2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jackrabbit
;
18 import java
.security
.Principal
;
21 import javax
.jcr
.RepositoryException
;
22 import javax
.jcr
.Session
;
23 import javax
.security
.auth
.Subject
;
24 import javax
.security
.auth
.x500
.X500Principal
;
26 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
27 import org
.apache
.jackrabbit
.core
.DefaultSecurityManager
;
28 import org
.apache
.jackrabbit
.core
.security
.AMContext
;
29 import org
.apache
.jackrabbit
.core
.security
.AccessManager
;
30 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
31 import org
.apache
.jackrabbit
.core
.security
.authorization
.WorkspaceAccessManager
;
33 /** Integrates Spring Security and Jackrabbit Security users and roles. */
34 public class ArgeoSecurityManager
extends DefaultSecurityManager
{
36 public AccessManager
getAccessManager(Session session
, AMContext amContext
)
37 throws RepositoryException
{
38 synchronized (getSystemSession()) {
39 return super.getAccessManager(session
, amContext
);
44 public UserManager
getUserManager(Session session
)
45 throws RepositoryException
{
46 synchronized (getSystemSession()) {
47 return super.getUserManager(session
);
52 * Since this is called once when the session is created, we take the
53 * opportunity to make sure that Jackrabbit users and groups reflect Spring
54 * Security name and authorities.
57 public String
getUserID(Subject subject
, String workspaceName
)
58 throws RepositoryException
{
59 Set
<X500Principal
> userPrincipal
= subject
60 .getPrincipals(X500Principal
.class);
61 if (userPrincipal
.isEmpty())
62 return super.getUserID(subject
, workspaceName
);
63 if (userPrincipal
.size() > 1) {
64 StringBuilder buf
= new StringBuilder();
65 for (X500Principal principal
: userPrincipal
)
66 buf
.append(' ').append('\"').append(principal
).append('\"');
67 throw new RuntimeException("Multiple user principals:" + buf
);
69 return userPrincipal
.iterator().next().getName();
70 // Authentication authentication = SecurityContextHolder.getContext()
71 // .getAuthentication();
72 // if (authentication != null)
73 // return authentication.getName();
75 // return super.getUserID(subject, workspaceName);
79 protected WorkspaceAccessManager
createDefaultWorkspaceAccessManager() {
80 WorkspaceAccessManager wam
= super
81 .createDefaultWorkspaceAccessManager();
82 return new ArgeoWorkspaceAccessManagerImpl(wam
);
85 private class ArgeoWorkspaceAccessManagerImpl
implements SecurityConstants
,
86 WorkspaceAccessManager
{
87 private final WorkspaceAccessManager wam
;
89 public ArgeoWorkspaceAccessManagerImpl(WorkspaceAccessManager wam
) {
94 public void init(Session systemSession
) throws RepositoryException
{
95 wam
.init(systemSession
);
98 public void close() throws RepositoryException
{
101 public boolean grants(Set
<Principal
> principals
, String workspaceName
)
102 throws RepositoryException
{
103 // TODO: implements finer access to workspaces