You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/05/08 17:04:25 UTC
svn commit: r1335561 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
api/ core/ spi/security/ spi/security/authentication/
Author: angela
Date: Tue May 8 15:04:25 2012
New Revision: 1335561
URL: http://svn.apache.org/viewvc?rev=1335561&view=rev
Log:
OAK-91 - Implement Authentication Support (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CallbackHandlerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCallback.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/LoginModuleImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/ContentRepository.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/ContentRepository.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/ContentRepository.java?rev=1335561&r1=1335560&r2=1335561&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/ContentRepository.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/ContentRepository.java Tue May 8 15:04:25 2012
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.api;
+import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
import javax.security.auth.login.LoginException;
@@ -25,7 +26,7 @@ import javax.security.auth.login.LoginEx
* <p>
* All access to the repository happens through authenticated
* {@link ContentSession} instances acquired through the
- * {@link #login(Object, String)} method, which is why that is the only
+ * {@link #login(Credentials, String)} method, which is why that is the only
* method of this interface.
* <p>
* Starting and stopping ContentRepository instances is the responsibility
@@ -75,7 +76,7 @@ public interface ContentRepository {
* @throws LoginException if authentication failed
* @throws NoSuchWorkspaceException
*/
- ContentSession login(Object credentials, String workspaceName)
+ ContentSession login(Credentials credentials, String workspaceName)
throws LoginException, NoSuchWorkspaceException;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1335561&r1=1335560&r2=1335561&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Tue May 8 15:04:25 2012
@@ -23,6 +23,8 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
+import org.apache.jackrabbit.oak.spi.security.authentication.CallbackHandlerImpl;
+import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationImpl;
import org.apache.jackrabbit.oak.query.QueryEngineImpl;
import org.apache.jackrabbit.oak.spi.QueryIndexProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -30,9 +32,10 @@ import org.apache.jackrabbit.oak.spi.sta
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.GuestCredentials;
+import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
-import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
/**
@@ -42,26 +45,26 @@ import javax.security.auth.login.LoginEx
public class ContentRepositoryImpl implements ContentRepository {
/** Logger instance */
- private static final Logger LOG =
- LoggerFactory.getLogger(ContentRepositoryImpl.class);
+ private static final Logger LOG = LoggerFactory.getLogger(ContentRepositoryImpl.class);
// TODO: retrieve default wsp-name from configuration
private static final String DEFAULT_WORKSPACE_NAME = "default";
+ private static final String APP_NAME = "jackrabbit.oak";
+
private final MicroKernel microKernel;
private final QueryEngine queryEngine;
private final NodeStore nodeStore;
+ private final Configuration authConfig;
+
/**
- * Utility constructor that creates a new in-memory repository for use
- * mostly in test cases.
+ * Utility constructor that creates a new in-memory repository with default
+ * query index provider. This constructor is intended to be used within
+ * test cases only.
*/
public ContentRepositoryImpl() {
- this(new MicroKernelImpl());
- }
-
- private ContentRepositoryImpl(MicroKernel mk) {
- this(mk, getDefaultIndexProvider(mk));
+ this(new MicroKernelImpl(), null);
}
/**
@@ -74,7 +77,11 @@ public class ContentRepositoryImpl imple
public ContentRepositoryImpl(MicroKernel mk, QueryIndexProvider indexProvider) {
microKernel = mk;
nodeStore = new KernelNodeStore(microKernel);
- queryEngine = new QueryEngineImpl(nodeStore, microKernel, indexProvider);
+ QueryIndexProvider qip = (indexProvider == null) ? getDefaultIndexProvider(microKernel) : indexProvider;
+ queryEngine = new QueryEngineImpl(nodeStore, microKernel, qip);
+
+ // TODO: use configurable authentication config
+ authConfig = new ConfigurationImpl();
// FIXME: workspace setup must be done elsewhere...
NodeState root = nodeStore.getRoot();
@@ -95,7 +102,7 @@ public class ContentRepositoryImpl imple
}
@Override
- public ContentSession login(Object credentials, String workspaceName)
+ public ContentSession login(Credentials credentials, String workspaceName)
throws LoginException, NoSuchWorkspaceException {
if (workspaceName == null) {
workspaceName = DEFAULT_WORKSPACE_NAME;
@@ -104,26 +111,14 @@ public class ContentRepositoryImpl imple
// TODO: add proper implementation
// TODO - authentication against configurable spi-authentication
// TODO - validation of workspace name (including access rights for the given 'user')
-
- final SimpleCredentials sc;
- if (credentials == null || credentials instanceof GuestCredentials) {
- sc = new SimpleCredentials("anonymous", new char[0]);
- } else if (credentials instanceof SimpleCredentials) {
- sc = (SimpleCredentials) credentials;
- } else {
- sc = null;
- }
-
- if (sc == null) {
- throw new LoginException("login failed");
- }
+ LoginContext loginContext = new LoginContext(APP_NAME, null, new CallbackHandlerImpl(credentials), authConfig);
+ loginContext.login();
NodeState wspRoot = nodeStore.getRoot().getChildNode(workspaceName);
if (wspRoot == null) {
throw new NoSuchWorkspaceException(workspaceName);
}
- return new ContentSessionImpl(sc, workspaceName, nodeStore, queryEngine);
+ return new ContentSessionImpl(loginContext, workspaceName, nodeStore, queryEngine);
}
-
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1335561&r1=1335560&r2=1335561&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Tue May 8 15:04:25 2012
@@ -27,7 +27,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.jcr.SimpleCredentials;
+import javax.security.auth.login.LoginContext;
import java.io.IOException;
+import java.util.Set;
/**
* {@link MicroKernel}-based implementation of the {@link ContentSession} interface.
@@ -38,15 +40,14 @@ class ContentSessionImpl implements Cont
private static final Logger log =
LoggerFactory.getLogger(ContentSessionImpl.class);
- private final SimpleCredentials credentials;
+ private final LoginContext loginContext;
private final String workspaceName;
private final NodeStore store;
private final QueryEngine queryEngine;
- public ContentSessionImpl(SimpleCredentials credentials, String workspaceName,
+ public ContentSessionImpl(LoginContext loginContext, String workspaceName,
NodeStore store, QueryEngine queryEngine) {
-
- this.credentials = credentials;
+ this.loginContext = loginContext;
this.workspaceName = workspaceName;
this.store = store;
this.queryEngine = queryEngine;
@@ -54,21 +55,23 @@ class ContentSessionImpl implements Cont
@Override
public AuthInfo getAuthInfo() {
- // todo implement getAuthInfo
+ // todo implement properly with extension point or pass it with the constructor...
+ Set<SimpleCredentials> creds = loginContext.getSubject().getPublicCredentials(SimpleCredentials.class);
+ final SimpleCredentials sc = (creds.isEmpty()) ? new SimpleCredentials(null, new char[0]) : creds.iterator().next();
return new AuthInfo() {
@Override
- public String getUserID() {
- return credentials.getUserID();
+ public String getUserID() {
+ return sc.getUserID();
}
@Override
public String[] getAttributeNames() {
- return credentials.getAttributeNames();
+ return sc.getAttributeNames();
}
@Override
public Object getAttribute(String attributeName) {
- return credentials.getAttribute(attributeName);
+ return sc.getAttribute(attributeName);
}
};
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CallbackHandlerImpl.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CallbackHandlerImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CallbackHandlerImpl.java Tue May 8 15:04:25 2012
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+/**
+ * CallbackHandlerImpl...
+ */
+public class CallbackHandlerImpl implements CallbackHandler {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(CallbackHandlerImpl.class);
+
+ private final Credentials credentials;
+
+ public CallbackHandlerImpl(Credentials credentials) {
+ this.credentials = credentials;
+ }
+
+ //----------------------------------------------------< CallbackHandler >---
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof CredentialsCallback) {
+ ((CredentialsCallback) callback).setCredentials(credentials);
+ } else if (callback instanceof NameCallback) {
+ ((NameCallback) callback).setName(getName());
+ } else if (callback instanceof PasswordCallback) {
+ ((PasswordCallback) callback).setPassword(getPassword());
+ } else if (callback instanceof ImpersonationCallback) {
+ ((ImpersonationCallback) callback).setImpersonator(getImpersonationSubject());
+ } else {
+ throw new UnsupportedCallbackException(callback);
+ }
+ }
+ }
+
+ //--------------------------------------------------------------------------
+
+ private String getName(){
+ if (credentials instanceof SimpleCredentials) {
+ return ((SimpleCredentials) credentials).getUserID();
+ } else {
+ return null;
+ }
+ }
+
+ private char[] getPassword() {
+ if (credentials instanceof SimpleCredentials) {
+ return ((SimpleCredentials) credentials).getPassword();
+ } else {
+ return null;
+ }
+ }
+
+ private Subject getImpersonationSubject() {
+ if (credentials instanceof ImpersonationCredentials) {
+ return ((ImpersonationCredentials) credentials).getImpersonatingSubject();
+ } else if (credentials instanceof SimpleCredentials) {
+ Object attr = ((SimpleCredentials) credentials).getAttribute(ImpersonationCredentials.IMPERSONATOR_ATTRIBUTE);
+ if (attr instanceof Subject) {
+ return (Subject) attr;
+ }
+ }
+
+ return null;
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationImpl.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ConfigurationImpl.java Tue May 8 15:04:25 2012
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import java.util.Collections;
+
+/**
+ * ConfigurationImpl...
+ */
+public class ConfigurationImpl extends Configuration {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(ConfigurationImpl.class);
+
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String s) {
+ // TODO
+ AppConfigurationEntry entry = new AppConfigurationEntry(LoginModuleImpl.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.<String, Object>emptyMap());
+ return new AppConfigurationEntry[] {entry};
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java Tue May 8 15:04:25 2012
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import javax.jcr.Credentials;
+import javax.security.auth.callback.Callback;
+import java.io.Serializable;
+
+/**
+ * Callback implementation to retrieve {@code Credentials}
+ */
+public class CredentialsCallback implements Callback, Serializable {
+
+ private Credentials credentials;
+
+ /**
+ * Get the retrieved credentials.
+ *
+ * @return the retrieved credentials (which may be null)
+ */
+ public Credentials getCredentials() {
+ return credentials;
+ }
+
+ /**
+ * Set the retrieved credentials.
+ *
+ * @param credentials the retrieved credentials (which may be null)
+ */
+ public void setCredentials(Credentials credentials) {
+ this.credentials = credentials;
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCallback.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCallback.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCallback.java Tue May 8 15:04:25 2012
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+/**
+ * Callback for a {@link javax.security.auth.callback.CallbackHandler} to ask
+ * for a the impersonating {@link javax.security.auth.Subject} to create a
+ * {@link javax.jcr.Session} to access the {@link javax.jcr.Repository}.
+ */
+public class ImpersonationCallback implements Callback {
+
+ /**
+ * The impersonating {@link javax.security.auth.Subject}.
+ */
+ private Subject impersonatingSubject;
+
+ /**
+ * Sets the impersonator in this callback.
+ *
+ * @param impersonatingSubject The impersonator to set on this callback.
+ */
+ public void setImpersonator(Subject impersonatingSubject) {
+ this.impersonatingSubject = impersonatingSubject;
+ }
+
+ /**
+ * Returns the impersonator {@link Subject} set on this callback or
+ * <code>null</code> if not set.
+ *
+ * @return the impersonator {@link Subject} set on this callback or
+ * <code>null</code> if not set.
+ */
+ public Subject getImpersonator() {
+ return impersonatingSubject;
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/ImpersonationCredentials.java Tue May 8 15:04:25 2012
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.security.auth.Subject;
+
+/**
+ * ImpersonationCredentials...
+ */
+public class ImpersonationCredentials {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(ImpersonationCredentials.class);
+
+ /**
+ * Constant for backwards compatibility with jackrabbit 2.x.
+ * It defines the name of the {@code SimpleCredentials} attribute where
+ * the {@code Subject} of the <i>impersonating</i> {@code Session}
+ * is stored.
+ *
+ * @see javax.jcr.Session#impersonate(javax.jcr.Credentials)
+ */
+ public static final String IMPERSONATOR_ATTRIBUTE = "org.apache.jackrabbit.core.security.impersonator";
+
+ private final String userID;
+ private Subject impersonatingSubject;
+
+ public ImpersonationCredentials(String userID) {
+ this.userID = userID;
+ }
+
+ public String getUserID() {
+ return userID;
+ }
+
+ public Subject getImpersonatingSubject() {
+ return impersonatingSubject;
+ }
+
+ public void setImpersonatingSubject(Subject impersonatingSubject) {
+ this.impersonatingSubject = impersonatingSubject;
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/LoginModuleImpl.java?rev=1335561&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/LoginModuleImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/LoginModuleImpl.java Tue May 8 15:04:25 2012
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Credentials;
+import javax.jcr.GuestCredentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * LoginModuleImpl...
+ */
+public class LoginModuleImpl implements LoginModule {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(LoginModuleImpl.class);
+
+ private Subject subject;
+ private CallbackHandler callbackHandler;
+
+ private Set<Credentials> credentials;
+
+ //--------------------------------------------------------< LoginModule >---
+ @Override
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
+ // TODO
+
+ this.subject = subject;
+ this.callbackHandler = callbackHandler;
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ // TODO
+ credentials = retrieveCredentials();
+ if (credentials.isEmpty()) {
+ credentials.add(new GuestCredentials());
+ }
+ return supportsCredentials(credentials);
+
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ // TODO
+
+ subject.getPublicCredentials().add(credentials);
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ // TODO
+ return true;
+ }
+
+ @Override
+ public boolean logout() throws LoginException {
+ // TODO
+ return true;
+ }
+
+ //--------------------------------------------------------------------------
+
+ private Set<Credentials> retrieveCredentials() {
+ Set<Credentials> credentials = new HashSet<Credentials>();
+
+ try {
+ CredentialsCallback callback = new CredentialsCallback();
+ callbackHandler.handle(new Callback[]{callback});
+ Credentials creds = callback.getCredentials();
+ if (creds != null) {
+ credentials.add(creds);
+ }
+ } catch (UnsupportedCallbackException e) {
+ log.warn(e.getMessage());
+ } catch (IOException e) {
+ log.error(e.getMessage());
+ }
+
+ if (credentials.isEmpty()) {
+ credentials.addAll(subject.getPublicCredentials(SimpleCredentials.class));
+ credentials.addAll(subject.getPublicCredentials(GuestCredentials.class));
+ }
+ return credentials;
+ }
+
+ private static boolean supportsCredentials(Set<Credentials> credentials) {
+ for (Credentials creds : credentials) {
+ if (creds instanceof SimpleCredentials) {
+ return true;
+ } else if (creds instanceof GuestCredentials) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
\ No newline at end of file