Example 1 with AuthContextProvider
use of org.apache.jackrabbit.core.security.authentication.AuthContextProvider in project jackrabbit by apache.
the class SimpleSecurityManager method init.
//------------------------------------------< JackrabbitSecurityManager >---
/**
* @see JackrabbitSecurityManager#init(Repository, Session)
*/
public void init(Repository repository, Session systemSession) throws RepositoryException {
if (initialized) {
throw new IllegalStateException("already initialized");
}
if (!(repository instanceof RepositoryImpl)) {
throw new RepositoryException("RepositoryImpl expected");
}
this.systemSession = systemSession;
config = ((RepositoryImpl) repository).getConfig().getSecurityConfig();
// read the LoginModule configuration
LoginModuleConfig loginModConf = config.getLoginModuleConfig();
authCtxProvider = new AuthContextProvider(config.getAppName(), loginModConf);
if (authCtxProvider.isLocal()) {
log.info("init: using Repository LoginModule configuration for " + config.getAppName());
} else if (authCtxProvider.isJAAS()) {
log.info("init: using JAAS LoginModule configuration for " + config.getAppName());
} else {
String msg = "No valid LoginModule configuriation for " + config.getAppName();
log.error(msg);
throw new RepositoryException(msg);
}
Properties[] moduleConfig = authCtxProvider.getModuleConfig();
// retrieve default-ids (admin and anonymous) from login-module-configuration.
for (Properties aModuleConfig1 : moduleConfig) {
if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
if (adminID == null) {
log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
adminID = SecurityConstants.ADMIN_ID;
}
if (anonymID == null) {
log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
anonymID = SecurityConstants.ANONYMOUS_ID;
}
// most simple principal provider registry, that does not read anything
// from configuration
PrincipalProvider principalProvider = new SimplePrincipalProvider();
// skip init of provider (nop)
principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
// register all configured principal providers.
for (Properties aModuleConfig : moduleConfig) {
principalProviderRegistry.registerProvider(aModuleConfig);
}
SecurityManagerConfig smc = config.getSecurityManagerConfig();
if (smc != null && smc.getWorkspaceAccessConfig() != null) {
workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
} else {
// fallback -> the default simple implementation
log.debug("No WorkspaceAccessManager configured; using default.");
workspaceAccessManager = new SimpleWorkspaceAccessManager();
}
workspaceAccessManager.init(systemSession);
initialized = true;
}
Also used :
PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider)
RepositoryException(javax.jcr.RepositoryException)
Properties(java.util.Properties)
AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider)
LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig)
RepositoryImpl(org.apache.jackrabbit.core.RepositoryImpl)
SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig)
WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)
ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)
Example 2 with AuthContextProvider
use of org.apache.jackrabbit.core.security.authentication.AuthContextProvider in project jackrabbit by apache.
the class UserPerWorkspaceSecurityManager method getPrincipalProviderRegistry.
private PrincipalProviderRegistry getPrincipalProviderRegistry(SessionImpl s) throws RepositoryException {
String wspName = s.getWorkspace().getName();
synchronized (monitor) {
PrincipalProviderRegistry p = ppRegistries.get(wspName);
if (p == null) {
SystemSession systemSession;
if (s instanceof SystemSession) {
systemSession = (SystemSession) s;
} else {
RepositoryImpl repo = (RepositoryImpl) getRepository();
systemSession = repo.getSystemSession(wspName);
// TODO: review again... this workaround is used in several places.
repo.markWorkspaceActive(wspName);
}
Properties[] moduleConfig = new AuthContextProvider("", ((RepositoryImpl) getRepository()).getConfig().getSecurityConfig().getLoginModuleConfig()).getModuleConfig();
PrincipalProvider defaultPP = new DefaultPrincipalProvider(systemSession, (UserManagerImpl) getUserManager(systemSession));
boolean initialized = false;
for (Properties props : moduleConfig) {
//GRANITE-4470: apply config to DefaultPrincipalProvider if there is no explicit PrincipalProvider configured
if (!props.containsKey(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS) && props.containsKey(AbstractPrincipalProvider.MAXSIZE_KEY)) {
defaultPP.init(props);
initialized = true;
break;
}
}
if (!initialized) {
defaultPP.init(new Properties());
}
p = new WorkspaceBasedPrincipalProviderRegistry(defaultPP);
ppRegistries.put(wspName, p);
}
return p;
}
}
Also used :
DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)
AbstractPrincipalProvider(org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)
PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider)
DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)
Properties(java.util.Properties)
PrincipalProviderRegistry(org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)
AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider)
Example 3 with AuthContextProvider
use of org.apache.jackrabbit.core.security.authentication.AuthContextProvider in project jackrabbit by apache.
the class DefaultSecurityManager method init.
//------------------------------------------< JackrabbitSecurityManager >---
/**
* @see JackrabbitSecurityManager#init(Repository, Session)
*/
public synchronized void init(Repository repository, Session systemSession) throws RepositoryException {
if (initialized) {
throw new IllegalStateException("already initialized");
}
if (!(repository instanceof RepositoryImpl)) {
throw new RepositoryException("RepositoryImpl expected");
}
if (!(systemSession instanceof SystemSession)) {
throw new RepositoryException("SystemSession expected");
}
this.systemSession = (SystemSession) systemSession;
this.repository = (RepositoryImpl) repository;
SecurityConfig config = this.repository.getConfig().getSecurityConfig();
LoginModuleConfig loginModConf = config.getLoginModuleConfig();
// build AuthContextProvider based on appName + optional LoginModuleConfig
authContextProvider = new AuthContextProvider(config.getAppName(), loginModConf);
if (authContextProvider.isLocal()) {
log.info("init: use Repository Login-Configuration for " + config.getAppName());
} else if (authContextProvider.isJAAS()) {
log.info("init: use JAAS login-configuration for " + config.getAppName());
} else {
String msg = "Neither JAAS nor RepositoryConfig contained a valid configuration for " + config.getAppName();
log.error(msg);
throw new RepositoryException(msg);
}
Properties[] moduleConfig = authContextProvider.getModuleConfig();
// retrieve default-ids (admin and anonymous) from login-module-configuration.
for (Properties props : moduleConfig) {
if (props.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
adminId = props.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
if (props.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
anonymousId = props.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
if (adminId == null) {
log.debug("No adminID defined in LoginModule/JAAS config -> using default.");
adminId = SecurityConstants.ADMIN_ID;
}
if (anonymousId == null) {
log.debug("No anonymousID defined in LoginModule/JAAS config -> using default.");
anonymousId = SecurityConstants.ANONYMOUS_ID;
}
// create the system userManager and make sure the system-users exist.
systemUserManager = createUserManager(this.systemSession);
createSystemUsers(systemUserManager, this.systemSession, adminId, anonymousId);
// init default ac-provider-factory
acProviderFactory = new AccessControlProviderFactoryImpl();
acProviderFactory.init(this.systemSession);
// create the workspace access manager
SecurityManagerConfig smc = config.getSecurityManagerConfig();
if (smc != null && smc.getWorkspaceAccessConfig() != null) {
workspaceAccessManager = smc.getWorkspaceAccessConfig().newInstance(WorkspaceAccessManager.class);
} else {
// fallback -> the default implementation
log.debug("No WorkspaceAccessManager configured; using default.");
workspaceAccessManager = createDefaultWorkspaceAccessManager();
}
workspaceAccessManager.init(this.systemSession);
// initialize principal-provider registry
// 1) create default
PrincipalProvider defaultPP = createDefaultPrincipalProvider(moduleConfig);
// 2) create registry instance
principalProviderRegistry = new ProviderRegistryImpl(defaultPP);
// 3) register all configured principal providers.
for (Properties props : moduleConfig) {
principalProviderRegistry.registerProvider(props);
}
initialized = true;
}
Also used :
AbstractPrincipalProvider(org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)
DefaultPrincipalProvider(org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)
PrincipalProvider(org.apache.jackrabbit.core.security.principal.PrincipalProvider)
RepositoryException(javax.jcr.RepositoryException)
AccessControlProviderFactoryImpl(org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl)
Properties(java.util.Properties)
AuthContextProvider(org.apache.jackrabbit.core.security.authentication.AuthContextProvider)
SecurityConfig(org.apache.jackrabbit.core.config.SecurityConfig)
WorkspaceSecurityConfig(org.apache.jackrabbit.core.config.WorkspaceSecurityConfig)
LoginModuleConfig(org.apache.jackrabbit.core.config.LoginModuleConfig)
SecurityManagerConfig(org.apache.jackrabbit.core.config.SecurityManagerConfig)
WorkspaceAccessManager(org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)
ProviderRegistryImpl(org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)
Aggregations
Properties (java.util.Properties)3
AuthContextProvider (org.apache.jackrabbit.core.security.authentication.AuthContextProvider)3
PrincipalProvider (org.apache.jackrabbit.core.security.principal.PrincipalProvider)3
RepositoryException (javax.jcr.RepositoryException)2
LoginModuleConfig (org.apache.jackrabbit.core.config.LoginModuleConfig)2
SecurityManagerConfig (org.apache.jackrabbit.core.config.SecurityManagerConfig)2
WorkspaceAccessManager (org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager)2
AbstractPrincipalProvider (org.apache.jackrabbit.core.security.principal.AbstractPrincipalProvider)2
DefaultPrincipalProvider (org.apache.jackrabbit.core.security.principal.DefaultPrincipalProvider)2
ProviderRegistryImpl (org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl)2
RepositoryImpl (org.apache.jackrabbit.core.RepositoryImpl)1
SecurityConfig (org.apache.jackrabbit.core.config.SecurityConfig)1
WorkspaceSecurityConfig (org.apache.jackrabbit.core.config.WorkspaceSecurityConfig)1
AccessControlProviderFactoryImpl (org.apache.jackrabbit.core.security.authorization.AccessControlProviderFactoryImpl)1
PrincipalProviderRegistry (org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry)1
