public class SpringSecurityPrincipalProvider extends Object implements org.apache.jackrabbit.core.security.principal.PrincipalProvider
PrincipalProvider
that delegates to a Pentaho UserDetailsService
.
A java.security.Principal
represents a user. A java.security.acl.Group
represents a group. In
Spring Security, a group is called a role or authority or granted authority. Arguments to the method getPrincipal(String)
can either be a Principal or Group. In other words, getPrincipal(String)
might be called with an argument of a Spring Security granted authority. This happens when access control entries
(ACEs) grant access to roles and the system needs to verify the role is known.
Jackrabbit assumes a unified space of all user and role names. The PrincipalProvider is responsible for determining the type of a principal/group from its name.
This implementation caches users and roles, but not passwords. Optionally, this implementation can take advantage of a Spring Security UserCache. If available, it will use said cache for role membership lookups. Also note that the removal of a role or user from the system will not be noticed by this implementation. (A restart of Jackrabbit is required.)
There are users and roles that are never expected to be in any backing store. By default, these are "everyone" (a role), "anonymous" (a user), "administrators" (a role), and "admin" (a user).
This implementation never returns null from getPrincipal(String)
. As a result, a NoSuchPrincipalException
is never thrown. See the method for details.
Modifier and Type | Field and Description |
---|---|
static String |
ROLE_CACHE_REGION |
static String |
USER_CACHE_REGION |
Constructor and Description |
---|
SpringSecurityPrincipalProvider() |
Modifier and Type | Method and Description |
---|---|
boolean |
canReadPrincipal(javax.jcr.Session session,
Principal principalToRead) |
protected void |
checkInitialized() |
void |
clearCaches() |
void |
close() |
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
findPrincipals(String simpleFilter)
|
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
findPrincipals(String simpleFilter,
int searchType)
|
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
getGroupMembership(Principal principal)
|
Principal |
getPrincipal(String principalName)
|
org.apache.jackrabbit.api.security.principal.PrincipalIterator |
getPrincipals(int searchType)
|
protected org.springframework.security.core.userdetails.UserDetailsService |
getUserDetailsService() |
protected org.pentaho.platform.api.engine.IUserRoleListService |
getUserRoleListService() |
void |
init(Properties options) |
protected org.springframework.security.core.userdetails.UserDetails |
internalGetUserDetails(String username)
Gets user details.
|
public static final String ROLE_CACHE_REGION
public static final String USER_CACHE_REGION
public void init(Properties options)
init
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public void close()
close
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public void clearCaches()
public boolean canReadPrincipal(javax.jcr.Session session, Principal principalToRead)
canReadPrincipal
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public Principal getPrincipal(String principalName)
Attempts to load user using given principalName
using a Pentaho UserDetailsService
. If it fails
to find user, it returns a Group
which will be caught by SpringSecurityLoginModule
.
getPrincipal
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getGroupMembership(Principal principal)
Called from AbstractLoginModule.getPrincipals()
getGroupMembership
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
protected org.springframework.security.core.userdetails.UserDetails internalGetUserDetails(String username)
protected void checkInitialized()
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter)
Not implemented. This method only ever called from method in PrincipalManagerImpl
and that method is
never called.
findPrincipals
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals(String simpleFilter, int searchType)
Not implemented. This method only ever called from method in PrincipalManagerImpl
and that method is
never called.
findPrincipals
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
public org.apache.jackrabbit.api.security.principal.PrincipalIterator getPrincipals(int searchType)
Not implemented. This method only ever called from method in PrincipalManagerImpl
and that method is
never called.
getPrincipals
in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider
protected org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()
protected org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()
Copyright © 2019 Hitachi Vantara. All rights reserved.