org.argeo.security.equinox,\
#org.argeo.security.ui.initialPerspective=org.argeo.osgi.ui.explorer.perspective
-argeo.node.repo.uri=http://localhost:7070/org.argeo.jcr.webapp/remoting/node
+argeo.node.repo.uri=http://localhost:7070/data/jcr/node
log4j.configuration=file:../../log4j.properties
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
+
+ <bean id="repositoryFactory" class="org.argeo.jackrabbit.OsgiJackrabbitRepositoryFactory">
+ <property name="bundleContext" ref="bundleContext" />
+ </bean>
+
+</beans>
\ No newline at end of file
http://www.springframework.org/schema/util\r
http://www.springframework.org/schema/util/spring-util-2.5.xsd">\r
\r
- <!-- REFERENCE -->\r
- <reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory" />\r
-\r
<!-- SERVICES -->\r
<service ref="authenticationManager"\r
interface="org.springframework.security.AuthenticationManager" />\r
\r
+ <service ref="repositoryFactory" interface="javax.jcr.RepositoryFactory" />\r
+\r
+ <!-- User management -->\r
+ <service ref="userDetailsManager"\r
+ interface="org.springframework.security.userdetails.UserDetailsService"\r
+ context-class-loader="service-provider" />\r
+ <service ref="userDetailsManager"\r
+ interface="org.springframework.security.userdetails.UserDetailsManager"\r
+ context-class-loader="service-provider" />\r
+ <service ref="userDetailsManager" interface="org.argeo.security.UserAdminService"\r
+ context-class-loader="service-provider" />\r
+\r
</beans:beans>
\ No newline at end of file
<property name="key" value="${argeo.security.systemKey}" />
</bean>
+ <!-- Dummy user manager -->
+ <bean id="userDetailsManager" class="org.argeo.security.jcr.OsJcrUserAdminService"
+ init-method="init" destroy-method="destroy">
+ </bean>
+
</beans>
\ No newline at end of file
<activity
description="Non admins"
id="org.argeo.security.ui.notAdminActivity"
- name="Admin">
+ name="Not Admin">
<enabledWhen>
<not>
<with variable="roles">
</not>
</enabledWhen>
</activity>
+ <activity
+ description="Non remote"
+ id="org.argeo.security.ui.notRemoteActivity"
+ name="NonRemote">
+ <enabledWhen>
+ <not>
+ <with variable="roles">
+ <iterate ifEmpty="false" operator="or">
+ <equals value="ROLE_REMOTE" />
+ </iterate>
+ </with>
+ </not>
+ </enabledWhen>
+ </activity>
<activityPatternBinding
activityId="org.argeo.security.ui.adminActivity"
isEqualityPattern="true"
*/
package org.argeo.security.jcr;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import javax.jcr.Node;
import org.argeo.jcr.UserJcrUtils;
import org.argeo.security.UserAdminService;
import org.springframework.dao.DataAccessException;
+import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UsernameNotFoundException;
public class OsJcrUserAdminService implements UserAdminService {
private Repository repository;
+ /** In memory roles provided by applications. */
+ private List<String> roles = new ArrayList<String>();
+
// private Session adminSession;
public void init() {
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if (getSPropertyUsername().equals(username)) {
- JcrUserDetails userDetails;
- Session adminSession = null;
- try {
- adminSession = repository.login();
- Node userProfile = UserJcrUtils.getUserProfile(adminSession,
- username);
- userDetails = new JcrUserDetails(userProfile, "",
+ UserDetails userDetails;
+ if (repository != null) {
+ Session adminSession = null;
+ try {
+ adminSession = repository.login();
+ Node userProfile = UserJcrUtils.getUserProfile(
+ adminSession, username);
+ userDetails = new JcrUserDetails(userProfile, "",
+ OsJcrAuthenticationProvider.getBaseAuthorities());
+ } catch (RepositoryException e) {
+ throw new ArgeoException(
+ "Cannot retrieve user profile for " + username, e);
+ } finally {
+ JcrUtils.logoutQuietly(adminSession);
+ }
+ } else {
+ userDetails = new User(username, "", true, true, true, true,
OsJcrAuthenticationProvider.getBaseAuthorities());
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot retrieve user profile for "
- + username, e);
- } finally {
- JcrUtils.logoutQuietly(adminSession);
}
return userDetails;
} else {
/** <b>Unsupported</b> */
public void newRole(String role) {
- throw new UnsupportedOperationException();
+ roles.add(role);
}
public Set<String> listEditableRoles() {
- Set<String> set = new HashSet<String>();
- return set;
+ return new HashSet<String>(roles);
}
/** <b>Unsupported</b> */
public void deleteRole(String role) {
- throw new UnsupportedOperationException();
+ roles.remove(role);
}
public void setRepository(Repository repository) {
private RepositoryFactory repositoryFactory;
private BundleContext bundleContext;
+ public final static String ROLE_REMOTE = "ROLE_REMOTE";
+
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
NodeAuthenticationToken siteAuth = (NodeAuthenticationToken) authentication;
}
try {
- Node userHome = UserJcrUtils.getUserHome(session);
+ // Node userHome = UserJcrUtils.getUserHome(session);
// retrieve remote roles
List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>();
- if (userHome != null
- && userHome.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
- Value[] roles = userHome.getProperty(
+ if (userProfile != null
+ && userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
+ Value[] roles = userProfile.getProperty(
ArgeoNames.ARGEO_REMOTE_ROLES).getValues();
for (int i = 0; i < roles.length; i++)
authoritiesList.add(new GrantedAuthorityImpl(roles[i]
.getString()));
}
+ authoritiesList.add(new GrantedAuthorityImpl(ROLE_REMOTE));
// create authenticated objects
GrantedAuthority[] authorities = authoritiesList
.getVersionManager();
if (versionManager.isCheckedOut(userProfile.getPath()))
versionManager.checkin(userProfile.getPath());
+
+ }
+
+ // Remote roles
+ if (roles != null) {
+ writeRemoteRoles(userProfile, roles);
}
return userProfile;
} catch (RepositoryException e) {