security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrUserDetails.java

   1 package org.argeo.security.jcr;
   2
   3 import java.util.ArrayList;
   4 import java.util.List;
   5
   6 import javax.jcr.Node;
   7 import javax.jcr.Property;
   8 import javax.jcr.RepositoryException;
   9 import javax.jcr.Session;
  10
  11 import org.argeo.jcr.ArgeoNames;
  12 import org.argeo.jcr.JcrUtils;
  13 import org.springframework.security.BadCredentialsException;
  14 import org.springframework.security.DisabledException;
  15 import org.springframework.security.GrantedAuthority;
  16 import org.springframework.security.GrantedAuthorityImpl;
  17 import org.springframework.security.LockedException;
  18 import org.springframework.security.userdetails.User;
  19
  20 /** User details based on a user profile node. */
  21 public class JcrUserDetails extends User implements ArgeoNames {
  22         private static final long serialVersionUID = -8142764995842559646L;
  23         private final String homePath;
  24         private final String securityWorkspace;
  25
  26         /** Human readable user name */
  27         private String displayName;
  28
  29         protected JcrUserDetails(String securityWorkspace, String homePath,
  30                         String username, String password, boolean enabled,
  31                         boolean accountNonExpired, boolean credentialsNonExpired,
  32                         boolean accountNonLocked, GrantedAuthority[] authorities)
  33                         throws IllegalArgumentException {
  34                 super(username, password, enabled, accountNonExpired,
  35                                 credentialsNonExpired, accountNonLocked, authorities);
  36                 this.homePath = homePath;
  37                 this.securityWorkspace = securityWorkspace;
  38         }
  39
  40         public JcrUserDetails(Node userProfile, String password,
  41                         GrantedAuthority[] authorities) throws RepositoryException {
  42                 super(
  43                                 userProfile.getProperty(ARGEO_USER_ID).getString(),
  44                                 password,
  45                                 userProfile.getProperty(ARGEO_ENABLED).getBoolean(),
  46                                 userProfile.getProperty(ARGEO_ACCOUNT_NON_EXPIRED).getBoolean(),
  47                                 userProfile.getProperty(ARGEO_CREDENTIALS_NON_EXPIRED)
  48                                                 .getBoolean(), userProfile.getProperty(
  49                                                 ARGEO_ACCOUNT_NON_LOCKED).getBoolean(), authorities);
  50                 // human readable name
  51                 if (userProfile.hasProperty(Property.JCR_TITLE)) {
  52                         displayName = userProfile.getProperty(Property.JCR_TITLE)
  53                                         .getString();
  54                         if (displayName.trim().equals(""))
  55                                 displayName = null;
  56                 }
  57                 if (displayName == null)
  58                         displayName = userProfile.getProperty(ARGEO_USER_ID).getString();
  59                 // home is defined as the parent of the profile
  60                 homePath = userProfile.getParent().getPath();
  61                 securityWorkspace = userProfile.getSession().getWorkspace().getName();
  62         }
  63
  64         /**
  65          * Convenience constructor
  66          *
  67          * @param session
  68          *            the security session
  69          * @param username
  70          *            the username
  71          * @param password
  72          *            the password, can be null
  73          * @param authorities
  74          *            the granted authorities
  75          */
  76         public JcrUserDetails(Session session, String username, String password,
  77                         GrantedAuthority[] authorities) throws RepositoryException {
  78                 this(JcrUtils.getUserProfile(session, username),
  79                                 password != null ? password : "", authorities);
  80         }
  81
  82         /**
  83          * Check the account status in JCR, throwing the exceptions expected by
  84          * Spring security if needed.
  85          */
  86         public static void checkAccountStatus(Node userProfile) {
  87                 try {
  88                         if (!userProfile.getProperty(ARGEO_ENABLED).getBoolean())
  89                                 throw new DisabledException(userProfile.getPath()
  90                                                 + " is disabled");
  91                         if (!userProfile.getProperty(ARGEO_ACCOUNT_NON_LOCKED).getBoolean())
  92                                 throw new LockedException(userProfile.getPath() + " is locked");
  93                 } catch (RepositoryException e) {
  94                         throw new BadCredentialsException("Cannot check account status", e);
  95                 }
  96         }
  97
  98         /** Clone immutable with new roles */
  99         public JcrUserDetails cloneWithNewRoles(List<String> roles) {
 100                 List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
 101                 for (String role : roles) {
 102                         authorities.add(new GrantedAuthorityImpl(role));
 103                 }
 104                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 105                                 getPassword(), isEnabled(), isAccountNonExpired(),
 106                                 isAccountNonExpired(), isAccountNonLocked(),
 107                                 authorities.toArray(new GrantedAuthority[authorities.size()]));
 108         }
 109
 110         /** Clone immutable with new password */
 111         public JcrUserDetails cloneWithNewPassword(String password) {
 112                 return new JcrUserDetails(securityWorkspace, homePath, getUsername(),
 113                                 password, isEnabled(), isAccountNonExpired(),
 114                                 isAccountNonExpired(), isAccountNonLocked(), getAuthorities());
 115         }
 116
 117         public String getHomePath() {
 118                 return homePath;
 119         }
 120
 121         /** Not yet API */
 122         public String getSecurityWorkspace() {
 123                 return securityWorkspace;
 124         }
 125
 126         /** The human readable name of this user */
 127         public String getDisplayName() {
 128                 return displayName;
 129         }
 130
 131         @Override
 132         public String toString() {
 133                 return getDisplayName();
 134         }
 135
 136 }