import java.security.PrivilegedAction;
import java.text.SimpleDateFormat;
-import java.util.Date;
import java.util.HashSet;
import java.util.Set;
+import javax.jcr.Credentials;
+import javax.jcr.LoginException;
+import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
private SimpleDateFormat usersDatePath = new SimpleDateFormat("YYYY/MM");
+ private String defaultHomeWorkspace = NodeConstants.HOME;
private final boolean remote;
public HomeRepository(Repository repository, boolean remote) {
@Override
public Void run() {
+ Session adminSession = null;
try {
- Session adminSession = getRepository().login();
+ adminSession = JcrUtils.loginOrCreateWorkspace(getRepository(defaultHomeWorkspace),
+ defaultHomeWorkspace);
initJcr(adminSession);
} catch (RepositoryException e) {
throw new CmsException("Cannot init JCR home", e);
+ } finally {
+ JcrUtils.logoutQuietly(adminSession);
}
return null;
}
}
@Override
- protected void processNewSession(Session session) {
+ public Session login(Credentials credentials, String workspaceName)
+ throws LoginException, NoSuchWorkspaceException, RepositoryException {
+ if (workspaceName == null) {
+ return super.login(credentials, getUserHomeWorkspace());
+ } else {
+ return super.login(credentials, workspaceName);
+ }
+ }
+
+ protected String getUserHomeWorkspace() {
+ // TODO base on JAAS Subject metadata
+ return defaultHomeWorkspace;
+ }
+
+ @Override
+ protected void processNewSession(Session session, String workspaceName) {
String username = session.getUserID();
if (username == null || username.toString().equals(""))
return;
if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
return;
+ String userHomeWorkspace = getUserHomeWorkspace();
+ if (workspaceName != null && !workspaceName.equals(userHomeWorkspace))
+ return;
+
if (checkedUsers.contains(username))
return;
- Session adminSession = KernelUtils.openAdminSession(getRepository(), session.getWorkspace().getName());
+ Session adminSession = KernelUtils.openAdminSession(getRepository(workspaceName), workspaceName);
try {
syncJcr(adminSession, username);
checkedUsers.add(username);
/** Session is logged out. */
private void initJcr(Session adminSession) {
try {
- JcrUtils.mkdirs(adminSession, homeBasePath);
+// JcrUtils.mkdirs(adminSession, homeBasePath);
JcrUtils.mkdirs(adminSession, groupsBasePath);
adminSession.save();
- JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
- JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
+// JcrUtils.addPrivilege(adminSession, homeBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
+// JcrUtils.addPrivilege(adminSession, groupsBasePath, NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
adminSession.save();
} catch (RepositoryException e) {
throw new CmsException("Cannot initialize home repository", e);
}
}
- private void syncJcr(Session session, String username) {
+ protected synchronized void syncJcr(Session adminSession, String username) {
+ // only in the default workspace
+// if (workspaceName != null)
+// return;
+ // skip system users
+ if (username.endsWith(NodeConstants.ROLES_BASEDN))
+ return;
+
try {
- Node userHome = NodeUtils.getUserHome(session, username);
+ Node userHome = NodeUtils.getUserHome(adminSession, username);
if (userHome == null) {
String homePath = generateUserPath(username);
- if (session.itemExists(homePath))// duplicate user id
- userHome = session.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
+ if (adminSession.itemExists(homePath))// duplicate user id
+ userHome = adminSession.getNode(homePath).getParent().addNode(JcrUtils.lastPathElement(homePath));
else
- userHome = JcrUtils.mkdirs(session, homePath);
+ userHome = JcrUtils.mkdirs(adminSession, homePath);
// userHome = JcrUtils.mkfolders(session, homePath);
userHome.addMixin(NodeTypes.NODE_USER_HOME);
userHome.addMixin(NodeType.MIX_CREATED);
userHome.setProperty(NodeNames.LDAP_UID, username);
- session.save();
+ adminSession.save();
- JcrUtils.clearAccessControList(session, homePath, username);
- JcrUtils.addPrivilege(session, homePath, username, Privilege.JCR_ALL);
+ JcrUtils.clearAccessControList(adminSession, homePath, username);
+ JcrUtils.addPrivilege(adminSession, homePath, username, Privilege.JCR_ALL);
}
- if (session.hasPendingChanges())
- session.save();
+ if (adminSession.hasPendingChanges())
+ adminSession.save();
} catch (RepositoryException e) {
- JcrUtils.discardQuietly(session);
+ JcrUtils.discardQuietly(adminSession);
throw new CmsException("Cannot sync node security model for " + username, e);
}
}
throw new CmsException("Invalid name " + username, e);
}
String userId = dn.getRdn(dn.size() - 1).getValue().toString();
- int atIndex = userId.indexOf('@');
- if (atIndex < 0) {
- return homeBasePath + '/' + userId;
- } else {
- return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
- }
- // if (atIndex > 0) {
- // String domain = userId.substring(0, atIndex);
- // String name = userId.substring(atIndex + 1);
- // return base + '/' + domain + '/' + name;
- // } else if (atIndex == 0 || atIndex == (userId.length() - 1)) {
- // throw new CmsException("Unsupported username " + userId);
- // } else {
- // return base + '/' + userId;
- // }
+ return '/' + userId;
+// int atIndex = userId.indexOf('@');
+// if (atIndex < 0) {
+// return homeBasePath+'/' + userId;
+// } else {
+// return usersBasePath + '/' + usersDatePath.format(new Date()) + '/' + userId;
+// }
}
public void createWorkgroup(LdapName dn) {