From 7807780029af8d1f2f32d7513e0769f128b729d1 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Sun, 30 Jan 2011 13:15:46 +0000
Subject: [PATCH] Integrate JCR security with Spring

git-svn-id: https://svn.argeo.org/commons/trunk@4097 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 pom.xml                                       |  4 +-
 .../security/core/DefaultArgeoSecurity.java   | 18 +++++++--
 .../jcr/ThreadBoundJcrSessionFactory.java     | 40 ++++++++++++++-----
 3 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/pom.xml b/pom.xml
index d14a6de26..d0dce8a2c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,9 +18,9 @@
 		<version.argeo-commons>0.2.2-SNAPSHOT</version.argeo-commons>
 		<version.argeo-ria>0.12.5</version.argeo-ria>
 		<version.equinox>3.6.1</version.equinox>
-		<version.maven-argeo-osgi>0.1.30-SNAPSHOT</version.maven-argeo-osgi>
+		<version.maven-argeo-osgi>0.1.30</version.maven-argeo-osgi>
 		<version.maven-bundle-plugin>2.0.1</version.maven-bundle-plugin>
-		<version.maven-argeo-qooxdoo>1.1.0</version.maven-argeo-qooxdoo>
+		<version.maven-argeo-qooxdoo>1.1.1</version.maven-argeo-qooxdoo>
 		<site.repoBase>file:///srv/projects/www/commons/site</site.repoBase>
 		<site.urlBase>http://projects.argeo.org/commons/site</site.urlBase>
 	</properties>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
index 4f82889dc..47497d182 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
@@ -20,13 +20,25 @@ import org.argeo.security.ArgeoUser;
 import org.argeo.security.ArgeoSecurity;
 import org.argeo.security.nature.SimpleUserNature;
 
+/** Holds deployment specific security information. */
 public class DefaultArgeoSecurity implements ArgeoSecurity {
 	private String superUsername = "root";
 
 	public void beforeCreate(ArgeoUser user) {
-		SimpleUserNature simpleUserNature = new SimpleUserNature();
-		simpleUserNature.setLastName("empty");// to prevent issue with sn in LDAP
-		user.getUserNatures().put("simpleUserNature",simpleUserNature);
+		SimpleUserNature simpleUserNature;
+		try {
+			simpleUserNature = SimpleUserNature
+					.findSimpleUserNature(user, null);
+		} catch (Exception e) {
+			simpleUserNature = new SimpleUserNature();
+			user.getUserNatures().put("simpleUserNature", simpleUserNature);
+		}
+
+		if (simpleUserNature.getLastName() == null
+				|| simpleUserNature.getLastName().equals(""))
+			simpleUserNature.setLastName("empty");// to prevent issue with sn in
+													// LDAP
+
 	}
 
 	public String getSuperUsername() {
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
index ed2857ad5..ef044ce8b 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import javax.jcr.LoginException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -82,19 +83,36 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
 	}
 
 	protected Session login() {
+		Session newSession = null;
+		// first try to login without credentials, assuming the underlying login
+		// module will have dealt with authentication (typically using Spring
+		// Security)
 		try {
-			SimpleCredentials sc = new SimpleCredentials(defaultUsername,
-					defaultPassword.toCharArray());
-			Session sess = repository.login(sc);
-			if (log.isTraceEnabled())
-				log.trace("Log in to JCR session " + sess + "; userId="
-						+ sess.getUserID());
-			// Thread.dumpStack();
-			activeSessions.add(sess);
-			return sess;
-		} catch (RepositoryException e) {
-			throw new ArgeoException("Cannot log in to repository", e);
+			newSession = repository.login();
+		} catch (LoginException e1) {
+			log.warn("Cannot login without credentials: " + e1.getMessage());
+			// invalid credentials, go to the next step
+		} catch (RepositoryException e1) {
+			// other kind of exception, fail
+			throw new ArgeoException("Cannot log in to repository", e1);
 		}
+
+		// log using default username / password (useful for testing purposes)
+		if (newSession == null)
+			try {
+				SimpleCredentials sc = new SimpleCredentials(defaultUsername,
+						defaultPassword.toCharArray());
+				newSession = repository.login(sc);
+			} catch (RepositoryException e) {
+				throw new ArgeoException("Cannot log in to repository", e);
+			}
+
+		// Log and monitor new session
+		if (log.isTraceEnabled())
+			log.trace("Logged in to JCR session " + newSession + "; userId="
+					+ newSession.getUserID());
+		activeSessions.add(newSession);
+		return newSession;
 	}
 
 	public Object getObject() {
-- 
2.30.2