]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/JackrabbitSecurityModel.java
16dd2981d1be56fd39f6404873658fe40e1c9459
1 package org
.argeo
.security
.jackrabbit
;
3 import java
.util
.ArrayList
;
4 import java
.util
.Iterator
;
8 import javax
.jcr
.RepositoryException
;
9 import javax
.jcr
.Session
;
11 import org
.apache
.commons
.logging
.Log
;
12 import org
.apache
.commons
.logging
.LogFactory
;
13 import org
.apache
.jackrabbit
.api
.JackrabbitSession
;
14 import org
.apache
.jackrabbit
.api
.security
.user
.Group
;
15 import org
.apache
.jackrabbit
.api
.security
.user
.User
;
16 import org
.apache
.jackrabbit
.api
.security
.user
.UserManager
;
17 import org
.argeo
.ArgeoException
;
18 import org
.argeo
.jcr
.ArgeoNames
;
19 import org
.argeo
.security
.jcr
.SimpleJcrSecurityModel
;
21 /** Make sure that user authorizable exists before syncing user directories. */
22 public class JackrabbitSecurityModel
extends SimpleJcrSecurityModel
{
23 private final static Log log
= LogFactory
24 .getLog(JackrabbitSecurityModel
.class);
27 public synchronized Node
sync(Session session
, String username
,
29 if (!(session
instanceof JackrabbitSession
))
30 return super.sync(session
, username
, roles
);
33 UserManager userManager
= ((JackrabbitSession
) session
)
35 User user
= (User
) userManager
.getAuthorizable(username
);
37 String principalName
= user
.getPrincipal().getName();
38 if (!principalName
.equals(username
)) {
39 log
.warn("Jackrabbit principal is '" + principalName
40 + "' but username is '" + username
41 + "'. Recreating...");
43 user
= userManager
.createUser(username
, "");
46 // create new principal
47 user
= userManager
.createUser(username
, "");
48 log
.info(username
+ " added as Jackrabbit user " + user
);
52 Node userProfile
= super.sync(session
, username
, roles
);
54 Boolean enabled
= userProfile
.getProperty(ArgeoNames
.ARGEO_ENABLED
)
56 if (enabled
&& user
.isDisabled())
58 else if (!enabled
&& !user
.isDisabled())
59 user
.disable(userProfile
.getPath() + " is disabled");
61 // Sync Jackrabbit roles
63 syncRoles(userManager
, user
, roles
);
66 } catch (RepositoryException e
) {
67 throw new ArgeoException(
68 "Cannot perform Jackrabbit specific operations", e
);
72 /** Make sure Jackrabbit roles are in line with authentication */
73 void syncRoles(UserManager userManager
, User user
, List
<String
> roles
)
74 throws RepositoryException
{
75 List
<String
> userGroupIds
= new ArrayList
<String
>();
76 for (String role
: roles
) {
77 Group group
= (Group
) userManager
.getAuthorizable(role
);
79 group
= userManager
.createGroup(role
);
80 log
.info(role
+ " added as " + group
);
82 if (!group
.isMember(user
))
83 group
.addMember(user
);
84 userGroupIds
.add(role
);
87 // check if user has not been removed from some groups
88 for (Iterator
<Group
> it
= user
.declaredMemberOf(); it
.hasNext();) {
89 Group group
= it
.next();
90 if (!userGroupIds
.contains(group
.getID()))
91 group
.removeMember(user
);