package org.argeo.cms;
+import java.security.AccessControlContext;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.jcr.nodetype.NodeType;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
import org.argeo.cms.auth.ArgeoLoginContext;
+import org.argeo.cms.auth.LoginRequiredException;
import org.argeo.cms.i18n.Msg;
import org.argeo.jcr.JcrUtils;
import org.eclipse.rap.rwt.RWT;
import org.eclipse.rap.rwt.client.service.BrowserNavigationEvent;
import org.eclipse.rap.rwt.client.service.BrowserNavigationListener;
import org.eclipse.rap.rwt.client.service.JavaScriptExecutor;
+import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Display;
import org.eclipse.swt.widgets.Shell;
/** Manages history and navigation */
-abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implements
- CmsSession {
+public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
+ implements CmsSession {
private final Log log = LogFactory.getLog(AbstractCmsEntryPoint.class);
- private Subject subject = new Subject();
+ private final Subject subject;
- private Repository repository;
- private String workspace;
- private Session session;
+ private final Repository repository;
+ private final String workspace;
+ private final String defaultPath;
private final Map<String, String> factoryProperties;
- // current state
+ // Current state
+ private Session session;
private Node node;
private String state;
private String page;
private final BrowserNavigation browserNavigation;
public AbstractCmsEntryPoint(Repository repository, String workspace,
- Map<String, String> factoryProperties) {
+ String defaultPath, Map<String, String> factoryProperties) {
this.repository = repository;
this.workspace = workspace;
+ this.defaultPath = defaultPath;
this.factoryProperties = new HashMap<String, String>(factoryProperties);
+ // load context from session
+ HttpServletRequest httpRequest = RWT.getRequest();
+ final HttpSession httpSession = httpRequest.getSession();
+ AccessControlContext acc = (AccessControlContext) httpSession
+ .getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
+ if (acc != null)
+ subject = Subject.getSubject(acc);
+ else
+ subject = new Subject();
+
// Initial login
try {
new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_USER, subject)
.login();
} catch (LoginException e) {
- if (log.isTraceEnabled())
- log.trace("Cannot authenticate user", e);
+ // if (log.isTraceEnabled())
+ // log.trace("Cannot authenticate user", e);
try {
new ArgeoLoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
subject).login();
if (browserNavigation != null)
browserNavigation
.addBrowserNavigationListener(new CmsNavigationListener());
-
- // RWT.setLocale(Locale.FRANCE);
}
@Override
return shell;
}
- /** Recreate header UI */
- protected abstract void refreshHeader();
+ @Override
+ protected final void createContents(final Composite parent) {
+ getShell().getDisplay().setData(CmsSession.KEY, this);
+ Subject.doAs(subject, new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ try {
+ createUi(parent);
+ } catch (Exception e) {
+ throw new CmsException("Cannot create entrypoint contents",
+ e);
+ }
+ return null;
+ }
+ });
+ }
- /** Recreate body UI */
- protected abstract void refreshBody();
+ /** Create UI */
+ protected abstract void createUi(Composite parent);
+
+ /** Recreate UI after navigation or auth change */
+ protected abstract void refresh();
/**
* The node to return when no node was found (for authenticated users and
* anonymous)
*/
- protected abstract Node getDefaultNode(Session session)
- throws RepositoryException;
-
- /**
- * Reasonable default since it is a nt:hierarchyNode and is thus compatible
- * with the obvious default folder type, nt:folder, conceptual equivalent of
- * an empty text file in an operating system. To be overridden.
- */
- protected String getDefaultNewNodeType() {
- return CmsTypes.CMS_TEXT;
- }
-
- /** Default new folder type (used in mkdirs) is nt:folder. To be overridden. */
- protected String getDefaultNewFolderType() {
- return NodeType.NT_FOLDER;
+ protected Node getDefaultNode(Session session) throws RepositoryException {
+ if (!session.hasPermission(defaultPath, "read")) {
+ if (session.getUserID().equals("anonymous"))
+ throw new LoginRequiredException();
+ else
+ throw new CmsException("Unauthorized");
+ }
+ return session.getNode(defaultPath);
}
protected String getBaseTitle() {
public void navigateTo(String state) {
exception = null;
String title = setState(state);
- refreshBody();
+ doRefresh();
if (browserNavigation != null)
browserNavigation.pushState(state, title);
}
@Override
public void authChange() {
- try {
- String currentPath = null;
- if (node != null)
- currentPath = node.getPath();
- JcrUtils.logoutQuietly(session);
-
- session = repository.login(workspace);
- if (currentPath != null)
- node = session.getNode(currentPath);
-
- // refresh UI
- refreshHeader();
- refreshBody();
- } catch (RepositoryException e) {
- throw new CmsException("Cannot perform auth change", e);
- }
+ Subject.doAs(subject, new PrivilegedAction<Void>() {
+
+ @Override
+ public Void run() {
+ try {
+ String currentPath = null;
+ if (node != null)
+ currentPath = node.getPath();
+ JcrUtils.logoutQuietly(session);
+
+ session = repository.login(workspace);
+ if (currentPath != null)
+ try {
+ node = session.getNode(currentPath);
+ } catch (Exception e) {
+ try {
+ // TODO find a less hacky way to log out
+ new ArgeoLoginContext(
+ KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
+ subject).logout();
+ new ArgeoLoginContext(
+ KernelHeader.LOGIN_CONTEXT_ANONYMOUS,
+ subject).login();
+ } catch (LoginException eAnonymous) {
+ throw new ArgeoException(
+ "Cannot reset to anonymous", eAnonymous);
+ }
+ JcrUtils.logoutQuietly(session);
+ session = repository.login(workspace);
+ navigateTo("~");
+ throw e;
+ }
+
+ // refresh UI
+ doRefresh();
+ } catch (RepositoryException e) {
+ throw new CmsException("Cannot perform auth change", e);
+ }
+ return null;
+ }
+
+ });
}
@Override
- public void exception(Throwable e) {
- this.exception = e;
+ public void exception(final Throwable e) {
+ AbstractCmsEntryPoint.this.exception = e;
log.error("Unexpected exception in CMS", e);
- refreshBody();
+ doRefresh();
+ }
+
+ protected void doRefresh() {
+ Subject.doAs(subject, new PrivilegedAction<Void>() {
+ @Override
+ public Void run() {
+ refresh();
+ return null;
+ }
+ });
}
@Override
try {
int firstSlash = state.indexOf('/');
if (firstSlash == 0) {
- if (!session.nodeExists(state))
- node = addNode(session, state, null);
- else
+ if (session.nodeExists(state))
node = session.getNode(state);
+ else
+ throw new CmsException("Data " + state + " does not exist");
page = "";
} else if (firstSlash > 0) {
String prefix = state.substring(0, firstSlash);
String path = state.substring(firstSlash);
- if (session.getWorkspace().getNodeTypeManager()
- .hasNodeType(prefix)) {
- String nodeType = prefix;
- if (!session.nodeExists(path))
- node = addNode(session, path, nodeType);
- else {
- node = session.getNode(path);
- if (!node.isNodeType(nodeType))
- throw new CmsException("Node " + path
- + " not of type " + nodeType);
- }
- } else if ("delete".equals(prefix)) {
- if (session.itemExists(path)) {
- Node nodeToDelete = session.getNode(path);
- // TODO "Are you sure?"
- nodeToDelete.remove();
- session.save();
- log.debug("Deleted " + path);
- navigateTo(previousState);
- } else
- throw new CmsException("Data " + path
- + " does not exist");
- } else {
- if (session.itemExists(path))
- node = session.getNode(path);
- else
- throw new CmsException("Data " + path
- + " does not exist");
- }
+ if (session.nodeExists(path))
+ node = session.getNode(path);
+ else
+ throw new CmsException("Data " + path + " does not exist");
page = prefix;
} else {
node = getDefaultNode(session);
+ page + ", title=" + title + ")");
return title;
-
} catch (Exception e) {
+ log.error("Cannot set state '" + state + "'", e);
if (previousState.equals(""))
previousState = "~";
navigateTo(previousState);
}
}
- protected Node addNode(Session session, String path, String nodeType)
- throws RepositoryException {
- return JcrUtils.mkdirs(session, path, nodeType != null ? nodeType
- : getDefaultNewNodeType(), getDefaultNewFolderType(), false);
- // not saved, so that the UI can discard it later on
- }
-
protected Node getNode() {
return node;
}
- @Override
- public String getState() {
+ protected String getState() {
return state;
}
- // String getPage() {
- // return page;
- // }
-
protected Throwable getException() {
return exception;
}
@Override
public void navigated(BrowserNavigationEvent event) {
setState(event.getState());
- refreshBody();
+ refresh();
}
}
-
-}
+}
\ No newline at end of file