X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=5e9877935495ec113540de8f918ed06d0f4ddc0d;hb=40c3800ea57d5de136137e3fb0ff07cf54f2df48;hp=d0aec2023cbcaccbf32eca9594d00dfec0d77d0c;hpb=6e7769555f6ee64159bbdb5780e34957d6d8895e;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index d0aec2023..5e9877935 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -1,19 +1,20 @@ package org.argeo.cms.internal.kernel; -import java.net.URL; - import javax.jcr.RepositoryException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.internal.useradmin.JcrUserAdmin; -import org.argeo.security.SecurityUtils; +import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel; +import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService; +import org.argeo.osgi.useradmin.AbstractLdapUserAdmin; +import org.argeo.osgi.useradmin.LdapUserAdmin; +import org.argeo.osgi.useradmin.LdifUserAdmin; +import org.argeo.security.OsAuthenticationToken; import org.argeo.security.UserAdminService; import org.argeo.security.core.InternalAuthentication; import org.argeo.security.core.InternalAuthenticationProvider; -import org.argeo.security.jcr.SimpleJcrSecurityModel; -import org.argeo.security.jcr.jackrabbit.JackrabbitUserAdminService; +import org.argeo.security.core.OsAuthenticationProvider; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceRegistration; import org.osgi.service.useradmin.UserAdmin; @@ -31,10 +32,11 @@ class NodeSecurity implements AuthenticationManager { private final BundleContext bundleContext; + private final OsAuthenticationProvider osAuth; private final InternalAuthenticationProvider internalAuth; private final AnonymousAuthenticationProvider anonymousAuth; private final JackrabbitUserAdminService userAdminService; - private final JcrUserAdmin userAdmin; + private final AbstractLdapUserAdmin userAdmin; private ServiceRegistration authenticationManagerReg; private ServiceRegistration userAdminServiceReg; @@ -44,17 +46,13 @@ class NodeSecurity implements AuthenticationManager { public NodeSecurity(BundleContext bundleContext, JackrabbitNode node) throws RepositoryException { - URL url = getClass().getClassLoader().getResource( - KernelConstants.JAAS_CONFIG); - System.setProperty("java.security.auth.login.config", - url.toExternalForm()); - this.bundleContext = bundleContext; + osAuth = new OsAuthenticationProvider(); internalAuth = new InternalAuthenticationProvider( - SecurityUtils.getStaticKey()); + Activator.getSystemKey()); anonymousAuth = new AnonymousAuthenticationProvider( - SecurityUtils.getStaticKey()); + Activator.getSystemKey()); // user admin userAdminService = new JackrabbitUserAdminService(); @@ -62,8 +60,15 @@ class NodeSecurity implements AuthenticationManager { userAdminService.setSecurityModel(new SimpleJcrSecurityModel()); userAdminService.init(); - userAdmin = new JcrUserAdmin(bundleContext, node); - userAdmin.setUserAdminService(userAdminService); + String userAdminUri = KernelUtils + .getFrameworkProp(KernelConstants.USERADMIN_URI); + if (userAdminUri == null) + userAdminUri = getClass().getResource("demo.ldif").toString(); + + if (userAdminUri.startsWith("ldap")) + userAdmin = new LdapUserAdmin(userAdminUri); + else + userAdmin = new LdifUserAdmin(userAdminUri); } public void publish() { @@ -86,6 +91,8 @@ class NodeSecurity implements AuthenticationManager { userDetailsManagerReg.unregister(); userAdminServiceReg.unregister(); authenticationManagerReg.unregister(); + + userAdmin.destroy(); userAdminReg.unregister(); } @@ -99,6 +106,8 @@ class NodeSecurity implements AuthenticationManager { auth = anonymousAuth.authenticate(authentication); else if (authentication instanceof UsernamePasswordAuthenticationToken) auth = userAdminService.authenticate(authentication); + else if (authentication instanceof OsAuthenticationToken) + auth = osAuth.authenticate(authentication); if (auth == null) throw new CmsException("Could not authenticate " + authentication); return auth;