log4j.logger.org.argeo=DEBUG
log4j.logger.org.argeo.jackrabbit.remote.ExtendedDispatcherServlet=WARN
-log4j.logger.org.springframework.security=WARN
+log4j.logger.org.springframework.security=DEBUG
log4j.logger.org.apache.catalina=INFO
log4j.logger.org.apache.coyote=INFO
</list>
</property>
<property name="systemExecutor" ref="systemExecutionService" />
+ <property name="passwordEncoder" ref="passwordEncoder" />
+ <property name="session" ref="nodeSession" />
<property name="propertyToAttributes">
<map>
<entry value="cn">
<key>
- <util:constant static-field="org.argeo.jcr.ArgeoNames.ARGEO_DISPLAY_NAME" />
+ <util:constant static-field="javax.jcr.Property.JCR_TITLE" />
+ </key>
+ </entry>
+ <entry value="description">
+ <key>
+ <util:constant static-field="javax.jcr.Property.JCR_DESCRIPTION" />
</key>
</entry>
<entry value="givenName">
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
<!-- REFERENCES -->\r
- <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper"\r
- cardinality="0..N" />\r
- <reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory"\r
- cardinality="0..1">\r
- <listener ref="jcrUserDetailsContextMapper" bind-method="register"\r
- unbind-method="unregister" />\r
- </reference>\r
+<!-- <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper" -->\r
+<!-- cardinality="0..N" /> -->\r
+<!-- <reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory" -->\r
+<!-- cardinality="0..1"> -->\r
+<!-- <listener ref="jcrUserDetailsContextMapper" bind-method="register" -->\r
+<!-- unbind-method="unregister" /> -->\r
+<!-- </reference> -->\r
+ <reference id="nodeSession" interface="javax.jcr.Session"\r
+ filter="(argeo.jcr.repository.alias=node)" />\r
<reference id="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
\r
<!-- SERVICES -->\r
<service ref="userDetailsManager"\r
interface="org.springframework.security.userdetails.UserDetailsService"\r
context-class-loader="service-provider" />\r
+ <service ref="userDetailsManager"\r
+ interface="org.springframework.security.userdetails.UserDetailsManager"\r
+ context-class-loader="service-provider" />\r
</beans:beans>
\ No newline at end of file
package org.argeo.security.equinox;
import java.util.Map;
+import java.util.concurrent.Executor;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
/** Login module which caches one subject per thread. */
public class SpringLoginModule extends SecurityContextLoginModule {
private AuthenticationManager authenticationManager;
+ private Executor systemExecutor;
private CallbackHandler callbackHandler;
username, password, url, workspace);
try {
+
Authentication authentication = authenticationManager
.authenticate(credentials);
registerAuthentication(authentication);
this.authenticationManager = authenticationManager;
}
+ public void setSystemExecutor(Executor systemExecutor) {
+ this.systemExecutor = systemExecutor;
+ }
+
// protected Subject getSubject() {
// return subject.get();
// }
<bean id="adminArgeoUserEditor" class="org.argeo.security.ui.admin.editors.ArgeoUserEditor"
scope="prototype">
<property name="userAdminService" ref="userAdminService" />
+ <property name="userDetailsManager" ref="userDetailsManager" />
</bean>
</beans>
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd"\r
osgi:default-timeout="30000">\r
\r
+ <reference id="jcrSession" interface="javax.jcr.Session"\r
+ filter="(argeo.jcr.repository.alias=node)" />\r
<reference id="userAdminService" interface="org.argeo.security.UserAdminService" />\r
+ <reference id="currentUserService" interface="org.argeo.security.CurrentUserService" />\r
+ <reference id="userDetailsManager"\r
+ interface="org.springframework.security.userdetails.UserDetailsManager" />\r
</beans:beans>
\ No newline at end of file
<bean id="adminUsersView" class="org.argeo.security.ui.admin.views.UsersView"
scope="prototype">
- <property name="userAdminService" ref="userAdminService" />
+<!-- <property name="userAdminService" ref="userAdminService" /> -->
+ <property name="session" ref="jcrSession" />
</bean>
<bean id="adminRolesView" class="org.argeo.security.ui.admin.views.RolesView"
scope="prototype">
class="org.argeo.security.ui.admin.SecurityAdminPerspective"
icon="icons/security.gif"
id="org.argeo.security.ui.admin.adminSecurityPerspective"
- name="Security">
+ name="Security Administration">
</perspective>
</extension>
<extension
<extension
point="org.eclipse.ui.menus">
<menuContribution
- locationURI="toolbar:org.argeo.security.ui.admin.rolesView">
+ locationURI="toolbar:org.argeo.security.ui.admin.adminRolesView">
<command
commandId="org.argeo.security.ui.admin.addRole"
icon="icons/add.gif"
</command>
</menuContribution>
<menuContribution
- locationURI="toolbar:org.argeo.security.ui.admin.usersView">
+ locationURI="toolbar:org.argeo.security.ui.admin.adminUsersView">
<command
commandId="org.argeo.security.ui.admin.newArgeoUserEditor"
icon="icons/add.gif"
</with>
</enabledWhen>
</activity>
+ <!-- TODO: find a way to exclude evrything -->
<activityPatternBinding
activityId="org.argeo.security.ui.admin.adminActivity"
isEqualityPattern="true"
- pattern="org.argeo.security.ui.admin/.*">
+ pattern="org.argeo.security.ui.admin/org.argeo.security.ui.admin.adminSecurityPerspective">
</activityPatternBinding>
</extension>
</plugin>
import org.argeo.ArgeoException;
import org.argeo.security.UserAdminService;
+import org.argeo.security.ui.admin.editors.ArgeoUserEditor;
import org.argeo.security.ui.admin.views.RolesView;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
import org.eclipse.core.commands.ExecutionException;
+import org.eclipse.ui.IEditorReference;
+import org.eclipse.ui.IWorkbenchPage;
import org.eclipse.ui.handlers.HandlerUtil;
+import org.eclipse.ui.internal.EditorReference;
/** Add a new role. */
public class AddRole extends AbstractHandler {
throw new ArgeoException("Role " + role + " already exists");
userAdminService.newRole(role);
rolesView.refresh();
+
+ // refresh editors
+ IEditorReference[] refs = HandlerUtil.getActiveWorkbenchWindow(event)
+ .getActivePage()
+ .findEditors(null, ArgeoUserEditor.ID, IWorkbenchPage.MATCH_ID);
+ for (IEditorReference ref : refs) {
+ ArgeoUserEditor userEditor = (ArgeoUserEditor) ref.getEditor(false);
+ if (userEditor != null) {
+ userEditor.refresh();
+ }
+ }
return null;
}
package org.argeo.security.ui.admin.editors;
+import javax.jcr.Node;
+
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoNames;
import org.argeo.security.ArgeoUser;
import org.argeo.security.SimpleArgeoUser;
import org.argeo.security.UserAdminService;
+import org.argeo.security.jcr.JcrUserDetails;
import org.argeo.security.nature.SimpleUserNature;
+import org.argeo.security.ui.admin.SecurityAdminPlugin;
+import org.argeo.security.ui.admin.views.UsersView;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.ui.IEditorInput;
import org.eclipse.ui.IEditorSite;
+import org.eclipse.ui.IWorkbench;
import org.eclipse.ui.PartInitException;
import org.eclipse.ui.forms.editor.FormEditor;
+import org.springframework.security.userdetails.UserDetailsManager;
/** Editor for an Argeo user. */
public class ArgeoUserEditor extends FormEditor {
public final static String ID = "org.argeo.security.ui.admin.adminArgeoUserEditor";
private ArgeoUser user;
+ private JcrUserDetails userDetails;
+ private Node userHome;
private UserAdminService userAdminService;
+ private UserDetailsManager userDetailsManager;
public void init(IEditorSite site, IEditorInput input)
throws PartInitException {
super.init(site, input);
+ userHome = ((ArgeoUserEditorInput) getEditorInput()).getUserHome();
String username = ((ArgeoUserEditorInput) getEditorInput())
.getUsername();
+
+ userDetails = (JcrUserDetails) userDetailsManager
+ .loadUserByUsername(username);
+
if (username == null) {// new
user = new SimpleArgeoUser();
user.getUserNatures().put(SimpleUserNature.TYPE,
new SimpleUserNature());
} else
user = userAdminService.getUser(username);
+
this.setPartProperty("name", username != null ? username : "<new user>");
setPartName(username != null ? username : "<new user>");
}
protected void addPages() {
try {
- addPage(new DefaultUserMainPage(this, userAdminService, user));
-
- } catch (PartInitException e) {
- throw new ArgeoException("Not able to add page ", e);
+ addPage(new DefaultUserMainPage(this,
+ userHome.getNode(ArgeoNames.ARGEO_USER_PROFILE)));
+ addPage(new UserRolesPage(this, userDetails, userAdminService));
+ } catch (Exception e) {
+ throw new ArgeoException("Cannot add pages", e);
}
}
public void doSave(IProgressMonitor monitor) {
// list pages
// TODO: make it more generic
- findPage(DefaultUserMainPage.ID).doSave(monitor);
+ DefaultUserMainPage defaultUserMainPage = (DefaultUserMainPage) findPage(DefaultUserMainPage.ID);
+ if (defaultUserMainPage.isDirty()) {
+ defaultUserMainPage.doSave(monitor);
+ String newPassword = defaultUserMainPage.getNewPassword();
+ defaultUserMainPage.resetNewPassword();
+ if (newPassword != null)
+ userDetails = userDetails.cloneWithNewPassword(newPassword);
+ }
- if (userAdminService.userExists(user.getUsername()))
- userAdminService.updateUser(user);
- else {
- userAdminService.newUser(user);
- setPartName(user.getUsername());
+ UserRolesPage userRolesPage = (UserRolesPage) findPage(UserRolesPage.ID);
+ if (userRolesPage.isDirty()) {
+ userRolesPage.doSave(monitor);
+ userDetails = userDetails.cloneWithNewRoles(userRolesPage
+ .getRoles());
}
+
+ userDetailsManager.updateUser(userDetails);
+
+ // if (userAdminService.userExists(user.getUsername()))
+ // userAdminService.updateUser(user);
+ // else {
+ // userAdminService.newUser(user);
+ // setPartName(user.getUsername());
+ // }
firePropertyChange(PROP_DIRTY);
+
+ userRolesPage.setUserDetails(userDetails);
+
+ // refresh users view
+ IWorkbench iw = SecurityAdminPlugin.getDefault().getWorkbench();
+ UsersView usersView = (UsersView) iw.getActiveWorkbenchWindow()
+ .getActivePage().findView(UsersView.ID);
+ usersView.refresh();
}
@Override
return false;
}
+ public void refresh() {
+ UserRolesPage userRolesPage = (UserRolesPage) findPage(UserRolesPage.ID);
+ userRolesPage.refresh();
+ }
+
public void setUserAdminService(UserAdminService userAdminService) {
this.userAdminService = userAdminService;
}
+
+ public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
+ this.userDetailsManager = userDetailsManager;
+ }
+
}
package org.argeo.security.ui.admin.editors;
+import javax.jcr.Node;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.ValueFormatException;
+
+import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoNames;
import org.eclipse.jface.resource.ImageDescriptor;
import org.eclipse.ui.IEditorInput;
import org.eclipse.ui.IPersistableElement;
/** Editor input for an Argeo user. */
public class ArgeoUserEditorInput implements IEditorInput {
private final String username;
+ private final Node userHome;
+ @Deprecated
public ArgeoUserEditorInput(String username) {
this.username = username;
+ this.userHome = null;
+ }
+
+ public ArgeoUserEditorInput(Node userHome) {
+ try {
+ this.username = userHome.getProperty(ArgeoNames.ARGEO_USER_ID)
+ .getString();
+ this.userHome = userHome;
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot initialize editor input for "
+ + userHome, e);
+ }
}
public Object getAdapter(@SuppressWarnings("rawtypes") Class adapter) {
return username;
}
+ public Node getUserHome() {
+ return userHome;
+ }
+
}
package org.argeo.security.ui.admin.editors;
+import java.util.Arrays;
+
+import javax.jcr.Node;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.UserAdminService;
-import org.argeo.security.nature.SimpleUserNature;
-import org.argeo.security.ui.admin.SecurityAdminPlugin;
-import org.eclipse.jface.viewers.CellEditor;
-import org.eclipse.jface.viewers.CheckboxCellEditor;
-import org.eclipse.jface.viewers.ColumnLabelProvider;
-import org.eclipse.jface.viewers.EditingSupport;
-import org.eclipse.jface.viewers.IStructuredContentProvider;
-import org.eclipse.jface.viewers.TableViewer;
-import org.eclipse.jface.viewers.TableViewerColumn;
-import org.eclipse.jface.viewers.Viewer;
+import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoNames;
import org.eclipse.swt.SWT;
import org.eclipse.swt.events.ModifyEvent;
import org.eclipse.swt.events.ModifyListener;
-import org.eclipse.swt.graphics.Image;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.Composite;
-import org.eclipse.swt.widgets.Table;
-import org.eclipse.swt.widgets.TableColumn;
+import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.Text;
import org.eclipse.ui.forms.AbstractFormPart;
import org.eclipse.ui.forms.IManagedForm;
import org.eclipse.ui.forms.SectionPart;
import org.eclipse.ui.forms.editor.FormEditor;
import org.eclipse.ui.forms.editor.FormPage;
-import org.eclipse.ui.forms.widgets.ColumnLayout;
import org.eclipse.ui.forms.widgets.FormToolkit;
import org.eclipse.ui.forms.widgets.ScrolledForm;
import org.eclipse.ui.forms.widgets.Section;
/**
- * Display/edit the properties common to all {@link ArgeoUser} (username and
- * roles) as well as the properties of the {@link SimpleUserNature}.
+ * Display/edit the properties common to all Argeo users
*/
-public class DefaultUserMainPage extends FormPage {
+public class DefaultUserMainPage extends FormPage implements ArgeoNames {
final static String ID = "argeoUserEditor.mainPage";
private final static Log log = LogFactory.getLog(DefaultUserMainPage.class);
- private final static Image ROLE_CHECKED = SecurityAdminPlugin
- .getImageDescriptor("icons/security.gif").createImage();
+ private Node userProfile;
- private ArgeoUser user;
- private SimpleUserNature simpleNature;
- private String simpleNatureType;
- private UserAdminService securityService;
+ private char[] newPassword;
- public DefaultUserMainPage(FormEditor editor,
- UserAdminService securityService, ArgeoUser user) {
+ public DefaultUserMainPage(FormEditor editor, Node userProfile) {
super(editor, ID, "Main");
- this.securityService = securityService;
- this.user = user;
- this.simpleNature = SimpleUserNature.findSimpleUserNature(user,
- simpleNatureType);
+ this.userProfile = userProfile;
}
protected void createFormContent(final IManagedForm mf) {
- ScrolledForm form = mf.getForm();
- form.setText(simpleNature.getFirstName() + " "
- + simpleNature.getLastName());
- ColumnLayout mainLayout = new ColumnLayout();
- mainLayout.minNumColumns = 1;
- mainLayout.maxNumColumns = 4;
- mainLayout.topMargin = 0;
- mainLayout.bottomMargin = 5;
- mainLayout.leftMargin = mainLayout.rightMargin = mainLayout.horizontalSpacing = mainLayout.verticalSpacing = 10;
- form.getBody().setLayout(mainLayout);
-
- createGeneralPart(form.getBody());
- createRolesPart(form.getBody());
- createPassworPart(form.getBody());
+ try {
+ ScrolledForm form = mf.getForm();
+ form.setText(userProfile.getProperty(ARGEO_FIRST_NAME).getString()
+ + " "
+ + userProfile.getProperty(ARGEO_LAST_NAME).getString());
+ GridLayout mainLayout = new GridLayout(1, true);
+ // ColumnLayout mainLayout = new ColumnLayout();
+ // mainLayout.minNumColumns = 1;
+ // mainLayout.maxNumColumns = 4;
+ // mainLayout.topMargin = 0;
+ // mainLayout.bottomMargin = 5;
+ // mainLayout.leftMargin = mainLayout.rightMargin =
+ // mainLayout.horizontalSpacing = mainLayout.verticalSpacing = 10;
+ form.getBody().setLayout(mainLayout);
+
+ createGeneralPart(form.getBody());
+ createPassworPart(form.getBody());
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot create form content", e);
+ }
}
/** Creates the general section */
- protected void createGeneralPart(Composite parent) {
+ protected void createGeneralPart(Composite parent)
+ throws RepositoryException {
FormToolkit tk = getManagedForm().getToolkit();
Section section = tk.createSection(parent, Section.TITLE_BAR);
+ section.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
section.setText("General");
-
Composite body = tk.createComposite(section, SWT.WRAP);
section.setClient(body);
- GridLayout layout = new GridLayout();
- layout.marginWidth = layout.marginHeight = 0;
- layout.numColumns = 2;
+ GridLayout layout = new GridLayout(2, false);
+ body.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
body.setLayout(layout);
// add widgets (view)
- final Text username;
- if (user.getUsername() != null) {
- tk.createLabel(body, "Username");
- tk.createLabel(body, user.getUsername());
- username = null;
- } else {
- username = createLT(body, "Username", "");
- }
+ // final Text username;
+ // if (user.getUsername() != null) {
+ // tk.createLabel(body, "Username");
+ // tk.createLabel(body, user.getUsername());
+ // username = null;
+ // } else {
+ // username = createLT(body, "Username", "");
+ // }
final Text firstName = createLT(body, "First name",
- simpleNature.getFirstName());
+ userProfile.getProperty(ARGEO_FIRST_NAME));
final Text lastName = createLT(body, "Last name",
- simpleNature.getLastName());
- final Text email = createLT(body, "Email", simpleNature.getEmail());
+ userProfile.getProperty(ARGEO_LAST_NAME));
+ final Text email = createLT(body, "Email",
+ userProfile.getProperty(ARGEO_PRIMARY_EMAIL));
final Text description = createLT(body, "Description",
- simpleNature.getDescription());
+ userProfile.getProperty(Property.JCR_DESCRIPTION));
// create form part (controller)
AbstractFormPart part = new SectionPart(section) {
public void commit(boolean onSave) {
- if (username != null) {
- ((SimpleArgeoUser) user).setUsername(username.getText());
- username.setEditable(false);
- username.setEnabled(false);
+ // if (username != null) {
+ // ((SimpleArgeoUser) user).setUsername(username.getText());
+ // username.setEditable(false);
+ // username.setEnabled(false);
+ // }
+ // simpleNature.setFirstName(firstName.getText());
+ // simpleNature.setLastName(lastName.getText());
+ // simpleNature.setEmail(email.getText());
+ // simpleNature.setDescription(description.getText());
+ try {
+ userProfile.setProperty(ARGEO_FIRST_NAME,
+ firstName.getText());
+ userProfile
+ .setProperty(ARGEO_LAST_NAME, lastName.getText());
+ userProfile.setProperty(ARGEO_PRIMARY_EMAIL,
+ email.getText());
+ userProfile.setProperty(Property.JCR_DESCRIPTION,
+ description.getText());
+ super.commit(onSave);
+ if (log.isTraceEnabled())
+ log.trace("General part committed");
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot commit", e);
}
- simpleNature.setFirstName(firstName.getText());
- simpleNature.setLastName(lastName.getText());
- simpleNature.setEmail(email.getText());
- simpleNature.setDescription(description.getText());
- super.commit(onSave);
- if (log.isTraceEnabled())
- log.trace("General part committed");
}
};
- if (username != null)
- username.addModifyListener(new FormPartML(part));
+ // if (username != null)
+ // username.addModifyListener(new FormPartML(part));
firstName.addModifyListener(new FormPartML(part));
lastName.addModifyListener(new FormPartML(part));
email.addModifyListener(new FormPartML(part));
protected void createPassworPart(Composite parent) {
FormToolkit tk = getManagedForm().getToolkit();
Section section = tk.createSection(parent, Section.TITLE_BAR);
+ section.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
section.setText("Password");
Composite body = tk.createComposite(section, SWT.WRAP);
section.setClient(body);
- GridLayout layout = new GridLayout();
- layout.marginWidth = layout.marginHeight = 0;
- layout.numColumns = 2;
+ GridLayout layout = new GridLayout(2, false);
+ body.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, false));
body.setLayout(layout);
// add widgets (view)
final Text password2 = createLP(body, "Repeat password", "");
// create form part (controller)
AbstractFormPart part = new SectionPart(section) {
+
public void commit(boolean onSave) {
if (!password1.getText().equals("")
- && password1.getText().equals(password2.getText())) {
- ((SimpleArgeoUser) user).setPassword(password1.getText());
+ || !password2.getText().equals("")) {
+ if (password1.getText().equals(password2.getText())) {
+ newPassword = password1.getText().toCharArray();
+ password1.setText("");
+ password2.setText("");
+ super.commit(onSave);
+ } else {
+ password1.setText("");
+ password2.setText("");
+ throw new ArgeoException("Passwords are not equals");
+ }
}
- super.commit(onSave);
- if (log.isTraceEnabled())
- log.trace("Password part committed");
}
+
};
password1.addModifyListener(new FormPartML(part));
password2.addModifyListener(new FormPartML(part));
getManagedForm().addPart(part);
}
- /** Creates the role section */
- protected void createRolesPart(Composite parent) {
- FormToolkit tk = getManagedForm().getToolkit();
- Section section = tk.createSection(parent, Section.DESCRIPTION
- | Section.TITLE_BAR);
- section.setText("Roles");
- section.setDescription("Roles define "
- + "the authorizations for this user.");
- Table table = new Table(section, SWT.MULTI | SWT.H_SCROLL
- | SWT.V_SCROLL);
- section.setClient(table);
-
- AbstractFormPart part = new SectionPart(section) {
- public void commit(boolean onSave) {
- // roles have already been modified in editing
- super.commit(onSave);
- if (log.isTraceEnabled())
- log.trace("Role part committed");
- }
- };
- getManagedForm().addPart(part);
-
- GridData gridData = new GridData(SWT.FILL, SWT.FILL, true, true);
- gridData.verticalSpan = 20;
- table.setLayoutData(gridData);
- table.setLinesVisible(true);
- table.setHeaderVisible(false);
- TableViewer viewer = new TableViewer(table);
-
- // check column
- TableViewerColumn column = createTableViewerColumn(viewer, "checked",
- 20);
- column.setLabelProvider(new ColumnLabelProvider() {
- public String getText(Object element) {
- return null;
- }
-
- public Image getImage(Object element) {
- String role = element.toString();
- if (user.getRoles().contains(role)) {
- return ROLE_CHECKED;
- } else {
- return null;
- }
- }
- });
- column.setEditingSupport(new RoleEditingSupport(viewer, part));
-
- // role column
- column = createTableViewerColumn(viewer, "Role", 200);
- column.setLabelProvider(new ColumnLabelProvider() {
- public String getText(Object element) {
- return element.toString();
- }
-
- public Image getImage(Object element) {
- return null;
- }
- });
- viewer.setContentProvider(new RolesContentProvider());
- viewer.setInput(getEditorSite());
- }
-
- protected TableViewerColumn createTableViewerColumn(TableViewer viewer,
- String title, int bound) {
- final TableViewerColumn viewerColumn = new TableViewerColumn(viewer,
- SWT.NONE);
- final TableColumn column = viewerColumn.getColumn();
- column.setText(title);
- column.setWidth(bound);
- column.setResizable(true);
- column.setMoveable(true);
- return viewerColumn;
-
- }
-
/** Creates label and text. */
protected Text createLT(Composite body, String label, String value) {
FormToolkit toolkit = getManagedForm().getToolkit();
- toolkit.createLabel(body, label);
+ Label lbl = toolkit.createLabel(body, label);
+ lbl.setLayoutData(new GridData(SWT.RIGHT, SWT.CENTER, false, false));
Text text = toolkit.createText(body, value, SWT.BORDER);
- text.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, true));
+ text.setLayoutData(new GridData(SWT.FILL, SWT.CENTER, true, false));
return text;
}
+ protected Text createLT(Composite body, String label, Property value)
+ throws RepositoryException {
+ return createLT(body, label, value.getString());
+ }
+
/** Creates label and password. */
protected Text createLP(Composite body, String label, String value) {
FormToolkit toolkit = getManagedForm().getToolkit();
- toolkit.createLabel(body, label);
+ Label lbl = toolkit.createLabel(body, label);
+ lbl.setLayoutData(new GridData(SWT.RIGHT, SWT.CENTER, false, false));
Text text = toolkit.createText(body, value, SWT.BORDER | SWT.PASSWORD);
- text.setLayoutData(new GridData(SWT.FILL, SWT.FILL, true, true));
+ text.setLayoutData(new GridData(SWT.FILL, SWT.CENTER, true, false));
return text;
}
- public void setSimpleNatureType(String simpleNatureType) {
- this.simpleNatureType = simpleNatureType;
- }
-
private class FormPartML implements ModifyListener {
private AbstractFormPart formPart;
}
- private class RolesContentProvider implements IStructuredContentProvider {
- public Object[] getElements(Object inputElement) {
- return securityService.listEditableRoles().toArray();
- }
-
- public void dispose() {
- }
-
- public void inputChanged(Viewer viewer, Object oldInput, Object newInput) {
- }
+ public String getNewPassword() {
+ if (newPassword != null)
+ return new String(newPassword);
+ else
+ return null;
}
- /** Select the columns by editing the checkbox in the first column */
- class RoleEditingSupport extends EditingSupport {
-
- private final TableViewer viewer;
- private final AbstractFormPart formPart;
-
- public RoleEditingSupport(TableViewer viewer, AbstractFormPart formPart) {
- super(viewer);
- this.viewer = viewer;
- this.formPart = formPart;
- }
-
- @Override
- protected CellEditor getCellEditor(Object element) {
- return new CheckboxCellEditor(null, SWT.CHECK | SWT.READ_ONLY);
-
- }
-
- @Override
- protected boolean canEdit(Object element) {
- return true;
- }
-
- @Override
- protected Object getValue(Object element) {
- String role = element.toString();
- return user.getRoles().contains(role);
-
- }
-
- @Override
- protected void setValue(Object element, Object value) {
- Boolean inRole = (Boolean) value;
- String role = element.toString();
- if (inRole && !user.getRoles().contains(role)) {
- user.getRoles().add(role);
- formPart.markDirty();
- } else if (!inRole && user.getRoles().contains(role)) {
- user.getRoles().remove(role);
- formPart.markDirty();
- }
- viewer.refresh();
- }
+ public void resetNewPassword() {
+ if (newPassword != null)
+ Arrays.fill(newPassword, 'x');
+ newPassword = null;
}
-
}
--- /dev/null
+package org.argeo.security.ui.admin.editors;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.jcr.ArgeoNames;
+import org.argeo.security.UserAdminService;
+import org.argeo.security.ui.admin.SecurityAdminPlugin;
+import org.eclipse.jface.viewers.CellEditor;
+import org.eclipse.jface.viewers.CheckboxCellEditor;
+import org.eclipse.jface.viewers.ColumnLabelProvider;
+import org.eclipse.jface.viewers.EditingSupport;
+import org.eclipse.jface.viewers.IStructuredContentProvider;
+import org.eclipse.jface.viewers.TableViewer;
+import org.eclipse.jface.viewers.TableViewerColumn;
+import org.eclipse.jface.viewers.Viewer;
+import org.eclipse.swt.SWT;
+import org.eclipse.swt.graphics.Image;
+import org.eclipse.swt.layout.FillLayout;
+import org.eclipse.swt.widgets.Composite;
+import org.eclipse.swt.widgets.Table;
+import org.eclipse.swt.widgets.TableColumn;
+import org.eclipse.ui.forms.AbstractFormPart;
+import org.eclipse.ui.forms.IManagedForm;
+import org.eclipse.ui.forms.editor.FormEditor;
+import org.eclipse.ui.forms.editor.FormPage;
+import org.eclipse.ui.forms.widgets.ScrolledForm;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.userdetails.UserDetails;
+
+/**
+ * Display/edit the roles of a user.
+ */
+public class UserRolesPage extends FormPage implements ArgeoNames {
+ final static String ID = "argeoUserEditor.rolesPage";
+
+ private final static Log log = LogFactory.getLog(UserRolesPage.class);
+ private final static Image ROLE_CHECKED = SecurityAdminPlugin
+ .getImageDescriptor("icons/security.gif").createImage();
+
+ private TableViewer rolesViewer;
+ private UserAdminService userAdminService;
+ private List<String> roles;
+
+ public UserRolesPage(FormEditor editor, UserDetails userDetails,
+ UserAdminService userAdminService) {
+ super(editor, ID, "Roles");
+ setUserDetails(userDetails);
+ this.userAdminService = userAdminService;
+ }
+
+ public void setUserDetails(UserDetails userDetails) {
+ this.roles = new ArrayList<String>();
+ for (GrantedAuthority ga : userDetails.getAuthorities())
+ roles.add(ga.getAuthority());
+ if (rolesViewer != null)
+ rolesViewer.refresh();
+ }
+
+ protected void createFormContent(final IManagedForm mf) {
+ ScrolledForm form = mf.getForm();
+ form.setText("Roles");
+ FillLayout mainLayout = new FillLayout();
+ // ColumnLayout mainLayout = new ColumnLayout();
+ // mainLayout.minNumColumns = 1;
+ // mainLayout.maxNumColumns = 4;
+ // mainLayout.topMargin = 0;
+ // mainLayout.bottomMargin = 5;
+ // mainLayout.leftMargin = mainLayout.rightMargin =
+ // mainLayout.horizontalSpacing = mainLayout.verticalSpacing = 10;
+ form.getBody().setLayout(mainLayout);
+ createRolesPart(form.getBody());
+ }
+
+ /** Creates the role section */
+ protected void createRolesPart(Composite parent) {
+ Table table = new Table(parent, SWT.MULTI | SWT.H_SCROLL | SWT.V_SCROLL);
+
+ AbstractFormPart part = new AbstractFormPart() {
+ public void commit(boolean onSave) {
+ // roles have already been modified in editing
+ super.commit(onSave);
+ if (log.isTraceEnabled())
+ log.trace("Role part committed");
+ }
+ };
+ getManagedForm().addPart(part);
+
+ // GridData gridData = new GridData(SWT.FILL, SWT.FILL, true, true);
+ // gridData.verticalSpan = 20;
+ // table.setLayoutData(gridData);
+ table.setLinesVisible(true);
+ table.setHeaderVisible(false);
+ rolesViewer = new TableViewer(table);
+
+ // check column
+ TableViewerColumn column = createTableViewerColumn(rolesViewer,
+ "checked", 20);
+ column.setLabelProvider(new ColumnLabelProvider() {
+ public String getText(Object element) {
+ return null;
+ }
+
+ public Image getImage(Object element) {
+ String role = element.toString();
+ if (roles.contains(role)) {
+ return ROLE_CHECKED;
+ } else {
+ return null;
+ }
+ }
+ });
+ column.setEditingSupport(new RoleEditingSupport(rolesViewer, part));
+
+ // role column
+ column = createTableViewerColumn(rolesViewer, "Role", 200);
+ column.setLabelProvider(new ColumnLabelProvider() {
+ public String getText(Object element) {
+ return element.toString();
+ }
+
+ public Image getImage(Object element) {
+ return null;
+ }
+ });
+ rolesViewer.setContentProvider(new RolesContentProvider());
+ rolesViewer.setInput(getEditorSite());
+ }
+
+ protected TableViewerColumn createTableViewerColumn(TableViewer viewer,
+ String title, int bound) {
+ final TableViewerColumn viewerColumn = new TableViewerColumn(viewer,
+ SWT.NONE);
+ final TableColumn column = viewerColumn.getColumn();
+ column.setText(title);
+ column.setWidth(bound);
+ column.setResizable(true);
+ column.setMoveable(true);
+ return viewerColumn;
+
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public void refresh() {
+ rolesViewer.refresh();
+ }
+
+ private class RolesContentProvider implements IStructuredContentProvider {
+ public Object[] getElements(Object inputElement) {
+ return userAdminService.listEditableRoles().toArray();
+ }
+
+ public void dispose() {
+ }
+
+ public void inputChanged(Viewer viewer, Object oldInput, Object newInput) {
+ }
+ }
+
+ /** Select the columns by editing the checkbox in the first column */
+ class RoleEditingSupport extends EditingSupport {
+
+ private final TableViewer viewer;
+ private final AbstractFormPart formPart;
+
+ public RoleEditingSupport(TableViewer viewer, AbstractFormPart formPart) {
+ super(viewer);
+ this.viewer = viewer;
+ this.formPart = formPart;
+ }
+
+ @Override
+ protected CellEditor getCellEditor(Object element) {
+ return new CheckboxCellEditor(null, SWT.CHECK | SWT.READ_ONLY);
+
+ }
+
+ @Override
+ protected boolean canEdit(Object element) {
+ return true;
+ }
+
+ @Override
+ protected Object getValue(Object element) {
+ String role = element.toString();
+ return roles.contains(role);
+
+ }
+
+ @Override
+ protected void setValue(Object element, Object value) {
+ Boolean inRole = (Boolean) value;
+ String role = element.toString();
+ if (inRole && !roles.contains(role)) {
+ roles.add(role);
+ formPart.markDirty();
+ } else if (!inRole && roles.contains(role)) {
+ roles.remove(role);
+ formPart.markDirty();
+ }
+ viewer.refresh();
+ }
+ }
+
+}
package org.argeo.security.ui.admin.views;
import java.util.ArrayList;
+import java.util.List;
+
+import javax.jcr.Node;
+import javax.jcr.NodeIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.observation.EventListener;
+import javax.jcr.query.Query;
import org.argeo.ArgeoException;
+import org.argeo.eclipse.ui.dialogs.Error;
+import org.argeo.jcr.ArgeoNames;
+import org.argeo.jcr.ArgeoTypes;
import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserAdminService;
-import org.argeo.security.nature.SimpleUserNature;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
import org.argeo.security.ui.admin.commands.OpenArgeoUserEditor;
+import org.argeo.security.ui.admin.editors.ArgeoUserEditor;
+import org.argeo.security.ui.admin.editors.ArgeoUserEditorInput;
import org.eclipse.core.commands.Command;
import org.eclipse.core.commands.IParameter;
import org.eclipse.core.commands.Parameterization;
import org.eclipse.swt.widgets.TableColumn;
import org.eclipse.ui.IWorkbench;
import org.eclipse.ui.IWorkbenchWindow;
+import org.eclipse.ui.PartInitException;
import org.eclipse.ui.commands.ICommandService;
import org.eclipse.ui.handlers.IHandlerService;
import org.eclipse.ui.part.ViewPart;
/** List all users. */
-public class UsersView extends ViewPart {
+public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes,
+ EventListener {
public final static String ID = "org.argeo.security.ui.admin.adminUsersView";
private TableViewer viewer;
- private UserAdminService userAdminService;
-
- private String simpleNatureType = null;
+ private Session session;
@Override
public void createPartControl(Composite parent) {
viewer.getTable().setFocus();
}
- public void setUserAdminService(UserAdminService userAdminService) {
- this.userAdminService = userAdminService;
+ public void setSession(Session session) {
+ this.session = session;
}
- public void setSimpleNatureType(String simpleNatureType) {
- this.simpleNatureType = simpleNatureType;
+ public void refresh() {
+ viewer.refresh();
}
- public void refresh() {
+ @Override
+ public void onEvent(EventIterator events) {
viewer.refresh();
}
private class UsersContentProvider implements IStructuredContentProvider {
public Object[] getElements(Object inputElement) {
- return userAdminService.listUsers().toArray();
+ try {
+ Query query = session
+ .getWorkspace()
+ .getQueryManager()
+ .createQuery(
+ "select [" + ARGEO_USER_PROFILE + "] from ["
+ + ARGEO_USER_HOME + "]", Query.JCR_SQL2);
+ NodeIterator nit = query.execute().getNodes();
+ List<Node> userProfiles = new ArrayList<Node>();
+ while (nit.hasNext()) {
+ userProfiles.add(nit.nextNode());
+ }
+ return userProfiles.toArray();
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot list users", e);
+ }
+ // return userAdminService.listUsers().toArray();
}
public void dispose() {
private class UsersLabelProvider extends LabelProvider implements
ITableLabelProvider {
public String getColumnText(Object element, int columnIndex) {
- // String currentUsername = CurrentUser.getUsername();
- String currentUsername = "";
- ArgeoUser user = (ArgeoUser) element;
- SimpleUserNature simpleNature = SimpleUserNature
- .findSimpleUserNature(user, simpleNatureType);
- switch (columnIndex) {
- case 0:
- String userName = user.getUsername();
- if (userName.equals(currentUsername))
- userName = userName + "*";
- return userName;
- case 1:
- return simpleNature.getFirstName();
- case 2:
- return simpleNature.getLastName();
- case 3:
- return simpleNature.getEmail();
- default:
- throw new ArgeoException("Unmanaged column " + columnIndex);
+ try {
+ Node userHome = (Node) element;
+ switch (columnIndex) {
+ case 0:
+ String userName = userHome.getProperty(ARGEO_USER_ID)
+ .getString();
+ if (userName.equals(session.getUserID()))
+ return "[" + userName + "]";
+ else
+ return userName;
+ case 1:
+ return userHome.getNode(ARGEO_USER_PROFILE)
+ .getProperty(ARGEO_FIRST_NAME).getString();
+ case 2:
+ return userHome.getNode(ARGEO_USER_PROFILE)
+ .getProperty(ARGEO_LAST_NAME).getString();
+ case 3:
+ return userHome.getNode(ARGEO_USER_PROFILE)
+ .getProperty(ARGEO_PRIMARY_EMAIL).getString();
+ default:
+ throw new ArgeoException("Unmanaged column " + columnIndex);
+ }
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot get text", e);
}
+
+ // String currentUsername = CurrentUser.getUsername();
+ // String currentUsername = "";
+ // ArgeoUser user = (ArgeoUser) element;
+ // SimpleUserNature simpleNature = SimpleUserNature
+ // .findSimpleUserNature(user, simpleNatureType);
+ // switch (columnIndex) {
+ // case 0:
+ // String userName = user.getUsername();
+ // if (userName.equals(currentUsername))
+ // userName = userName + "*";
+ // return userName;
+ // case 1:
+ // return simpleNature.getFirstName();
+ // case 2:
+ // return simpleNature.getLastName();
+ // case 3:
+ // return simpleNature.getEmail();
+ // default:
+ // throw new ArgeoException("Unmanaged column " + columnIndex);
+ // }
}
public Image getColumnImage(Object element, int columnIndex) {
class ViewDoubleClickListener implements IDoubleClickListener {
public void doubleClick(DoubleClickEvent evt) {
+ if (evt.getSelection().isEmpty())
+ return;
+
Object obj = ((IStructuredSelection) evt.getSelection())
.getFirstElement();
-
- if (obj instanceof ArgeoUser) {
+ if (obj instanceof Node) {
+ try {
+ IWorkbench iw = SecurityAdminPlugin.getDefault()
+ .getWorkbench();
+ iw.getActiveWorkbenchWindow()
+ .getActivePage()
+ .openEditor(new ArgeoUserEditorInput((Node) obj),
+ ArgeoUserEditor.ID);
+ } catch (PartInitException e) {
+ Error.show("Cannot open user editor for " + obj, e);
+ }
+ } else if (obj instanceof ArgeoUser) {
ArgeoUser argeoUser = (ArgeoUser) obj;
IWorkbench iw = SecurityAdminPlugin.getDefault().getWorkbench();
package org.argeo.security.ui.rap;
import java.security.PrivilegedAction;
+import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.argeo.eclipse.ui.dialogs.Error;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.jface.dialogs.ErrorDialog;
+import org.eclipse.rwt.RWT;
import org.eclipse.rwt.lifecycle.IEntryPoint;
+import org.eclipse.rwt.service.SessionStoreEvent;
+import org.eclipse.rwt.service.SessionStoreListener;
import org.eclipse.swt.widgets.Display;
import org.eclipse.ui.PlatformUI;
import org.eclipse.ui.application.IWorkbenchWindowConfigurer;
import org.eclipse.ui.application.WorkbenchAdvisor;
import org.eclipse.ui.application.WorkbenchWindowAdvisor;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
-public class SecureEntryPoint implements IEntryPoint {
+public class SecureEntryPoint implements IEntryPoint, SessionStoreListener {
+ private Log log = LogFactory.getLog(SecureEntryPoint.class);
+
+ private final static String SECURITY_CONTEXT_ATTRIBUTE = "securityContextAttribute";
@Override
public int createUI() {
+// log.debug("THREAD=" + Thread.currentThread().getId()
+// + ", RWT.getSessionStore().getId()="
+// + RWT.getSessionStore().getId());
+
+ Authentication authen = (Authentication) RWT.getSessionStore()
+ .getAttribute(SECURITY_CONTEXT_ATTRIBUTE);
+ if (authen != null)
+ SecurityContextHolder.getContext().setAuthentication(authen);
+
Integer returnCode = null;
Display display = PlatformUI.createDisplay();
try {
Boolean retry = true;
while (retry) {
try {
- SecureRapActivator.getLoginContext().login();
- subject = SecureRapActivator.getLoginContext()
- .getSubject();
+ // if (authen == null)
+ // SecureRapActivator.getLoginContext().login();
+ subject = SecureRapActivator.getLoginContext().getSubject();
+ Set<Authentication> auths = subject
+ .getPrincipals(Authentication.class);
+ if (auths.size() > 0)
+ SecurityContextHolder.getContext().setAuthentication(
+ auths.iterator().next());
+ // authen = SecurityContextHolder.getContext()
+ // .getAuthentication();
+ // RWT.getSessionStore().setAttribute(
+ // SECURITY_CONTEXT_ATTRIBUTE, authen);
retry = false;
} catch (LoginException e) {
Error.show("Cannot login", e);
};
}
+ @Override
+ public void beforeDestroy(SessionStoreEvent event) {
+ if (log.isDebugEnabled())
+ log.debug("RWT session " + event.getSessionStore().getId()
+ + " about to be destroyed. THREAD="
+ + Thread.currentThread().getId());
+
+ }
+
}
</command>
</menuContribution>
</extension>
- <extension
+ <extension
point="org.eclipse.ui.services">
<sourceProvider
provider="org.argeo.security.ui.RolesSourceProvider">
}
public final static Set<String> roles() {
- Principal principal = getSubject().getPrincipals().iterator().next();
+ Principal principal = getSubject().getPrincipals(Authentication.class)
+ .iterator().next();
Authentication authentication = (Authentication) principal;
Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
for (GrantedAuthority ga : authentication.getAuthorities()) {
package org.argeo.security;
+import java.util.List;
import java.util.Set;
public interface UserAdminService {
/** List users having this role (except the super user). */
public Set<ArgeoUser> listUsersInRole(String role);
+ public List<String> listUserRoles(String username);
+
public void deleteUser(String username);
/*
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
+@Deprecated
public class ArgeoUserDetails extends User implements ArgeoUser {
private static final long serialVersionUID = 1L;
private final static Log log = LogFactory.getLog(ArgeoUserDetails.class);
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.Set;
import org.argeo.security.ArgeoUser;
return userAdminDao.listUsers();
}
+ public List<String> listUserRoles(String username) {
+ return getUser(username).getRoles();
+ }
+
public Set<String> listEditableRoles() {
return userAdminDao.listEditableRoles();
}
package org.argeo.security.core;
+import org.argeo.ArgeoException;
import org.argeo.security.SystemExecutionService;
import org.springframework.core.task.SimpleAsyncTaskExecutor;
import org.springframework.core.task.TaskExecutor;
public void run() {
SecurityContext securityContext = SecurityContextHolder
.getContext();
+ Authentication currentAuth = securityContext
+ .getAuthentication();
+ if (currentAuth != null) {
+ throw new ArgeoException(
+ "System execution on an already authenticated thread: "
+ + currentAuth + ", THREAD="
+ + Thread.currentThread().getId());
+ }
Authentication auth = authenticationManager
.authenticate(new InternalAuthentication(
systemAuthenticationKey));
jcrUserDetails.isEnabled());
}
+
+ public JcrUserDetails cloneWithNewRoles(List<String> roles) {
+ List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+ for (String role : roles) {
+ authorities.add(new GrantedAuthorityImpl(role));
+ }
+ return new JcrUserDetails(homePath, getUsername(), getPassword(),
+ isEnabled(), isAccountNonExpired(), isAccountNonExpired(),
+ isAccountNonLocked(),
+ authorities.toArray(new GrantedAuthority[authorities.size()]));
+ }
+
+ public JcrUserDetails cloneWithNewPassword(String password) {
+ return new JcrUserDetails(homePath, getUsername(), password,
+ isEnabled(), isAccountNonExpired(), isAccountNonExpired(),
+ isAccountNonLocked(), getAuthorities());
+ }
}
*/
@Override
protected Principal getPrincipal(Credentials credentials) {
- return SecurityContextHolder.getContext().getAuthentication();
+ org.springframework.security.Authentication authen = SecurityContextHolder
+ .getContext().getAuthentication();
+ return authen;
}
protected Set<Principal> getPrincipals() {
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.DefaultSecurityManager;
-import org.apache.jackrabbit.core.RepositoryImpl;
-import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
WorkspaceAccessManager {
private final WorkspaceAccessManager wam;
- private String defaultWorkspace;
+ //private String defaultWorkspace;
public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
super();
public void init(Session systemSession) throws RepositoryException {
wam.init(systemSession);
- defaultWorkspace = ((RepositoryImpl) getRepository()).getConfig()
- .getDefaultWorkspaceName();
+// defaultWorkspace = ((RepositoryImpl) getRepository()).getConfig()
+// .getDefaultWorkspaceName();
}
public void close() throws RepositoryException {
package org.argeo.security.ldap.jcr;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
+import java.util.Random;
import java.util.concurrent.Executor;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.RepositoryFactory;
import javax.jcr.Session;
+import javax.jcr.nodetype.NodeType;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
private Map<String, String> propertyToAttributes = new HashMap<String, String>();
private Executor systemExecutor;
- private RepositoryFactory repositoryFactory;
+ private Session session;
+
+ private PasswordEncoder passwordEncoder;
+ private final Random random;
+
+ public JcrUserDetailsContextMapper() {
+ random = createRandom();
+ }
+
+ private static Random createRandom() {
+ try {
+ return SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ return new Random(System.currentTimeMillis());
+ }
+ }
public UserDetails mapUserFromContext(final DirContextOperations ctx,
final String username, GrantedAuthority[] authorities) {
- if (repositoryFactory == null)
- throw new ArgeoException("No JCR repository factory registered");
+ // if (repository == null)
+ // throw new ArgeoException("No JCR repository registered");
final StringBuffer userHomePathT = new StringBuffer("");
- systemExecutor.execute(new Runnable() {
+ Runnable action = new Runnable() {
public void run() {
String userHomepath = mapLdapToJcr(username, ctx);
userHomePathT.append(userHomepath);
}
- });
+ };
+ if (SecurityContextHolder.getContext().getAuthentication() == null)// authentication
+ systemExecutor.execute(action);
+ else
+ action.run();
// password
byte[] arr = (byte[]) ctx
/** @return path to the user home node */
protected String mapLdapToJcr(String username, DirContextOperations ctx) {
- Session session = null;
+ // Session session = null;
try {
- Repository nodeRepo = JcrUtils.getRepositoryByAlias(
- repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
- session = nodeRepo.login();
+ // Repository nodeRepo = JcrUtils.getRepositoryByAlias(
+ // repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
+ // session = nodeRepo.login();
Node userHome = JcrUtils.getUserHome(session, username);
if (userHome == null)
userHome = createUserHome(session, username);
String userHomePath = userHome.getPath();
- Node userProfile = userHome.hasNode(ARGEO_USER_PROFILE) ? userHome
- .getNode(ARGEO_USER_PROFILE) : userHome
- .addNode(ARGEO_USER_PROFILE);
+ Node userProfile;
+ if (userHome.hasNode(ARGEO_USER_PROFILE)) {
+ userProfile = userHome.getNode(ARGEO_USER_PROFILE);
+ } else {
+ userProfile = userHome.addNode(ARGEO_USER_PROFILE);
+ userProfile.addMixin(NodeType.MIX_TITLE);
+ userProfile.addMixin(NodeType.MIX_CREATED);
+ userProfile.addMixin(NodeType.MIX_LAST_MODIFIED);
+ }
for (String jcrProperty : propertyToAttributes.keySet())
ldapToJcr(userProfile, jcrProperty, ctx);
session.save();
JcrUtils.discardQuietly(session);
throw new ArgeoException("Cannot synchronize JCR and LDAP", e);
} finally {
- session.logout();
+ // JcrUtils.logoutQuietly(session);
}
}
ctx.setAttributeValues("objectClass", userClasses);
ctx.setAttributeValue(usernameAttribute, user.getUsername());
- ctx.setAttributeValue(passwordAttribute, user.getPassword());
+ ctx.setAttributeValue(passwordAttribute,
+ encodePassword(user.getPassword()));
final JcrUserDetails jcrUserDetails = (JcrUserDetails) user;
- systemExecutor.execute(new Runnable() {
- public void run() {
- Session session = null;
- try {
- Repository nodeRepo = JcrUtils.getRepositoryByAlias(
- repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
- session = nodeRepo.login();
- Node userProfile = session.getNode(jcrUserDetails
- .getHomePath() + '/' + ARGEO_USER_PROFILE);
- for (String jcrProperty : propertyToAttributes.keySet())
- jcrToLdap(userProfile, jcrProperty, ctx);
- if (log.isDebugEnabled())
- log.debug("Mapped " + userProfile + " to "
- + ctx.getDn());
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot synchronize JCR and LDAP",
- e);
- } finally {
- session.logout();
- }
- }
- });
+ // systemExecutor.execute(new Runnable() {
+ // public void run() {
+// Session session = null;
+ try {
+ // Repository nodeRepo = JcrUtils.getRepositoryByAlias(
+ // repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
+ // session = nodeRepo.login();
+ Node userProfile = session.getNode(jcrUserDetails.getHomePath()
+ + '/' + ARGEO_USER_PROFILE);
+ for (String jcrProperty : propertyToAttributes.keySet())
+ jcrToLdap(userProfile, jcrProperty, ctx);
+ if (log.isDebugEnabled())
+ log.debug("Mapped " + userProfile + " to " + ctx.getDn());
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot synchronize JCR and LDAP", e);
+ } finally {
+ // session.logout();
+ }
+ // }
+ // });
+ }
+
+ protected String encodePassword(String password) {
+ if (!password.startsWith("{")) {
+ byte[] salt = new byte[16];
+ random.nextBytes(salt);
+ return passwordEncoder.encodePassword(password, salt);
+ } else {
+ return password;
+ }
}
protected void ldapToJcr(Node userProfile, String jcrProperty,
this.homeBasePath = homeBasePath;
}
- public void register(RepositoryFactory repositoryFactory,
- Map<String, String> parameters) {
- this.repositoryFactory = repositoryFactory;
- }
-
- public void unregister(RepositoryFactory repositoryFactory,
- Map<String, String> parameters) {
- this.repositoryFactory = null;
- }
+ // public void register(RepositoryFactory repositoryFactory,
+ // Map<String, String> parameters) {
+ // this.repositoryFactory = repositoryFactory;
+ // }
+ //
+ // public void unregister(RepositoryFactory repositoryFactory,
+ // Map<String, String> parameters) {
+ // this.repositoryFactory = null;
+ // }
public void setUsernameAttribute(String usernameAttribute) {
this.usernameAttribute = usernameAttribute;
this.userClasses = userClasses;
}
+ public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
+ this.passwordEncoder = passwordEncoder;
+ }
+
+ public void setSession(Session session) {
+ this.session = session;
+ }
+
}
throw new ArgeoException("Remote Davex repository " + uri
+ " not found");
log.info("Initialized Jackrabbit repository " + repository
- + " from uri " + uri);
+ + " from URI " + uri);
// do not perform further initialization since we assume that the
// remote repository has been properly configured
return;
try {
NamespaceHelper namespaceHelper = new NamespaceHelper(session);
namespaceHelper.registerNamespaces(namespaces);
+
} catch (Exception e) {
throw new ArgeoException("Cannot process new session", e);
}
public final static String ARGEO_URI = "argeo:uri";
public final static String ARGEO_USER_ID = "argeo:userID";
+ // user profile
public final static String ARGEO_USER_PROFILE = "argeo:userProfile";
- public final static String ARGEO_DISPLAY_NAME = "argeo:displayName";
public final static String ARGEO_FIRST_NAME = "argeo:firstName";
public final static String ARGEO_LAST_NAME = "argeo:lastName";
public final static String ARGEO_PRIMARY_EMAIL = "argeo:primaryEmail";
return ret;
}
}
+
+ protected class MonitoringThread extends Thread{
+
+ @Override
+ public void run() {
+ Thread thread=null;
+ }
+
+ }
}