security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/JcrSecurityModel.java

   1 package org.argeo.security.jcr;
   2
   3 import javax.jcr.Node;
   4 import javax.jcr.RepositoryException;
   5 import javax.jcr.Session;
   6 import javax.jcr.security.Privilege;
   7 import javax.jcr.version.VersionManager;
   8
   9 import org.argeo.ArgeoException;
  10 import org.argeo.jcr.ArgeoJcrConstants;
  11 import org.argeo.jcr.ArgeoNames;
  12 import org.argeo.jcr.ArgeoTypes;
  13 import org.argeo.jcr.JcrUtils;
  14 import org.argeo.jcr.UserJcrUtils;
  15
  16 /**
  17  * Manages data expected by the Argeo security model, such as user home and
  18  * profile.
  19  */
  20 public class JcrSecurityModel {
  21         // ArgeoNames not implemented as interface in order to ease derivation by
  22         // Jackrabbit bundles
  23
  24         /** The home base path. */
  25         private String homeBasePath = "/home";
  26
  27         /**
  28          * To be called before user details are loaded
  29          *
  30          * @return the user profile (whose parent is the user home)
  31          */
  32         public Node sync(Session session, String username) {
  33                 // TODO check user name validity (e.g. should not start by ROLE_)
  34
  35                 try {
  36                         Node userHome = UserJcrUtils.getUserHome(session, username);
  37                         if (userHome == null) {
  38                                 String homePath = generateUserPath(homeBasePath, username);
  39                                 userHome = JcrUtils.mkdirs(session, homePath);
  40                                 // userHome = JcrUtils.mkfolders(session, homePath);
  41                                 userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
  42                                 userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
  43                                 session.save();
  44
  45                                 JcrUtils.clearAccesControList(session, homePath, username);
  46                                 JcrUtils.addPrivilege(session, homePath, username,
  47                                                 Privilege.JCR_ALL);
  48                         }
  49
  50                         Node userProfile = UserJcrUtils.getUserProfile(session, username);
  51                         if (userProfile == null) {
  52                                 String personPath = generateUserPath(
  53                                                 ArgeoJcrConstants.PEOPLE_BASE_PATH, username);
  54                                 Node personBase = JcrUtils.mkdirs(session, personPath);
  55                                 userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
  56                                 userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
  57                                 userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
  58                                 userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
  59                                 userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED,
  60                                                 true);
  61                                 userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED,
  62                                                 true);
  63                                 userProfile.setProperty(
  64                                                 ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true);
  65                                 session.save();
  66
  67                                 JcrUtils.clearAccesControList(session, userProfile.getPath(),
  68                                                 username);
  69                                 JcrUtils.addPrivilege(session, userProfile.getPath(), username,
  70                                                 Privilege.JCR_READ);
  71
  72                                 VersionManager versionManager = session.getWorkspace()
  73                                                 .getVersionManager();
  74                                 if (versionManager.isCheckedOut(userProfile.getPath()))
  75                                         versionManager.checkin(userProfile.getPath());
  76                         }
  77                         return userProfile;
  78                 } catch (RepositoryException e) {
  79                         JcrUtils.discardQuietly(session);
  80                         throw new ArgeoException("Cannot sync node security model for "
  81                                         + username, e);
  82                 }
  83         }
  84
  85         /** Generate path for a new user home */
  86         protected String generateUserPath(String base, String username) {
  87                 int atIndex = username.indexOf('@');
  88                 if (atIndex > 0) {
  89                         String domain = username.substring(0, atIndex);
  90                         String name = username.substring(atIndex + 1);
  91                         return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/'
  92                                         + domain + '/' + JcrUtils.firstCharsToPath(name, 2) + '/'
  93                                         + name;
  94                 } else if (atIndex == 0 || atIndex == (username.length() - 1)) {
  95                         throw new ArgeoException("Unsupported username " + username);
  96                 } else {
  97                         return base + '/' + JcrUtils.firstCharsToPath(username, 2) + '/'
  98                                         + username;
  99                 }
 100         }
 101
 102         public void setHomeBasePath(String homeBasePath) {
 103                 this.homeBasePath = homeBasePath;
 104         }
 105
 106 }