<relativePath>..</relativePath>
</parent>
<artifactId>org.argeo.eclipse.dep.common</artifactId>
- <name>Argeo Commons RCP Dependencies</name>
+ <name>Commons Eclipse Dependencies</name>
<build>
<plugins>
<plugin>
<relativePath>..</relativePath>
</parent>
<artifactId>org.argeo.eclipse.dep.rap</artifactId>
- <name>Argeo Commons RAP Dependencies</name>
+ <name>Commons RAP Dependencies</name>
<build>
<plugins>
<plugin>
<relativePath>..</relativePath>
</parent>
<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
- <name>Argeo Commons RCP Dependencies</name>
+ <name>Commons RCP Dependencies</name>
<build>
<plugins>
<plugin>
<instructions>
<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
<Bundle-Activator>org.argeo.eclipse.ui.ArgeoUiPlugin</Bundle-Activator>
- <Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime,org.springframework.osgi.extender</Require-Bundle>
+ <Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
<Import-Package>
org.springframework.beans.factory,
org.springframework.core.io.support,
<version.argeo-commons>0.2.3-SNAPSHOT</version.argeo-commons>
<version.argeo-ria>0.12.5</version.argeo-ria>
<version.equinox>3.6.1</version.equinox>
- <version.maven-argeo-osgi>0.1.30</version.maven-argeo-osgi>
+ <version.maven-argeo-osgi>0.1.31-SNAPSHOT</version.maven-argeo-osgi>
<version.maven-bundle-plugin>2.2.0</version.maven-bundle-plugin>
<version.maven-argeo-qooxdoo>1.1.1</version.maven-argeo-qooxdoo>
<site.repoBase>file:///srv/projects/www/commons/site</site.repoBase>
<module>basic</module>
<module>osgi</module>
<module>server</module>
- <module>security</module>
<module>eclipse</module>
+ <module>security</module>
<module>sandbox</module>
</modules>
<build>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
<classpathentry kind="src" path="src/main/java"/>
- <classpathentry kind="src" path="src/main/resources"/>
<classpathentry kind="output" path="target/classes"/>
</classpath>
bin.includes = META-INF/,\
plugin.xml
-source.. = src/main/java/,\
- src/main/resources/
+source.. = src/main/java/
output.. = target/classes/
<artifactId>maven-bundle-plugin</artifactId>
<version>${version.maven-bundle-plugin}</version>
<configuration>
+<!-- <instructions>-->
+<!-- <Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>-->
+<!-- <Bundle-Activator>org.argeo.security.equinox.EquinoxSecurity</Bundle-Activator>-->
+<!-- <Import-Package>-->
+<!-- org.osgi.framework;version="0.0.0",-->
+<!-- !org.eclipse.equinox.security.auth,-->
+<!-- org.springframework.core,-->
+<!-- org.argeo.eclipse.spring,-->
+<!-- *-->
+<!-- </Import-Package>-->
+<!-- <Require-Bundle>org.eclipse.equinox.security</Require-Bundle>-->
+<!-- </instructions>-->
<instructions>
- <Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
- <Bundle-Activator>org.argeo.security.equinox.EquinoxSecurity</Bundle-Activator>
<Import-Package>*,
org.springframework.core,
org.argeo.eclipse.spring
<groupId>org.springframework.security</groupId>
<artifactId>org.springframework.security.core</artifactId>
</dependency>
-
- <!-- Others -->
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
- </dependency>
-
</dependencies>
</project>
+++ /dev/null
-package org.argeo.security.equinox;
-
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginException;
-
-import org.argeo.ArgeoException;
-import org.eclipse.equinox.security.auth.ILoginContext;
-import org.springframework.security.Authentication;
-import org.springframework.security.GrantedAuthority;
-
-public class CurrentUser {
- public final static String getUsername() {
- Subject subject = getSubject();
- if (subject == null)
- return null;
- Principal principal = subject.getPrincipals().iterator().next();
- return principal.getName();
-
- }
-
- public final static Set<String> roles() {
- Principal principal = getSubject().getPrincipals().iterator().next();
- Authentication authentication = (Authentication) principal;
- Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
- for (GrantedAuthority ga : authentication.getAuthorities()) {
- roles.add(ga.getAuthority());
- }
- return Collections.unmodifiableSet(roles);
- }
-
- private final static ILoginContext getLoginContext() {
- return EquinoxSecurity.getLoginContext();
- // return LoginContextFactory
- // .createContext(EquinoxSecurity.CONTEXT_SPRING);
- }
-
- // private static void login() {
- // try {
- // getLoginContext().login();
- // } catch (LoginException e) {
- // throw new RuntimeException("Cannot login", e);
- // }
- // }
-
- public final static Subject getSubject() {
-
- Subject subject = Subject.getSubject(AccessController.getContext());
- // subject = Subject.getSubject(AccessController.getContext());
- if (subject == null)
- try {
- getLoginContext().login();
- subject = getLoginContext().getSubject();
- } catch (Exception e) {
- throw new ArgeoException("Cannot retrieve subject", e);
- }
-
- return subject;
-
- }
-
- public static void logout() {
- try {
- getLoginContext().logout();
- } catch (LoginException e) {
- throw new ArgeoException("Cannot log out", e);
- }
- }
-}
+++ /dev/null
-package org.argeo.security.equinox;
-
-import java.net.URL;
-
-import org.eclipse.equinox.security.auth.ILoginContext;
-import org.eclipse.equinox.security.auth.LoginContextFactory;
-import org.osgi.framework.BundleActivator;
-import org.osgi.framework.BundleContext;
-
-public class EquinoxSecurity implements BundleActivator {
- public final static String CONTEXT_SPRING = "SPRING";
- private static final String JAAS_CONFIG_FILE = "org/argeo/security/equinox/jaas_default.txt";
-
- private static ILoginContext loginContext = null;
-
- public void start(BundleContext bundleContext) throws Exception {
- // getLoginContext();
- URL configUrl = bundleContext.getBundle().getEntry(JAAS_CONFIG_FILE);
- loginContext = LoginContextFactory.createContext(CONTEXT_SPRING,
- configUrl);
- }
-
- public void stop(BundleContext context) throws Exception {
- }
-
- static ILoginContext getLoginContext() {
- return loginContext;
- }
-
-}
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.login.LoginException;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationManager;
import org.springframework.security.BadCredentialsException;
/** Login module which caches one subject per thread. */
public class SpringLoginModule extends SecurityContextLoginModule {
- private final static Log log = LogFactory.getLog(SpringLoginModule.class);
-
private AuthenticationManager authenticationManager;
-// private ThreadLocal<Subject> subject;
private CallbackHandler callbackHandler;
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
super.initialize(subject, callbackHandler, sharedState, options);
-// this.subject.set(subject);
+ // this.subject.set(subject);
this.callbackHandler = callbackHandler;
}
if (SecurityContextHolder.getContext().getAuthentication() != null)
return super.login();
-// if (getSubject().getPrincipals(Authentication.class).size() == 1) {
-// registerAuthentication(getSubject()
-// .getPrincipals(Authentication.class).iterator().next());
-// return super.login();
-// } else if (getSubject().getPrincipals(Authentication.class).size() > 1) {
-// throw new LoginException(
-// "Multiple Authentication principals not supported: "
-// + getSubject().getPrincipals(Authentication.class));
-// } else {
- // ask for username and password
- Callback label = new TextOutputCallback(
- TextOutputCallback.INFORMATION, "Required login");
- NameCallback nameCallback = new NameCallback("User");
- PasswordCallback passwordCallback = new PasswordCallback(
- "Password", false);
-
- if (callbackHandler == null) {
- throw new LoginException("No call back handler available");
- // return false;
- }
- try {
- callbackHandler.handle(new Callback[] { label, nameCallback,
- passwordCallback });
- } catch (Exception e) {
- LoginException le = new LoginException(
- "Callback handling failed");
- le.initCause(e);
- throw le;
- }
-
- // Set user name and password
- String username = nameCallback.getName();
- String password = "";
- if (passwordCallback.getPassword() != null) {
- password = String.valueOf(passwordCallback.getPassword());
- }
- UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
- username, password);
-
- try {
- Authentication authentication = authenticationManager
- .authenticate(credentials);
- registerAuthentication(authentication);
- boolean res = super.login();
-// if (log.isDebugEnabled())
-// log.debug("User " + username + " logged in");
- return res;
- } catch (BadCredentialsException bce) {
- throw bce;
- } catch (Exception e) {
- LoginException loginException = new LoginException(
- "Bad credentials");
- loginException.initCause(e);
- throw loginException;
- }
-// }
+ // if (getSubject().getPrincipals(Authentication.class).size() == 1) {
+ // registerAuthentication(getSubject()
+ // .getPrincipals(Authentication.class).iterator().next());
+ // return super.login();
+ // } else if (getSubject().getPrincipals(Authentication.class).size() >
+ // 1) {
+ // throw new LoginException(
+ // "Multiple Authentication principals not supported: "
+ // + getSubject().getPrincipals(Authentication.class));
+ // } else {
+ // ask for username and password
+ Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
+ "Required login");
+ NameCallback nameCallback = new NameCallback("User");
+ PasswordCallback passwordCallback = new PasswordCallback("Password",
+ false);
+
+ if (callbackHandler == null) {
+ throw new LoginException("No call back handler available");
+ // return false;
+ }
+ try {
+ callbackHandler.handle(new Callback[] { label, nameCallback,
+ passwordCallback });
+ } catch (Exception e) {
+ LoginException le = new LoginException("Callback handling failed");
+ le.initCause(e);
+ throw le;
+ }
+
+ // Set user name and password
+ String username = nameCallback.getName();
+ String password = "";
+ if (passwordCallback.getPassword() != null) {
+ password = String.valueOf(passwordCallback.getPassword());
+ }
+ UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
+ username, password);
+
+ try {
+ Authentication authentication = authenticationManager
+ .authenticate(credentials);
+ registerAuthentication(authentication);
+ boolean res = super.login();
+ // if (log.isDebugEnabled())
+ // log.debug("User " + username + " logged in");
+ return res;
+ } catch (BadCredentialsException bce) {
+ throw bce;
+ } catch (Exception e) {
+ LoginException loginException = new LoginException(
+ "Bad credentials");
+ loginException.initCause(e);
+ throw loginException;
+ }
+ // }
}
@Override
public boolean logout() throws LoginException {
- if (log.isDebugEnabled())
- log.debug("Log out "+CurrentUser.getUsername());
return super.logout();
}
this.authenticationManager = authenticationManager;
}
-// protected Subject getSubject() {
-// return subject.get();
-// }
+ // protected Subject getSubject() {
+ // return subject.get();
+ // }
}
+++ /dev/null
-UNIX {
- org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
- extensionId="org.argeo.security.equinox.unixLoginModule";
-};
-
-SPRING {
- org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
- extensionId="org.argeo.security.equinox.springLoginModule";
-};
-
-SPRING_SECURITY_CONTEXT {
- org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
- extensionId="org.argeo.security.equinox.springSecurityContextLoginModule";
-};
\ No newline at end of file
--- /dev/null
+UNIX {
+ org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
+ extensionId="org.argeo.security.equinox.unixLoginModule";
+};
+
+SPRING {
+ org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
+ extensionId="org.argeo.security.equinox.springLoginModule";
+};
+
+SPRING_SECURITY_CONTEXT {
+ org.eclipse.equinox.security.auth.module.ExtensionLoginModule sufficient
+ extensionId="org.argeo.security.equinox.springSecurityContextLoginModule";
+};
\ No newline at end of file
<plugin id="com.springsource.org.apache.commons.collections"/>
<plugin id="com.springsource.org.apache.commons.io"/>
<plugin id="com.springsource.org.apache.commons.lang"/>
- <plugin id="com.springsource.org.apache.commons.logging"/>
<plugin id="com.springsource.org.apache.commons.pool"/>
<plugin id="com.springsource.org.apache.directory.server.changepw"/>
<plugin id="com.springsource.org.apache.directory.server.core" fragment="true"/>
<plugin id="org.argeo.eclipse.ui"/>
<plugin id="org.argeo.security.core"/>
<plugin id="org.argeo.security.equinox"/>
+ <plugin id="org.argeo.security.ldap"/>
<plugin id="org.argeo.security.manager.ldap"/>
<plugin id="org.argeo.security.services"/>
<plugin id="org.argeo.security.ui"/>
<plugin id="org.argeo.server.ads.server"/>
<plugin id="org.argeo.server.core"/>
<plugin id="org.argeo.server.json"/>
+ <plugin id="org.argeo.slc.demo.log4j" fragment="true"/>
<plugin id="org.eclipse.core.commands"/>
<plugin id="org.eclipse.core.contenttype"/>
<plugin id="org.eclipse.core.databinding"/>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.security</groupId>
<version>${version.maven-bundle-plugin}</version>
<configuration>
<instructions>
+ <Bundle-Activator>org.argeo.security.ui.application.SecureApplicationActivator</Bundle-Activator>
<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
<Import-Package>*</Import-Package>
<!-- Argeo Security -->
<dependency>
<groupId>org.argeo.commons.security</groupId>
- <artifactId>org.argeo.security.equinox</artifactId>
+ <artifactId>org.argeo.security.ui</artifactId>
<version>0.2.3-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.argeo.commons.security</groupId>
- <artifactId>org.argeo.security.ui</artifactId>
+ <artifactId>org.argeo.security.equinox</artifactId>
<version>0.2.3-SNAPSHOT</version>
</dependency>
+
+ <!-- Argeo Eclipse distribution (common dependencies for both RAP and RCP) -->
<dependency>
- <groupId>org.argeo.commons.server</groupId>
- <artifactId>org.argeo.server.dep.ads</artifactId>
+ <groupId>org.argeo.commons.eclipse</groupId>
+ <artifactId>org.argeo.eclipse.dep.rcp</artifactId>
<version>0.2.3-SNAPSHOT</version>
- <type>pom</type>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Commons -->
+ <dependency>
+ <groupId>org.argeo.commons.basic</groupId>
+ <artifactId>org.argeo.basic.nodeps</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ </dependency>
+
+
+ <!-- Others -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
</dependency>
+
+ <!-- For testing and target platform generation -->
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.ads.server</artifactId>
<version>${version.argeo-commons}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.security</groupId>
<artifactId>org.argeo.security.services</artifactId>
<version>${version.argeo-commons}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.ldap</artifactId>
+ <version>${version.argeo-commons}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.security</groupId>
<artifactId>org.argeo.security.manager.ldap</artifactId>
<version>${version.argeo-commons}</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.ads</artifactId>
<version>0.2.3-SNAPSHOT</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.dep.osgi</groupId>
<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+ <scope>test</scope>
</dependency>
-
- <!-- Argeo Eclipse distribution (common dependencies for both RAP and RCP) -->
- <dependency>
- <groupId>org.argeo.commons.eclipse</groupId>
- <artifactId>org.argeo.eclipse.dep.rcp</artifactId>
- <version>0.2.3-SNAPSHOT</version>
- </dependency>
-
- <!-- TODO: to be removed -->
- <dependency>
- <groupId>org.argeo.commons.server</groupId>
- <artifactId>org.argeo.server.json</artifactId>
- <version>0.2.3-SNAPSHOT</version>
- </dependency>
-
- <!-- Commons -->
- <dependency>
- <groupId>org.argeo.commons.basic</groupId>
- <artifactId>org.argeo.basic.nodeps</artifactId>
- <version>0.2.3-SNAPSHOT</version>
- </dependency>
-
-
- <!-- Others -->
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
- </dependency>
- <!-- Commons Dep -->
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.dep.log4j</artifactId>
<version>0.2.3-SNAPSHOT</version>
<type>pom</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.jdbm</groupId>
+ <artifactId>com.springsource.jdbm</artifactId>
+ <scope>test</scope>
</dependency>
</dependencies>
</project>
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.security.equinox.CurrentUser;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.equinox.app.IApplication;
try {
String username = null;
Exception loginException = null;
+ Subject subject = null;
try {
- username = CurrentUser.getUsername();
+ SecureApplicationActivator.getLoginContext().login();
+ subject = SecureApplicationActivator.getLoginContext()
+ .getSubject();
+
+ // username = CurrentUser.getUsername();
} catch (Exception e) {
loginException = e;
+ e.printStackTrace();
}
- if (username == null) {
+ if (subject == null) {
IStatus status = new Status(IStatus.ERROR,
"org.argeo.security.application", "Login is mandatory",
loginException);
}
if (log.isDebugEnabled())
log.debug("Logged in as " + username);
- returnCode = (Integer) Subject.doAs(CurrentUser.getSubject(),
- getRunAction(display));
- CurrentUser.logout();
+ returnCode = (Integer) Subject.doAs(subject, getRunAction(display));
+ SecureApplicationActivator.getLoginContext().logout();
return processReturnCode(returnCode);
} catch (Exception e) {
// e.printStackTrace();
if (log.isDebugEnabled())
log.debug("workbench stopped");
- String username = CurrentUser.getUsername();
- if (log.isDebugEnabled())
- log.debug("workbench stopped, logged in as " + username);
+ // String username = CurrentUser.getUsername();
+ // if (log.isDebugEnabled())
+ // log.debug("workbench stopped, logged in as " + username);
}
--- /dev/null
+package org.argeo.security.ui.application;
+
+import java.net.URL;
+
+import org.eclipse.equinox.security.auth.ILoginContext;
+import org.eclipse.equinox.security.auth.LoginContextFactory;
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+
+public class SecureApplicationActivator implements BundleActivator {
+
+ public final static String CONTEXT_SPRING = "SPRING";
+ private static final String JAAS_CONFIG_FILE = "/META-INF/jaas_default.txt";
+
+ private static ILoginContext loginContext = null;
+
+ public void start(BundleContext bundleContext) throws Exception {
+ URL configUrl = bundleContext.getBundle().getEntry(JAAS_CONFIG_FILE);
+ loginContext = LoginContextFactory.createContext(CONTEXT_SPRING,
+ configUrl);
+ }
+
+ public void stop(BundleContext context) throws Exception {
+ }
+
+ static ILoginContext getLoginContext() {
+ return loginContext;
+ }
+}
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.security</groupId>
<artifactId>org.argeo.eclipse.dep.rap</artifactId>
<version>0.2.3-SNAPSHOT</version>
</dependency>
+
+
+ <!-- TODO: factorize with application.ui -->
+ <!-- For testing and target platform generation -->
+ <dependency>
+ <groupId>org.argeo.commons.server</groupId>
+ <artifactId>org.argeo.server.ads.server</artifactId>
+ <version>${version.argeo-commons}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.services</artifactId>
+ <version>${version.argeo-commons}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.ldap</artifactId>
+ <version>${version.argeo-commons}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.manager.ldap</artifactId>
+ <version>${version.argeo-commons}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.server</groupId>
+ <artifactId>org.argeo.server.ads</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.dep.osgi</groupId>
+ <artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.basic</groupId>
+ <artifactId>org.argeo.basic.dep.log4j</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.jdbm</groupId>
+ <artifactId>com.springsource.jdbm</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.security</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>${version.maven-bundle-plugin}</version>
<configuration>
+ <!-- <instructions> -->
+ <!-- <Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy> -->
+ <!-- <Bundle-Activator>org.argeo.security.ui.SecurityUiPlugin</Bundle-Activator> -->
+ <!-- <Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle> -->
+ <!-- <Import-Package> -->
+ <!-- org.argeo.eclipse.spring, -->
+ <!-- org.osgi.framework;version="0.0.0", -->
+ <!-- !org.eclipse.core.runtime, -->
+ <!-- !org.eclipse.core.commands, -->
+ <!-- !org.eclipse.ui.plugin, -->
+ <!-- !org.eclipse.ui, -->
+ <!-- !org.eclipse.ui.commands, -->
+ <!-- !org.eclipse.ui.handlers, -->
+ <!-- !org.eclipse.ui.part, -->
+ <!-- * -->
+ <!-- </Import-Package> -->
+ <!-- <Private-Package>icons</Private-Package> -->
+ <!-- <Export-Package>org.argeo.security.ui.*</Export-Package> -->
+ <!-- </instructions> -->
<instructions>
<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
<Bundle-Activator>org.argeo.security.ui.SecurityUiPlugin</Bundle-Activator>
<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
- <Import-Package>*,org.argeo.eclipse.spring</Import-Package>
+ <Import-Package>
+ org.argeo.eclipse.spring,
+ *
+ </Import-Package>
</instructions>
</configuration>
</plugin>
<artifactId>org.argeo.security.core</artifactId>
<version>0.2.3-SNAPSHOT</version>
</dependency>
- <dependency>
- <groupId>org.argeo.commons.security</groupId>
- <artifactId>org.argeo.security.equinox</artifactId>
- <version>0.2.3-SNAPSHOT</version>
- </dependency>
<!-- Argeo Eclipse -->
<dependency>
<groupId>org.argeo.commons.eclipse</groupId>
<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
<version>0.2.3-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.ui</groupId>
- <artifactId>org.eclipse.ui</artifactId>
<scope>provided</scope>
</dependency>
<groupId>org.slf4j</groupId>
<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
</dependency>
-
</dependencies>
</project>
--- /dev/null
+package org.argeo.security.ui;
+
+import java.security.AccessController;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.argeo.ArgeoException;
+import org.springframework.security.Authentication;
+import org.springframework.security.GrantedAuthority;
+
+public class CurrentUser {
+ public final static String getUsername() {
+ Subject subject = getSubject();
+ if (subject == null)
+ return null;
+ Principal principal = subject.getPrincipals().iterator().next();
+ return principal.getName();
+
+ }
+
+ public final static Set<String> roles() {
+ Principal principal = getSubject().getPrincipals().iterator().next();
+ Authentication authentication = (Authentication) principal;
+ Set<String> roles = Collections.synchronizedSet(new HashSet<String>());
+ for (GrantedAuthority ga : authentication.getAuthorities()) {
+ roles.add(ga.getAuthority());
+ }
+ return Collections.unmodifiableSet(roles);
+ }
+
+ public final static Subject getSubject() {
+
+ Subject subject = Subject.getSubject(AccessController.getContext());
+ if (subject == null)
+ throw new ArgeoException("Not authenticated.");
+ return subject;
+
+ }
+}
package org.argeo.security.ui;
-import org.argeo.security.equinox.CurrentUser;
import org.eclipse.jface.dialogs.MessageDialog;
import org.eclipse.swt.widgets.Display;
import org.eclipse.ui.IFolderLayout;
package org.argeo.security.ui.views;
-import org.argeo.security.equinox.CurrentUser;
+import org.argeo.security.ui.CurrentUser;
import org.eclipse.jface.viewers.IStructuredContentProvider;
import org.eclipse.jface.viewers.ITableLabelProvider;
import org.eclipse.jface.viewers.LabelProvider;
column.setText("ID");
column.setWidth(100);
-// column = new TableColumn(table, SWT.LEFT, 1);
-// column.setText("Password");
-// column.setWidth(200);
+ // column = new TableColumn(table, SWT.LEFT, 1);
+ // column.setText("Password");
+ // column.setWidth(200);
// column = new TableColumn(table, SWT.LEFT, 2);
// column.setText("Roles");
}
public Object[] getChildren(Object parentElement) {
-// ILoginContext secureContext = LoginContextFactory
-// .createContext("SPRING");
-// try {
-// secureContext.login();
-// } catch (LoginException e) {
-// // login failed
-// }
-//
-// Subject subject = null;
-// // subject = Subject.getSubject(AccessController.getContext());
-// try {
-// subject = secureContext.getSubject();
-// } catch (Exception e) {
-// e.printStackTrace();
-// throw new ArgeoException("Cannot retrieve subject", e);
-// }
-//
-// if (subject == null)
-// throw new ArgeoException("No subject found");
-// return subject.getPrincipals().toArray();
+ // ILoginContext secureContext = LoginContextFactory
+ // .createContext("SPRING");
+ // try {
+ // secureContext.login();
+ // } catch (LoginException e) {
+ // // login failed
+ // }
+ //
+ // Subject subject = null;
+ // // subject = Subject.getSubject(AccessController.getContext());
+ // try {
+ // subject = secureContext.getSubject();
+ // } catch (Exception e) {
+ // e.printStackTrace();
+ // throw new ArgeoException("Cannot retrieve subject", e);
+ // }
+ //
+ // if (subject == null)
+ // throw new ArgeoException("No subject found");
+ // return subject.getPrincipals().toArray();
return CurrentUser.roles().toArray();
}
private class UsersLabelProvider extends LabelProvider implements
ITableLabelProvider {
public String getColumnText(Object element, int columnIndex) {
-// Principal argeoUser = (Principal) element;
-// switch (columnIndex) {
-// case 0:
-// return argeoUser.getName();
-// case 1:
-// return argeoUser.toString();
-// default:
-// throw new ArgeoException("Unmanaged column " + columnIndex);
-// }
+ // Principal argeoUser = (Principal) element;
+ // switch (columnIndex) {
+ // case 0:
+ // return argeoUser.getName();
+ // case 1:
+ // return argeoUser.toString();
+ // default:
+ // throw new ArgeoException("Unmanaged column " + columnIndex);
+ // }
return element.toString();
}
import org.argeo.ArgeoException;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
-import org.argeo.security.equinox.CurrentUser;
import org.argeo.security.nature.SimpleUserNature;
+import org.argeo.security.ui.CurrentUser;
import org.argeo.security.ui.SecurityUiPlugin;
import org.argeo.security.ui.commands.OpenArgeoUserEditor;
import org.eclipse.core.commands.Command;
<version>0.2.3-SNAPSHOT</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>javax.xml.stream</groupId>
+ <artifactId>com.springsource.javax.xml.stream</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>org.argeo.security.activemq</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.ManifestBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.SchemaBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.pde.PluginNature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
--- /dev/null
+#Wed Feb 16 10:40:27 CET 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
--- /dev/null
+#Wed Feb 16 10:40:27 CET 2011
+eclipse.preferences.version=1
+pluginProject.extensions=false
+resolve.requirebundle=false
--- /dev/null
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+ .
--- /dev/null
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>runtime</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <artifactId>org.argeo.security.activemq</artifactId>
+ <name>Commons Security ActiveMQ</name>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>${version.maven-bundle-plugin}</version>
+ <configuration>
+ <instructions>
+ <Export-Package>
+ org.argeo.security.activemq.*
+ </Export-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.argeo.commons.basic</groupId>
+ <artifactId>org.argeo.basic.nodeps</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.core</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ </dependency>
+
+ <!-- Spring -->
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>org.springframework.transaction</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>org.springframework.security.core</artifactId>
+ </dependency>
+
+ <!-- Logging -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
+ </dependency>
+
+ <!-- JMS -->
+ <dependency>
+ <groupId>org.argeo.dep.osgi</groupId>
+ <artifactId>org.argeo.dep.osgi.activemq</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.jms</groupId>
+ <artifactId>com.springsource.javax.jms</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>org.springframework.jms</artifactId>
+ </dependency>
+
+ <!-- TEST -->
+ <dependency>
+ <groupId>org.junit</groupId>
+ <artifactId>com.springsource.junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.activemq;
+
+import org.apache.activemq.broker.BrokerPluginSupport;
+import org.apache.activemq.broker.ConnectionContext;
+import org.apache.activemq.command.ConnectionInfo;
+import org.argeo.ArgeoException;
+import org.argeo.security.core.InternalAuthentication;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+public class ActiveMqSecurityBrokerPlugin extends BrokerPluginSupport {
+// private final static Log log = LogFactory
+// .getLog(ActiveMqSecurityBrokerPlugin.class);
+
+ private AuthenticationManager authenticationManager;
+ private String systemUsername = InternalAuthentication.DEFAULT_SYSTEM_USERNAME;
+ private String systemRole = InternalAuthentication.DEFAULT_SYSTEM_ROLE;
+
+ @Override
+ public void addConnection(ConnectionContext context, ConnectionInfo info)
+ throws Exception {
+ String username = info.getUserName();
+ if (username == null)
+ throw new ArgeoException("No user name provided");
+ String password = info.getPassword();
+ if (password == null) {
+ password = context.getConnection().getRemoteAddress().substring(1);
+ password = password.substring(0, password.lastIndexOf(':'));
+ }
+
+ SecurityContext securityContext = SecurityContextHolder.getContext();
+
+ final Authentication authRequest;
+ if (username.equals(systemUsername))
+ authRequest = new InternalAuthentication(password, username,
+ systemRole);
+ else
+ authRequest = new UsernamePasswordAuthenticationToken(username,
+ password);
+
+ final Authentication auth = authenticationManager
+ .authenticate(authRequest);
+ securityContext.setAuthentication(auth);
+ context.setSecurityContext(new ActiveMqSpringSecurityContext(
+ securityContext));
+
+ super.addConnection(context, info);
+ }
+
+ public void setAuthenticationManager(
+ AuthenticationManager authenticationManager) {
+ this.authenticationManager = authenticationManager;
+ }
+
+ public void setSystemUsername(String systemUsername) {
+ this.systemUsername = systemUsername;
+ }
+
+ public void setSystemRole(String systemRole) {
+ this.systemRole = systemRole;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.activemq;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContext;
+
+public class ActiveMqSpringSecurityContext extends
+ org.apache.activemq.security.SecurityContext {
+
+ private final SecurityContext springSecurityContext;
+
+ public ActiveMqSpringSecurityContext(SecurityContext springSecurityContext) {
+ super(springSecurityContext.getAuthentication().getName());
+ this.springSecurityContext = springSecurityContext;
+ }
+
+ @Override
+ public Set<?> getPrincipals() {
+ return new HashSet<GrantedAuthority>(Arrays
+ .asList(springSecurityContext.getAuthentication()
+ .getAuthorities()));
+ }
+
+ public SecurityContext getSpringSecurityContext() {
+ return springSecurityContext;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.activemq;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+
+import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
+import javax.jms.JMSException;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
+import javax.swing.UIManager;
+import javax.swing.UnsupportedLookAndFeelException;
+import javax.swing.plaf.metal.MetalLookAndFeel;
+
+import org.apache.activemq.ActiveMQSslConnectionFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.ArgeoException;
+import org.springframework.beans.factory.DisposableBean;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.io.Resource;
+import org.springframework.jms.connection.CachingConnectionFactory;
+import org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter;
+
+public class SecuredActiveMqConnectionFactory implements ConnectionFactory,
+ InitializingBean, DisposableBean {
+
+ public final static String AUTHMODE_UI = "ui";
+ public final static String AUTHMODE_OS = "os";
+ public final static String AUTHMODE_DEFAULT = AUTHMODE_OS;
+ // private final static String LOGIN_CONFIG_PROPERTY =
+ // "java.security.auth.login.config";
+
+ private final static Log log = LogFactory
+ .getLog(SecuredActiveMqConnectionFactory.class);
+
+ private String keyStorePassword;
+ private Resource keyStore;
+ private String keyStoreType = "JKS";// "PKCS12"
+ private String brokerURL;
+
+ private String authenticationMode;
+
+ private CachingConnectionFactory cachingConnectionFactory;
+
+ public Connection createConnection() throws JMSException {
+ return cachingConnectionFactory.createConnection();
+ }
+
+ public Connection createConnection(String userName, String password)
+ throws JMSException {
+ throw new UnsupportedOperationException();
+ }
+
+ public void afterPropertiesSet() throws Exception {
+ ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory();
+ prepareActiveMqSslConnectionFactory(activeMQSslConnectionFactory);
+ activeMQSslConnectionFactory.setBrokerURL(brokerURL);
+ UserCredentialsConnectionFactoryAdapter uccfa = new UserCredentialsConnectionFactoryAdapter();
+ uccfa.setTargetConnectionFactory(activeMQSslConnectionFactory);
+ cachingConnectionFactory = new CachingConnectionFactory();
+ cachingConnectionFactory.setTargetConnectionFactory(uccfa);
+ cachingConnectionFactory.setCacheConsumers(false);
+
+ initConnectionFactoryCredentials(uccfa);
+ cachingConnectionFactory.initConnection();
+ log.info("Connected to " + brokerURL);
+ uccfa.setUsername(null);
+ uccfa.setPassword(null);
+
+ }
+
+ protected void initConnectionFactoryCredentials(
+ final UserCredentialsConnectionFactoryAdapter uccfa) {
+ if (authenticationMode == null)
+ authenticationMode = AUTHMODE_DEFAULT;
+
+ if (AUTHMODE_OS.equals(authenticationMode)) {
+ // if (false) {
+ // // Cache previous value of login conf location
+ // String oldLoginConfLocation = System
+ // .getProperty(LOGIN_CONFIG_PROPERTY);
+ // // Find OS family
+ // String osName = System.getProperty("os.name");
+ // final String auth;
+ // if (osName.startsWith("Windows"))
+ // auth = "Windows";
+ // else if (osName.startsWith("SunOS")
+ // || osName.startsWith("Solaris"))
+ // auth = "Solaris";
+ // else
+ // auth = "Unix";
+ //
+ // Subject subject;
+ // // see http://old.nabble.com/osgi-and-jaas-td23485885.html
+ // ClassLoader ccl = Thread.currentThread()
+ // .getContextClassLoader();
+ // try {
+ // Thread.currentThread().setContextClassLoader(
+ // getClass().getClassLoader());
+ // URL url = getClass().getResource(
+ // "/org/argeo/security/activemq/osLogin.conf");
+ //
+ // System.setProperty(LOGIN_CONFIG_PROPERTY, url.toString());
+ // LoginContext lc = new LoginContext(auth);
+ // lc.login();
+ // subject = lc.getSubject();
+ // } catch (LoginException le) {
+ // throw new ArgeoException("OS authentication failed", le);
+ // } finally {
+ // if (oldLoginConfLocation != null)
+ // System.setProperty(LOGIN_CONFIG_PROPERTY,
+ // oldLoginConfLocation);
+ // Thread.currentThread().setContextClassLoader(ccl);
+ // }
+ // // Extract user name
+ // String osUsername = null;
+ // for (Principal principal : subject.getPrincipals()) {
+ // String className = principal.getClass().getName();
+ // if ("Unix".equals(auth)
+ // && "com.sun.security.auth.UnixPrincipal"
+ // .equals(className))
+ // osUsername = principal.getName();
+ // else if ("Windows".equals(auth)
+ // && "com.sun.security.auth.NTUserPrincipal"
+ // .equals(className))
+ // osUsername = principal.getName();
+ // else if ("Solaris".equals(auth)
+ // && "com.sun.security.auth.SolarisPrincipal"
+ // .equals(className))
+ // osUsername = principal.getName();
+ // }
+ //
+ // if (osUsername == null)
+ // throw new ArgeoException("Could not find OS user name");
+ // }
+
+ uccfa.setUsername(System.getProperty("user.name"));
+ uccfa.setPassword(null);
+
+ } else if (AUTHMODE_UI.equals(authenticationMode)) {
+ try {
+ UIManager.setLookAndFeel(new MetalLookAndFeel());
+ } catch (UnsupportedLookAndFeelException e) {
+ throw new ArgeoException("Cannot load look and feel", e);
+ }
+ UIManager.put("ClassLoader", getClass().getClassLoader());
+ UserPasswordDialog dialog = new UserPasswordDialog() {
+ private static final long serialVersionUID = -891646559691412088L;
+
+ protected void useCredentials(String username, char[] password) {
+ uccfa.setUsername(username);
+ uccfa.setPassword(new String(password));
+ }
+ };
+ dialog.setVisible(true);
+ } else {
+ throw new ArgeoException("Authentication mode '"
+ + authenticationMode + "' is not supported");
+ }
+
+ }
+
+ protected void prepareActiveMqSslConnectionFactory(
+ ActiveMQSslConnectionFactory connectionFactory) {
+ try {
+ KeyStore keyStoreKs = KeyStore.getInstance(keyStoreType);
+
+ InputStream keyInput = keyStore.getInputStream();
+ keyStoreKs.load(keyInput,
+ keyStorePassword != null ? keyStorePassword.toCharArray()
+ : null);
+ keyInput.close();
+
+ TrustManagerFactory tmf = TrustManagerFactory
+ .getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(keyStoreKs);
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory
+ .getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStoreKs, keyStorePassword.toCharArray());
+
+ connectionFactory.setKeyAndTrustManagers(
+ keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(),
+ new SecureRandom());
+ } catch (Exception e) {
+ throw new ArgeoException(
+ "Cannot initialize JMS connection factory", e);
+ }
+
+ }
+
+ public void destroy() throws Exception {
+ if (cachingConnectionFactory != null)
+ cachingConnectionFactory.destroy();
+ }
+
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ public void setKeyStore(Resource keyStore) {
+ this.keyStore = keyStore;
+ }
+
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public void setBrokerURL(String brokerUrl) {
+ this.brokerURL = brokerUrl;
+ }
+
+ public void setAuthenticationMode(String authenticationMode) {
+ this.authenticationMode = authenticationMode;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.activemq;
+
+import java.awt.Container;
+import java.awt.GridLayout;
+import java.awt.Panel;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.util.Arrays;
+
+import javax.swing.JButton;
+import javax.swing.JDialog;
+import javax.swing.JFrame;
+import javax.swing.JLabel;
+import javax.swing.JPanel;
+import javax.swing.JPasswordField;
+import javax.swing.JTextField;
+
+public class UserPasswordDialog extends JDialog implements ActionListener {
+ private static final long serialVersionUID = -9052993072210981198L;
+ private static String OK = "ok";
+
+ private JTextField username = new JTextField("", 10);
+ private JPasswordField password = new JPasswordField("", 10);
+
+ private JButton okButton;
+ private JButton cancelButton;
+
+ public UserPasswordDialog() {
+ setTitle("Credentials");
+ setModal(true);
+ setLocationRelativeTo(null);
+ setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
+
+ JPanel p1 = new JPanel(new GridLayout(2, 2, 3, 3));
+ p1.add(new JLabel("User"));
+ p1.add(username);
+ p1.add(new JLabel("Password"));
+ password.setActionCommand(OK);
+ password.addActionListener(this);
+ p1.add(password);
+ add("Center", p1);
+
+ Panel p2 = new Panel();
+ okButton = addButton(p2, "OK");
+ okButton.setActionCommand(OK);
+ cancelButton = addButton(p2, "Cancel");
+ add("South", p2);
+ setSize(240, 120);
+
+ pack();
+ }
+
+ /** To be overridden */
+ protected void useCredentials(String username, char[] password) {
+ // does nothing
+ }
+
+ private JButton addButton(Container c, String name) {
+ JButton button = new JButton(name);
+ button.addActionListener(this);
+ c.add(button);
+ return button;
+ }
+
+ public final void actionPerformed(ActionEvent evt) {
+ Object source = evt.getSource();
+ if (source == okButton || evt.getActionCommand().equals(OK)) {
+ char[] p = password.getPassword();
+ useCredentials(username.getText(), p);
+ Arrays.fill(p, '0');
+ cleanUp();
+ } else if (source == cancelButton)
+ cleanUp();
+ }
+
+ private void cleanUp() {
+ password.setText("");
+ dispose();
+ }
+
+ public static void main(String[] args) {
+ UserPasswordDialog dialog = new UserPasswordDialog() {
+ private static final long serialVersionUID = -891646559691412088L;
+
+ protected void useCredentials(String username, char[] password) {
+ System.out.println(username + "/" + new String(password));
+ }
+ };
+ dialog.setVisible(true);
+ System.out.println("After show");
+ }
+}
com.springsource.org.codehaus.jackson.mapper,\
com.springsource.org.apache.log4j,\
com.springsource.slf4j.api,\
- com.springsource.slf4j.org.apache.commons.logging
+ com.springsource.slf4j.org.apache.commons.logging,\
+ org.argeo.server.json
source.. = src/main/java/,\
src/main/resources/,\
src/test/java/,\
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.security</groupId>
<Export-Package>
org.argeo.security.*
</Export-Package>
- <Import-Package>*,
+ <Import-Package>
org.springframework.context,
- org.argeo.server.json;resolution:=optional,
- javax.jms;resolution:=optional,
- org.apache.activemq;resolution:=optional,
- org.apache.activemq.broker;resolution:=optional,
- org.apache.activemq.command;resolution:=optional,
- org.apache.activemq.security;resolution:=optional,
- org.springframework.jms.connection;resolution:=optional,
- org.springframework.ldap.core;resolution:=optional,
- org.springframework.ldap.core.support;resolution:=optional,
+ org.springframework.beans.factory,
+ *
</Import-Package>
</instructions>
</configuration>
<version>0.2.3-SNAPSHOT</version>
</dependency>
- <dependency>
- <!-- Force inclusion of commons.lang to prevent v2.1.0 to be taken by
- Spring Security -->
- <groupId>org.apache.commons</groupId>
- <artifactId>com.springsource.org.apache.commons.lang</artifactId>
- </dependency>
-
<!-- Spring -->
<dependency>
- <groupId>org.argeo.dep.osgi</groupId>
- <artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+ <groupId>org.springframework</groupId>
+ <artifactId>org.springframework.beans</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
- <artifactId>org.springframework.transaction</artifactId>
+ <artifactId>org.springframework.context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<groupId>org.slf4j</groupId>
<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.log4j</groupId>
- <artifactId>com.springsource.org.apache.log4j</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>com.springsource.slf4j.log4j</artifactId>
- </dependency>
-
- <!-- JSON -->
- <dependency>
- <groupId>org.codehaus.jackson</groupId>
- <artifactId>com.springsource.org.codehaus.jackson.mapper</artifactId>
- </dependency>
-
- <dependency>
- <groupId>com.springsource.json</groupId>
- <artifactId>com.springsource.json</artifactId>
- </dependency>
- <dependency>
- <groupId>org.antlr</groupId>
- <artifactId>com.springsource.org.antlr</artifactId>
- </dependency>
-
- <!-- JMS -->
- <dependency>
- <groupId>org.argeo.dep.osgi</groupId>
- <artifactId>org.argeo.dep.osgi.activemq</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>javax.jms</groupId>
- <artifactId>com.springsource.javax.jms</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>org.springframework.jms</artifactId>
- <optional>true</optional>
- </dependency>
-
-<!-- <dependency>-->
-<!-- <groupId>org.apache.commons</groupId>-->
-<!-- <artifactId>com.springsource.org.apache.commons.codec</artifactId>-->
-<!-- </dependency>-->
<!-- TEST -->
<dependency>
<artifactId>com.springsource.junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.argeo.commons.basic</groupId>
+ <artifactId>org.argeo.basic.dep.log4j</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.json</artifactId>
<version>0.2.3-SNAPSHOT</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.springsource.json</groupId>
+ <artifactId>com.springsource.json</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.activemq;
-
-import org.apache.activemq.broker.BrokerPluginSupport;
-import org.apache.activemq.broker.ConnectionContext;
-import org.apache.activemq.command.ConnectionInfo;
-import org.argeo.ArgeoException;
-import org.argeo.security.core.InternalAuthentication;
-import org.springframework.security.Authentication;
-import org.springframework.security.AuthenticationManager;
-import org.springframework.security.context.SecurityContext;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-
-public class ActiveMqSecurityBrokerPlugin extends BrokerPluginSupport {
-// private final static Log log = LogFactory
-// .getLog(ActiveMqSecurityBrokerPlugin.class);
-
- private AuthenticationManager authenticationManager;
- private String systemUsername = InternalAuthentication.DEFAULT_SYSTEM_USERNAME;
- private String systemRole = InternalAuthentication.DEFAULT_SYSTEM_ROLE;
-
- @Override
- public void addConnection(ConnectionContext context, ConnectionInfo info)
- throws Exception {
- String username = info.getUserName();
- if (username == null)
- throw new ArgeoException("No user name provided");
- String password = info.getPassword();
- if (password == null) {
- password = context.getConnection().getRemoteAddress().substring(1);
- password = password.substring(0, password.lastIndexOf(':'));
- }
-
- SecurityContext securityContext = SecurityContextHolder.getContext();
-
- final Authentication authRequest;
- if (username.equals(systemUsername))
- authRequest = new InternalAuthentication(password, username,
- systemRole);
- else
- authRequest = new UsernamePasswordAuthenticationToken(username,
- password);
-
- final Authentication auth = authenticationManager
- .authenticate(authRequest);
- securityContext.setAuthentication(auth);
- context.setSecurityContext(new ActiveMqSpringSecurityContext(
- securityContext));
-
- super.addConnection(context, info);
- }
-
- public void setAuthenticationManager(
- AuthenticationManager authenticationManager) {
- this.authenticationManager = authenticationManager;
- }
-
- public void setSystemUsername(String systemUsername) {
- this.systemUsername = systemUsername;
- }
-
- public void setSystemRole(String systemRole) {
- this.systemRole = systemRole;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.activemq;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.context.SecurityContext;
-
-public class ActiveMqSpringSecurityContext extends
- org.apache.activemq.security.SecurityContext {
-
- private final SecurityContext springSecurityContext;
-
- public ActiveMqSpringSecurityContext(SecurityContext springSecurityContext) {
- super(springSecurityContext.getAuthentication().getName());
- this.springSecurityContext = springSecurityContext;
- }
-
- @Override
- public Set<?> getPrincipals() {
- return new HashSet<GrantedAuthority>(Arrays
- .asList(springSecurityContext.getAuthentication()
- .getAuthorities()));
- }
-
- public SecurityContext getSpringSecurityContext() {
- return springSecurityContext;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.activemq;
-
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.SecureRandom;
-
-import javax.jms.Connection;
-import javax.jms.ConnectionFactory;
-import javax.jms.JMSException;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManagerFactory;
-import javax.swing.UIManager;
-import javax.swing.UnsupportedLookAndFeelException;
-import javax.swing.plaf.metal.MetalLookAndFeel;
-
-import org.apache.activemq.ActiveMQSslConnectionFactory;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.ArgeoException;
-import org.argeo.security.core.UserPasswordDialog;
-import org.springframework.beans.factory.DisposableBean;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.core.io.Resource;
-import org.springframework.jms.connection.CachingConnectionFactory;
-import org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter;
-
-public class SecuredActiveMqConnectionFactory implements ConnectionFactory,
- InitializingBean, DisposableBean {
-
- public final static String AUTHMODE_UI = "ui";
- public final static String AUTHMODE_OS = "os";
- public final static String AUTHMODE_DEFAULT = AUTHMODE_OS;
- // private final static String LOGIN_CONFIG_PROPERTY =
- // "java.security.auth.login.config";
-
- private final static Log log = LogFactory
- .getLog(SecuredActiveMqConnectionFactory.class);
-
- private String keyStorePassword;
- private Resource keyStore;
- private String keyStoreType = "JKS";// "PKCS12"
- private String brokerURL;
-
- private String authenticationMode;
-
- private CachingConnectionFactory cachingConnectionFactory;
-
- public Connection createConnection() throws JMSException {
- return cachingConnectionFactory.createConnection();
- }
-
- public Connection createConnection(String userName, String password)
- throws JMSException {
- throw new UnsupportedOperationException();
- }
-
- public void afterPropertiesSet() throws Exception {
- ActiveMQSslConnectionFactory activeMQSslConnectionFactory = new ActiveMQSslConnectionFactory();
- prepareActiveMqSslConnectionFactory(activeMQSslConnectionFactory);
- activeMQSslConnectionFactory.setBrokerURL(brokerURL);
- UserCredentialsConnectionFactoryAdapter uccfa = new UserCredentialsConnectionFactoryAdapter();
- uccfa.setTargetConnectionFactory(activeMQSslConnectionFactory);
- cachingConnectionFactory = new CachingConnectionFactory();
- cachingConnectionFactory.setTargetConnectionFactory(uccfa);
- cachingConnectionFactory.setCacheConsumers(false);
-
- initConnectionFactoryCredentials(uccfa);
- cachingConnectionFactory.initConnection();
- log.info("Connected to " + brokerURL);
- uccfa.setUsername(null);
- uccfa.setPassword(null);
-
- }
-
- protected void initConnectionFactoryCredentials(
- final UserCredentialsConnectionFactoryAdapter uccfa) {
- if (authenticationMode == null)
- authenticationMode = AUTHMODE_DEFAULT;
-
- if (AUTHMODE_OS.equals(authenticationMode)) {
- // if (false) {
- // // Cache previous value of login conf location
- // String oldLoginConfLocation = System
- // .getProperty(LOGIN_CONFIG_PROPERTY);
- // // Find OS family
- // String osName = System.getProperty("os.name");
- // final String auth;
- // if (osName.startsWith("Windows"))
- // auth = "Windows";
- // else if (osName.startsWith("SunOS")
- // || osName.startsWith("Solaris"))
- // auth = "Solaris";
- // else
- // auth = "Unix";
- //
- // Subject subject;
- // // see http://old.nabble.com/osgi-and-jaas-td23485885.html
- // ClassLoader ccl = Thread.currentThread()
- // .getContextClassLoader();
- // try {
- // Thread.currentThread().setContextClassLoader(
- // getClass().getClassLoader());
- // URL url = getClass().getResource(
- // "/org/argeo/security/activemq/osLogin.conf");
- //
- // System.setProperty(LOGIN_CONFIG_PROPERTY, url.toString());
- // LoginContext lc = new LoginContext(auth);
- // lc.login();
- // subject = lc.getSubject();
- // } catch (LoginException le) {
- // throw new ArgeoException("OS authentication failed", le);
- // } finally {
- // if (oldLoginConfLocation != null)
- // System.setProperty(LOGIN_CONFIG_PROPERTY,
- // oldLoginConfLocation);
- // Thread.currentThread().setContextClassLoader(ccl);
- // }
- // // Extract user name
- // String osUsername = null;
- // for (Principal principal : subject.getPrincipals()) {
- // String className = principal.getClass().getName();
- // if ("Unix".equals(auth)
- // && "com.sun.security.auth.UnixPrincipal"
- // .equals(className))
- // osUsername = principal.getName();
- // else if ("Windows".equals(auth)
- // && "com.sun.security.auth.NTUserPrincipal"
- // .equals(className))
- // osUsername = principal.getName();
- // else if ("Solaris".equals(auth)
- // && "com.sun.security.auth.SolarisPrincipal"
- // .equals(className))
- // osUsername = principal.getName();
- // }
- //
- // if (osUsername == null)
- // throw new ArgeoException("Could not find OS user name");
- // }
-
- uccfa.setUsername(System.getProperty("user.name"));
- uccfa.setPassword(null);
-
- } else if (AUTHMODE_UI.equals(authenticationMode)) {
- try {
- UIManager.setLookAndFeel(new MetalLookAndFeel());
- } catch (UnsupportedLookAndFeelException e) {
- throw new ArgeoException("Cannot load look and feel", e);
- }
- UIManager.put("ClassLoader", getClass().getClassLoader());
- UserPasswordDialog dialog = new UserPasswordDialog() {
- private static final long serialVersionUID = -891646559691412088L;
-
- protected void useCredentials(String username, char[] password) {
- uccfa.setUsername(username);
- uccfa.setPassword(new String(password));
- }
- };
- dialog.setVisible(true);
- } else {
- throw new ArgeoException("Authentication mode '"
- + authenticationMode + "' is not supported");
- }
-
- }
-
- protected void prepareActiveMqSslConnectionFactory(
- ActiveMQSslConnectionFactory connectionFactory) {
- try {
- KeyStore keyStoreKs = KeyStore.getInstance(keyStoreType);
-
- InputStream keyInput = keyStore.getInputStream();
- keyStoreKs.load(keyInput,
- keyStorePassword != null ? keyStorePassword.toCharArray()
- : null);
- keyInput.close();
-
- TrustManagerFactory tmf = TrustManagerFactory
- .getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(keyStoreKs);
-
- KeyManagerFactory keyManagerFactory = KeyManagerFactory
- .getInstance(KeyManagerFactory.getDefaultAlgorithm());
- keyManagerFactory.init(keyStoreKs, keyStorePassword.toCharArray());
-
- connectionFactory.setKeyAndTrustManagers(keyManagerFactory
- .getKeyManagers(), tmf.getTrustManagers(),
- new SecureRandom());
- } catch (Exception e) {
- throw new ArgeoException(
- "Cannot initialize JMS connection factory", e);
- }
-
- }
-
- public void destroy() throws Exception {
- if (cachingConnectionFactory != null)
- cachingConnectionFactory.destroy();
- }
-
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
- }
-
- public void setKeyStore(Resource keyStore) {
- this.keyStore = keyStore;
- }
-
- public void setKeyStoreType(String keyStoreType) {
- this.keyStoreType = keyStoreType;
- }
-
- public void setBrokerURL(String brokerUrl) {
- this.brokerURL = brokerUrl;
- }
-
- public void setAuthenticationMode(String authenticationMode) {
- this.authenticationMode = authenticationMode;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.core;
-
-import java.awt.Container;
-import java.awt.GridLayout;
-import java.awt.Panel;
-import java.awt.event.ActionEvent;
-import java.awt.event.ActionListener;
-import java.util.Arrays;
-
-import javax.swing.JButton;
-import javax.swing.JDialog;
-import javax.swing.JFrame;
-import javax.swing.JLabel;
-import javax.swing.JPanel;
-import javax.swing.JPasswordField;
-import javax.swing.JTextField;
-
-public class UserPasswordDialog extends JDialog implements ActionListener {
- private static final long serialVersionUID = -9052993072210981198L;
- private static String OK = "ok";
-
- private JTextField username = new JTextField("", 10);
- private JPasswordField password = new JPasswordField("", 10);
-
- private JButton okButton;
- private JButton cancelButton;
-
- public UserPasswordDialog() {
- setTitle("Credentials");
- setModal(true);
- setLocationRelativeTo(null);
- setDefaultCloseOperation(JFrame.DISPOSE_ON_CLOSE);
-
- JPanel p1 = new JPanel(new GridLayout(2, 2, 3, 3));
- p1.add(new JLabel("User"));
- p1.add(username);
- p1.add(new JLabel("Password"));
- password.setActionCommand(OK);
- password.addActionListener(this);
- p1.add(password);
- add("Center", p1);
-
- Panel p2 = new Panel();
- okButton = addButton(p2, "OK");
- okButton.setActionCommand(OK);
- cancelButton = addButton(p2, "Cancel");
- add("South", p2);
- setSize(240, 120);
-
- pack();
- }
-
- /** To be overridden */
- protected void useCredentials(String username, char[] password) {
- // does nothing
- }
-
- private JButton addButton(Container c, String name) {
- JButton button = new JButton(name);
- button.addActionListener(this);
- c.add(button);
- return button;
- }
-
- public final void actionPerformed(ActionEvent evt) {
- Object source = evt.getSource();
- if (source == okButton || evt.getActionCommand().equals(OK)) {
- char[] p = password.getPassword();
- useCredentials(username.getText(), p);
- Arrays.fill(p, '0');
- cleanUp();
- } else if (source == cancelButton)
- cleanUp();
- }
-
- private void cleanUp() {
- password.setText("");
- dispose();
- }
-
- public static void main(String[] args) {
- UserPasswordDialog dialog = new UserPasswordDialog() {
- private static final long serialVersionUID = -891646559691412088L;
-
- protected void useCredentials(String username, char[] password) {
- System.out.println(username + "/" + new String(password));
- }
- };
- dialog.setVisible(true);
- System.out.println("After show");
- }
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap;
-
-import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Collections;
-import java.util.List;
-import java.util.Random;
-import java.util.Set;
-import java.util.TreeSet;
-
-import javax.naming.Name;
-import javax.naming.NamingException;
-import javax.naming.directory.DirContext;
-
-import org.argeo.security.ArgeoSecurityDao;
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.ldap.core.ContextExecutor;
-import org.springframework.ldap.core.ContextMapper;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
-import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.ldap.core.support.BaseLdapPathContextSource;
-import org.springframework.security.context.SecurityContextHolder;
-import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
-import org.springframework.security.ldap.LdapAuthoritiesPopulator;
-import org.springframework.security.ldap.LdapUsernameToDnMapper;
-import org.springframework.security.ldap.LdapUtils;
-import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
-import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
-import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.UserDetailsManager;
-import org.springframework.security.userdetails.UserDetailsService;
-import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
-import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
-import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-
-public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
- // private final static Log log = LogFactory.getLog(UserDaoLdap.class);
-
- private UserDetailsManager userDetailsManager;
- private LdapAuthoritiesPopulator authoritiesPopulator;
- private String userBase = "ou=People";
- private String usernameAttributeName = "uid";
- private String groupBase = "ou=Roles";
- private String[] groupClasses = { "top", "groupOfNames" };
- private String groupRoleAttributeName = "cn";
- private String groupMemberAttributeName = "member";
- private String defaultRole = "ROLE_USER";
- private String rolePrefix = "ROLE_";
-
- private final BaseLdapPathContextSource contextSource;
- private final LdapTemplate ldapTemplate;
-
- private LdapUsernameToDnMapper usernameMapper = null;
-
- private UserDetailsContextMapper userDetailsMapper;
- private LdapUserDetailsService ldapUserDetailsService;
- private List<UserNatureMapper> userNatureMappers;
-
- private LdapShaPasswordEncoder ldapShaPasswordEncoder = new LdapShaPasswordEncoder();
- private Random random;
-
- public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
- this.contextSource = contextSource;
- ldapTemplate = new LdapTemplate(this.contextSource);
- try {
- random = SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- random = new Random(System.currentTimeMillis());
- }
- }
-
- public void afterPropertiesSet() throws Exception {
- if (usernameMapper == null)
- usernameMapper = new DefaultLdapUsernameToDnMapper(userBase,
- usernameAttributeName);
-
- if (authoritiesPopulator == null) {
- DefaultLdapAuthoritiesPopulator ap = new DefaultLdapAuthoritiesPopulator(
- ldapTemplate.getContextSource(), groupBase);
- ap.setDefaultRole(defaultRole);
- ap.setGroupSearchFilter(groupMemberAttributeName + "={0}");
- authoritiesPopulator = ap;
- }
-
- if (userDetailsMapper == null) {
- ArgeoUserDetailsContextMapper audm = new ArgeoUserDetailsContextMapper();
- audm.setUserNatureMappers(userNatureMappers);
- userDetailsMapper = audm;
- }
-
- if (userDetailsManager == null) {
- LdapUserDetailsManager ludm = new LdapUserDetailsManager(
- ldapTemplate.getContextSource());
- ludm.setGroupSearchBase(groupBase);
- ludm.setUserDetailsMapper(userDetailsMapper);
- ludm.setUsernameMapper(usernameMapper);
- ludm.setGroupMemberAttributeName(groupMemberAttributeName);
- userDetailsManager = ludm;
- }
-
- if (ldapUserDetailsService == null) {
- FilterBasedLdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(
- userBase, "(" + usernameAttributeName + "={0})",
- contextSource);
- ldapUserDetailsService = new LdapUserDetailsService(ldapUserSearch,
- authoritiesPopulator);
- ldapUserDetailsService.setUserDetailsMapper(userDetailsMapper);
- }
- }
-
- public synchronized void createUser(ArgeoUser user) {
- userDetailsManager.createUser(new ArgeoUserDetails(user));
- }
-
- public synchronized ArgeoUser getUser(String uname) {
- SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
- user.setPassword(null);
- return user;
- }
-
- public synchronized ArgeoUser getUserWithPassword(String uname) {
- return createSimpleArgeoUser(getDetails(uname));
- }
-
- // public ArgeoUser getCurrentUser() {
- // ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
- // if (argeoUser == null)
- // return null;
- // if (argeoUser.getRoles().contains(defaultRole))
- // argeoUser.getRoles().remove(defaultRole);
- // return argeoUser;
- // }
-
- @SuppressWarnings("unchecked")
- public synchronized Set<ArgeoUser> listUsers() {
- List<String> usernames = (List<String>) ldapTemplate.listBindings(
- new DistinguishedName(userBase), new ContextMapper() {
- public Object mapFromContext(Object ctxArg) {
- DirContextAdapter ctx = (DirContextAdapter) ctxArg;
- return ctx.getStringAttribute(usernameAttributeName);
- }
- });
-
- TreeSet<ArgeoUser> lst = new TreeSet<ArgeoUser>();
- for (String username : usernames) {
- lst.add(createSimpleArgeoUser(getDetails(username)));
- }
- return Collections.unmodifiableSortedSet(lst);
- }
-
- @SuppressWarnings("unchecked")
- public Set<String> listEditableRoles() {
- return Collections.unmodifiableSortedSet(new TreeSet<String>(
- ldapTemplate.listBindings(groupBase, new ContextMapper() {
- public Object mapFromContext(Object ctxArg) {
- String groupName = ((DirContextAdapter) ctxArg)
- .getStringAttribute(groupRoleAttributeName);
- String roleName = convertGroupToRole(groupName);
- return roleName;
- }
- })));
- }
-
- @SuppressWarnings("unchecked")
- public Set<ArgeoUser> listUsersInRole(String role) {
- return (Set<ArgeoUser>) ldapTemplate.lookup(
- buildGroupDn(convertRoleToGroup(role)), new ContextMapper() {
- public Object mapFromContext(Object ctxArg) {
- DirContextAdapter ctx = (DirContextAdapter) ctxArg;
- String[] userDns = ctx
- .getStringAttributes(groupMemberAttributeName);
- TreeSet<ArgeoUser> set = new TreeSet<ArgeoUser>();
- for (String userDn : userDns) {
- DistinguishedName dn = new DistinguishedName(userDn);
- String username = dn
- .getValue(usernameAttributeName);
- set.add(createSimpleArgeoUser(getDetails(username)));
- }
- return Collections.unmodifiableSortedSet(set);
- }
- });
- }
-
- public synchronized void updateUser(ArgeoUser user) {
- ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
- userDetailsManager.updateUser(new ArgeoUserDetails(user));
- // refresh logged in user
- if (ArgeoUserDetails.securityContextUser().getUsername()
- .equals(argeoUserDetails.getUsername())) {
- SecurityContextHolder.getContext().setAuthentication(
- new UsernamePasswordAuthenticationToken(argeoUserDetails,
- null, argeoUserDetails.getAuthorities()));
- }
- }
-
- public synchronized void deleteUser(String username) {
- userDetailsManager.deleteUser(username);
- }
-
- public synchronized Boolean userExists(String username) {
- return userDetailsManager.userExists(username);
- }
-
- public void createRole(String role, final String superuserName) {
- String group = convertRoleToGroup(role);
- DistinguishedName superuserDn = (DistinguishedName) ldapTemplate
- .executeReadWrite(new ContextExecutor() {
- public Object executeWithContext(DirContext ctx)
- throws NamingException {
- return LdapUtils.getFullDn(
- usernameMapper.buildDn(superuserName), ctx);
- }
- });
-
- Name groupDn = buildGroupDn(group);
- DirContextAdapter context = new DirContextAdapter();
- context.setAttributeValues("objectClass", groupClasses);
- context.setAttributeValue("cn", group);
-
- // Add superuser because cannot create empty group
- context.setAttributeValue(groupMemberAttributeName,
- superuserDn.toString());
-
- ldapTemplate.bind(groupDn, context, null);
- }
-
- public void deleteRole(String role) {
- String group = convertRoleToGroup(role);
- Name dn = buildGroupDn(group);
- ldapTemplate.unbind(dn);
- }
-
- public Boolean isPasswordValid(String encoded, String raw) {
- return ldapShaPasswordEncoder.isPasswordValid(encoded, raw, null);
- }
-
- public String encodePassword(String raw) {
- byte[] salt = null;
- // TODO: check that Linux auth supports SSHA
- // byte[] salt = new byte[16];
- // random.nextBytes(salt);
- return ldapShaPasswordEncoder.encodePassword(raw, salt);
- }
-
- protected String convertRoleToGroup(String role) {
- String group = role;
- if (group.startsWith(rolePrefix)) {
- group = group.substring(rolePrefix.length());
- group = group.toLowerCase();
- }
- return group;
- }
-
- public String convertGroupToRole(String groupName) {
- groupName = groupName.toUpperCase();
-
- return rolePrefix + groupName;
- }
-
- protected Name buildGroupDn(String name) {
- return new DistinguishedName(groupRoleAttributeName + "=" + name + ","
- + groupBase);
- }
-
- public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
- this.userDetailsManager = userDetailsManager;
- }
-
- public void setUserBase(String userBase) {
- this.userBase = userBase;
- }
-
- public void setUsernameAttributeName(String usernameAttribute) {
- this.usernameAttributeName = usernameAttribute;
- }
-
- public void setAuthoritiesPopulator(
- LdapAuthoritiesPopulator authoritiesPopulator) {
- this.authoritiesPopulator = authoritiesPopulator;
- }
-
- protected UserDetails getDetails(String username) {
- return userDetailsManager.loadUserByUsername(username);
- }
-
- public void setGroupBase(String groupBase) {
- this.groupBase = groupBase;
- }
-
- public void setGroupRoleAttributeName(String groupRoleAttributeName) {
- this.groupRoleAttributeName = groupRoleAttributeName;
- }
-
- public void setGroupMemberAttributeName(String groupMemberAttributeName) {
- this.groupMemberAttributeName = groupMemberAttributeName;
- }
-
- public void setDefaultRole(String defaultRole) {
- this.defaultRole = defaultRole;
- }
-
- public void setRolePrefix(String rolePrefix) {
- this.rolePrefix = rolePrefix;
- }
-
- public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper) {
- this.usernameMapper = usernameMapper;
- }
-
- public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) {
- this.userDetailsMapper = userDetailsMapper;
- }
-
- public LdapAuthoritiesPopulator getAuthoritiesPopulator() {
- return authoritiesPopulator;
- }
-
- public UserDetailsContextMapper getUserDetailsMapper() {
- return userDetailsMapper;
- }
-
- public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
- this.userNatureMappers = userNatureMappers;
- }
-
- public String getDefaultRole() {
- return defaultRole;
- }
-
- public void setGroupClasses(String[] groupClasses) {
- this.groupClasses = groupClasses;
- }
-
- public UserDetailsService getUserDetailsService() {
- return ldapUserDetailsService;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.argeo.security.ArgeoUser;
-import org.argeo.security.UserNature;
-import org.argeo.security.core.ArgeoUserDetails;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.security.GrantedAuthority;
-import org.springframework.security.userdetails.UserDetails;
-import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-
-/**
- * Performs the mapping between LDAP and the user natures, using
- * {@link UserNatureMapper}.
- */
-public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
- // private final static Log log = LogFactory
- // .getLog(ArgeoUserDetailsContextMapper.class);
-
- private List<UserNatureMapper> userNatureMappers = new ArrayList<UserNatureMapper>();
-
- public UserDetails mapUserFromContext(DirContextOperations ctx,
- String username, GrantedAuthority[] authorities) {
- byte[] arr = (byte[]) ctx.getAttributeSortedStringSet("userPassword")
- .first();
- String password = new String(arr);
-
- Map<String, UserNature> userNatures = new HashMap<String, UserNature>();
- for (UserNatureMapper userInfoMapper : userNatureMappers) {
- UserNature userNature = userInfoMapper.mapUserInfoFromContext(ctx);
- if (userNature != null)
- userNatures.put(userInfoMapper.getName(), userNature);
- }
-
- return new ArgeoUserDetails(username,
- Collections.unmodifiableMap(userNatures), password, authorities);
- }
-
- public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
- ctx.setAttributeValues("objectClass", new String[] { "inetOrgPerson" });
- ctx.setAttributeValue("uid", user.getUsername());
- ctx.setAttributeValue("userPassword", user.getPassword());
- if (user instanceof ArgeoUser) {
- ArgeoUser argeoUser = (ArgeoUser) user;
- for (UserNature userNature : argeoUser.getUserNatures().values()) {
- for (UserNatureMapper userInfoMapper : userNatureMappers) {
- if (userInfoMapper.supports(userNature)) {
- userInfoMapper.mapUserInfoToContext(userNature, ctx);
- break;// use the first mapper found and no others
- }
- }
- }
- }
- }
-
- public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
- this.userNatureMappers = userNatureMappers;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap;
-
-import org.argeo.security.UserNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-/** Maps a user nature from LDAP. */
-public interface UserNatureMapper {
- public String getName();
-
- public void mapUserInfoToContext(UserNature userInfo, DirContextAdapter ctx);
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx);
-
- public Boolean supports(UserNature userInfo);
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap.nature;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.ldap.UserNatureMapper;
-import org.argeo.security.nature.CoworkerNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class CoworkerUserNatureMapper implements UserNatureMapper {
-
- public String getName() {
- return "coworker";
- }
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- CoworkerNature nature = new CoworkerNature();
- nature.setMobile(ctx.getStringAttribute("mobile"));
- nature.setTelephoneNumber(ctx.getStringAttribute("telephoneNumber"));
-
- if (nature.getMobile() == null && nature.getTelephoneNumber() == null)
- return null;
- else
- return nature;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- CoworkerNature nature = (CoworkerNature) userInfoArg;
- if (nature.getMobile() == null || !nature.getMobile().equals("")) {
- ctx.setAttributeValue("mobile", nature.getMobile());
- }
- if (nature.getTelephoneNumber() == null
- || !nature.getTelephoneNumber().equals("")) {
- ctx.setAttributeValue("telephoneNumber",
- nature.getTelephoneNumber());
- }
- }
-
- public Boolean supports(UserNature userNature) {
- return userNature instanceof CoworkerNature;
- }
-
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.argeo.security.ldap.nature;
-
-import org.argeo.security.UserNature;
-import org.argeo.security.ldap.UserNatureMapper;
-import org.argeo.security.nature.SimpleUserNature;
-import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DirContextOperations;
-
-public class SimpleUserNatureMapper implements UserNatureMapper {
- public String getName() {
- return SimpleUserNature.TYPE;
- }
-
- public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
- SimpleUserNature nature = new SimpleUserNature();
- nature.setLastName(ctx.getStringAttribute("sn"));
- nature.setFirstName(ctx.getStringAttribute("givenName"));
- nature.setEmail(ctx.getStringAttribute("mail"));
- nature.setDescription(ctx.getStringAttribute("description"));
- return nature;
- }
-
- public void mapUserInfoToContext(UserNature userInfoArg,
- DirContextAdapter ctx) {
- SimpleUserNature nature = (SimpleUserNature) userInfoArg;
- ctx.setAttributeValue("cn",
- nature.getFirstName() + " " + nature.getLastName());
- ctx.setAttributeValue("sn", nature.getLastName());
- ctx.setAttributeValue("givenName", nature.getFirstName());
- ctx.setAttributeValue("mail", nature.getEmail());
- if (nature.getDescription() != null
- && !nature.getDescription().equals("")) {
- ctx.setAttributeValue("description", nature.getDescription());
- }
- }
-
- public Boolean supports(UserNature userNature) {
- return userNature instanceof SimpleUserNature;
- }
-
-}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>org.argeo.security.ldap</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.ManifestBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.SchemaBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.pde.PluginNature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
--- /dev/null
+#Wed Feb 16 11:23:43 CET 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
--- /dev/null
+#Wed Feb 16 11:23:43 CET 2011
+eclipse.preferences.version=1
+pluginProject.extensions=false
+resolve.requirebundle=false
--- /dev/null
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+ .
--- /dev/null
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>runtime</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <artifactId>org.argeo.security.ldap</artifactId>
+ <name>Commons Security LDAP</name>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>${version.maven-bundle-plugin}</version>
+ <configuration>
+ <instructions>
+ <Export-Package>
+ org.argeo.security.ldap.*
+ </Export-Package>
+ <Import-Package>
+ org.springframework.core,
+ org.springframework.dao,
+ *
+ </Import-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.argeo.commons.basic</groupId>
+ <artifactId>org.argeo.basic.nodeps</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.core</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ </dependency>
+
+ <!-- Spring -->
+ <dependency>
+ <groupId>org.argeo.dep.osgi</groupId>
+ <artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+ </dependency>
+
+ <!-- Logging -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
+ </dependency>
+
+ </dependencies>
+</project>
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.ldap;
+
+import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Collections;
+import java.util.List;
+import java.util.Random;
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+
+import org.argeo.security.ArgeoSecurityDao;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.SimpleArgeoUser;
+import org.argeo.security.core.ArgeoUserDetails;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.ldap.core.ContextExecutor;
+import org.springframework.ldap.core.ContextMapper;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.ldap.DefaultLdapUsernameToDnMapper;
+import org.springframework.security.ldap.LdapAuthoritiesPopulator;
+import org.springframework.security.ldap.LdapUsernameToDnMapper;
+import org.springframework.security.ldap.LdapUtils;
+import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.UserDetailsManager;
+import org.springframework.security.userdetails.UserDetailsService;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsManager;
+import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
+import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
+
+public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
+ // private final static Log log = LogFactory.getLog(UserDaoLdap.class);
+
+ private UserDetailsManager userDetailsManager;
+ private LdapAuthoritiesPopulator authoritiesPopulator;
+ private String userBase = "ou=People";
+ private String usernameAttributeName = "uid";
+ private String groupBase = "ou=Roles";
+ private String[] groupClasses = { "top", "groupOfNames" };
+ private String groupRoleAttributeName = "cn";
+ private String groupMemberAttributeName = "member";
+ private String defaultRole = "ROLE_USER";
+ private String rolePrefix = "ROLE_";
+
+ private final BaseLdapPathContextSource contextSource;
+ private final LdapTemplate ldapTemplate;
+
+ private LdapUsernameToDnMapper usernameMapper = null;
+
+ private UserDetailsContextMapper userDetailsMapper;
+ private LdapUserDetailsService ldapUserDetailsService;
+ private List<UserNatureMapper> userNatureMappers;
+
+ private LdapShaPasswordEncoder ldapShaPasswordEncoder = new LdapShaPasswordEncoder();
+ private Random random;
+
+ public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
+ this.contextSource = contextSource;
+ ldapTemplate = new LdapTemplate(this.contextSource);
+ try {
+ random = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ random = new Random(System.currentTimeMillis());
+ }
+ }
+
+ public void afterPropertiesSet() throws Exception {
+ if (usernameMapper == null)
+ usernameMapper = new DefaultLdapUsernameToDnMapper(userBase,
+ usernameAttributeName);
+
+ if (authoritiesPopulator == null) {
+ DefaultLdapAuthoritiesPopulator ap = new DefaultLdapAuthoritiesPopulator(
+ ldapTemplate.getContextSource(), groupBase);
+ ap.setDefaultRole(defaultRole);
+ ap.setGroupSearchFilter(groupMemberAttributeName + "={0}");
+ authoritiesPopulator = ap;
+ }
+
+ if (userDetailsMapper == null) {
+ ArgeoUserDetailsContextMapper audm = new ArgeoUserDetailsContextMapper();
+ audm.setUserNatureMappers(userNatureMappers);
+ userDetailsMapper = audm;
+ }
+
+ if (userDetailsManager == null) {
+ LdapUserDetailsManager ludm = new LdapUserDetailsManager(
+ ldapTemplate.getContextSource());
+ ludm.setGroupSearchBase(groupBase);
+ ludm.setUserDetailsMapper(userDetailsMapper);
+ ludm.setUsernameMapper(usernameMapper);
+ ludm.setGroupMemberAttributeName(groupMemberAttributeName);
+ userDetailsManager = ludm;
+ }
+
+ if (ldapUserDetailsService == null) {
+ FilterBasedLdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch(
+ userBase, "(" + usernameAttributeName + "={0})",
+ contextSource);
+ ldapUserDetailsService = new LdapUserDetailsService(ldapUserSearch,
+ authoritiesPopulator);
+ ldapUserDetailsService.setUserDetailsMapper(userDetailsMapper);
+ }
+ }
+
+ public synchronized void createUser(ArgeoUser user) {
+ userDetailsManager.createUser(new ArgeoUserDetails(user));
+ }
+
+ public synchronized ArgeoUser getUser(String uname) {
+ SimpleArgeoUser user = createSimpleArgeoUser(getDetails(uname));
+ user.setPassword(null);
+ return user;
+ }
+
+ public synchronized ArgeoUser getUserWithPassword(String uname) {
+ return createSimpleArgeoUser(getDetails(uname));
+ }
+
+ // public ArgeoUser getCurrentUser() {
+ // ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+ // if (argeoUser == null)
+ // return null;
+ // if (argeoUser.getRoles().contains(defaultRole))
+ // argeoUser.getRoles().remove(defaultRole);
+ // return argeoUser;
+ // }
+
+ @SuppressWarnings("unchecked")
+ public synchronized Set<ArgeoUser> listUsers() {
+ List<String> usernames = (List<String>) ldapTemplate.listBindings(
+ new DistinguishedName(userBase), new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ DirContextAdapter ctx = (DirContextAdapter) ctxArg;
+ return ctx.getStringAttribute(usernameAttributeName);
+ }
+ });
+
+ TreeSet<ArgeoUser> lst = new TreeSet<ArgeoUser>();
+ for (String username : usernames) {
+ lst.add(createSimpleArgeoUser(getDetails(username)));
+ }
+ return Collections.unmodifiableSortedSet(lst);
+ }
+
+ @SuppressWarnings("unchecked")
+ public Set<String> listEditableRoles() {
+ return Collections.unmodifiableSortedSet(new TreeSet<String>(
+ ldapTemplate.listBindings(groupBase, new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ String groupName = ((DirContextAdapter) ctxArg)
+ .getStringAttribute(groupRoleAttributeName);
+ String roleName = convertGroupToRole(groupName);
+ return roleName;
+ }
+ })));
+ }
+
+ @SuppressWarnings("unchecked")
+ public Set<ArgeoUser> listUsersInRole(String role) {
+ return (Set<ArgeoUser>) ldapTemplate.lookup(
+ buildGroupDn(convertRoleToGroup(role)), new ContextMapper() {
+ public Object mapFromContext(Object ctxArg) {
+ DirContextAdapter ctx = (DirContextAdapter) ctxArg;
+ String[] userDns = ctx
+ .getStringAttributes(groupMemberAttributeName);
+ TreeSet<ArgeoUser> set = new TreeSet<ArgeoUser>();
+ for (String userDn : userDns) {
+ DistinguishedName dn = new DistinguishedName(userDn);
+ String username = dn
+ .getValue(usernameAttributeName);
+ set.add(createSimpleArgeoUser(getDetails(username)));
+ }
+ return Collections.unmodifiableSortedSet(set);
+ }
+ });
+ }
+
+ public synchronized void updateUser(ArgeoUser user) {
+ ArgeoUserDetails argeoUserDetails = new ArgeoUserDetails(user);
+ userDetailsManager.updateUser(new ArgeoUserDetails(user));
+ // refresh logged in user
+ if (ArgeoUserDetails.securityContextUser().getUsername()
+ .equals(argeoUserDetails.getUsername())) {
+ SecurityContextHolder.getContext().setAuthentication(
+ new UsernamePasswordAuthenticationToken(argeoUserDetails,
+ null, argeoUserDetails.getAuthorities()));
+ }
+ }
+
+ public synchronized void deleteUser(String username) {
+ userDetailsManager.deleteUser(username);
+ }
+
+ public synchronized Boolean userExists(String username) {
+ return userDetailsManager.userExists(username);
+ }
+
+ public void createRole(String role, final String superuserName) {
+ String group = convertRoleToGroup(role);
+ DistinguishedName superuserDn = (DistinguishedName) ldapTemplate
+ .executeReadWrite(new ContextExecutor() {
+ public Object executeWithContext(DirContext ctx)
+ throws NamingException {
+ return LdapUtils.getFullDn(
+ usernameMapper.buildDn(superuserName), ctx);
+ }
+ });
+
+ Name groupDn = buildGroupDn(group);
+ DirContextAdapter context = new DirContextAdapter();
+ context.setAttributeValues("objectClass", groupClasses);
+ context.setAttributeValue("cn", group);
+
+ // Add superuser because cannot create empty group
+ context.setAttributeValue(groupMemberAttributeName,
+ superuserDn.toString());
+
+ ldapTemplate.bind(groupDn, context, null);
+ }
+
+ public void deleteRole(String role) {
+ String group = convertRoleToGroup(role);
+ Name dn = buildGroupDn(group);
+ ldapTemplate.unbind(dn);
+ }
+
+ public Boolean isPasswordValid(String encoded, String raw) {
+ return ldapShaPasswordEncoder.isPasswordValid(encoded, raw, null);
+ }
+
+ public String encodePassword(String raw) {
+ byte[] salt = null;
+ // byte[] salt = new byte[16];
+ // random.nextBytes(salt);
+ return ldapShaPasswordEncoder.encodePassword(raw, salt);
+ }
+
+ protected String convertRoleToGroup(String role) {
+ String group = role;
+ if (group.startsWith(rolePrefix)) {
+ group = group.substring(rolePrefix.length());
+ group = group.toLowerCase();
+ }
+ return group;
+ }
+
+ public String convertGroupToRole(String groupName) {
+ groupName = groupName.toUpperCase();
+
+ return rolePrefix + groupName;
+ }
+
+ protected Name buildGroupDn(String name) {
+ return new DistinguishedName(groupRoleAttributeName + "=" + name + ","
+ + groupBase);
+ }
+
+ public void setUserDetailsManager(UserDetailsManager userDetailsManager) {
+ this.userDetailsManager = userDetailsManager;
+ }
+
+ public void setUserBase(String userBase) {
+ this.userBase = userBase;
+ }
+
+ public void setUsernameAttributeName(String usernameAttribute) {
+ this.usernameAttributeName = usernameAttribute;
+ }
+
+ public void setAuthoritiesPopulator(
+ LdapAuthoritiesPopulator authoritiesPopulator) {
+ this.authoritiesPopulator = authoritiesPopulator;
+ }
+
+ protected UserDetails getDetails(String username) {
+ return userDetailsManager.loadUserByUsername(username);
+ }
+
+ public void setGroupBase(String groupBase) {
+ this.groupBase = groupBase;
+ }
+
+ public void setGroupRoleAttributeName(String groupRoleAttributeName) {
+ this.groupRoleAttributeName = groupRoleAttributeName;
+ }
+
+ public void setGroupMemberAttributeName(String groupMemberAttributeName) {
+ this.groupMemberAttributeName = groupMemberAttributeName;
+ }
+
+ public void setDefaultRole(String defaultRole) {
+ this.defaultRole = defaultRole;
+ }
+
+ public void setRolePrefix(String rolePrefix) {
+ this.rolePrefix = rolePrefix;
+ }
+
+ public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper) {
+ this.usernameMapper = usernameMapper;
+ }
+
+ public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) {
+ this.userDetailsMapper = userDetailsMapper;
+ }
+
+ public LdapAuthoritiesPopulator getAuthoritiesPopulator() {
+ return authoritiesPopulator;
+ }
+
+ public UserDetailsContextMapper getUserDetailsMapper() {
+ return userDetailsMapper;
+ }
+
+ public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
+ this.userNatureMappers = userNatureMappers;
+ }
+
+ public String getDefaultRole() {
+ return defaultRole;
+ }
+
+ public void setGroupClasses(String[] groupClasses) {
+ this.groupClasses = groupClasses;
+ }
+
+ public UserDetailsService getUserDetailsService() {
+ return ldapUserDetailsService;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.ldap;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.UserNature;
+import org.argeo.security.core.ArgeoUserDetails;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.userdetails.UserDetails;
+import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
+
+/**
+ * Performs the mapping between LDAP and the user natures, using
+ * {@link UserNatureMapper}.
+ */
+public class ArgeoUserDetailsContextMapper implements UserDetailsContextMapper {
+ // private final static Log log = LogFactory
+ // .getLog(ArgeoUserDetailsContextMapper.class);
+
+ private List<UserNatureMapper> userNatureMappers = new ArrayList<UserNatureMapper>();
+
+ public UserDetails mapUserFromContext(DirContextOperations ctx,
+ String username, GrantedAuthority[] authorities) {
+ byte[] arr = (byte[]) ctx.getAttributeSortedStringSet("userPassword")
+ .first();
+ String password = new String(arr);
+
+ Map<String, UserNature> userNatures = new HashMap<String, UserNature>();
+ for (UserNatureMapper userInfoMapper : userNatureMappers) {
+ UserNature userNature = userInfoMapper.mapUserInfoFromContext(ctx);
+ if (userNature != null)
+ userNatures.put(userInfoMapper.getName(), userNature);
+ }
+
+ return new ArgeoUserDetails(username,
+ Collections.unmodifiableMap(userNatures), password, authorities);
+ }
+
+ public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
+ ctx.setAttributeValues("objectClass", new String[] { "inetOrgPerson" });
+ ctx.setAttributeValue("uid", user.getUsername());
+ ctx.setAttributeValue("userPassword", user.getPassword());
+ if (user instanceof ArgeoUser) {
+ ArgeoUser argeoUser = (ArgeoUser) user;
+ for (UserNature userNature : argeoUser.getUserNatures().values()) {
+ for (UserNatureMapper userInfoMapper : userNatureMappers) {
+ if (userInfoMapper.supports(userNature)) {
+ userInfoMapper.mapUserInfoToContext(userNature, ctx);
+ break;// use the first mapper found and no others
+ }
+ }
+ }
+ }
+ }
+
+ public void setUserNatureMappers(List<UserNatureMapper> userNatureMappers) {
+ this.userNatureMappers = userNatureMappers;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.ldap;
+
+import org.argeo.security.UserNature;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+
+/** Maps a user nature from LDAP. */
+public interface UserNatureMapper {
+ public String getName();
+
+ public void mapUserInfoToContext(UserNature userInfo, DirContextAdapter ctx);
+
+ public UserNature mapUserInfoFromContext(DirContextOperations ctx);
+
+ public Boolean supports(UserNature userInfo);
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.ldap.nature;
+
+import org.argeo.security.UserNature;
+import org.argeo.security.ldap.UserNatureMapper;
+import org.argeo.security.nature.CoworkerNature;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+
+public class CoworkerUserNatureMapper implements UserNatureMapper {
+
+ public String getName() {
+ return "coworker";
+ }
+
+ public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
+ CoworkerNature nature = new CoworkerNature();
+ nature.setMobile(ctx.getStringAttribute("mobile"));
+ nature.setTelephoneNumber(ctx.getStringAttribute("telephoneNumber"));
+
+ if (nature.getMobile() == null && nature.getTelephoneNumber() == null)
+ return null;
+ else
+ return nature;
+ }
+
+ public void mapUserInfoToContext(UserNature userInfoArg,
+ DirContextAdapter ctx) {
+ CoworkerNature nature = (CoworkerNature) userInfoArg;
+ if (nature.getMobile() == null || !nature.getMobile().equals("")) {
+ ctx.setAttributeValue("mobile", nature.getMobile());
+ }
+ if (nature.getTelephoneNumber() == null
+ || !nature.getTelephoneNumber().equals("")) {
+ ctx.setAttributeValue("telephoneNumber",
+ nature.getTelephoneNumber());
+ }
+ }
+
+ public Boolean supports(UserNature userNature) {
+ return userNature instanceof CoworkerNature;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.ldap.nature;
+
+import org.argeo.security.UserNature;
+import org.argeo.security.ldap.UserNatureMapper;
+import org.argeo.security.nature.SimpleUserNature;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+
+public class SimpleUserNatureMapper implements UserNatureMapper {
+ public String getName() {
+ return SimpleUserNature.TYPE;
+ }
+
+ public UserNature mapUserInfoFromContext(DirContextOperations ctx) {
+ SimpleUserNature nature = new SimpleUserNature();
+ nature.setLastName(ctx.getStringAttribute("sn"));
+ nature.setFirstName(ctx.getStringAttribute("givenName"));
+ nature.setEmail(ctx.getStringAttribute("mail"));
+ nature.setDescription(ctx.getStringAttribute("description"));
+ return nature;
+ }
+
+ public void mapUserInfoToContext(UserNature userInfoArg,
+ DirContextAdapter ctx) {
+ SimpleUserNature nature = (SimpleUserNature) userInfoArg;
+ ctx.setAttributeValue("cn",
+ nature.getFirstName() + " " + nature.getLastName());
+ ctx.setAttributeValue("sn", nature.getLastName());
+ ctx.setAttributeValue("givenName", nature.getFirstName());
+ ctx.setAttributeValue("mail", nature.getEmail());
+ if (nature.getDescription() != null
+ && !nature.getDescription().equals("")) {
+ ctx.setAttributeValue("description", nature.getDescription());
+ }
+ }
+
+ public Boolean supports(UserNature userNature) {
+ return userNature instanceof SimpleUserNature;
+ }
+
+}
<modules>
<module>org.argeo.security.core</module>
<module>org.argeo.security.mvc</module>
+ <module>org.argeo.security.ldap</module>
+ <module>org.argeo.security.activemq</module>
</modules>
<build>
<resources>
<groupId>org.dom4j</groupId>
<artifactId>com.springsource.org.dom4j</artifactId>
</dependency>
- <dependency>
- <groupId>javax.xml.stream</groupId>
- <artifactId>com.springsource.javax.xml.stream</artifactId>
- </dependency>
<dependency>
<groupId>org.jdom</groupId>
<artifactId>com.springsource.org.jdom</artifactId>
<artifactId>com.springsource.org.xmlpull</artifactId>
</dependency>
+ <!-- OSGi test -->
<dependency>
<groupId>org.argeo.commons.osgi</groupId>
<artifactId>org.argeo.osgi.boot</artifactId>
<version>0.2.3-SNAPSHOT</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>javax.xml.stream</groupId>
+ <artifactId>com.springsource.javax.xml.stream</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xmlcommons</groupId>
+ <artifactId>com.springsource.org.apache.xmlcommons</artifactId>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
</project>
\ No newline at end of file
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.server</groupId>
<packaging>pom</packaging>
<name>Dep Apache Tomcat</name>
<dependencies>
- <!-- Commons Dep -->
+ <!-- Commons Dep -->
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.dep.log4j</artifactId>
<groupId>javax.servlet</groupId>
<artifactId>com.springsource.javax.servlet.jsp</artifactId>
</dependency>
- <dependency>
- <groupId>javax.annotation</groupId>
- <artifactId>com.springsource.javax.annotation</artifactId>
- </dependency>
<dependency>
<groupId>javax.persistence</groupId>
<artifactId>com.springsource.javax.persistence</artifactId>
</dependency>
- <dependency>
- <groupId>javax.activation</groupId>
- <artifactId>com.springsource.javax.activation</artifactId>
- </dependency>
<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>com.springsource.javax.management.j2ee</artifactId>
<groupId>javax.xml.rpc</groupId>
<artifactId>com.springsource.javax.xml.rpc</artifactId>
</dependency>
- <dependency>
- <groupId>javax.xml.soap</groupId>
- <artifactId>com.springsource.javax.xml.soap</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.transaction</groupId>
- <artifactId>com.springsource.javax.transaction</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.xml.stream</groupId>
- <artifactId>com.springsource.javax.xml.stream</artifactId>
- </dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>com.springsource.javax.servlet.jsp</artifactId>
<groupId>javax.el</groupId>
<artifactId>com.springsource.javax.el</artifactId>
</dependency>
- <dependency>
- <groupId>javax.xml.ws</groupId>
- <artifactId>com.springsource.javax.xml.ws</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.xml.bind</groupId>
- <artifactId>com.springsource.javax.xml.bind</artifactId>
- </dependency>
<!-- Taglibs -->
<dependency>
<groupId>org.apache.el</groupId>
<artifactId>com.springsource.org.apache.el</artifactId>
</dependency>
+
</dependencies>
</project>
\ No newline at end of file
<groupId>javax.servlet</groupId>
<artifactId>com.springsource.javax.servlet</artifactId>
</dependency>
- <dependency>
- <groupId>javax.xml.stream</groupId>
- <artifactId>com.springsource.javax.xml.stream</artifactId>
- </dependency>
<!-- Logging -->
<dependency>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.argeo.commons.server</groupId>
org.argeo.server.jcr.*
</Export-Package>
<Import-Package>
- *,
+ org.xml.sax;version="0.0.0",
org.springframework.security.providers.jaas;resolution:="optional",
- junit.framework;resolution:="optional"
+ junit.framework;resolution:="optional",
+ *
</Import-Package>
</instructions>
</configuration>
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Properties;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.TransientRepository;
import org.apache.jackrabbit.core.config.RepositoryConfig;
+import org.apache.jackrabbit.core.config.RepositoryConfigurationParser;
import org.argeo.ArgeoException;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ResourceLoaderAware;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
+import org.xml.sax.InputSource;
/**
* Wrapper around a Jackrabbit repository which allows to configure it in Spring
private Resource configuration;
private File homeDirectory;
+ private Resource variables;
private Boolean inMemory = false;
RepositoryConfig config;
InputStream in = configuration.getInputStream();
+ InputStream propsIn = null;
try {
- config = RepositoryConfig.create(in,
+ Properties vars = new Properties();
+ if (variables != null) {
+ propsIn = variables.getInputStream();
+ vars.load(propsIn);
+ }
+ // override with system properties
+ vars.putAll(System.getProperties());
+ vars.put(RepositoryConfigurationParser.REPOSITORY_HOME_VARIABLE,
homeDirectory.getCanonicalPath());
+ config = RepositoryConfig.create(new InputSource(in), vars);
} catch (Exception e) {
throw new RuntimeException("Cannot read configuration", e);
} finally {
IOUtils.closeQuietly(in);
+ IOUtils.closeQuietly(propsIn);
}
if (inMemory)
this.cndFiles = cndFiles;
}
+ public void setVariables(Resource variables) {
+ this.variables = variables;
+ }
+
}