Update license headers

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / OsJcrAuthenticationProvider.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
index bccd1c616d67c1aed8fec1d55ed77f24e683bdb5..4f3e6a18e5a5ff0e3c4bf058c3664d915b79cbc2 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
@@ -1,9 +1,25 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.jcr;
 
 import javax.jcr.Node;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.security.Privilege;
 
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
@@ -12,15 +28,17 @@ import org.argeo.security.core.OsAuthenticationProvider;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;
 
-/** Relies on OS to authenticate and additionaly setup JCR */
+/** Relies on OS to authenticate and additionally setup JCR */
 public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
        private Repository repository;
        private String securityWorkspace = "security";
        private Session securitySession;
+       private Session nodeSession;
 
        public void init() {
                try {
                        securitySession = repository.login(securityWorkspace);
+                       nodeSession = repository.login();
                } catch (RepositoryException e) {
                        throw new ArgeoException("Cannot initialize", e);
                }
@@ -28,6 +46,7 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
 
        public void destroy() {
                JcrUtils.logoutQuietly(securitySession);
+               JcrUtils.logoutQuietly(nodeSession);
        }
 
        public Authentication authenticate(Authentication authentication)
@@ -40,8 +59,18 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
                        String username = System.getProperty("user.name");
                        Node userProfile = JcrUtils.createUserProfileIfNeeded(
                                        securitySession, username);
-
                        JcrUserDetails.checkAccountStatus(userProfile);
+
+                       // each user should have a writable area in the default workspace of
+                       // the node
+                       Node userNodeHome = JcrUtils.createUserHomeIfNeeded(nodeSession,
+                                       username);
+                       // FIXME how to set user home privileges *before* it is created ?
+                       // JcrUtils.addPrivilege(nodeSession, userNodeHome.getPath(),
+                       // username, Privilege.JCR_ALL);
+                       // if (nodeSession.hasPendingChanges())
+                       // nodeSession.save();
+
                        // user details
                        JcrUserDetails userDetails = new JcrUserDetails(userProfile, authen
                                        .getCredentials().toString(), getBaseAuthorities());