security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrAuthenticationProvider.java

   1 package org.argeo.security.jcr;
   2
   3 import java.util.HashMap;
   4 import java.util.Map;
   5
   6 import javax.jcr.Node;
   7 import javax.jcr.Repository;
   8 import javax.jcr.RepositoryException;
   9 import javax.jcr.RepositoryFactory;
  10 import javax.jcr.Session;
  11 import javax.jcr.SimpleCredentials;
  12
  13 import org.argeo.ArgeoException;
  14 import org.argeo.jcr.ArgeoJcrConstants;
  15 import org.argeo.jcr.JcrUtils;
  16 import org.argeo.security.SiteAuthenticationToken;
  17 import org.springframework.security.Authentication;
  18 import org.springframework.security.AuthenticationException;
  19 import org.springframework.security.GrantedAuthority;
  20 import org.springframework.security.GrantedAuthorityImpl;
  21 import org.springframework.security.providers.AuthenticationProvider;
  22 import org.springframework.security.userdetails.UserDetails;
  23
  24 /** Connects to a JCR repository and delegate authentication to it. */
  25 public class JcrAuthenticationProvider implements AuthenticationProvider {
  26         public final static String ROLE_REMOTE_JCR_AUTHENTICATED = "ROLE_REMOTE_JCR_AUTHENTICATED";
  27
  28         private RepositoryFactory repositoryFactory;
  29
  30         public Authentication authenticate(Authentication authentication)
  31                         throws AuthenticationException {
  32                 if (!(authentication instanceof SiteAuthenticationToken))
  33                         return null;
  34                 SiteAuthenticationToken siteAuth = (SiteAuthenticationToken) authentication;
  35                 String url = siteAuth.getUrl();
  36                 if (url == null)
  37                         return null;
  38
  39                 try {
  40                         Map<String, String> parameters = new HashMap<String, String>();
  41                         parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
  42
  43                         Repository repository = null;
  44                         repository = repositoryFactory.getRepository(parameters);
  45                         if (repository == null)
  46                                 return null;
  47
  48                         SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
  49                                         siteAuth.getCredentials().toString().toCharArray());
  50                         String workspace = siteAuth.getWorkspace();
  51                         Session session;
  52                         if (workspace == null || workspace.trim().equals(""))
  53                                 session = repository.login(sp);
  54                         else
  55                                 session = repository.login(sp, workspace);
  56                         Node userHome = JcrUtils.getUserHome(session);
  57                         if (userHome == null)
  58                                 throw new ArgeoException("No home found for user "
  59                                                 + session.getUserID());
  60                         GrantedAuthority[] authorities = {};
  61                         JcrAuthenticationToken authen = new JcrAuthenticationToken(
  62                                         siteAuth.getPrincipal(), siteAuth.getCredentials(),
  63                                         authorities, url, userHome);
  64                         authen.setDetails(getUserDetails(userHome, authen));
  65                         return authen;
  66                 } catch (RepositoryException e) {
  67                         throw new ArgeoException(
  68                                         "Unexpected exception when authenticating to " + url, e);
  69                 }
  70         }
  71
  72         /**
  73          * By default, assigns only the role {@value #ROLE_REMOTE_JCR_AUTHENTICATED}
  74          * . Should typically be overridden in order to assign more relevant roles.
  75          */
  76         protected GrantedAuthority[] getGrantedAuthorities(Session session) {
  77                 return new GrantedAuthority[] { new GrantedAuthorityImpl(
  78                                 ROLE_REMOTE_JCR_AUTHENTICATED) };
  79         }
  80
  81         /** Builds user details based on the authentication and the user home. */
  82         protected UserDetails getUserDetails(Node userHome, Authentication authen) {
  83                 try {
  84                         // TODO: loads enabled, locked, etc. from the home node.
  85                         return new JcrUserDetails(userHome.getPath(), authen.getPrincipal()
  86                                         .toString(), authen.getCredentials().toString(),
  87                                         isEnabled(userHome), true, true, true,
  88                                         authen.getAuthorities());
  89                 } catch (Exception e) {
  90                         throw new ArgeoException("Cannot get user details for " + userHome,
  91                                         e);
  92                 }
  93         }
  94
  95         protected Boolean isEnabled(Node userHome) {
  96                 return true;
  97         }
  98
  99         @SuppressWarnings("rawtypes")
 100         public boolean supports(Class authentication) {
 101                 return SiteAuthenticationToken.class.isAssignableFrom(authentication);
 102         }
 103
 104         public void register(RepositoryFactory repositoryFactory,
 105                         Map<String, String> parameters) {
 106                 this.repositoryFactory = repositoryFactory;
 107         }
 108
 109         public void unregister(RepositoryFactory repositoryFactory,
 110                         Map<String, String> parameters) {
 111                 this.repositoryFactory = null;
 112         }
 113 }