Fix security

git-svn-id: https://svn.argeo.org/commons/trunk@5568 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/security/plugins/org.argeo.security.ui.admin/META-INF/spring/commands.xml b/security/plugins/org.argeo.security.ui.admin/META-INF/spring/commands.xml
index 94a222d0f9089da84f6470429e26f683e68ddeb7..65a88be37119622359723023db6a70b21f5b62a2 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/META-INF/spring/commands.xml
+++ b/security/plugins/org.argeo.security.ui.admin/META-INF/spring/commands.xml
@@ -11,14 +11,15 @@
        <!-- USERS -->
        <bean id="newUser" class="org.argeo.security.ui.admin.commands.NewUser"
                scope="prototype">
-               <property name="session" ref="session" />
+               <property name="repository" ref="nodeRepository" />
                <property name="userAdminService" ref="userAdminService" />
+               <property name="jcrSecurityModel" ref="jcrSecurityModel" />
        </bean>
 
        <bean id="refreshUsersList" class="org.argeo.security.ui.admin.commands.RefreshUsersList"
                scope="prototype">
                <property name="userAdminService" ref="userAdminService" />
-               <property name="session" ref="session" />
+               <property name="repository" ref="nodeRepository" />
        </bean>
 
        <bean id="deleteUser" class="org.argeo.security.ui.admin.commands.DeleteUser"

diff --git a/security/plugins/org.argeo.security.ui.admin/META-INF/spring/common.xml b/security/plugins/org.argeo.security.ui.admin/META-INF/spring/common.xml
index b034f0362c7fbc70a55559fca98c20163137b430..bb669427a977b0cd5a2cc77ead3c9603abbb246f 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/META-INF/spring/common.xml
+++ b/security/plugins/org.argeo.security.ui.admin/META-INF/spring/common.xml
@@ -14,4 +14,7 @@
        <bean id="session" class="org.argeo.security.jcr.SecureThreadBoundSession">\r
                <property name="repository" ref="nodeRepository" />\r
        </bean>\r
+\r
+       <bean name="jcrSecurityModel" class="org.argeo.security.jackrabbit.JackrabbitSecurityModel" />\r
+\r
 </beans>
\ No newline at end of file

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/NewUser.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/NewUser.java
index dab1b4ce7efba5b5a6f14c0f49e4df055b7636a4..f8ab321a3f79de6067691a550d5806f03041c255 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/NewUser.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/NewUser.java
@@ -15,8 +15,10 @@
  */
 package org.argeo.security.ui.admin.commands;
 
+import javax.jcr.Repository;
 import javax.jcr.Session;
 
+import org.argeo.jcr.JcrUtils;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrSecurityModel;
 import org.argeo.security.ui.admin.wizards.NewUserWizard;
@@ -28,25 +30,29 @@ import org.eclipse.ui.handlers.HandlerUtil;
 
 /** Command handler to set visible or open a Argeo user. */
 public class NewUser extends AbstractHandler {
-       private Session session;
+       private Repository repository;
        private UserAdminService userAdminService;
        private JcrSecurityModel jcrSecurityModel;
 
        public Object execute(ExecutionEvent event) throws ExecutionException {
+               Session session = null;
                try {
+                       session = repository.login();
                        NewUserWizard newUserWizard = new NewUserWizard(session,
-                                       userAdminService,jcrSecurityModel);
+                                       userAdminService, jcrSecurityModel);
                        WizardDialog dialog = new WizardDialog(
                                        HandlerUtil.getActiveShell(event), newUserWizard);
                        dialog.open();
                } catch (Exception e) {
                        throw new ExecutionException("Cannot open wizard", e);
+               } finally {
+                       JcrUtils.logoutQuietly(session);
                }
                return null;
        }
 
-       public void setSession(Session session) {
-               this.session = session;
+       public void setRepository(Repository repository) {
+               this.repository = repository;
        }
 
        public void setUserAdminService(UserAdminService userAdminService) {

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/RefreshUsersList.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/RefreshUsersList.java
index c40d4ab5db7b5cd75ceb0ff8ca4dbc6197d073d3..71ec21c445de98291a9da7836edbe7538316de10 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/RefreshUsersList.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/commands/RefreshUsersList.java
@@ -19,6 +19,7 @@ import java.util.Set;
 
 import javax.jcr.Node;
 import javax.jcr.NodeIterator;
+import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.query.Query;
@@ -40,11 +41,13 @@ import org.eclipse.ui.handlers.HandlerUtil;
  */
 public class RefreshUsersList extends AbstractHandler {
        private UserAdminService userAdminService;
-       private Session session;
+       private Repository repository;
 
        public Object execute(ExecutionEvent event) throws ExecutionException {
                Set<String> users = userAdminService.listUsers();
+               Session session = null;
                try {
+                       session = repository.login();
                        Query query = session
                                        .getWorkspace()
                                        .getQueryManager()
@@ -63,6 +66,8 @@ public class RefreshUsersList extends AbstractHandler {
                } catch (RepositoryException e) {
                        JcrUtils.discardQuietly(session);
                        throw new ArgeoException("Cannot list users", e);
+               } finally {
+                       JcrUtils.logoutQuietly(session);
                }
 
                userAdminService.synchronize();
@@ -77,8 +82,8 @@ public class RefreshUsersList extends AbstractHandler {
                this.userAdminService = userAdminService;
        }
 
-       public void setSession(Session session) {
-               this.session = session;
+       public void setRepository(Repository repository) {
+               this.repository = repository;
        }
 
 }
\ No newline at end of file

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/ArgeoUserEditor.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/ArgeoUserEditor.java
index 3ea3cf81660c048c56cabb7b63423b631e445233..2daae6321d7576acc96281cb3041acafc9d86cd3 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/ArgeoUserEditor.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/ArgeoUserEditor.java
@@ -20,7 +20,6 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 
 import org.argeo.ArgeoException;
-import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.UserJcrUtils;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrUserDetails;
@@ -39,7 +38,8 @@ public class ArgeoUserEditor extends FormEditor {
        public final static String ID = "org.argeo.security.ui.admin.adminArgeoUserEditor";
 
        private JcrUserDetails userDetails;
-       private Node userHome;
+       // private Node userHome;
+       private Node userProfile;
        private UserAdminService userAdminService;
        private Session session;
 
@@ -48,7 +48,7 @@ public class ArgeoUserEditor extends FormEditor {
                super.init(site, input);
                String username = ((ArgeoUserEditorInput) getEditorInput())
                                .getUsername();
-               userHome = UserJcrUtils.getUserHome(session, username);
+               userProfile = UserJcrUtils.getUserProfile(session, username);
 
                if (userAdminService.userExists(username)) {
                        userDetails = (JcrUserDetails) userAdminService
@@ -69,8 +69,7 @@ public class ArgeoUserEditor extends FormEditor {
 
        protected void addPages() {
                try {
-                       addPage(new DefaultUserMainPage(this,
-                                       userHome.getNode(ArgeoNames.ARGEO_PROFILE)));
+                       addPage(new DefaultUserMainPage(this, userProfile));
                        addPage(new UserRolesPage(this, userDetails, userAdminService));
                } catch (Exception e) {
                        throw new ArgeoException("Cannot add pages", e);

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/DefaultUserMainPage.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/DefaultUserMainPage.java
index c19e122fbde34fae1212ca9839c38c8485decb88..39450bc28f8588d61db5ab43c3012d6700ff7a65 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/DefaultUserMainPage.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/editors/DefaultUserMainPage.java
@@ -126,6 +126,7 @@ public class DefaultUserMainPage extends FormPage implements ArgeoNames {
                };
                // if (username != null)
                // username.addModifyListener(new FormPartML(part));
+               commonName.addModifyListener(new FormPartML(part));
                firstName.addModifyListener(new FormPartML(part));
                lastName.addModifyListener(new FormPartML(part));
                email.addModifyListener(new FormPartML(part));

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/views/UsersView.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/views/UsersView.java
index ca89aef446dc49c8c6a9b0360d56545fedf15a77..8879e8fd4e594e0e500244a1fddcd147d632e8a6 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/views/UsersView.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/views/UsersView.java
@@ -31,10 +31,10 @@ import javax.jcr.query.Query;
 import org.argeo.ArgeoException;
 import org.argeo.eclipse.ui.EclipseUiUtils;
 import org.argeo.eclipse.ui.specific.EclipseUiSpecificUtils;
+import org.argeo.jcr.ArgeoJcrConstants;
 import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
-import org.argeo.jcr.UserJcrUtils;
 import org.argeo.security.ui.admin.SecurityAdminPlugin;
 import org.argeo.security.ui.admin.commands.OpenArgeoUserEditor;
 import org.eclipse.core.commands.Command;
@@ -60,13 +60,14 @@ import org.eclipse.ui.handlers.IHandlerService;
 import org.eclipse.ui.part.ViewPart;
 
 /** List all users. */
-public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
+public class UsersView extends ViewPart implements ArgeoNames {
        public final static String ID = "org.argeo.security.ui.admin.adminUsersView";
 
        private TableViewer viewer;
        private Session session;
 
        private UserStructureListener userStructureListener;
+       private UserPropertiesListener userPropertiesListener;
 
        private Font italic;
        private Font bold;
@@ -87,8 +88,13 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
 
                userStructureListener = new UserStructureListener();
                JcrUtils.addListener(session, userStructureListener, Event.NODE_ADDED
-                               | Event.NODE_REMOVED, UserJcrUtils.DEFAULT_HOME_BASE_PATH,
-                               ArgeoTypes.ARGEO_USER_HOME);
+                               | Event.NODE_REMOVED, ArgeoJcrConstants.PEOPLE_BASE_PATH, null);
+               userPropertiesListener = new UserPropertiesListener();
+               JcrUtils.addListener(session, userStructureListener,
+                               Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED
+                                               | Event.PROPERTY_REMOVED,
+                               ArgeoJcrConstants.PEOPLE_BASE_PATH,
+                               ArgeoTypes.ARGEO_USER_PROFILE);
        }
 
        protected TableViewer createTableViewer(final Composite parent) {
@@ -160,8 +166,8 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
 
                        // disabled
                        try {
-                               Node userHome = (Node) elem;
-                               Node userProfile = userHome.getNode(ARGEO_PROFILE);
+                               Node userProfile = (Node) elem;
+                               // Node userProfile = userHome.getNode(ARGEO_PROFILE);
                                if (!userProfile.getProperty(ARGEO_ENABLED).getBoolean())
                                        return italic;
                                else
@@ -173,76 +179,6 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
 
        }
 
-       // protected Table createTable(Composite parent) {
-       // // TODO use a more flexible API
-       // Table table = new Table(parent, SWT.MULTI | SWT.H_SCROLL | SWT.V_SCROLL);
-       // table.setLinesVisible(true);
-       // table.setHeaderVisible(true);
-       // TableColumn column = new TableColumn(table, SWT.LEFT, 0);
-       // column.setText("Username");
-       // column.setWidth(100);
-       // column = new TableColumn(table, SWT.LEFT, 1);
-       // column.setText("Displayed name");
-       // column.setWidth(150);
-       // column = new TableColumn(table, SWT.LEFT, 2);
-       // column.setText("E-mail");
-       // column.setWidth(100);
-       // column = new TableColumn(table, SWT.LEFT, 3);
-       // column.setText("First Name");
-       // column.setWidth(100);
-       // column = new TableColumn(table, SWT.LEFT, 4);
-       // column.setText("Last Name");
-       // column.setWidth(100);
-       // column = new TableColumn(table, SWT.LEFT, 5);
-       // column.setText("Status");
-       // column.setWidth(50);
-       // column = new TableColumn(table, SWT.LEFT, 6);
-       // column.setText("Description");
-       // column.setWidth(200);
-       // return table;
-       // }
-
-       // private class UsersLabelProvider extends LabelProvider implements
-       // ITableLabelProvider {
-       // public String getColumnText(Object element, int columnIndex) {
-       // try {
-       // Node userHome = (Node) element;
-       // Node userProfile = userHome.getNode(ARGEO_PROFILE);
-       // switch (columnIndex) {
-       // case 0:
-       // String username = userHome.getProperty(ARGEO_USER_ID)
-       // .getString();
-       // if (username.equals(session.getUserID()))
-       // return "[" + username + "]";
-       // else
-       // return username;
-       // case 1:
-       // return getProperty(userProfile, Property.JCR_TITLE);
-       // case 2:
-       // return getProperty(userProfile, ARGEO_PRIMARY_EMAIL);
-       // case 3:
-       // return getProperty(userProfile, ARGEO_FIRST_NAME);
-       // case 4:
-       // return getProperty(userProfile, ARGEO_LAST_NAME);
-       // case 5:
-       // return userProfile.getProperty(ARGEO_ENABLED).getBoolean() ? ""
-       // : "disabled";
-       // case 6:
-       // return getProperty(userProfile, Property.JCR_DESCRIPTION);
-       // default:
-       // throw new ArgeoException("Unmanaged column " + columnIndex);
-       // }
-       // } catch (RepositoryException e) {
-       // throw new ArgeoException("Cannot get text", e);
-       // }
-       // }
-       //
-       // public Image getColumnImage(Object element, int columnIndex) {
-       // return null;
-       // }
-       //
-       // }
-
        @Override
        public void setFocus() {
                viewer.getTable().setFocus();
@@ -251,6 +187,7 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
        @Override
        public void dispose() {
                JcrUtils.removeListenerQuietly(session, userStructureListener);
+               JcrUtils.removeListenerQuietly(session, userPropertiesListener);
                super.dispose();
        }
 
@@ -270,8 +207,8 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
 
        protected String getProperty(Object element, String name) {
                try {
-                       Node userHome = (Node) element;
-                       Node userProfile = userHome.getNode(ARGEO_PROFILE);
+                       Node userProfile = (Node) element;
+                       // Node userProfile = userHome.getNode(ARGEO_PROFILE);
                        return userProfile.hasProperty(name) ? userProfile
                                        .getProperty(name).getString() : "";
                } catch (RepositoryException e) {
@@ -287,6 +224,14 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
                }
        }
 
+       private class UserPropertiesListener implements EventListener {
+
+               @Override
+               public void onEvent(EventIterator events) {
+                       viewer.refresh();
+               }
+       }
+
        private class UsersContentProvider implements IStructuredContentProvider {
 
                public Object[] getElements(Object inputElement) {
@@ -295,8 +240,9 @@ public class UsersView extends ViewPart implements ArgeoNames, ArgeoTypes {
                                                .getWorkspace()
                                                .getQueryManager()
                                                .createQuery(
-                                                               "select [" + ARGEO_PROFILE + "] from ["
-                                                                               + ARGEO_USER_HOME + "]", Query.JCR_SQL2);
+                                                               "select * from ["
+                                                                               + ArgeoTypes.ARGEO_USER_PROFILE + "]",
+                                                               Query.JCR_SQL2);
                                NodeIterator nit = query.execute().getNodes();
                                List<Node> userProfiles = new ArrayList<Node>();
                                while (nit.hasNext()) {

diff --git a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/wizards/NewUserWizard.java b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/wizards/NewUserWizard.java
index 719290f10ff5968b90120185f7ede47141bf916b..cfb783303d574ee040ace35c9dfc12f267c101fc 100644 (file)
--- a/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/wizards/NewUserWizard.java
+++ b/security/plugins/org.argeo.security.ui.admin/src/main/java/org/argeo/security/ui/admin/wizards/NewUserWizard.java
@@ -63,8 +63,8 @@ public class NewUserWizard extends Wizard {
                        // Node userProfile = SecurityJcrUtils.createUserProfile(session,
                        // username);
                        Node userProfile = jcrSecurityModel.sync(session, username);
-                       // session.getWorkspace().getVersionManager()
-                       // .checkout(userProfile.getPath());
+                       session.getWorkspace().getVersionManager()
+                                       .checkout(userProfile.getPath());
                        mainUserInfo.mapToProfileNode(userProfile);
                        String password = mainUserInfo.getPassword();
                        // TODO add roles

diff --git a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java
index d897b46b0a0b212c6df7a9bf5bc481062a7fdd07..25bda0fd392d146c9bbf1c3a8bfabce9e4ae53fa 100644 (file)
--- a/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java
+++ b/security/plugins/org.argeo.security.ui.rap/src/main/java/org/argeo/security/ui/rap/RapWorkbenchAdvisor.java
@@ -24,6 +24,8 @@ import org.eclipse.ui.application.WorkbenchWindowAdvisor;
 /** Eclipse RAP specific workbench advisor */
 public class RapWorkbenchAdvisor extends WorkbenchAdvisor {
        public final static String INITIAL_PERSPECTIVE_PROPERTY = "org.argeo.security.ui.initialPerspective";
+       public final static String SAVE_AND_RESTORE_PROPERTY = "org.argeo.security.ui.saveAndRestore";
+
        private String initialPerspective = System.getProperty(
                        INITIAL_PERSPECTIVE_PROPERTY, null);
 
@@ -33,14 +35,14 @@ public class RapWorkbenchAdvisor extends WorkbenchAdvisor {
                this.username = username;
        }
 
-       
        @Override
        public void initialize(IWorkbenchConfigurer configurer) {
                super.initialize(configurer);
-               configurer.setSaveAndRestore(true);
+               Boolean saveAndRestore = Boolean.parseBoolean(System.getProperty(
+                               SAVE_AND_RESTORE_PROPERTY, "false"));
+               configurer.setSaveAndRestore(saveAndRestore);
        }
 
-
        public WorkbenchWindowAdvisor createWorkbenchWindowAdvisor(
                        IWorkbenchWindowConfigurer configurer) {
                return new RapWindowAdvisor(configurer, username);

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
index a33f6d407780c4ef83b8666e7da885c7e1ae56a5..1ace83fcdde604c6d86aff5d8c346da1161570e5 100644 (file)
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
@@ -1116,8 +1116,14 @@ public class JcrUtils implements ArgeoJcrConstants {
                try {
                        session.getWorkspace()
                                        .getObservationManager()
-                                       .addEventListener(listener, eventTypes, basePath, true,
-                                                       null, new String[] { nodeType }, true);
+                                       .addEventListener(
+                                                       listener,
+                                                       eventTypes,
+                                                       basePath,
+                                                       true,
+                                                       null,
+                                                       nodeType == null ? null : new String[] { nodeType },
+                                                       true);
                } catch (RepositoryException e) {
                        throw new ArgeoException("Cannot add JCR listener " + listener
                                        + " to session " + session, e);