X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FOsAuthenticationProvider.java;h=3360b1eeae2c2cf5b1fd7bfb908448cc2fc67fe2;hb=0c7d4e488bf4e357ca33329c87a29baae63a5be9;hp=e9c83839f2e35c6d3ca836aa578a1913da517e89;hpb=149023e5969377045847bbecf24b0898b18a67a9;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java index e9c83839f..3360b1eea 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java @@ -10,7 +10,12 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.AuthenticationProvider; -/** Validates an OS authentication. */ +/** + * Validates an OS authentication. The id is that it will always be + * authenticated since we are always runnign within an OS, but the fact that the + * {@link Authentication} works properly depends on the proper OS login module + * having been called as well. + */ public class OsAuthenticationProvider implements AuthenticationProvider { private String osUserRole = "ROLE_OS_USER"; private String userRole = "ROLE_USER"; @@ -20,16 +25,16 @@ public class OsAuthenticationProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (authentication instanceof OsAuthenticationToken) { - List auths = new ArrayList(); - auths.add(new GrantedAuthorityImpl(osUserRole)); - auths.add(new GrantedAuthorityImpl(userRole)); - if (isAdmin) - auths.add(new GrantedAuthorityImpl(adminRole)); - return new OsAuthenticationToken( - auths.toArray(new GrantedAuthority[auths.size()])); - } - return null; + return new OsAuthenticationToken(getBaseAuthorities()); + } + + protected GrantedAuthority[] getBaseAuthorities() { + List auths = new ArrayList(); + auths.add(new GrantedAuthorityImpl(osUserRole)); + auths.add(new GrantedAuthorityImpl(userRole)); + if (isAdmin) + auths.add(new GrantedAuthorityImpl(adminRole)); + return auths.toArray(new GrantedAuthority[auths.size()]); } @SuppressWarnings("rawtypes") @@ -41,6 +46,10 @@ public class OsAuthenticationProvider implements AuthenticationProvider { this.osUserRole = osUserRole; } + public void setUserRole(String userRole) { + this.userRole = userRole; + } + public void setAdminRole(String adminRole) { this.adminRole = adminRole; }