server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/SecurityJcrUtils.java

   1 package org.argeo.jcr.security;
   2
   3 import javax.jcr.Node;
   4 import javax.jcr.RepositoryException;
   5 import javax.jcr.Session;
   6 import javax.jcr.version.VersionManager;
   7
   8 import org.argeo.ArgeoException;
   9 import org.argeo.jcr.ArgeoJcrConstants;
  10 import org.argeo.jcr.ArgeoJcrUtils;
  11 import org.argeo.jcr.ArgeoNames;
  12 import org.argeo.jcr.ArgeoTypes;
  13 import org.argeo.jcr.JcrUtils;
  14
  15 /** Utilities related to Argeo security model in JCR */
  16 public class SecurityJcrUtils implements ArgeoJcrConstants {
  17         /**
  18          * Creates an Argeo user home, does nothing if it already exists. Session is
  19          * NOT saved.
  20          */
  21         public static Node createUserHomeIfNeeded(Session session, String username) {
  22                 try {
  23                         String homePath = generateUserHomePath(username);
  24                         if (session.itemExists(homePath))
  25                                 return session.getNode(homePath);
  26                         else {
  27                                 Node userHome = JcrUtils.mkdirs(session, homePath);
  28                                 userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
  29                                 userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
  30
  31                                 //JcrUtils.addPrivilege(session, homePath, username, "jcr:all");
  32                                 return userHome;
  33                         }
  34                 } catch (RepositoryException e) {
  35                         JcrUtils.discardQuietly(session);
  36                         throw new ArgeoException("Cannot create home for " + username
  37                                         + " in workspace " + session.getWorkspace().getName(), e);
  38                 }
  39         }
  40
  41         private static String generateUserHomePath(String username) {
  42                 String homeBasePath = DEFAULT_HOME_BASE_PATH;
  43                 return homeBasePath + '/' + JcrUtils.firstCharsToPath(username, 2)
  44                                 + '/' + username;
  45         }
  46
  47         /**
  48          * Creates a user profile in the home of this user. Creates the home if
  49          * needed, but throw an exception if a profile already exists. The session
  50          * is not saved and the node is in a checkedOut state (that is, it requires
  51          * a subsequent checkin after saving the session).
  52          */
  53         public static Node createUserProfile(Session session, String username) {
  54                 try {
  55                         Node userHome = createUserHomeIfNeeded(session, username);
  56                         if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
  57                                 throw new ArgeoException(
  58                                                 "There is already a user profile under " + userHome);
  59                         Node userProfile = userHome.addNode(ArgeoNames.ARGEO_PROFILE);
  60                         userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
  61                         userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
  62                         userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
  63                         userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, true);
  64                         userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, true);
  65                         userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
  66                                         true);
  67                         return userProfile;
  68                 } catch (RepositoryException e) {
  69                         JcrUtils.discardQuietly(session);
  70                         throw new ArgeoException("Cannot create user profile for "
  71                                         + username + " in workspace "
  72                                         + session.getWorkspace().getName(), e);
  73                 }
  74         }
  75
  76         /**
  77          * Create user profile if needed, the session IS saved.
  78          *
  79          * @return the user profile
  80          */
  81         public static Node createUserProfileIfNeeded(Session securitySession,
  82                         String username) {
  83                 try {
  84                         Node userHome = createUserHomeIfNeeded(securitySession, username);
  85                         Node userProfile = userHome.hasNode(ArgeoNames.ARGEO_PROFILE) ? userHome
  86                                         .getNode(ArgeoNames.ARGEO_PROFILE) : createUserProfile(
  87                                         securitySession, username);
  88                         if (securitySession.hasPendingChanges())
  89                                 securitySession.save();
  90                         VersionManager versionManager = securitySession.getWorkspace()
  91                                         .getVersionManager();
  92                         if (versionManager.isCheckedOut(userProfile.getPath()))
  93                                 versionManager.checkin(userProfile.getPath());
  94                         return userProfile;
  95                 } catch (RepositoryException e) {
  96                         JcrUtils.discardQuietly(securitySession);
  97                         throw new ArgeoException("Cannot create user profile for "
  98                                         + username + " in workspace "
  99                                         + securitySession.getWorkspace().getName(), e);
 100                 }
 101         }
 102
 103         /**
 104          * @return null if not found *
 105          */
 106         public static Node getUserProfile(Session session, String username) {
 107                 try {
 108                         Node userHome = ArgeoJcrUtils.getUserHome(session, username);
 109                         if (userHome == null)
 110                                 return null;
 111                         if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
 112                                 return userHome.getNode(ArgeoNames.ARGEO_PROFILE);
 113                         else
 114                                 return null;
 115                 } catch (RepositoryException e) {
 116                         throw new ArgeoException(
 117                                         "Cannot find profile for user " + username, e);
 118                 }
 119         }
 120
 121         private SecurityJcrUtils() {
 122         }
 123 }