Fix issues with admin

git-svn-id: https://svn.argeo.org/commons/trunk@5912 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
index b7b3bf3ee55ace2de2970e0631e68f63613a76be..3235e66f4c445c9c726aa9dd80fbaf9983fce1fe 100644 (file)
--- a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
+++ b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
@@ -19,15 +19,6 @@
                <property name="repository" ref="nodeRepository" />
                <property name="bundleContext" ref="bundleContext" />
        </bean>
-       <bean class="org.argeo.jackrabbit.JackrabbitAuthorizations"
-               init-method="run">
-               <property name="principalPrivileges">
-                       <map>
-                               <entry key="jcr:all" value="ROLE_ADMIN" />
-                       </map>
-               </property>
-               <property name="repository" ref="argeoDataModel" />
-       </bean>
 
        <bean id="jcrLdapSynchronizer" class="org.argeo.security.ldap.jcr.JcrLdapSynchronizer"
                init-method="init" destroy-method="destroy" depends-on="argeoDataModel">

diff --git a/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml b/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
index 188476c511c5b0e7ba0c3951f25925687136b062..3d94f502d4aa7fe3f98c2934ef6a679e03065691 100644 (file)
--- a/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
+++ b/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
@@ -22,15 +22,6 @@
                <property name="repository" ref="nodeRepository" />
                <property name="bundleContext" ref="bundleContext" />
        </bean>
-       <bean class="org.argeo.jackrabbit.JackrabbitAuthorizations"
-               init-method="run">
-               <property name="principalPrivileges">
-                       <map>
-                               <entry key="jcr:all" value="ROLE_ADMIN" />
-                       </map>
-               </property>
-               <property name="repository" ref="argeoDataModel" />
-       </bean>
 
        <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
                <property name="providers">

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index 3250a2b16554273a7bc92d8aa01db6fd7ae83e1a..43c54408390bb619490bfe392be40a4e108eee88 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -39,7 +39,7 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
 
 /** Jackrabbit login mechanism based on Spring Security */
 public class ArgeoLoginModule extends AbstractLoginModule {
-       // private String adminRole = "ROLE_ADMIN";
+       private String adminRole = "ROLE_ADMIN";
 
        @SuppressWarnings("unused")
        @Override
@@ -100,8 +100,8 @@ public class ArgeoLoginModule extends AbstractLoginModule {
                        for (GrantedAuthority ga : authen.getAuthorities()) {
                                principals.add(new GrantedAuthorityPrincipal(ga));
                                // FIXME: make it more generic
-                               // if (adminRole.equals(ga.getAuthority()))
-                               // principals.add(new AdminPrincipal(authen.getName()));
+                               if (adminRole.equals(ga.getAuthority()))
+                                       principals.add(new AdminPrincipal(authen.getName()));
                        }
                }
 

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index 9a06e349d8903bb06233ba36c94e9c5a7158fee1..3450c75d8dbd51f9e9418814a82023e8cdd4a205 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -41,6 +41,7 @@ import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** Integrates Spring Security and Jackrabbit Security users and roles. */
 public class ArgeoSecurityManager extends DefaultSecurityManager {
@@ -81,8 +82,14 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
        @Override
        public String getUserID(Subject subject, String workspaceName)
                        throws RepositoryException {
-               if (!synchronize)
-                       return super.getUserID(subject, workspaceName);
+               if (!synchronize) {
+                       Authentication authentication = SecurityContextHolder.getContext()
+                                       .getAuthentication();
+                       if (authentication != null)
+                               return authentication.getName();
+                       else
+                               return super.getUserID(subject, workspaceName);
+               }
 
                if (log.isTraceEnabled())
                        log.trace(subject);