X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=0b6ce9a85fce0badb73613fbb298c53e15842100;hb=268e023a9de5db2549431a4415e584ac68a4f98b;hp=f2cffb3ad8d479220c7e0485d93a6699ca6a1e6c;hpb=25071ab6bcb2df1fa4057c2c04137f2d606772e7;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index f2cffb3ad..0b6ce9a85 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -8,6 +8,7 @@ import java.security.KeyStore; import java.security.Provider; import java.security.Security; import java.util.Arrays; +import java.util.Hashtable; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -19,14 +20,10 @@ import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.x500.X500Principal; -import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; import org.argeo.cms.KernelHeader; -import org.argeo.osgi.useradmin.AbstractUserDirectory; -import org.argeo.osgi.useradmin.LdapUserAdmin; -import org.argeo.osgi.useradmin.LdifUserAdmin; import org.argeo.security.crypto.PkiUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.osgi.framework.BundleContext; @@ -57,14 +54,7 @@ class NodeSecurity implements AuthenticationManager { private final NodeUserAdmin userAdmin; private final Subject kernelSubject; - // private final OsAuthenticationProvider osAuth; - // private final InternalAuthenticationProvider internalAuth; - // private final AnonymousAuthenticationProvider anonymousAuth; - // private final JackrabbitUserAdminService userAdminService; - private ServiceRegistration authenticationManagerReg; - // private ServiceRegistration userAdminServiceReg; - // private ServiceRegistration userDetailsManagerReg; private ServiceRegistration userAdminReg; @@ -77,69 +67,7 @@ class NodeSecurity implements AuthenticationManager { this.bundleContext = bundleContext; this.kernelSubject = logKernel(); - - // osAuth = new OsAuthenticationProvider(); - // internalAuth = new InternalAuthenticationProvider( - // Activator.getSystemKey()); - // anonymousAuth = new AnonymousAuthenticationProvider( - // Activator.getSystemKey()); - - // user admin - // userAdminService = new JackrabbitUserAdminService(); - // userAdminService.setRepository(node); - // userAdminService.setSecurityModel(new SimpleJcrSecurityModel()); - // userAdminService.init(); - userAdmin = new NodeUserAdmin(); - - File osgiInstanceDir = KernelUtils.getOsgiInstanceDir(); - File homeDir = new File(osgiInstanceDir, "node"); - homeDir.mkdirs(); - - String userAdminUri = KernelUtils - .getFrameworkProp(KernelConstants.USERADMIN_URI); - String baseDn = "dc=example,dc=com"; - if (userAdminUri == null) { - File businessRolesFile = new File(homeDir, baseDn + ".ldif"); - // userAdminUri = getClass().getResource(baseDn + - // ".ldif").toString(); - if (!businessRolesFile.exists()) - try { - FileUtils.copyInputStreamToFile(getClass() - .getResourceAsStream(baseDn + ".ldif"), - businessRolesFile); - } catch (IOException e) { - throw new CmsException("Cannot copy demo resource", e); - } - userAdminUri = businessRolesFile.toURI().toString(); - } - - AbstractUserDirectory businessRoles; - if (userAdminUri.startsWith("ldap")) - businessRoles = new LdapUserAdmin(userAdminUri); - else { - businessRoles = new LdifUserAdmin(userAdminUri); - } - businessRoles.init(); - userAdmin.addUserAdmin(baseDn, businessRoles); - - String baseNodeRoleDn = KernelHeader.ROLES_BASEDN; - File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif"); - if (!nodeRolesFile.exists()) - try { - FileUtils.copyInputStreamToFile( - getClass().getResourceAsStream("demo.ldif"), - nodeRolesFile); - } catch (IOException e) { - throw new CmsException("Cannot copy demo resource", e); - } - LdifUserAdmin nodeRoles = new LdifUserAdmin(nodeRolesFile.toURI() - .toString(), false); - nodeRoles.setExternalRoles(userAdmin); - nodeRoles.init(); - // nodeRoles.createRole(KernelHeader.ROLE_ADMIN, Role.GROUP); - userAdmin.addUserAdmin(baseNodeRoleDn, nodeRoles); - } private Subject logKernel() { @@ -173,27 +101,17 @@ class NodeSecurity implements AuthenticationManager { } public void publish() { + userAdminReg = bundleContext.registerService(UserAdmin.class, + userAdmin, userAdmin.currentState()); + // dummy auth manager, in order to smooth transition from Argeo 1 authenticationManagerReg = bundleContext.registerService( AuthenticationManager.class, this, null); - // userAdminServiceReg = bundleContext.registerService( - // UserAdminService.class, userAdminService, null); - // userDetailsManagerReg = bundleContext.registerService( - // UserDetailsManager.class, userAdminService, null); - userAdminReg = bundleContext.registerService(UserAdmin.class, - userAdmin, null); } void destroy() { - // try { - // userAdminService.destroy(); - // } catch (RepositoryException e) { - // log.error("Error while destroying Jackrabbit useradmin"); - // } - // userDetailsManagerReg.unregister(); - // userAdminServiceReg.unregister(); authenticationManagerReg.unregister(); - // userAdmin.destroy(); + userAdmin.destroy(); userAdminReg.unregister(); // Logout kernel @@ -219,21 +137,9 @@ class NodeSecurity implements AuthenticationManager { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { - log.error("Authentication manager is deprectaed and should not be used."); - // Authentication auth = null; - // if (authentication instanceof InternalAuthentication) - // auth = internalAuth.authenticate(authentication); - // else if (authentication instanceof AnonymousAuthenticationToken) - // auth = anonymousAuth.authenticate(authentication); - // else if (authentication instanceof - // UsernamePasswordAuthenticationToken) - // auth = userAdminService.authenticate(authentication); - // else if (authentication instanceof OsAuthenticationToken) - // auth = osAuth.authenticate(authentication); - // if (auth == null) - // throw new CmsException("Could not authenticate " + authentication); + log.error("Authentication manager is deprecated and should not be used."); throw new ProviderNotFoundException( - "Authentication manager is deprectaed and should not be used."); + "Authentication manager is deprecated and should not be used."); } private void createKeyStoreIfNeeded() { @@ -248,12 +154,10 @@ class NodeSecurity implements AuthenticationManager { PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal(KernelHeader.ROLE_KERNEL), keyPwd); PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore); - } catch (Exception e) { throw new CmsException("Cannot create key store " + keyStoreFile, e); } } } - }