import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.time.ZonedDateTime;
import java.util.Collection;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.security.NodeSecurityUtils;
import org.argeo.cms.auth.CmsSession;
import org.argeo.jcr.JcrUtils;
-import org.argeo.node.NodeConstants;
-import org.argeo.node.security.NodeSecurityUtils;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.useradmin.Authorization;
+/** Default CMS session implementation. */
public class CmsSessionImpl implements CmsSession {
private final static BundleContext bc = FrameworkUtil.getBundle(CmsSessionImpl.class).getBundleContext();
private final static Log log = LogFactory.getLog(CmsSessionImpl.class);
private Set<String> dataSessionsInUse = new HashSet<>();
private LinkedHashSet<Session> additionalDataSessions = new LinkedHashSet<>();
+ private Map<String, Object> views = new HashMap<>();
+
public CmsSessionImpl(Subject initialSubject, Authorization authorization, Locale locale, String localSessionId) {
this.creationTime = ZonedDateTime.now();
this.locale = locale;
this.userDn = new LdapName(authorization.getName());
this.anonymous = false;
} catch (InvalidNameException e) {
- throw new CmsException("Invalid user name " + authorization.getName(), e);
+ throw new IllegalArgumentException("Invalid user name " + authorization.getName(), e);
}
else {
this.userDn = NodeSecurityUtils.ROLE_ANONYMOUS_NAME;
private Subject getSubject() {
return Subject.getSubject(initialContext);
}
-
+
public Set<SecretKey> getSecretKeys() {
return getSubject().getPrivateCredentials(SecretKey.class);
}
+ public Session newDataSession(String cn, String workspace, Repository repository) {
+ return login(repository, workspace);
+ }
+
public synchronized Session getDataSession(String cn, String workspace, Repository repository) {
// FIXME make it more robust
if (workspace == null)
- workspace = "main";
+ workspace = NodeConstants.SYS_WORKSPACE;
String path = cn + '/' + workspace;
if (dataSessionsInUse.contains(path)) {
try {
return repository.login(workspace);
}
});
- } catch (Exception e) {
- throw new CmsException("Cannot log in " + userDn + " to JCR", e);
+ } catch (PrivilegedActionException e) {
+ throw new IllegalStateException("Cannot log in " + userDn + " to JCR", e);
}
}
if (additionalDataSessions.contains(session)) {
JcrUtils.logoutQuietly(session);
additionalDataSessions.remove(session);
+ if (log.isTraceEnabled())
+ log.trace("Remove additional data session " + session);
return;
}
String path = cn + '/' + session.getWorkspace().getName();
Session registeredSession = dataSessions.get(path);
if (session != registeredSession)
log.warn("Data session " + path + " not consistent for " + userDn);
+ if (log.isTraceEnabled())
+ log.trace("Released data session " + session + " for " + path);
notifyAll();
}
return userDn;
}
+ @Override
+ public String getUserRole() {
+ return new X500Principal(authorization.getName()).getName();
+ }
+
@Override
public String getLocalId() {
return localSessionId;
return end;
}
+ @Override
+ public void registerView(String uid, Object view) {
+ if (views.containsKey(uid))
+ throw new IllegalArgumentException("View " + uid + " is already registered.");
+ views.put(uid, view);
+ }
+
public String toString() {
return "CMS Session " + userDn + " local=" + localSessionId + ", uuid=" + uuid;
}
try {
sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_LOCAL_ID + "=" + localId + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for id " + localId, e);
+ throw new IllegalArgumentException("Cannot get CMS session for id " + localId, e);
}
ServiceReference<CmsSession> cmsSessionRef;
if (sr.size() == 1) {
} else if (sr.size() == 0) {
return null;
} else
- throw new CmsException(sr.size() + " CMS sessions registered for " + localId);
+ throw new IllegalStateException(sr.size() + " CMS sessions registered for " + localId);
}
try {
sr = bc.getServiceReferences(CmsSession.class, "(" + CmsSession.SESSION_UUID + "=" + uuid + ")");
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS session for uuid " + uuid, e);
+ throw new IllegalArgumentException("Cannot get CMS session for uuid " + uuid, e);
}
ServiceReference<CmsSession> cmsSessionRef;
if (sr.size() == 1) {
} else if (sr.size() == 0) {
return null;
} else
- throw new CmsException(sr.size() + " CMS sessions registered for " + uuid);
+ throw new IllegalStateException(sr.size() + " CMS sessions registered for " + uuid);
}
}
}
} catch (InvalidSyntaxException e) {
- throw new CmsException("Cannot get CMS sessions", e);
+ throw new IllegalArgumentException("Cannot get CMS sessions", e);
}
}
}