You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ch...@apache.org on 2015/12/01 07:40:03 UTC
svn commit: r1717383 - in
/jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee:
RepositorySecurityProvider.java RepositoryStartupServlet.java
Author: chetanm
Date: Tue Dec 1 06:40:03 2015
New Revision: 1717383
URL: http://svn.apache.org/viewvc?rev=1717383&view=rev
Log:
OAK-3193 - Integrate with Felix WebConsole
Add a simple WebConsole security provider which only allows 'admin' user. This can be later extended to support any user with AdminPrincipal associated with him
Added:
jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java (with props)
Modified:
jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositoryStartupServlet.java
Added: jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java?rev=1717383&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java (added)
+++ jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java Tue Dec 1 06:40:03 2015
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.jackrabbit.j2ee;
+
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+
+import org.apache.felix.webconsole.WebConsoleSecurityProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A simple WebConsoleSecurityProvider implementation which only allows
+ * repository admin user to perform login
+ */
+class RepositorySecurityProvider implements WebConsoleSecurityProvider {
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ private final Repository repository;
+
+ RepositorySecurityProvider(Repository repository) {
+ this.repository = repository;
+ }
+
+ @Override
+ public Object authenticate(String userName, String password) {
+ final Credentials creds = new SimpleCredentials(userName,
+ (password == null) ? new char[0] : password.toCharArray());
+ Session session = null;
+ try {
+ session = repository.login(creds);
+
+ //TODO Need to extend it support login for any user with AdminPrincipal
+ //credential
+ if ("admin".equals(userName)) {
+ return userName;
+ }
+
+ } catch (LoginException re) {
+ log.info("authenticate: User {} failed to authenticate with the repository " +
+ "for Web Console access", userName, re);
+ } catch (RepositoryException re) {
+ log.info("authenticate: Generic problem trying grant User {} access to the Web Console", userName, re);
+ } finally {
+ if (session != null) {
+ session.logout();
+ }
+ }
+ return null;
+ }
+
+ @Override
+ public boolean authorize(Object user, String role) {
+ //No fine grained access control for now
+ return true;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositorySecurityProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositoryStartupServlet.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositoryStartupServlet.java?rev=1717383&r1=1717382&r2=1717383&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositoryStartupServlet.java (original)
+++ jackrabbit/oak/trunk/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/RepositoryStartupServlet.java Tue Dec 1 06:40:03 2015
@@ -18,9 +18,12 @@ package org.apache.jackrabbit.j2ee;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
+import org.apache.felix.connect.launch.PojoServiceRegistry;
+import org.apache.felix.webconsole.WebConsoleSecurityProvider;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.commons.repository.RepositoryFactory;
import org.apache.jackrabbit.oak.run.osgi.OakOSGiRepositoryFactory;
+import org.apache.jackrabbit.oak.run.osgi.ServiceRegistryProvider;
import org.apache.jackrabbit.rmi.server.RemoteAdapterFactory;
import org.apache.jackrabbit.rmi.server.ServerAdapterFactory;
import org.apache.jackrabbit.servlet.AbstractRepositoryServlet;
@@ -479,7 +482,17 @@ public class RepositoryStartupServlet ex
//TODO oak-jcr also provides a dummy RepositoryFactory. Hence this
//cannot be used
//return JcrUtils.getRepository(config);
- return new OakOSGiRepositoryFactory().getRepository(config);
+ Repository repository = new OakOSGiRepositoryFactory().getRepository(config);
+ configWebConsoleSecurityProvider(repository);
+ return repository;
+ }
+
+ private void configWebConsoleSecurityProvider(Repository repository) {
+ if (repository instanceof ServiceRegistryProvider){
+ PojoServiceRegistry registry = ((ServiceRegistryProvider) repository).getServiceRegistry();
+ registry.registerService(WebConsoleSecurityProvider.class.getName(),
+ new RepositorySecurityProvider(repository), null);
+ }
}
private void configureActivator(Map<String, Object> config) {