+++ /dev/null
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.argeo.security.core;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.argeo.security.OsAuthenticationToken;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationException;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.GrantedAuthorityImpl;
-import org.springframework.security.providers.AuthenticationProvider;
-
-/**
- * Validates an OS authentication. The id is that it will always be
- * authenticated since we are always runnign within an OS, but the fact that the
- * {@link Authentication} works properly depends on the proper OS login module
- * having been called as well. TODO make it more configurable (base roles, is
- * admin)
- */
-public class OsAuthenticationProvider implements AuthenticationProvider {
- final static String osUserRole = "ROLE_OS_USER";
- final static String userRole = "ROLE_USER";
- final static String adminRole = "ROLE_ADMIN";
-
- final static Boolean isAdmin = true;
-
- public Authentication authenticate(Authentication authentication)
- throws AuthenticationException {
- return new OsAuthenticationToken(getBaseAuthorities());
- }
-
- public static GrantedAuthority[] getBaseAuthorities() {
- List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
- auths.add(new GrantedAuthorityImpl(osUserRole));
- auths.add(new GrantedAuthorityImpl(userRole));
- if (isAdmin)
- auths.add(new GrantedAuthorityImpl(adminRole));
- return auths.toArray(new GrantedAuthority[auths.size()]);
- }
-
- @SuppressWarnings("rawtypes")
- public boolean supports(Class authentication) {
- return OsAuthenticationToken.class.isAssignableFrom(authentication);
- }
-
-}