From a8233e9378854fc9ed1f4186095d06866cbea9f8 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 23 Mar 2011 18:13:10 +0000
Subject: [PATCH] Use versions 1.1.3

git-svn-id: https://svn.argeo.org/commons/trunk@4353 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 pom.xml                                       |  4 +--
 .../core/KeyBasedSystemExecutionService.java  | 17 +++++++++--
 .../security/jackrabbit/ArgeoLoginModule.java | 30 ++++++++++++++-----
 .../jackrabbit/ArgeoSecurityManager.java      |  6 ----
 .../jackrabbit/GrantedAuthorityPrincipal.java | 12 ++++++++
 .../org.argeo.jcr.ui.explorer/plugin.xml      | 21 +++++++++++++
 6 files changed, 73 insertions(+), 17 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2cf560d38..6cd3dd046 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,11 +14,11 @@
 	<packaging>pom</packaging>
 	<properties>
 		<developmentCycle>0.2</developmentCycle>
-		<version.argeo-distribution>1.1.3-SNAPSHOT</version.argeo-distribution>
+		<version.argeo-distribution>1.1.3</version.argeo-distribution>
 		<version.argeo-commons>0.2.3-SNAPSHOT</version.argeo-commons>
 		<version.argeo-ria>0.12.5</version.argeo-ria>
 		<version.equinox>3.6.1</version.equinox>
-		<version.maven-argeo-osgi>0.1.31-SNAPSHOT</version.maven-argeo-osgi>
+		<version.maven-argeo-osgi>0.1.31</version.maven-argeo-osgi>
 		<version.maven-bundle-plugin>2.2.0</version.maven-bundle-plugin>
 		<version.maven-argeo-qooxdoo>1.1.1</version.maven-argeo-qooxdoo>
 		<site.repoBase>file:///srv/projects/www/commons/site</site.repoBase>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
index a02221e32..3235a9602 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/KeyBasedSystemExecutionService.java
@@ -1,5 +1,9 @@
 package org.argeo.security.core;
 
+import java.security.AccessController;
+
+import javax.security.auth.Subject;
+
 import org.argeo.ArgeoException;
 import org.argeo.security.SystemExecutionService;
 import org.springframework.core.task.SimpleAsyncTaskExecutor;
@@ -39,12 +43,21 @@ public class KeyBasedSystemExecutionService implements SystemExecutionService,
 						.getContext();
 				Authentication currentAuth = securityContext
 						.getAuthentication();
-				if (currentAuth != null) {
+				if (currentAuth != null)
 					throw new ArgeoException(
 							"System execution on an already authenticated thread: "
 									+ currentAuth + ", THREAD="
 									+ Thread.currentThread().getId());
-				}
+
+				Subject subject = Subject.getSubject(AccessController
+						.getContext());
+				if (subject != null
+						&& !subject.getPrincipals(Authentication.class)
+								.isEmpty())
+					throw new ArgeoException(
+							"There is already an authenticated subject: "
+									+ subject);
+
 				Authentication auth = authenticationManager
 						.authenticate(new InternalAuthentication(
 								systemAuthenticationKey));
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index a83b6d56b..f30af7060 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -37,13 +37,22 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 	}
 
 	protected Set<Principal> getPrincipals() {
+		// clear already registered Jackrabbit principals
+		clearPrincipals(AdminPrincipal.class);
+		clearPrincipals(AnonymousPrincipal.class);
+		clearPrincipals(GrantedAuthorityPrincipal.class);
+
+		return syncPrincipals();
+	}
+
+	protected Set<Principal> syncPrincipals() {
 		// use linked HashSet instead of HashSet in order to maintain the order
 		// of principals (as in the Subject).
-		Set<Principal> principals = new LinkedHashSet<Principal>();
-		principals.add(principal);
-
 		org.springframework.security.Authentication authen = (org.springframework.security.Authentication) principal;
 
+		Set<Principal> principals = new LinkedHashSet<Principal>();
+		principals.add(authen);
+
 		if (authen instanceof SystemAuthentication)
 			principals.add(new AdminPrincipal(authen.getName()));
 		else if (authen instanceof AnonymousAuthenticationToken)
@@ -56,6 +65,11 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 					principals.add(new AdminPrincipal(authen.getName()));
 			}
 
+		// remove previous credentials
+		Set<SimpleCredentials> thisCredentials = subject
+				.getPublicCredentials(SimpleCredentials.class);
+		if (thisCredentials != null)
+			thisCredentials.clear();
 		// override credentials since we did not used the one passed to us
 		credentials = new SimpleCredentials(authen.getName(), authen
 				.getCredentials().toString().toCharArray());
@@ -73,10 +87,12 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 		clearPrincipals(AdminPrincipal.class);
 		clearPrincipals(AnonymousPrincipal.class);
 		clearPrincipals(GrantedAuthorityPrincipal.class);
-		Set<SimpleCredentials> thisCredentials = subject
-				.getPublicCredentials(SimpleCredentials.class);
-		if (thisCredentials != null)
-			thisCredentials.clear();
+
+		// we resync with Spring Security since the subject may have been reused
+		// in beetween
+		// TODO: check if this is clean
+		subject.getPrincipals().addAll(syncPrincipals());
+
 		return true;
 	}
 
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index 6b58c6f69..1838dd05e 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -6,20 +6,14 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import javax.jcr.AccessDeniedException;
 import javax.jcr.Node;
-import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.lock.LockException;
-import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
-import javax.jcr.version.VersionException;
 import javax.security.auth.Subject;
 
 import org.apache.commons.logging.Log;
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/GrantedAuthorityPrincipal.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/GrantedAuthorityPrincipal.java
index bf2eff60a..4e9b87abd 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/GrantedAuthorityPrincipal.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/GrantedAuthorityPrincipal.java
@@ -17,4 +17,16 @@ class GrantedAuthorityPrincipal implements Principal {
 		return grantedAuthority.getAuthority();
 	}
 
+	@Override
+	public int hashCode() {
+		return getName().hashCode();
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (!(obj instanceof GrantedAuthorityPrincipal))
+			return false;
+		return getName().equals(((GrantedAuthorityPrincipal) obj).getName());
+	}
+
 }
diff --git a/server/plugins/org.argeo.jcr.ui.explorer/plugin.xml b/server/plugins/org.argeo.jcr.ui.explorer/plugin.xml
index 5fc087c78..ad403464d 100644
--- a/server/plugins/org.argeo.jcr.ui.explorer/plugin.xml
+++ b/server/plugins/org.argeo.jcr.ui.explorer/plugin.xml
@@ -101,4 +101,25 @@
      </command>
   </menuContribution>
 	</extension>
+  <extension
+           point="org.eclipse.ui.activities">
+        <activity
+              description="Only for admins"
+              id="org.argeo.jcr.ui.explorer.adminActivity"
+              name="Admin">
+		  <enabledWhen>
+		    <with variable="roles">
+		      <iterate ifEmpty="false" operator="or">
+		        <equals value="ROLE_ADMIN" />
+		      </iterate>
+		    </with>
+		  </enabledWhen>
+        </activity>
+        <!-- TODO: find a way to exclude evrything -->
+        <activityPatternBinding
+              activityId="org.argeo.jcr.ui.explorer.adminActivity"
+              isEqualityPattern="true"
+              pattern="org.argeo.jcr.ui.explorer/org.argeo.jcr.ui.explorer.perspective">
+        </activityPatternBinding>
+     </extension>
 </plugin>
-- 
2.30.2