]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
c0cf3e02566f4e989653d7de6f0cca7267643666
1 package org
.argeo
.cms
.internal
.kernel
;
3 import java
.security
.PrivilegedAction
;
4 import java
.util
.HashSet
;
8 import javax
.jcr
.Repository
;
9 import javax
.jcr
.RepositoryException
;
10 import javax
.jcr
.Session
;
11 import javax
.jcr
.security
.Privilege
;
12 import javax
.naming
.InvalidNameException
;
13 import javax
.naming
.ldap
.LdapName
;
14 import javax
.security
.auth
.Subject
;
15 import javax
.security
.auth
.login
.LoginContext
;
17 import org
.apache
.jackrabbit
.core
.security
.SecurityConstants
;
18 import org
.argeo
.ArgeoException
;
19 import org
.argeo
.cms
.CmsException
;
20 import org
.argeo
.cms
.auth
.AuthConstants
;
21 import org
.argeo
.jcr
.ArgeoJcrConstants
;
22 import org
.argeo
.jcr
.ArgeoNames
;
23 import org
.argeo
.jcr
.ArgeoTypes
;
24 import org
.argeo
.jcr
.JcrRepositoryWrapper
;
25 import org
.argeo
.jcr
.JcrUtils
;
26 import org
.argeo
.jcr
.UserJcrUtils
;
29 * Make sure each user has a home directory available in the default workspace.
31 class HomeRepository
extends JcrRepositoryWrapper
implements KernelConstants
, ArgeoJcrConstants
{
32 // private final Kernel kernel;
34 /** The home base path. */
35 private String homeBasePath
= "/home";
36 private String peopleBasePath
= ArgeoJcrConstants
.PEOPLE_BASE_PATH
;
38 private Set
<String
> checkedUsers
= new HashSet
<String
>();
40 public HomeRepository(Repository repository
) {
41 // this.kernel = kernel;
42 setRepository(repository
);
45 lc
= new LoginContext(AuthConstants
.LOGIN_CONTEXT_DATA_ADMIN
);
47 } catch (javax
.security
.auth
.login
.LoginException e1
) {
48 throw new CmsException("Cannot login as systrem", e1
);
50 Subject
.doAs(lc
.getSubject(), new PrivilegedAction
<Void
>() {
55 initJcr(getRepository().login());
56 } catch (RepositoryException e
) {
57 throw new CmsException("Cannot init JCR home", e
);
66 // public Session login() throws LoginException, RepositoryException {
67 // Session session = super.login();
68 // String username = session.getUserID();
69 // if (username == null)
71 // if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS))
74 // if (checkedUsers.contains(username))
76 // Session adminSession = KernelUtils.openAdminSession(getRepository(),
77 // session.getWorkspace().getName());
79 // syncJcr(adminSession, username);
80 // checkedUsers.add(username);
82 // JcrUtils.logoutQuietly(adminSession);
88 protected void processNewSession(Session session
) {
89 String username
= session
.getUserID();
92 if (session
.getUserID().equals(AuthConstants
.ROLE_ANONYMOUS
))
94 if (session
.getUserID().equals(AuthConstants
.ROLE_KERNEL
))
96 if (session
.getUserID().equals(SecurityConstants
.ADMIN_ID
))
99 if (checkedUsers
.contains(username
))
101 Session adminSession
= KernelUtils
.openAdminSession(getRepository(), session
.getWorkspace().getName());
103 syncJcr(adminSession
, username
);
104 checkedUsers
.add(username
);
106 JcrUtils
.logoutQuietly(adminSession
);
113 /** Session is logged out. */
114 private void initJcr(Session adminSession
) {
116 JcrUtils
.mkdirs(adminSession
, homeBasePath
);
117 JcrUtils
.mkdirs(adminSession
, peopleBasePath
);
120 JcrUtils
.addPrivilege(adminSession
, homeBasePath
, AuthConstants
.ROLE_USER_ADMIN
, Privilege
.JCR_READ
);
121 JcrUtils
.addPrivilege(adminSession
, peopleBasePath
, AuthConstants
.ROLE_USER_ADMIN
, Privilege
.JCR_ALL
);
123 } catch (RepositoryException e
) {
124 throw new CmsException("Cannot initialize node user admin", e
);
126 JcrUtils
.logoutQuietly(adminSession
);
130 private Node
syncJcr(Session session
, String username
) {
132 Node userHome
= UserJcrUtils
.getUserHome(session
, username
);
133 if (userHome
== null) {
134 String homePath
= generateUserPath(homeBasePath
, username
);
135 if (session
.itemExists(homePath
))// duplicate user id
136 userHome
= session
.getNode(homePath
).getParent().addNode(JcrUtils
.lastPathElement(homePath
));
138 userHome
= JcrUtils
.mkdirs(session
, homePath
);
139 // userHome = JcrUtils.mkfolders(session, homePath);
140 userHome
.addMixin(ArgeoTypes
.ARGEO_USER_HOME
);
141 userHome
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
144 JcrUtils
.clearAccessControList(session
, homePath
, username
);
145 JcrUtils
.addPrivilege(session
, homePath
, username
, Privilege
.JCR_ALL
);
148 Node userProfile
= UserJcrUtils
.getUserProfile(session
, username
);
150 if (userProfile
== null) {
151 String personPath
= generateUserPath(peopleBasePath
, username
);
153 if (session
.itemExists(personPath
))// duplicate user id
154 personBase
= session
.getNode(personPath
).getParent().addNode(JcrUtils
.lastPathElement(personPath
));
156 personBase
= JcrUtils
.mkdirs(session
, personPath
);
157 userProfile
= personBase
.addNode(ArgeoNames
.ARGEO_PROFILE
);
158 userProfile
.addMixin(ArgeoTypes
.ARGEO_USER_PROFILE
);
159 userProfile
.setProperty(ArgeoNames
.ARGEO_USER_ID
, username
);
160 // userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, true);
161 // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_EXPIRED,
163 // userProfile.setProperty(ArgeoNames.ARGEO_ACCOUNT_NON_LOCKED,
165 // userProfile.setProperty(ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED,
169 JcrUtils
.clearAccessControList(session
, userProfile
.getPath(), username
);
170 JcrUtils
.addPrivilege(session
, userProfile
.getPath(), username
, Privilege
.JCR_READ
);
174 // if (roles != null) {
175 // writeRemoteRoles(userProfile, roles);
177 if (session
.hasPendingChanges())
180 } catch (RepositoryException e
) {
181 JcrUtils
.discardQuietly(session
);
182 throw new ArgeoException("Cannot sync node security model for " + username
, e
);
186 /** Generate path for a new user home */
187 private String
generateUserPath(String base
, String username
) {
190 dn
= new LdapName(username
);
191 } catch (InvalidNameException e
) {
192 throw new ArgeoException("Invalid name " + username
, e
);
194 String userId
= dn
.getRdn(dn
.size() - 1).getValue().toString();
195 int atIndex
= userId
.indexOf('@');
197 String domain
= userId
.substring(0, atIndex
);
198 String name
= userId
.substring(atIndex
+ 1);
199 return base
+ '/' + JcrUtils
.firstCharsToPath(domain
, 2) + '/' + domain
+ '/'
200 + JcrUtils
.firstCharsToPath(name
, 2) + '/' + name
;
201 } else if (atIndex
== 0 || atIndex
== (userId
.length() - 1)) {
202 throw new ArgeoException("Unsupported username " + userId
);
204 return base
+ '/' + JcrUtils
.firstCharsToPath(userId
, 2) + '/' + userId
;