import org.apache.commons.io.IOUtils;
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
try {
if (session.hasPendingChanges())
session.save();
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
if (userHome == null)
throw new ArgeoException("No user home for "
+ session.getUserID());
<reference id="repositoryFactory" interface="javax.jcr.RepositoryFactory" />\r
\r
<!-- SERVICES -->\r
- <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
-\r
<service ref="authenticationManager"\r
interface="org.springframework.security.AuthenticationManager" />\r
\r
</property>
</bean>
- <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
- <property name="authenticationManager" ref="authenticationManager" />
- </bean>
-
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
filter="(argeo.jcr.repository.alias=node)" />\r
\r
<!-- SERVICES -->\r
- <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
<service ref="authenticationManager"\r
interface="org.springframework.security.AuthenticationManager"\r
context-class-loader="service-provider" />\r
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
- <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
- </bean>
-
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<service ref="authenticationManager"\r
interface="org.springframework.security.AuthenticationManager" />\r
\r
- <service ref="systemExecutionService" interface="org.argeo.security.SystemExecutionService" />\r
-\r
<!-- User management -->\r
<service ref="userDetailsManager"\r
interface="org.springframework.security.userdetails.UserDetailsService"\r
<property name="bundleContext" ref="bundleContext" />
</bean>
- <bean id="systemExecutionService" class="org.argeo.security.core.KeyBasedSystemExecutionService">
- <property name="authenticationManager" ref="authenticationManager" />
- <property name="systemAuthenticationKey" value="${argeo.security.systemKey}" />
- </bean>
-
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
import javax.jcr.Session;
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.JcrUtils;
import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrUserDetails;
import org.argeo.security.ui.admin.SecurityAdminPlugin;
super.init(site, input);
String username = ((ArgeoUserEditorInput) getEditorInput())
.getUsername();
- userHome = JcrUtils.getUserHome(session, username);
+ userHome = ArgeoJcrUtils.getUserHome(session, username);
if (userAdminService.userExists(username)) {
userDetails = (JcrUserDetails) userAdminService
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.eclipse.ui.ErrorFeedback;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.argeo.security.UserAdminService;
import org.argeo.security.jcr.JcrUserDetails;
import org.eclipse.jface.wizard.Wizard;
String username = mainUserInfo.getUsername();
try {
- Node userProfile = JcrUtils.createUserProfile(session, username);
+ Node userProfile = SecurityJcrUtils.createUserProfile(session, username);
// session.getWorkspace().getVersionManager()
// .checkout(userProfile.getPath());
mainUserInfo.mapToProfileNode(userProfile);
return true;
} catch (Exception e) {
JcrUtils.discardQuietly(session);
- Node userHome = JcrUtils.getUserHome(session, username);
+ Node userHome = ArgeoJcrUtils.getUserHome(session, username);
if (userHome != null) {
try {
userHome.remove();
/**
* Allows to execute code authenticated as a system user (that is not a real
- * person). The {@link Executor} interface interface is not used directly in
- * order to allow future extension of this interface and to simplify its
- * publication (e.g. as an OSGi service) and interception.
+ * person). The {@link Executor} interface is not used directly in order to
+ * allow future extension of this interface and to simplify its publication
+ * (e.g. as an OSGi service) and interception.
*/
public interface SystemExecutionService extends Executor {
/**
* Executes this {@link Runnable} within a system authenticated context.
* Implementations should make sure that this method is properly secured via
- * Java permissions since it could access to everything without credentials.
+ * Java permissions since it could access everything without credentials.
*/
public void execute(Runnable runnable);
-
+
/**
* Executes this {@link Callable} within a system authenticated context.
* Implementations should make sure that this method is properly secured via
- * Java permissions since it could access to everything without credentials.
+ * Java permissions since it could access everything without credentials.
*/
public <T> Future<T> submit(Callable<T> task);
}
import javax.jcr.Session;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.DisabledException;
import org.springframework.security.GrantedAuthority;
*/
public JcrUserDetails(Session session, String username, String password,
GrantedAuthority[] authorities) throws RepositoryException {
- this(JcrUtils.getUserProfile(session, username),
+ this(SecurityJcrUtils.getUserProfile(session, username),
password != null ? password : "", authorities);
}
import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.argeo.security.OsAuthenticationToken;
import org.argeo.security.core.OsAuthenticationProvider;
import org.springframework.security.Authentication;
// WARNING: at this stage we assume that the java properties
// will have the same value
String username = System.getProperty("user.name");
- Node userProfile = JcrUtils.createUserProfileIfNeeded(
+ Node userProfile = SecurityJcrUtils.createUserProfileIfNeeded(
securitySession, username);
JcrUserDetails.checkAccountStatus(userProfile);
// each user should have a writable area in the default
// workspace of the node
- JcrUtils.createUserHomeIfNeeded(nodeSession, username);
+ SecurityJcrUtils.createUserHomeIfNeeded(nodeSession, username);
userDetails = new JcrUserDetails(userProfile, authen
.getCredentials().toString(), getBaseAuthorities());
authen.setDetails(userDetails);
import org.argeo.ArgeoException;
import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.argeo.security.UserAdminService;
import org.springframework.dao.DataAccessException;
import org.springframework.security.userdetails.UserDetails;
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if (getSPropertyUsername().equals(username)) {
- Node userProfile = JcrUtils.getUserProfile(securitySession,
+ Node userProfile = SecurityJcrUtils.getUserProfile(securitySession,
username);
JcrUserDetails userDetails;
try {
import org.argeo.ArgeoException;
import org.argeo.jcr.ArgeoJcrConstants;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.JcrUtils;
import org.argeo.security.NodeAuthenticationToken;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
String workspace = siteAuth.getSecurityWorkspace();
session = repository.login(sp, workspace);
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
if (userHome == null || !userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
throw new ArgeoException("No profile for user "
+ siteAuth.getName() + " in security workspace "
import java.security.Principal;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
-import java.util.Map;
import java.util.Set;
-import javax.jcr.Node;
-import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import javax.jcr.Value;
-import javax.jcr.ValueFactory;
-import javax.jcr.security.Privilege;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.argeo.ArgeoException;
-import org.argeo.jcr.JcrUtils;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
-/** Intermediary class in order to have a consistent naming in config files. */
+/** Integrates Spring Security and Jackrabbit Security user and roles. */
public class ArgeoSecurityManager extends DefaultSecurityManager {
private Log log = LogFactory.getLog(ArgeoSecurityManager.class);
@Override
public String getUserID(Subject subject, String workspaceName)
throws RepositoryException {
- long begin = System.currentTimeMillis();
-
if (log.isTraceEnabled())
log.trace(subject);
// skip anonymous user (no rights)
if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty())
return super.getUserID(subject, workspaceName);
+ // retrieve Spring authentication from JAAS
+ // TODO? use Spring Security context holder
Authentication authen;
Set<Authentication> authens = subject
.getPrincipals(Authentication.class);
else
authen = authens.iterator().next();
- UserManager systemUm = getSystemUserManager(workspaceName);
+ // sync Spring and Jackrabbit
+ syncSpringAndJackrabbitSecurity(authen);
+
+ return authen.getName();
+ }
+
+ /**
+ * Make sure that the Jackrabbit security model contains this user and its
+ * granted authorities
+ */
+ protected void syncSpringAndJackrabbitSecurity(Authentication authen)
+ throws RepositoryException {
+ long begin = System.currentTimeMillis();
+
+ // workspace is irrelevant here
+ UserManager systemUm = getSystemUserManager(null);
String userId = authen.getName();
User user = (User) systemUm.getAuthorizable(userId);
if (user == null) {
user = systemUm.createUser(userId, authen.getCredentials()
.toString(), authen, null);
- JcrUtils.createUserHomeIfNeeded(getSystemSession(), userId);
- getSystemSession().save();
- setSecurityHomeAuthorizations(user);
+ // SecurityJcrUtils.createUserHomeIfNeeded(getSystemSession(),
+ // userId);
+ // getSystemSession().save();
+ // setSecurityHomeAuthorizations(user);
log.info(userId + " added as " + user);
}
log.trace("Spring and Jackrabbit Security synchronized for user "
+ userId + " in " + (System.currentTimeMillis() - begin)
+ " ms");
- return userId;
}
- protected synchronized void setSecurityHomeAuthorizations(User user) {
- // give read privileges on user security home
- String userId = "<not yet set>";
- try {
- userId = user.getID();
- Node userHome = JcrUtils.getUserHome(getSystemSession(), userId);
- if (userHome == null)
- throw new ArgeoException("No security home available for user "
- + userId);
-
- String path = userHome.getPath();
- Principal principal = user.getPrincipal();
-
- JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager) getSystemSession()
- .getAccessControlManager();
- JackrabbitAccessControlPolicy[] ps = acm
- .getApplicablePolicies(principal);
- if (ps.length == 0) {
- // log.warn("No ACL found for " + user);
- return;
- }
-
- JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];
-
- // add entry
- Privilege[] privileges = new Privilege[] { acm
- .privilegeFromName(Privilege.JCR_READ) };
- Map<String, Value> restrictions = new HashMap<String, Value>();
- ValueFactory vf = getSystemSession().getValueFactory();
- restrictions.put("rep:nodePath",
- vf.createValue(path, PropertyType.PATH));
- restrictions.put("rep:glob", vf.createValue("*"));
- list.addEntry(principal, privileges, true /* allow or deny */,
- restrictions);
- } catch (Exception e) {
- e.printStackTrace();
- throw new ArgeoException(
- "Cannot set authorization on security home for " + userId
- + ": " + e.getMessage());
- }
-
- }
+ // protected synchronized void setSecurityHomeAuthorizations(User user) {
+ // // give read privileges on user security home
+ // String userId = "<not yet set>";
+ // try {
+ // userId = user.getID();
+ // Node userHome = SecurityJcrUtils.getUserHome(getSystemSession(), userId);
+ // if (userHome == null)
+ // throw new ArgeoException("No security home available for user "
+ // + userId);
+ //
+ // String path = userHome.getPath();
+ // Principal principal = user.getPrincipal();
+ //
+ // JackrabbitAccessControlManager acm = (JackrabbitAccessControlManager)
+ // getSystemSession()
+ // .getAccessControlManager();
+ // JackrabbitAccessControlPolicy[] ps = acm
+ // .getApplicablePolicies(principal);
+ // if (ps.length == 0) {
+ // // log.warn("No ACL found for " + user);
+ // return;
+ // }
+ //
+ // JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];
+ //
+ // // add entry
+ // Privilege[] privileges = new Privilege[] { acm
+ // .privilegeFromName(Privilege.JCR_READ) };
+ // Map<String, Value> restrictions = new HashMap<String, Value>();
+ // ValueFactory vf = getSystemSession().getValueFactory();
+ // restrictions.put("rep:nodePath",
+ // vf.createValue(path, PropertyType.PATH));
+ // restrictions.put("rep:glob", vf.createValue("*"));
+ // list.addEntry(principal, privileges, true /* allow or deny */,
+ // restrictions);
+ // } catch (Exception e) {
+ // e.printStackTrace();
+ // throw new ArgeoException(
+ // "Cannot set authorization on security home for " + userId
+ // + ": " + e.getMessage());
+ // }
+ //
+ // }
@Override
protected WorkspaceAccessManager createDefaultWorkspaceAccessManager() {
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.argeo.security.jcr.JcrUserDetails;
import org.springframework.ldap.core.ContextExecutor;
import org.springframework.ldap.core.ContextMapper;
/** Called during authentication in order to retrieve user details */
public UserDetails mapUserFromContext(final DirContextOperations ctx,
final String username, GrantedAuthority[] authorities) {
+ log.debug("mapUserFromContext");
if (ctx == null)
throw new ArgeoException("No LDAP information for user " + username);
- Node userProfile = JcrUtils.createUserProfileIfNeeded(securitySession,
+ Node userProfile = SecurityJcrUtils.createUserProfileIfNeeded(securitySession,
username);
JcrUserDetails.checkAccountStatus(userProfile);
try {
// process
String username = ctx.getStringAttribute(usernameAttribute);
- Node userHome = JcrUtils.createUserHomeIfNeeded(session, username);
+ Node userHome = SecurityJcrUtils.createUserHomeIfNeeded(session, username);
Node userProfile; // = userHome.getNode(ARGEO_PROFILE);
if (userHome.hasNode(ARGEO_PROFILE)) {
userProfile = userHome.getNode(ARGEO_PROFILE);
.checkin(userProfile.getPath());
}
} else {
- userProfile = JcrUtils.createUserProfile(securitySession,
+ userProfile = SecurityJcrUtils.createUserProfile(securitySession,
username);
userProfile.getSession().save();
userProfile.getSession().getWorkspace().getVersionManager()
import javax.jcr.Session;
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.jcr.JcrUserDetails;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.ldap.UserDetailsContextMapper;
-/** Read only mapping from LDAP to user details */
+/** @deprecated Read only mapping from LDAP to user details */
+@Deprecated
public class JcrUserDetailsContextMapper implements UserDetailsContextMapper,
ArgeoNames {
/** Admin session on the security workspace */
final String username, GrantedAuthority[] authorities) {
if (ctx == null)
throw new ArgeoException("No LDAP information for user " + username);
- Node userHome = JcrUtils.getUserHome(securitySession, username);
+ Node userHome = ArgeoJcrUtils.getUserHome(securitySession, username);
if (userHome == null)
throw new ArgeoException("No JCR information for user " + username);
<bean id="addRemoteRepository" class="org.argeo.jcr.ui.explorer.commands.AddRemoteRepository">
<property name="repositoryFactory" ref="repositoryFactory" />
- <property name="bundleContext" ref="bundleContext" />
<property name="keyring" ref="jcrKeyring" />
</bean>
/** Constants used across the application. */
public interface JcrExplorerConstants {
- public final static String PARAM_REPOSITORY_URI = "org.argeo.jcr.ui.explorer.repositoryUri";
-
/*
* MISCEALLENEOUS
*/
import org.argeo.eclipse.ui.TreeParent;
import org.argeo.jcr.ArgeoJcrConstants;
-import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.RepositoryRegister;
import org.argeo.jcr.security.JcrKeyring;
import org.argeo.jcr.ui.explorer.model.RepositoriesNode;
return;
if (userSession != null) {
- Node userHome = JcrUtils.getUserHome(userSession);
+ Node userHome = ArgeoJcrUtils.getUserHome(userSession);
if (userHome != null) {
// TODO : find a way to dynamically get alias for the node
if (homeNode != null)
import org.argeo.ArgeoException;
import org.argeo.eclipse.ui.ErrorFeedback;
import org.argeo.jcr.ArgeoJcrConstants;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
import org.argeo.jcr.security.JcrKeyring;
+import org.argeo.jcr.security.SecurityJcrUtils;
import org.argeo.jcr.ui.explorer.JcrExplorerConstants;
import org.eclipse.core.commands.AbstractHandler;
import org.eclipse.core.commands.ExecutionEvent;
import org.eclipse.swt.widgets.Label;
import org.eclipse.swt.widgets.Shell;
import org.eclipse.swt.widgets.Text;
-import org.osgi.framework.BundleContext;
/**
* Connect to a remote repository and, if successful publish it as an OSGi
JcrExplorerConstants, ArgeoNames {
private RepositoryFactory repositoryFactory;
- private BundleContext bundleContext;
-
private JcrKeyring keyring;
public Object execute(ExecutionEvent event) throws ExecutionException {
- String uri = null;
- if (event.getParameters().containsKey(PARAM_REPOSITORY_URI)) {
- // FIXME remove this
- uri = event.getParameter(PARAM_REPOSITORY_URI);
- if (uri == null)
- return null;
-
- try {
- Hashtable<String, String> params = new Hashtable<String, String>();
- params.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, uri);
- // by default we use the URI as alias
- params.put(ArgeoJcrConstants.JCR_REPOSITORY_ALIAS, uri);
- Repository repository = repositoryFactory.getRepository(params);
- bundleContext.registerService(Repository.class.getName(),
- repository, params);
- } catch (Exception e) {
- ErrorFeedback.show("Cannot add remote repository " + uri, e);
- }
- } else {
- RemoteRepositoryLoginDialog dlg = new RemoteRepositoryLoginDialog(
- Display.getDefault().getActiveShell());
- if (dlg.open() == Dialog.OK) {
- // uri = dlg.getUri();
- }
+ RemoteRepositoryLoginDialog dlg = new RemoteRepositoryLoginDialog(
+ Display.getDefault().getActiveShell());
+ if (dlg.open() == Dialog.OK) {
}
-
return null;
}
this.repositoryFactory = repositoryFactory;
}
- public void setBundleContext(BundleContext bundleContext) {
- this.bundleContext = bundleContext;
- }
-
public void setKeyring(JcrKeyring keyring) {
this.keyring = keyring;
}
Hashtable<String, String> params = new Hashtable<String, String>();
params.put(ArgeoJcrConstants.JCR_REPOSITORY_URI, checkedUriStr);
- // by default we use the URI as alias
- params.put(ArgeoJcrConstants.JCR_REPOSITORY_ALIAS,
- checkedUriStr);
Repository repository = repositoryFactory.getRepository(params);
if (username.getText().trim().equals("")) {// anonymous
session = repository.login();
protected void okPressed() {
try {
Session nodeSession = keyring.getSession();
- Node home = JcrUtils.getUserHome(nodeSession);
+ Node home = ArgeoJcrUtils.getUserHome(nodeSession);
// FIXME better deal with non existing home dir
if (home == null)
- home = JcrUtils.createUserHomeIfNeeded(nodeSession,
+ home = SecurityJcrUtils.createUserHomeIfNeeded(nodeSession,
nodeSession.getUserID());
Node remote = home.hasNode(ARGEO_REMOTE) ? home
import org.argeo.eclipse.ui.ErrorFeedback;
import org.argeo.eclipse.ui.TreeParent;
import org.argeo.jcr.ArgeoJcrConstants;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.JcrUtils;
import org.argeo.jcr.RepositoryRegister;
import org.argeo.jcr.security.JcrKeyring;
protected void addRemoteRepositories(JcrKeyring jcrKeyring)
throws RepositoryException {
Session userSession = jcrKeyring.getSession();
- Node userHome = JcrUtils.getUserHome(userSession);
+ Node userHome = ArgeoJcrUtils.getUserHome(userSession);
if (userHome != null && userHome.hasNode(ARGEO_REMOTE)) {
NodeIterator it = userHome.getNode(ARGEO_REMOTE).getNodes();
while (it.hasNext()) {
doRefresh = true;
else if (element instanceof RepositoryNode) {
RepositoryNode rn = (RepositoryNode) element;
- String[] wkpNames = rn.getAccessibleWorkspaceNames();
- if (element.getChildren().length != wkpNames.length)
- doRefresh = true;
+ if (rn.isConnected()) {
+ String[] wkpNames = rn.getAccessibleWorkspaceNames();
+ if (element.getChildren().length != wkpNames.length)
+ doRefresh = true;
+ }
} else if (element instanceof RepositoriesNode) {
RepositoriesNode rn = (RepositoriesNode) element;
if (element.getChildren().length != rn.getRepositoryRegister()
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.server.SessionProvider;
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.JcrUtils;
userGroupIds.add(it.next().getID());
// write roles if needed
- Node userProfile = JcrUtils.getUserHome(session).getNode(
+ Node userProfile = ArgeoJcrUtils.getUserHome(session).getNode(
ArgeoNames.ARGEO_PROFILE);
boolean writeRoles = false;
if (userProfile.hasProperty(ArgeoNames.ARGEO_REMOTE_ROLES)) {
--- /dev/null
+package org.argeo.jcr;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.jcr.Node;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.RepositoryFactory;
+import javax.jcr.Session;
+
+import org.argeo.ArgeoException;
+
+/** Utilities related to Argeo model in JCR */
+public class ArgeoJcrUtils implements ArgeoJcrConstants {
+ /**
+ * Returns the home node of the session user or null if none was found.
+ *
+ * @param session
+ * the session to use in order to perform the search, this can be
+ * a session with a different user ID than the one searched,
+ * typically when a system or admin session is used.
+ * @param username
+ * the username of the user
+ */
+ public static Node getUserHome(Session session, String username) {
+ try {
+ String homePath = ArgeoJcrUtils.getUserHomePath(username);
+ return session.itemExists(homePath) ? session.getNode(homePath)
+ : null;
+ // kept for example of QOM queries
+ // QueryObjectModelFactory qomf = session.getWorkspace()
+ // .getQueryManager().getQOMFactory();
+ // Selector userHomeSel = qomf.selector(ArgeoTypes.ARGEO_USER_HOME,
+ // "userHome");
+ // DynamicOperand userIdDop = qomf.propertyValue("userHome",
+ // ArgeoNames.ARGEO_USER_ID);
+ // StaticOperand userIdSop = qomf.literal(session.getValueFactory()
+ // .createValue(username));
+ // Constraint constraint = qomf.comparison(userIdDop,
+ // QueryObjectModelFactory.JCR_OPERATOR_EQUAL_TO, userIdSop);
+ // Query query = qomf.createQuery(userHomeSel, constraint, null,
+ // null);
+ // Node userHome = JcrUtils.querySingleNode(query);
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot find home for user " + username, e);
+ }
+ }
+
+ /** Returns the home node of the session user or null if none was found. */
+ public static Node getUserHome(Session session) {
+ String userID = session.getUserID();
+ return getUserHome(session, userID);
+ }
+
+ /** @deprecated Use {@link #getUserHome(Session, String)} directly */
+ @Deprecated
+ public static String getUserHomePath(String username) {
+ String homeBasePath = DEFAULT_HOME_BASE_PATH;
+ return homeBasePath + '/' + JcrUtils.firstCharsToPath(username, 2)
+ + '/' + username;
+ }
+
+ /**
+ * Wraps the call to the repository factory based on parameter
+ * {@link ArgeoJcrConstants#JCR_REPOSITORY_ALIAS} in order to simplify it
+ * and protect against future API changes.
+ */
+ public static Repository getRepositoryByAlias(
+ RepositoryFactory repositoryFactory, String alias) {
+ try {
+ Map<String, String> parameters = new HashMap<String, String>();
+ parameters.put(JCR_REPOSITORY_ALIAS, alias);
+ return repositoryFactory.getRepository(parameters);
+ } catch (RepositoryException e) {
+ throw new ArgeoException(
+ "Unexpected exception when trying to retrieve repository with alias "
+ + alias, e);
+ }
+ }
+
+ /**
+ * Wraps the call to the repository factory based on parameter
+ * {@link ArgeoJcrConstants#JCR_REPOSITORY_URI} in order to simplify it and
+ * protect against future API changes.
+ */
+ public static Repository getRepositoryByUri(
+ RepositoryFactory repositoryFactory, String uri) {
+ try {
+ Map<String, String> parameters = new HashMap<String, String>();
+ parameters.put(JCR_REPOSITORY_URI, uri);
+ return repositoryFactory.getRepository(parameters);
+ } catch (RepositoryException e) {
+ throw new ArgeoException(
+ "Unexpected exception when trying to retrieve repository with uri "
+ + uri, e);
+ }
+ }
+
+ private ArgeoJcrUtils() {
+ }
+
+}
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
-import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.PropertyType;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
-import javax.jcr.RepositoryFactory;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.Workspace;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
-import javax.jcr.version.VersionManager;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
return path.toString();
}
- /**
- * Wraps the call to the repository factory based on parameter
- * {@link ArgeoJcrConstants#JCR_REPOSITORY_ALIAS} in order to simplify it
- * and protect against future API changes.
- */
- public static Repository getRepositoryByAlias(
- RepositoryFactory repositoryFactory, String alias) {
- try {
- Map<String, String> parameters = new HashMap<String, String>();
- parameters.put(JCR_REPOSITORY_ALIAS, alias);
- return repositoryFactory.getRepository(parameters);
- } catch (RepositoryException e) {
- throw new ArgeoException(
- "Unexpected exception when trying to retrieve repository with alias "
- + alias, e);
- }
- }
-
- /**
- * Wraps the call to the repository factory based on parameter
- * {@link ArgeoJcrConstants#JCR_REPOSITORY_URI} in order to simplify it and
- * protect against future API changes.
- */
- public static Repository getRepositoryByUri(
- RepositoryFactory repositoryFactory, String uri) {
- try {
- Map<String, String> parameters = new HashMap<String, String>();
- parameters.put(JCR_REPOSITORY_URI, uri);
- return repositoryFactory.getRepository(parameters);
- } catch (RepositoryException e) {
- throw new ArgeoException(
- "Unexpected exception when trying to retrieve repository with uri "
- + uri, e);
- }
- }
-
/**
* Discards the current changes in the session attached to this node. To be
* used typically in a catch block.
}
}
- /** Returns the home node of the session user or null if none was found. */
- public static Node getUserHome(Session session) {
- String userID = session.getUserID();
- return getUserHome(session, userID);
- }
-
- /** User home path is NOT configurable */
- public static String getUserHomePath(String username) {
- String homeBasePath = DEFAULT_HOME_BASE_PATH;
- return homeBasePath + '/' + firstCharsToPath(username, 2) + '/'
- + username;
- }
-
- /**
- * Returns the home node of the session user or null if none was found.
- *
- * @param session
- * the session to use in order to perform the search, this can be
- * a session with a different user ID than the one searched,
- * typically when a system or admin session is used.
- * @param username
- * the username of the user
- */
- public static Node getUserHome(Session session, String username) {
- try {
- String homePath = getUserHomePath(username);
- return session.itemExists(homePath) ? session.getNode(homePath)
- : null;
- // kept for example of QOM queries
- // QueryObjectModelFactory qomf = session.getWorkspace()
- // .getQueryManager().getQOMFactory();
- // Selector userHomeSel = qomf.selector(ArgeoTypes.ARGEO_USER_HOME,
- // "userHome");
- // DynamicOperand userIdDop = qomf.propertyValue("userHome",
- // ArgeoNames.ARGEO_USER_ID);
- // StaticOperand userIdSop = qomf.literal(session.getValueFactory()
- // .createValue(username));
- // Constraint constraint = qomf.comparison(userIdDop,
- // QueryObjectModelFactory.JCR_OPERATOR_EQUAL_TO, userIdSop);
- // Query query = qomf.createQuery(userHomeSel, constraint, null,
- // null);
- // Node userHome = JcrUtils.querySingleNode(query);
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot find home for user " + username, e);
- }
- }
-
- /**
- * Creates an Argeo user home, does nothing if it already exists. Session is
- * NOT saved.
- */
- public static Node createUserHomeIfNeeded(Session session, String username) {
- try {
- String homePath = getUserHomePath(username);
- if (session.itemExists(homePath))
- return session.getNode(homePath);
- else {
- Node userHome = JcrUtils.mkdirs(session, homePath);
- userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
- userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
- return userHome;
- }
- } catch (RepositoryException e) {
- discardQuietly(session);
- throw new ArgeoException("Cannot create home for " + username
- + " in workspace " + session.getWorkspace().getName(), e);
- }
- }
-
- /**
- * Creates a user profile in the home of this user. Creates the home if
- * needed, but throw an exception if a profile already exists. The session
- * is not saved and the node is in a checkedOut state (that is, it requires
- * a subsequent checkin after saving the session).
- */
- public static Node createUserProfile(Session session, String username) {
- try {
- Node userHome = createUserHomeIfNeeded(session, username);
- if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
- throw new ArgeoException(
- "There is already a user profile under " + userHome);
- Node userProfile = userHome.addNode(ArgeoNames.ARGEO_PROFILE);
- userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
- userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
- userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
- userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, true);
- userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, true);
- userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
- true);
- return userProfile;
- } catch (RepositoryException e) {
- discardQuietly(session);
- throw new ArgeoException("Cannot create user profile for "
- + username + " in workspace "
- + session.getWorkspace().getName(), e);
- }
- }
-
- /**
- * Create user profile if needed, the session IS saved.
- *
- * @return the user profile
- */
- public static Node createUserProfileIfNeeded(Session securitySession,
- String username) {
- try {
- Node userHome = JcrUtils.createUserHomeIfNeeded(securitySession,
- username);
- Node userProfile = userHome.hasNode(ArgeoNames.ARGEO_PROFILE) ? userHome
- .getNode(ArgeoNames.ARGEO_PROFILE) : JcrUtils
- .createUserProfile(securitySession, username);
- if (securitySession.hasPendingChanges())
- securitySession.save();
- VersionManager versionManager = securitySession.getWorkspace()
- .getVersionManager();
- if (versionManager.isCheckedOut(userProfile.getPath()))
- versionManager.checkin(userProfile.getPath());
- return userProfile;
- } catch (RepositoryException e) {
- discardQuietly(securitySession);
- throw new ArgeoException("Cannot create user profile for "
- + username + " in workspace "
- + securitySession.getWorkspace().getName(), e);
- }
- }
-
- /** Creates an Argeo user home. */
- // public static Node createUserHome(Session session, String homeBasePath,
- // String username) {
- // try {
- // if (session == null)
- // throw new ArgeoException("Session is null");
- // if (session.hasPendingChanges())
- // throw new ArgeoException(
- // "Session has pending changes, save them first");
- //
- // String homePath = getUserHomePath(username);
- //
- // if (session.itemExists(homePath)) {
- // try {
- // throw new ArgeoException(
- // "Trying to create a user home that already exists");
- // } catch (Exception e) {
- // // we use this workaround to be sure to get the stack trace
- // // to identify the sink of the bug.
- // log.warn("trying to create an already existing userHome at path:"
- // + homePath + ". Stack trace : ");
- // e.printStackTrace();
- // }
- // }
- //
- // Node userHome = JcrUtils.mkdirs(session, homePath);
- // Node userProfile;
- // if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE)) {
- // log.warn("userProfile node already exists for userHome path: "
- // + homePath + ". We do not add a new one");
- // } else {
- // userProfile = userHome.addNode(ArgeoNames.ARGEO_PROFILE);
- // userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
- // // session.getWorkspace().getVersionManager()
- // // .checkout(userProfile.getPath());
- // userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
- // session.save();
- // session.getWorkspace().getVersionManager()
- // .checkin(userProfile.getPath());
- // // we need to save the profile before adding the user home type
- // }
- // userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
- // // see
- // //
- // http://jackrabbit.510166.n4.nabble.com/Jackrabbit-2-0-beta-6-Problem-adding-a-Mixin-type-with-mandatory-properties-after-setting-propertiesn-td1290332.html
- // userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
- // session.save();
- // return userHome;
- // } catch (RepositoryException e) {
- // discardQuietly(session);
- // throw new ArgeoException("Cannot create home node for user "
- // + username, e);
- // }
- // }
-
- /**
- * Returns user home has path, embedding exceptions. Contrary to
- * {@link #getUserHome(Session)}, it never returns null but throws and
- * exception if not found.
- *
- * @deprecated use getUserHome() instead, throwing an exception if it
- * returns null
- */
- @Deprecated
- public static String getUserHomePath(Session session) {
- String userID = session.getUserID();
- try {
- String homePath = getUserHomePath(userID);
- if (session.itemExists(homePath))
- return homePath;
- else
- throw new ArgeoException("No home registered for " + userID);
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot find user home path", e);
- }
- }
-
- /**
- * @return null if not found *
- */
- public static Node getUserProfile(Session session, String username) {
- try {
- Node userHome = getUserHome(session, username);
- if (userHome == null)
- return null;
- if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
- return userHome.getNode(ArgeoNames.ARGEO_PROFILE);
- else
- return null;
- } catch (RepositoryException e) {
- throw new ArgeoException(
- "Cannot find profile for user " + username, e);
- }
- }
-
- /**
- * Get the profile of the user attached to this session.
- */
- public static Node getUserProfile(Session session) {
- String userID = session.getUserID();
- return getUserProfile(session, userID);
- }
-
/**
* Quietly unregisters an {@link EventListener} from the udnerlying
* workspace of this node.
import org.apache.commons.io.IOUtils;
import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
import org.argeo.jcr.ArgeoNames;
import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
if (notYetSavedKeyring.get() != null)
return true;
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
return userHome.hasNode(ARGEO_KEYRING);
} catch (RepositoryException e) {
throw new ArgeoException("Cannot check whether keyring is setup", e);
Binary binary = null;
InputStream in = null;
try {
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
if (userHome.hasNode(ARGEO_KEYRING))
throw new ArgeoException("Keyring already setup");
Node keyring = userHome.addNode(ARGEO_KEYRING);
@Override
protected void handleKeySpecCallback(PBEKeySpecCallback pbeCallback) {
try {
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
Node keyring;
if (userHome.hasNode(ARGEO_KEYRING))
keyring = userHome.getNode(ARGEO_KEYRING);
protected Cipher createCipher() {
try {
- Node userHome = JcrUtils.getUserHome(session);
+ Node userHome = ArgeoJcrUtils.getUserHome(session);
if (!userHome.hasNode(ARGEO_KEYRING))
throw new ArgeoException("Keyring not setup");
Node keyring = userHome.getNode(ARGEO_KEYRING);
--- /dev/null
+package org.argeo.jcr.security;
+
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.version.VersionManager;
+
+import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrConstants;
+import org.argeo.jcr.ArgeoJcrUtils;
+import org.argeo.jcr.ArgeoNames;
+import org.argeo.jcr.ArgeoTypes;
+import org.argeo.jcr.JcrUtils;
+
+/** Utilities related to Argeo security model in JCR */
+public class SecurityJcrUtils implements ArgeoJcrConstants {
+ /**
+ * Creates an Argeo user home, does nothing if it already exists. Session is
+ * NOT saved.
+ */
+ public static Node createUserHomeIfNeeded(Session session, String username) {
+ try {
+ String homePath = generateUserHomePath(username);
+ if (session.itemExists(homePath))
+ return session.getNode(homePath);
+ else {
+ Node userHome = JcrUtils.mkdirs(session, homePath);
+ userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
+ userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+
+ //JcrUtils.addPrivilege(session, homePath, username, "jcr:all");
+ return userHome;
+ }
+ } catch (RepositoryException e) {
+ JcrUtils.discardQuietly(session);
+ throw new ArgeoException("Cannot create home for " + username
+ + " in workspace " + session.getWorkspace().getName(), e);
+ }
+ }
+
+ private static String generateUserHomePath(String username) {
+ String homeBasePath = DEFAULT_HOME_BASE_PATH;
+ return homeBasePath + '/' + JcrUtils.firstCharsToPath(username, 2)
+ + '/' + username;
+ }
+
+ /**
+ * Creates a user profile in the home of this user. Creates the home if
+ * needed, but throw an exception if a profile already exists. The session
+ * is not saved and the node is in a checkedOut state (that is, it requires
+ * a subsequent checkin after saving the session).
+ */
+ public static Node createUserProfile(Session session, String username) {
+ try {
+ Node userHome = createUserHomeIfNeeded(session, username);
+ if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
+ throw new ArgeoException(
+ "There is already a user profile under " + userHome);
+ Node userProfile = userHome.addNode(ArgeoNames.ARGEO_PROFILE);
+ userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
+ userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+ userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
+ userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED, true);
+ userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED, true);
+ userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
+ true);
+ return userProfile;
+ } catch (RepositoryException e) {
+ JcrUtils.discardQuietly(session);
+ throw new ArgeoException("Cannot create user profile for "
+ + username + " in workspace "
+ + session.getWorkspace().getName(), e);
+ }
+ }
+
+ /**
+ * Create user profile if needed, the session IS saved.
+ *
+ * @return the user profile
+ */
+ public static Node createUserProfileIfNeeded(Session securitySession,
+ String username) {
+ try {
+ Node userHome = createUserHomeIfNeeded(securitySession, username);
+ Node userProfile = userHome.hasNode(ArgeoNames.ARGEO_PROFILE) ? userHome
+ .getNode(ArgeoNames.ARGEO_PROFILE) : createUserProfile(
+ securitySession, username);
+ if (securitySession.hasPendingChanges())
+ securitySession.save();
+ VersionManager versionManager = securitySession.getWorkspace()
+ .getVersionManager();
+ if (versionManager.isCheckedOut(userProfile.getPath()))
+ versionManager.checkin(userProfile.getPath());
+ return userProfile;
+ } catch (RepositoryException e) {
+ JcrUtils.discardQuietly(securitySession);
+ throw new ArgeoException("Cannot create user profile for "
+ + username + " in workspace "
+ + securitySession.getWorkspace().getName(), e);
+ }
+ }
+
+ /**
+ * @return null if not found *
+ */
+ public static Node getUserProfile(Session session, String username) {
+ try {
+ Node userHome = ArgeoJcrUtils.getUserHome(session, username);
+ if (userHome == null)
+ return null;
+ if (userHome.hasNode(ArgeoNames.ARGEO_PROFILE))
+ return userHome.getNode(ArgeoNames.ARGEO_PROFILE);
+ else
+ return null;
+ } catch (RepositoryException e) {
+ throw new ArgeoException(
+ "Cannot find profile for user " + username, e);
+ }
+ }
+
+ private SecurityJcrUtils() {
+ }
+}