Restructure JCR repository wrappers

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / jcr / RemoteJcrAuthenticationProvider.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java

index f61d37ab2abb951d0996124fef31608dc035843d..09e723930579f9e36d31cff0f4f3ddec98d9608d 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/RemoteJcrAuthenticationProvider.java
@@ -16,11 +16,9 @@
  package org.argeo.security.jcr;
  
  import java.util.ArrayList;
-import java.util.HashMap;
  import java.util.List;
-import java.util.Map;
+import java.util.Properties;
  
-import javax.jcr.Credentials;
  import javax.jcr.Node;
  import javax.jcr.Repository;
  import javax.jcr.RepositoryException;
@@ -34,6 +32,7 @@ import org.argeo.jcr.ArgeoJcrConstants;
  import org.argeo.jcr.ArgeoNames;
  import org.argeo.jcr.UserJcrUtils;
  import org.argeo.security.NodeAuthenticationToken;
+import org.osgi.framework.BundleContext;
  import org.springframework.security.Authentication;
  import org.springframework.security.AuthenticationException;
  import org.springframework.security.BadCredentialsException;
@@ -45,44 +44,63 @@ import org.springframework.security.providers.AuthenticationProvider;
  public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
                 ArgeoNames {
         private RepositoryFactory repositoryFactory;
+       private BundleContext bundleContext;
  
         public Authentication authenticate(Authentication authentication)
                         throws AuthenticationException {
                 NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
                 String url = siteAuth.getUrl();
-               if (url == null)
-                       return null;
+               if (url == null)// TODO? login on own node
+                       throw new ArgeoException("No url set in " + siteAuth);
                 Session session;
-               Node userProfile;
  
+               Node userProfile;
                 try {
                         SimpleCredentials sp = new SimpleCredentials(siteAuth.getName(),
                                         siteAuth.getCredentials().toString().toCharArray());
                         // get repository
-                       Repository repository = getRepository(url, sp);
-                       if (repository == null)
-                               return null;
+                       Repository repository = new RemoteJcrRepositoryWrapper(
+                                       repositoryFactory, url, sp);
+                       if (bundleContext != null) {
+                               Properties serviceProperties = new Properties();
+                               serviceProperties.setProperty(
+                                               ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
+                                               ArgeoJcrConstants.ALIAS_NODE);
+                               serviceProperties.setProperty(
+                                               ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
+                               bundleContext.registerService(Repository.class.getName(),
+                                               repository, serviceProperties);
+                       }
+                       // Repository repository = ArgeoJcrUtils.getRepositoryByUri(
+                       // repositoryFactory, url);
+                       // if (repository == null)
+                       // throw new ArgeoException("Cannot connect to " + url);
  
-                       String workspace = siteAuth.getSecurityWorkspace();
-                       session = repository.login(sp, workspace);
-                       Node userHome = UserJcrUtils.getUserHome(session);
-                       if (userHome == null || !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
-                               throw new ArgeoException("No profile for user "
-                                               + siteAuth.getName() + " in security workspace "
-                                               + siteAuth.getSecurityWorkspace() + " of "
-                                               + siteAuth.getUrl());
-                       userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
+                       session = repository.login(sp, null);
+
+                       userProfile = UserJcrUtils.getUserProfile(session, sp.getUserID());
+                       JcrUserDetails.checkAccountStatus(userProfile);
+
+                       // Node userHome = UserJcrUtils.getUserHome(session);
+                       // if (userHome == null ||
+                       // !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
+                       // throw new ArgeoException("No profile for user "
+                       // + siteAuth.getName() + " in security workspace "
+                       // + siteAuth.getSecurityWorkspace() + " of "
+                       // + siteAuth.getUrl());
+                       // userProfile = userHome.getNode(ArgeoNames.ARGEO_PROFILE);
                 } catch (RepositoryException e) {
                         throw new BadCredentialsException(
                                         "Cannot authenticate " + siteAuth, e);
                 }
  
                 try {
-                       JcrUserDetails.checkAccountStatus(userProfile);
+                       Node userHome = UserJcrUtils.getUserHome(session);
                         // retrieve remote roles
                         List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
-                       if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
-                               Value[] roles = userProfile.getProperty(
+                       if (userHome != null
+                                       && userHome.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
+                               Value[] roles = userHome.getProperty(
                                                 ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
                                 for (int i = 0; i < roles.length; i++)
                                         authoritiesList.add(new GrantedAuthorityImpl(roles[i]
@@ -104,13 +122,6 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
                 }
         }
  
-       protected Repository getRepository(String url, Credentials credentials)
-                       throws RepositoryException {
-               Map<String, String> parameters = new HashMap<String, String>();
-               parameters.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, url);
-               return repositoryFactory.getRepository(parameters);
-       }
-
         @SuppressWarnings("rawtypes")
         public boolean supports(Class authentication) {
                 return NodeAuthenticationToken.class.isAssignableFrom(authentication);
@@ -120,4 +131,8 @@ public class RemoteJcrAuthenticationProvider implements AuthenticationProvider,
                 this.repositoryFactory = repositoryFactory;
         }
  
+       public void setBundleContext(BundleContext bundleContext) {
+               this.bundleContext = bundleContext;
+       }
+
  }