1 package org
.argeo
.security
.jackrabbit
;
3 import java
.security
.Principal
;
4 import java
.security
.acl
.Group
;
5 import java
.util
.LinkedHashSet
;
9 import javax
.jcr
.Credentials
;
10 import javax
.jcr
.RepositoryException
;
11 import javax
.jcr
.Session
;
12 import javax
.jcr
.SimpleCredentials
;
13 import javax
.security
.auth
.callback
.CallbackHandler
;
14 import javax
.security
.auth
.login
.LoginException
;
16 import org
.apache
.jackrabbit
.core
.security
.AnonymousPrincipal
;
17 import org
.apache
.jackrabbit
.core
.security
.authentication
.AbstractLoginModule
;
18 import org
.apache
.jackrabbit
.core
.security
.authentication
.Authentication
;
19 import org
.apache
.jackrabbit
.core
.security
.principal
.AdminPrincipal
;
20 import org
.argeo
.security
.SystemAuthentication
;
21 import org
.springframework
.security
.GrantedAuthority
;
22 import org
.springframework
.security
.context
.SecurityContextHolder
;
23 import org
.springframework
.security
.providers
.anonymous
.AnonymousAuthenticationToken
;
25 public class ArgeoLoginModule
extends AbstractLoginModule
{
26 private String adminRole
= "ROLE_ADMIN";
29 * Returns the Spring {@link org.springframework.security.Authentication}
33 protected Principal
getPrincipal(Credentials credentials
) {
34 org
.springframework
.security
.Authentication authen
= SecurityContextHolder
35 .getContext().getAuthentication();
39 protected Set
<Principal
> getPrincipals() {
40 // use linked HashSet instead of HashSet in order to maintain the order
41 // of principals (as in the Subject).
42 Set
<Principal
> principals
= new LinkedHashSet
<Principal
>();
43 principals
.add(principal
);
45 org
.springframework
.security
.Authentication authen
= (org
.springframework
.security
.Authentication
) principal
;
47 if (authen
instanceof SystemAuthentication
)
48 principals
.add(new AdminPrincipal(authen
.getName()));
49 else if (authen
instanceof AnonymousAuthenticationToken
)
50 principals
.add(new AnonymousPrincipal());
52 for (GrantedAuthority ga
: authen
.getAuthorities()) {
53 if (adminRole
.equals(ga
.getAuthority()))
54 principals
.add(new AdminPrincipal(authen
.getName()));
57 // override credentials since we did not used the one passed to us
58 credentials
= new SimpleCredentials(authen
.getName(), authen
59 .getCredentials().toString().toCharArray());
64 @SuppressWarnings("rawtypes")
66 protected void doInit(CallbackHandler callbackHandler
, Session session
,
67 Map options
) throws LoginException
{
71 protected boolean impersonate(Principal principal
, Credentials credentials
)
72 throws RepositoryException
, LoginException
{
73 throw new UnsupportedOperationException(
74 "Impersonation is not yet supported");
78 protected Authentication
getAuthentication(final Principal principal
,
79 Credentials creds
) throws RepositoryException
{
80 if (principal
instanceof Group
) {
83 return new Authentication() {
84 public boolean canHandle(Credentials credentials
) {
85 return principal
instanceof org
.springframework
.security
.Authentication
;
88 public boolean authenticate(Credentials credentials
)
89 throws RepositoryException
{
90 return ((org
.springframework
.security
.Authentication
) principal
)