Package org.pentaho.platform.repository2.unified.jcr.jackrabbit.security

Class SpringSecurityPrincipalProvider

  • All Implemented Interfaces:
    org.apache.jackrabbit.core.security.principal.PrincipalProvider
    public class SpringSecurityPrincipalProvider
extends Object
implements org.apache.jackrabbit.core.security.principal.PrincipalProvider
    A Jackrabbit PrincipalProvider that delegates to a Pentaho UserDetailsService.

    A java.security.Principal represents a user. A java.security.acl.Group represents a group. In Spring Security, a group is called a role or authority or granted authority. Arguments to the method getPrincipal(String) can either be a Principal or Group. In other words, getPrincipal(String) might be called with an argument of a Spring Security granted authority. This happens when access control entries (ACEs) grant access to roles and the system needs to verify the role is known.

    Jackrabbit assumes a unified space of all user and role names. The PrincipalProvider is responsible for determining the type of a principal/group from its name.

    This implementation caches users and roles, but not passwords. Optionally, this implementation can take advantage of a Spring Security UserCache. If available, it will use said cache for role membership lookups. Also note that the removal of a role or user from the system will not be noticed by this implementation. (A restart of Jackrabbit is required.)

    There are users and roles that are never expected to be in any backing store. By default, these are "everyone" (a role), "anonymous" (a user), "administrators" (a role), and "admin" (a user).

    This implementation never returns null from getPrincipal(String). As a result, a NoSuchPrincipalException is never thrown. See the method for details.

    Author:
    mlowery

    • Constructor Detail

      • SpringSecurityPrincipalProvider

        public SpringSecurityPrincipalProvider()

    • Method Detail

      • init

        public void init​(Properties options)
        Specified by:
        init in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • close

        public void close()
        Specified by:
        close in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • clearCaches

        public void clearCaches()

      • canReadPrincipal

        public boolean canReadPrincipal​(javax.jcr.Session session,
                                Principal principalToRead)
        Specified by:
        canReadPrincipal in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • getPrincipal

        public Principal getPrincipal​(String principalName)

        Attempts to load user using given principalName using a Pentaho UserDetailsService. If it fails to find user, it returns a Group which will be caught by SpringSecurityLoginModule.

        Specified by:
        getPrincipal in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • getGroupMembership

        public org.apache.jackrabbit.api.security.principal.PrincipalIterator getGroupMembership​(Principal principal)

        Called from AbstractLoginModule.getPrincipals()

        Specified by:
        getGroupMembership in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • internalGetUserDetails

        protected org.springframework.security.core.userdetails.UserDetails internalGetUserDetails​(String username)
        Gets user details. Checks cache first.

      • checkInitialized

        protected void checkInitialized()

      • findPrincipals

        public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals​(String simpleFilter)

        Not implemented. This method only ever called from method in PrincipalManagerImpl and that method is never called.

        Specified by:
        findPrincipals in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • findPrincipals

        public org.apache.jackrabbit.api.security.principal.PrincipalIterator findPrincipals​(String simpleFilter,
                                                                                     int searchType)

        Not implemented. This method only ever called from method in PrincipalManagerImpl and that method is never called.

        Specified by:
        findPrincipals in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • getPrincipals

        public org.apache.jackrabbit.api.security.principal.PrincipalIterator getPrincipals​(int searchType)

        Not implemented. This method only ever called from method in PrincipalManagerImpl and that method is never called.

        Specified by:
        getPrincipals in interface org.apache.jackrabbit.core.security.principal.PrincipalProvider

      • getUserDetailsService

        protected org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()

      • getUserRoleListService

        protected org.pentaho.platform.api.engine.IUserRoleListService getUserRoleListService()