]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrLdapSynchronizer.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update license headers
[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.ldap / src / main / java / org / argeo / security / ldap / jcr / JcrLdapSynchronizer.java
diff --git a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrLdapSynchronizer.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrLdapSynchronizer.java
index 632ea58c8778e8c92fab438744faf1cfc98885be..11e8e81998ea449960a1fe6e0a89f360372dd64d 100644 (file)
--- a/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrLdapSynchronizer.java
+++ b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/jcr/JcrLdapSynchronizer.java
@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.security.ldap.jcr;
 
 import java.security.NoSuchAlgorithmException;
@@ -20,6 +35,7 @@ import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
 import javax.jcr.observation.EventListener;
 import javax.jcr.query.Query;
+import javax.jcr.version.VersionManager;
 import javax.naming.Binding;
 import javax.naming.Name;
 import javax.naming.NamingException;
@@ -185,10 +201,21 @@ public class JcrLdapSynchronizer implements UserDetailsContextMapper,
                                Node userProfile = it.nextNode();
                                String path = userProfile.getPath();
                                if (!userPaths.contains(path)) {
+                                       log.warn("Path "
+                                                       + path
+                                                       + " not found in LDAP, disabling user "
+                                                       + userProfile.getProperty(ArgeoNames.ARGEO_USER_ID)
+                                                                       .getString());
+                                       VersionManager versionManager = securitySession
+                                                       .getWorkspace().getVersionManager();
+                                       versionManager.checkout(userProfile.getPath());
                                        userProfile.setProperty(ArgeoNames.ARGEO_ENABLED, false);
+                                       securitySession.save();
+                                       versionManager.checkin(userProfile.getPath());
                                }
                        }
                } catch (Exception e) {
+                       JcrUtils.discardQuietly(securitySession);
                        throw new ArgeoException("Cannot synchronized LDAP and JCR", e);
                }
        }
@@ -198,9 +225,9 @@ public class JcrLdapSynchronizer implements UserDetailsContextMapper,
                        final String username, GrantedAuthority[] authorities) {
                if (ctx == null)
                        throw new ArgeoException("No LDAP information for user " + username);
-               Node userHome = JcrUtils.getUserHome(securitySession, username);
-               if (userHome == null)
-                       throw new ArgeoException("No JCR information for user " + username);
+               Node userProfile = JcrUtils.createUserProfileIfNeeded(securitySession,
+                               username);
+               JcrUserDetails.checkAccountStatus(userProfile);
 
                // password
                SortedSet<?> passwordAttributes = ctx
@@ -216,8 +243,7 @@ public class JcrLdapSynchronizer implements UserDetailsContextMapper,
                }
 
                try {
-                       return new JcrUserDetails(userHome.getNode(ARGEO_PROFILE),
-                                       password, authorities);
+                       return new JcrUserDetails(userProfile, password, authorities);
                } catch (RepositoryException e) {
                        throw new ArgeoException("Cannot retrieve user details for "
                                        + username, e);
Argeo Commons - Lightweight integration framework in pure Java/OSGi