]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
1 package org
.argeo
.cms
.internal
.kernel
;
3 import java
.security
.PrivilegedAction
;
4 import java
.util
.HashSet
;
8 import javax
.jcr
.Repository
;
9 import javax
.jcr
.RepositoryException
;
10 import javax
.jcr
.Session
;
11 import javax
.jcr
.security
.Privilege
;
12 import javax
.naming
.InvalidNameException
;
13 import javax
.naming
.ldap
.LdapName
;
14 import javax
.security
.auth
.Subject
;
15 import javax
.security
.auth
.login
.LoginContext
;
17 import org
.argeo
.cms
.CmsException
;
18 import org
.argeo
.jcr
.JcrRepositoryWrapper
;
19 import org
.argeo
.jcr
.JcrUtils
;
20 import org
.argeo
.node
.NodeConstants
;
21 import org
.argeo
.node
.NodeNames
;
22 import org
.argeo
.node
.NodeTypes
;
23 import org
.argeo
.node
.NodeUtils
;
26 * Make sure each user has a home directory available in the default workspace.
28 class HomeRepository
extends JcrRepositoryWrapper
implements KernelConstants
{
29 /** The home base path. */
30 private String homeBasePath
= "/home";
31 // private String peopleBasePath = NodeConstants.PEOPLE_BASE_PATH;
33 private Set
<String
> checkedUsers
= new HashSet
<String
>();
35 public HomeRepository(Repository repository
) {
37 putDescriptor(NodeConstants
.CN
, NodeConstants
.HOME
);
40 lc
= new LoginContext(NodeConstants
.LOGIN_CONTEXT_DATA_ADMIN
);
42 } catch (javax
.security
.auth
.login
.LoginException e1
) {
43 throw new CmsException("Cannot login as systrem", e1
);
45 Subject
.doAs(lc
.getSubject(), new PrivilegedAction
<Void
>() {
50 Session adminSession
= getRepository().login();
51 initJcr(adminSession
);
52 } catch (RepositoryException e
) {
53 throw new CmsException("Cannot init JCR home", e
);
62 // public Session login() throws LoginException, RepositoryException {
63 // Session session = super.login();
64 // String username = session.getUserID();
65 // if (username == null)
67 // if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS))
70 // if (checkedUsers.contains(username))
72 // Session adminSession = KernelUtils.openAdminSession(getRepository(),
73 // session.getWorkspace().getName());
75 // syncJcr(adminSession, username);
76 // checkedUsers.add(username);
78 // JcrUtils.logoutQuietly(adminSession);
84 protected void processNewSession(Session session
) {
85 String username
= session
.getUserID();
88 if (session
.getUserID().equals(NodeConstants
.ROLE_ANONYMOUS
))
90 // if (session.getUserID().equals(AuthConstants.ROLE_KERNEL))
92 // if (session.getUserID().equals(SecurityConstants.ADMIN_ID))
95 if (checkedUsers
.contains(username
))
97 Session adminSession
= KernelUtils
.openAdminSession(getRepository(),
98 session
.getWorkspace().getName());
100 syncJcr(adminSession
, username
);
101 checkedUsers
.add(username
);
103 JcrUtils
.logoutQuietly(adminSession
);
110 /** Session is logged out. */
111 private void initJcr(Session adminSession
) {
113 JcrUtils
.mkdirs(adminSession
, homeBasePath
);
114 // JcrUtils.mkdirs(adminSession, peopleBasePath);
117 JcrUtils
.addPrivilege(adminSession
, homeBasePath
,
118 NodeConstants
.ROLE_USER_ADMIN
, Privilege
.JCR_READ
);
119 // JcrUtils.addPrivilege(adminSession, peopleBasePath,
120 // NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
122 } catch (RepositoryException e
) {
123 throw new CmsException("Cannot initialize node user admin", e
);
125 JcrUtils
.logoutQuietly(adminSession
);
129 private void syncJcr(Session session
, String username
) {
131 Node userHome
= NodeUtils
.getUserHome(session
, username
);
132 if (userHome
== null) {
133 String homePath
= generateUserPath(homeBasePath
, username
);
134 if (session
.itemExists(homePath
))// duplicate user id
135 userHome
= session
.getNode(homePath
).getParent()
136 .addNode(JcrUtils
.lastPathElement(homePath
));
138 userHome
= JcrUtils
.mkdirs(session
, homePath
);
139 // userHome = JcrUtils.mkfolders(session, homePath);
140 userHome
.addMixin(NodeTypes
.NODE_USER_HOME
);
141 userHome
.setProperty(NodeNames
.LDAP_UID
, username
);
144 JcrUtils
.clearAccessControList(session
, homePath
, username
);
145 JcrUtils
.addPrivilege(session
, homePath
, username
,
149 // Node userProfile = NodeUtils.getUserProfile(session, username);
151 // if (userProfile == null) {
152 // String personPath = generateUserPath(peopleBasePath, username);
154 // if (session.itemExists(personPath))// duplicate user id
155 // personBase = session.getNode(personPath).getParent()
156 // .addNode(JcrUtils.lastPathElement(personPath));
158 // personBase = JcrUtils.mkdirs(session, personPath);
159 // userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
160 // userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
161 // userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
162 // // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
163 // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED,
165 // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED,
167 // // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
171 // JcrUtils.clearAccessControList(session, userProfile.getPath(),
173 // JcrUtils.addPrivilege(session, userProfile.getPath(), username,
174 // Privilege.JCR_READ);
178 // if (roles != null) {
179 // writeRemoteRoles(userProfile, roles);
181 if (session
.hasPendingChanges())
183 // return userProfile;
184 } catch (RepositoryException e
) {
185 JcrUtils
.discardQuietly(session
);
186 throw new CmsException("Cannot sync node security model for "
191 /** Generate path for a new user home */
192 private String
generateUserPath(String base
, String username
) {
195 dn
= new LdapName(username
);
196 } catch (InvalidNameException e
) {
197 throw new CmsException("Invalid name " + username
, e
);
199 String userId
= dn
.getRdn(dn
.size() - 1).getValue().toString();
200 int atIndex
= userId
.indexOf('@');
202 String domain
= userId
.substring(0, atIndex
);
203 String name
= userId
.substring(atIndex
+ 1);
204 return base
+ '/' + JcrUtils
.firstCharsToPath(domain
, 2) + '/'
205 + domain
+ '/' + JcrUtils
.firstCharsToPath(name
, 2) + '/'
207 } else if (atIndex
== 0 || atIndex
== (userId
.length() - 1)) {
208 throw new CmsException("Unsupported username " + userId
);
210 return base
+ '/' + JcrUtils
.firstCharsToPath(userId
, 2) + '/'