1 package org
.argeo
.security
.ldap
.jcr
;
6 import javax
.jcr
.Repository
;
7 import javax
.jcr
.RepositoryException
;
8 import javax
.jcr
.Session
;
10 import org
.argeo
.ArgeoException
;
11 import org
.argeo
.jcr
.ArgeoNames
;
12 import org
.argeo
.jcr
.JcrUtils
;
13 import org
.argeo
.security
.jcr
.JcrUserDetails
;
14 import org
.springframework
.ldap
.core
.DirContextAdapter
;
15 import org
.springframework
.ldap
.core
.DirContextOperations
;
16 import org
.springframework
.security
.GrantedAuthority
;
17 import org
.springframework
.security
.userdetails
.UserDetails
;
18 import org
.springframework
.security
.userdetails
.ldap
.UserDetailsContextMapper
;
20 /** Read only mapping from LDAP to user details */
21 public class JcrUserDetailsContextMapper
implements UserDetailsContextMapper
,
23 /** Admin session on the security workspace */
24 private Session securitySession
;
25 private Repository repository
;
26 private String securityWorkspace
= "security";
30 securitySession
= repository
.login(securityWorkspace
);
31 } catch (RepositoryException e
) {
32 JcrUtils
.logoutQuietly(securitySession
);
33 throw new ArgeoException(
34 "Cannot initialize LDAP/JCR user details context mapper", e
);
38 public void destroy() {
39 JcrUtils
.logoutQuietly(securitySession
);
42 /** Called during authentication in order to retrieve user details */
43 public UserDetails
mapUserFromContext(final DirContextOperations ctx
,
44 final String username
, GrantedAuthority
[] authorities
) {
46 throw new ArgeoException("No LDAP information for user " + username
);
47 Node userHome
= JcrUtils
.getUserHome(securitySession
, username
);
49 throw new ArgeoException("No JCR information for user " + username
);
52 // SortedSet<?> passwordAttributes = ctx
53 // .getAttributeSortedStringSet(passwordAttribute);
55 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
56 // throw new ArgeoException("No password found for user " + username);
58 // byte[] arr = (byte[]) passwordAttributes.first();
59 // password = new String(arr);
61 // Arrays.fill(arr, (byte) 0);
65 // we don't have access to password, so let's not pretend
66 String password
= UUID
.randomUUID().toString();
67 return new JcrUserDetails(userHome
.getNode(ARGEO_PROFILE
),
68 password
, authorities
);
69 } catch (RepositoryException e
) {
70 throw new ArgeoException("Cannot retrieve user details for "
75 public void mapUserToContext(UserDetails user
, final DirContextAdapter ctx
) {
76 throw new UnsupportedOperationException("LDAP access is read-only");