X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FOsJcrAuthenticationProvider.java;h=e6f90b165c08cc9efc6d498d88d16f68d5bf5e73;hb=484dcb1507e4e35cc282e50522ea7eac7e99a7f9;hp=192d2fdb2f801ee51a0beed4a77079c3d270edf4;hpb=149023e5969377045847bbecf24b0898b18a67a9;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java index 192d2fdb2..e6f90b165 100644 --- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java +++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java @@ -1,96 +1,78 @@ package org.argeo.security.jcr; -import java.util.Map; -import java.util.concurrent.Executor; - import javax.jcr.Node; +import javax.jcr.Repository; import javax.jcr.RepositoryException; -import javax.jcr.RepositoryFactory; import javax.jcr.Session; +import javax.jcr.version.VersionManager; import org.argeo.ArgeoException; +import org.argeo.jcr.ArgeoNames; import org.argeo.jcr.JcrUtils; import org.argeo.security.OsAuthenticationToken; import org.argeo.security.core.OsAuthenticationProvider; import org.springframework.security.Authentication; import org.springframework.security.AuthenticationException; -import org.springframework.security.userdetails.UserDetails; +/** Relies on OS to authenticate and additionaly setup JCR */ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider { - private RepositoryFactory repositoryFactory; - private Executor systemExecutor; - private String homeBasePath = "/home"; - private String repositoryAlias = "node"; - private String workspace = null; - - public Authentication authenticate(Authentication authentication) - throws AuthenticationException { - final OsAuthenticationToken authen = (OsAuthenticationToken) super - .authenticate(authentication); - systemExecutor.execute(new Runnable() { - public void run() { - try { - Session session = JcrUtils.getRepositoryByAlias( - repositoryFactory, repositoryAlias) - .login(workspace); - Node userHome = JcrUtils.getUserHome(session, - authen.getName()); - if (userHome == null) - JcrUtils.createUserHome(session, homeBasePath, - authen.getName()); - authen.setDetails(getUserDetails(userHome, authen)); - } catch (RepositoryException e) { - throw new ArgeoException( - "Unexpected exception when synchronizing OS and JCR security ", - e); - } - } - }); - return authen; - } + private Repository repository; + private String securityWorkspace = "security"; + private Session securitySession; - /** Builds user details based on the authentication and the user home. */ - protected UserDetails getUserDetails(Node userHome, Authentication authen) { + public void init() { try { - // TODO: loads enabled, locked, etc. from the home node. - return new JcrUserDetails(userHome.getPath(), authen.getPrincipal() - .toString(), authen.getCredentials().toString(), - isEnabled(userHome), true, true, true, - authen.getAuthorities()); - } catch (Exception e) { - throw new ArgeoException("Cannot get user details for " + userHome, - e); + securitySession = repository.login(securityWorkspace); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot initialize", e); } } - protected Boolean isEnabled(Node userHome) { - return true; + public void destroy() { + JcrUtils.logoutQuietly(securitySession); } - public void register(RepositoryFactory repositoryFactory, - Map parameters) { - this.repositoryFactory = repositoryFactory; - } - - public void unregister(RepositoryFactory repositoryFactory, - Map parameters) { - this.repositoryFactory = null; - } - - public void setSystemExecutor(Executor systemExecutor) { - this.systemExecutor = systemExecutor; - } + public Authentication authenticate(Authentication authentication) + throws AuthenticationException { + final OsAuthenticationToken authen = (OsAuthenticationToken) super + .authenticate(authentication); + try { + // WARNING: at this stage we assume that the java properties + // will have the same value + String username = System.getProperty("user.name"); + Node userHome = JcrUtils.createUserHomeIfNeeded(securitySession, + username); + Node userProfile = userHome.hasNode(ArgeoNames.ARGEO_PROFILE) ? userHome + .getNode(ArgeoNames.ARGEO_PROFILE) : JcrUtils + .createUserProfile(securitySession, username); + if (securitySession.hasPendingChanges()) + securitySession.save(); + VersionManager versionManager = securitySession.getWorkspace() + .getVersionManager(); + if (versionManager.isCheckedOut(userProfile.getPath())) + versionManager.checkin(userProfile.getPath()); - public void setHomeBasePath(String homeBasePath) { - this.homeBasePath = homeBasePath; + JcrUserDetails.checkAccountStatus(userProfile); + // user details + JcrUserDetails userDetails = new JcrUserDetails(userProfile, authen + .getCredentials().toString(), getBaseAuthorities()); + authen.setDetails(userDetails); + } catch (RepositoryException e) { + JcrUtils.discardQuietly(securitySession); + throw new ArgeoException( + "Unexpected exception when synchronizing OS and JCR security ", + e); + } finally { + JcrUtils.logoutQuietly(securitySession); + } + return authen; } - public void setRepositoryAlias(String repositoryAlias) { - this.repositoryAlias = repositoryAlias; + public void setSecurityWorkspace(String securityWorkspace) { + this.securityWorkspace = securityWorkspace; } - public void setWorkspace(String workspace) { - this.workspace = workspace; + public void setRepository(Repository repository) { + this.repository = repository; } - }