forked from ModeShape/modeshape
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SeamSecurityProvider.java
110 lines (100 loc) · 4.2 KB
/
SeamSecurityProvider.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
/*
* ModeShape (http://www.modeshape.org)
* See the COPYRIGHT.txt file distributed with this work for information
* regarding copyright ownership. Some portions may be licensed
* to Red Hat, Inc. under one or more contributor license agreements.
* See the AUTHORS.txt file in the distribution for a full listing of
* individual contributors.
*
* ModeShape is free software. Unless otherwise indicated, all code in ModeShape
* is licensed to you under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* ModeShape is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.modeshape.jcr.security;
import java.util.Map;
import javax.jcr.Credentials;
import org.jboss.seam.security.Identity;
import org.modeshape.common.annotation.Immutable;
import org.modeshape.common.util.CheckArg;
import org.modeshape.graph.ExecutionContext;
import org.modeshape.graph.SecurityContext;
/**
* An implementation of {@link AuthenticationProvider} that uses Seam Security to perform all authentication and <i>role-based</i>
* authorization.
*/
public class SeamSecurityProvider implements AuthenticationProvider {
/**
* {@inheritDoc}
*
* @see org.modeshape.jcr.security.AuthenticationProvider#authenticate(javax.jcr.Credentials, java.lang.String,
* java.lang.String, org.modeshape.graph.ExecutionContext, java.util.Map)
*/
public ExecutionContext authenticate( Credentials credentials,
String repositoryName,
String workspaceName,
ExecutionContext repositoryContext,
Map<String, Object> sessionAttributes ) {
if (credentials == null) {
// We don't care about credentials, as we'll always use the Seam Identity class ...
Identity identity = Identity.instance();
if (identity != null && identity.isLoggedIn()) {
SeamSecurityContext context = new SeamSecurityContext(identity);
return repositoryContext.with(context);
}
}
return null;
}
/**
* A {@link SecurityContext security context} implementation that is based upon Seam Security and that provides authentication
* and authorization through the Seam Security {@link Identity} instance.
*/
@Immutable
public static class SeamSecurityContext implements SecurityContext {
private final Identity identity;
/**
* Create a {@link SeamSecurityContext} with the supplied {@link Identity} instance.
*
* @param identity the Seam Security {@link Identity} instance; may not be null
* @throws IllegalArgumentException if the <code>identity</code> is null
*/
public SeamSecurityContext( Identity identity ) {
CheckArg.isNotNull(identity, "identity");
this.identity = identity;
}
/**
* {@inheritDoc SecurityContext#getUserName()}
*
* @see SecurityContext#getUserName()
*/
public String getUserName() {
return identity.getCredentials().getUsername();
}
/**
* {@inheritDoc SecurityContext#hasRole(String)}
*
* @see SecurityContext#hasRole(String)
*/
public boolean hasRole( String roleName ) {
return identity.hasRole(roleName);
}
/**
* {@inheritDoc SecurityContext#logout()}
*
* @see SecurityContext#logout()
*/
public void logout() {
// we'll let Seam Security handle logging out of the Identity ...
}
}
}