From 0fdd8fe42a833a3f26de35a2d47b63c0c75d2ae1 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 13 Feb 2015 23:43:08 +0000 Subject: [PATCH] Remove legacy code git-svn-id: https://svn.argeo.org/commons/trunk@7860 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../jackrabbit/ArgeoSecurityManager.java | 127 +----------------- .../jackrabbit/ArgeoSystemPrincipal.java | 51 ------- 2 files changed, 5 insertions(+), 173 deletions(-) delete mode 100644 org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSystemPrincipal.java diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 8d03a205d..c4f95458b 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -16,49 +16,23 @@ package org.argeo.security.jackrabbit; import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; import java.util.Set; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.security.auth.Subject; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.DefaultSecurityManager; import org.apache.jackrabbit.core.security.AMContext; import org.apache.jackrabbit.core.security.AccessManager; -import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; /** Integrates Spring Security and Jackrabbit Security users and roles. */ public class ArgeoSecurityManager extends DefaultSecurityManager { - /** Legacy security sync */ - final static String PROPERTY_JACKRABBIT_SECURITY_SYNC_1_1 = "argeo.jackarabbit.securitySync.1.1"; - - private final static Log log = LogFactory - .getLog(ArgeoSecurityManager.class); - - private static Boolean synchronize = Boolean.parseBoolean(System - .getProperty(PROPERTY_JACKRABBIT_SECURITY_SYNC_1_1, "false")); - - /** TODO? use a bounded buffer */ - private Map userRolesCache = Collections - .synchronizedMap(new HashMap()); - @Override public AccessManager getAccessManager(Session session, AMContext amContext) throws RepositoryException { @@ -83,103 +57,12 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { @Override public String getUserID(Subject subject, String workspaceName) throws RepositoryException { - if (!synchronize) { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - if (authentication != null) - return authentication.getName(); - else - return super.getUserID(subject, workspaceName); - } - - if (log.isTraceEnabled()) - log.trace(subject); - // skip anonymous user (no rights) - if (!subject.getPrincipals(AnonymousPrincipal.class).isEmpty()) + Authentication authentication = SecurityContextHolder.getContext() + .getAuthentication(); + if (authentication != null) + return authentication.getName(); + else return super.getUserID(subject, workspaceName); - // skip Jackrabbit system user (all rights) - // if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty()) - // return super.getUserID(subject, workspaceName); - - // retrieve Spring authentication from JAAS - // TODO? use Spring Security context holder - Authentication authen; - Set authens = subject - .getPrincipals(Authentication.class); - String userId = super.getUserID(subject, workspaceName); - if (authens.size() == 0) { - // make sure that logged-in user has a Principal, useful for testing - // using an admin user - UserManager systemUm = getSystemUserManager(null); - if (systemUm.getAuthorizable(userId) == null) - systemUm.createUser(userId, ""); - } else {// Spring Security - authen = authens.iterator().next(); - - if (!userId.equals(authen.getName())) - log.warn("User ID is '" + userId + "' but authen is " - + authen.getName()); - StringBuffer roles = new StringBuffer(""); - Collection authorities = authen - .getAuthorities(); - for (GrantedAuthority ga : authorities) { - roles.append(ga.toString()); - } - - // do not sync if not changed - if (userRolesCache.containsKey(userId) - && userRolesCache.get(userId).equals(roles.toString())) - return userId; - - // sync Spring and Jackrabbit - // workspace is irrelevant here - UserManager systemUm = getSystemUserManager(null); - syncSpringAndJackrabbitSecurity(systemUm, authen); - userRolesCache.put(userId, roles.toString()); - } - return userId; - } - - /** - * Make sure that the Jackrabbit security model contains this user and its - * granted authorities - */ - static private void syncSpringAndJackrabbitSecurity(UserManager systemUm, - Authentication authen) throws RepositoryException { - long begin = System.currentTimeMillis(); - - String userId = authen.getName(); - User user = (User) systemUm.getAuthorizable(userId); - if (user == null) { - user = systemUm.createUser(userId, authen.getCredentials() - .toString(), authen, null); - log.info(userId + " added as " + user); - } - - // process groups - List userGroupIds = new ArrayList(); - for (GrantedAuthority ga : authen.getAuthorities()) { - Group group = (Group) systemUm.getAuthorizable(ga.getAuthority()); - if (group == null) { - group = systemUm.createGroup(ga.getAuthority()); - log.info(ga.getAuthority() + " added as " + group); - } - if (!group.isMember(user)) - group.addMember(user); - userGroupIds.add(ga.getAuthority()); - } - - // check if user has not been removed from some groups - for (Iterator it = user.declaredMemberOf(); it.hasNext();) { - Group group = it.next(); - if (!userGroupIds.contains(group.getID())) - group.removeMember(user); - } - - if (log.isTraceEnabled()) - log.trace("Spring and Jackrabbit Security synchronized for user " - + userId + " in " + (System.currentTimeMillis() - begin) - + " ms"); } @Override diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSystemPrincipal.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSystemPrincipal.java deleted file mode 100644 index 4f22ac8ca..000000000 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/ArgeoSystemPrincipal.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.jackrabbit; - -import java.security.Principal; - -/** Principal for non-interactive system actions. */ -@Deprecated -class ArgeoSystemPrincipal implements Principal { - private String name; - - public ArgeoSystemPrincipal(String name) { - super(); - this.name = name; - } - - public String getName() { - return name; - } - - @Override - public int hashCode() { - return getName().hashCode(); - } - - @Override - public boolean equals(Object obj) { - if (!(obj instanceof ArgeoSystemPrincipal)) - return false; - return getName().equals(((ArgeoSystemPrincipal) obj).getName()); - } - - @Override - public String toString() { - return "Argeo System (non interactive) name=" + getName(); - } - -} -- 2.30.2