org.argeo.ext.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java

   1 /*
   2  * Copyright (C) 2007-2012 Argeo GmbH
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.security.jackrabbit;
  17
  18 import java.security.Principal;
  19 import java.util.Set;
  20
  21 import javax.jcr.RepositoryException;
  22 import javax.jcr.Session;
  23 import javax.security.auth.Subject;
  24 import javax.security.auth.x500.X500Principal;
  25
  26 import org.apache.jackrabbit.api.security.user.UserManager;
  27 import org.apache.jackrabbit.core.DefaultSecurityManager;
  28 import org.apache.jackrabbit.core.security.AMContext;
  29 import org.apache.jackrabbit.core.security.AccessManager;
  30 import org.apache.jackrabbit.core.security.SecurityConstants;
  31 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
  32
  33 /** Integrates Spring Security and Jackrabbit Security users and roles. */
  34 public class ArgeoSecurityManager extends DefaultSecurityManager {
  35         @Override
  36         public AccessManager getAccessManager(Session session, AMContext amContext)
  37                         throws RepositoryException {
  38                 synchronized (getSystemSession()) {
  39                         return super.getAccessManager(session, amContext);
  40                 }
  41         }
  42
  43         @Override
  44         public UserManager getUserManager(Session session)
  45                         throws RepositoryException {
  46                 synchronized (getSystemSession()) {
  47                         return super.getUserManager(session);
  48                 }
  49         }
  50
  51         /**
  52          * Since this is called once when the session is created, we take the
  53          * opportunity to make sure that Jackrabbit users and groups reflect Spring
  54          * Security name and authorities.
  55          */
  56         @Override
  57         public String getUserID(Subject subject, String workspaceName)
  58                         throws RepositoryException {
  59                 Set<X500Principal> userPrincipal = subject
  60                                 .getPrincipals(X500Principal.class);
  61                 if (userPrincipal.isEmpty())
  62                         return super.getUserID(subject, workspaceName);
  63                 if (userPrincipal.size() > 1) {
  64                         StringBuilder buf = new StringBuilder();
  65                         for (X500Principal principal : userPrincipal)
  66                                 buf.append(' ').append('\"').append(principal).append('\"');
  67                         throw new RuntimeException("Multiple user principals:" + buf);
  68                 }
  69                 return userPrincipal.iterator().next().getName();
  70                 // Authentication authentication = SecurityContextHolder.getContext()
  71                 // .getAuthentication();
  72                 // if (authentication != null)
  73                 // return authentication.getName();
  74                 // else
  75                 // return super.getUserID(subject, workspaceName);
  76         }
  77
  78         @Override
  79         protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
  80                 WorkspaceAccessManager wam = super
  81                                 .createDefaultWorkspaceAccessManager();
  82                 return new ArgeoWorkspaceAccessManagerImpl(wam);
  83         }
  84
  85         private class ArgeoWorkspaceAccessManagerImpl implements SecurityConstants,
  86                         WorkspaceAccessManager {
  87                 private final WorkspaceAccessManager wam;
  88
  89                 public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam) {
  90                         super();
  91                         this.wam = wam;
  92                 }
  93
  94                 public void init(Session systemSession) throws RepositoryException {
  95                         wam.init(systemSession);
  96                 }
  97
  98                 public void close() throws RepositoryException {
  99                 }
 100
 101                 public boolean grants(Set<Principal> principals, String workspaceName)
 102                                 throws RepositoryException {
 103                         // TODO: implements finer access to workspaces
 104                         return true;
 105                 }
 106         }
 107
 108 }