]> git.argeo.org Git - lgpl/argeo-commons.git/blob - jcr/internal/EgoRepository.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / jcr / internal / EgoRepository.java
1 package org.argeo.cms.jcr.internal;
2
3 import java.security.PrivilegedAction;
4 import java.text.SimpleDateFormat;
5 import java.util.HashSet;
6 import java.util.Set;
7
8 import javax.jcr.Node;
9 import javax.jcr.Property;
10 import javax.jcr.Repository;
11 import javax.jcr.RepositoryException;
12 import javax.jcr.Session;
13 import javax.jcr.nodetype.NodeType;
14 import javax.jcr.security.Privilege;
15 import javax.naming.InvalidNameException;
16 import javax.naming.ldap.LdapName;
17 import javax.security.auth.Subject;
18 import javax.security.auth.login.LoginContext;
19
20 import org.argeo.api.cms.CmsAuth;
21 import org.argeo.api.cms.CmsConstants;
22 import org.argeo.cms.CmsException;
23 import org.argeo.cms.jcr.CmsJcrUtils;
24 import org.argeo.jcr.JcrException;
25 import org.argeo.jcr.JcrRepositoryWrapper;
26 import org.argeo.jcr.JcrUtils;
27
28 /**
29 * Make sure each user has a home directory available.
30 */
31 class EgoRepository extends JcrRepositoryWrapper implements KernelConstants {
32
33 /** The home base path. */
34 // private String homeBasePath = KernelConstants.DEFAULT_HOME_BASE_PATH;
35 // private String usersBasePath = KernelConstants.DEFAULT_USERS_BASE_PATH;
36 // private String groupsBasePath = KernelConstants.DEFAULT_GROUPS_BASE_PATH;
37
38 private Set<String> checkedUsers = new HashSet<String>();
39
40 private SimpleDateFormat usersDatePath = new SimpleDateFormat("YYYY/MM");
41
42 private String defaultHomeWorkspace = CmsConstants.HOME_WORKSPACE;
43 private String defaultGroupsWorkspace = CmsConstants.SRV_WORKSPACE;
44 // private String defaultGuestsWorkspace = NodeConstants.GUESTS_WORKSPACE;
45 private final boolean remote;
46
47 public EgoRepository(Repository repository, boolean remote) {
48 super(repository);
49 this.remote = remote;
50 putDescriptor(CmsConstants.CN, CmsConstants.EGO_REPOSITORY);
51 if (!remote) {
52 LoginContext lc;
53 try {
54 lc = new LoginContext(CmsAuth.LOGIN_CONTEXT_DATA_ADMIN);
55 lc.login();
56 } catch (javax.security.auth.login.LoginException e1) {
57 throw new IllegalStateException("Cannot login as system", e1);
58 }
59 Subject.doAs(lc.getSubject(), new PrivilegedAction<Void>() {
60
61 @Override
62 public Void run() {
63 loginOrCreateWorkspace(defaultHomeWorkspace);
64 loginOrCreateWorkspace(defaultGroupsWorkspace);
65 return null;
66 }
67
68 });
69 }
70 }
71
72 private void loginOrCreateWorkspace(String workspace) {
73 Session adminSession = null;
74 try {
75 adminSession = JcrUtils.loginOrCreateWorkspace(getRepository(workspace), workspace);
76 // JcrUtils.addPrivilege(adminSession, "/", NodeConstants.ROLE_USER, Privilege.JCR_READ);
77
78 // initJcr(adminSession);
79 } catch (RepositoryException e) {
80 throw new JcrException("Cannot init JCR home", e);
81 } finally {
82 JcrUtils.logoutQuietly(adminSession);
83 }
84 }
85
86 // @Override
87 // public Session login(Credentials credentials, String workspaceName)
88 // throws LoginException, NoSuchWorkspaceException, RepositoryException {
89 // if (workspaceName == null) {
90 // return super.login(credentials, getUserHomeWorkspace());
91 // } else {
92 // return super.login(credentials, workspaceName);
93 // }
94 // }
95
96 protected String getUserHomeWorkspace() {
97 // TODO base on JAAS Subject metadata
98 return defaultHomeWorkspace;
99 }
100
101 protected String getGroupsWorkspace() {
102 // TODO base on JAAS Subject metadata
103 return defaultGroupsWorkspace;
104 }
105
106 // protected String getGuestsWorkspace() {
107 // // TODO base on JAAS Subject metadata
108 // return defaultGuestsWorkspace;
109 // }
110
111 @Override
112 protected void processNewSession(Session session, String workspaceName) {
113 String username = session.getUserID();
114 if (username == null || username.toString().equals(""))
115 return;
116 if (session.getUserID().equals(CmsConstants.ROLE_ANONYMOUS))
117 return;
118
119 String userHomeWorkspace = getUserHomeWorkspace();
120 if (workspaceName == null || !workspaceName.equals(userHomeWorkspace))
121 return;
122
123 if (checkedUsers.contains(username))
124 return;
125 Session adminSession = KernelUtils.openAdminSession(getRepository(workspaceName), workspaceName);
126 try {
127 syncJcr(adminSession, username);
128 checkedUsers.add(username);
129 } finally {
130 JcrUtils.logoutQuietly(adminSession);
131 }
132 }
133
134 /*
135 * JCR
136 */
137 /** Session is logged out. */
138 private void initJcr(Session adminSession) {
139 try {
140 // JcrUtils.mkdirs(adminSession, homeBasePath);
141 // JcrUtils.mkdirs(adminSession, groupsBasePath);
142 adminSession.save();
143
144 // JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
145 // JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
146 adminSession.save();
147 } catch (RepositoryException e) {
148 throw new CmsException("Cannot initialize home repository", e);
149 } finally {
150 JcrUtils.logoutQuietly(adminSession);
151 }
152 }
153
154 protected synchronized void syncJcr(Session adminSession, String username) {
155 // only in the default workspace
156 // if (workspaceName != null)
157 // return;
158 // skip system users
159 if (username.endsWith(CmsConstants.ROLES_BASEDN))
160 return;
161
162 try {
163 Node userHome = CmsJcrUtils.getUserHome(adminSession, username);
164 if (userHome == null) {
165 // String homePath = generateUserPath(username);
166 String userId = extractUserId(username);
167 // if (adminSession.itemExists(homePath))// duplicate user id
168 // userHome = adminSession.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
169 // else
170 // userHome = JcrUtils.mkdirs(adminSession, homePath);
171 userHome = adminSession.getRootNode().addNode(userId);
172 // userHome.addMixin(NodeTypes.NODE_USER_HOME);
173 userHome.addMixin(NodeType.MIX_CREATED);
174 userHome.addMixin(NodeType.MIX_TITLE);
175 userHome.setProperty(Property.JCR_ID, username);
176 // TODO use display name
177 userHome.setProperty(Property.JCR_TITLE, userId);
178 // userHome.setProperty(NodeNames.LDAP_UID, username);
179 adminSession.save();
180
181 JcrUtils.clearAccessControList(adminSession, userHome.getPath(), username);
182 JcrUtils.addPrivilege(adminSession, userHome.getPath(), username, Privilege.JCR_ALL);
183 // JackrabbitSecurityUtils.denyPrivilege(adminSession, userHome.getPath(), NodeConstants.ROLE_USER,
184 // Privilege.JCR_READ);
185 }
186 if (adminSession.hasPendingChanges())
187 adminSession.save();
188 } catch (RepositoryException e) {
189 JcrUtils.discardQuietly(adminSession);
190 throw new JcrException("Cannot sync node security model for " + username, e);
191 }
192 }
193
194 /** Generate path for a new user home */
195 private String generateUserPath(String username) {
196 LdapName dn;
197 try {
198 dn = new LdapName(username);
199 } catch (InvalidNameException e) {
200 throw new CmsException("Invalid name " + username, e);
201 }
202 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
203 return '/' + userId;
204 // int atIndex = userId.indexOf('@');
205 // if (atIndex < 0) {
206 // return homeBasePath+'/' + userId;
207 // } else {
208 // return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
209 // }
210 }
211
212 private String extractUserId(String username) {
213 LdapName dn;
214 try {
215 dn = new LdapName(username);
216 } catch (InvalidNameException e) {
217 throw new CmsException("Invalid name " + username, e);
218 }
219 String userId = dn.getRdn(dn.size() - 1).getValue().toString();
220 return userId;
221 // int atIndex = userId.indexOf('@');
222 // if (atIndex < 0) {
223 // return homeBasePath+'/' + userId;
224 // } else {
225 // return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
226 // }
227 }
228
229 public void createWorkgroup(LdapName dn) {
230 String groupsWorkspace = getGroupsWorkspace();
231 Session adminSession = KernelUtils.openAdminSession(getRepository(groupsWorkspace), groupsWorkspace);
232 String cn = dn.getRdn(dn.size() - 1).getValue().toString();
233 Node newWorkgroup = CmsJcrUtils.getGroupHome(adminSession, cn);
234 if (newWorkgroup != null) {
235 JcrUtils.logoutQuietly(adminSession);
236 throw new CmsException("Workgroup " + newWorkgroup + " already exists for " + dn);
237 }
238 try {
239 // TODO enhance transformation of cn to a valid node name
240 // String relPath = cn.replaceAll("[^a-zA-Z0-9]", "_");
241 String relPath = JcrUtils.replaceInvalidChars(cn);
242 newWorkgroup = adminSession.getRootNode().addNode(relPath, NodeType.NT_UNSTRUCTURED);
243 // newWorkgroup = JcrUtils.mkdirs(adminSession.getNode(groupsBasePath), relPath, NodeType.NT_UNSTRUCTURED);
244 // newWorkgroup.addMixin(NodeTypes.NODE_GROUP_HOME);
245 newWorkgroup.addMixin(NodeType.MIX_CREATED);
246 newWorkgroup.addMixin(NodeType.MIX_TITLE);
247 newWorkgroup.setProperty(Property.JCR_ID, dn.toString());
248 newWorkgroup.setProperty(Property.JCR_TITLE, cn);
249 // newWorkgroup.setProperty(NodeNames.LDAP_CN, cn);
250 adminSession.save();
251 JcrUtils.addPrivilege(adminSession, newWorkgroup.getPath(), dn.toString(), Privilege.JCR_ALL);
252 adminSession.save();
253 } catch (RepositoryException e) {
254 throw new CmsException("Cannot create workgroup", e);
255 } finally {
256 JcrUtils.logoutQuietly(adminSession);
257 }
258
259 }
260
261 public boolean isRemote() {
262 return remote;
263 }
264
265 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi