security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java

   1 package org.argeo.security.ldap.jcr;
   2
   3 import java.util.UUID;
   4
   5 import javax.jcr.Node;
   6 import javax.jcr.Repository;
   7 import javax.jcr.RepositoryException;
   8 import javax.jcr.Session;
   9
  10 import org.argeo.ArgeoException;
  11 import org.argeo.jcr.ArgeoNames;
  12 import org.argeo.jcr.JcrUtils;
  13 import org.argeo.security.jcr.JcrUserDetails;
  14 import org.springframework.ldap.core.DirContextAdapter;
  15 import org.springframework.ldap.core.DirContextOperations;
  16 import org.springframework.security.GrantedAuthority;
  17 import org.springframework.security.userdetails.UserDetails;
  18 import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
  19
  20 /** Read only mapping from LDAP to user details */
  21 public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
  22                 ArgeoNames {
  23         /** Admin session on the security workspace */
  24         private Session securitySession;
  25         private Repository repository;
  26         private String securityWorkspace = "security";
  27
  28         public void init() {
  29                 try {
  30                         securitySession = repository.login(securityWorkspace);
  31                 } catch (RepositoryException e) {
  32                         JcrUtils.logoutQuietly(securitySession);
  33                         throw new ArgeoException(
  34                                         "Cannot initialize LDAP/JCR user details context mapper", e);
  35                 }
  36         }
  37
  38         public void destroy() {
  39                 JcrUtils.logoutQuietly(securitySession);
  40         }
  41
  42         /** Called during authentication in order to retrieve user details */
  43         public UserDetails mapUserFromContext(final DirContextOperations ctx,
  44                         final String username, GrantedAuthority[] authorities) {
  45                 if (ctx == null)
  46                         throw new ArgeoException("No LDAP information for user " + username);
  47                 Node userHome = JcrUtils.getUserHome(securitySession, username);
  48                 if (userHome == null)
  49                         throw new ArgeoException("No JCR information for user " + username);
  50
  51                 // password
  52                 // SortedSet<?> passwordAttributes = ctx
  53                 // .getAttributeSortedStringSet(passwordAttribute);
  54                 // String password;
  55                 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
  56                 // throw new ArgeoException("No password found for user " + username);
  57                 // } else {
  58                 // byte[] arr = (byte[]) passwordAttributes.first();
  59                 // password = new String(arr);
  60                 // // erase password
  61                 // Arrays.fill(arr, (byte) 0);
  62                 // }
  63
  64                 try {
  65                         // we don't have access to password, so let's not pretend
  66                         String password = UUID.randomUUID().toString();
  67                         return new JcrUserDetails(userHome.getNode(ARGEO_PROFILE),
  68                                         password, authorities);
  69                 } catch (RepositoryException e) {
  70                         throw new ArgeoException("Cannot retrieve user details for "
  71                                         + username, e);
  72                 }
  73         }
  74
  75         public void mapUserToContext(UserDetails user, final DirContextAdapter ctx) {
  76                 throw new UnsupportedOperationException("LDAP access is read-only");
  77         }
  78
  79 }