1 package org
.argeo
.cms
.internal
.kernel
;
3 import static org
.argeo
.api
.DataModelNamespace
.CMS_DATA_MODEL_NAMESPACE
;
4 import static org
.osgi
.service
.http
.whiteboard
.HttpWhiteboardConstants
.HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
;
7 import java
.io
.IOException
;
8 import java
.io
.InputStreamReader
;
10 import java
.lang
.management
.ManagementFactory
;
12 import java
.nio
.file
.Files
;
13 import java
.nio
.file
.Path
;
14 import java
.util
.ArrayList
;
15 import java
.util
.Arrays
;
16 import java
.util
.HashSet
;
17 import java
.util
.Hashtable
;
18 import java
.util
.List
;
22 import javax
.jcr
.Repository
;
23 import javax
.jcr
.RepositoryException
;
24 import javax
.jcr
.Session
;
25 import javax
.security
.auth
.callback
.CallbackHandler
;
26 import javax
.servlet
.Servlet
;
27 import javax
.transaction
.UserTransaction
;
29 import org
.apache
.commons
.logging
.Log
;
30 import org
.apache
.commons
.logging
.LogFactory
;
31 import org
.apache
.jackrabbit
.commons
.cnd
.CndImporter
;
32 import org
.apache
.jackrabbit
.core
.RepositoryContext
;
33 import org
.apache
.jackrabbit
.core
.RepositoryImpl
;
34 import org
.argeo
.api
.DataModelNamespace
;
35 import org
.argeo
.api
.NodeConstants
;
36 import org
.argeo
.api
.NodeDeployment
;
37 import org
.argeo
.api
.NodeState
;
38 import org
.argeo
.api
.security
.CryptoKeyring
;
39 import org
.argeo
.api
.security
.Keyring
;
40 import org
.argeo
.cms
.ArgeoNames
;
41 import org
.argeo
.cms
.CmsException
;
42 import org
.argeo
.cms
.internal
.http
.CmsRemotingServlet
;
43 import org
.argeo
.cms
.internal
.http
.CmsWebDavServlet
;
44 import org
.argeo
.cms
.internal
.http
.HttpUtils
;
45 import org
.argeo
.jcr
.JcrUtils
;
46 import org
.argeo
.osgi
.useradmin
.UserAdminConf
;
47 import org
.argeo
.util
.LangUtils
;
48 import org
.eclipse
.equinox
.http
.jetty
.JettyConfigurator
;
49 import org
.osgi
.framework
.Bundle
;
50 import org
.osgi
.framework
.BundleContext
;
51 import org
.osgi
.framework
.Constants
;
52 import org
.osgi
.framework
.FrameworkUtil
;
53 import org
.osgi
.framework
.InvalidSyntaxException
;
54 import org
.osgi
.framework
.ServiceReference
;
55 import org
.osgi
.framework
.wiring
.BundleCapability
;
56 import org
.osgi
.framework
.wiring
.BundleWire
;
57 import org
.osgi
.framework
.wiring
.BundleWiring
;
58 import org
.osgi
.service
.cm
.Configuration
;
59 import org
.osgi
.service
.cm
.ConfigurationAdmin
;
60 import org
.osgi
.service
.cm
.ManagedService
;
61 import org
.osgi
.service
.http
.HttpService
;
62 import org
.osgi
.service
.http
.whiteboard
.HttpWhiteboardConstants
;
63 import org
.osgi
.service
.useradmin
.Group
;
64 import org
.osgi
.service
.useradmin
.Role
;
65 import org
.osgi
.service
.useradmin
.UserAdmin
;
66 import org
.osgi
.util
.tracker
.ServiceTracker
;
68 /** Implementation of a CMS deployment. */
69 public class CmsDeployment
implements NodeDeployment
{
70 private final Log log
= LogFactory
.getLog(getClass());
71 private final BundleContext bc
= FrameworkUtil
.getBundle(getClass()).getBundleContext();
73 private DataModels dataModels
;
74 private DeployConfig deployConfig
;
76 private Long availableSince
;
78 // private final boolean cleanState;
80 // private NodeHttp nodeHttp;
81 private String webDavConfig
= HttpUtils
.WEBDAV_CONFIG
;
83 private boolean argeoDataModelExtensionsAvailable
= false;
86 private boolean nodeAvailable
= false;
87 private boolean userAdminAvailable
= false;
88 private boolean httpExpected
= false;
89 private boolean httpAvailable
= false;
91 public CmsDeployment() {
92 // ServiceReference<NodeState> nodeStateSr = bc.getServiceReference(NodeState.class);
93 // if (nodeStateSr == null)
94 // throw new CmsException("No node state available");
96 // NodeState nodeState = bc.getService(nodeStateSr);
97 // cleanState = nodeState.isClean();
99 // nodeHttp = new NodeHttp();
100 dataModels
= new DataModels(bc
);
104 private void initTrackers() {
105 ServiceTracker
<?
, ?
> httpSt
= new ServiceTracker
<HttpService
, HttpService
>(bc
, HttpService
.class, null) {
108 public HttpService
addingService(ServiceReference
<HttpService
> sr
) {
109 httpAvailable
= true;
110 Object httpPort
= sr
.getProperty("http.port");
111 Object httpsPort
= sr
.getProperty("https.port");
112 log
.info(httpPortsMsg(httpPort
, httpsPort
));
114 return super.addingService(sr
);
118 KernelUtils
.asyncOpen(httpSt
);
120 ServiceTracker
<?
, ?
> repoContextSt
= new RepositoryContextStc();
121 // repoContextSt.open();
122 KernelUtils
.asyncOpen(repoContextSt
);
124 ServiceTracker
<?
, ?
> userAdminSt
= new ServiceTracker
<UserAdmin
, UserAdmin
>(bc
, UserAdmin
.class, null) {
126 public UserAdmin
addingService(ServiceReference
<UserAdmin
> reference
) {
127 UserAdmin userAdmin
= super.addingService(reference
);
128 addStandardSystemRoles(userAdmin
);
129 userAdminAvailable
= true;
134 // userAdminSt.open();
135 KernelUtils
.asyncOpen(userAdminSt
);
137 ServiceTracker
<?
, ?
> confAdminSt
= new ServiceTracker
<ConfigurationAdmin
, ConfigurationAdmin
>(bc
,
138 ConfigurationAdmin
.class, null) {
140 public ConfigurationAdmin
addingService(ServiceReference
<ConfigurationAdmin
> reference
) {
141 ConfigurationAdmin configurationAdmin
= bc
.getService(reference
);
144 Configuration
[] confs
= configurationAdmin
145 .listConfigurations("(service.factoryPid=" + NodeConstants
.NODE_USER_ADMIN_PID
+ ")");
146 isClean
= confs
== null || confs
.length
== 0;
147 } catch (Exception e
) {
148 throw new CmsException("Cannot analize clean state", e
);
150 deployConfig
= new DeployConfig(configurationAdmin
, dataModels
, isClean
);
151 httpExpected
= deployConfig
.getProps(KernelConstants
.JETTY_FACTORY_PID
, "default") != null;
153 Configuration
[] configs
= configurationAdmin
154 .listConfigurations("(service.factoryPid=" + NodeConstants
.NODE_USER_ADMIN_PID
+ ")");
156 boolean hasDomain
= false;
157 for (Configuration config
: configs
) {
158 Object realm
= config
.getProperties().get(UserAdminConf
.realm
.name());
160 log
.debug("Found realm: " + realm
);
165 loadIpaJaasConfiguration();
167 } catch (Exception e
) {
168 throw new CmsException("Cannot initialize config", e
);
170 return super.addingService(reference
);
173 // confAdminSt.open();
174 KernelUtils
.asyncOpen(confAdminSt
);
177 private String
httpPortsMsg(Object httpPort
, Object httpsPort
) {
178 return (httpPort
!= null ?
"HTTP " + httpPort
+ " " : " ") + (httpsPort
!= null ?
"HTTPS " + httpsPort
: "");
181 private void addStandardSystemRoles(UserAdmin userAdmin
) {
182 // we assume UserTransaction is already available (TODO make it more robust)
183 UserTransaction userTransaction
= bc
.getService(bc
.getServiceReference(UserTransaction
.class));
185 userTransaction
.begin();
186 Role adminRole
= userAdmin
.getRole(NodeConstants
.ROLE_ADMIN
);
187 if (adminRole
== null) {
188 adminRole
= userAdmin
.createRole(NodeConstants
.ROLE_ADMIN
, Role
.GROUP
);
190 if (userAdmin
.getRole(NodeConstants
.ROLE_USER_ADMIN
) == null) {
191 Group userAdminRole
= (Group
) userAdmin
.createRole(NodeConstants
.ROLE_USER_ADMIN
, Role
.GROUP
);
192 userAdminRole
.addMember(adminRole
);
194 userTransaction
.commit();
195 } catch (Exception e
) {
197 userTransaction
.rollback();
198 } catch (Exception e1
) {
201 throw new CmsException("Cannot add standard system roles", e
);
205 private void loadIpaJaasConfiguration() {
206 if (System
.getProperty(KernelConstants
.JAAS_CONFIG_PROP
) == null) {
207 String jaasConfig
= KernelConstants
.JAAS_CONFIG_IPA
;
208 URL url
= getClass().getClassLoader().getResource(jaasConfig
);
209 KernelUtils
.setJaasConfiguration(url
);
210 log
.debug("Set IPA JAAS configuration.");
214 public void shutdown() {
215 // if (nodeHttp != null)
216 // nodeHttp.destroy();
219 for (ServiceReference
<JackrabbitLocalRepository
> sr
: bc
220 .getServiceReferences(JackrabbitLocalRepository
.class, null)) {
221 bc
.getService(sr
).destroy();
223 } catch (InvalidSyntaxException e1
) {
224 log
.error("Cannot sclean repsoitories", e1
);
228 JettyConfigurator
.stopServer(KernelConstants
.DEFAULT_JETTY_SERVER
);
229 } catch (Exception e
) {
230 log
.error("Cannot stop default Jetty server.", e
);
233 if (deployConfig
!= null) {
234 new Thread(() -> deployConfig
.save(), "Save Argeo Deploy Config").start();
239 * Checks whether the deployment is available according to expectations, and
240 * mark it as available.
242 private synchronized void checkReadiness() {
245 if (nodeAvailable
&& userAdminAvailable
&& (httpExpected ? httpAvailable
: true)) {
246 String data
= KernelUtils
.getFrameworkProp(KernelUtils
.OSGI_INSTANCE_AREA
);
247 String state
= KernelUtils
.getFrameworkProp(KernelUtils
.OSGI_CONFIGURATION_AREA
);
248 availableSince
= System
.currentTimeMillis();
249 long jvmUptime
= ManagementFactory
.getRuntimeMXBean().getUptime();
250 String jvmUptimeStr
= " in " + (jvmUptime
/ 1000) + "." + (jvmUptime
% 1000) + "s";
251 log
.info("## ARGEO NODE AVAILABLE" + (log
.isDebugEnabled() ? jvmUptimeStr
: "") + " ##");
252 if (log
.isDebugEnabled()) {
253 log
.debug("## state: " + state
);
255 log
.debug("## data: " + data
);
257 long begin
= bc
.getService(bc
.getServiceReference(NodeState
.class)).getAvailableSince();
258 long initDuration
= System
.currentTimeMillis() - begin
;
259 if (log
.isTraceEnabled())
260 log
.trace("Kernel initialization took " + initDuration
+ "ms");
261 tributeToFreeSoftware(initDuration
);
265 final private void tributeToFreeSoftware(long initDuration
) {
266 if (log
.isTraceEnabled()) {
267 long ms
= initDuration
/ 100;
268 log
.trace("Spend " + ms
+ "ms" + " reflecting on the progress brought to mankind" + " by Free Software...");
269 long beginNano
= System
.nanoTime();
272 } catch (InterruptedException e
) {
275 long durationNano
= System
.nanoTime() - beginNano
;
276 final double M
= 1000d
* 1000d
;
277 double sleepAccuracy
= ((double) durationNano
) / (ms
* M
);
278 log
.trace("Sleep accuracy: " + String
.format("%.2f", 100 - (sleepAccuracy
* 100 - 100)) + " %");
282 private void prepareNodeRepository(Repository deployedNodeRepository
) {
283 if (availableSince
!= null) {
284 throw new CmsException("Deployment is already available");
288 prepareDataModel(NodeConstants
.NODE_REPOSITORY
, deployedNodeRepository
);
291 private void prepareHomeRepository(RepositoryImpl deployedRepository
) {
292 Session adminSession
= KernelUtils
.openAdminSession(deployedRepository
);
294 argeoDataModelExtensionsAvailable
= Arrays
295 .asList(adminSession
.getWorkspace().getNamespaceRegistry().getURIs())
296 .contains(ArgeoNames
.ARGEO_NAMESPACE
);
297 } catch (RepositoryException e
) {
298 log
.warn("Cannot check whether Argeo namespace is registered assuming it isn't.", e
);
299 argeoDataModelExtensionsAvailable
= false;
301 JcrUtils
.logoutQuietly(adminSession
);
304 // Publish home with the highest service ranking
305 Hashtable
<String
, Object
> regProps
= new Hashtable
<>();
306 regProps
.put(NodeConstants
.CN
, NodeConstants
.EGO_REPOSITORY
);
307 regProps
.put(Constants
.SERVICE_RANKING
, Integer
.MAX_VALUE
);
308 Repository egoRepository
= new EgoRepository(deployedRepository
, false);
309 bc
.registerService(Repository
.class, egoRepository
, regProps
);
311 // Keyring only if Argeo extensions are available
312 if (argeoDataModelExtensionsAvailable
) {
313 new ServiceTracker
<CallbackHandler
, CallbackHandler
>(bc
, CallbackHandler
.class, null) {
316 public CallbackHandler
addingService(ServiceReference
<CallbackHandler
> reference
) {
317 NodeKeyRing nodeKeyring
= new NodeKeyRing(egoRepository
);
318 CallbackHandler callbackHandler
= bc
.getService(reference
);
319 nodeKeyring
.setDefaultCallbackHandler(callbackHandler
);
320 bc
.registerService(LangUtils
.names(Keyring
.class, CryptoKeyring
.class, ManagedService
.class),
321 nodeKeyring
, LangUtils
.dico(Constants
.SERVICE_PID
, NodeConstants
.NODE_KEYRING_PID
));
322 return callbackHandler
;
329 /** Session is logged out. */
330 private void prepareDataModel(String cn
, Repository repository
) {
331 Session adminSession
= KernelUtils
.openAdminSession(repository
);
333 Set
<String
> processed
= new HashSet
<String
>();
334 bundles
: for (Bundle bundle
: bc
.getBundles()) {
335 BundleWiring wiring
= bundle
.adapt(BundleWiring
.class);
338 if (NodeConstants
.NODE_REPOSITORY
.equals(cn
))// process all data models
339 processWiring(cn
, adminSession
, wiring
, processed
, false);
341 List
<BundleCapability
> capabilities
= wiring
.getCapabilities(CMS_DATA_MODEL_NAMESPACE
);
342 for (BundleCapability capability
: capabilities
) {
343 String dataModelName
= (String
) capability
.getAttributes().get(DataModelNamespace
.NAME
);
344 if (dataModelName
.equals(cn
))// process only own data model
345 processWiring(cn
, adminSession
, wiring
, processed
, false);
350 JcrUtils
.logoutQuietly(adminSession
);
354 private void processWiring(String cn
, Session adminSession
, BundleWiring wiring
, Set
<String
> processed
,
355 boolean importListedAbstractModels
) {
356 // recursively process requirements first
357 List
<BundleWire
> requiredWires
= wiring
.getRequiredWires(CMS_DATA_MODEL_NAMESPACE
);
358 for (BundleWire wire
: requiredWires
) {
359 processWiring(cn
, adminSession
, wire
.getProviderWiring(), processed
, true);
362 List
<String
> publishAsLocalRepo
= new ArrayList
<>();
363 List
<BundleCapability
> capabilities
= wiring
.getCapabilities(CMS_DATA_MODEL_NAMESPACE
);
364 capabilities
: for (BundleCapability capability
: capabilities
) {
365 if (!importListedAbstractModels
366 && KernelUtils
.asBoolean((String
) capability
.getAttributes().get(DataModelNamespace
.ABSTRACT
))) {
367 continue capabilities
;
369 boolean publish
= registerDataModelCapability(cn
, adminSession
, capability
, processed
);
371 publishAsLocalRepo
.add((String
) capability
.getAttributes().get(DataModelNamespace
.NAME
));
373 // Publish all at once, so that bundles with multiple CNDs are consistent
374 for (String dataModelName
: publishAsLocalRepo
)
375 publishLocalRepo(dataModelName
, adminSession
.getRepository());
378 private boolean registerDataModelCapability(String cn
, Session adminSession
, BundleCapability capability
,
379 Set
<String
> processed
) {
380 Map
<String
, Object
> attrs
= capability
.getAttributes();
381 String name
= (String
) attrs
.get(DataModelNamespace
.NAME
);
382 if (processed
.contains(name
)) {
383 if (log
.isTraceEnabled())
384 log
.trace("Data model " + name
+ " has already been processed");
389 String path
= (String
) attrs
.get(DataModelNamespace
.CND
);
391 File dataModel
= bc
.getBundle().getDataFile("dataModels/" + path
);
392 if (!dataModel
.exists()) {
393 URL url
= capability
.getRevision().getBundle().getResource(path
);
395 throw new CmsException("No data model '" + name
+ "' found under path " + path
);
396 try (Reader reader
= new InputStreamReader(url
.openStream())) {
397 CndImporter
.registerNodeTypes(reader
, adminSession
, true);
399 dataModel
.getParentFile().mkdirs();
400 dataModel
.createNewFile();
401 if (log
.isDebugEnabled())
402 log
.debug("Registered CND " + url
);
403 } catch (Exception e
) {
404 throw new CmsException("Cannot import CND " + url
, e
);
409 if (KernelUtils
.asBoolean((String
) attrs
.get(DataModelNamespace
.ABSTRACT
)))
412 boolean isStandalone
= deployConfig
.isStandalone(name
);
413 boolean publishLocalRepo
;
414 if (isStandalone
&& name
.equals(cn
))// includes the node itself
415 publishLocalRepo
= true;
416 else if (!isStandalone
&& cn
.equals(NodeConstants
.NODE_REPOSITORY
))
417 publishLocalRepo
= true;
419 publishLocalRepo
= false;
421 return publishLocalRepo
;
424 private void publishLocalRepo(String dataModelName
, Repository repository
) {
425 Hashtable
<String
, Object
> properties
= new Hashtable
<>();
426 properties
.put(NodeConstants
.CN
, dataModelName
);
427 LocalRepository localRepository
;
429 if (repository
instanceof RepositoryImpl
) {
430 localRepository
= new JackrabbitLocalRepository((RepositoryImpl
) repository
, dataModelName
);
431 classes
= new String
[] { Repository
.class.getName(), LocalRepository
.class.getName(),
432 JackrabbitLocalRepository
.class.getName() };
434 localRepository
= new LocalRepository(repository
, dataModelName
);
435 classes
= new String
[] { Repository
.class.getName(), LocalRepository
.class.getName() };
437 bc
.registerService(classes
, localRepository
, properties
);
439 // TODO make it configurable
440 registerRepositoryServlets(dataModelName
, localRepository
);
441 if (log
.isTraceEnabled())
442 log
.trace("Published data model " + dataModelName
);
446 public synchronized Long
getAvailableSince() {
447 return availableSince
;
450 public synchronized boolean isAvailable() {
451 return availableSince
!= null;
454 protected void registerRepositoryServlets(String alias
, Repository repository
) {
455 registerRemotingServlet(alias
, repository
);
456 registerWebdavServlet(alias
, repository
);
459 protected void registerWebdavServlet(String alias
, Repository repository
) {
460 CmsWebDavServlet webdavServlet
= new CmsWebDavServlet(alias
, repository
);
461 Hashtable
<String
, String
> ip
= new Hashtable
<>();
462 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsWebDavServlet
.INIT_PARAM_RESOURCE_CONFIG
, webDavConfig
);
463 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsWebDavServlet
.INIT_PARAM_RESOURCE_PATH_PREFIX
,
466 ip
.put(HttpWhiteboardConstants
.HTTP_WHITEBOARD_SERVLET_PATTERN
, "/" + alias
+ "/*");
467 ip
.put(HttpWhiteboardConstants
.HTTP_WHITEBOARD_CONTEXT_SELECT
,
468 "(" + HttpWhiteboardConstants
.HTTP_WHITEBOARD_CONTEXT_PATH
+ "=" + NodeConstants
.PATH_DATA
+ ")");
469 bc
.registerService(Servlet
.class, webdavServlet
, ip
);
472 protected void registerRemotingServlet(String alias
, Repository repository
) {
473 CmsRemotingServlet remotingServlet
= new CmsRemotingServlet(alias
, repository
);
474 Hashtable
<String
, String
> ip
= new Hashtable
<>();
475 ip
.put(NodeConstants
.CN
, alias
);
476 // Properties ip = new Properties();
477 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_RESOURCE_PATH_PREFIX
,
479 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_AUTHENTICATE_HEADER
,
482 // Looks like a bug in Jackrabbit remoting init
485 tmpDir
= Files
.createTempDirectory("remoting_" + alias
);
486 } catch (IOException e
) {
487 throw new CmsException("Cannot create temp directory for remoting servlet", e
);
489 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_HOME
, tmpDir
.toString());
490 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_TMP_DIRECTORY
,
491 "remoting_" + alias
);
492 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_PROTECTED_HANDLERS_CONFIG
,
493 HttpUtils
.DEFAULT_PROTECTED_HANDLERS
);
494 ip
.put(HTTP_WHITEBOARD_SERVLET_INIT_PARAM_PREFIX
+ CmsRemotingServlet
.INIT_PARAM_CREATE_ABSOLUTE_URI
, "false");
496 ip
.put(HttpWhiteboardConstants
.HTTP_WHITEBOARD_SERVLET_PATTERN
, "/" + alias
+ "/*");
497 ip
.put(HttpWhiteboardConstants
.HTTP_WHITEBOARD_CONTEXT_SELECT
,
498 "(" + HttpWhiteboardConstants
.HTTP_WHITEBOARD_CONTEXT_PATH
+ "=" + NodeConstants
.PATH_JCR
+ ")");
499 bc
.registerService(Servlet
.class, remotingServlet
, ip
);
502 private class RepositoryContextStc
extends ServiceTracker
<RepositoryContext
, RepositoryContext
> {
504 public RepositoryContextStc() {
505 super(bc
, RepositoryContext
.class, null);
509 public RepositoryContext
addingService(ServiceReference
<RepositoryContext
> reference
) {
510 RepositoryContext repoContext
= bc
.getService(reference
);
511 String cn
= (String
) reference
.getProperty(NodeConstants
.CN
);
513 if (cn
.equals(NodeConstants
.NODE_REPOSITORY
)) {
514 prepareNodeRepository(repoContext
.getRepository());
515 // TODO separate home repository
516 prepareHomeRepository(repoContext
.getRepository());
517 registerRepositoryServlets(cn
, repoContext
.getRepository());
518 nodeAvailable
= true;
521 prepareDataModel(cn
, repoContext
.getRepository());
528 public void modifiedService(ServiceReference
<RepositoryContext
> reference
, RepositoryContext service
) {
532 public void removedService(ServiceReference
<RepositoryContext
> reference
, RepositoryContext service
) {