Use bind authentication in LDAP

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.ldap / src / main / java / org / argeo / security / ldap / jcr / JcrUserDetailsContextMapper.java

diff --git a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java
index 0e8dbab32abff9c117bf466460c9f88126f7579d..6b166d5c5613dfd58483ccc2382758d40e2e5c1a 100644 (file)
--- a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java
+++ b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrUserDetailsContextMapper.java
@@ -9,18 +9,14 @@ import java.util.Random;
 import java.util.concurrent.Executor;
 
 import javax.jcr.Node;
-import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
-import javax.jcr.RepositoryFactory;
 import javax.jcr.Session;
 import javax.jcr.nodetype.NodeType;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.ArgeoException;
-import org.argeo.jcr.ArgeoJcrConstants;
 import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.security.jcr.JcrUserDetails;
 import org.springframework.ldap.core.DirContextAdapter;
@@ -76,10 +72,15 @@ public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
                                userHomePathT.append(userHomepath);
                        }
                };
-               if (SecurityContextHolder.getContext().getAuthentication() == null)// authentication
+
+               if (SecurityContextHolder.getContext().getAuthentication() == null) {
+                       // authentication
                        systemExecutor.execute(action);
-               else
+                       JcrUtils.logoutQuietly(session);
+               } else {
+                       // authenticated user
                        action.run();
+               }
 
                // password
                byte[] arr = (byte[]) ctx
@@ -101,13 +102,14 @@ public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
                        // session = nodeRepo.login();
                        Node userHome = JcrUtils.getUserHome(session, username);
                        if (userHome == null)
-                               userHome = createUserHome(session, username);
+                               userHome = JcrUtils.createUserHome(session, homeBasePath,
+                                               username);
                        String userHomePath = userHome.getPath();
-                       Node userProfile;
-                       if (userHome.hasNode(ARGEO_USER_PROFILE)) {
-                               userProfile = userHome.getNode(ARGEO_USER_PROFILE);
+                       Node userProfile = userHome.getNode(ARGEO_PROFILE);
+                       if (userHome.hasNode(ARGEO_PROFILE)) {
+                               userProfile = userHome.getNode(ARGEO_PROFILE);
                        } else {
-                               userProfile = userHome.addNode(ARGEO_USER_PROFILE);
+                               userProfile = userHome.addNode(ARGEO_PROFILE);
                                userProfile.addMixin(NodeType.MIX_TITLE);
                                userProfile.addMixin(NodeType.MIX_CREATED);
                                userProfile.addMixin(NodeType.MIX_LAST_MODIFIED);
@@ -126,24 +128,6 @@ public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
                }
        }
 
-       protected Node createUserHome(Session session, String username) {
-               try {
-                       Node userHome = JcrUtils.mkdirs(session,
-                                       usernameToHomePath(username));
-                       userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
-                       userHome.setProperty(ARGEO_USER_ID, username);
-                       return userHome;
-               } catch (RepositoryException e) {
-                       throw new ArgeoException("Cannot create home node for user "
-                                       + username, e);
-               }
-       }
-
-       protected String usernameToHomePath(String username) {
-               return homeBasePath + '/' + JcrUtils.firstCharsToPath(username, 2)
-                               + '/' + username;
-       }
-
        public void mapUserToContext(UserDetails user, final DirContextAdapter ctx) {
                if (!(user instanceof JcrUserDetails))
                        throw new ArgeoException("Unsupported user details: "
@@ -157,13 +141,13 @@ public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
                final JcrUserDetails jcrUserDetails = (JcrUserDetails) user;
                // systemExecutor.execute(new Runnable() {
                // public void run() {
-//             Session session = null;
+               // Session session = null;
                try {
                        // Repository nodeRepo = JcrUtils.getRepositoryByAlias(
                        // repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
                        // session = nodeRepo.login();
                        Node userProfile = session.getNode(jcrUserDetails.getHomePath()
-                                       + '/' + ARGEO_USER_PROFILE);
+                                       + '/' + ARGEO_PROFILE);
                        for (String jcrProperty : propertyToAttributes.keySet())
                                jcrToLdap(userProfile, jcrProperty, ctx);
                        if (log.isDebugEnabled())