]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Jackrabbit security improved
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.jackrabbit / src / main / java / org / argeo / security / jackrabbit / ArgeoSecurityManager.java
1 package org.argeo.security.jackrabbit;
2
3 import java.util.ArrayList;
4 import java.util.Iterator;
5 import java.util.List;
6 import java.util.Set;
7
8 import javax.jcr.RepositoryException;
9 import javax.security.auth.Subject;
10
11 import org.apache.commons.logging.Log;
12 import org.apache.commons.logging.LogFactory;
13 import org.apache.jackrabbit.api.security.user.Group;
14 import org.apache.jackrabbit.api.security.user.User;
15 import org.apache.jackrabbit.api.security.user.UserManager;
16 import org.apache.jackrabbit.core.DefaultSecurityManager;
17 import org.apache.jackrabbit.core.security.SystemPrincipal;
18 import org.argeo.ArgeoException;
19 import org.springframework.security.Authentication;
20 import org.springframework.security.GrantedAuthority;
21
22 /** Intermediary class in order to have a consistent naming in config files. */
23 public class ArgeoSecurityManager extends DefaultSecurityManager {
24 private Log log = LogFactory.getLog(ArgeoSecurityManager.class);
25
26 @Override
27 /** Since this is called once when the session is created, we take the opportunity to synchronize Spring and Jackrabbit users and groups.*/
28 public String getUserID(Subject subject, String workspaceName)
29 throws RepositoryException {
30 long begin = System.currentTimeMillis();
31
32 if (!subject.getPrincipals(SystemPrincipal.class).isEmpty())
33 return super.getUserID(subject, workspaceName);
34
35 Authentication authen;
36 Set<Authentication> authens = subject
37 .getPrincipals(Authentication.class);
38 if (authens.size() == 0)
39 throw new ArgeoException("No Spring authentication found in "
40 + subject);
41 else
42 authen = authens.iterator().next();
43
44 UserManager systemUm = getSystemUserManager(workspaceName);
45
46 String userId = authen.getName();
47 User user = (User) systemUm.getAuthorizable(userId);
48 if (user == null) {
49 user = systemUm.createUser(userId, authen.getCredentials()
50 .toString(), authen, null);
51 log.info(userId + " added as " + user);
52 }
53
54 List<String> userGroupIds = new ArrayList<String>();
55 for (GrantedAuthority ga : authen.getAuthorities()) {
56 Group group = (Group) systemUm.getAuthorizable(ga.getAuthority());
57 if (group == null) {
58 group = systemUm.createGroup(ga.getAuthority(),
59 new GrantedAuthorityPrincipal(ga), null);
60 log.info(ga.getAuthority() + " added as " + group);
61 }
62 if (!group.isMember(user))
63 group.addMember(user);
64 userGroupIds.add(ga.getAuthority());
65 }
66
67 // check if user has not been removed from some groups
68 for (Iterator<Group> it = user.declaredMemberOf(); it.hasNext();) {
69 Group group = it.next();
70 if (!userGroupIds.contains(group.getID()))
71 group.removeMember(user);
72 }
73
74 if (log.isDebugEnabled())
75 log.debug("Spring and Jackrabbit Security synchronized for user "
76 + userId + " in " + (System.currentTimeMillis() - begin)
77 + " ms");
78 return userId;
79 }
80 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi