throws AuthenticationException {
if (authentication instanceof UsernamePasswordAuthenticationToken) {
// deal with remote access to internal server
- // FIXME very primitive and unsecure at this stage
+ // FIXME very primitive and unsecure at this sSession adminSession =tage
// consider using the keyring for username / password authentication
// or certificate
UsernamePasswordAuthenticationToken upat = (UsernamePasswordAuthenticationToken) authentication;
* desktop). TODO integrate with JCR user / groups
*/
public class OsJcrUserAdminService implements UserAdminService {
- private String securityWorkspace = "security";
private Repository repository;
- private Session securitySession;
+ // private Session adminSession;
public void init() {
- try {
- securitySession = repository.login(securityWorkspace);
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot initialize", e);
- }
+ // try {
+ // adminSession = repository.login();
+ // } catch (RepositoryException e) {
+ // throw new ArgeoException("Cannot initialize", e);
+ // }
}
public void destroy() {
- JcrUtils.logoutQuietly(securitySession);
+ // JcrUtils.logoutQuietly(adminSession);
}
/** <b>Unsupported</b> */
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if (getSPropertyUsername().equals(username)) {
- Node userProfile = UserJcrUtils.getUserProfile(securitySession,
- username);
JcrUserDetails userDetails;
+ Session adminSession = null;
try {
+ adminSession = repository.login();
+ Node userProfile = UserJcrUtils.getUserProfile(adminSession,
+ username);
userDetails = new JcrUserDetails(userProfile, "",
OsJcrAuthenticationProvider.getBaseAuthorities());
} catch (RepositoryException e) {
throw new ArgeoException("Cannot retrieve user profile for "
+ username, e);
+ } finally {
+ JcrUtils.logoutQuietly(adminSession);
}
return userDetails;
} else {
public void setRepository(Repository repository) {
this.repository = repository;
}
-
- public void setSecurityWorkspace(String securityWorkspace) {
- this.securityWorkspace = securityWorkspace;
- }
-
}
/** The home base path. */
private String homeBasePath = "/home";
- public Node sync(Session session, String username, List<String> roles) {
+ public synchronized Node sync(Session session, String username,
+ List<String> roles) {
// TODO check user name validity (e.g. should not start by ROLE_)
try {
// Remote roles
if (roles != null) {
- //writeRemoteRoles(userHome, roles);
+ // writeRemoteRoles(userHome, roles);
}
Node userProfile = UserJcrUtils.getUserProfile(session, username);
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.DefaultSecurityManager;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
private Map<String, String> userRolesCache = Collections
.synchronizedMap(new HashMap<String, String>());
+ @Override
+ public AccessManager getAccessManager(Session session, AMContext amContext)
+ throws RepositoryException {
+ synchronized (getSystemSession()) {
+ return super.getAccessManager(session, amContext);
+ }
+ }
+
+ @Override
+ public UserManager getUserManager(Session session)
+ throws RepositoryException {
+ synchronized (getSystemSession()) {
+ return super.getUserManager(session);
+ }
+ }
+
/**
* Since this is called once when the session is created, we take the
* opportunity to make sure that Jackrabbit users and groups reflect Spring
.getLog(JackrabbitSecurityModel.class);
@Override
- public Node sync(Session session, String username, List<String> roles) {
+ public synchronized Node sync(Session session, String username,
+ List<String> roles) {
if (!(session instanceof JackrabbitSession))
return super.sync(session, username, roles);
protected Principal getOrCreatePrincipal(Session session,
String principalName) throws RepositoryException {
UserManager um = ((JackrabbitSession) session).getUserManager();
- Authorizable authorizable = um.getAuthorizable(principalName);
- if (authorizable == null) {
- groupPrefixes: for (String groupPrefix : groupPrefixes) {
- if (principalName.startsWith(groupPrefix)) {
- authorizable = um.createGroup(principalName);
- log.info("Created group " + principalName);
- break groupPrefixes;
+ synchronized (um) {
+ Authorizable authorizable = um.getAuthorizable(principalName);
+ if (authorizable == null) {
+ groupPrefixes: for (String groupPrefix : groupPrefixes) {
+ if (principalName.startsWith(groupPrefix)) {
+ authorizable = um.createGroup(principalName);
+ log.info("Created group " + principalName);
+ break groupPrefixes;
+ }
}
+ if (authorizable == null)
+ throw new ArgeoException("Authorizable " + principalName
+ + " not found");
}
- if (authorizable == null)
- throw new ArgeoException("Authorizable " + principalName
- + " not found");
+ return authorizable.getPrincipal();
}
- return authorizable.getPrincipal();
}
public void setGroupPrefixes(List<String> groupsToCreate) {
* Convenience method for adding a single privilege to a principal (user or
* role), typically jcr:all
*/
- public static void addPrivilege(Session session, String path,
+ public synchronized static void addPrivilege(Session session, String path,
String principal, String privilege) throws RepositoryException {
List<Privilege> privileges = new ArrayList<Privilege>();
privileges.add(session.getAccessControlManager().privilegeFromName(
}
/** Gets access control list for this path, throws exception if not found */
- public static AccessControlList getAccessControlList(
+ public synchronized static AccessControlList getAccessControlList(
AccessControlManager acm, String path) throws RepositoryException {
// search for an access control list
AccessControlList acl = null;
}
/** Clear authorizations for a user at this path */
- public static void clearAccessControList(Session session, String path,
- String username) throws RepositoryException {
+ public synchronized static void clearAccessControList(Session session,
+ String path, String username) throws RepositoryException {
AccessControlManager acm = session.getAccessControlManager();
AccessControlList acl = getAccessControlList(acm, path);
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
Query query = qomf.createQuery(userHomeSel, constraint, null, null);
return JcrUtils.querySingleNode(query);
} catch (RepositoryException e) {
- throw new ArgeoException("Cannot find home for user " + username, e);
+ throw new ArgeoException(
+ "Cannot find profile for user " + username, e);
}
}