Integrate JCR security with Spring

git-svn-id: https://svn.argeo.org/commons/trunk@4097 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/pom.xml b/pom.xml
index d14a6de261066e7d4810ad1c9046882244d1a62b..d0dce8a2c63a3fffd3340aa4290d6922248106e7 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -18,9 +18,9 @@
                <version.argeo-commons>0.2.2-SNAPSHOT</version.argeo-commons>
                <version.argeo-ria>0.12.5</version.argeo-ria>
                <version.equinox>3.6.1</version.equinox>
-               <version.maven-argeo-osgi>0.1.30-SNAPSHOT</version.maven-argeo-osgi>
+               <version.maven-argeo-osgi>0.1.30</version.maven-argeo-osgi>
                <version.maven-bundle-plugin>2.0.1</version.maven-bundle-plugin>
-               <version.maven-argeo-qooxdoo>1.1.0</version.maven-argeo-qooxdoo>
+               <version.maven-argeo-qooxdoo>1.1.1</version.maven-argeo-qooxdoo>
                <site.repoBase>file:///srv/projects/www/commons/site</site.repoBase>
                <site.urlBase>http://projects.argeo.org/commons/site</site.urlBase>
        </properties>

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
index 4f82889dc944c4ee261e0374ca89ad4cded380be..47497d182c45a5bccba576a4585ddc621b7df188 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultArgeoSecurity.java
@@ -20,13 +20,25 @@ import org.argeo.security.ArgeoUser;
 import org.argeo.security.ArgeoSecurity;
 import org.argeo.security.nature.SimpleUserNature;
 
+/** Holds deployment specific security information. */
 public class DefaultArgeoSecurity implements ArgeoSecurity {
        private String superUsername = "root";
 
        public void beforeCreate(ArgeoUser user) {
-               SimpleUserNature simpleUserNature = new SimpleUserNature();
-               simpleUserNature.setLastName("empty");// to prevent issue with sn in LDAP
-               user.getUserNatures().put("simpleUserNature",simpleUserNature);
+               SimpleUserNature simpleUserNature;
+               try {
+                       simpleUserNature = SimpleUserNature
+                                       .findSimpleUserNature(user, null);
+               } catch (Exception e) {
+                       simpleUserNature = new SimpleUserNature();
+                       user.getUserNatures().put("simpleUserNature", simpleUserNature);
+               }
+
+               if (simpleUserNature.getLastName() == null
+                               || simpleUserNature.getLastName().equals(""))
+                       simpleUserNature.setLastName("empty");// to prevent issue with sn in
+                                                                                                       // LDAP
+
        }
 
        public String getSuperUsername() {

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
index ed2857ad5cf3112085dbb51e57b1b93627c49dad..ef044ce8b872e4ddbbc2bfa29a64bdab4ed9ec40 100644 (file)
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
@@ -23,6 +23,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import javax.jcr.LoginException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -82,19 +83,36 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
        }
 
        protected Session login() {
+               Session newSession = null;
+               // first try to login without credentials, assuming the underlying login
+               // module will have dealt with authentication (typically using Spring
+               // Security)
                try {
-                       SimpleCredentials sc = new SimpleCredentials(defaultUsername,
-                                       defaultPassword.toCharArray());
-                       Session sess = repository.login(sc);
-                       if (log.isTraceEnabled())
-                               log.trace("Log in to JCR session " + sess + "; userId="
-                                               + sess.getUserID());
-                       // Thread.dumpStack();
-                       activeSessions.add(sess);
-                       return sess;
-               } catch (RepositoryException e) {
-                       throw new ArgeoException("Cannot log in to repository", e);
+                       newSession = repository.login();
+               } catch (LoginException e1) {
+                       log.warn("Cannot login without credentials: " + e1.getMessage());
+                       // invalid credentials, go to the next step
+               } catch (RepositoryException e1) {
+                       // other kind of exception, fail
+                       throw new ArgeoException("Cannot log in to repository", e1);
                }
+
+               // log using default username / password (useful for testing purposes)
+               if (newSession == null)
+                       try {
+                               SimpleCredentials sc = new SimpleCredentials(defaultUsername,
+                                               defaultPassword.toCharArray());
+                               newSession = repository.login(sc);
+                       } catch (RepositoryException e) {
+                               throw new ArgeoException("Cannot log in to repository", e);
+                       }
+
+               // Log and monitor new session
+               if (log.isTraceEnabled())
+                       log.trace("Logged in to JCR session " + newSession + "; userId="
+                                       + newSession.getUserID());
+               activeSessions.add(newSession);
+               return newSession;
        }
 
        public Object getObject() {