]> git.argeo.org Git - lgpl/argeo-commons.git/blob - HomeRepository.java
projects / lgpl / argeo-commons.git / blob


97407866f1d24d2b28a31ff96a6aff641a3e19b6
[lgpl/argeo-commons.git] / HomeRepository.java
1 package org.argeo.cms.internal.kernel;
2
3 import java.security.PrivilegedAction;
4 import java.util.HashSet;
5 import java.util.Set;
6
7 import javax.jcr.Node;
8 import javax.jcr.Repository;
9 import javax.jcr.RepositoryException;
10 import javax.jcr.Session;
11 import javax.jcr.security.Privilege;
12 import javax.naming.InvalidNameException;
13 import javax.naming.ldap.LdapName;
14 import javax.security.auth.Subject;
15 import javax.security.auth.login.LoginContext;
16
17 import org.argeo.cms.CmsException;
18 import org.argeo.jcr.JcrRepositoryWrapper;
19 import org.argeo.jcr.JcrUtils;
20 import org.argeo.node.NodeConstants;
21 import org.argeo.node.NodeNames;
22 import org.argeo.node.NodeTypes;
23 import org.argeo.node.NodeUtils;
24
25 /**
26 * Make sure each user has a home directory available in the default workspace.
27 */
28 class HomeRepository extends JcrRepositoryWrapper implements KernelConstants {
29 /** The home base path. */
30 private String homeBasePath = "/home";
31 // private String peopleBasePath = NodeConstants.PEOPLE_BASE_PATH;
32
33 private Set<String> checkedUsers = new HashSet<String>();
34
35 public HomeRepository(Repository repository) {
36 super(repository);
37 putDescriptor(NodeConstants.CN, NodeConstants.HOME);
38 LoginContext lc;
39 try {
40 lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN);
41 lc.login();
42 } catch (javax.security.auth.login.LoginException e1) {
43 throw new CmsException("Cannot login as systrem", e1);
44 }
45 Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
46
47 @Override
48 public Void run() {
49 try {
50 Session adminSession = getRepository().login();
51 initJcr(adminSession);
52 } catch (RepositoryException e) {
53 throw new CmsException("Cannot init JCR home", e);
54 }
55 return null;
56 }
57
58 });
59 }
60
61 // @Override
62 // public Session login() throws LoginException, RepositoryException {
63 // Session session = super.login();
64 // String username = session.getUserID();
65 // if (username == null)
66 // return session;
67 // if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS))
68 // return session;
69 //
70 // if (checkedUsers.contains(username))
71 // return session;
72 // Session adminSession = KernelUtils.openAdminSession(getRepository(),
73 // session.getWorkspace().getName());
74 // try {
75 // syncJcr(adminSession, username);
76 // checkedUsers.add(username);
77 // } finally {
78 // JcrUtils.logoutQuietly(adminSession);
79 // }
80 // return session;
81 // }
82
83 @Override
84 protected void processNewSession(Session session) {
85 String username = session.getUserID();
86 if (username == null)
87 return;
88 if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
89 return;
90 // if (session.getUserID().equals(AuthConstants.ROLE_KERNEL))
91 // return;
92 // if (session.getUserID().equals(SecurityConstants.ADMIN_ID))
93 // return;
94
95 if (checkedUsers.contains(username))
96 return;
97 Session adminSession = KernelUtils.openAdminSession(getRepository(),
98 session.getWorkspace().getName());
99 try {
100 syncJcr(adminSession, username);
101 checkedUsers.add(username);
102 } finally {
103 JcrUtils.logoutQuietly(adminSession);
104 }
105 }
106
107 /*
108 * JCR
109 */
110 /** Session is logged out. */
111 private void initJcr(Session adminSession) {
112 try {
113 JcrUtils.mkdirs(adminSession, homeBasePath);
114 // JcrUtils.mkdirs(adminSession, peopleBasePath);
115 adminSession.save();
116
117 JcrUtils.addPrivilege(adminSession, homeBasePath,
118 NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
119 // JcrUtils.addPrivilege(adminSession, peopleBasePath,
120 // NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
121 adminSession.save();
122 } catch (RepositoryException e) {
123 throw new CmsException("Cannot initialize node user admin", e);
124 } finally {
125 JcrUtils.logoutQuietly(adminSession);
126 }
127 }
128
129 private void syncJcr(Session session, String username) {
130 try {
131 Node userHome = NodeUtils.getUserHome(session, username);
132 if (userHome == null) {
133 String homePath = generateUserPath(homeBasePath, username);
134 if (session.itemExists(homePath))// duplicate user id
135 userHome = session.getNode(homePath).getParent()
136 .addNode(JcrUtils.lastPathElement(homePath));
137 else
138 userHome = JcrUtils.mkdirs(session, homePath);
139 // userHome = JcrUtils.mkfolders(session, homePath);
140 userHome.addMixin(NodeTypes.NODE_USER_HOME);
141 userHome.setProperty(NodeNames.LDAP_UID, username);
142 session.save();
143
144 JcrUtils.clearAccessControList(session, homePath, username);
145 JcrUtils.addPrivilege(session, homePath, username,
146 Privilege.JCR_ALL);
147 }
148
149 // Node userProfile = NodeUtils.getUserProfile(session, username);
150 // // new user
151 // if (userProfile == null) {
152 // String personPath = generateUserPath(peopleBasePath, username);
153 // Node personBase;
154 // if (session.itemExists(personPath))// duplicate user id
155 // personBase = session.getNode(personPath).getParent()
156 // .addNode(JcrUtils.lastPathElement(personPath));
157 // else
158 // personBase = JcrUtils.mkdirs(session, personPath);
159 // userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
160 // userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
161 // userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
162 // // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
163 // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED,
164 // // true);
165 // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED,
166 // // true);
167 // // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
168 // // true);
169 // session.save();
170 //
171 // JcrUtils.clearAccessControList(session, userProfile.getPath(),
172 // username);
173 // JcrUtils.addPrivilege(session, userProfile.getPath(), username,
174 // Privilege.JCR_READ);
175 // }
176
177 // Remote roles
178 // if (roles != null) {
179 // writeRemoteRoles(userProfile, roles);
180 // }
181 if (session.hasPendingChanges())
182 session.save();
183 // return userProfile;
184 } catch (RepositoryException e) {
185 JcrUtils.discardQuietly(session);
186 throw new CmsException("Cannot sync node security model for "
187 + username, e);
188 }
189 }
190
191 /** Generate path for a new user home */
192 private String generateUserPath(String base, String username) {
193 LdapName dn;
194 try {
195 dn = new LdapName(username);
196 } catch (InvalidNameException e) {
197 throw new CmsException("Invalid name " + username, e);
198 }
199 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
200 int atIndex = userId.indexOf('@');
201 if (atIndex > 0) {
202 String domain = userId.substring(0, atIndex);
203 String name = userId.substring(atIndex + 1);
204 return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/'
205 + domain + '/' + JcrUtils.firstCharsToPath(name, 2) + '/'
206 + name;
207 } else if (atIndex == 0 || atIndex == (userId.length() - 1)) {
208 throw new CmsException("Unsupported username " + userId);
209 } else {
210 return base + '/' + JcrUtils.firstCharsToPath(userId, 2) + '/'
211 + userId;
212 }
213 }
214
215 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi