X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FCmsSessionImpl.java;h=b6966765d9534ea1469188dc5a81c06b1cf80fa3;hb=6e6286a551d04ee0993dc7930bd9744f7c9df10e;hp=af29d25945c9eb6b34a084b31f0b6a48b892b83f;hpb=b45e59192a4bb34a6b38a9bfa416b3dc3f6b7892;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java index af29d2594..b6966765d 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsSessionImpl.java @@ -3,6 +3,7 @@ package org.argeo.cms.internal.auth; import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.time.ZonedDateTime; import java.util.Collection; @@ -10,10 +11,12 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Hashtable; import java.util.LinkedHashSet; +import java.util.Locale; import java.util.Map; import java.util.Set; import java.util.UUID; +import javax.crypto.SecretKey; import javax.jcr.Repository; import javax.jcr.Session; import javax.naming.InvalidNameException; @@ -21,14 +24,14 @@ import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; +import javax.security.auth.x500.X500Principal; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.cms.CmsException; +import org.argeo.api.NodeConstants; +import org.argeo.api.security.NodeSecurityUtils; import org.argeo.cms.auth.CmsSession; import org.argeo.jcr.JcrUtils; -import org.argeo.node.NodeConstants; -import org.argeo.node.security.NodeSecurityUtils; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; import org.osgi.framework.InvalidSyntaxException; @@ -36,6 +39,7 @@ import org.osgi.framework.ServiceReference; import org.osgi.framework.ServiceRegistration; import org.osgi.service.useradmin.Authorization; +/** Default CMS session implementation. */ public class CmsSessionImpl implements CmsSession { private final static BundleContext bc = FrameworkUtil.getBundle(CmsSessionImpl.class).getBundleContext(); private final static Log log = LogFactory.getLog(CmsSessionImpl.class); @@ -50,6 +54,7 @@ public class CmsSessionImpl implements CmsSession { private final ZonedDateTime creationTime; private ZonedDateTime end; + private final Locale locale; private ServiceRegistration serviceRegistration; @@ -57,8 +62,11 @@ public class CmsSessionImpl implements CmsSession { private Set dataSessionsInUse = new HashSet<>(); private LinkedHashSet additionalDataSessions = new LinkedHashSet<>(); - public CmsSessionImpl(Subject initialSubject, Authorization authorization, String localSessionId) { + private Map views = new HashMap<>(); + + public CmsSessionImpl(Subject initialSubject, Authorization authorization, Locale locale, String localSessionId) { this.creationTime = ZonedDateTime.now(); + this.locale = locale; this.initialContext = Subject.doAs(initialSubject, new PrivilegedAction() { @Override @@ -75,7 +83,7 @@ public class CmsSessionImpl implements CmsSession { this.userDn = new LdapName(authorization.getName()); this.anonymous = false; } catch (InvalidNameException e) { - throw new CmsException("Invalid user name " + authorization.getName(), e); + throw new IllegalArgumentException("Invalid user name " + authorization.getName(), e); } else { this.userDn = NodeSecurityUtils.ROLE_ANONYMOUS_NAME; @@ -90,15 +98,17 @@ public class CmsSessionImpl implements CmsSession { serviceRegistration = bc.registerService(CmsSession.class, this, props); } - public synchronized void close() { + public void close() { end = ZonedDateTime.now(); serviceRegistration.unregister(); - // TODO check data session in use ? - for (String path : dataSessions.keySet()) - JcrUtils.logoutQuietly(dataSessions.get(path)); - for (Session session : additionalDataSessions) - JcrUtils.logoutQuietly(session); + synchronized (this) { + // TODO check data session in use ? + for (String path : dataSessions.keySet()) + JcrUtils.logoutQuietly(dataSessions.get(path)); + for (Session session : additionalDataSessions) + JcrUtils.logoutQuietly(session); + } try { LoginContext lc; @@ -111,17 +121,25 @@ public class CmsSessionImpl implements CmsSession { } catch (LoginException e) { log.warn("Could not logout " + getSubject() + ": " + e); } - notifyAll(); + log.debug("Closed " + this); } private Subject getSubject() { return Subject.getSubject(initialContext); } + public Set getSecretKeys() { + return getSubject().getPrivateCredentials(SecretKey.class); + } + + public Session newDataSession(String cn, String workspace, Repository repository) { + return login(repository, workspace); + } + public synchronized Session getDataSession(String cn, String workspace, Repository repository) { // FIXME make it more robust if (workspace == null) - workspace = "main"; + workspace = NodeConstants.SYS_WORKSPACE; String path = cn + '/' + workspace; if (dataSessionsInUse.contains(path)) { try { @@ -159,8 +177,8 @@ public class CmsSessionImpl implements CmsSession { return repository.login(workspace); } }); - } catch (Exception e) { - throw new CmsException("Cannot log in " + userDn + " to JCR", e); + } catch (PrivilegedActionException e) { + throw new IllegalStateException("Cannot log in " + userDn + " to JCR", e); } } @@ -168,6 +186,8 @@ public class CmsSessionImpl implements CmsSession { if (additionalDataSessions.contains(session)) { JcrUtils.logoutQuietly(session); additionalDataSessions.remove(session); + if (log.isTraceEnabled()) + log.trace("Remove additional data session " + session); return; } String path = cn + '/' + session.getWorkspace().getName(); @@ -177,6 +197,8 @@ public class CmsSessionImpl implements CmsSession { Session registeredSession = dataSessions.get(path); if (session != registeredSession) log.warn("Data session " + path + " not consistent for " + userDn); + if (log.isTraceEnabled()) + log.trace("Released data session " + session + " for " + path); notifyAll(); } @@ -199,28 +221,31 @@ public class CmsSessionImpl implements CmsSession { return uuid; } - public String getLocalSessionId() { - return localSessionId; - } - - public ServiceRegistration getServiceRegistration() { - return serviceRegistration; - } - @Override public LdapName getUserDn() { return userDn; } + @Override + public String getUserRole() { + return new X500Principal(authorization.getName()).getName(); + } + @Override public String getLocalId() { return localSessionId; } + @Override public boolean isAnonymous() { return anonymous; } + @Override + public Locale getLocale() { + return locale; + } + @Override public ZonedDateTime getCreationTime() { return creationTime; @@ -231,43 +256,50 @@ public class CmsSessionImpl implements CmsSession { return end; } + @Override + public void registerView(String uid, Object view) { + if (views.containsKey(uid)) + throw new IllegalArgumentException("View " + uid + " is already registered."); + views.put(uid, view); + } + public String toString() { return "CMS Session " + userDn + " local=" + localSessionId + ", uuid=" + uuid; } - public static CmsSession getByLocalId(String localId) { + public static CmsSessionImpl getByLocalId(String localId) { Collection> sr; try { sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_LOCAL_ID + "=" + localId + ")"); } catch (InvalidSyntaxException e) { - throw new CmsException("Cannot get CMS session for id " + localId, e); + throw new IllegalArgumentException("Cannot get CMS session for id " + localId, e); } ServiceReference cmsSessionRef; if (sr.size() == 1) { cmsSessionRef = sr.iterator().next(); - return bc.getService(cmsSessionRef); + return (CmsSessionImpl) bc.getService(cmsSessionRef); } else if (sr.size() == 0) { return null; } else - throw new CmsException(sr.size() + " CMS sessions registered for " + localId); + throw new IllegalStateException(sr.size() + " CMS sessions registered for " + localId); } - public static CmsSession getByUuid(String uuid) { + public static CmsSessionImpl getByUuid(Object uuid) { Collection> sr; try { sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_UUID + "=" + uuid + ")"); } catch (InvalidSyntaxException e) { - throw new CmsException("Cannot get CMS session for uuid " + uuid, e); + throw new IllegalArgumentException("Cannot get CMS session for uuid " + uuid, e); } ServiceReference cmsSessionRef; if (sr.size() == 1) { cmsSessionRef = sr.iterator().next(); - return bc.getService(cmsSessionRef); + return (CmsSessionImpl) bc.getService(cmsSessionRef); } else if (sr.size() == 0) { return null; } else - throw new CmsException(sr.size() + " CMS sessions registered for " + uuid); + throw new IllegalStateException(sr.size() + " CMS sessions registered for " + uuid); } @@ -284,7 +316,7 @@ public class CmsSessionImpl implements CmsSession { } } } catch (InvalidSyntaxException e) { - throw new CmsException("Cannot get CMS sessions", e); + throw new IllegalArgumentException("Cannot get CMS sessions", e); } } }