1 package org
.argeo
.security
.jcr
;
4 import javax
.jcr
.RepositoryException
;
5 import javax
.jcr
.Session
;
6 import javax
.jcr
.security
.Privilege
;
7 import javax
.jcr
.version
.VersionManager
;
9 import org
.argeo
.ArgeoException
;
10 import org
.argeo
.jcr
.ArgeoJcrConstants
;
11 import org
.argeo
.jcr
.ArgeoNames
;
12 import org
.argeo
.jcr
.ArgeoTypes
;
13 import org
.argeo
.jcr
.JcrUtils
;
14 import org
.argeo
.jcr
.UserJcrUtils
;
17 * Manages data expected by the Argeo security model, such as user home and
20 public class JcrSecurityModel
{
21 // ArgeoNames not implemented as interface in order to ease derivation by
24 /** The home base path. */
25 private String homeBasePath
= "/home";
28 * To be called before user details are loaded
30 * @return the user profile (whose parent is the user home)
32 public Node
sync(Session session
, String username
) {
33 // TODO check user name validity (e.g. should not start by ROLE_)
36 Node userHome
= UserJcrUtils
.getUserHome(session
, username
);
37 if (userHome
== null) {
38 String homePath
= generateUserPath(homeBasePath
, username
);
39 userHome
= JcrUtils
.mkdirs(session
, homePath
);
40 // userHome = JcrUtils.mkfolders(session, homePath);
41 userHome
.addMixin(ArgeoTypes
.ARGEO_USER_HOME
);
42 userHome
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
45 JcrUtils
.clearAccesControList(session
, homePath
, username
);
46 JcrUtils
.addPrivilege(session
, homePath
, username
,
50 Node userProfile
= UserJcrUtils
.getUserProfile(session
, username
);
51 if (userProfile
== null) {
52 String personPath
= generateUserPath(
53 ArgeoJcrConstants
.PEOPLE_BASE_PATH
, username
);
54 Node personBase
= JcrUtils
.mkdirs(session
, personPath
);
55 userProfile
= personBase
.addNode(ArgeoNames
.ARGEO_PROFILE
);
56 userProfile
.addMixin(ArgeoTypes
.ARGEO_USER_PROFILE
);
57 userProfile
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
58 userProfile
.setProperty(ArgeoNames
.ARGEO_ENABLED
, true);
59 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_EXPIRED
,
61 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_LOCKED
,
63 userProfile
.setProperty(
64 ArgeoNames
.ARGEO_CREDENTIALS_NON_EXPIRED
, true);
67 JcrUtils
.clearAccesControList(session
, userProfile
.getPath(),
69 JcrUtils
.addPrivilege(session
, userProfile
.getPath(), username
,
72 VersionManager versionManager
= session
.getWorkspace()
74 if (versionManager
.isCheckedOut(userProfile
.getPath()))
75 versionManager
.checkin(userProfile
.getPath());
78 } catch (RepositoryException e
) {
79 JcrUtils
.discardQuietly(session
);
80 throw new ArgeoException("Cannot sync node security model for "
85 /** Generate path for a new user home */
86 protected String
generateUserPath(String base
, String username
) {
87 int atIndex
= username
.indexOf('@');
89 String domain
= username
.substring(0, atIndex
);
90 String name
= username
.substring(atIndex
+ 1);
91 return base
+ '/' + JcrUtils
.firstCharsToPath(domain
, 2) + '/'
92 + domain
+ '/' + JcrUtils
.firstCharsToPath(name
, 2) + '/'
94 } else if (atIndex
== 0 || atIndex
== (username
.length() - 1)) {
95 throw new ArgeoException("Unsupported username " + username
);
97 return base
+ '/' + JcrUtils
.firstCharsToPath(username
, 2) + '/'
102 public void setHomeBasePath(String homeBasePath
) {
103 this.homeBasePath
= homeBasePath
;