]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java
2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.security
.jackrabbit
;
18 import java
.util
.ArrayList
;
19 import java
.util
.Iterator
;
20 import java
.util
.List
;
22 import javax
.jcr
.Node
;
23 import javax
.jcr
.RepositoryException
;
24 import javax
.jcr
.Session
;
26 import org
.apache
.commons
.logging
.Log
;
27 import org
.apache
.commons
.logging
.LogFactory
;
28 import org
.apache
.jackrabbit
.api
.JackrabbitSession
;
29 import org
.apache
.jackrabbit
.api
.security
.user
.Group
;
30 import org
.apache
.jackrabbit
.api
.security
.user
.User
;
31 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
32 import org
.argeo
.ArgeoException
;
33 import org
.argeo
.jcr
.ArgeoNames
;
34 import org
.argeo
.security
.jcr
.SimpleJcrSecurityModel
;
36 /** Make sure that user authorizable exists before syncing user directories. */
37 public class JackrabbitSecurityModel
extends SimpleJcrSecurityModel
{
38 private final static Log log
= LogFactory
39 .getLog(JackrabbitSecurityModel
.class);
42 public synchronized Node
sync(Session session
, String username
,
44 if (!(session
instanceof JackrabbitSession
))
45 return super.sync(session
, username
, roles
);
48 UserManager userManager
= ((JackrabbitSession
) session
)
50 User user
= (User
) userManager
.getAuthorizable(username
);
52 String principalName
= user
.getPrincipal().getName();
53 if (!principalName
.equals(username
)) {
54 log
.warn("Jackrabbit principal is '" + principalName
55 + "' but username is '" + username
56 + "'. Recreating...");
58 user
= userManager
.createUser(username
, "");
61 // create new principal
62 user
= userManager
.createUser(username
, "");
63 log
.info(username
+ " added as Jackrabbit user " + user
);
67 Node userProfile
= super.sync(session
, username
, roles
);
69 Boolean enabled
= userProfile
.getProperty(ArgeoNames
.ARGEO_ENABLED
)
71 if (enabled
&& user
.isDisabled())
73 else if (!enabled
&& !user
.isDisabled())
74 user
.disable(userProfile
.getPath() + " is disabled");
76 // Sync Jackrabbit roles
78 syncRoles(userManager
, user
, roles
);
81 } catch (RepositoryException e
) {
82 throw new ArgeoException(
83 "Cannot perform Jackrabbit specific operations", e
);
87 /** Make sure Jackrabbit roles are in line with authentication */
88 void syncRoles(UserManager userManager
, User user
, List
<String
> roles
)
89 throws RepositoryException
{
90 List
<String
> userGroupIds
= new ArrayList
<String
>();
91 for (String role
: roles
) {
92 Group group
= (Group
) userManager
.getAuthorizable(role
);
94 group
= userManager
.createGroup(role
);
95 log
.info(role
+ " added as " + group
);
97 if (!group
.isMember(user
))
98 group
.addMember(user
);
99 userGroupIds
.add(role
);
102 // check if user has not been removed from some groups
103 for (Iterator
<Group
> it
= user
.declaredMemberOf(); it
.hasNext();) {
104 Group group
= it
.next();
105 if (!userGroupIds
.contains(group
.getID()))
106 group
.removeMember(user
);