1 package org
.argeo
.security
.jcr
;
6 import javax
.jcr
.RepositoryException
;
7 import javax
.jcr
.Session
;
8 import javax
.jcr
.Value
;
9 import javax
.jcr
.security
.Privilege
;
10 import javax
.jcr
.version
.VersionManager
;
12 import org
.apache
.commons
.logging
.Log
;
13 import org
.apache
.commons
.logging
.LogFactory
;
14 import org
.argeo
.ArgeoException
;
15 import org
.argeo
.jcr
.ArgeoJcrConstants
;
16 import org
.argeo
.jcr
.ArgeoNames
;
17 import org
.argeo
.jcr
.ArgeoTypes
;
18 import org
.argeo
.jcr
.JcrUtils
;
19 import org
.argeo
.jcr
.UserJcrUtils
;
22 * Manages data expected by the Argeo security model, such as user home and
25 public class SimpleJcrSecurityModel
implements JcrSecurityModel
{
26 private final static Log log
= LogFactory
27 .getLog(SimpleJcrSecurityModel
.class);
28 // ArgeoNames not implemented as interface in order to ease derivation by
31 /** The home base path. */
32 private String homeBasePath
= "/home";
34 public synchronized Node
sync(Session session
, String username
,
36 // TODO check user name validity (e.g. should not start by ROLE_)
39 Node userHome
= UserJcrUtils
.getUserHome(session
, username
);
40 if (userHome
== null) {
41 String homePath
= generateUserPath(homeBasePath
, username
);
42 userHome
= JcrUtils
.mkdirs(session
, homePath
);
43 // userHome = JcrUtils.mkfolders(session, homePath);
44 userHome
.addMixin(ArgeoTypes
.ARGEO_USER_HOME
);
45 userHome
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
48 JcrUtils
.clearAccessControList(session
, homePath
, username
);
49 JcrUtils
.addPrivilege(session
, homePath
, username
,
52 // for backward compatibility with pre 1.0 security model
53 if (userHome
.hasNode(ArgeoNames
.ARGEO_PROFILE
)) {
54 userHome
.getNode(ArgeoNames
.ARGEO_PROFILE
).remove();
55 userHome
.getSession().save();
61 // writeRemoteRoles(userHome, roles);
64 Node userProfile
= UserJcrUtils
.getUserProfile(session
, username
);
65 if (userProfile
== null) {
66 String personPath
= generateUserPath(
67 ArgeoJcrConstants
.PEOPLE_BASE_PATH
, username
);
68 Node personBase
= JcrUtils
.mkdirs(session
, personPath
);
69 userProfile
= personBase
.addNode(ArgeoNames
.ARGEO_PROFILE
);
70 userProfile
.addMixin(ArgeoTypes
.ARGEO_USER_PROFILE
);
71 userProfile
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
72 userProfile
.setProperty(ArgeoNames
.ARGEO_ENABLED
, true);
73 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_EXPIRED
,
75 userProfile
.setProperty(ArgeoNames
.ARGEO_ACCOUNT_NON_LOCKED
,
77 userProfile
.setProperty(
78 ArgeoNames
.ARGEO_CREDENTIALS_NON_EXPIRED
, true);
81 JcrUtils
.clearAccessControList(session
, userProfile
.getPath(),
83 JcrUtils
.addPrivilege(session
, userProfile
.getPath(), username
,
86 VersionManager versionManager
= session
.getWorkspace()
88 if (versionManager
.isCheckedOut(userProfile
.getPath()))
89 versionManager
.checkin(userProfile
.getPath());
92 } catch (RepositoryException e
) {
93 JcrUtils
.discardQuietly(session
);
94 throw new ArgeoException("Cannot sync node security model for "
99 /** Generate path for a new user home */
100 protected String
generateUserPath(String base
, String username
) {
101 int atIndex
= username
.indexOf('@');
103 String domain
= username
.substring(0, atIndex
);
104 String name
= username
.substring(atIndex
+ 1);
105 return base
+ '/' + JcrUtils
.firstCharsToPath(domain
, 2) + '/'
106 + domain
+ '/' + JcrUtils
.firstCharsToPath(name
, 2) + '/'
108 } else if (atIndex
== 0 || atIndex
== (username
.length() - 1)) {
109 throw new ArgeoException("Unsupported username " + username
);
111 return base
+ '/' + JcrUtils
.firstCharsToPath(username
, 2) + '/'
116 /** Write remote roles used by remote access in the home directory */
117 protected void writeRemoteRoles(Node userHome
, List
<String
> roles
)
118 throws RepositoryException
{
119 boolean writeRoles
= false;
120 if (userHome
.hasProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
)) {
121 Value
[] remoteRoles
= userHome
.getProperty(
122 ArgeoNames
.ARGEO_REMOTE_ROLES
).getValues();
123 if (remoteRoles
.length
!= roles
.size())
126 for (int i
= 0; i
< remoteRoles
.length
; i
++)
127 if (!remoteRoles
[i
].getString().equals(roles
.get(i
)))
133 userHome
.getSession().getWorkspace().getVersionManager()
134 .checkout(userHome
.getPath());
135 String
[] roleIds
= roles
.toArray(new String
[roles
.size()]);
136 userHome
.setProperty(ArgeoNames
.ARGEO_REMOTE_ROLES
, roleIds
);
137 JcrUtils
.updateLastModified(userHome
);
138 userHome
.getSession().save();
139 userHome
.getSession().getWorkspace().getVersionManager()
140 .checkin(userHome
.getPath());
141 if (log
.isDebugEnabled())
142 log
.debug("Wrote remote roles " + roles
+ " for "
143 + userHome
.getProperty(ArgeoNames
.ARGEO_USER_ID
));
148 public void setHomeBasePath(String homeBasePath
) {
149 this.homeBasePath
= homeBasePath
;