kernel/NodeSecurity.java

   1 package org.argeo.cms.internal.kernel;
   2
   3 import java.io.File;
   4 import java.io.IOException;
   5
   6 import javax.jcr.RepositoryException;
   7
   8 import org.apache.commons.io.FileUtils;
   9 import org.apache.commons.logging.Log;
  10 import org.apache.commons.logging.LogFactory;
  11 import org.argeo.cms.CmsException;
  12 import org.argeo.cms.KernelHeader;
  13 import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel;
  14 import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService;
  15 import org.argeo.osgi.useradmin.AbstractLdapUserAdmin;
  16 import org.argeo.osgi.useradmin.LdapUserAdmin;
  17 import org.argeo.osgi.useradmin.LdifUserAdmin;
  18 import org.argeo.security.OsAuthenticationToken;
  19 import org.argeo.security.UserAdminService;
  20 import org.argeo.security.core.InternalAuthentication;
  21 import org.argeo.security.core.InternalAuthenticationProvider;
  22 import org.argeo.security.core.OsAuthenticationProvider;
  23 import org.osgi.framework.BundleContext;
  24 import org.osgi.framework.ServiceRegistration;
  25 import org.osgi.service.useradmin.Role;
  26 import org.osgi.service.useradmin.UserAdmin;
  27 import org.springframework.security.authentication.AnonymousAuthenticationProvider;
  28 import org.springframework.security.authentication.AnonymousAuthenticationToken;
  29 import org.springframework.security.authentication.AuthenticationManager;
  30 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  31 import org.springframework.security.core.Authentication;
  32 import org.springframework.security.core.AuthenticationException;
  33 import org.springframework.security.provisioning.UserDetailsManager;
  34
  35 /** Authentication and user management. */
  36 class NodeSecurity implements AuthenticationManager {
  37         private final static Log log = LogFactory.getLog(NodeSecurity.class);
  38
  39         private final BundleContext bundleContext;
  40
  41         private final OsAuthenticationProvider osAuth;
  42         private final InternalAuthenticationProvider internalAuth;
  43         private final AnonymousAuthenticationProvider anonymousAuth;
  44         private final JackrabbitUserAdminService userAdminService;
  45         private final NodeUserAdmin userAdmin;
  46
  47         private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
  48         private ServiceRegistration<UserAdminService> userAdminServiceReg;
  49         private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
  50
  51         private ServiceRegistration<UserAdmin> userAdminReg;
  52
  53         public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
  54                         throws RepositoryException {
  55                 this.bundleContext = bundleContext;
  56
  57                 osAuth = new OsAuthenticationProvider();
  58                 internalAuth = new InternalAuthenticationProvider(
  59                                 Activator.getSystemKey());
  60                 anonymousAuth = new AnonymousAuthenticationProvider(
  61                                 Activator.getSystemKey());
  62
  63                 // user admin
  64                 userAdminService = new JackrabbitUserAdminService();
  65                 userAdminService.setRepository(node);
  66                 userAdminService.setSecurityModel(new SimpleJcrSecurityModel());
  67                 userAdminService.init();
  68
  69                 userAdmin = new NodeUserAdmin();
  70
  71                 String baseDn = "dc=example,dc=com";
  72                 String userAdminUri = KernelUtils
  73                                 .getFrameworkProp(KernelConstants.USERADMIN_URI);
  74                 if (userAdminUri == null)
  75                         userAdminUri = getClass().getResource(baseDn + ".ldif").toString();
  76
  77                 AbstractLdapUserAdmin businessRoles;
  78                 if (userAdminUri.startsWith("ldap"))
  79                         businessRoles = new LdapUserAdmin(userAdminUri);
  80                 else {
  81                         businessRoles = new LdifUserAdmin(userAdminUri);
  82                 }
  83                 businessRoles.init();
  84                 userAdmin.addUserAdmin(baseDn, businessRoles);
  85
  86                 File osgiInstanceDir = KernelUtils.getOsgiInstanceDir();
  87                 File homeDir = new File(osgiInstanceDir, "node");
  88
  89                 String baseNodeRoleDn = KernelHeader.ROLES_BASEDN;
  90                 File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif");
  91                 try {
  92                         FileUtils.copyInputStreamToFile(
  93                                         getClass().getResourceAsStream("demo.ldif"), nodeRolesFile);
  94                 } catch (IOException e) {
  95                         throw new CmsException("Cannot copy demo resource", e);
  96                 }
  97                 LdifUserAdmin nodeRoles = new LdifUserAdmin(nodeRolesFile.toURI()
  98                                 .toString());
  99                 nodeRoles.setExternalRoles(userAdmin);
 100                 nodeRoles.init();
 101                 // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP);
 102                 userAdmin.addUserAdmin(baseNodeRoleDn, nodeRoles);
 103
 104         }
 105
 106         public void publish() {
 107                 authenticationManagerReg = bundleContext.registerService(
 108                                 AuthenticationManager.class, this, null);
 109                 userAdminServiceReg = bundleContext.registerService(
 110                                 UserAdminService.class, userAdminService, null);
 111                 userDetailsManagerReg = bundleContext.registerService(
 112                                 UserDetailsManager.class, userAdminService, null);
 113                 userAdminReg = bundleContext.registerService(UserAdmin.class,
 114                                 userAdmin, null);
 115         }
 116
 117         void destroy() {
 118                 try {
 119                         userAdminService.destroy();
 120                 } catch (RepositoryException e) {
 121                         log.error("Error while destroying Jackrabbit useradmin");
 122                 }
 123                 userDetailsManagerReg.unregister();
 124                 userAdminServiceReg.unregister();
 125                 authenticationManagerReg.unregister();
 126
 127                 // userAdmin.destroy();
 128                 userAdminReg.unregister();
 129         }
 130
 131         @Override
 132         public Authentication authenticate(Authentication authentication)
 133                         throws AuthenticationException {
 134 //              throw new UnsupportedOperationException(
 135 //                              "Authentication manager is deprectaed and should not be used.");
 136                 Authentication auth = null;
 137                 if (authentication instanceof InternalAuthentication)
 138                         auth = internalAuth.authenticate(authentication);
 139                 else if (authentication instanceof AnonymousAuthenticationToken)
 140                         auth = anonymousAuth.authenticate(authentication);
 141                 else if (authentication instanceof UsernamePasswordAuthenticationToken)
 142                         auth = userAdminService.authenticate(authentication);
 143                 else if (authentication instanceof OsAuthenticationToken)
 144                         auth = osAuth.authenticate(authentication);
 145                 if (auth == null)
 146                         throw new CmsException("Could not authenticate " + authentication);
 147                 return auth;
 148         }
 149 }