security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java

   1 package org.argeo.security.core;
   2
   3 import java.util.ArrayList;
   4 import java.util.List;
   5
   6 import org.argeo.security.OsAuthenticationToken;
   7 import org.springframework.security.Authentication;
   8 import org.springframework.security.AuthenticationException;
   9 import org.springframework.security.GrantedAuthority;
  10 import org.springframework.security.GrantedAuthorityImpl;
  11 import org.springframework.security.providers.AuthenticationProvider;
  12
  13 /**
  14  * Validates an OS authentication. The id is that it will always be
  15  * authenticated since we are always runnign within an OS, but the fact that the
  16  * {@link Authentication} works properly depends on the proper OS login module
  17  * having been called as well.
  18  */
  19 public class OsAuthenticationProvider implements AuthenticationProvider {
  20         private String osUserRole = "ROLE_OS_USER";
  21         private String userRole = "ROLE_USER";
  22         private String adminRole = "ROLE_ADMIN";
  23
  24         private Boolean isAdmin = true;
  25
  26         public Authentication authenticate(Authentication authentication)
  27                         throws AuthenticationException {
  28                 return new OsAuthenticationToken(getBaseAuthorities());
  29         }
  30
  31         protected GrantedAuthority[] getBaseAuthorities() {
  32                 List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
  33                 auths.add(new GrantedAuthorityImpl(osUserRole));
  34                 auths.add(new GrantedAuthorityImpl(userRole));
  35                 if (isAdmin)
  36                         auths.add(new GrantedAuthorityImpl(adminRole));
  37                 return auths.toArray(new GrantedAuthority[auths.size()]);
  38         }
  39
  40         @SuppressWarnings("rawtypes")
  41         public boolean supports(Class authentication) {
  42                 return OsAuthenticationToken.class.isAssignableFrom(authentication);
  43         }
  44
  45         public void setOsUserRole(String osUserRole) {
  46                 this.osUserRole = osUserRole;
  47         }
  48
  49         public void setUserRole(String userRole) {
  50                 this.userRole = userRole;
  51         }
  52
  53         public void setAdminRole(String adminRole) {
  54                 this.adminRole = adminRole;
  55         }
  56
  57         public void setIsAdmin(Boolean isAdmin) {
  58                 this.isAdmin = isAdmin;
  59         }
  60
  61 }