1 package org
.argeo
.security
.jcr
;
3 import java
.util
.ArrayList
;
7 import javax
.jcr
.Property
;
8 import javax
.jcr
.RepositoryException
;
9 import javax
.jcr
.Session
;
11 import org
.argeo
.jcr
.ArgeoNames
;
12 import org
.argeo
.jcr
.JcrUtils
;
13 import org
.springframework
.security
.BadCredentialsException
;
14 import org
.springframework
.security
.DisabledException
;
15 import org
.springframework
.security
.GrantedAuthority
;
16 import org
.springframework
.security
.GrantedAuthorityImpl
;
17 import org
.springframework
.security
.LockedException
;
18 import org
.springframework
.security
.userdetails
.User
;
20 /** User details based on a user profile node. */
21 public class JcrUserDetails
extends User
implements ArgeoNames
{
22 private static final long serialVersionUID
= -8142764995842559646L;
23 private final String homePath
;
24 private final String securityWorkspace
;
26 /** Human readable user name */
27 private String displayName
;
29 protected JcrUserDetails(String securityWorkspace
, String homePath
,
30 String username
, String password
, boolean enabled
,
31 boolean accountNonExpired
, boolean credentialsNonExpired
,
32 boolean accountNonLocked
, GrantedAuthority
[] authorities
)
33 throws IllegalArgumentException
{
34 super(username
, password
, enabled
, accountNonExpired
,
35 credentialsNonExpired
, accountNonLocked
, authorities
);
36 this.homePath
= homePath
;
37 this.securityWorkspace
= securityWorkspace
;
40 public JcrUserDetails(Node userProfile
, String password
,
41 GrantedAuthority
[] authorities
) throws RepositoryException
{
43 userProfile
.getProperty(ARGEO_USER_ID
).getString(),
45 userProfile
.getProperty(ARGEO_ENABLED
).getBoolean(),
46 userProfile
.getProperty(ARGEO_ACCOUNT_NON_EXPIRED
).getBoolean(),
47 userProfile
.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED
)
48 .getBoolean(), userProfile
.getProperty(
49 ARGEO_ACCOUNT_NON_LOCKED
).getBoolean(), authorities
);
50 // human readable name
51 if (userProfile
.hasProperty(Property
.JCR_TITLE
)) {
52 displayName
= userProfile
.getProperty(Property
.JCR_TITLE
)
54 if (displayName
.trim().equals(""))
57 if (displayName
== null)
58 displayName
= userProfile
.getProperty(ARGEO_USER_ID
).getString();
59 // home is defined as the parent of the profile
60 homePath
= userProfile
.getParent().getPath();
61 securityWorkspace
= userProfile
.getSession().getWorkspace().getName();
65 * Convenience constructor
68 * the security session
72 * the password, can be null
74 * the granted authorities
76 public JcrUserDetails(Session session
, String username
, String password
,
77 GrantedAuthority
[] authorities
) throws RepositoryException
{
78 this(JcrUtils
.getUserProfile(session
, username
),
79 password
!= null ? password
: "", authorities
);
83 * Check the account status in JCR, throwing the exceptions expected by
84 * Spring security if needed.
86 public static void checkAccountStatus(Node userProfile
) {
88 if (!userProfile
.getProperty(ARGEO_ENABLED
).getBoolean())
89 throw new DisabledException(userProfile
.getPath()
91 if (!userProfile
.getProperty(ARGEO_ACCOUNT_NON_LOCKED
).getBoolean())
92 throw new LockedException(userProfile
.getPath() + " is locked");
93 } catch (RepositoryException e
) {
94 throw new BadCredentialsException("Cannot check account status", e
);
98 /** Clone immutable with new roles */
99 public JcrUserDetails
cloneWithNewRoles(List
<String
> roles
) {
100 List
<GrantedAuthority
> authorities
= new ArrayList
<GrantedAuthority
>();
101 for (String role
: roles
) {
102 authorities
.add(new GrantedAuthorityImpl(role
));
104 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
105 getPassword(), isEnabled(), isAccountNonExpired(),
106 isAccountNonExpired(), isAccountNonLocked(),
107 authorities
.toArray(new GrantedAuthority
[authorities
.size()]));
110 /** Clone immutable with new password */
111 public JcrUserDetails
cloneWithNewPassword(String password
) {
112 return new JcrUserDetails(securityWorkspace
, homePath
, getUsername(),
113 password
, isEnabled(), isAccountNonExpired(),
114 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
117 public String
getHomePath() {
122 public String
getSecurityWorkspace() {
123 return securityWorkspace
;
126 /** The human readable name of this user */
127 public String
getDisplayName() {
132 public String
toString() {
133 return getDisplayName();