X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fuseradmin%2Fjackrabbit%2FJackrabbitUserAdminService.java;h=cc6d85b48587c4453b3cd00836860f9cff6881d5;hb=2b3904582518de706357fd2a8216a47ca77dfc39;hp=983f8e4078529479958a90dcdbd8b547596c6a17;hpb=b0e0bd5cf868321306cdb47697e7d623d6cd466d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
index 983f8e407..cc6d85b48 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
@@ -1,5 +1,9 @@
 package org.argeo.cms.internal.useradmin.jackrabbit;
 
+import static org.argeo.cms.KernelHeader.ROLE_ADMIN;
+import static org.argeo.cms.KernelHeader.USERNAME_ADMIN;
+import static org.argeo.cms.KernelHeader.USERNAME_DEMO;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
@@ -12,7 +16,6 @@ import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
-import javax.jcr.Value;
 import javax.jcr.version.VersionManager;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
@@ -23,6 +26,7 @@ import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
 import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
 import org.argeo.ArgeoException;
+import org.argeo.cms.CmsException;
 import org.argeo.cms.KernelHeader;
 import org.argeo.cms.internal.auth.GrantedAuthorityPrincipal;
 import org.argeo.cms.internal.auth.JcrSecurityModel;
@@ -52,33 +56,44 @@ public class JackrabbitUserAdminService implements UserAdminService,
 		AuthenticationProvider {
 	private final static String JACKR_ADMINISTRATORS = "administrators";
 	private final static String REP_PRINCIPAL_NAME = "rep:principalName";
-	private final static String REP_PASSWORD = "rep:password";
+	// private final static String REP_PASSWORD = "rep:password";
 
 	private Repository repository;
 	private JcrSecurityModel securityModel;
 
 	private JackrabbitSession adminSession = null;
 
-	private String superUserInitialPassword = "demo";
+	private String initialPassword = "demo";
 
 	public void init() throws RepositoryException {
 		Authentication authentication = SecurityContextHolder.getContext()
 				.getAuthentication();
 		authentication.getName();
 		adminSession = (JackrabbitSession) repository.login();
-		Authorizable adminGroup = getUserManager().getAuthorizable(
-				KernelHeader.ROLE_ADMIN);
+		Authorizable adminGroup = getUserManager().getAuthorizable(ROLE_ADMIN);
 		if (adminGroup == null) {
-			adminGroup = getUserManager().createGroup(KernelHeader.ROLE_ADMIN);
+			adminGroup = getUserManager().createGroup(ROLE_ADMIN);
 			adminSession.save();
 		}
+
+		// create superuser
 		Authorizable superUser = getUserManager().getAuthorizable(
-				KernelHeader.USERNAME_ADMIN);
+				USERNAME_ADMIN);
 		if (superUser == null) {
-			superUser = getUserManager().createUser(
-					KernelHeader.USERNAME_ADMIN, superUserInitialPassword);
+			superUser = getUserManager().createUser(USERNAME_ADMIN,
+					initialPassword);
 			((Group) adminGroup).addMember(superUser);
-			securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null);
+			securityModel.sync(adminSession, USERNAME_ADMIN, null);
+			adminSession.save();
+
+			// create demo user only at initialisation
+			Authorizable demoUser = getUserManager().getAuthorizable(
+					USERNAME_DEMO);
+			if (demoUser != null)
+				throw new CmsException("There is already a demo user");
+			demoUser = getUserManager().createUser(USERNAME_DEMO,
+					initialPassword);
+			securityModel.sync(adminSession, USERNAME_DEMO, null);
 			adminSession.save();
 		}
 		securityModel.init(adminSession);
@@ -128,10 +143,14 @@ public class JackrabbitUserAdminService implements UserAdminService,
 			String newPassword = userDetails.getPassword();
 			if (!newPassword.trim().equals("")) {
 				if (newPassword.startsWith("{SHA-256}")) {
-					// Already hashed password					
-					Value v = adminSession.getValueFactory().createValue(
-							newPassword);
-					user.setProperty(REP_PASSWORD, v);
+					// Already hashed password
+					throw new CmsException("Cannot import hashed password");
+					// Value v = adminSession.getValueFactory().createValue(
+					// newPassword);
+					// user.setProperty(REP_PASSWORD, v);
+					// TODO find a way to deal w/ protected property
+					// see
+					// http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/user/UserImporter.html
 				} else {
 					SimpleCredentials sp = new SimpleCredentials(
 							userDetails.getUsername(),