1 package org
.argeo
.cms
.internal
.kernel
;
4 import java
.io
.IOException
;
6 import javax
.jcr
.RepositoryException
;
8 import org
.apache
.commons
.io
.FileUtils
;
9 import org
.apache
.commons
.logging
.Log
;
10 import org
.apache
.commons
.logging
.LogFactory
;
11 import org
.argeo
.cms
.CmsException
;
12 import org
.argeo
.cms
.KernelHeader
;
13 import org
.argeo
.cms
.internal
.useradmin
.SimpleJcrSecurityModel
;
14 import org
.argeo
.cms
.internal
.useradmin
.jackrabbit
.JackrabbitUserAdminService
;
15 import org
.argeo
.osgi
.useradmin
.AbstractLdapUserAdmin
;
16 import org
.argeo
.osgi
.useradmin
.LdapUserAdmin
;
17 import org
.argeo
.osgi
.useradmin
.LdifUserAdmin
;
18 import org
.argeo
.security
.OsAuthenticationToken
;
19 import org
.argeo
.security
.UserAdminService
;
20 import org
.argeo
.security
.core
.InternalAuthentication
;
21 import org
.argeo
.security
.core
.InternalAuthenticationProvider
;
22 import org
.argeo
.security
.core
.OsAuthenticationProvider
;
23 import org
.osgi
.framework
.BundleContext
;
24 import org
.osgi
.framework
.ServiceRegistration
;
25 import org
.osgi
.service
.useradmin
.Role
;
26 import org
.osgi
.service
.useradmin
.UserAdmin
;
27 import org
.springframework
.security
.authentication
.AnonymousAuthenticationProvider
;
28 import org
.springframework
.security
.authentication
.AnonymousAuthenticationToken
;
29 import org
.springframework
.security
.authentication
.AuthenticationManager
;
30 import org
.springframework
.security
.authentication
.UsernamePasswordAuthenticationToken
;
31 import org
.springframework
.security
.core
.Authentication
;
32 import org
.springframework
.security
.core
.AuthenticationException
;
33 import org
.springframework
.security
.provisioning
.UserDetailsManager
;
35 /** Authentication and user management. */
36 class NodeSecurity
implements AuthenticationManager
{
37 private final static Log log
= LogFactory
.getLog(NodeSecurity
.class);
39 private final BundleContext bundleContext
;
41 private final OsAuthenticationProvider osAuth
;
42 private final InternalAuthenticationProvider internalAuth
;
43 private final AnonymousAuthenticationProvider anonymousAuth
;
44 private final JackrabbitUserAdminService userAdminService
;
45 private final NodeUserAdmin userAdmin
;
47 private ServiceRegistration
<AuthenticationManager
> authenticationManagerReg
;
48 private ServiceRegistration
<UserAdminService
> userAdminServiceReg
;
49 private ServiceRegistration
<UserDetailsManager
> userDetailsManagerReg
;
51 private ServiceRegistration
<UserAdmin
> userAdminReg
;
53 public NodeSecurity(BundleContext bundleContext
, JackrabbitNode node
)
54 throws RepositoryException
{
55 this.bundleContext
= bundleContext
;
57 osAuth
= new OsAuthenticationProvider();
58 internalAuth
= new InternalAuthenticationProvider(
59 Activator
.getSystemKey());
60 anonymousAuth
= new AnonymousAuthenticationProvider(
61 Activator
.getSystemKey());
64 userAdminService
= new JackrabbitUserAdminService();
65 userAdminService
.setRepository(node
);
66 userAdminService
.setSecurityModel(new SimpleJcrSecurityModel());
67 userAdminService
.init();
69 userAdmin
= new NodeUserAdmin();
71 String baseDn
= "dc=example,dc=com";
72 String userAdminUri
= KernelUtils
73 .getFrameworkProp(KernelConstants
.USERADMIN_URI
);
74 if (userAdminUri
== null)
75 userAdminUri
= getClass().getResource(baseDn
+ ".ldif").toString();
77 AbstractLdapUserAdmin businessRoles
;
78 if (userAdminUri
.startsWith("ldap"))
79 businessRoles
= new LdapUserAdmin(userAdminUri
);
81 businessRoles
= new LdifUserAdmin(userAdminUri
);
84 userAdmin
.addUserAdmin(baseDn
, businessRoles
);
86 File osgiInstanceDir
= KernelUtils
.getOsgiInstanceDir();
87 File homeDir
= new File(osgiInstanceDir
, "node");
89 String baseNodeRoleDn
= KernelHeader
.ROLES_BASEDN
;
90 File nodeRolesFile
= new File(homeDir
, baseNodeRoleDn
+ ".ldif");
92 FileUtils
.copyInputStreamToFile(
93 getClass().getResourceAsStream("demo.ldif"), nodeRolesFile
);
94 } catch (IOException e
) {
95 throw new CmsException("Cannot copy demo resource", e
);
97 LdifUserAdmin nodeRoles
= new LdifUserAdmin(nodeRolesFile
.toURI()
99 nodeRoles
.setExternalRoles(userAdmin
);
101 // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP);
102 userAdmin
.addUserAdmin(baseNodeRoleDn
, nodeRoles
);
106 public void publish() {
107 authenticationManagerReg
= bundleContext
.registerService(
108 AuthenticationManager
.class, this, null);
109 userAdminServiceReg
= bundleContext
.registerService(
110 UserAdminService
.class, userAdminService
, null);
111 userDetailsManagerReg
= bundleContext
.registerService(
112 UserDetailsManager
.class, userAdminService
, null);
113 userAdminReg
= bundleContext
.registerService(UserAdmin
.class,
119 userAdminService
.destroy();
120 } catch (RepositoryException e
) {
121 log
.error("Error while destroying Jackrabbit useradmin");
123 userDetailsManagerReg
.unregister();
124 userAdminServiceReg
.unregister();
125 authenticationManagerReg
.unregister();
127 // userAdmin.destroy();
128 userAdminReg
.unregister();
132 public Authentication
authenticate(Authentication authentication
)
133 throws AuthenticationException
{
134 // throw new UnsupportedOperationException(
135 // "Authentication manager is deprectaed and should not be used.");
136 Authentication auth
= null;
137 if (authentication
instanceof InternalAuthentication
)
138 auth
= internalAuth
.authenticate(authentication
);
139 else if (authentication
instanceof AnonymousAuthenticationToken
)
140 auth
= anonymousAuth
.authenticate(authentication
);
141 else if (authentication
instanceof UsernamePasswordAuthenticationToken
)
142 auth
= userAdminService
.authenticate(authentication
);
143 else if (authentication
instanceof OsAuthenticationToken
)
144 auth
= osAuth
.authenticate(authentication
);
146 throw new CmsException("Could not authenticate " + authentication
);