getMenu(Control parent) { + // Menu menu = new Menu(parent); + // addActionToMenu(menu, logoutAction); + // return menu; + // } + // + // private void addActionToMenu(Menu menu, IAction action) { + // ActionContributionItem item = new ActionContributionItem(action); + // item.fill(menu, -1); + // } + // + // public void dispose() { + // if (menu != null) { + // menu.dispose(); + // } + // } + // + // public Menu getMenu(Menu parent) { + // // Not use + // return null; + // } + // + // } + + // protected IAction createLogoutAction() { + // Subject subject = Subject.getSubject(AccessController.getContext()); + // final String username = subject.getPrincipals().iterator().next() + // .getName(); + // + // IAction logoutAction = new Action() { + // public String getId() { + // return SecureRapActivator.ID + ".logoutAction"; + // } + // + // public String getText() { + // return "Logout " + username; + // } + // + // public void run() { + // // try { + // // Subject subject = SecureRapActivator.getLoginContext() + // // .getSubject(); + // // String subjectStr = subject.toString(); + // // subject.getPrincipals().clear(); + // // SecureRapActivator.getLoginContext().logout(); + // // log.info(subjectStr + " logged out"); + // // } catch (LoginException e) { + // // log.error("Error when logging out", e); + // // } + // // SecureEntryPoint.logout(username); + // // PlatformUI.getWorkbench().close(); + // // try { + // // RWT.getRequest().getSession().setMaxInactiveInterval(1); + // // } catch (Exception e) { + // // if (log.isTraceEnabled()) + // // log.trace("Error when invalidating session", e); + // // } + // } + // + // }; + // return logoutAction; + // } + +} diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapSecureWorkbenchWindowAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapSecureWorkbenchWindowAdvisor.java deleted file mode 100644 index 2875aa3ec..000000000 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapSecureWorkbenchWindowAdvisor.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.argeo.security.ui.rap; - -import org.eclipse.swt.SWT; -import org.eclipse.swt.graphics.Point; -import org.eclipse.swt.graphics.Rectangle; -import org.eclipse.swt.widgets.Display; -import org.eclipse.ui.application.ActionBarAdvisor; -import org.eclipse.ui.application.IActionBarConfigurer; -import org.eclipse.ui.application.IWorkbenchWindowConfigurer; - -public class RapSecureWorkbenchWindowAdvisor extends - SecureWorkbenchWindowAdvisor { - public RapSecureWorkbenchWindowAdvisor(IWorkbenchWindowConfigurer configurer) { - super(configurer); - } - - @Override - public ActionBarAdvisor createActionBarAdvisor( - IActionBarConfigurer configurer) { - return new SecureActionBarAdvisor(configurer, false); - } - - public void preWindowOpen() { - IWorkbenchWindowConfigurer configurer = getWindowConfigurer(); - configurer.setShowCoolBar(true); - configurer.setShowMenuBar(true); - configurer.setShowStatusLine(false); - configurer.setShowPerspectiveBar(true); - configurer.setTitle("Argeo Secure UI"); //$NON-NLS-1$ - // Full screen, see - // http://dev.eclipse.org/newslists/news.eclipse.technology.rap/msg02697.html - configurer.setShellStyle(SWT.NONE); - Rectangle bounds = Display.getCurrent().getBounds(); - configurer.setInitialSize(new Point(bounds.width, bounds.height)); - } - -} diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchWindowAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWindowAdvisor.java similarity index 64% rename from security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchWindowAdvisor.java rename to security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWindowAdvisor.java index c2675d58b..36ee27863 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchWindowAdvisor.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWindowAdvisor.java @@ -1,6 +1,9 @@ package org.argeo.security.ui.rap; +import org.eclipse.swt.SWT; import org.eclipse.swt.graphics.Point; +import org.eclipse.swt.graphics.Rectangle; +import org.eclipse.swt.widgets.Display; import org.eclipse.ui.IWorkbenchWindow; import org.eclipse.ui.actions.ActionFactory; import org.eclipse.ui.actions.ActionFactory.IWorkbenchAction; @@ -9,26 +12,35 @@ import org.eclipse.ui.application.IActionBarConfigurer; import org.eclipse.ui.application.IWorkbenchWindowConfigurer; import org.eclipse.ui.application.WorkbenchWindowAdvisor; -public class SecureWorkbenchWindowAdvisor extends WorkbenchWindowAdvisor { +/** Eclipse RAP specific window advisor */ +public class RapWindowAdvisor extends WorkbenchWindowAdvisor { - public SecureWorkbenchWindowAdvisor(IWorkbenchWindowConfigurer configurer) { + private String username; + + public RapWindowAdvisor(IWorkbenchWindowConfigurer configurer, + String username) { super(configurer); + this.username = username; } + @Override public ActionBarAdvisor createActionBarAdvisor( IActionBarConfigurer configurer) { - return new SecureActionBarAdvisor(configurer, true); + return new RapActionBarAdvisor(configurer, username); } public void preWindowOpen() { IWorkbenchWindowConfigurer configurer = getWindowConfigurer(); - configurer.setInitialSize(new Point(1200, 900)); configurer.setShowCoolBar(true); - configurer.setShowMenuBar(true); + configurer.setShowMenuBar(false); configurer.setShowStatusLine(false); - configurer.setShowPerspectiveBar(true); configurer.setTitle("Argeo Secure UI"); //$NON-NLS-1$ + // Full screen, see + // http://dev.eclipse.org/newslists/news.eclipse.technology.rap/msg02697.html + configurer.setShellStyle(SWT.NONE); + Rectangle bounds = Display.getCurrent().getBounds(); + configurer.setInitialSize(new Point(bounds.width, bounds.height)); } @Override diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java similarity index 78% rename from security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchAdvisor.java rename to security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java index c2d740099..b553dceea 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureWorkbenchAdvisor.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java @@ -5,14 +5,21 @@ import org.eclipse.ui.application.IWorkbenchWindowConfigurer; import org.eclipse.ui.application.WorkbenchAdvisor; import org.eclipse.ui.application.WorkbenchWindowAdvisor; -public class SecureWorkbenchAdvisor extends WorkbenchAdvisor { +/** Eclipse RAP specific workbench advisor */ +public class RapWorkbenchAdvisor extends WorkbenchAdvisor { public final static String INITIAL_PERSPECTIVE_PROPERTY = "org.argeo.security.ui.initialPerspective"; private String initialPerspective = System.getProperty( INITIAL_PERSPECTIVE_PROPERTY, null); + private String username; + + public RapWorkbenchAdvisor(String username) { + this.username = username; + } + public WorkbenchWindowAdvisor createWorkbenchWindowAdvisor( IWorkbenchWindowConfigurer configurer) { - return new SecureWorkbenchWindowAdvisor(configurer); + return new RapWindowAdvisor(configurer, username); } public String getInitialWindowPerspectiveId() { @@ -23,7 +30,7 @@ public class SecureWorkbenchAdvisor extends WorkbenchAdvisor { IPerspectiveDescriptor pd = getWorkbenchConfigurer().getWorkbench() .getPerspectiveRegistry() .findPerspectiveWithId(initialPerspective); - if(pd==null) + if (pd == null) return null; } return initialPerspective; diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureActionBarAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureActionBarAdvisor.java deleted file mode 100644 index f47eb82d4..000000000 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureActionBarAdvisor.java +++ /dev/null @@ -1,141 +0,0 @@ -package org.argeo.security.ui.rap; - -import java.security.AccessController; - -import javax.security.auth.Subject; - -import org.eclipse.jface.action.Action; -import org.eclipse.jface.action.GroupMarker; -import org.eclipse.jface.action.IAction; -import org.eclipse.jface.action.ICoolBarManager; -import org.eclipse.jface.action.IMenuManager; -import org.eclipse.jface.action.IToolBarManager; -import org.eclipse.jface.action.MenuManager; -import org.eclipse.jface.action.Separator; -import org.eclipse.jface.action.ToolBarManager; -import org.eclipse.swt.SWT; -import org.eclipse.ui.IWorkbenchActionConstants; -import org.eclipse.ui.IWorkbenchWindow; -import org.eclipse.ui.actions.ActionFactory; -import org.eclipse.ui.actions.ActionFactory.IWorkbenchAction; -import org.eclipse.ui.application.ActionBarAdvisor; -import org.eclipse.ui.application.IActionBarConfigurer; - -public class SecureActionBarAdvisor extends ActionBarAdvisor { -// private final static Log log = LogFactory -// .getLog(SecureActionBarAdvisor.class); - - private IAction logoutAction; - private IWorkbenchAction openPerspectiveDialogAction; - private IWorkbenchAction showViewMenuAction; - private IWorkbenchAction preferences; - private IWorkbenchAction saveAction; - private IWorkbenchAction saveAllAction; - private IWorkbenchAction closeAllAction; - - public SecureActionBarAdvisor(IActionBarConfigurer configurer, Boolean isRcp) { - super(configurer); - } - - protected void makeActions(IWorkbenchWindow window) { - preferences = ActionFactory.PREFERENCES.create(window); - register(preferences); - openPerspectiveDialogAction = ActionFactory.OPEN_PERSPECTIVE_DIALOG - .create(window); - register(openPerspectiveDialogAction); - showViewMenuAction = ActionFactory.SHOW_VIEW_MENU.create(window); - register(showViewMenuAction); - - // logout - logoutAction = ActionFactory.QUIT.create(window); - //logoutAction = createLogoutAction(); - register(logoutAction); - - // Save semantics - saveAction = ActionFactory.SAVE.create(window); - register(saveAction); - saveAllAction = ActionFactory.SAVE_ALL.create(window); - register(saveAllAction); - closeAllAction = ActionFactory.CLOSE_ALL.create(window); - register(closeAllAction); - - } - - protected IAction createLogoutAction() { - Subject subject = Subject.getSubject(AccessController.getContext()); - final String username = subject.getPrincipals().iterator().next() - .getName(); - - IAction logoutAction = new Action() { - public String getId() { - return SecureRapActivator.ID + ".logoutAction"; - } - - public String getText() { - return "Logout " + username; - } - - public void run() { - // try { - // Subject subject = SecureRapActivator.getLoginContext() - // .getSubject(); - // String subjectStr = subject.toString(); - // subject.getPrincipals().clear(); - // SecureRapActivator.getLoginContext().logout(); - // log.info(subjectStr + " logged out"); - // } catch (LoginException e) { - // log.error("Error when logging out", e); - // } -// SecureEntryPoint.logout(username); -// PlatformUI.getWorkbench().close(); - // try { - // RWT.getRequest().getSession().setMaxInactiveInterval(1); - // } catch (Exception e) { - // if (log.isTraceEnabled()) - // log.trace("Error when invalidating session", e); - // } - } - - }; - return logoutAction; - } - - protected void fillMenuBar(IMenuManager menuBar) { - MenuManager fileMenu = new MenuManager("&File", - IWorkbenchActionConstants.M_FILE); - MenuManager editMenu = new MenuManager("&Edit", - IWorkbenchActionConstants.M_EDIT); - MenuManager windowMenu = new MenuManager("&Window", - IWorkbenchActionConstants.M_WINDOW); - - menuBar.add(fileMenu); - menuBar.add(editMenu); - menuBar.add(windowMenu); - // Add a group marker indicating where action set menus will appear. - menuBar.add(new GroupMarker(IWorkbenchActionConstants.MB_ADDITIONS)); - - // File - fileMenu.add(saveAction); - fileMenu.add(saveAllAction); - fileMenu.add(closeAllAction); - fileMenu.add(new GroupMarker(IWorkbenchActionConstants.MB_ADDITIONS)); - fileMenu.add(new Separator()); - fileMenu.add(logoutAction); - - // Edit - editMenu.add(preferences); - - // Window - windowMenu.add(openPerspectiveDialogAction); - windowMenu.add(showViewMenuAction); - } - - @Override - protected void fillCoolBar(ICoolBarManager coolBar) { - IToolBarManager saveToolbar = new ToolBarManager(SWT.FLAT | SWT.RIGHT); - saveToolbar.add(saveAction); - saveToolbar.add(saveAllAction); - coolBar.add(saveToolbar); - } - -} diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java index 9f54e4c75..e2febf0ae 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureEntryPoint.java @@ -8,20 +8,19 @@ import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.ArgeoException; +import org.argeo.eclipse.ui.ErrorFeedback; import org.eclipse.equinox.security.auth.ILoginContext; import org.eclipse.jface.dialogs.MessageDialog; import org.eclipse.rwt.RWT; import org.eclipse.rwt.lifecycle.IEntryPoint; import org.eclipse.swt.widgets.Display; import org.eclipse.ui.PlatformUI; -import org.eclipse.ui.application.IWorkbenchWindowConfigurer; -import org.eclipse.ui.application.WorkbenchAdvisor; -import org.eclipse.ui.application.WorkbenchWindowAdvisor; import org.springframework.security.BadCredentialsException; /** - * RAP entry point with login capabilities. On the user has been authenticated, - * the workbench is run as a privileged action by the related subject. + * RAP entry point with login capabilities. Once the user has been + * authenticated, the workbench is run as a privileged action by the related + * subject. */ public class SecureEntryPoint implements IEntryPoint { private final static Log log = LogFactory.getLog(SecureEntryPoint.class); @@ -31,7 +30,9 @@ public class SecureEntryPoint implements IEntryPoint { * not yet logged in. */ private Integer loginTimeout = 1 * 60; - private Integer sessionTimeout = 15 * 60; + // TODO make it configurable + /** Default session timeout is 8 hours (European working day length) */ + private Integer sessionTimeout = 8 * 60 * 60; @Override public int createUI() { @@ -43,14 +44,12 @@ public class SecureEntryPoint implements IEntryPoint { log.debug("THREAD=" + Thread.currentThread().getId() + ", sessionStore=" + RWT.getSessionStore().getId()); - Integer returnCode = null; - // create display - Display display = PlatformUI.createDisplay(); + final Display display = PlatformUI.createDisplay(); // log in final ILoginContext loginContext = SecureRapActivator - .createLoginContext(); + .createLoginContext(SecureRapActivator.CONTEXT_SPRING); Subject subject = null; tryLogin: while (subject == null && !display.isDisposed()) { try { @@ -64,37 +63,17 @@ public class SecureEntryPoint implements IEntryPoint { // retry login continue tryLogin; } - - // check thread death - ThreadDeath td = wasCausedByThreadDeath(e); - if (td != null) { - display.dispose(); - throw td; - } - - if (!display.isDisposed()) { - org.argeo.eclipse.ui.Error.show( - "Unexpected exception during authentication", e); - // this was not just bad credentials or death thread - RWT.getRequest().getSession().setMaxInactiveInterval(1); - display.dispose(); - return -1; - } else { - throw new ArgeoException( - "Unexpected exception during authentication", e); - } + return processLoginDeath(display, e); } } - // identify after successful login + // Once the user is logged in, she can have a longer session timeout + RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); if (log.isDebugEnabled()) log.debug("Authenticated " + subject); + final String username = subject.getPrincipals().iterator().next() .getName(); - - // Once the user is logged in, she can have a longer session timeout - RWT.getRequest().getSession().setMaxInactiveInterval(sessionTimeout); - // Logout callback when the display is disposed display.disposeExec(new Runnable() { public void run() { @@ -106,13 +85,42 @@ public class SecureEntryPoint implements IEntryPoint { // // RUN THE WORKBENCH // + Integer returnCode = null; try { - returnCode = (Integer) Subject.doAs(subject, getRunAction(display)); + returnCode = Subject.doAs(subject, new PrivilegedAction() { + public Integer run() { + RapWorkbenchAdvisor workbenchAdvisor = new RapWorkbenchAdvisor( + username); + int result = PlatformUI.createAndRunWorkbench(display, + workbenchAdvisor); + return new Integer(result); + } + }); logout(loginContext, username); } finally { display.dispose(); } - return processReturnCode(returnCode); + return returnCode; + } + + private Integer processLoginDeath(Display display, LoginException e) { + // check thread death + ThreadDeath td = wasCausedByThreadDeath(e); + if (td != null) { + display.dispose(); + throw td; + } + if (!display.isDisposed()) { + ErrorFeedback.show("Unexpected exception during authentication", e); + // this was not just bad credentials or death thread + RWT.getRequest().getSession().setMaxInactiveInterval(1); + display.dispose(); + return -1; + } else { + throw new ArgeoException( + "Unexpected exception during authentication", e); + } + } /** Recursively look for {@link BadCredentialsException} in the root causes. */ @@ -149,36 +157,4 @@ public class SecureEntryPoint implements IEntryPoint { log.error("Erorr when logging out", e); } } - - @SuppressWarnings("rawtypes") - private PrivilegedAction getRunAction(final Display display) { - return new PrivilegedAction() { - public Object run() { - int result = createAndRunWorkbench(display); - return new Integer(result); - } - }; - } - - /** To be overridden */ - protected Integer createAndRunWorkbench(Display display) { - return PlatformUI.createAndRunWorkbench(display, - createWorkbenchAdvisor()); - } - - /** To be overridden */ - protected Integer processReturnCode(Integer returnCode) { - return returnCode; - } - - /** To be overridden */ - protected WorkbenchAdvisor createWorkbenchAdvisor() { - return new SecureWorkbenchAdvisor() { - public WorkbenchWindowAdvisor createWorkbenchWindowAdvisor( - IWorkbenchWindowConfigurer configurer) { - return new RapSecureWorkbenchWindowAdvisor(configurer); - } - - }; - } } diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureRapActivator.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureRapActivator.java index 762b22783..97c1c5798 100644 --- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureRapActivator.java +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/SecureRapActivator.java @@ -12,19 +12,33 @@ public class SecureRapActivator implements BundleActivator { public final static String ID = "org.argeo.security.ui.rap"; public final static String CONTEXT_SPRING = "SPRING"; + public final static String CONTEXT_SPRING_ANONYMOUS = "SPRING_ANONYMOUS"; private static final String JAAS_CONFIG_FILE = "/META-INF/jaas_default.txt"; - private static BundleContext bundleContext; + private BundleContext bundleContext; + private static SecureRapActivator activator = null; public void start(BundleContext bundleContext) throws Exception { - SecureRapActivator.bundleContext = bundleContext; + activator = this; + this.bundleContext = bundleContext; } public void stop(BundleContext context) throws Exception { + bundleContext = null; + activator = null; } - static ILoginContext createLoginContext() { - URL configUrl = bundleContext.getBundle().getEntry(JAAS_CONFIG_FILE); - return LoginContextFactory.createContext(CONTEXT_SPRING, configUrl); + public BundleContext getBundleContext() { + return bundleContext; + } + + public static SecureRapActivator getActivator() { + return activator; + } + + static ILoginContext createLoginContext(String contextName) { + URL configUrl = getActivator().getBundleContext().getBundle() + .getEntry(JAAS_CONFIG_FILE); + return LoginContextFactory.createContext(contextName, configUrl); } } diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/commands/UserMenu.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/commands/UserMenu.java new file mode 100644 index 000000000..7fdc016c2 --- /dev/null +++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/commands/UserMenu.java @@ -0,0 +1,15 @@ +package org.argeo.security.ui.rap.commands; + +import org.eclipse.core.commands.AbstractHandler; +import org.eclipse.core.commands.ExecutionEvent; +import org.eclipse.core.commands.ExecutionException; + +/** Default action of the user menu */ +public class UserMenu extends AbstractHandler { + + @Override + public Object execute(ExecutionEvent event) throws ExecutionException { + return null; + } + +} diff --git a/security/plugins/org.argeo.security.ui/icons/home.gif b/security/plugins/org.argeo.security.ui/icons/home.gif new file mode 100644 index 0000000000000000000000000000000000000000..fd0c66950972e9fd6b4eee2a45293db7b0402a95 GIT binary patch literal 583 zcmZ?wbhEHb6krfwc*ek>=hf;IH{B?(Il6LneC_)9y7e)Ys}kzgCpT_NZrqsBx;3M1 zYfjfr^Oy#Un1=ILZ(q4_=gaqB7ao7P|N7gr_usES|9bEBw__J?ox6Jb!jmu8UwnP~ z{`vgb@~XsXFsG`()# z)P`jC{<4g|#s1N)K&pC%tK(wV?&6UV6I0Yt5EGW+>Ef1>5|vq# o@xi~D$(7S6WrD(k7KTz1OCBW9Gn(60SWa+}gzo||X6OdpAC pniZ}UB2{8+qLvgXp{K+VYbvgzz|tvZD96;vC(6Ls8R^Ji4FH!Gg(Uz0 literal 0 HcmV?d00001 diff --git a/security/plugins/org.argeo.security.ui/plugin.xml b/security/plugins/org.argeo.security.ui/plugin.xml index 914661532..6f6886359 100644 --- a/security/plugins/org.argeo.security.ui/plugin.xml +++ b/security/plugins/org.argeo.security.ui/plugin.xml @@ -10,29 +10,7 @@ class="org.argeo.security.ui.dialogs.DefaultLoginDialog"> - - - - - - - - - - - + + + + + + + + + diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/UserHomePerspective.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/UserHomePerspective.java new file mode 100644 index 000000000..eb48d1d2d --- /dev/null +++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/UserHomePerspective.java @@ -0,0 +1,20 @@ +package org.argeo.security.ui; + +import org.argeo.security.ui.views.UserProfile; +import org.eclipse.ui.IFolderLayout; +import org.eclipse.ui.IPageLayout; +import org.eclipse.ui.IPerspectiveFactory; + +public class UserHomePerspective implements IPerspectiveFactory { + public void createInitialLayout(IPageLayout layout) { + String editorArea = layout.getEditorArea(); + layout.setEditorAreaVisible(true); + layout.setFixed(false); + + IFolderLayout left = layout.createFolder("left", IPageLayout.LEFT, + 0.65f, editorArea); + left.addView(UserProfile.ID); +// left.addView(RolesView.ID); + } + +} diff --git a/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UserProfile.java b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UserProfile.java new file mode 100644 index 000000000..afa569488 --- /dev/null +++ b/security/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UserProfile.java @@ -0,0 +1,22 @@ +package org.argeo.security.ui.views; + +import org.argeo.security.ui.SecurityUiPlugin; +import org.argeo.security.ui.internal.CurrentUser; +import org.eclipse.swt.SWT; +import org.eclipse.swt.widgets.Composite; +import org.eclipse.swt.widgets.Label; +import org.eclipse.ui.part.ViewPart; + +public class UserProfile extends ViewPart { + public static String ID = SecurityUiPlugin.PLUGIN_ID + ".userProfile"; + + @Override + public void createPartControl(Composite parent) { + new Label(parent, SWT.NONE).setText(CurrentUser.getUsername()); + } + + @Override + public void setFocus() { + } + +} diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 5cc7f43a7..3e9f015bb 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -26,6 +26,7 @@ import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.DefaultSecurityManager; +import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.argeo.ArgeoException; @@ -49,7 +50,10 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (log.isTraceEnabled()) log.trace(subject); - // skip Jackrabbit system user + // skip anonymous user (no rights) + if (!subject.getPrincipals(AnonymousPrincipal.class).isEmpty()) + return super.getUserID(subject, workspaceName); + // skip Jackrabbit system user (all rights) if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty()) return super.getUserID(subject, workspaceName); -- 2.30.2