public Map<String, UserNature> getUserNatures();
/** Implementation should refuse to add new user natures via this method. */
+ @Deprecated
public void updateUserNatures(Map<String, UserNature> userNatures);
public List<String> getRoles();
* Read-write implementation of an Argeo user. Typically initialized with a
* generic instance (read-only9 in order to modify a user.
*/
+@Deprecated
public class SimpleArgeoUser implements ArgeoUser, Serializable,
Comparable<ArgeoUser> {
private static final long serialVersionUID = 1L;
--- /dev/null
+package org.argeo.security.jcr;
+
+import java.util.Map;
+
+import javax.jcr.Session;
+
+import org.argeo.ArgeoException;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.CurrentUserDao;
+import org.argeo.security.CurrentUserService;
+import org.argeo.security.UserNature;
+import org.springframework.security.Authentication;
+import org.springframework.security.context.SecurityContextHolder;
+
+public class CurrentUserServiceJcr implements CurrentUserService {
+ private Session session;
+ private CurrentUserDao currentUserDao;
+
+ public ArgeoUser getCurrentUser() {
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+
+ Session userSession;
+ if (authentication instanceof JcrAuthenticationToken) {
+ userSession = ((JcrAuthenticationToken) authentication)
+ .getSession();
+ } else {
+ if (session == null)
+ throw new ArgeoException("No user JCR session available");
+ userSession = session;
+ }
+
+ JcrUserDetails jcrUserDetails = (JcrUserDetails) authentication
+ .getDetails();
+ return JcrUserDetails.jcrUserDetailsToArgeoUser(userSession,
+ jcrUserDetails);
+ }
+
+ public void updateCurrentUserPassword(String oldPassword, String newPassword) {
+ currentUserDao.updateCurrentUserPassword(oldPassword, newPassword);
+
+ }
+
+ public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void setSession(Session session) {
+ this.session = session;
+ }
+
+ public void setCurrentUserDao(CurrentUserDao currentUserDao) {
+ this.currentUserDao = currentUserDao;
+ }
+
+}
--- /dev/null
+package org.argeo.security.jcr;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+
+import org.argeo.ArgeoException;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.UserNature;
+
+public class JcrArgeoUser implements ArgeoUser {
+ /** Cached for performance reasons. */
+ private final String username;
+ private final Node home;
+ private final List<String> roles;
+ private final Boolean enabled;
+ private final String password;
+
+ public JcrArgeoUser(Node home, String password, List<String> roles,
+ Boolean enabled) {
+ this.home = home;
+ this.password = password;
+ this.roles = Collections.unmodifiableList(new ArrayList<String>(roles));
+ this.enabled = enabled;
+ try {
+ username = home.getSession().getUserID();
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot find JCR user id", e);
+ }
+
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public Map<String, UserNature> getUserNatures() {
+ throw new UnsupportedOperationException("deprecated");
+ }
+
+ public void updateUserNatures(Map<String, UserNature> userNatures) {
+ throw new UnsupportedOperationException("deprecated");
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public Node getHome() {
+ return home;
+ }
+
+ public Boolean getEnabled() {
+ return enabled;
+ }
+
+ public boolean equals(Object obj) {
+ if (!(obj instanceof ArgeoUser))
+ return false;
+ return ((ArgeoUser) obj).getUsername().equals(username);
+ }
+
+ @Override
+ public int hashCode() {
+ return username.hashCode();
+ }
+
+ public String toString() {
+ return getUsername() + "@" + getHome();
+ }
+}
try {
// TODO: loads enabled, locked, etc. from the home node.
return new JcrUserDetails(userHome.getPath(), authen.getPrincipal()
- .toString(), authen.getCredentials().toString(), true,
+ .toString(), authen.getCredentials().toString(),
+ isEnabled(userHome),
true, true, true, authen.getAuthorities());
} catch (Exception e) {
throw new ArgeoException("Cannot get user details for " + userHome,
e);
}
}
+
+ protected Boolean isEnabled(Node userHome){
+ return true;
+ }
@SuppressWarnings("rawtypes")
public boolean supports(Class authentication) {
package org.argeo.security.jcr;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.argeo.ArgeoException;
import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.User;
public class JcrUserDetails extends User {
return homePath;
}
+ public static JcrUserDetails argeoUserToJcrUserDetails(
+ JcrArgeoUser argeoUser) {
+ try {
+ List<GrantedAuthority> gas = new ArrayList<GrantedAuthority>();
+ for (String role : argeoUser.getRoles())
+ gas.add(new GrantedAuthorityImpl(role));
+ return new JcrUserDetails(argeoUser.getHome().getPath(),
+ argeoUser.getUsername(), argeoUser.getPassword(),
+ argeoUser.getEnabled(), true, true, true,
+ gas.toArray(new GrantedAuthority[gas.size()]));
+ } catch (Exception e) {
+ throw new ArgeoException("Cannot convert " + argeoUser
+ + " to JCR user details", e);
+ }
+ }
+
+ public static JcrArgeoUser jcrUserDetailsToArgeoUser(Session userSession,
+ JcrUserDetails jcrUserDetails) {
+ if (!userSession.getUserID().equals(jcrUserDetails.getUsername()))
+ throw new ArgeoException("User session has user id "
+ + userSession.getUserID() + " while details has username "
+ + jcrUserDetails.getUsername());
+
+ Node userHome;
+ try {
+ userHome = userSession.getNode(jcrUserDetails.getHomePath());
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot retrieve user home with path "
+ + jcrUserDetails.getHomePath(), e);
+ }
+ List<String> roles = new ArrayList<String>();
+ for (GrantedAuthority ga : jcrUserDetails.getAuthorities())
+ roles.add(ga.getAuthority());
+ return new JcrArgeoUser(userHome, jcrUserDetails.getPassword(), roles,
+ jcrUserDetails.isEnabled());
+
+ }
}
import org.argeo.security.ArgeoUser;
import org.argeo.security.UserNature;
+@Deprecated
public class SimpleUserNature extends AbstractUserNature {
/**
* No PAI, for internal use within the Argeo Security framework. Will
import java.util.Iterator;
import java.util.List;
+import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
}
}
+ @Override
+ protected Boolean isEnabled(Node userHome) {
+ try {
+ UserManager userManager = ((JackrabbitSession) userHome
+ .getSession()).getUserManager();
+ User user = (User) userManager.getAuthorizable(userHome
+ .getSession().getUserID());
+ return !user.isDisabled();
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot check whether " + userHome
+ + " is enabled", e);
+ }
+ }
+
}
throw new ArgeoException("Old password is not correct.");
user.setPassword(encodePassword(newPassword));
updateUser(user);
+ //userDetailsManager.changePassword(oldPassword, newPassword);
}
public void updateUserPassword(String username, String password) {
private Boolean autocreateWorkspaces = false;
private Executor systemExecutor;
+ private Credentials adminCredentials;
public void afterPropertiesSet() throws Exception {
// remote repository
else
repository = RepositoryImpl.create(config);
- importNodeTypeDefinitions(repository);
+ if (cndFiles != null && cndFiles.size() > 0)
+ importNodeTypeDefinitions(repository);
log.info("Initialized Jackrabbit repository " + repository + " in "
+ homeDirectory + " with config " + configuration);
* will be thrown.
*/
protected void importNodeTypeDefinitions(final Repository repository) {
+ final Credentials credentialsToUse;
if (systemExecutor == null) {
- log.warn("No system executor found");
- return;
+ if (adminCredentials == null)
+ throw new ArgeoException(
+ "No system executor or admin credentials found");
+ credentialsToUse = adminCredentials;
+ } else {
+ credentialsToUse = null;
}
- systemExecutor.execute(new Runnable() {
+ Runnable action = new Runnable() {
public void run() {
Reader reader = null;
Session session = null;
try {
- session = repository.login();
+ session = repository.login(credentialsToUse);
// Load cnds as resources
for (String resUrl : cndFiles) {
Resource res = resourceLoader.getResource(resUrl);
JcrUtils.logoutQuietly(session);
}
}
- });
+ };
+ if (systemExecutor != null)
+ systemExecutor.execute(action);
+ else
+ action.run();
}
public void destroy() throws Exception {
this.systemExecutor = systemExecutor;
}
+ public void setAdminCredentials(Credentials adminCredentials) {
+ this.adminCredentials = adminCredentials;
+ }
+
}