1 package org
.argeo
.security
.jcr
;
4 import javax
.jcr
.Repository
;
5 import javax
.jcr
.RepositoryException
;
6 import javax
.jcr
.Session
;
7 import javax
.jcr
.security
.Privilege
;
9 import org
.argeo
.ArgeoException
;
10 import org
.argeo
.jcr
.JcrUtils
;
11 import org
.argeo
.security
.OsAuthenticationToken
;
12 import org
.argeo
.security
.core
.OsAuthenticationProvider
;
13 import org
.springframework
.security
.Authentication
;
14 import org
.springframework
.security
.AuthenticationException
;
16 /** Relies on OS to authenticate and additionally setup JCR */
17 public class OsJcrAuthenticationProvider
extends OsAuthenticationProvider
{
18 private Repository repository
;
19 private String securityWorkspace
= "security";
20 private Session securitySession
;
21 private Session nodeSession
;
25 securitySession
= repository
.login(securityWorkspace
);
26 nodeSession
= repository
.login();
27 } catch (RepositoryException e
) {
28 throw new ArgeoException("Cannot initialize", e
);
32 public void destroy() {
33 JcrUtils
.logoutQuietly(securitySession
);
34 JcrUtils
.logoutQuietly(nodeSession
);
37 public Authentication
authenticate(Authentication authentication
)
38 throws AuthenticationException
{
39 final OsAuthenticationToken authen
= (OsAuthenticationToken
) super
40 .authenticate(authentication
);
42 // WARNING: at this stage we assume that the java properties
43 // will have the same value
44 String username
= System
.getProperty("user.name");
45 Node userProfile
= JcrUtils
.createUserProfileIfNeeded(
46 securitySession
, username
);
47 JcrUserDetails
.checkAccountStatus(userProfile
);
49 // each user should have a writable area in the default workspace of
51 Node userNodeHome
= JcrUtils
.createUserHomeIfNeeded(nodeSession
,
53 // FIXME how to set user home privileges *before* it is created ?
54 // JcrUtils.addPrivilege(nodeSession, userNodeHome.getPath(),
55 // username, Privilege.JCR_ALL);
56 // if (nodeSession.hasPendingChanges())
57 // nodeSession.save();
60 JcrUserDetails userDetails
= new JcrUserDetails(userProfile
, authen
61 .getCredentials().toString(), getBaseAuthorities());
62 authen
.setDetails(userDetails
);
63 } catch (RepositoryException e
) {
64 JcrUtils
.discardQuietly(securitySession
);
65 throw new ArgeoException(
66 "Unexpected exception when synchronizing OS and JCR security ",
69 JcrUtils
.logoutQuietly(securitySession
);
74 public void setSecurityWorkspace(String securityWorkspace
) {
75 this.securityWorkspace
= securityWorkspace
;
78 public void setRepository(Repository repository
) {
79 this.repository
= repository
;