1 package org
.argeo
.jcr
.security
;
4 import javax
.jcr
.RepositoryException
;
5 import javax
.jcr
.Session
;
6 import javax
.jcr
.version
.VersionManager
;
8 import org
.argeo
.ArgeoException
;
9 import org
.argeo
.jcr
.ArgeoJcrConstants
;
10 import org
.argeo
.jcr
.ArgeoNames
;
11 import org
.argeo
.jcr
.ArgeoTypes
;
12 import org
.argeo
.jcr
.JcrUtils
;
13 import org
.argeo
.jcr
.UserJcrUtils
;
15 /** Utilities related to Argeo security model in JCR */
17 public class SecurityJcrUtils
implements ArgeoJcrConstants
{
19 * Creates an Argeo user home, does nothing if it already exists. Session is
22 static Node
createUserHomeIfNeeded(Session session
, String username
) {
24 String homePath
= generateUserHomePath(username
);
25 if (session
.itemExists(homePath
))
26 return session
.getNode(homePath
);
28 Node userHome
= JcrUtils
.mkdirs(session
, homePath
);
29 userHome
.addMixin(ArgeoTypes
.ARGEO_USER_HOME
);
30 userHome
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
32 // JcrUtils.addPrivilege(session, homePath, username,
36 } catch (RepositoryException e
) {
37 JcrUtils
.discardQuietly(session
);
38 throw new ArgeoException("Cannot create home for " + username
39 + " in workspace " + session
.getWorkspace().getName(), e
);
43 private static String
generateUserHomePath(String username
) {
44 String homeBasePath
= UserJcrUtils
.DEFAULT_HOME_BASE_PATH
;
45 return homeBasePath
+ '/' + JcrUtils
.firstCharsToPath(username
, 2)
50 * Creates a user profile in the home of this user. Creates the home if
51 * needed, but throw an exception if a profile already exists. The session
52 * is not saved and the node is in a checkedOut state (that is, it requires
53 * a subsequent checkin after saving the session).
55 static Node
createUserProfile(Session session
, String username
) {
57 Node userHome
= createUserHomeIfNeeded(session
, username
);
58 if (userHome
.hasNode(ArgeoNames
.ARGEO_PROFILE
))
59 throw new ArgeoException(
60 "There is already a user profile under " + userHome
);
61 Node userProfile
= userHome
.addNode(ArgeoNames
.ARGEO_PROFILE
);
62 userProfile
.addMixin(ArgeoTypes
.ARGEO_USER_PROFILE
);
63 userProfile
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
64 userProfile
.setProperty(ArgeoNames
.ARGEO_ENABLED
, true);
65 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_EXPIRED
, true);
66 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_LOCKED
, true);
67 userProfile
.setProperty(ArgeoNames
.ARGEO_CREDENTIALS_NON_EXPIRED
,
70 } catch (RepositoryException e
) {
71 JcrUtils
.discardQuietly(session
);
72 throw new ArgeoException("Cannot create user profile for "
73 + username
+ " in workspace "
74 + session
.getWorkspace().getName(), e
);
79 * Create user profile if needed, the session IS saved.
81 * @return the user profile
83 static Node
createUserProfileIfNeeded(Session securitySession
,
86 Node userHome
= createUserHomeIfNeeded(securitySession
, username
);
87 Node userProfile
= userHome
.hasNode(ArgeoNames
.ARGEO_PROFILE
) ? userHome
88 .getNode(ArgeoNames
.ARGEO_PROFILE
) : createUserProfile(
89 securitySession
, username
);
90 if (securitySession
.hasPendingChanges())
91 securitySession
.save();
92 VersionManager versionManager
= securitySession
.getWorkspace()
94 if (versionManager
.isCheckedOut(userProfile
.getPath()))
95 versionManager
.checkin(userProfile
.getPath());
97 } catch (RepositoryException e
) {
98 JcrUtils
.discardQuietly(securitySession
);
99 throw new ArgeoException("Cannot create user profile for "
100 + username
+ " in workspace "
101 + securitySession
.getWorkspace().getName(), e
);
106 * @return null if not found *
108 static Node
getUserProfile(Session session
, String username
) {
110 Node userHome
= UserJcrUtils
.getUserHome(session
, username
);
111 if (userHome
== null)
113 if (userHome
.hasNode(ArgeoNames
.ARGEO_PROFILE
))
114 return userHome
.getNode(ArgeoNames
.ARGEO_PROFILE
);
117 } catch (RepositoryException e
) {
118 throw new ArgeoException(
119 "Cannot find profile for user " + username
, e
);
123 private SecurityJcrUtils() {