security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java

   1 package org.argeo.security.jcr;
   2
   3 import java.util.Map;
   4 import java.util.concurrent.Executor;
   5
   6 import javax.jcr.Node;
   7 import javax.jcr.Repository;
   8 import javax.jcr.RepositoryException;
   9 import javax.jcr.Session;
  10
  11 import org.argeo.ArgeoException;
  12 import org.argeo.jcr.JcrUtils;
  13 import org.argeo.security.OsAuthenticationToken;
  14 import org.argeo.security.SystemExecutionService;
  15 import org.argeo.security.core.OsAuthenticationProvider;
  16 import org.springframework.security.Authentication;
  17 import org.springframework.security.AuthenticationException;
  18 import org.springframework.security.userdetails.UserDetails;
  19
  20 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
  21         private Executor systemExecutor;
  22         private String homeBasePath = "/home";
  23         private Repository repository;
  24         private String workspace = null;
  25
  26         private Long timeout = 5 * 60 * 1000l;
  27
  28         public Authentication authenticate(Authentication authentication)
  29                         throws AuthenticationException {
  30                 final OsAuthenticationToken authen = (OsAuthenticationToken) super
  31                                 .authenticate(authentication);
  32                 final Repository repository = getRepositoryBlocking();
  33                 systemExecutor.execute(new Runnable() {
  34                         public void run() {
  35                                 Session session = null;
  36                                 try {
  37                                         session = repository.login(workspace);
  38                                         // WARNING: at this stage we assume that teh java properties
  39                                         // will have the same value
  40                                         String userName = System.getProperty("user.name");
  41                                         Node userHome = JcrUtils.getUserHome(session, userName);
  42                                         if (userHome == null)
  43                                                 userHome = JcrUtils.createUserHome(session,
  44                                                                 homeBasePath, userName);
  45                                         // authen.setDetails(getUserDetails(userHome, authen));
  46                                 } catch (RepositoryException e) {
  47                                         throw new ArgeoException(
  48                                                         "Unexpected exception when synchronizing OS and JCR security ",
  49                                                         e);
  50                                 } finally {
  51                                         JcrUtils.logoutQuietly(session);
  52                                 }
  53                         }
  54                 });
  55                 return authen;
  56         }
  57
  58         /** Builds user details based on the authentication and the user home. */
  59         protected UserDetails getUserDetails(Node userHome, Authentication authen) {
  60                 try {
  61                         // TODO: loads enabled, locked, etc. from the home node.
  62                         return new JcrUserDetails(userHome.getPath(), authen.getPrincipal()
  63                                         .toString(), authen.getCredentials().toString(),
  64                                         isEnabled(userHome), true, true, true,
  65                                         authen.getAuthorities());
  66                 } catch (Exception e) {
  67                         throw new ArgeoException("Cannot get user details for " + userHome,
  68                                         e);
  69                 }
  70         }
  71
  72         protected Boolean isEnabled(Node userHome) {
  73                 return true;
  74         }
  75
  76         protected Repository getRepositoryBlocking() {
  77                 long begin = System.currentTimeMillis();
  78                 while (repository == null) {
  79                         synchronized (this) {
  80                                 try {
  81                                         wait(500);
  82                                 } catch (InterruptedException e) {
  83                                         // silent
  84                                 }
  85                         }
  86                         if (System.currentTimeMillis() - begin > timeout)
  87                                 throw new ArgeoException("No repository registered after "
  88                                                 + timeout + " ms");
  89                 }
  90                 return repository;
  91         }
  92
  93         public synchronized void register(Repository repository,
  94                         Map<String, String> parameters) {
  95                 this.repository = repository;
  96                 notifyAll();
  97         }
  98
  99         public synchronized void unregister(Repository repository,
 100                         Map<String, String> parameters) {
 101                 this.repository = null;
 102                 notifyAll();
 103         }
 104
 105         public void register(SystemExecutionService systemExecutor,
 106                         Map<String, String> parameters) {
 107                 this.systemExecutor = systemExecutor;
 108         }
 109
 110         public void unregister(SystemExecutionService systemExecutor,
 111                         Map<String, String> parameters) {
 112                 this.systemExecutor = null;
 113         }
 114
 115         public void setHomeBasePath(String homeBasePath) {
 116                 this.homeBasePath = homeBasePath;
 117         }
 118
 119         public void setWorkspace(String workspace) {
 120                 this.workspace = workspace;
 121         }
 122
 123 }