]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
a3a6d42d6ee85f43969205bd7fdca6a13c38e301
1 package org
.argeo
.security
.jackrabbit
;
3 import java
.util
.ArrayList
;
4 import java
.util
.Iterator
;
8 import javax
.jcr
.RepositoryException
;
9 import javax
.security
.auth
.Subject
;
11 import org
.apache
.commons
.logging
.Log
;
12 import org
.apache
.commons
.logging
.LogFactory
;
13 import org
.apache
.jackrabbit
.api
.security
.user
.Group
;
14 import org
.apache
.jackrabbit
.api
.security
.user
.User
;
15 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
16 import org
.apache
.jackrabbit
.core
.DefaultSecurityManager
;
17 import org
.apache
.jackrabbit
.core
.security
.SystemPrincipal
;
18 import org
.argeo
.ArgeoException
;
19 import org
.springframework
.security
.Authentication
;
20 import org
.springframework
.security
.GrantedAuthority
;
22 /** Intermediary class in order to have a consistent naming in config files. */
23 public class ArgeoSecurityManager
extends DefaultSecurityManager
{
24 private Log log
= LogFactory
.getLog(ArgeoSecurityManager
.class);
27 /** Since this is called once when the session is created, we take the opportunity to synchronize Spring and Jackrabbit users and groups.*/
28 public String
getUserID(Subject subject
, String workspaceName
)
29 throws RepositoryException
{
30 long begin
= System
.currentTimeMillis();
32 if (!subject
.getPrincipals(SystemPrincipal
.class).isEmpty())
33 return super.getUserID(subject
, workspaceName
);
35 Authentication authen
;
36 Set
<Authentication
> authens
= subject
37 .getPrincipals(Authentication
.class);
38 if (authens
.size() == 0)
39 throw new ArgeoException("No Spring authentication found in "
42 authen
= authens
.iterator().next();
44 UserManager systemUm
= getSystemUserManager(workspaceName
);
46 String userId
= authen
.getName();
47 User user
= (User
) systemUm
.getAuthorizable(userId
);
49 user
= systemUm
.createUser(userId
, authen
.getCredentials()
50 .toString(), authen
, null);
51 log
.info(userId
+ " added as " + user
);
54 List
<String
> userGroupIds
= new ArrayList
<String
>();
55 for (GrantedAuthority ga
: authen
.getAuthorities()) {
56 Group group
= (Group
) systemUm
.getAuthorizable(ga
.getAuthority());
58 group
= systemUm
.createGroup(ga
.getAuthority(),
59 new GrantedAuthorityPrincipal(ga
), null);
60 log
.info(ga
.getAuthority() + " added as " + group
);
62 if (!group
.isMember(user
))
63 group
.addMember(user
);
64 userGroupIds
.add(ga
.getAuthority());
67 // check if user has not been removed from some groups
68 for (Iterator
<Group
> it
= user
.declaredMemberOf(); it
.hasNext();) {
69 Group group
= it
.next();
70 if (!userGroupIds
.contains(group
.getID()))
71 group
.removeMember(user
);
74 if (log
.isDebugEnabled())
75 log
.debug("Spring and Jackrabbit Security synchronized for user "
76 + userId
+ " in " + (System
.currentTimeMillis() - begin
)