X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FOsAuthenticationProvider.java;h=3360b1eeae2c2cf5b1fd7bfb908448cc2fc67fe2;hb=6bb0606505be3e99021c5ff9771c719eb1e1f2e7;hp=524e73f8f7cdf4d440d7eb7b5e0fc89aab492868;hpb=01be94b42cb907c24a6d1112e326600f1fbeaab1;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java index 524e73f8f..3360b1eea 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/OsAuthenticationProvider.java @@ -10,7 +10,12 @@ import org.springframework.security.GrantedAuthority; import org.springframework.security.GrantedAuthorityImpl; import org.springframework.security.providers.AuthenticationProvider; -/** Validates an OS authentication. */ +/** + * Validates an OS authentication. The id is that it will always be + * authenticated since we are always runnign within an OS, but the fact that the + * {@link Authentication} works properly depends on the proper OS login module + * having been called as well. + */ public class OsAuthenticationProvider implements AuthenticationProvider { private String osUserRole = "ROLE_OS_USER"; private String userRole = "ROLE_USER"; @@ -20,16 +25,16 @@ public class OsAuthenticationProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (!(authentication instanceof OsAuthenticationToken)) - return null; + return new OsAuthenticationToken(getBaseAuthorities()); + } + protected GrantedAuthority[] getBaseAuthorities() { List auths = new ArrayList(); auths.add(new GrantedAuthorityImpl(osUserRole)); auths.add(new GrantedAuthorityImpl(userRole)); if (isAdmin) auths.add(new GrantedAuthorityImpl(adminRole)); - return new OsAuthenticationToken( - auths.toArray(new GrantedAuthority[auths.size()])); + return auths.toArray(new GrantedAuthority[auths.size()]); } @SuppressWarnings("rawtypes")