+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.argeo.security.jcr;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.version.VersionManager;
+import javax.jcr.security.Privilege;
import org.argeo.ArgeoException;
-import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.OsAuthenticationToken;
import org.argeo.security.core.OsAuthenticationProvider;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
-/** Relies on OS to authenticate and additionaly setup JCR */
+/** Relies on OS to authenticate and additionally setup JCR */
public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
private Repository repository;
private String securityWorkspace = "security";
private Session securitySession;
+ private Session nodeSession;
public void init() {
try {
securitySession = repository.login(securityWorkspace);
+ nodeSession = repository.login();
} catch (RepositoryException e) {
throw new ArgeoException("Cannot initialize", e);
}
public void destroy() {
JcrUtils.logoutQuietly(securitySession);
+ JcrUtils.logoutQuietly(nodeSession);
}
public Authentication authenticate(Authentication authentication)
// WARNING: at this stage we assume that the java properties
// will have the same value
String username = System.getProperty("user.name");
- Node userHome = JcrUtils.createUserHomeIfNeeded(securitySession,
+ Node userProfile = JcrUtils.createUserProfileIfNeeded(
+ securitySession, username);
+ JcrUserDetails.checkAccountStatus(userProfile);
+
+ // each user should have a writable area in the default workspace of
+ // the node
+ Node userNodeHome = JcrUtils.createUserHomeIfNeeded(nodeSession,
username);
- Node userProfile = userHome.hasNode(ArgeoNames.ARGEO_PROFILE) ? userHome
- .getNode(ArgeoNames.ARGEO_PROFILE) : JcrUtils
- .createUserProfile(securitySession, username);
- if (securitySession.hasPendingChanges())
- securitySession.save();
- VersionManager versionManager = securitySession.getWorkspace()
- .getVersionManager();
- if (versionManager.isCheckedOut(userProfile.getPath()))
- versionManager.checkin(userProfile.getPath());
+ // FIXME how to set user home privileges *before* it is created ?
+ // JcrUtils.addPrivilege(nodeSession, userNodeHome.getPath(),
+ // username, Privilege.JCR_ALL);
+ // if (nodeSession.hasPendingChanges())
+ // nodeSession.save();
- JcrUserDetails.checkAccountStatus(userProfile);
// user details
JcrUserDetails userDetails = new JcrUserDetails(userProfile, authen
.getCredentials().toString(), getBaseAuthorities());