2 * Copyright (C) 2007-2012 Mathieu Baudier
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.ldap
.jcr
;
18 import java
.util
.UUID
;
20 import javax
.jcr
.Node
;
21 import javax
.jcr
.Repository
;
22 import javax
.jcr
.RepositoryException
;
23 import javax
.jcr
.Session
;
25 import org
.argeo
.ArgeoException
;
26 import org
.argeo
.jcr
.ArgeoNames
;
27 import org
.argeo
.jcr
.JcrUtils
;
28 import org
.argeo
.security
.jcr
.JcrUserDetails
;
29 import org
.springframework
.ldap
.core
.DirContextAdapter
;
30 import org
.springframework
.ldap
.core
.DirContextOperations
;
31 import org
.springframework
.security
.GrantedAuthority
;
32 import org
.springframework
.security
.userdetails
.UserDetails
;
33 import org
.springframework
.security
.userdetails
.ldap
.UserDetailsContextMapper
;
35 /** Read only mapping from LDAP to user details */
36 public class JcrUserDetailsContextMapper
implements UserDetailsContextMapper
,
38 /** Admin session on the security workspace */
39 private Session securitySession
;
40 private Repository repository
;
41 private String securityWorkspace
= "security";
45 securitySession
= repository
.login(securityWorkspace
);
46 } catch (RepositoryException e
) {
47 JcrUtils
.logoutQuietly(securitySession
);
48 throw new ArgeoException(
49 "Cannot initialize LDAP/JCR user details context mapper", e
);
53 public void destroy() {
54 JcrUtils
.logoutQuietly(securitySession
);
57 /** Called during authentication in order to retrieve user details */
58 public UserDetails
mapUserFromContext(final DirContextOperations ctx
,
59 final String username
, GrantedAuthority
[] authorities
) {
61 throw new ArgeoException("No LDAP information for user " + username
);
62 Node userHome
= JcrUtils
.getUserHome(securitySession
, username
);
64 throw new ArgeoException("No JCR information for user " + username
);
67 // SortedSet<?> passwordAttributes = ctx
68 // .getAttributeSortedStringSet(passwordAttribute);
70 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
71 // throw new ArgeoException("No password found for user " + username);
73 // byte[] arr = (byte[]) passwordAttributes.first();
74 // password = new String(arr);
76 // Arrays.fill(arr, (byte) 0);
80 // we don't have access to password, so let's not pretend
81 String password
= UUID
.randomUUID().toString();
82 return new JcrUserDetails(userHome
.getNode(ARGEO_PROFILE
),
83 password
, authorities
);
84 } catch (RepositoryException e
) {
85 throw new ArgeoException("Cannot retrieve user details for "
90 public void mapUserToContext(UserDetails user
, final DirContextAdapter ctx
) {
91 throw new UnsupportedOperationException("LDAP access is read-only");