X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=f279ba5eab329d02ed5010ee2a848475c2d3b47d;hb=998f2785e9571572c21117da28fbd1d681cc33a4;hp=6ad8fb15c582f61968813cfae4c0d6c7f0202788;hpb=559786a622e24c7d213960a7873e105db82a03ab;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index 6ad8fb15c..f279ba5ea 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -1,21 +1,23 @@ package org.argeo.cms.internal.kernel; +import java.net.URL; + import javax.jcr.RepositoryException; -import javax.security.auth.spi.LoginModule; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; +import org.argeo.cms.internal.useradmin.JcrUserAdmin; +import org.argeo.cms.internal.useradmin.SimpleJcrSecurityModel; +import org.argeo.cms.internal.useradmin.jackrabbit.JackrabbitUserAdminService; +import org.argeo.security.OsAuthenticationToken; import org.argeo.security.UserAdminService; import org.argeo.security.core.InternalAuthentication; import org.argeo.security.core.InternalAuthenticationProvider; -import org.argeo.security.core.ThreadedLoginModule; -import org.argeo.security.jcr.SimpleJcrSecurityModel; -import org.argeo.security.jcr.jackrabbit.JackrabbitUserAdminService; -import org.eclipse.rap.rwt.RWT; -import org.eclipse.swt.widgets.Display; +import org.argeo.security.core.OsAuthenticationProvider; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceRegistration; +import org.osgi.service.useradmin.UserAdmin; import org.springframework.security.authentication.AnonymousAuthenticationProvider; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.AuthenticationManager; @@ -30,59 +32,66 @@ class NodeSecurity implements AuthenticationManager { private final BundleContext bundleContext; + private final OsAuthenticationProvider osAuth; private final InternalAuthenticationProvider internalAuth; private final AnonymousAuthenticationProvider anonymousAuth; - private final JackrabbitUserAdminService jackrabbitUserAdmin; - private Login loginModule; + private final JackrabbitUserAdminService userAdminService; + private final JcrUserAdmin userAdmin; private ServiceRegistration authenticationManagerReg; - private ServiceRegistration userAdminReg; + private ServiceRegistration userAdminServiceReg; private ServiceRegistration userDetailsManagerReg; - private ServiceRegistration loginModuleReg; + + private ServiceRegistration userAdminReg; public NodeSecurity(BundleContext bundleContext, JackrabbitNode node) throws RepositoryException { + URL url = getClass().getClassLoader().getResource( + KernelConstants.JAAS_CONFIG); + System.setProperty("java.security.auth.login.config", + url.toExternalForm()); + this.bundleContext = bundleContext; + osAuth = new OsAuthenticationProvider(); internalAuth = new InternalAuthenticationProvider( - KernelConstants.DEFAULT_SECURITY_KEY); + Activator.getSystemKey()); anonymousAuth = new AnonymousAuthenticationProvider( - KernelConstants.DEFAULT_SECURITY_KEY); + Activator.getSystemKey()); // user admin - jackrabbitUserAdmin = new JackrabbitUserAdminService(); - jackrabbitUserAdmin.setRepository(node); - jackrabbitUserAdmin.setSecurityModel(new SimpleJcrSecurityModel()); - jackrabbitUserAdmin.init(); + userAdminService = new JackrabbitUserAdminService(); + userAdminService.setRepository(node); + userAdminService.setSecurityModel(new SimpleJcrSecurityModel()); + userAdminService.init(); - loginModule = new Login(); + userAdmin = new JcrUserAdmin(bundleContext, node); + userAdmin.setUserAdminService(userAdminService); } public void publish() { authenticationManagerReg = bundleContext.registerService( AuthenticationManager.class, this, null); - userAdminReg = bundleContext.registerService(UserAdminService.class, - jackrabbitUserAdmin, null); + userAdminServiceReg = bundleContext.registerService( + UserAdminService.class, userAdminService, null); userDetailsManagerReg = bundleContext.registerService( - UserDetailsManager.class, jackrabbitUserAdmin, null); - // userAdminReg = - // bundleContext.registerService(UserDetailsService.class, - // jackrabbitUserAdmin, null); - - loginModuleReg = bundleContext.registerService(LoginModule.class, - loginModule, null); + UserDetailsManager.class, userAdminService, null); + userAdminReg = bundleContext.registerService(UserAdmin.class, + userAdmin, null); } void destroy() { try { - jackrabbitUserAdmin.destroy(); + userAdminService.destroy(); } catch (RepositoryException e) { log.error("Error while destroying Jackrabbit useradmin"); } userDetailsManagerReg.unregister(); - userAdminReg.unregister(); + userAdminServiceReg.unregister(); authenticationManagerReg.unregister(); - loginModuleReg.unregister(); + + userAdmin.destroy(); + userAdminReg.unregister(); } @Override @@ -94,23 +103,11 @@ class NodeSecurity implements AuthenticationManager { else if (authentication instanceof AnonymousAuthenticationToken) auth = anonymousAuth.authenticate(authentication); else if (authentication instanceof UsernamePasswordAuthenticationToken) - auth = jackrabbitUserAdmin.authenticate(authentication); + auth = userAdminService.authenticate(authentication); + else if (authentication instanceof OsAuthenticationToken) + auth = osAuth.authenticate(authentication); if (auth == null) throw new CmsException("Could not authenticate " + authentication); return auth; } - - private class Login extends ThreadedLoginModule { - - @Override - protected LoginModule createLoginModule() { - SpringLoginModule springLoginModule = new SpringLoginModule(); - springLoginModule.setAuthenticationManager(NodeSecurity.this); - if (Display.getCurrent() != null) { - - } - return springLoginModule; - } - - } }