import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrSecurityModel;
import org.argeo.security.jcr.JcrUserDetails;
+import org.argeo.security.login.GrantedAuthorityPrincipal;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
if (username == null)
username = session.getUserID();
User user = (User) getUserManager().getAuthorizable(username);
- ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+ ArrayList<GrantedAuthorityPrincipal> authorities = new ArrayList<GrantedAuthorityPrincipal>();
// FIXME make it more generic
- authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
+ authorities.add(new GrantedAuthorityPrincipal("ROLE_USER"));
Iterator<Group> groups = user.declaredMemberOf();
while (groups.hasNext()) {
Group group = groups.next();
// String role = "ROLE_"
// + group.getPrincipal().getName().toUpperCase();
String role = group.getPrincipal().getName();
- authorities.add(new SimpleGrantedAuthority(role));
+ authorities.add(new GrantedAuthorityPrincipal(role));
}
Node userProfile = UserJcrUtils.getUserProfile(session, username);
--- /dev/null
+/*
+ * Copyright (C) 2007-2012 Argeo GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.argeo.security.login;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * A {@link Principal} which is also a {@link GrantedAuthority}, so that the
+ * Spring Security can be used to quickly populate a {@link Subject} principals.
+ */
+public final class GrantedAuthorityPrincipal implements Principal,
+ GrantedAuthority {
+ private static final long serialVersionUID = 6768044196343543328L;
+ private final String authority;
+
+ public GrantedAuthorityPrincipal(String authority) {
+ this.authority = authority;
+ }
+
+ @Override
+ public String getAuthority() {
+ return authority;
+ }
+
+ @Override
+ public String getName() {
+ return authority;
+ }
+
+ @Override
+ public int hashCode() {
+ return getName().hashCode();
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (!(obj instanceof GrantedAuthorityPrincipal))
+ return false;
+ return getName().equals(((GrantedAuthorityPrincipal) obj).getName());
+ }
+
+ @Override
+ public String toString() {
+ return "Granted Authority " + getName();
+ }
+
+}
if (authen instanceof SystemAuthentication) {
principals.add(new AdminPrincipal(authen.getName()));
- principals.add(new ArgeoSystemPrincipal(authen.getName()));
+ // principals.add(new ArgeoSystemPrincipal(authen.getName()));
} else if (authen instanceof AnonymousAuthenticationToken) {
principals.add(new AnonymousPrincipal());
} else {
for (GrantedAuthority ga : authen.getAuthorities()) {
- principals.add(new GrantedAuthorityPrincipal(ga));
+ if (ga instanceof Principal)
+ principals.add((Principal) ga);
// FIXME: make it more generic
if (adminRole.equals(ga.getAuthority()))
principals.add(new AdminPrincipal(authen.getName()));
* {@link org.springframework.security.Authentication} as well. Here we
* simply clear Jackrabbit related {@link Principal}s.
*/
- @Override
- public boolean logout() throws LoginException {
- clearPrincipals(AdminPrincipal.class);
- clearPrincipals(ArgeoSystemPrincipal.class);
- clearPrincipals(AnonymousPrincipal.class);
- clearPrincipals(GrantedAuthorityPrincipal.class);
- return true;
- }
-
- private <T extends Principal> void clearPrincipals(Class<T> clss) {
- Set<T> principals = subject.getPrincipals(clss);
- if (principals != null)
- principals.clear();
- }
+ // @Override
+ // public boolean logout() throws LoginException {
+ // Set<Principal> principals = subject.getPrincipals();
+ // for (Principal principal : subject.getPrincipals()) {
+ // if ((principal instanceof AdminPrincipal)
+ // || (principal instanceof ArgeoSystemPrincipal)
+ // || (principal instanceof AnonymousPrincipal)
+ // || (principal instanceof GrantedAuthority)) {
+ // principals.remove(principal);
+ // }
+ // }
+ // // clearPrincipals(AdminPrincipal.class);
+ // // clearPrincipals(ArgeoSystemPrincipal.class);
+ // // clearPrincipals(AnonymousPrincipal.class);
+ // // clearPrincipals(GrantedAuthority.class);
+ // return true;
+ // }
+
+ // private <T extends Principal> void clearPrincipals(Class<T> clss) {
+ // Set<T> principals = subject.getPrincipals(clss);
+ // if (principals != null)
+ // principals.clear();
+ // }
@SuppressWarnings("rawtypes")
@Override
if (!subject.getPrincipals(AnonymousPrincipal.class).isEmpty())
return super.getUserID(subject, workspaceName);
// skip Jackrabbit system user (all rights)
- if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty())
- return super.getUserID(subject, workspaceName);
+ // if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty())
+ // return super.getUserID(subject, workspaceName);
// retrieve Spring authentication from JAAS
// TODO? use Spring Security context holder
import java.security.Principal;
/** Principal for non-interactive system actions. */
+@Deprecated
class ArgeoSystemPrincipal implements Principal {
private String name;
+++ /dev/null
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.argeo.security.jackrabbit;
-
-import java.security.Principal;
-
-import org.springframework.security.core.GrantedAuthority;
-
-/** Wraps a {@link GrantedAuthority} as a principal. */
-class GrantedAuthorityPrincipal implements Principal {
- private final GrantedAuthority grantedAuthority;
-
- public GrantedAuthorityPrincipal(GrantedAuthority grantedAuthority) {
- this.grantedAuthority = grantedAuthority;
- }
-
- public String getName() {
- return grantedAuthority.getAuthority();
- }
-
- @Override
- public int hashCode() {
- return getName().hashCode();
- }
-
- @Override
- public boolean equals(Object obj) {
- if (!(obj instanceof GrantedAuthorityPrincipal))
- return false;
- return getName().equals(((GrantedAuthorityPrincipal) obj).getName());
- }
-
- @Override
- public String toString() {
- return "Granted Authority " + getName();
- }
-
-}