<configuration>
<instructions>
<Export-Package>org.argeo.geotools.*</Export-Package>
+ <Import-Package>org.argeo.jcr.gis,*</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
- <!-- Geotools -->
+ <!-- JCR -->
+ <dependency>
+ <groupId>org.argeo.commons.server</groupId>
+ <artifactId>org.argeo.server.jcr</artifactId>
+ <version>${version.argeo-commons}</version>
+ </dependency>
+
+ <!-- Geotools, JTS, etc. -->
<dependency>
<groupId>org.argeo.dep.osgi</groupId>
<artifactId>org.argeo.dep.osgi.geotools</artifactId>
<groupId>org.argeo.dep.osgi</groupId>
<artifactId>org.argeo.dep.osgi.java3d</artifactId>
</dependency>
+ <!-- For EPSG database -->
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>com.springsource.org.hsqldb</artifactId>
+ </dependency>
<!-- Apache Commons -->
<dependency>
<groupId>org.apache.commons</groupId>
--- /dev/null
+package org.argeo.geotools;
+
+import java.io.IOException;
+
+import org.argeo.ArgeoException;
+import org.geotools.data.DataStore;
+import org.geotools.data.FeatureSource;
+import org.geotools.data.FeatureStore;
+import org.opengis.feature.simple.SimpleFeature;
+import org.opengis.feature.simple.SimpleFeatureType;
+import org.opengis.feature.type.Name;
+
+/** Utilities related to the GeoTools framework */
+public class GeoToolsUtils {
+
+ /** Opens a read/write feature store */
+ public static FeatureStore<SimpleFeatureType, SimpleFeature> getFeatureStore(
+ DataStore dataStore, Name name) {
+ FeatureSource<SimpleFeatureType, SimpleFeature> featureSource;
+ try {
+ featureSource = dataStore.getFeatureSource(name);
+ } catch (IOException e) {
+ throw new ArgeoException("Cannot open feature source " + name
+ + " in data store " + dataStore, e);
+ }
+ if (!(featureSource instanceof FeatureStore)) {
+ throw new ArgeoException("Feature source " + name
+ + " is not writable.");
+ }
+ return (FeatureStore<SimpleFeatureType, SimpleFeature>) featureSource;
+ }
+
+ /** Creates the provided schema in the data store. */
+ public static void createSchemaIfNeeded(DataStore dataStore,
+ SimpleFeatureType featureType) {
+ try {
+ dataStore.getSchema(featureType.getName());
+ } catch (IOException e) {
+ // assume it does not exist
+ try {
+ dataStore.createSchema(featureType);
+ } catch (IOException e1) {
+ throw new ArgeoException("Cannot create schema " + featureType,
+ e);
+ }
+ }
+ }
+}
--- /dev/null
+package org.argeo.geotools.jcr;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.jcr.Node;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.observation.Event;
+import javax.jcr.observation.EventIterator;
+import javax.jcr.observation.EventListener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.ArgeoException;
+import org.argeo.geotools.GeoToolsUtils;
+import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.gis.GisNames;
+import org.argeo.jcr.gis.GisTypes;
+import org.argeo.security.SystemExecutionService;
+import org.geotools.data.DataStore;
+import org.geotools.data.DefaultTransaction;
+import org.geotools.data.FeatureStore;
+import org.geotools.data.Transaction;
+import org.geotools.feature.FeatureCollection;
+import org.geotools.feature.FeatureCollections;
+import org.geotools.feature.simple.SimpleFeatureBuilder;
+import org.geotools.feature.simple.SimpleFeatureTypeBuilder;
+import org.geotools.filter.FilterFactoryImpl;
+import org.geotools.referencing.CRS;
+import org.opengis.feature.simple.SimpleFeature;
+import org.opengis.feature.simple.SimpleFeatureType;
+import org.opengis.filter.FilterFactory2;
+import org.opengis.filter.identity.FeatureId;
+import org.opengis.geometry.DirectPosition;
+import org.opengis.referencing.crs.CoordinateReferenceSystem;
+import org.opengis.referencing.operation.MathTransform;
+
+import com.vividsolutions.jts.geom.Coordinate;
+import com.vividsolutions.jts.geom.GeometryFactory;
+import com.vividsolutions.jts.geom.Point;
+
+public class GeoJcrIndex implements EventListener {
+ public final static SimpleFeatureType JCR_POINT;
+
+ final static String JCR_POINT_NAME = "JCR_POINT";
+ // PostGIS convention
+ final static String DEFAULT_GEOM_NAME = "the_geom";
+
+ private final static Log log = LogFactory.getLog(GeoJcrIndex.class);
+
+ static {
+ SimpleFeatureTypeBuilder builder = new SimpleFeatureTypeBuilder();
+ builder.setNamespaceURI(GisNames.GIS_NAMESPACE);
+ builder.setName(JCR_POINT_NAME);
+
+ builder.setDefaultGeometry(DEFAULT_GEOM_NAME);
+ builder.add(DEFAULT_GEOM_NAME, Point.class);
+
+ builder.add(JcrUtils.normalize(Property.JCR_UUID), String.class);
+ builder.add(JcrUtils.normalize(Property.JCR_PATH), String.class);
+ builder.add(JcrUtils.normalize(Property.JCR_PRIMARY_TYPE), String.class);
+ // mix:created
+ // builder.add(JcrUtils.normalize(Property.JCR_CREATED), Date.class);
+ // builder.add(JcrUtils.normalize(Property.JCR_CREATED_BY),
+ // String.class);
+ // mix:lastModified
+ builder.add(JcrUtils.normalize(Property.JCR_LAST_MODIFIED), Date.class);
+ builder.add(JcrUtils.normalize(Property.JCR_LAST_MODIFIED_BY),
+ String.class);
+
+ JCR_POINT = builder.buildFeatureType();
+ }
+
+ private DataStore dataStore;
+ private FeatureStore<SimpleFeatureType, SimpleFeature> pointsIndex;
+ private Session session;
+ private SystemExecutionService systemExecutionService;
+
+ // TODO: use common factory finder?
+ private FilterFactory2 ff = new FilterFactoryImpl();
+
+ // TODO: use finder?
+ private GeometryFactory geometryFactory = new GeometryFactory();
+
+ public void init() {
+ GeoToolsUtils.createSchemaIfNeeded(dataStore, JCR_POINT);
+ pointsIndex = GeoToolsUtils.getFeatureStore(dataStore,
+ JCR_POINT.getName());
+
+ systemExecutionService.executeAsSystem(new Runnable() {
+ public void run() {
+ try {
+ session.getWorkspace()
+ .getObservationManager()
+ .addEventListener(GeoJcrIndex.this,
+ Event.NODE_ADDED | Event.NODE_REMOVED, "/",
+ true, null,
+ new String[] { GisTypes.GIS_GEOMETRY },
+ false);
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot initialize GeoJcr index",
+ e);
+ }
+
+ }
+ });
+ }
+
+ public void dispose() {
+ }
+
+ public void onEvent(EventIterator events) {
+ FeatureCollection<SimpleFeatureType, SimpleFeature> pointsToAdd = FeatureCollections
+ .newCollection();
+ Set<FeatureId> pointsToRemove = new HashSet<FeatureId>();
+ while (events.hasNext()) {
+ Event event = events.nextEvent();
+ try {
+ Integer eventType = event.getType();
+ if (Event.NODE_ADDED == eventType) {
+ Node node = session.getNodeByIdentifier(event
+ .getIdentifier());
+ if (node.isNodeType(GisTypes.GIS_POINT)) {
+ Point point = nodeToPoint(node);
+ SimpleFeatureBuilder featureBuilder = new SimpleFeatureBuilder(
+ JCR_POINT);
+ featureBuilder.set(DEFAULT_GEOM_NAME, point);
+ mapNodeToFeature(node, featureBuilder);
+ pointsToAdd.add(featureBuilder.buildFeature(node
+ .getIdentifier()));
+ }
+ } else if (Event.NODE_REMOVED == eventType) {
+ String id = event.getIdentifier();
+ pointsToRemove.add(ff.featureId(id));
+ }
+ } catch (Exception e) {
+ log.error("Cannot process event " + event, e);
+ }
+ }
+
+ // persist
+ // TODO: this may be more optimal to persist in one single transaction,
+ // but we will loose modifications on all nodes if one fails
+ try {
+ Transaction transaction = new DefaultTransaction();
+ pointsIndex.setTransaction(transaction);
+ try {
+ // points
+ pointsIndex.addFeatures(pointsToAdd);
+ if (pointsToRemove.size() != 0)
+ pointsIndex.removeFeatures(ff.id(pointsToRemove));
+ transaction.commit();
+ } catch (Exception e) {
+ transaction.rollback();
+ throw new ArgeoException("Cannot persist changes", e);
+ } finally {
+ transaction.close();
+ }
+ } catch (ArgeoException e) {
+ throw e;
+ } catch (IOException e) {
+ throw new ArgeoException("Unexpected issue with the transaction", e);
+ }
+ }
+
+ protected void mapNodeToFeature(Node node,
+ SimpleFeatureBuilder featureBuilder) {
+ try {
+ featureBuilder.set(JcrUtils.normalize(Property.JCR_UUID),
+ node.getIdentifier());
+ featureBuilder.set(JcrUtils.normalize(Property.JCR_PATH),
+ node.getPath());
+ featureBuilder.set(JcrUtils.normalize(Property.JCR_PRIMARY_TYPE),
+ node.getPrimaryNodeType().getName());
+ if (node.hasProperty(Property.JCR_LAST_MODIFIED))
+ featureBuilder.set(
+ JcrUtils.normalize(Property.JCR_LAST_MODIFIED), node
+ .getProperty(Property.JCR_LAST_MODIFIED)
+ .getDate().getTime());
+ if (node.hasProperty(Property.JCR_LAST_MODIFIED_BY))
+ featureBuilder
+ .set(JcrUtils.normalize(Property.JCR_LAST_MODIFIED_BY),
+ node.getProperty(Property.JCR_LAST_MODIFIED_BY)
+ .getString());
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot map " + node + " to "
+ + featureBuilder.getFeatureType(), e);
+ }
+ }
+
+ /** Return the node as a point in the CRS of the related feature store. */
+ protected Point nodeToPoint(Node node) {
+ CoordinateReferenceSystem featureStoreCrs = pointsIndex.getSchema()
+ .getCoordinateReferenceSystem();
+ DirectPosition nodePosition = GeoJcrUtils.nodeToPosition(node);
+ CoordinateReferenceSystem nodeCrs = nodePosition
+ .getCoordinateReferenceSystem();
+
+ // transform if not same CRS
+ DirectPosition targetPosition;
+ if (!featureStoreCrs.getIdentifiers().contains(nodeCrs.getName())) {
+ MathTransform transform;
+ try {
+ transform = CRS.findMathTransform(nodeCrs, featureStoreCrs);
+ targetPosition = transform.transform(nodePosition, null);
+ } catch (Exception e) {
+ throw new ArgeoException("Cannot transform from " + nodeCrs
+ + " to " + featureStoreCrs, e);
+ }
+ } else {
+ targetPosition = nodePosition;
+ }
+ double[] coo = targetPosition.getCoordinate();
+ return geometryFactory.createPoint(new Coordinate(coo[0], coo[1]));
+ }
+
+ public void setDataStore(DataStore dataStore) {
+ this.dataStore = dataStore;
+ }
+
+ public void setSession(Session session) {
+ this.session = session;
+ }
+
+ public void setSystemExecutionService(
+ SystemExecutionService systemExecutionService) {
+ this.systemExecutionService = systemExecutionService;
+ }
+
+}
--- /dev/null
+package org.argeo.geotools.jcr;
+
+import javax.jcr.Node;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.argeo.ArgeoException;
+import org.argeo.jcr.gis.GisNames;
+import org.argeo.jcr.gis.GisTypes;
+import org.geotools.geometry.DirectPosition2D;
+import org.geotools.referencing.CRS;
+import org.opengis.geometry.DirectPosition;
+import org.opengis.referencing.crs.CoordinateReferenceSystem;
+
+import com.vividsolutions.jts.geom.Coordinate;
+import com.vividsolutions.jts.geom.Geometry;
+import com.vividsolutions.jts.geom.GeometryFactory;
+import com.vividsolutions.jts.geom.Point;
+
+/** Utilities to map JCR from/to JTS and GeoTools */
+public class GeoJcrUtils {
+ private final static Log log = LogFactory.getLog(GeoJcrUtils.class);
+
+ /** Transforms a geometry node into position within its CRS */
+ public static DirectPosition nodeToPosition(Node node) {
+ try {
+ if (node.isNodeType(GisTypes.GIS_POINT)) {
+ CoordinateReferenceSystem crs = getCoordinateReferenceSystem(node);
+ Point point = (Point) nodeToGeometry(node);
+ return new DirectPosition2D(crs, point.getX(), point.getY());
+ } else {
+ throw new ArgeoException(node + " is not of a supported type");
+ }
+ } catch (Exception e) {
+ throw new ArgeoException("Cannot extract position from " + node, e);
+ }
+ }
+
+ /** Transforms a geometry node into a JTS geometry. */
+ public static Geometry nodeToGeometry(Node node) {
+ try {
+ if (node.isNodeType(GisTypes.GIS_POINT)
+ || node.isNodeType(GisTypes.GIS_COORDINATE)) {
+ Coordinate coo;
+ if (node.hasProperty(GisNames.GIS_Z))
+ coo = new Coordinate(node.getProperty(GisNames.GIS_X)
+ .getDouble(), node.getProperty(GisNames.GIS_Y)
+ .getDouble(), node.getProperty(GisNames.GIS_Z)
+ .getDouble());
+ else
+ coo = new Coordinate(node.getProperty(GisNames.GIS_X)
+ .getDouble(), node.getProperty(GisNames.GIS_Y)
+ .getDouble());
+
+ // TODO: use factory finder
+ // GeometryFactory geometryFactory =
+ // JTSFactoryFinder.getGeometryFactory(null);
+ GeometryFactory geometryFactory = new GeometryFactory();
+ return geometryFactory.createPoint(coo);
+ } else {
+ throw new ArgeoException(node + " is not of a supported type");
+ }
+ } catch (Exception e) {
+ throw new ArgeoException("Cannot map " + node + " to a geometry", e);
+ }
+ }
+
+ /** Reads and interpret the coordinate reference system from a node. */
+ public static CoordinateReferenceSystem getCoordinateReferenceSystem(
+ Node node) {
+ try {
+ if (!node.isNodeType(GisTypes.GIS_GEOMETRY))
+ throw new ArgeoException(node + " is not of type "
+ + GisTypes.GIS_GEOMETRY);
+ // Coordinate reference system
+ String srs = node.getProperty(GisNames.GIS_SRS).getString();
+ CoordinateReferenceSystem crs;
+ try {
+ // first, try to decode an EPSG code
+ crs = CRS.decode(srs);
+ } catch (Exception e) {
+ // if it fails, try a WKT
+ try {
+ crs = CRS.parseWKT(srs);
+ } catch (Exception e1) {
+ // if it fails as well, log the error
+ log.error("Cannot parse WKT " + srs, e1);
+ // and then the previous error (probably more relevant)
+ throw e;
+ }
+ }
+ return crs;
+ } catch (Exception e) {
+ throw new ArgeoException(
+ "Cannot get coordinate reference system for " + node, e);
+ }
+ }
+}
<version>${version.argeo-commons}</version>
<type>pom</type>
</dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.activemq</artifactId>
+ <version>${version.argeo-commons}</version>
+ </dependency>
<!-- Jackrabbit -->
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.jackrabbit</artifactId>
<version>${version.argeo-commons}</version>
</dependency>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.jackrabbit</artifactId>
+ <version>${version.argeo-commons}</version>
+ </dependency>
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.jcr.mvc</artifactId>
org.springframework.beans.factory.config,
org.springframework.ldap.core.support,
org.springframework.security,
- org.springframework.security.adapters;specification-version="2.0.4.A",
org.springframework.security.ldap,
org.springframework.security.ldap.populator,
org.springframework.security.providers,
+ org.springframework.security.providers.encoding;specification-version="2.0.6.RELEASE",
org.springframework.security.providers.ldap,
org.springframework.security.providers.ldap.authenticator,
- org.springframework.security.providers.rememberme;specification-version="2.0.4.A",
org.springframework.security.userdetails,
org.springframework.security.userdetails.ldap
Bundle-Name: Security Manager LDAP
http://www.springframework.org/schema/beans \r
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
- <service ref="_authenticationManager"\r
- interface="org.springframework.security.AuthenticationManager"\r
- context-class-loader="service-provider" />\r
+ <!-- REFERENCES -->\r
+ <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper"\r
+ cardinality="0..N" />\r
\r
+ <!-- SERVICES -->\r
+ <service ref="passwordEncoder"\r
+ interface="org.springframework.security.providers.encoding.PasswordEncoder" />\r
+ <service ref="authenticationProvider"\r
+ interface="org.springframework.security.providers.AuthenticationProvider"\r
+ context-class-loader="service-provider" />\r
<service ref="securityDao" interface="org.argeo.security.ArgeoSecurityDao"\r
context-class-loader="service-provider" />\r
<service ref="userDetailsService"\r
interface="org.springframework.security.userdetails.UserDetailsService"\r
context-class-loader="service-provider" />\r
\r
- <list id="userNatureMappers" interface="org.argeo.security.ldap.UserNatureMapper"\r
- cardinality="0..N" />\r
-\r
<!-- Provides deserialization -->\r
<service interface="org.argeo.server.json.JsonObjectFactory">\r
<beans:bean class="org.argeo.server.json.JsonObjectFactoryImpl" />\r
</property>
</bean>
- <bean id="_authenticationManager" class="org.springframework.security.providers.ProviderManager">
- <property name="providers">
- <list>
- <bean class="org.springframework.security.adapters.AuthByAdapterProvider">
- <property name="key" value="${argeo.security.systemKey}" />
- </bean>
- <bean
- class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
- <property name="key" value="${argeo.security.systemKey}" />
- </bean>
- <ref bean="authenticationProvider" />
- </list>
- </property>
- </bean>
+ <bean id="passwordEncoder"
+ class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder" />
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
argeo.ldap.port=10389
argeo.ldap.manager.userdn=uid=admin,ou=system
argeo.ldap.manager.password=secret
-
-argeo.security.systemKey=argeo
Import-Package: org.argeo.security,
org.argeo.security.core,
org.springframework.beans.factory.config;specification-version="2.5.6.SEC01",
- org.springframework.security;specification-version="2.0.4.A"
+ org.springframework.security;specification-version="2.0.4.A",
+ org.springframework.security.adapters;specification-version="2.0.6.RELEASE",
+ org.springframework.security.providers;specification-version="2.0.6.RELEASE",
+ org.springframework.security.providers.encoding;specification-version="2.0.6.RELEASE",
+ org.springframework.security.providers.rememberme;specification-version="2.0.6.RELEASE"
Bundle-Name: Security Services
http://www.springframework.org/schema/beans \r
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">\r
\r
- <service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" />\r
+ <!-- REFERENCES -->\r
+ <reference id="passwordEncoder"\r
+ interface="org.springframework.security.providers.encoding.PasswordEncoder" />\r
\r
<reference id="securityDao" interface="org.argeo.security.ArgeoSecurityDao" />\r
- <reference id="authenticationManager" interface="org.springframework.security.AuthenticationManager" />\r
+\r
+ <reference id="authenticationProvider"\r
+ interface="org.springframework.security.providers.AuthenticationProvider" />\r
+\r
+ <!-- SERVICES -->\r
+ <service ref="securityService" interface="org.argeo.security.ArgeoSecurityService" />\r
+ <service ref="securityService" interface="org.argeo.security.CurrentUserService" />\r
+ <service ref="securityService" interface="org.argeo.security.UserAdminService" />\r
+ <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
+\r
+ <service ref="authenticationManager"\r
+ interface="org.springframework.security.AuthenticationManager" />\r
</beans:beans>
\ No newline at end of file
<bean id="securityService" class="org.argeo.security.core.DefaultSecurityService">
<property name="securityDao" ref="securityDao" />
+ <property name="passwordEncoder" ref="passwordEncoder" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
</bean>
+
+ <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
+ <property name="authenticationManager" ref="authenticationManager" />
+ <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
+ </bean>
+
+ <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
+ <property name="providers">
+ <list>
+ <bean class="org.springframework.security.adapters.AuthByAdapterProvider">
+ <property name="key" value="${argeo.security.systemKey}" />
+ </bean>
+ <bean
+ class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
+ <property name="key" value="${argeo.security.systemKey}" />
+ </bean>
+ <ref bean="authenticationProvider" />
+ </list>
+ </property>
+ </bean>
</beans>
\ No newline at end of file
</extension>
<extension
id="springLoginModule"
- point="org.eclipse.equinox.security.loginModule">
- name="Spring Login Module"
+ point="org.eclipse.equinox.security.loginModule"
+ name="Spring Login Module">
<loginModule
class="org.argeo.eclipse.spring.SpringExtensionFactory"
description="Spring Login Module">
import org.eclipse.ui.PlatformUI;
import org.eclipse.ui.application.WorkbenchAdvisor;
+/**
+ * Common base class for authenticated access to the Eclipse UI framework (RAP and
+ * RCP)
+ */
public abstract class AbstractSecureApplication implements IApplication {
private static final Log log = LogFactory
.getLog(AbstractSecureApplication.class);
protected abstract WorkbenchAdvisor createWorkbenchAdvisor();
- @SuppressWarnings("unchecked")
public Object start(IApplicationContext context) throws Exception {
Integer returnCode = null;
ErrorDialog.openError(null, "Error", "Shutdown...", status);
return status.getSeverity();
}
- if (log.isDebugEnabled())
- log.debug("Logged in as " + username);
+
returnCode = (Integer) Subject.doAs(subject, getRunAction(display));
SecureApplicationActivator.getLoginContext().logout();
return processReturnCode(returnCode);
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.nodeps</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<dependency>
<groupId>org.argeo.commons.security</groupId>
<artifactId>org.argeo.security.core</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<!-- Spring -->
<groupId>org.springframework.security</groupId>
<artifactId>org.springframework.security.core</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>org.springframework.transaction</artifactId>
+ </dependency>
<!-- Logging -->
<dependency>
<groupId>org.slf4j</groupId>
package org.argeo.security;
-import java.util.Set;
/**
* Access to the users and roles referential (dependent from the underlying
* storage, e.g. LDAP).
*/
-public interface ArgeoSecurityDao {
- // public ArgeoUser getCurrentUser();
-
- /** List all users */
- public Set<ArgeoUser> listUsers();
-
- /** List roles that can be modified */
- public Set<String> listEditableRoles();
-
- /**
- * Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
- * use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
- */
- public void createUser(ArgeoUser user);
-
- public void updateUser(ArgeoUser user);
-
- public void deleteUser(String username);
-
- /**
- * Creates a new role in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
- * use {@link ArgeoSecurityService#newRole(String)} instead.
- */
- public void createRole(String role, String superuserName);
-
- public void deleteRole(String role);
-
- /** List all users having this role. */
- public Set<ArgeoUser> listUsersInRole(String role);
-
- public Boolean userExists(String username);
-
- public ArgeoUser getUser(String username);
-
- public ArgeoUser getUserWithPassword(String username);
-
- public String getDefaultRole();
-
- /** Validates a raw password against an encoded one. */
- public Boolean isPasswordValid(String encoded, String raw);
-
- /** Encodes a raw password. */
- public String encodePassword(String raw);
+@Deprecated
+public interface ArgeoSecurityDao extends CurrentUserDao,UserAdminDao{
}
* High level access to the user referential (independent from the underlying
* storage).
*/
+@Deprecated
public interface ArgeoSecurityService extends CurrentUserService,
UserAdminService {
}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security;
+
+/**
+ * Access to user backend for the currently logged in user
+ */
+public interface CurrentUserDao {
+ public void updateUser(ArgeoUser user);
+
+ public String getDefaultRole();
+
+}
--- /dev/null
+package org.argeo.security;
+
+/**
+ * Marks a system authentication, that is which did not require a login process.
+ */
+public interface SystemAuthentication {
+
+}
--- /dev/null
+package org.argeo.security;
+
+import org.springframework.core.task.TaskExecutor;
+
+/**
+ * Allows to execute code authenticated as a system user (that is not a real
+ * person)
+ */
+public interface SystemExecutionService {
+ /**
+ * Executes this Runnable within a system authenticated context.
+ * Implementations should make sure that this method is properly secured via
+ * Java permissions since it could access to everything without credentials.
+ */
+ public void executeAsSystem(Runnable runnable);
+
+ public TaskExecutor createSystemAuthenticatedTaskExecutor();
+}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security;
+
+import java.util.Set;
+
+/**
+ * Access to the users and roles referential (dependent from the underlying
+ * storage, e.g. LDAP).
+ */
+public interface UserAdminDao{
+ /** List all users */
+ public Set<ArgeoUser> listUsers();
+
+ /** List roles that can be modified */
+ public Set<String> listEditableRoles();
+
+ /**
+ * Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
+ * use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
+ */
+ public void createUser(ArgeoUser user);
+
+ public void deleteUser(String username);
+
+ /**
+ * Creates a new role in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
+ * use {@link ArgeoSecurityService#newRole(String)} instead.
+ */
+ public void createRole(String role, String superuserName);
+
+ public void deleteRole(String role);
+
+ /** List all users having this role. */
+ public Set<ArgeoUser> listUsersInRole(String role);
+
+ public Boolean userExists(String username);
+
+ public ArgeoUser getUser(String username);
+
+ public ArgeoUser getUserWithPassword(String username);
+}
/*
* SYSTEM
*/
+ @Deprecated
+ /** @deprecated Use ${link SystemExecutionService} instead.*/
public Runnable wrapWithSystemAuthentication(final Runnable runnable);
}
--- /dev/null
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.argeo.security.core;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Map;
+import java.util.Random;
+
+import org.argeo.ArgeoException;
+import org.argeo.security.ArgeoUser;
+import org.argeo.security.CurrentUserDao;
+import org.argeo.security.CurrentUserService;
+import org.argeo.security.SimpleArgeoUser;
+import org.argeo.security.UserNature;
+import org.springframework.security.providers.encoding.PasswordEncoder;
+
+public class DefaultCurrentUserService implements CurrentUserService {
+ private CurrentUserDao currentUserDao;
+ private PasswordEncoder passwordEncoder;
+ private Random random;
+
+ public DefaultCurrentUserService() {
+ try {
+ random = SecureRandom.getInstance("SHA1PRNG");
+ } catch (NoSuchAlgorithmException e) {
+ random = new Random(System.currentTimeMillis());
+ }
+ }
+
+ public ArgeoUser getCurrentUser() {
+ ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
+ if (argeoUser == null)
+ return null;
+ if (argeoUser.getRoles().contains(currentUserDao.getDefaultRole()))
+ argeoUser.getRoles().remove(currentUserDao.getDefaultRole());
+ return argeoUser;
+ }
+
+ public void updateCurrentUserPassword(String oldPassword, String newPassword) {
+ SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
+ if (!passwordEncoder.isPasswordValid(user.getPassword(), oldPassword,
+ null))
+ throw new ArgeoException("Old password is not correct.");
+ user.setPassword(encodePassword(newPassword));
+ currentUserDao.updateUser(user);
+ }
+
+ protected String encodePassword(String password) {
+ byte[] salt = new byte[16];
+ random.nextBytes(salt);
+ return passwordEncoder.encodePassword(password, salt);
+ }
+
+ public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void setCurrentUserDao(CurrentUserDao dao) {
+ this.currentUserDao = dao;
+ }
+
+ public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
+ this.passwordEncoder = passwordEncoder;
+ }
+
+}
package org.argeo.security.core;
import java.util.Iterator;
-import java.util.Map;
import java.util.Set;
-import org.argeo.ArgeoException;
import org.argeo.security.ArgeoSecurity;
import org.argeo.security.ArgeoSecurityDao;
import org.argeo.security.ArgeoSecurityService;
import org.argeo.security.ArgeoUser;
import org.argeo.security.SimpleArgeoUser;
-import org.argeo.security.UserNature;
+import org.argeo.security.UserAdminService;
import org.springframework.core.task.SimpleAsyncTaskExecutor;
import org.springframework.core.task.TaskExecutor;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
-public class DefaultSecurityService implements ArgeoSecurityService {
+public class DefaultSecurityService extends DefaultCurrentUserService implements
+ UserAdminService, ArgeoSecurityService {
private ArgeoSecurity argeoSecurity = new DefaultArgeoSecurity();
private ArgeoSecurityDao securityDao;
private AuthenticationManager authenticationManager;
private String systemAuthenticationKey;
- public ArgeoUser getCurrentUser() {
- ArgeoUser argeoUser = ArgeoUserDetails.securityContextUser();
- if (argeoUser == null)
- return null;
- if (argeoUser.getRoles().contains(securityDao.getDefaultRole()))
- argeoUser.getRoles().remove(securityDao.getDefaultRole());
- return argeoUser;
- }
-
public ArgeoSecurityDao getSecurityDao() {
return securityDao;
}
public void updateUserPassword(String username, String password) {
SimpleArgeoUser user = new SimpleArgeoUser(
securityDao.getUser(username));
- user.setPassword(securityDao.encodePassword(password));
- securityDao.updateUser(user);
- }
-
- public void updateCurrentUserPassword(String oldPassword, String newPassword) {
- SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
- if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
- throw new ArgeoException("Old password is not correct.");
- user.setPassword(securityDao.encodePassword(newPassword));
+ user.setPassword(encodePassword(password));
securityDao.updateUser(user);
}
// normalize password
if (user instanceof SimpleArgeoUser) {
if (user.getPassword() == null || user.getPassword().equals(""))
- ((SimpleArgeoUser) user).setPassword(securityDao
- .encodePassword(user.getUsername()));
+ ((SimpleArgeoUser) user).setPassword(encodePassword(user
+ .getUsername()));
else if (!user.getPassword().startsWith("{"))
- ((SimpleArgeoUser) user).setPassword(securityDao
- .encodePassword(user.getPassword()));
+ ((SimpleArgeoUser) user).setPassword(encodePassword(user
+ .getPassword()));
}
securityDao.createUser(user);
}
password = securityDao.getUserWithPassword(user.getUsername())
.getPassword();
if (!password.startsWith("{"))
- password = securityDao.encodePassword(user.getPassword());
+ password = encodePassword(user.getPassword());
SimpleArgeoUser simpleArgeoUser = new SimpleArgeoUser(user);
simpleArgeoUser.setPassword(password);
securityDao.updateUser(simpleArgeoUser);
securityDao.deleteRole(role);
}
+ @Deprecated
public TaskExecutor createSystemAuthenticatedTaskExecutor() {
return new SimpleAsyncTaskExecutor() {
private static final long serialVersionUID = -8126773862193265020L;
* Wraps another runnable, adding security context <br/>
* TODO: secure the call to this method with Java Security
*/
+ @Deprecated
public Runnable wrapWithSystemAuthentication(final Runnable runnable) {
return new Runnable() {
return lst;
}
- public void updateCurrentUserNatures(Map<String, UserNature> userNatures) {
- // TODO Auto-generated method stub
-
- }
-
public Set<ArgeoUser> listUsers() {
return securityDao.listUsers();
}
public void setSecurityDao(ArgeoSecurityDao dao) {
this.securityDao = dao;
+ setCurrentUserDao(dao);
}
public void setAuthenticationManager(
package org.argeo.security.core;
+import org.argeo.security.SystemAuthentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.adapters.PrincipalSpringSecurityUserToken;
-public class InternalAuthentication extends PrincipalSpringSecurityUserToken {
+public class InternalAuthentication extends PrincipalSpringSecurityUserToken
+ implements SystemAuthentication {
private static final long serialVersionUID = -6783376375615949315L;
public final static String DEFAULT_SYSTEM_USERNAME = "system";
public final static String DEFAULT_SYSTEM_ROLE = "ROLE_SYSTEM";
--- /dev/null
+package org.argeo.security.core;
+
+import org.argeo.security.SystemExecutionService;
+import org.springframework.core.task.SimpleAsyncTaskExecutor;
+import org.springframework.core.task.TaskExecutor;
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.context.SecurityContext;
+import org.springframework.security.context.SecurityContextHolder;
+
+public class KeyBasedSystemExecutionService implements SystemExecutionService {
+ private AuthenticationManager authenticationManager;
+ private String systemAuthenticationKey;
+
+ public void executeAsSystem(Runnable runnable) {
+ wrapWithSystemAuthentication(runnable).run();
+ }
+
+ public TaskExecutor createSystemAuthenticatedTaskExecutor() {
+ return new SimpleAsyncTaskExecutor() {
+ private static final long serialVersionUID = -8126773862193265020L;
+
+ @Override
+ public Thread createThread(Runnable runnable) {
+ return super
+ .createThread(wrapWithSystemAuthentication(runnable));
+ }
+
+ };
+ }
+
+ protected Runnable wrapWithSystemAuthentication(final Runnable runnable) {
+ return new Runnable() {
+
+ public void run() {
+ SecurityContext securityContext = SecurityContextHolder
+ .getContext();
+ Authentication auth = authenticationManager
+ .authenticate(new InternalAuthentication(
+ systemAuthenticationKey));
+ securityContext.setAuthentication(auth);
+
+ runnable.run();
+ }
+ };
+ }
+
+ public void setAuthenticationManager(
+ AuthenticationManager authenticationManager) {
+ this.authenticationManager = authenticationManager;
+ }
+
+ public void setSystemAuthenticationKey(String systemAuthenticationKey) {
+ this.systemAuthenticationKey = systemAuthenticationKey;
+ }
+
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>org.argeo.security.jackrabbit</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.ManifestBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.pde.SchemaBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.pde.PluginNature</nature>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ </natures>
+</projectDescription>
--- /dev/null
+#Tue Mar 01 09:49:47 CET 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
--- /dev/null
+#Tue Mar 01 09:49:47 CET 2011
+eclipse.preferences.version=1
+pluginProject.extensions=false
+resolve.requirebundle=false
--- /dev/null
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+ .
--- /dev/null
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>runtime</artifactId>
+ <version>0.2.3-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+ <artifactId>org.argeo.security.jackrabbit</artifactId>
+ <name>Commons Security Jackrabbit</name>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>maven-bundle-plugin</artifactId>
+ <version>${version.maven-bundle-plugin}</version>
+ <configuration>
+ <instructions>
+ <Fragment-Host>org.argeo.dep.osgi.jackrabbit</Fragment-Host>
+ <Export-Package>org.argeo.security.jackrabbit.*</Export-Package>
+ </instructions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.argeo.commons.security</groupId>
+ <artifactId>org.argeo.security.core</artifactId>
+ <version>${version.argeo-commons}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.dep.osgi</groupId>
+ <artifactId>org.argeo.dep.osgi.jcr</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.argeo.dep.osgi</groupId>
+ <artifactId>org.argeo.dep.osgi.jackrabbit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>org.springframework.security.core</artifactId>
+ </dependency>
+ </dependencies>
+</project>
--- /dev/null
+package org.argeo.security.jackrabbit.spring;
+
+import java.security.Principal;
+
+import org.springframework.security.GrantedAuthority;
+
+/** Wraps a {@link GrantedAuthority} as a prin,cipal. */
+public class GrantedAuthorityPrincipal implements Principal {
+ private final GrantedAuthority grantedAuthority;
+
+ public GrantedAuthorityPrincipal(GrantedAuthority grantedAuthority) {
+ super();
+ this.grantedAuthority = grantedAuthority;
+ }
+
+ public String getName() {
+ return grantedAuthority.getAuthority();
+ }
+
+}
--- /dev/null
+package org.argeo.security.jackrabbit.spring;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.Credentials;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.core.security.AnonymousPrincipal;
+import org.apache.jackrabbit.core.security.authentication.AbstractLoginModule;
+import org.apache.jackrabbit.core.security.authentication.Authentication;
+import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
+import org.argeo.security.SystemAuthentication;
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.anonymous.AnonymousAuthenticationToken;
+
+public class SpringLoginModule extends AbstractLoginModule {
+
+ /**
+ * Returns the Spring {@link org.springframework.security.Authentication}
+ * (which can be null)
+ */
+ @Override
+ protected Principal getPrincipal(Credentials credentials) {
+ return SecurityContextHolder.getContext().getAuthentication();
+ }
+
+ protected Set<Principal> getPrincipals() {
+ // use linked HashSet instead of HashSet in order to maintain the order
+ // of principals (as in the Subject).
+ Set<Principal> principals = new LinkedHashSet<Principal>();
+ principals.add(principal);
+
+ org.springframework.security.Authentication authen = (org.springframework.security.Authentication) principal;
+
+ if (authen instanceof AnonymousAuthenticationToken)
+ principals.add(new AnonymousPrincipal());
+ if (authen instanceof SystemAuthentication)
+ principals.add(new AdminPrincipal(authen.getName()));
+
+ for (GrantedAuthority authority : authen.getAuthorities())
+ principals.add(new GrantedAuthorityPrincipal(authority));
+
+ return principals;
+ }
+
+ @SuppressWarnings("rawtypes")
+ @Override
+ protected void doInit(CallbackHandler callbackHandler, Session session,
+ Map options) throws LoginException {
+ }
+
+ @Override
+ protected boolean impersonate(Principal principal, Credentials credentials)
+ throws RepositoryException, LoginException {
+ throw new UnsupportedOperationException(
+ "Impersonation is not yet supported");
+ }
+
+ @Override
+ protected Authentication getAuthentication(Principal principal,
+ Credentials creds) throws RepositoryException {
+ if (principal instanceof Group) {
+ return null;
+ }
+ return new Authentication() {
+ public boolean canHandle(Credentials credentials) {
+ return true;
+ }
+
+ public boolean authenticate(Credentials credentials)
+ throws RepositoryException {
+ return true;
+ }
+ };
+ }
+
+}
import static org.argeo.security.core.ArgeoUserDetails.createSimpleArgeoUser;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.Collections;
import java.util.List;
-import java.util.Random;
import java.util.Set;
import java.util.TreeSet;
import org.argeo.security.ArgeoSecurityDao;
import org.argeo.security.ArgeoUser;
+import org.argeo.security.CurrentUserDao;
import org.argeo.security.SimpleArgeoUser;
+import org.argeo.security.UserAdminDao;
import org.argeo.security.core.ArgeoUserDetails;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
-import org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsManager;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.ldap.LdapUserDetailsService;
import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean {
+public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, CurrentUserDao,
+ UserAdminDao, InitializingBean {
// private final static Log log = LogFactory.getLog(UserDaoLdap.class);
private UserDetailsManager userDetailsManager;
private LdapUserDetailsService ldapUserDetailsService;
private List<UserNatureMapper> userNatureMappers;
- private LdapShaPasswordEncoder ldapShaPasswordEncoder = new LdapShaPasswordEncoder();
- private Random random;
-
public ArgeoSecurityDaoLdap(BaseLdapPathContextSource contextSource) {
this.contextSource = contextSource;
ldapTemplate = new LdapTemplate(this.contextSource);
- try {
- random = SecureRandom.getInstance("SHA1PRNG");
- } catch (NoSuchAlgorithmException e) {
- random = new Random(System.currentTimeMillis());
- }
}
public void afterPropertiesSet() throws Exception {
ldapTemplate.unbind(dn);
}
- public Boolean isPasswordValid(String encoded, String raw) {
- return ldapShaPasswordEncoder.isPasswordValid(encoded, raw, null);
- }
-
- public String encodePassword(String raw) {
- byte[] salt = null;
- // byte[] salt = new byte[16];
- // random.nextBytes(salt);
- return ldapShaPasswordEncoder.encodePassword(raw, salt);
- }
-
protected String convertRoleToGroup(String role) {
String group = role;
if (group.startsWith(rolePrefix)) {
<module>org.argeo.security.mvc</module>
<module>org.argeo.security.ldap</module>
<module>org.argeo.security.activemq</module>
+ <module>org.argeo.security.jackrabbit</module>
</modules>
<build>
<resources>
<artifactId>org.argeo.server.tika.jackrabbit</artifactId>
<version>${version.argeo-commons}</version>
</dependency>
+ <dependency>
+ <groupId>org.argeo.commons.server</groupId>
+ <artifactId>org.argeo.server.ext.jackrabbit</artifactId>
+ <version>${version.argeo-commons}</version>
+ </dependency>
<dependency>
<groupId>org.apache.xalan</groupId>
<artifactId>com.springsource.org.apache.xalan</artifactId>
Bundle-ManifestVersion: 2
Bundle-Name: Jackrabbit
Bundle-SymbolicName: org.argeo.server.ext.jackrabbit
-Bundle-Description: provides additional DLLs to Jackrabbit
+Bundle-Description: provides additional DLLs and imports to Jackrabbit
Bundle-Version: 0.2.3.SNAPSHOT
Fragment-Host: org.argeo.dep.osgi.jackrabbit
org.springframework.web.context,
org.xml.sax;version="0.0.0",
org.apache.jackrabbit.webdav.jcr,
- org.springframework.security.providers.jaas;resolution:="optional",
- junit.framework;resolution:="optional",
*
</Import-Package>
</instructions>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.nodeps</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.core</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.jcr.mvc</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<!-- Jackrabbit -->
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.dep.jackrabbit.server</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<type>pom</type>
</dependency>
<dependency>
<artifactId>org.springframework.web.servlet</artifactId>
</dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>org.springframework.security.core</artifactId>
- </dependency>
-
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>org.springframework.xml</artifactId>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.support.junit</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.dep.log4j</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<type>pom</type>
<scope>test</scope>
</dependency>
source.. = src/main/java/,\
src/test/java/,\
- src/test/resources/
-output.. = target/classes/
+ src/test/resources/,\
+ src/main/resources/
+output.. = target/classes/,\
+ target/test-classes/
bin.includes = META-INF/,\
.
additional.bundles = com.springsource.slf4j.api,\
<configuration>
<instructions>
<Export-Package>org.argeo.jcr.*</Export-Package>
+ <Import-Package>junit.framework;resolution:=optional,*</Import-Package>
</instructions>
</configuration>
</plugin>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.nodeps</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
</dependency>
<!-- JCR -->
<dependency>
<groupId>org.argeo.commons.server</groupId>
<artifactId>org.argeo.server.dep.jackrabbit.server</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<type>pom</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.support.junit</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.basic</groupId>
<artifactId>org.argeo.basic.dep.log4j</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<type>pom</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.argeo.commons.osgi</groupId>
<artifactId>org.argeo.osgi.boot</artifactId>
- <version>0.2.3-SNAPSHOT</version>
+ <version>${version.argeo-commons}</version>
<scope>test</scope>
</dependency>
</dependencies>
else
return baseRelPath + '/' + propertyName;
}
+
+ /**
+ * Normalize a name so taht it can be stores in contexts not supporting
+ * names with ':' (typically databases). Replaces ':' by '_'.
+ */
+ public static String normalize(String name) {
+ return name.replace(':', '_');
+ }
}
--- /dev/null
+package org.argeo.jcr.gis;
+
+/** JCR names in the http://www.argeo.org/gis namespace */
+public interface GisNames {
+ public final static String GIS_NAMESPACE = "http://www.argeo.org/gis";
+ public final static String GIS_ = "gis:";
+
+ public final static String GIS_SRS = "gis:srs";
+ public final static String GIS_X = "gis:x";
+ public final static String GIS_Y = "gis:y";
+ public final static String GIS_Z = "gis:z";
+}
--- /dev/null
+package org.argeo.jcr.gis;
+
+/** JCR types in the http://www.argeo.org/gis namespace */
+public interface GisTypes {
+ public final static String GIS_COORDINATE = "gis:coordinate";
+ public final static String GIS_GEOMETRY = "gis:geometry";
+ public final static String GIS_POINT = "gis:point";
+}
--- /dev/null
+<gis = 'http://www.argeo.org/gis'>
+
+// GEOMETRIES (based on JTS http://www.vividsolutions.com/jts/JTSHome.htm)
+[gis:coordinate] > nt:base
+mixin
+- gis:x (DOUBLE) m
+- gis:y (DOUBLE) m
+- gis:z (DOUBLE)
+
+[gis:geometry] > mix:created, mix:lastModified
+mixin
+// either an EPSG code (EPSG:4326 for WGS 84) or a WKT representation
+- gis:srs (STRING)
+
+[gis:point] > gis:geometry, gis:coordinate
+mixin