org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java

   1 package org.argeo.cms.internal.kernel;
   2
   3 import java.net.URL;
   4
   5 import javax.jcr.RepositoryException;
   6
   7 import org.apache.commons.logging.Log;
   8 import org.apache.commons.logging.LogFactory;
   9 import org.argeo.cms.CmsException;
  10 import org.argeo.security.UserAdminService;
  11 import org.argeo.security.core.InternalAuthentication;
  12 import org.argeo.security.core.InternalAuthenticationProvider;
  13 import org.argeo.security.jcr.SimpleJcrSecurityModel;
  14 import org.argeo.security.jcr.jackrabbit.JackrabbitUserAdminService;
  15 import org.osgi.framework.BundleContext;
  16 import org.osgi.framework.ServiceRegistration;
  17 import org.springframework.security.authentication.AnonymousAuthenticationProvider;
  18 import org.springframework.security.authentication.AnonymousAuthenticationToken;
  19 import org.springframework.security.authentication.AuthenticationManager;
  20 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  21 import org.springframework.security.core.Authentication;
  22 import org.springframework.security.core.AuthenticationException;
  23 import org.springframework.security.provisioning.UserDetailsManager;
  24
  25 /** Authentication and user management. */
  26 class NodeSecurity implements AuthenticationManager {
  27         private final static Log log = LogFactory.getLog(NodeSecurity.class);
  28
  29         private final BundleContext bundleContext;
  30
  31         private final InternalAuthenticationProvider internalAuth;
  32         private final AnonymousAuthenticationProvider anonymousAuth;
  33         private final JackrabbitUserAdminService userAdminService;
  34         // private final JcrUserAdmin userAdmin;
  35
  36         private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
  37         private ServiceRegistration<UserAdminService> userAdminServiceReg;
  38         private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
  39
  40         // private ServiceRegistration<UserAdmin> userAdminReg;
  41
  42         public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
  43                         throws RepositoryException {
  44                 URL url = getClass().getClassLoader().getResource(
  45                                 KernelConstants.JAAS_CONFIG);
  46                 System.setProperty("java.security.auth.login.config",
  47                                 url.toExternalForm());
  48
  49                 this.bundleContext = bundleContext;
  50
  51                 internalAuth = new InternalAuthenticationProvider(
  52                                 KernelConstants.DEFAULT_SECURITY_KEY);
  53                 anonymousAuth = new AnonymousAuthenticationProvider(
  54                                 KernelConstants.DEFAULT_SECURITY_KEY);
  55
  56                 // user admin
  57                 userAdminService = new JackrabbitUserAdminService();
  58                 userAdminService.setRepository(node);
  59                 userAdminService.setSecurityModel(new SimpleJcrSecurityModel());
  60                 userAdminService.init();
  61
  62                 // userAdmin = new JcrUserAdmin(bundleContext);
  63                 // userAdmin.setUserAdminService(userAdminService);
  64         }
  65
  66         public void publish() {
  67                 authenticationManagerReg = bundleContext.registerService(
  68                                 AuthenticationManager.class, this, null);
  69                 userAdminServiceReg = bundleContext.registerService(
  70                                 UserAdminService.class, userAdminService, null);
  71                 userDetailsManagerReg = bundleContext.registerService(
  72                                 UserDetailsManager.class, userAdminService, null);
  73                 // userAdminReg = bundleContext.registerService(UserAdmin.class,
  74                 // userAdmin, null);
  75         }
  76
  77         void destroy() {
  78                 try {
  79                         userAdminService.destroy();
  80                 } catch (RepositoryException e) {
  81                         log.error("Error while destroying Jackrabbit useradmin");
  82                 }
  83                 userDetailsManagerReg.unregister();
  84                 userAdminServiceReg.unregister();
  85                 authenticationManagerReg.unregister();
  86                 // userAdminReg.unregister();
  87         }
  88
  89         @Override
  90         public Authentication authenticate(Authentication authentication)
  91                         throws AuthenticationException {
  92                 Authentication auth = null;
  93                 if (authentication instanceof InternalAuthentication)
  94                         auth = internalAuth.authenticate(authentication);
  95                 else if (authentication instanceof AnonymousAuthenticationToken)
  96                         auth = anonymousAuth.authenticate(authentication);
  97                 else if (authentication instanceof UsernamePasswordAuthenticationToken)
  98                         auth = userAdminService.authenticate(authentication);
  99                 if (auth == null)
 100                         throw new CmsException("Could not authenticate " + authentication);
 101                 return auth;
 102         }
 103 }