- private final BundleContext bundleContext;
-
- private final OsAuthenticationProvider osAuth;
- private final InternalAuthenticationProvider internalAuth;
- private final AnonymousAuthenticationProvider anonymousAuth;
- private final JackrabbitUserAdminService userAdminService;
- private final NodeUserAdmin userAdmin;
-
- private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
- private ServiceRegistration<UserAdminService> userAdminServiceReg;
- private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
-
- private ServiceRegistration<UserAdmin> userAdminReg;
-
- public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
- throws RepositoryException {
- this.bundleContext = bundleContext;
-
- osAuth = new OsAuthenticationProvider();
- internalAuth = new InternalAuthenticationProvider(
- Activator.getSystemKey());
- anonymousAuth = new AnonymousAuthenticationProvider(
- Activator.getSystemKey());
-
- // user admin
- userAdminService = new JackrabbitUserAdminService();
- userAdminService.setRepository(node);
- userAdminService.setSecurityModel(new SimpleJcrSecurityModel());
- userAdminService.init();
-
- userAdmin = new NodeUserAdmin();
-
- String baseDn = "dc=example,dc=com";
- String userAdminUri = KernelUtils
- .getFrameworkProp(KernelConstants.USERADMIN_URI);
- if (userAdminUri == null)
- userAdminUri = getClass().getResource(baseDn + ".ldif").toString();
-
- AbstractLdapUserAdmin businessRoles;
- if (userAdminUri.startsWith("ldap"))
- businessRoles = new LdapUserAdmin(userAdminUri);
- else {
- businessRoles = new LdifUserAdmin(userAdminUri);
- }
- businessRoles.init();
- userAdmin.addUserAdmin(baseDn, businessRoles);
-
- File osgiInstanceDir = KernelUtils.getOsgiInstanceDir();
- File homeDir = new File(osgiInstanceDir, "node");
-
- String baseNodeRoleDn = KernelConstants.ROLES_BASEDN;
- File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif");
- try {
- FileUtils.copyInputStreamToFile(
- getClass().getResourceAsStream("demo.ldif"), nodeRolesFile);
- } catch (IOException e) {
- throw new CmsException("Cannot copy demo resource", e);
- }
- LdifUserAdmin nodeRoles = new LdifUserAdmin(nodeRolesFile.toURI()
- .toString());
- nodeRoles.setExternalRoles(userAdmin);
- nodeRoles.init();
- // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP);
- userAdmin.addUserAdmin(baseNodeRoleDn, nodeRoles);
+ public final static int HARDENED = 3;
+ public final static int STAGING = 2;
+ public final static int DEV = 1;
+
+ private final boolean firstInit;
+
+ private Subject kernelSubject;
+ private int securityLevel = STAGING;
+
+ private final File keyStoreFile;
+
+ public NodeSecurity() {
+ // Configure JAAS first
+ URL url = getClass().getClassLoader().getResource(KernelConstants.JAAS_CONFIG);
+ System.setProperty("java.security.auth.login.config", url.toExternalForm());
+ // log.debug("JASS config: " + url.toExternalForm());
+ // disable Jetty autostart
+ // System.setProperty("org.eclipse.equinox.http.jetty.autostart",
+ // "false");
+
+ firstInit = !new File(getOsgiInstanceDir(), DIR_NODE).exists();