1 package org
.argeo
.security
.jcr
;
3 import java
.util
.HashMap
;
7 import javax
.jcr
.Repository
;
8 import javax
.jcr
.RepositoryException
;
9 import javax
.jcr
.RepositoryFactory
;
10 import javax
.jcr
.Session
;
11 import javax
.jcr
.SimpleCredentials
;
13 import org
.argeo
.ArgeoException
;
14 import org
.argeo
.jcr
.ArgeoJcrConstants
;
15 import org
.argeo
.jcr
.JcrUtils
;
16 import org
.argeo
.security
.SiteAuthenticationToken
;
17 import org
.springframework
.security
.Authentication
;
18 import org
.springframework
.security
.AuthenticationException
;
19 import org
.springframework
.security
.GrantedAuthority
;
20 import org
.springframework
.security
.GrantedAuthorityImpl
;
21 import org
.springframework
.security
.providers
.AuthenticationProvider
;
22 import org
.springframework
.security
.userdetails
.UserDetails
;
24 /** Connects to a JCR repository and delegate authentication to it. */
25 public class JcrAuthenticationProvider
implements AuthenticationProvider
{
26 public final static String ROLE_REMOTE_JCR_AUTHENTICATED
= "ROLE_REMOTE_JCR_AUTHENTICATED";
28 private RepositoryFactory repositoryFactory
;
30 public Authentication
authenticate(Authentication authentication
)
31 throws AuthenticationException
{
32 if (!(authentication
instanceof SiteAuthenticationToken
))
34 SiteAuthenticationToken siteAuth
= (SiteAuthenticationToken
) authentication
;
35 String url
= siteAuth
.getUrl();
40 Map
<String
, String
> parameters
= new HashMap
<String
, String
>();
41 parameters
.put(ArgeoJcrConstants
.JCR_REPOSITORY_URI
, url
);
43 Repository repository
= null;
44 repository
= repositoryFactory
.getRepository(parameters
);
45 if (repository
== null)
48 SimpleCredentials sp
= new SimpleCredentials(siteAuth
.getName(),
49 siteAuth
.getCredentials().toString().toCharArray());
50 String workspace
= siteAuth
.getWorkspace();
52 if (workspace
== null || workspace
.trim().equals(""))
53 session
= repository
.login(sp
);
55 session
= repository
.login(sp
, workspace
);
56 Node userHome
= JcrUtils
.getUserHome(session
);
58 throw new ArgeoException("No home found for user "
59 + session
.getUserID());
60 GrantedAuthority
[] authorities
= {};
61 JcrAuthenticationToken authen
= new JcrAuthenticationToken(
62 siteAuth
.getPrincipal(), siteAuth
.getCredentials(),
63 authorities
, url
, userHome
);
64 authen
.setDetails(getUserDetails(userHome
, authen
));
66 } catch (RepositoryException e
) {
67 throw new ArgeoException(
68 "Unexpected exception when authenticating to " + url
, e
);
73 * By default, assigns only the role {@value #ROLE_REMOTE_JCR_AUTHENTICATED}
74 * . Should typically be overridden in order to assign more relevant roles.
76 protected GrantedAuthority
[] getGrantedAuthorities(Session session
) {
77 return new GrantedAuthority
[] { new GrantedAuthorityImpl(
78 ROLE_REMOTE_JCR_AUTHENTICATED
) };
81 /** Builds user details based on the authentication and the user home. */
82 protected UserDetails
getUserDetails(Node userHome
,
83 JcrAuthenticationToken authen
) {
85 // TODO: loads enabled, locked, etc. from the home node.
86 return new JcrUserDetails(userHome
.getPath(), authen
.getPrincipal()
87 .toString(), authen
.getCredentials().toString(),
89 true, true, true, authen
.getAuthorities());
90 } catch (Exception e
) {
91 throw new ArgeoException("Cannot get user details for " + userHome
,
96 protected Boolean
isEnabled(Node userHome
){
100 @SuppressWarnings("rawtypes")
101 public boolean supports(Class authentication
) {
102 return SiteAuthenticationToken
.class.isAssignableFrom(authentication
);
105 public void register(RepositoryFactory repositoryFactory
,
106 Map
<String
, String
> parameters
) {
107 this.repositoryFactory
= repositoryFactory
;
110 public void unregister(RepositoryFactory repositoryFactory
,
111 Map
<String
, String
> parameters
) {
112 this.repositoryFactory
= null;