]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove JCR servlet.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / HomeRepository.java
1 package org.argeo.cms.internal.kernel;
2
3 import java.security.PrivilegedAction;
4 import java.text.SimpleDateFormat;
5 import java.util.Date;
6 import java.util.HashSet;
7 import java.util.Set;
8
9 import javax.jcr.Node;
10 import javax.jcr.Repository;
11 import javax.jcr.RepositoryException;
12 import javax.jcr.Session;
13 import javax.jcr.nodetype.NodeType;
14 import javax.jcr.security.Privilege;
15 import javax.naming.InvalidNameException;
16 import javax.naming.ldap.LdapName;
17 import javax.security.auth.Subject;
18 import javax.security.auth.login.LoginContext;
19
20 import org.argeo.cms.CmsException;
21 import org.argeo.jcr.JcrRepositoryWrapper;
22 import org.argeo.jcr.JcrUtils;
23 import org.argeo.node.NodeConstants;
24 import org.argeo.node.NodeNames;
25 import org.argeo.node.NodeTypes;
26 import org.argeo.node.NodeUtils;
27
28 /**
29 * Make sure each user has a home directory available in the default workspace.
30 */
31 class HomeRepository extends JcrRepositoryWrapper implements KernelConstants {
32
33 /** The home base path. */
34 private String homeBasePath = KernelConstants.DEFAULT_HOME_BASE_PATH;
35 private String usersBasePath = KernelConstants.DEFAULT_USERS_BASE_PATH;
36 private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH;
37
38 private Set<String> checkedUsers = new HashSet<String>();
39
40 private SimpleDateFormat usersDatePath = new SimpleDateFormat("YYYY/MM");
41
42 private final boolean remote;
43
44 public HomeRepository(Repository repository, boolean remote) {
45 super(repository);
46 this.remote = remote;
47 putDescriptor(NodeConstants.CN, NodeConstants.HOME);
48 if (!remote) {
49 LoginContext lc;
50 try {
51 lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN);
52 lc.login();
53 } catch (javax.security.auth.login.LoginException e1) {
54 throw new CmsException("Cannot login as systrem", e1);
55 }
56 Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
57
58 @Override
59 public Void run() {
60 try {
61 Session adminSession = getRepository().login();
62 initJcr(adminSession);
63 } catch (RepositoryException e) {
64 throw new CmsException("Cannot init JCR home", e);
65 }
66 return null;
67 }
68
69 });
70 }
71 }
72
73 @Override
74 protected void processNewSession(Session session, String workspaceName) {
75 String username = session.getUserID();
76 if (username == null || username.toString().equals(""))
77 return;
78 if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
79 return;
80
81 if (checkedUsers.contains(username))
82 return;
83 Session adminSession = KernelUtils.openAdminSession(getRepository(), session.getWorkspace().getName());
84 try {
85 syncJcr(adminSession, username, workspaceName);
86 checkedUsers.add(username);
87 } finally {
88 JcrUtils.logoutQuietly(adminSession);
89 }
90 }
91
92 /*
93 * JCR
94 */
95 /** Session is logged out. */
96 private void initJcr(Session adminSession) {
97 try {
98 JcrUtils.mkdirs(adminSession, homeBasePath);
99 JcrUtils.mkdirs(adminSession, groupsBasePath);
100 adminSession.save();
101
102 JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
103 JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
104 adminSession.save();
105 } catch (RepositoryException e) {
106 throw new CmsException("Cannot initialize home repository", e);
107 } finally {
108 JcrUtils.logoutQuietly(adminSession);
109 }
110 }
111
112 protected synchronized void syncJcr(Session adminSession, String username, String workspaceName) {
113 // only in the default workspace
114 if (workspaceName != null)
115 return;
116 // skip system users
117 if (username.endsWith(NodeConstants.ROLES_BASEDN))
118 return;
119
120 try {
121 Node userHome = NodeUtils.getUserHome(adminSession, username);
122 if (userHome == null) {
123 String homePath = generateUserPath(username);
124 if (adminSession.itemExists(homePath))// duplicate user id
125 userHome = adminSession.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
126 else
127 userHome = JcrUtils.mkdirs(adminSession, homePath);
128 // userHome = JcrUtils.mkfolders(session, homePath);
129 userHome.addMixin(NodeTypes.NODE_USER_HOME);
130 userHome.addMixin(NodeType.MIX_CREATED);
131 userHome.setProperty(NodeNames.LDAP_UID, username);
132 adminSession.save();
133
134 JcrUtils.clearAccessControList(adminSession, homePath, username);
135 JcrUtils.addPrivilege(adminSession, homePath, username, Privilege.JCR_ALL);
136 }
137 if (adminSession.hasPendingChanges())
138 adminSession.save();
139 } catch (RepositoryException e) {
140 JcrUtils.discardQuietly(adminSession);
141 throw new CmsException("Cannot sync node security model for " + username, e);
142 }
143 }
144
145 /** Generate path for a new user home */
146 private String generateUserPath(String username) {
147 LdapName dn;
148 try {
149 dn = new LdapName(username);
150 } catch (InvalidNameException e) {
151 throw new CmsException("Invalid name " + username, e);
152 }
153 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
154 int atIndex = userId.indexOf('@');
155 if (atIndex < 0) {
156 return homeBasePath + '/' + userId;
157 } else {
158 return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
159 }
160 // if (atIndex > 0) {
161 // String domain = userId.substring(0, atIndex);
162 // String name = userId.substring(atIndex + 1);
163 // return base + '/' + domain + '/' + name;
164 // } else if (atIndex == 0 || atIndex == (userId.length() - 1)) {
165 // throw new CmsException("Unsupported username " + userId);
166 // } else {
167 // return base + '/' + userId;
168 // }
169 }
170
171 public void createWorkgroup(LdapName dn) {
172 Session adminSession = KernelUtils.openAdminSession(this);
173 String cn = dn.getRdn(dn.size() - 1).getValue().toString();
174 Node newWorkgroup = NodeUtils.getGroupHome(adminSession, cn);
175 if (newWorkgroup != null) {
176 JcrUtils.logoutQuietly(adminSession);
177 throw new CmsException("Workgroup " + newWorkgroup + " already exists for " + dn);
178 }
179 try {
180 // TODO enhance transformation of cn to a valid node name
181 // String relPath = cn.replaceAll("[^a-zA-Z0-9]", "_");
182 String relPath = JcrUtils.replaceInvalidChars(cn);
183 newWorkgroup = JcrUtils.mkdirs(adminSession.getNode(groupsBasePath), relPath, NodeType.NT_UNSTRUCTURED);
184 newWorkgroup.addMixin(NodeTypes.NODE_GROUP_HOME);
185 newWorkgroup.addMixin(NodeType.MIX_CREATED);
186 newWorkgroup.setProperty(NodeNames.LDAP_CN, cn);
187 adminSession.save();
188 JcrUtils.addPrivilege(adminSession, newWorkgroup.getPath(), dn.toString(), Privilege.JCR_ALL);
189 adminSession.save();
190 } catch (RepositoryException e) {
191 throw new CmsException("Cannot create workgroup", e);
192 } finally {
193 JcrUtils.logoutQuietly(adminSession);
194 }
195
196 }
197
198 public boolean isRemote() {
199 return remote;
200 }
201
202 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi