[Commits] (bcm) add support to JCRTemplate for logging into the repository with an externally

commits at osafoundation.org commits at osafoundation.org
Wed Mar 30 11:35:32 PST 2005


Commit by: bcm
Modified files:
server/core/etc/applicationContext-jcr-client.xml 1.4 1.5
server/core/src/org/osaf/cosmo/spring/jcr/CosmoJCRAuthenticationProvider.java None 1.1
server/core/src/org/osaf/cosmo/spring/jcr/CosmoJCRCredentialsProvider.java 1.1 None
server/core/src/org/osaf/spring/jcr/JCRAuthenticationProvider.java None 1.1
server/core/src/org/osaf/spring/jcr/JCRTemplate.java 1.2 1.3
server/core/src/org/osaf/spring/jcr/JCRCredentialsProvider.java 1.1 None
server/etc/repository.xml 1.5 1.6
server/webapps/webdav/etc/applicationContext-webdav-adapter.xml 1.5 1.6
server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java 1.8 1.9

Log message:
add support to JCRTemplate for logging into the repository with an externally
authenticated subject. this necessitated extending JCRCredentialsProvider
interface to also return a subject and renaming it JCRAuthenticationProvider
(and similarly extending and renaming CosmoJCRCredentialsProvider to
CosmoJCRAuthenticationProvider). the end result is that we now no longer
need to support JAAS when the console logs into the repository. so
Jackrabbit's JAAS authen is totally out of the picture. good riddance.

also change the name of the repository workspace containing homedirs from
"default" to, well, "homedir".


ViewCVS links:
http://cvs.osafoundation.org/index.cgi/server/core/etc/applicationContext-jcr-client.xml.diff?r1=text&tr1=1.4&r2=text&tr2=1.5
http://cvs.osafoundation.org/index.cgi/server/core/src/org/osaf/cosmo/spring/jcr/CosmoJCRAuthenticationProvider.java?rev=1.1&content-type=text/vnd.viewcvs-markup
http://cvs.osafoundation.org/index.cgi/server/core/src/org/osaf/cosmo/spring/jcr/CosmoJCRCredentialsProvider.java.diff?r1=text&tr1=1.1&r2=text&tr2=None
http://cvs.osafoundation.org/index.cgi/server/core/src/org/osaf/spring/jcr/JCRAuthenticationProvider.java?rev=1.1&content-type=text/vnd.viewcvs-markup
http://cvs.osafoundation.org/index.cgi/server/core/src/org/osaf/spring/jcr/JCRTemplate.java.diff?r1=text&tr1=1.2&r2=text&tr2=1.3
http://cvs.osafoundation.org/index.cgi/server/core/src/org/osaf/spring/jcr/JCRCredentialsProvider.java.diff?r1=text&tr1=1.1&r2=text&tr2=None
http://cvs.osafoundation.org/index.cgi/server/etc/repository.xml.diff?r1=text&tr1=1.5&r2=text&tr2=1.6
http://cvs.osafoundation.org/index.cgi/server/webapps/webdav/etc/applicationContext-webdav-adapter.xml.diff?r1=text&tr1=1.5&r2=text&tr2=1.6
http://cvs.osafoundation.org/index.cgi/server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java.diff?r1=text&tr1=1.8&r2=text&tr2=1.9

Index: server/core/src/org/osaf/spring/jcr/JCRTemplate.java
diff -u server/core/src/org/osaf/spring/jcr/JCRTemplate.java:1.2 server/core/src/org/osaf/spring/jcr/JCRTemplate.java:1.3
--- server/core/src/org/osaf/spring/jcr/JCRTemplate.java:1.2	Tue Mar 22 17:29:24 2005
+++ server/core/src/org/osaf/spring/jcr/JCRTemplate.java	Wed Mar 30 11:35:30 2005
@@ -1,9 +1,11 @@
 package org.osaf.spring.jcr;
 
+import java.security.PrivilegedAction;
 import javax.jcr.Credentials;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.security.auth.Subject;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -23,8 +25,8 @@
  * that use JCR within their implementation but are JCR-agnostic in
  * their interface.
  *
- * Requires a {@link JCRCredentialsProvider} and a {@link
- * javax.jcr.Repository}. A workspace name is optional, as the
+ * Requires a {@link JCRAuthenticationProvider} and a
+ * {@link javax.jcr.Repository}. A workspace name is optional, as the
  * repository will choose the default workspace if a name is not
  * provided.
  *
@@ -33,7 +35,7 @@
 public class JCRTemplate implements InitializingBean {
     private static final Log log = LogFactory.getLog(JCRTemplate.class);
 
-    private JCRCredentialsProvider credentialsProvider;
+    private JCRAuthenticationProvider authenticationProvider;
     private Repository repository;
     private String workspaceName;
 
@@ -44,10 +46,10 @@
 
     /**
      */
-    public JCRTemplate(JCRCredentialsProvider credentialsProvider,
+    public JCRTemplate(JCRAuthenticationProvider authenticationProvider,
                        Repository repository,
                        String workspaceName) {
-        setCredentialsProvider(credentialsProvider);
+        setAuthenticationProvider(authenticationProvider);
         setRepository(repository);
         setWorkspaceName(workspaceName);
         afterPropertiesSet();
@@ -66,12 +68,33 @@
      * callback code need to explicitly log out of the
      * <code>Session</code>; this method will handle that itself.
      */
-    public Object execute(JCRCallback action)
+    public Object execute(JCRCallback callback)
         throws DataAccessException {
         try {
-            Credentials creds = getCredentialsProvider().provideCredentials();
-            Session session = repository.login(creds, getWorkspaceName());
-            Object object = action.doInJCR(session);
+            Session session = null;
+            Credentials creds = authenticationProvider.provideCredentials();
+            if (creds != null) {
+                session = repository.login(creds, workspaceName);
+            }
+            else {
+                Subject subject = authenticationProvider.provideSubject();
+                if (subject == null) {
+                    throw new IllegalStateException("neither credentials nor subject provided");
+                }
+
+                PrivilegedAction action = new PrivilegedAction() {
+                        public Object run() {
+                            try {
+                                return repository.login(workspaceName);
+                            } catch (Exception e) {
+                                throw new RuntimeException(e);
+                            }
+                        }
+                    };
+                session = (Session) Subject.doAs(subject, action);
+            }
+
+            Object object = callback.doInJCR(session);
             session.logout();
             return object;
         } catch (RepositoryException e) {
@@ -83,8 +106,8 @@
      * Sanity check the object's properties.
      */
     public void afterPropertiesSet() {
-        if (getCredentialsProvider() == null) {
-            throw new IllegalArgumentException("credentialsProvider is required");
+        if (getAuthenticationProvider() == null) {
+            throw new IllegalArgumentException("authenticationProvider is required");
         }
         if (getRepository() == null) {
             throw new IllegalArgumentException("repository is required");
@@ -104,14 +127,14 @@
 
     /**
      */
-    public JCRCredentialsProvider getCredentialsProvider() {
-        return credentialsProvider;
+    public JCRAuthenticationProvider getAuthenticationProvider() {
+        return authenticationProvider;
     }
 
     /**
      */
-    public void setCredentialsProvider(JCRCredentialsProvider provider) {
-        this.credentialsProvider = provider;
+    public void setAuthenticationProvider(JCRAuthenticationProvider provider) {
+        this.authenticationProvider = provider;
     }
 
     /**

Index: server/webapps/webdav/etc/applicationContext-webdav-adapter.xml
diff -u server/webapps/webdav/etc/applicationContext-webdav-adapter.xml:1.5 server/webapps/webdav/etc/applicationContext-webdav-adapter.xml:1.6
--- server/webapps/webdav/etc/applicationContext-webdav-adapter.xml:1.5	Wed Mar 30 10:40:34 2005
+++ server/webapps/webdav/etc/applicationContext-webdav-adapter.xml	Wed Mar 30 11:35:30 2005
@@ -27,7 +27,7 @@
       <ref bean="securityManager"/>
     </property>
     <property name="workspaceName">
-      <value>default</value>
+      <value>homedir</value>
     </property>
   </bean>
 

Index: server/etc/repository.xml
diff -u server/etc/repository.xml:1.5 server/etc/repository.xml:1.6
--- server/etc/repository.xml:1.5	Tue Mar 29 13:02:06 2005
+++ server/etc/repository.xml	Wed Mar 30 11:35:30 2005
@@ -137,7 +137,7 @@
         <AccessManager class="org.apache.jackrabbit.core.security.SimpleAccessManager"/>
 <!--
         <AccessManager class="org.osaf.cosmo.jackrabbit.CosmoAccessManager">
-            <param name="homedirWorkspaceName" value="default"/>
+            <param name="homedirWorkspaceName" value="homedir"/>
         </AccessManager>
 -->
     </Security>
@@ -145,7 +145,7 @@
     <!--
         location of workspaces root directory and name of default workspace
     -->
-    <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="default"/>
+    <Workspaces rootPath="${rep.home}/workspaces" defaultWorkspace="homedir"/>
     <!--
         workspace configuration template:
         used to create the initial workspace if there's no workspace yet

Index: server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java
diff -u server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java:1.8 server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java:1.9
--- server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java:1.8	Wed Mar 30 10:40:35 2005
+++ server/webapps/webdav/src/org/osaf/cosmo/webdav/CosmoDavSessionProvider.java	Wed Mar 30 11:35:30 2005
@@ -43,7 +43,7 @@
      * session
      */
     public void acquireSession(WebdavRequest request) throws DavException {
-        // XXX cache dav session in web session
+        // XXX cache dav session in web session?
         try {
             CosmoSecurityContext securityContext =
                 securityManager.getSecurityContext();
@@ -52,12 +52,13 @@
                         try {
                             return repository.login(workspaceName);
                         } catch (Exception e) {
-                            throw new RuntimeException("error logging into repository", e);
+                            throw new RuntimeException(e);
                         }
                     }
                 };
             if (log.isDebugEnabled()) {
-                log.debug("Logging into repository as " +
+                log.debug("Logging into repository workspace " +
+                          workspaceName + " as " +
                           securityContext.getUser().getUsername());
             }
             Session rs = (Session)
@@ -65,7 +66,7 @@
             DavSession ds = new DavSessionImpl(rs);
             request.setDavSession(ds);
         } catch (Exception e) {
-            log.error(e);
+            log.error("error logging into repository", e);
             throw new DavException(DavServletResponse.SC_INTERNAL_SERVER_ERROR,
                                    e.getMessage());
         }

Index: server/core/etc/applicationContext-jcr-client.xml
diff -u server/core/etc/applicationContext-jcr-client.xml:1.4 server/core/etc/applicationContext-jcr-client.xml:1.5
--- server/core/etc/applicationContext-jcr-client.xml:1.4	Tue Mar 29 09:59:57 2005
+++ server/core/etc/applicationContext-jcr-client.xml	Wed Mar 30 11:35:29 2005
@@ -17,27 +17,30 @@
     </property>
   </bean>
 
-  <bean id="credentialsProvider"
-        class="org.osaf.cosmo.spring.jcr.CosmoJCRCredentialsProvider">
+  <bean id="authenticationProvider"
+        class="org.osaf.cosmo.spring.jcr.CosmoJCRAuthenticationProvider">
     <property name="securityManager">
       <ref bean="securityManager"/>
     </property>
   </bean>
 
-  <bean id="contentStoreTemplate"
+  <bean id="homedirTemplate"
         class="org.osaf.spring.jcr.JCRTemplate">
-    <property name="credentialsProvider">
-      <ref local="credentialsProvider"/>
+    <property name="authenticationProvider">
+      <ref local="authenticationProvider"/>
     </property>
     <property name="repository">
       <ref local="jcrRepository"/>
     </property>
+    <property name="workspaceName">
+      <value>homedir</value>
+    </property>
   </bean>
 
   <bean id="shareDAO"
         class="org.osaf.chandler.server.dao.jcr.ContentStoreDAOJCR">
     <property name="template">
-      <ref local="contentStoreTemplate"/>
+      <ref local="homedirTemplate"/>
     </property>
   </bean>
 



More information about the Commits mailing list