X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fuseradmin%2Fjackrabbit%2FJackrabbitUserAdminService.java;h=cc6d85b48587c4453b3cd00836860f9cff6881d5;hb=170c56881f05f1028c35e6fe8c6e69dfd764c30e;hp=6b73a3e19af4e182fda24d06aeac4d9b56927a81;hpb=c110010dddf647925707a8dcd19c86e1f5254878;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java index 6b73a3e19..cc6d85b48 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java @@ -1,5 +1,9 @@ package org.argeo.cms.internal.useradmin.jackrabbit; +import static org.argeo.cms.KernelHeader.ROLE_ADMIN; +import static org.argeo.cms.KernelHeader.USERNAME_ADMIN; +import static org.argeo.cms.KernelHeader.USERNAME_DEMO; + import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; @@ -22,6 +26,7 @@ import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials; import org.apache.jackrabbit.core.security.user.UserAccessControlProvider; import org.argeo.ArgeoException; +import org.argeo.cms.CmsException; import org.argeo.cms.KernelHeader; import org.argeo.cms.internal.auth.GrantedAuthorityPrincipal; import org.argeo.cms.internal.auth.JcrSecurityModel; @@ -51,32 +56,44 @@ public class JackrabbitUserAdminService implements UserAdminService, AuthenticationProvider { private final static String JACKR_ADMINISTRATORS = "administrators"; private final static String REP_PRINCIPAL_NAME = "rep:principalName"; + // private final static String REP_PASSWORD = "rep:password"; private Repository repository; private JcrSecurityModel securityModel; private JackrabbitSession adminSession = null; - private String superUserInitialPassword = "demo"; + private String initialPassword = "demo"; public void init() throws RepositoryException { Authentication authentication = SecurityContextHolder.getContext() .getAuthentication(); authentication.getName(); adminSession = (JackrabbitSession) repository.login(); - Authorizable adminGroup = getUserManager().getAuthorizable( - KernelHeader.ROLE_ADMIN); + Authorizable adminGroup = getUserManager().getAuthorizable(ROLE_ADMIN); if (adminGroup == null) { - adminGroup = getUserManager().createGroup(KernelHeader.ROLE_ADMIN); + adminGroup = getUserManager().createGroup(ROLE_ADMIN); adminSession.save(); } + + // create superuser Authorizable superUser = getUserManager().getAuthorizable( - KernelHeader.USERNAME_ADMIN); + USERNAME_ADMIN); if (superUser == null) { - superUser = getUserManager().createUser( - KernelHeader.USERNAME_ADMIN, superUserInitialPassword); + superUser = getUserManager().createUser(USERNAME_ADMIN, + initialPassword); ((Group) adminGroup).addMember(superUser); - securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null); + securityModel.sync(adminSession, USERNAME_ADMIN, null); + adminSession.save(); + + // create demo user only at initialisation + Authorizable demoUser = getUserManager().getAuthorizable( + USERNAME_DEMO); + if (demoUser != null) + throw new CmsException("There is already a demo user"); + demoUser = getUserManager().createUser(USERNAME_DEMO, + initialPassword); + securityModel.sync(adminSession, USERNAME_DEMO, null); adminSession.save(); } securityModel.init(adminSession); @@ -117,20 +134,33 @@ public class JackrabbitUserAdminService implements UserAdminService, @Override public void updateUser(UserDetails userDetails) { try { - User user = (User) getUserManager().getAuthorizable( - userDetails.getUsername()); + String username = userDetails.getUsername(); + User user = (User) getUserManager().getAuthorizable(username); if (user == null) throw new ArgeoException("No user " + userDetails.getUsername()); // new password String newPassword = userDetails.getPassword(); if (!newPassword.trim().equals("")) { - SimpleCredentials sp = new SimpleCredentials( - userDetails.getUsername(), newPassword.toCharArray()); - CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user - .getCredentials(); - if (!credentials.matches(sp)) - user.changePassword(new String(newPassword)); + if (newPassword.startsWith("{SHA-256}")) { + // Already hashed password + throw new CmsException("Cannot import hashed password"); + // Value v = adminSession.getValueFactory().createValue( + // newPassword); + // user.setProperty(REP_PASSWORD, v); + // TODO find a way to deal w/ protected property + // see + // http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/user/UserImporter.html + } else { + SimpleCredentials sp = new SimpleCredentials( + userDetails.getUsername(), + newPassword.toCharArray()); + CryptedSimpleCredentials credentials = (CryptedSimpleCredentials) user + .getCredentials(); + + if (!credentials.matches(sp)) + user.changePassword(new String(newPassword)); + } } List roles = new ArrayList();