Class SpringSecurityPrincipalProvider
- java.lang.Object
-
- org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityPrincipalProvider
-
- All Implemented Interfaces:
org.apache.jackrabbit.core.security.principal.PrincipalProvider
public class SpringSecurityPrincipalProvider extends Object implements org.apache.jackrabbit.core.security.principal.PrincipalProvider
A JackrabbitPrincipalProvider
that delegates to a PentahoUserDetailsService
.A
java.security.Principal
represents a user. Ajava.security.acl.Group
represents a group. In Spring Security, a group is called a role or authority or granted authority. Arguments to the methodgetPrincipal(String)
can either be a Principal or Group. In other words,getPrincipal(String)
might be called with an argument of a Spring Security granted authority. This happens when access control entries (ACEs) grant access to roles and the system needs to verify the role is known.Jackrabbit assumes a unified space of all user and role names. The PrincipalProvider is responsible for determining the type of a principal/group from its name.
This implementation caches users and roles, but not passwords. Optionally, this implementation can take advantage of a Spring Security UserCache. If available, it will use said cache for role membership lookups. Also note that the removal of a role or user from the system will not be noticed by this implementation. (A restart of Jackrabbit is required.)
There are users and roles that are never expected to be in any backing store. By default, these are "everyone" (a role), "anonymous" (a user), "administrators" (a role), and "admin" (a user).
This implementation never returns null from
getPrincipal(String)
. As a result, aNoSuchPrincipalException
is never thrown. See the method for details.- Author:
- mlowery
-
-
Field Summary
Fields Modifier and Type Field Description static String
ROLE_CACHE_REGION
static String
USER_CACHE_REGION
-
Constructor Summary
Constructors Constructor Description SpringSecurityPrincipalProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canReadPrincipal(javax.jcr.Session session, Principal principalToRead)
protected void
checkInitialized()
void
clearCaches()
void
close()
org.apache.jackrabbit.api.security.principal.PrincipalIterator
findPrincipals(String simpleFilter)
org.apache.jackrabbit.api.security.principal.PrincipalIterator
findPrincipals(String simpleFilter, int searchType)
org.apache.jackrabbit.api.security.principal.PrincipalIterator
getGroupMembership(Principal principal)
Principal
getPrincipal(String principalName)
org.apache.jackrabbit.api.security.principal.PrincipalIterator
getPrincipals(int searchType)
protected org.springframework.security.core.userdetails.UserDetailsService
getUserDetailsService()
protected org.pentaho.platform.api.engine.IUserRoleListService
getUserRoleListService()
void
init(Properties options)
protected org.springframework.security.core.userdetails.UserDetails
internalGetUserDetails(String username)
Gets user details.
-
-
-
Field Detail
-
ROLE_CACHE_REGION
public static final String ROLE_CACHE_REGION
- See Also:
- Constant Field Values
-
USER_CACHE_REGION
public static final String USER_CACHE_REGION
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public void init(Properties options)
- Specified by:
init
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
close
public void close()
- Specified by:
close
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
clearCaches
public void clearCaches()
-
canReadPrincipal
public boolean canReadPrincipal(javax.jcr.Session session, Principal principalToRead)
- Specified by:
canReadPrincipal
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
getPrincipal
public Principal getPrincipal(String principalName)
Attempts to load user using given
principalName
using a PentahoUserDetailsService
. If it fails to find user, it returns aGroup
which will be caught bySpringSecurityLoginModule
.- Specified by:
getPrincipal
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
getGroupMembership
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getGroupMembership(Principal principal)
Called from
AbstractLoginModule.getPrincipals()
- Specified by:
getGroupMembership
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
internalGetUserDetails
protected org.springframework.security.core.userdetails.UserDetails internalGetUserDetails(String username)
Gets user details. Checks cache first.
-
checkInitialized
protected void checkInitialized()
-
findPrincipals
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter)
Not implemented. This method only ever called from method in
PrincipalManagerImpl
and that method is never called.- Specified by:
findPrincipals
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
findPrincipals
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter, int searchType)
Not implemented. This method only ever called from method in
PrincipalManagerImpl
and that method is never called.- Specified by:
findPrincipals
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
getPrincipals
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getPrincipals(int searchType)
Not implemented. This method only ever called from method in
PrincipalManagerImpl
and that method is never called.- Specified by:
getPrincipals
in interfaceorg.apache.jackrabbit.core.security.principal.PrincipalProvider
-
getUserDetailsService
protected org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()
-
getUserRoleListService
protected org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()
-
-