X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=c04d820da418d1fd0cf6c8fa4fae813f1e1b1548;hb=3ed9597f6dc8790fabcd60310e7adb2e8b1f13e2;hp=d4daef11f04b1f8205c9f1fa299dd9ca2d4dd3aa;hpb=79566a2b46229093562948d6f5146f579bf5220b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
index d4daef11f..c04d820da 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
@@ -1,11 +1,7 @@
 package org.argeo.cms.internal.kernel;
 
-import static org.argeo.cms.internal.kernel.KernelUtils.getFrameworkProp;
-import static org.argeo.cms.internal.kernel.KernelUtils.getOsgiInstanceDir;
-
-import java.io.File;
-import java.io.IOException;
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Dictionary;
@@ -16,36 +12,33 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import javax.jcr.Node;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.security.Privilege;
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.transaction.TransactionManager;
 
-import org.apache.commons.io.FileUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.ArgeoException;
 import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.AuthConstants;
-import org.argeo.jcr.ArgeoJcrConstants;
-import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.ArgeoTypes;
-import org.argeo.jcr.JcrUtils;
-import org.argeo.jcr.UserJcrUtils;
+import org.argeo.node.NodeConstants;
 import org.argeo.osgi.useradmin.LdapUserAdmin;
 import org.argeo.osgi.useradmin.LdifUserAdmin;
 import org.argeo.osgi.useradmin.UserAdminConf;
 import org.argeo.osgi.useradmin.UserDirectory;
 import org.argeo.osgi.useradmin.UserDirectoryException;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceReference;
+import org.osgi.framework.ServiceRegistration;
+import org.osgi.service.cm.ConfigurationException;
+import org.osgi.service.cm.ManagedServiceFactory;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
+import org.osgi.util.tracker.ServiceTracker;
 
 import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer;
 
@@ -53,7 +46,7 @@ import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer;
  * Aggregates multiple {@link UserDirectory} and integrates them with this node
  * system roles.
  */
-public class NodeUserAdmin implements UserAdmin, KernelConstants {
+class NodeUserAdmin implements UserAdmin, ManagedServiceFactory, KernelConstants {
 	private final static Log log = LogFactory.getLog(NodeUserAdmin.class);
 	final static LdapName ROLES_BASE;
 	static {
@@ -64,48 +57,162 @@ public class NodeUserAdmin implements UserAdmin, KernelConstants {
 		}
 	}
 
+	private final BundleContext bc = FrameworkUtil.getBundle(getClass()).getBundleContext();
+
 	// DAOs
 	private UserAdmin nodeRoles = null;
 	private Map<LdapName, UserAdmin> userAdmins = new HashMap<LdapName, UserAdmin>();
+	private Map<String, LdapName> pidToBaseDn = new HashMap<>();
+
+	private ServiceRegistration<UserAdmin> userAdminReg;
+
+	private final ServiceTracker<TransactionManager, TransactionManager> tmTracker;
 
 	// JCR
-	/** The home base path. */
-	private String homeBasePath = "/home";
-	private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH;
-	private Repository repository;
-	private Session adminSession;
+	// private String homeBasePath = "/home";
+	// private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH;
+	// private Repository repository;
+	// private Session adminSession;
 
 	private final String cacheName = UserDirectory.class.getName();
 
-	public NodeUserAdmin(TransactionManager transactionManager, Repository repository) {
-		this.repository = repository;
+	public NodeUserAdmin() {
+		// DAOs
+		// File nodeBaseDir = new File(getOsgiInstanceDir(), DIR_NODE);
+		// nodeBaseDir.mkdirs();
+		// String userAdminUri = getFrameworkProp(NodeConstants.USERADMIN_URIS);
+		// initUserAdmins(userAdminUri, nodeBaseDir);
+		// String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
+		// initNodeRoles(nodeRolesUri, nodeBaseDir);
+
+		// new ServiceTracker<>(bc, TransactionManager.class, new
+		// TransactionManagerStc()).open();
+		tmTracker = new TransactionManagerStc();
+		tmTracker.open();
+	}
+
+	@Override
+	public void updated(String pid, Dictionary<String, ?> properties) throws ConfigurationException {
+		String uri = (String) properties.get(UserAdminConf.uri.name());
+		URI u;
 		try {
-			this.adminSession = this.repository.login();
-		} catch (RepositoryException e) {
-			throw new CmsException("Cannot log-in", e);
+			u = new URI(uri);
+		} catch (URISyntaxException e) {
+			throw new CmsException("Badly formatted URI " + uri, e);
+		}
+		UserDirectory userDirectory = u.getScheme().equals("ldap") ? new LdapUserAdmin(properties)
+				: new LdifUserAdmin(properties);
+		LdapName baseDn;
+		try {
+			baseDn = new LdapName(userDirectory.getBaseDn());
+		} catch (InvalidNameException e) {
+			throw new CmsException("Badly formatted base DN " + userDirectory.getBaseDn(), e);
+		}
+		if (isRolesDnBase(baseDn)) {
+			nodeRoles = (UserAdmin) userDirectory;
+			userDirectory.setExternalRoles(this);
+		}
+		userDirectory.init();
+		addUserAdmin(baseDn.toString(), (UserAdmin) userDirectory);
+
+		// publish user directory
+		Dictionary<String, Object> regProps = new Hashtable<>();
+		regProps.put(Constants.SERVICE_PID, pid);
+		regProps.put(UserAdminConf.baseDn.name(), baseDn);
+		bc.registerService(UserDirectory.class, userDirectory, regProps);
+		pidToBaseDn.put(pid, baseDn);
+
+		if (log.isDebugEnabled()) {
+			log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled.");
 		}
 
-		// DAOs
-		File nodeBaseDir = new File(getOsgiInstanceDir(), DIR_NODE);
-		nodeBaseDir.mkdirs();
-		String userAdminUri = getFrameworkProp(USERADMIN_URIS);
-		initUserAdmins(userAdminUri, nodeBaseDir);
-		String nodeRolesUri = getFrameworkProp(ROLES_URI);
-		initNodeRoles(nodeRolesUri, nodeBaseDir);
-
-		// Transaction manager
-		((UserDirectory) nodeRoles).setTransactionManager(transactionManager);
-		for (UserAdmin userAdmin : userAdmins.values()) {
-			if (userAdmin instanceof UserDirectory)
-				((UserDirectory) userAdmin).setTransactionManager(transactionManager);
+		if (!isRolesDnBase(baseDn)) {
+			if (userAdminReg != null)
+				userAdminReg.unregister();
+			// register self as main user admin
+			userAdminReg = bc.registerService(UserAdmin.class, this, currentState());
+		}
+	}
+
+	private boolean isRolesDnBase(LdapName baseDn) {
+		return baseDn.equals(ROLES_BASE);
+	}
+
+	@Override
+	public void deleted(String pid) {
+		LdapName baseDn = pidToBaseDn.remove(pid);
+		UserAdmin userAdmin = userAdmins.remove(baseDn);
+		((UserDirectory) userAdmin).destroy();
+	}
+
+	@Override
+	public String getName() {
+		return "Node user admin";
+	}
+
+	private class TransactionManagerStc extends ServiceTracker<TransactionManager, TransactionManager> {
+
+		public TransactionManagerStc() {
+			super(bc, TransactionManager.class, null);
+		}
+
+		@Override
+		public TransactionManager addingService(ServiceReference<TransactionManager> reference) {
+			TransactionManager transactionManager = bc.getService(reference);
+			if (nodeRoles != null)
+				((UserDirectory) nodeRoles).setTransactionManager(transactionManager);
+			for (UserAdmin userAdmin : userAdmins.values()) {
+				if (userAdmin instanceof UserDirectory)
+					((UserDirectory) userAdmin).setTransactionManager(transactionManager);
+			}
+			if (log.isDebugEnabled())
+				log.debug("Set transaction manager");
+			return transactionManager;
+		}
+
+		@Override
+		public void removedService(ServiceReference<TransactionManager> reference, TransactionManager service) {
+			((UserDirectory) nodeRoles).setTransactionManager(null);
+			for (UserAdmin userAdmin : userAdmins.values()) {
+				if (userAdmin instanceof UserDirectory)
+					((UserDirectory) userAdmin).setTransactionManager(null);
+			}
 		}
 
-		// JCR
-		initJcr(adminSession);
 	}
 
-	Dictionary<String, ?> currentState() {
+	// @Deprecated
+	// public NodeUserAdmin(TransactionManager transactionManager, Repository
+	// repository) {
+	// // this.repository = repository;
+	// // try {
+	// // this.adminSession = this.repository.login();
+	// // } catch (RepositoryException e) {
+	// // throw new CmsException("Cannot log-in", e);
+	// // }
+	//
+	// // DAOs
+	// File nodeBaseDir = new File(getOsgiInstanceDir(), DIR_NODE);
+	// nodeBaseDir.mkdirs();
+	// String userAdminUri = getFrameworkProp(NodeConstants.USERADMIN_URIS);
+	// initUserAdmins(userAdminUri, nodeBaseDir);
+	// String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
+	// initNodeRoles(nodeRolesUri, nodeBaseDir);
+	//
+	// // Transaction manager
+	// ((UserDirectory) nodeRoles).setTransactionManager(transactionManager);
+	// for (UserAdmin userAdmin : userAdmins.values()) {
+	// if (userAdmin instanceof UserDirectory)
+	// ((UserDirectory) userAdmin).setTransactionManager(transactionManager);
+	// }
+	//
+	// // JCR
+	// // initJcr(adminSession);
+	// }
+
+	Dictionary<String, Object> currentState() {
 		Dictionary<String, Object> res = new Hashtable<String, Object>();
+		res.put(NodeConstants.CN, NodeConstants.DEFAULT);
 		for (LdapName name : userAdmins.keySet()) {
 			StringBuilder buf = new StringBuilder();
 			if (userAdmins.get(name) instanceof UserDirectory) {
@@ -189,7 +296,7 @@ public class NodeUserAdmin implements UserAdmin, KernelConstants {
 		}
 		Authorization authorization = new NodeAuthorization(rawAuthorization.getName(), rawAuthorization.toString(),
 				systemRoles, rawAuthorization.getRoles());
-		syncJcr(adminSession, authorization);
+		// syncJcr(adminSession, authorization);
 		return authorization;
 	}
 
@@ -197,15 +304,18 @@ public class NodeUserAdmin implements UserAdmin, KernelConstants {
 	// USER ADMIN AGGREGATOR
 	//
 	public void addUserAdmin(String baseDn, UserAdmin userAdmin) {
-		if (userAdmins.containsKey(baseDn))
-			throw new UserDirectoryException("There is already a user admin for " + baseDn);
 		try {
-			userAdmins.put(new LdapName(baseDn), userAdmin);
+			LdapName key = new LdapName(baseDn);
+			if (userAdmins.containsKey(key))
+				throw new UserDirectoryException("There is already a user admin for " + baseDn);
+			userAdmins.put(key, userAdmin);
 		} catch (InvalidNameException e) {
 			throw new UserDirectoryException("Badly formatted base DN " + baseDn, e);
 		}
 		if (userAdmin instanceof UserDirectory) {
+			UserDirectory userDirectory = (UserDirectory) userAdmin;
 			try {
+				userDirectory.setTransactionManager(tmTracker.getService());
 				// FIXME Make it less bitronix dependant
 				EhCacheXAResourceProducer.registerXAResource(cacheName, ((UserDirectory) userAdmin).getXaResource());
 			} catch (Exception e) {
@@ -246,190 +356,207 @@ public class NodeUserAdmin implements UserAdmin, KernelConstants {
 		}
 	}
 
-	private void initUserAdmins(String userAdminUri, File nodeBaseDir) {
-		if (userAdminUri == null) {
-			String demoBaseDn = "dc=example,dc=com";
-			File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif");
-			if (!businessRolesFile.exists())
-				try {
-					FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn + ".ldif"),
-							businessRolesFile);
-				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resource", e);
-				}
-			userAdminUri = businessRolesFile.toURI().toString();
-		}
-		String[] uris = userAdminUri.split(" ");
-		for (String uri : uris) {
-			URI u;
-			try {
-				u = new URI(uri);
-				if (u.getPath() == null)
-					throw new CmsException("URI " + uri + " must have a path in order to determine base DN");
-				if (u.getScheme() == null) {
-					if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
-						u = new File(uri).getCanonicalFile().toURI();
-					else if (!uri.contains("/")) {
-						u = new URI(nodeBaseDir.toURI() + uri);
-						// u = new File(nodeBaseDir, uri).getCanonicalFile()
-						// .toURI();
-					} else
-						throw new CmsException("Cannot interpret " + uri + " as an uri");
-				} else if (u.getScheme().equals("file")) {
-					u = new File(u).getCanonicalFile().toURI();
-				}
-			} catch (Exception e) {
-				throw new CmsException("Cannot interpret " + uri + " as an uri", e);
-			}
-			Dictionary<String, ?> properties = UserAdminConf.uriAsProperties(u.toString());
-			UserDirectory businessRoles;
-			if (u.getScheme().startsWith("ldap")) {
-				businessRoles = new LdapUserAdmin(properties);
-			} else {
-				businessRoles = new LdifUserAdmin(properties);
-			}
-			businessRoles.init();
-			String baseDn = businessRoles.getBaseDn();
-			if (userAdmins.containsKey(baseDn))
-				throw new UserDirectoryException("There is already a user admin for " + baseDn);
-			try {
-				userAdmins.put(new LdapName(baseDn), (UserAdmin) businessRoles);
-			} catch (InvalidNameException e) {
-				throw new UserDirectoryException("Badly formatted base DN " + baseDn, e);
-			}
-			addUserAdmin(businessRoles.getBaseDn(), (UserAdmin) businessRoles);
-			if (log.isDebugEnabled())
-				log.debug("User directory " + businessRoles.getBaseDn() + " [" + u.getScheme() + "] enabled.");
-		}
-
-	}
-
-	private void initNodeRoles(String nodeRolesUri, File nodeBaseDir) {
-		String baseNodeRoleDn = AuthConstants.ROLES_BASEDN;
-		if (nodeRolesUri == null) {
-			File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif");
-			if (!nodeRolesFile.exists())
-				try {
-					FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn + ".ldif"),
-							nodeRolesFile);
-				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resource", e);
-				}
-			nodeRolesUri = nodeRolesFile.toURI().toString();
-		}
-
-		Dictionary<String, ?> nodeRolesProperties = UserAdminConf.uriAsProperties(nodeRolesUri);
-		if (!nodeRolesProperties.get(UserAdminConf.baseDn.property()).equals(baseNodeRoleDn)) {
-			throw new CmsException("Invalid base dn for node roles");
-			// TODO deal with "mounted" roles with a different baseDN
-		}
-		if (nodeRolesUri.startsWith("ldap")) {
-			nodeRoles = new LdapUserAdmin(nodeRolesProperties);
-		} else {
-			nodeRoles = new LdifUserAdmin(nodeRolesProperties);
-		}
-		((UserDirectory) nodeRoles).setExternalRoles(this);
-		((UserDirectory) nodeRoles).init();
-		addUserAdmin(baseNodeRoleDn, (UserAdmin) nodeRoles);
-		if (log.isTraceEnabled())
-			log.trace("Node roles enabled.");
-
-	}
+	// private void initUserAdmins(String userAdminUri, File nodeBaseDir) {
+	// // if (userAdminUri == null) {
+	// // String demoBaseDn = "dc=example,dc=com";
+	// // File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif");
+	// // if (!businessRolesFile.exists())
+	// // try {
+	// //
+	// FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn
+	// // + ".ldif"),
+	// // businessRolesFile);
+	// // } catch (IOException e) {
+	// // throw new CmsException("Cannot copy demo resource", e);
+	// // }
+	// // userAdminUri = businessRolesFile.toURI().toString();
+	// // }
+	// String[] uris = userAdminUri.split(" ");
+	// for (String uri : uris) {
+	// URI u;
+	// try {
+	// u = new URI(uri);
+	// if (u.getPath() == null)
+	// throw new CmsException("URI " + uri + " must have a path in order to
+	// determine base DN");
+	// if (u.getScheme() == null) {
+	// if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
+	// u = new File(uri).getCanonicalFile().toURI();
+	// else if (!uri.contains("/")) {
+	// u = new URI(nodeBaseDir.toURI() + uri);
+	// // u = new File(nodeBaseDir, uri).getCanonicalFile()
+	// // .toURI();
+	// } else
+	// throw new CmsException("Cannot interpret " + uri + " as an uri");
+	// } else if (u.getScheme().equals("file")) {
+	// u = new File(u).getCanonicalFile().toURI();
+	// }
+	// } catch (Exception e) {
+	// throw new CmsException("Cannot interpret " + uri + " as an uri", e);
+	// }
+	// Dictionary<String, ?> properties =
+	// UserAdminConf.uriAsProperties(u.toString());
+	// UserDirectory businessRoles;
+	// if (u.getScheme().startsWith("ldap")) {
+	// businessRoles = new LdapUserAdmin(properties);
+	// } else {
+	// businessRoles = new LdifUserAdmin(properties);
+	// }
+	// businessRoles.init();
+	// String baseDn = businessRoles.getBaseDn();
+	// if (userAdmins.containsKey(baseDn))
+	// throw new UserDirectoryException("There is already a user admin for " +
+	// baseDn);
+	// try {
+	// userAdmins.put(new LdapName(baseDn), (UserAdmin) businessRoles);
+	// } catch (InvalidNameException e) {
+	// throw new UserDirectoryException("Badly formatted base DN " + baseDn, e);
+	// }
+	// addUserAdmin(businessRoles.getBaseDn(), (UserAdmin) businessRoles);
+	// if (log.isDebugEnabled())
+	// log.debug("User directory " + businessRoles.getBaseDn() + " [" +
+	// u.getScheme() + "] enabled.");
+	// }
+	//
+	// }
+	//
+	// private void initNodeRoles(String nodeRolesUri, File nodeBaseDir) {
+	// String baseNodeRoleDn = AuthConstants.ROLES_BASEDN;
+	// if (nodeRolesUri == null) {
+	// File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif");
+	// if (!nodeRolesFile.exists())
+	// try {
+	// FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn
+	// + ".ldif"),
+	// nodeRolesFile);
+	// } catch (IOException e) {
+	// throw new CmsException("Cannot copy demo resource", e);
+	// }
+	// nodeRolesUri = nodeRolesFile.toURI().toString();
+	// }
+	//
+	// Dictionary<String, ?> nodeRolesProperties =
+	// UserAdminConf.uriAsProperties(nodeRolesUri);
+	// if
+	// (!nodeRolesProperties.get(UserAdminConf.baseDn.name()).equals(baseNodeRoleDn))
+	// {
+	// throw new CmsException("Invalid base dn for node roles");
+	// // TODO deal with "mounted" roles with a different baseDN
+	// }
+	// if (nodeRolesUri.startsWith("ldap")) {
+	// nodeRoles = new LdapUserAdmin(nodeRolesProperties);
+	// } else {
+	// nodeRoles = new LdifUserAdmin(nodeRolesProperties);
+	// }
+	// ((UserDirectory) nodeRoles).setExternalRoles(this);
+	// ((UserDirectory) nodeRoles).init();
+	// addUserAdmin(baseNodeRoleDn, (UserAdmin) nodeRoles);
+	// if (log.isTraceEnabled())
+	// log.trace("Node roles enabled.");
+	//
+	// }
 
 	/*
 	 * JCR
 	 */
-	private void initJcr(Session adminSession) {
-		try {
-			JcrUtils.mkdirs(adminSession, homeBasePath);
-			JcrUtils.mkdirs(adminSession, peopleBasePath);
-			adminSession.save();
-
-			JcrUtils.addPrivilege(adminSession, homeBasePath, AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
-			JcrUtils.addPrivilege(adminSession, peopleBasePath, AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
-			adminSession.save();
-		} catch (RepositoryException e) {
-			throw new CmsException("Cannot initialize node user admin", e);
-		}
-	}
-
-	private Node syncJcr(Session session, Authorization authorization) {
-		// TODO check user name validity (e.g. should not start by ROLE_)
-		String username = authorization.getName();
-		// String[] roles = authorization.getRoles();
-		try {
-			Node userHome = UserJcrUtils.getUserHome(session, username);
-			if (userHome == null) {
-				String homePath = generateUserPath(homeBasePath, username);
-				if (session.itemExists(homePath))// duplicate user id
-					userHome = session.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
-				else
-					userHome = JcrUtils.mkdirs(session, homePath);
-				// userHome = JcrUtils.mkfolders(session, homePath);
-				userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
-				userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
-				session.save();
-
-				JcrUtils.clearAccessControList(session, homePath, username);
-				JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL);
-			}
-
-			Node userProfile = UserJcrUtils.getUserProfile(session, username);
-			// new user
-			if (userProfile == null) {
-				String personPath = generateUserPath(peopleBasePath, username);
-				Node personBase;
-				if (session.itemExists(personPath))// duplicate user id
-					personBase = session.getNode(personPath).getParent().addNode(JcrUtils.lastPathElement(personPath));
-				else
-					personBase = JcrUtils.mkdirs(session, personPath);
-				userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
-				userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
-				userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
-				userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
-				userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, true);
-				userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, true);
-				userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true);
-				session.save();
-
-				JcrUtils.clearAccessControList(session, userProfile.getPath(), username);
-				JcrUtils.addPrivilege(session, userProfile.getPath(), username, Privilege.JCR_READ);
-			}
-
-			// Remote roles
-			// if (roles != null) {
-			// writeRemoteRoles(userProfile, roles);
-			// }
-			if (adminSession.hasPendingChanges())
-				adminSession.save();
-			return userProfile;
-		} catch (RepositoryException e) {
-			JcrUtils.discardQuietly(session);
-			throw new ArgeoException("Cannot sync node security model for " + username, e);
-		}
-	}
-
-	/** Generate path for a new user home */
-	private String generateUserPath(String base, String username) {
-		LdapName dn;
-		try {
-			dn = new LdapName(username);
-		} catch (InvalidNameException e) {
-			throw new ArgeoException("Invalid name " + username, e);
-		}
-		String userId = dn.getRdn(dn.size() - 1).getValue().toString();
-		int atIndex = userId.indexOf('@');
-		if (atIndex > 0) {
-			String domain = userId.substring(0, atIndex);
-			String name = userId.substring(atIndex + 1);
-			return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/' + domain + '/'
-					+ JcrUtils.firstCharsToPath(name, 2) + '/' + name;
-		} else if (atIndex == 0 || atIndex == (userId.length() - 1)) {
-			throw new ArgeoException("Unsupported username " + userId);
-		} else {
-			return base + '/' + JcrUtils.firstCharsToPath(userId, 2) + '/' + userId;
-		}
-	}
+	// private void initJcr(Session adminSession) {
+	// try {
+	// JcrUtils.mkdirs(adminSession, homeBasePath);
+	// JcrUtils.mkdirs(adminSession, peopleBasePath);
+	// adminSession.save();
+	//
+	// JcrUtils.addPrivilege(adminSession, homeBasePath,
+	// AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
+	// JcrUtils.addPrivilege(adminSession, peopleBasePath,
+	// AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
+	// adminSession.save();
+	// } catch (RepositoryException e) {
+	// throw new CmsException("Cannot initialize node user admin", e);
+	// }
+	// }
+	//
+	// private Node syncJcr(Session session, Authorization authorization) {
+	// // TODO check user name validity (e.g. should not start by ROLE_)
+	// String username = authorization.getName();
+	// // String[] roles = authorization.getRoles();
+	// try {
+	// Node userHome = UserJcrUtils.getUserHome(session, username);
+	// if (userHome == null) {
+	// String homePath = generateUserPath(homeBasePath, username);
+	// if (session.itemExists(homePath))// duplicate user id
+	// userHome =
+	// session.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
+	// else
+	// userHome = JcrUtils.mkdirs(session, homePath);
+	// // userHome = JcrUtils.mkfolders(session, homePath);
+	// userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
+	// userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+	// session.save();
+	//
+	// JcrUtils.clearAccessControList(session, homePath, username);
+	// JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL);
+	// }
+	//
+	// Node userProfile = UserJcrUtils.getUserProfile(session, username);
+	// // new user
+	// if (userProfile == null) {
+	// String personPath = generateUserPath(peopleBasePath, username);
+	// Node personBase;
+	// if (session.itemExists(personPath))// duplicate user id
+	// personBase =
+	// session.getNode(personPath).getParent().addNode(JcrUtils.lastPathElement(personPath));
+	// else
+	// personBase = JcrUtils.mkdirs(session, personPath);
+	// userProfile = personBase.addNode(ArgeoNames.ARGEO_PROFILE);
+	// userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
+	// userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+	// userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
+	// userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, true);
+	// userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, true);
+	// userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true);
+	// session.save();
+	//
+	// JcrUtils.clearAccessControList(session, userProfile.getPath(), username);
+	// JcrUtils.addPrivilege(session, userProfile.getPath(), username,
+	// Privilege.JCR_READ);
+	// }
+	//
+	// // Remote roles
+	// // if (roles != null) {
+	// // writeRemoteRoles(userProfile, roles);
+	// // }
+	// if (adminSession.hasPendingChanges())
+	// adminSession.save();
+	// return userProfile;
+	// } catch (RepositoryException e) {
+	// JcrUtils.discardQuietly(session);
+	// throw new ArgeoException("Cannot sync node security model for " +
+	// username, e);
+	// }
+	// }
+	//
+	// /** Generate path for a new user home */
+	// private String generateUserPath(String base, String username) {
+	// LdapName dn;
+	// try {
+	// dn = new LdapName(username);
+	// } catch (InvalidNameException e) {
+	// throw new ArgeoException("Invalid name " + username, e);
+	// }
+	// String userId = dn.getRdn(dn.size() - 1).getValue().toString();
+	// int atIndex = userId.indexOf('@');
+	// if (atIndex > 0) {
+	// String domain = userId.substring(0, atIndex);
+	// String name = userId.substring(atIndex + 1);
+	// return base + '/' + JcrUtils.firstCharsToPath(domain, 2) + '/' + domain +
+	// '/'
+	// + JcrUtils.firstCharsToPath(name, 2) + '/' + name;
+	// } else if (atIndex == 0 || atIndex == (userId.length() - 1)) {
+	// throw new ArgeoException("Unsupported username " + userId);
+	// } else {
+	// return base + '/' + JcrUtils.firstCharsToPath(userId, 2) + '/' + userId;
+	// }
+	// }
 
 	// /** Write remote roles used by remote access in the home directory */
 	// private void writeRemoteRoles(Node userHome, String[] roles)