-import org.argeo.cms.KernelHeader;
-import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel;
-import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService;
-import org.argeo.osgi.useradmin.AbstractLdapUserAdmin;
-import org.argeo.osgi.useradmin.LdapUserAdmin;
-import org.argeo.osgi.useradmin.LdifUserAdmin;
-import org.argeo.security.OsAuthenticationToken;
-import org.argeo.security.UserAdminService;
-import org.argeo.security.core.InternalAuthentication;
-import org.argeo.security.core.InternalAuthenticationProvider;
-import org.argeo.security.core.OsAuthenticationProvider;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceRegistration;
-import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.UserAdmin;
-import org.springframework.security.authentication.AnonymousAuthenticationProvider;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.provisioning.UserDetailsManager;
-
-/** Authentication and user management. */
-class NodeSecurity implements AuthenticationManager {
- private final static Log log = LogFactory.getLog(NodeSecurity.class);
-
- private final BundleContext bundleContext;
-
- private final OsAuthenticationProvider osAuth;
- private final InternalAuthenticationProvider internalAuth;
- private final AnonymousAuthenticationProvider anonymousAuth;
- private final JackrabbitUserAdminService userAdminService;
- private final NodeUserAdmin userAdmin;
-
- private ServiceRegistration<AuthenticationManager> authenticationManagerReg;
- private ServiceRegistration<UserAdminService> userAdminServiceReg;
- private ServiceRegistration<UserDetailsManager> userDetailsManagerReg;
-
- private ServiceRegistration<UserAdmin> userAdminReg;
-
- public NodeSecurity(BundleContext bundleContext, JackrabbitNode node)
- throws RepositoryException {
- this.bundleContext = bundleContext;
-
- osAuth = new OsAuthenticationProvider();
- internalAuth = new InternalAuthenticationProvider(
- Activator.getSystemKey());
- anonymousAuth = new AnonymousAuthenticationProvider(
- Activator.getSystemKey());
-
- // user admin
- userAdminService = new JackrabbitUserAdminService();
- userAdminService.setRepository(node);
- userAdminService.setSecurityModel(new SimpleJcrSecurityModel());
- userAdminService.init();
-
- userAdmin = new NodeUserAdmin();
-
- String baseDn = "dc=example,dc=com";
- String userAdminUri = KernelUtils
- .getFrameworkProp(KernelConstants.USERADMIN_URI);
- if (userAdminUri == null)
- userAdminUri = getClass().getResource(baseDn + ".ldif").toString();
-
- AbstractLdapUserAdmin businessRoles;
- if (userAdminUri.startsWith("ldap"))
- businessRoles = new LdapUserAdmin(userAdminUri);
- else {
- businessRoles = new LdifUserAdmin(userAdminUri);
- }
- businessRoles.init();
- userAdmin.addUserAdmin(baseDn, businessRoles);
+import org.argeo.cms.auth.AuthConstants;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+/** Low-level kernel security */
+class NodeSecurity implements KernelConstants {
+ public final static int HARDENED = 3;
+ public final static int STAGING = 2;
+ public final static int DEV = 1;
+
+ private final boolean firstInit;
+
+ private final Subject kernelSubject;
+ private int securityLevel = STAGING;
+
+ private final File keyStoreFile;
+
+ public NodeSecurity() {
+ // Configure JAAS first
+ URL url = getClass().getClassLoader().getResource(
+ KernelConstants.JAAS_CONFIG);
+ System.setProperty("java.security.auth.login.config",
+ url.toExternalForm());
+ // log.debug("JASS config: " + url.toExternalForm());
+ // disable Jetty autostart
+ // System.setProperty("org.eclipse.equinox.http.jetty.autostart",
+ // "false");
+
+ firstInit = !new File(getOsgiInstanceDir(), DIR_NODE).exists();
+
+ this.keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(),
+ "node.p12");
+ this.kernelSubject = logInKernel();
+ }