]> git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java
Introduce JcrUserDetails LDAP context mapper
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.ldap / src / main / java / org / argeo / security / ldap / jcr / JcrUserDetailsContextMapper.java
1 package org.argeo.security.ldap.jcr;
2
3 import java.util.UUID;
4
5 import javax.jcr.Node;
6 import javax.jcr.Repository;
7 import javax.jcr.RepositoryException;
8 import javax.jcr.Session;
9
10 import org.argeo.ArgeoException;
11 import org.argeo.jcr.ArgeoNames;
12 import org.argeo.jcr.JcrUtils;
13 import org.argeo.security.jcr.JcrUserDetails;
14 import org.springframework.ldap.core.DirContextAdapter;
15 import org.springframework.ldap.core.DirContextOperations;
16 import org.springframework.security.GrantedAuthority;
17 import org.springframework.security.userdetails.UserDetails;
18 import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
19
20 /** Read only mapping from LDAP to user details */
21 public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
22 ArgeoNames {
23 /** Admin session on the security workspace */
24 private Session securitySession;
25 private Repository repository;
26 private String securityWorkspace = "security";
27
28 public void init() {
29 try {
30 securitySession = repository.login(securityWorkspace);
31 } catch (RepositoryException e) {
32 JcrUtils.logoutQuietly(securitySession);
33 throw new ArgeoException(
34 "Cannot initialize LDAP/JCR user details context mapper", e);
35 }
36 }
37
38 public void destroy() {
39 JcrUtils.logoutQuietly(securitySession);
40 }
41
42 /** Called during authentication in order to retrieve user details */
43 public UserDetails mapUserFromContext(final DirContextOperations ctx,
44 final String username, GrantedAuthority[] authorities) {
45 if (ctx == null)
46 throw new ArgeoException("No LDAP information for user " + username);
47 Node userHome = JcrUtils.getUserHome(securitySession, username);
48 if (userHome == null)
49 throw new ArgeoException("No JCR information for user " + username);
50
51 // password
52 // SortedSet<?> passwordAttributes = ctx
53 // .getAttributeSortedStringSet(passwordAttribute);
54 // String password;
55 // if (passwordAttributes == null || passwordAttributes.size() == 0) {
56 // throw new ArgeoException("No password found for user " + username);
57 // } else {
58 // byte[] arr = (byte[]) passwordAttributes.first();
59 // password = new String(arr);
60 // // erase password
61 // Arrays.fill(arr, (byte) 0);
62 // }
63
64 try {
65 // we don't have access to password, so let's not pretend
66 String password = UUID.randomUUID().toString();
67 return new JcrUserDetails(userHome.getNode(ARGEO_PROFILE),
68 password, authorities);
69 } catch (RepositoryException e) {
70 throw new ArgeoException("Cannot retrieve user details for "
71 + username, e);
72 }
73 }
74
75 public void mapUserToContext(UserDetails user, final DirContextAdapter ctx) {
76 throw new UnsupportedOperationException("LDAP access is read-only");
77 }
78
79 }