X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FHomeRepository.java;h=5c6f419969eed607856e092d66b5e583a256dd8b;hb=9b91329a1c5d7e6b5fc4fae3c21d6019318acc8e;hp=c0cf3e02566f4e989653d7de6f0cca7267643666;hpb=8f0287babced78a1ac54d95cbaece7918aea2814;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java index c0cf3e025..5c6f41996 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java @@ -14,35 +14,30 @@ import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.login.LoginContext; -import org.apache.jackrabbit.core.security.SecurityConstants; -import org.argeo.ArgeoException; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; -import org.argeo.jcr.ArgeoJcrConstants; -import org.argeo.jcr.ArgeoNames; -import org.argeo.jcr.ArgeoTypes; import org.argeo.jcr.JcrRepositoryWrapper; import org.argeo.jcr.JcrUtils; -import org.argeo.jcr.UserJcrUtils; +import org.argeo.node.NodeConstants; +import org.argeo.node.NodeNames; +import org.argeo.node.NodeTypes; +import org.argeo.node.NodeUtils; /** * Make sure each user has a home directory available in the default workspace. */ -class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, ArgeoJcrConstants { - // private final Kernel kernel; - +class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { /** The home base path. */ private String homeBasePath = "/home"; - private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH; + // private String peopleBasePath = NodeConstants.PEOPLE_BASE_PATH; private Set checkedUsers = new HashSet(); public HomeRepository(Repository repository) { - // this.kernel = kernel; - setRepository(repository); + super(repository); + putDescriptor(NodeConstants.CN, NodeConstants.HOME); LoginContext lc; try { - lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_DATA_ADMIN); + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN); lc.login(); } catch (javax.security.auth.login.LoginException e1) { throw new CmsException("Cannot login as systrem", e1); @@ -52,7 +47,8 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar @Override public Void run() { try { - initJcr(getRepository().login()); + Session adminSession = getRepository().login(); + initJcr(adminSession); } catch (RepositoryException e) { throw new CmsException("Cannot init JCR home", e); } @@ -89,12 +85,12 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar String username = session.getUserID(); if (username == null) return; - if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) - return; - if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) - return; - if (session.getUserID().equals(SecurityConstants.ADMIN_ID)) + if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) return; + // if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) + // return; + // if (session.getUserID().equals(SecurityConstants.ADMIN_ID)) + // return; if (checkedUsers.contains(username)) return; @@ -114,11 +110,12 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar private void initJcr(Session adminSession) { try { JcrUtils.mkdirs(adminSession, homeBasePath); - JcrUtils.mkdirs(adminSession, peopleBasePath); + // JcrUtils.mkdirs(adminSession, peopleBasePath); adminSession.save(); - JcrUtils.addPrivilege(adminSession, homeBasePath, AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); - JcrUtils.addPrivilege(adminSession, peopleBasePath, AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); + JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); + // JcrUtils.addPrivilege(adminSession, peopleBasePath, + // NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); adminSession.save(); } catch (RepositoryException e) { throw new CmsException("Cannot initialize node user admin", e); @@ -127,9 +124,9 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar } } - private Node syncJcr(Session session, String username) { + private void syncJcr(Session session, String username) { try { - Node userHome = UserJcrUtils.getUserHome(session, username); + Node userHome = NodeUtils.getUserHome(session, username); if (userHome == null) { String homePath = generateUserPath(homeBasePath, username); if (session.itemExists(homePath))// duplicate user id @@ -137,38 +134,42 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar else userHome = JcrUtils.mkdirs(session, homePath); // userHome = JcrUtils.mkfolders(session, homePath); - userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME); - userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username); + userHome.addMixin(NodeTypes.NODE_USER_HOME); + userHome.setProperty(NodeNames.LDAP_UID, username); session.save(); JcrUtils.clearAccessControList(session, homePath, username); JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL); } - Node userProfile = UserJcrUtils.getUserProfile(session, username); - // new user - if (userProfile == null) { - String personPath = generateUserPath(peopleBasePath, username); - Node personBase; - if (session.itemExists(personPath))// duplicate user id - personBase = session.getNode(personPath).getParent().addNode(JcrUtils.lastPathElement(personPath)); - else - personBase = JcrUtils.mkdirs(session, personPath); - userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE); - userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE); - userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username); - // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true); - // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, - // true); - // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, - // true); - // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, - // true); - session.save(); - - JcrUtils.clearAccessControList(session, userProfile.getPath(), username); - JcrUtils.addPrivilege(session, userProfile.getPath(), username, Privilege.JCR_READ); - } + // Node userProfile = NodeUtils.getUserProfile(session, username); + // // new user + // if (userProfile == null) { + // String personPath = generateUserPath(peopleBasePath, username); + // Node personBase; + // if (session.itemExists(personPath))// duplicate user id + // personBase = session.getNode(personPath).getParent() + // .addNode(JcrUtils.lastPathElement(personPath)); + // else + // personBase = JcrUtils.mkdirs(session, personPath); + // userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE); + // userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE); + // userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username); + // // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true); + // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, + // // true); + // // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, + // // true); + // // + // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, + // // true); + // session.save(); + // + // JcrUtils.clearAccessControList(session, userProfile.getPath(), + // username); + // JcrUtils.addPrivilege(session, userProfile.getPath(), username, + // Privilege.JCR_READ); + // } // Remote roles // if (roles != null) { @@ -176,10 +177,10 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar // } if (session.hasPendingChanges()) session.save(); - return userProfile; + // return userProfile; } catch (RepositoryException e) { JcrUtils.discardQuietly(session); - throw new ArgeoException("Cannot sync node security model for " + username, e); + throw new CmsException("Cannot sync node security model for " + username, e); } } @@ -189,19 +190,18 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants, Ar try { dn = new LdapName(username); } catch (InvalidNameException e) { - throw new ArgeoException("Invalid name " + username, e); + throw new CmsException("Invalid name " + username, e); } String userId = dn.getRdn(dn.size() - 1).getValue().toString(); int atIndex = userId.indexOf('@'); if (atIndex > 0) { String domain = userId.substring(0, atIndex); String name = userId.substring(atIndex + 1); - return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/' + domain + '/' - + JcrUtils.firstCharsToPath(name, 2) + '/' + name; + return base + '/' + domain + '/' + name; } else if (atIndex == 0 || atIndex == (userId.length() - 1)) { - throw new ArgeoException("Unsupported username " + userId); + throw new CmsException("Unsupported username " + userId); } else { - return base + '/' + JcrUtils.firstCharsToPath(userId, 2) + '/' + userId; + return base + '/' + userId; } }