From: Mathieu Baudier Date: Tue, 1 Dec 2015 16:01:59 +0000 (+0000) Subject: Move packages to CMS X-Git-Tag: argeo-commons-2.1.31~19 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=b0d074d8d5e59d320b3e44d64a54476bcc889ba9;p=lgpl%2Fargeo-commons.git Move packages to CMS git-svn-id: https://svn.argeo.org/commons/trunk@8671 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/security/core/AbstractSystemExecution.java b/org.argeo.cms/src/org/argeo/security/core/AbstractSystemExecution.java new file mode 100644 index 000000000..81eeadf21 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/security/core/AbstractSystemExecution.java @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.core; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.ArgeoException; + +/** Provides base method for executing code with system authorization. */ +public abstract class AbstractSystemExecution { + private final static Log log = LogFactory + .getLog(AbstractSystemExecution.class); + private final Subject subject = new Subject(); + + private final String loginModule = "SYSTEM"; + + /** + * Authenticate the calling thread to the underlying + * {@link AuthenticationManager} + */ + protected void authenticateAsSystem() { + try { + LoginContext lc = new LoginContext(loginModule, subject); + lc.login(); + } catch (LoginException e) { + throw new ArgeoException("Cannot login as system", e); + } + if (log.isTraceEnabled()) + log.trace("System authenticated"); + } + + protected void deauthenticateAsSystem() { + try { + LoginContext lc = new LoginContext(loginModule, subject); + lc.logout(); + } catch (LoginException e) { + throw new ArgeoException("Cannot logout as system", e); + } + } + + protected Subject getSubject() { + return subject; + } +} diff --git a/org.argeo.cms/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java b/org.argeo.cms/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java new file mode 100644 index 000000000..aa3827c92 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2007-2012 Argeo GmbH + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.argeo.security.core; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.util.ArrayList; +import java.util.List; + +import javax.security.auth.Subject; + +import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.support.AbstractBeanFactory; +import org.springframework.beans.factory.support.SecurityContextProvider; +import org.springframework.beans.factory.support.SimpleSecurityContextProvider; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; + +/** + * Executes with a system authentication the instantiation and initialization + * methods of the application context where it has been defined. + */ +public class AuthenticatedApplicationContextInitialization extends + AbstractSystemExecution implements + DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware { + /** If non empty, restricts to these beans */ + private List beanNames = new ArrayList(); + + public Object postProcessBeforeInitialization(Object bean, String beanName) + throws BeansException { + if (beanNames.size() == 0 || beanNames.contains(beanName)) + authenticateAsSystem(); + return bean; + } + + public Object postProcessAfterInitialization(Object bean, String beanName) + throws BeansException { + if (beanNames.size() == 0 || beanNames.contains(beanName)) + deauthenticateAsSystem(); + return bean; + } + + public void setBeanNames(List beanNames) { + this.beanNames = beanNames; + } + + @Override + public void setApplicationContext(ApplicationContext applicationContext) + throws BeansException { + if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) { + final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext + .getAutowireCapableBeanFactory()); + // retrieve subject's access control context + // and set it as the bean factory security context + Subject.doAs(getSubject(), new PrivilegedAction() { + @Override + public Void run() { + SecurityContextProvider scp = new SimpleSecurityContextProvider( + AccessController.getContext()); + beanFactory.setSecurityContextProvider(scp); + return null; + } + }); + } + } +} diff --git a/org.argeo.cms/src/org/argeo/security/core/OsgiModuleLabel.java b/org.argeo.cms/src/org/argeo/security/core/OsgiModuleLabel.java new file mode 100644 index 000000000..45c9e16b0 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/security/core/OsgiModuleLabel.java @@ -0,0 +1,41 @@ +package org.argeo.security.core; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.framework.Bundle; +import org.osgi.framework.BundleContext; +import org.osgi.framework.Constants; + +/** + * Logs the name and version of an OSGi bundle based on its + * {@link BundleContext}. + */ +public class OsgiModuleLabel { + private final static Log log = LogFactory.getLog(OsgiModuleLabel.class); + + private Bundle bundle; + + public OsgiModuleLabel() { + } + + /** Sets without logging. */ + public OsgiModuleLabel(Bundle bundle) { + this.bundle = bundle; + } + + /** + * Retrieved bundle from a bundle context and logs it. Typically to be set + * as a Spring bean. + */ + public void setBundleContext(BundleContext bundleContext) { + this.bundle = bundleContext.getBundle(); + log.info(msg()); + } + + public String msg() { + String name = bundle.getHeaders().get(Constants.BUNDLE_NAME).toString(); + String symbolicName = bundle.getSymbolicName(); + String version = bundle.getVersion().toString(); + return name + " v" + version + " (" + symbolicName + ")"; + } +} diff --git a/org.argeo.cms/src/org/argeo/security/core/SimpleRoleRegistration.java b/org.argeo.cms/src/org/argeo/security/core/SimpleRoleRegistration.java new file mode 100644 index 000000000..4d107dabb --- /dev/null +++ b/org.argeo.cms/src/org/argeo/security/core/SimpleRoleRegistration.java @@ -0,0 +1,89 @@ +package org.argeo.security.core; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.transaction.UserTransaction; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.argeo.ArgeoException; +import org.osgi.service.useradmin.Role; +import org.osgi.service.useradmin.UserAdmin; + +/** + * Register one or many roles via a user admin service. Does nothing if the role + * is already registered. + */ +public class SimpleRoleRegistration implements Runnable { + private final static Log log = LogFactory + .getLog(SimpleRoleRegistration.class); + + private String role; + private List roles = new ArrayList(); + private UserAdmin userAdmin; + private UserTransaction userTransaction; + + @Override + public void run() { + try { + userTransaction.begin(); + if (role != null && !roleExists(role)) + newRole(toDn(role)); + + for (String r : roles) + if (!roleExists(r)) + newRole(toDn(r)); + userTransaction.commit(); + } catch (Exception e) { + try { + userTransaction.rollback(); + } catch (Exception e1) { + log.error("Cannot rollback", e1); + } + throw new ArgeoException("Cannot add roles", e); + } + } + + private boolean roleExists(String role) { + return userAdmin.getRole(toDn(role).toString()) != null; + } + + protected void newRole(LdapName r) { + userAdmin.createRole(r.toString(), Role.GROUP); + log.info("Added role " + r + " required by application."); + } + + public void register(UserAdmin userAdminService, Map properties) { + this.userAdmin = userAdminService; + run(); + } + + protected LdapName toDn(String name) { + try { + return new LdapName("cn=" + name + ",ou=roles,ou=node"); + } catch (InvalidNameException e) { + throw new ArgeoException("Badly formatted role name " + name, e); + } + } + + public void setRole(String role) { + this.role = role; + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public void setUserAdmin(UserAdmin userAdminService) { + this.userAdmin = userAdminService; + } + + public void setUserTransaction(UserTransaction userTransaction) { + this.userTransaction = userTransaction; + } + +} diff --git a/org.argeo.cms/src/org/argeo/security/core/SystemLoginModule.java b/org.argeo.cms/src/org/argeo/security/core/SystemLoginModule.java new file mode 100644 index 000000000..a1d68b376 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/security/core/SystemLoginModule.java @@ -0,0 +1,45 @@ +package org.argeo.security.core; + +import java.util.Map; + +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.login.LoginException; +import javax.security.auth.spi.LoginModule; + +import org.argeo.security.SystemAuth; + +public class SystemLoginModule implements LoginModule { + private Subject subject; + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, + Map sharedState, Map options) { + this.subject = subject; + } + + @Override + public boolean login() throws LoginException { + // TODO check permission? + return true; + } + + @Override + public boolean commit() throws LoginException { + subject.getPrincipals().add(new SystemAuth()); + return true; + } + + @Override + public boolean abort() throws LoginException { + return true; + } + + @Override + public boolean logout() throws LoginException { + // remove ALL credentials (e.g. additional Jackrabbit credentials) + subject.getPrincipals().clear(); + return true; + } + +} diff --git a/org.argeo.security.core/bnd.bnd b/org.argeo.security.core/bnd.bnd index 6bee2a949..7c2da3ae3 100644 --- a/org.argeo.security.core/bnd.bnd +++ b/org.argeo.security.core/bnd.bnd @@ -1,7 +1,5 @@ Import-Package:org.bouncycastle.*;resolution:=optional,\ bitronix.tm.*;resolution:=optional,\ -javax.jcr.security,\ org.apache.commons.codec,\ org.apache.commons.codec.digest,\ -org.springframework.core,\ * diff --git a/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java b/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java deleted file mode 100644 index 81eeadf21..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/AbstractSystemExecution.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.core; - -import javax.security.auth.Subject; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.ArgeoException; - -/** Provides base method for executing code with system authorization. */ -public abstract class AbstractSystemExecution { - private final static Log log = LogFactory - .getLog(AbstractSystemExecution.class); - private final Subject subject = new Subject(); - - private final String loginModule = "SYSTEM"; - - /** - * Authenticate the calling thread to the underlying - * {@link AuthenticationManager} - */ - protected void authenticateAsSystem() { - try { - LoginContext lc = new LoginContext(loginModule, subject); - lc.login(); - } catch (LoginException e) { - throw new ArgeoException("Cannot login as system", e); - } - if (log.isTraceEnabled()) - log.trace("System authenticated"); - } - - protected void deauthenticateAsSystem() { - try { - LoginContext lc = new LoginContext(loginModule, subject); - lc.logout(); - } catch (LoginException e) { - throw new ArgeoException("Cannot logout as system", e); - } - } - - protected Subject getSubject() { - return subject; - } -} diff --git a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java b/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java deleted file mode 100644 index aa3827c92..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/AuthenticatedApplicationContextInitialization.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.core; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.Subject; - -import org.eclipse.gemini.blueprint.context.DependencyInitializationAwareBeanPostProcessor; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.support.AbstractBeanFactory; -import org.springframework.beans.factory.support.SecurityContextProvider; -import org.springframework.beans.factory.support.SimpleSecurityContextProvider; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; - -/** - * Executes with a system authentication the instantiation and initialization - * methods of the application context where it has been defined. - */ -public class AuthenticatedApplicationContextInitialization extends - AbstractSystemExecution implements - DependencyInitializationAwareBeanPostProcessor, ApplicationContextAware { - /** If non empty, restricts to these beans */ - private List beanNames = new ArrayList(); - - public Object postProcessBeforeInitialization(Object bean, String beanName) - throws BeansException { - if (beanNames.size() == 0 || beanNames.contains(beanName)) - authenticateAsSystem(); - return bean; - } - - public Object postProcessAfterInitialization(Object bean, String beanName) - throws BeansException { - if (beanNames.size() == 0 || beanNames.contains(beanName)) - deauthenticateAsSystem(); - return bean; - } - - public void setBeanNames(List beanNames) { - this.beanNames = beanNames; - } - - @Override - public void setApplicationContext(ApplicationContext applicationContext) - throws BeansException { - if (applicationContext.getAutowireCapableBeanFactory() instanceof AbstractBeanFactory) { - final AbstractBeanFactory beanFactory = ((AbstractBeanFactory) applicationContext - .getAutowireCapableBeanFactory()); - // retrieve subject's access control context - // and set it as the bean factory security context - Subject.doAs(getSubject(), new PrivilegedAction() { - @Override - public Void run() { - SecurityContextProvider scp = new SimpleSecurityContextProvider( - AccessController.getContext()); - beanFactory.setSecurityContextProvider(scp); - return null; - } - }); - } - } -} diff --git a/org.argeo.security.core/src/org/argeo/security/core/OsgiModuleLabel.java b/org.argeo.security.core/src/org/argeo/security/core/OsgiModuleLabel.java deleted file mode 100644 index 45c9e16b0..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/OsgiModuleLabel.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.argeo.security.core; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.osgi.framework.Bundle; -import org.osgi.framework.BundleContext; -import org.osgi.framework.Constants; - -/** - * Logs the name and version of an OSGi bundle based on its - * {@link BundleContext}. - */ -public class OsgiModuleLabel { - private final static Log log = LogFactory.getLog(OsgiModuleLabel.class); - - private Bundle bundle; - - public OsgiModuleLabel() { - } - - /** Sets without logging. */ - public OsgiModuleLabel(Bundle bundle) { - this.bundle = bundle; - } - - /** - * Retrieved bundle from a bundle context and logs it. Typically to be set - * as a Spring bean. - */ - public void setBundleContext(BundleContext bundleContext) { - this.bundle = bundleContext.getBundle(); - log.info(msg()); - } - - public String msg() { - String name = bundle.getHeaders().get(Constants.BUNDLE_NAME).toString(); - String symbolicName = bundle.getSymbolicName(); - String version = bundle.getVersion().toString(); - return name + " v" + version + " (" + symbolicName + ")"; - } -} diff --git a/org.argeo.security.core/src/org/argeo/security/core/SimpleRoleRegistration.java b/org.argeo.security.core/src/org/argeo/security/core/SimpleRoleRegistration.java deleted file mode 100644 index 4d107dabb..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/SimpleRoleRegistration.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.argeo.security.core; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.naming.InvalidNameException; -import javax.naming.ldap.LdapName; -import javax.transaction.UserTransaction; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.ArgeoException; -import org.osgi.service.useradmin.Role; -import org.osgi.service.useradmin.UserAdmin; - -/** - * Register one or many roles via a user admin service. Does nothing if the role - * is already registered. - */ -public class SimpleRoleRegistration implements Runnable { - private final static Log log = LogFactory - .getLog(SimpleRoleRegistration.class); - - private String role; - private List roles = new ArrayList(); - private UserAdmin userAdmin; - private UserTransaction userTransaction; - - @Override - public void run() { - try { - userTransaction.begin(); - if (role != null && !roleExists(role)) - newRole(toDn(role)); - - for (String r : roles) - if (!roleExists(r)) - newRole(toDn(r)); - userTransaction.commit(); - } catch (Exception e) { - try { - userTransaction.rollback(); - } catch (Exception e1) { - log.error("Cannot rollback", e1); - } - throw new ArgeoException("Cannot add roles", e); - } - } - - private boolean roleExists(String role) { - return userAdmin.getRole(toDn(role).toString()) != null; - } - - protected void newRole(LdapName r) { - userAdmin.createRole(r.toString(), Role.GROUP); - log.info("Added role " + r + " required by application."); - } - - public void register(UserAdmin userAdminService, Map properties) { - this.userAdmin = userAdminService; - run(); - } - - protected LdapName toDn(String name) { - try { - return new LdapName("cn=" + name + ",ou=roles,ou=node"); - } catch (InvalidNameException e) { - throw new ArgeoException("Badly formatted role name " + name, e); - } - } - - public void setRole(String role) { - this.role = role; - } - - public void setRoles(List roles) { - this.roles = roles; - } - - public void setUserAdmin(UserAdmin userAdminService) { - this.userAdmin = userAdminService; - } - - public void setUserTransaction(UserTransaction userTransaction) { - this.userTransaction = userTransaction; - } - -} diff --git a/org.argeo.security.core/src/org/argeo/security/core/SystemLoginModule.java b/org.argeo.security.core/src/org/argeo/security/core/SystemLoginModule.java deleted file mode 100644 index a1d68b376..000000000 --- a/org.argeo.security.core/src/org/argeo/security/core/SystemLoginModule.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.argeo.security.core; - -import java.util.Map; - -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.LoginException; -import javax.security.auth.spi.LoginModule; - -import org.argeo.security.SystemAuth; - -public class SystemLoginModule implements LoginModule { - private Subject subject; - - @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { - this.subject = subject; - } - - @Override - public boolean login() throws LoginException { - // TODO check permission? - return true; - } - - @Override - public boolean commit() throws LoginException { - subject.getPrincipals().add(new SystemAuth()); - return true; - } - - @Override - public boolean abort() throws LoginException { - return true; - } - - @Override - public boolean logout() throws LoginException { - // remove ALL credentials (e.g. additional Jackrabbit credentials) - subject.getPrincipals().clear(); - return true; - } - -}