Restructure JCR repository wrappers

[lgpl/argeo-commons.git] / security / plugins / org.argeo.security.equinox / src / main / java / org / argeo / security / equinox / SpringLoginModule.java

diff --git a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index 71ce5715bc937f5d6a4d310d913aa24af8c3da71..adeec870eadfd137c746863ab125366f9eb9a0cd 100644 (file)
--- a/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -1,6 +1,22 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.equinox;
 
 import java.util.Map;
+import java.util.UUID;
 
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -15,7 +31,10 @@ import org.argeo.security.NodeAuthenticationToken;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.BadCredentialsException;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
 import org.springframework.security.providers.jaas.SecurityContextLoginModule;
 
 /** Login module which caches one subject per thread. */
@@ -33,6 +52,10 @@ public class SpringLoginModule extends SecurityContextLoginModule {
        private Long waitBetweenFailedLoginAttempts = 5 * 1000l;
 
        private Boolean remote = false;
+       private Boolean anonymous = false;
+
+       private String key = null;
+       private String anonymousRole = "ROLE_ANONYMOUS";
 
        public SpringLoginModule() {
 
@@ -52,6 +75,10 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                        if (SecurityContextHolder.getContext().getAuthentication() != null)
                                return super.login();
 
+                       if (remote && anonymous)
+                               throw new LoginException(
+                                               "Cannot have a Spring login module which is remote and anonymous");
+
                        // reset all principals and credentials
                        if (log.isTraceEnabled())
                                log.trace("Resetting all principals and credentials of "
@@ -63,6 +90,20 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                        if (subject.getPublicCredentials() != null)
                                subject.getPublicCredentials().clear();
 
+                       // deals first with public access since it's simple
+                       if (anonymous) {
+                               // TODO integrate with JCR?
+                               Object principal = UUID.randomUUID().toString();
+                               GrantedAuthority[] authorities = { new GrantedAuthorityImpl(
+                                               anonymousRole) };
+                               AnonymousAuthenticationToken anonymousToken = new AnonymousAuthenticationToken(
+                                               key, principal, authorities);
+                               Authentication auth = authenticationManager
+                                               .authenticate(anonymousToken);
+                               registerAuthentication(auth);
+                               return super.login();
+                       }
+
                        if (callbackHandler == null)
                                throw new LoginException("No call back handler available");
 
@@ -70,18 +111,15 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                        NameCallback nameCallback = new NameCallback("User");
                        PasswordCallback passwordCallback = new PasswordCallback(
                                        "Password", false);
-                       final String defaultNodeUrl = "http://localhost:7070/org.argeo.jcr.webapp/remoting/node";
-                       final String defaultSecurityWorkspace = "security";
+                       final String defaultNodeUrl = System.getProperty(NODE_REPO_URI,
+                                       "http://localhost:7070/org.argeo.jcr.webapp/remoting/node");
                        NameCallback urlCallback = new NameCallback("Site URL",
                                        defaultNodeUrl);
-                       NameCallback securityWorkspaceCallback = new NameCallback(
-                                       "Security Workspace", defaultSecurityWorkspace);
 
                        // handle callbacks
                        if (remote)
                                callbackHandler.handle(new Callback[] { nameCallback,
-                                               passwordCallback, urlCallback,
-                                               securityWorkspaceCallback });
+                                               passwordCallback, urlCallback });
                        else
                                callbackHandler.handle(new Callback[] { nameCallback,
                                                passwordCallback });
@@ -98,9 +136,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                        NodeAuthenticationToken credentials;
                        if (remote) {
                                String url = urlCallback.getName();
-                               String workspace = securityWorkspaceCallback.getName();
                                credentials = new NodeAuthenticationToken(username, password,
-                                               url, workspace);
+                                               url);
                        } else {
                                credentials = new NodeAuthenticationToken(username, password);
                        }
@@ -154,7 +191,26 @@ public class SpringLoginModule extends SecurityContextLoginModule {
                this.authenticationManager = authenticationManager;
        }
 
+       /** Authenticates on a remote node */
        public void setRemote(Boolean remote) {
                this.remote = remote;
        }
+
+       /**
+        * Request anonymous authentication (incompatible with remote)
+        */
+       public void setAnonymous(Boolean anonymous) {
+               this.anonymous = anonymous;
+       }
+
+       /** Role identifying an anonymous user */
+       public void setAnonymousRole(String anonymousRole) {
+               this.anonymousRole = anonymousRole;
+       }
+
+       /** System key */
+       public void setKey(String key) {
+               this.key = key;
+       }
+
 }