From f76a1c1822e9f936fe44f3df6c89ab1b7ed2534f Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Tue, 19 Mar 2013 19:03:04 +0000
Subject: [PATCH] Merge Remote RCP not working
 https://www.argeo.org/bugzilla/show_bug.cgi?id=148

git-svn-id: https://svn.argeo.org/commons/branches/1.x@6177 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 demo/argeo_node_rcp_remote.properties         |  2 +-
 .../META-INF/spring/repofactory.xml           | 10 +++++
 .../META-INF/spring/security-jcr-osgi.xml     | 15 +++++--
 .../META-INF/spring/security-jcr-services.xml |  5 +++
 .../plugins/org.argeo.security.ui/plugin.xml  | 16 ++++++-
 .../security/jcr/OsJcrUserAdminService.java   | 42 ++++++++++++-------
 .../jcr/RemoteJcrAuthenticationProvider.java  | 11 +++--
 .../security/jcr/SimpleJcrSecurityModel.java  |  6 +++
 8 files changed, 82 insertions(+), 25 deletions(-)
 create mode 100644 security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/repofactory.xml

diff --git a/demo/argeo_node_rcp_remote.properties b/demo/argeo_node_rcp_remote.properties
index 171de44e8..1a6dfba67 100644
--- a/demo/argeo_node_rcp_remote.properties
+++ b/demo/argeo_node_rcp_remote.properties
@@ -5,7 +5,7 @@ org.argeo.security.dao.jackrabbit,\
 org.argeo.security.equinox,\
 
 #org.argeo.security.ui.initialPerspective=org.argeo.osgi.ui.explorer.perspective
-argeo.node.repo.uri=http://localhost:7070/org.argeo.jcr.webapp/remoting/node
+argeo.node.repo.uri=http://localhost:7070/data/jcr/node
 
 log4j.configuration=file:../../log4j.properties
 
diff --git a/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/repofactory.xml b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/repofactory.xml
new file mode 100644
index 000000000..a00c9b00d
--- /dev/null
+++ b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/repofactory.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+	<bean id="repositoryFactory" class="org.argeo.jackrabbit.OsgiJackrabbitRepositoryFactory">
+		<property name="bundleContext" ref="bundleContext" />
+	</bean>
+
+</beans>
\ No newline at end of file
diff --git a/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-osgi.xml b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-osgi.xml
index de60f22ea..9f6d43256 100644
--- a/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-osgi.xml
+++ b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-osgi.xml
@@ -9,11 +9,20 @@
        http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-2.5.xsd">
 
-	<!-- REFERENCE -->
-	<reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory" />
-
 	<!-- SERVICES -->
 	<service ref="authenticationManager"
 		interface="org.springframework.security.AuthenticationManager" />
 
+	<service ref="repositoryFactory" interface="javax.jcr.RepositoryFactory" />
+
+	<!-- User management -->
+	<service ref="userDetailsManager"
+		interface="org.springframework.security.userdetails.UserDetailsService"
+		context-class-loader="service-provider" />
+	<service ref="userDetailsManager"
+		interface="org.springframework.security.userdetails.UserDetailsManager"
+		context-class-loader="service-provider" />
+	<service ref="userDetailsManager" interface="org.argeo.security.UserAdminService"
+		context-class-loader="service-provider" />
+
 </beans:beans>
\ No newline at end of file
diff --git a/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
index ce2361ef4..1300a0550 100644
--- a/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
+++ b/security/modules/org.argeo.security.dao.jackrabbit/META-INF/spring/security-jcr-services.xml
@@ -32,4 +32,9 @@
 		<property name="key" value="${argeo.security.systemKey}" />
 	</bean>
 
+	<!-- Dummy user manager -->
+	<bean id="userDetailsManager" class="org.argeo.security.jcr.OsJcrUserAdminService"
+		init-method="init" destroy-method="destroy">
+	</bean>
+
 </beans>
\ No newline at end of file
diff --git a/security/plugins/org.argeo.security.ui/plugin.xml b/security/plugins/org.argeo.security.ui/plugin.xml
index b21c13808..cb139d7b6 100644
--- a/security/plugins/org.argeo.security.ui/plugin.xml
+++ b/security/plugins/org.argeo.security.ui/plugin.xml
@@ -75,7 +75,7 @@
         <activity
               description="Non admins"
               id="org.argeo.security.ui.notAdminActivity"
-              name="Admin">
+              name="Not Admin">
 		  <enabledWhen>
 		  	<not>
 		    <with variable="roles">
@@ -86,6 +86,20 @@
 		  	</not>
 		  </enabledWhen>
         </activity>
+        <activity
+              description="Non remote"
+              id="org.argeo.security.ui.notRemoteActivity"
+              name="NonRemote">
+		  <enabledWhen>
+		  	<not>
+		    <with variable="roles">
+		      <iterate ifEmpty="false" operator="or">
+		        <equals value="ROLE_REMOTE" />
+		      </iterate>
+		    </with>
+		  	</not>
+		  </enabledWhen>
+        </activity>
         <activityPatternBinding
               activityId="org.argeo.security.ui.adminActivity"
               isEqualityPattern="true"
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrUserAdminService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrUserAdminService.java
index 8dec3b4eb..c25bdb865 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrUserAdminService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrUserAdminService.java
@@ -15,7 +15,9 @@
  */
 package org.argeo.security.jcr;
 
+import java.util.ArrayList;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.jcr.Node;
@@ -28,6 +30,7 @@ import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
 import org.argeo.security.UserAdminService;
 import org.springframework.dao.DataAccessException;
+import org.springframework.security.userdetails.User;
 import org.springframework.security.userdetails.UserDetails;
 import org.springframework.security.userdetails.UsernameNotFoundException;
 
@@ -38,6 +41,9 @@ import org.springframework.security.userdetails.UsernameNotFoundException;
 public class OsJcrUserAdminService implements UserAdminService {
 	private Repository repository;
 
+	/** In memory roles provided by applications. */
+	private List<String> roles = new ArrayList<String>();
+
 	// private Session adminSession;
 
 	public void init() {
@@ -82,19 +88,24 @@ public class OsJcrUserAdminService implements UserAdminService {
 	public UserDetails loadUserByUsername(String username)
 			throws UsernameNotFoundException, DataAccessException {
 		if (getSPropertyUsername().equals(username)) {
-			JcrUserDetails userDetails;
-			Session adminSession = null;
-			try {
-				adminSession = repository.login();
-				Node userProfile = UserJcrUtils.getUserProfile(adminSession,
-						username);
-				userDetails = new JcrUserDetails(userProfile, "",
+			UserDetails userDetails;
+			if (repository != null) {
+				Session adminSession = null;
+				try {
+					adminSession = repository.login();
+					Node userProfile = UserJcrUtils.getUserProfile(
+							adminSession, username);
+					userDetails = new JcrUserDetails(userProfile, "",
+							OsJcrAuthenticationProvider.getBaseAuthorities());
+				} catch (RepositoryException e) {
+					throw new ArgeoException(
+							"Cannot retrieve user profile for " + username, e);
+				} finally {
+					JcrUtils.logoutQuietly(adminSession);
+				}
+			} else {
+				userDetails = new User(username, "", true, true, true, true,
 						OsJcrAuthenticationProvider.getBaseAuthorities());
-			} catch (RepositoryException e) {
-				throw new ArgeoException("Cannot retrieve user profile for "
-						+ username, e);
-			} finally {
-				JcrUtils.logoutQuietly(adminSession);
 			}
 			return userDetails;
 		} else {
@@ -124,17 +135,16 @@ public class OsJcrUserAdminService implements UserAdminService {
 
 	/** <b>Unsupported</b> */
 	public void newRole(String role) {
-		throw new UnsupportedOperationException();
+		roles.add(role);
 	}
 
 	public Set<String> listEditableRoles() {
-		Set<String> set = new HashSet<String>();
-		return set;
+		return new HashSet<String>(roles);
 	}
 
 	/** <b>Unsupported</b> */
 	public void deleteRole(String role) {
-		throw new UnsupportedOperationException();
+		roles.remove(role);
 	}
 
 	public void setRepository(Repository repository) {
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
index a7cf268ad..b32ba8ea9 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
@@ -46,6 +46,8 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
 	private RepositoryFactory repositoryFactory;
 	private BundleContext bundleContext;
 
+	public final static String ROLE_REMOTE = "ROLE_REMOTE";
+
 	public Authentication authenticate(Authentication authentication)
 			throws AuthenticationException {
 		NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
@@ -95,17 +97,18 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
 		}
 
 		try {
-			Node userHome = UserJcrUtils.getUserHome(session);
+			// Node userHome = UserJcrUtils.getUserHome(session);
 			// retrieve remote roles
 			List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
-			if (userHome != null
-					&& userHome.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
-				Value[] roles = userHome.getProperty(
+			if (userProfile != null
+					&& userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
+				Value[] roles = userProfile.getProperty(
 						ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
 				for (int i = 0; i < roles.length; i++)
 					authoritiesList.add(new GrantedAuthorityImpl(roles[i]
 							.getString()));
 			}
+			authoritiesList.add(new GrantedAuthorityImpl(ROLE_REMOTE));
 
 			// create authenticated objects
 			GrantedAuthority[] authorities = authoritiesList
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/SimpleJcrSecurityModel.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/SimpleJcrSecurityModel.java
index b1c21b005..fc0158738 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/SimpleJcrSecurityModel.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/SimpleJcrSecurityModel.java
@@ -102,6 +102,12 @@ public class SimpleJcrSecurityModel implements JcrSecurityModel {
 						.getVersionManager();
 				if (versionManager.isCheckedOut(userProfile.getPath()))
 					versionManager.checkin(userProfile.getPath());
+
+			}
+
+			// Remote roles
+			if (roles != null) {
+				writeRemoteRoles(userProfile, roles);
 			}
 			return userProfile;
 		} catch (RepositoryException e) {
-- 
2.30.2