SpringLoginModule.java

   1 package org.argeo.security.jackrabbit.spring;
   2
   3 import java.security.Principal;
   4 import java.security.acl.Group;
   5 import java.util.LinkedHashSet;
   6 import java.util.Map;
   7 import java.util.Set;
   8
   9 import javax.jcr.Credentials;
  10 import javax.jcr.RepositoryException;
  11 import javax.jcr.Session;
  12 import javax.security.auth.callback.CallbackHandler;
  13 import javax.security.auth.login.LoginException;
  14
  15 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
  16 import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule;
  17 import org.apache.jackrabbit.core.security.authentication.Authentication;
  18 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
  19 import org.argeo.security.SystemAuthentication;
  20 import org.springframework.security.GrantedAuthority;
  21 import org.springframework.security.context.SecurityContextHolder;
  22 import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
  23
  24 public class SpringLoginModule extends AbstractLoginModule {
  25
  26         /**
  27          * Returns the Spring {@link org.springframework.security.Authentication}
  28          * (which can be null)
  29          */
  30         @Override
  31         protected Principal getPrincipal(Credentials credentials) {
  32                 return SecurityContextHolder.getContext().getAuthentication();
  33         }
  34
  35         protected Set<Principal> getPrincipals() {
  36                 // use linked HashSet instead of HashSet in order to maintain the order
  37                 // of principals (as in the Subject).
  38                 Set<Principal> principals = new LinkedHashSet<Principal>();
  39                 principals.add(principal);
  40
  41                 org.springframework.security.Authentication authen = (org.springframework.security.Authentication) principal;
  42
  43                 if (authen instanceof AnonymousAuthenticationToken)
  44                         principals.add(new AnonymousPrincipal());
  45                 if (authen instanceof SystemAuthentication)
  46                         principals.add(new AdminPrincipal(authen.getName()));
  47
  48                 for (GrantedAuthority authority : authen.getAuthorities())
  49                         principals.add(new GrantedAuthorityPrincipal(authority));
  50
  51                 return principals;
  52         }
  53
  54         @SuppressWarnings("rawtypes")
  55         @Override
  56         protected void doInit(CallbackHandler callbackHandler, Session session,
  57                         Map options) throws LoginException {
  58         }
  59
  60         @Override
  61         protected boolean impersonate(Principal principal, Credentials credentials)
  62                         throws RepositoryException, LoginException {
  63                 throw new UnsupportedOperationException(
  64                                 "Impersonation is not yet supported");
  65         }
  66
  67         @Override
  68         protected Authentication getAuthentication(Principal principal,
  69                         Credentials creds) throws RepositoryException {
  70                 if (principal instanceof Group) {
  71                         return null;
  72                 }
  73                 return new Authentication() {
  74                         public boolean canHandle(Credentials credentials) {
  75                                 return true;
  76                         }
  77
  78                         public boolean authenticate(Credentials credentials)
  79                                         throws RepositoryException {
  80                                 return true;
  81                         }
  82                 };
  83         }
  84
  85 }