import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
+import org.argeo.node.NodeConstants;
import org.eclipse.rap.rwt.RWT;
import org.eclipse.rap.rwt.application.EntryPoint;
import org.eclipse.swt.widgets.Display;
final LoginContext loginContext;
try {
- loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS,
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS,
subject);
loginContext.login();
} catch (LoginException e1) {
+++ /dev/null
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.argeo.security.ui.rap;
-
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.CredentialNotFoundException;
-import javax.security.auth.login.FailedLoginException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.x500.X500Principal;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
-import org.argeo.cms.auth.ThreadDeathLoginException;
-import org.argeo.cms.widgets.auth.DefaultLoginDialog;
-import org.argeo.eclipse.ui.dialogs.ErrorFeedback;
-import org.eclipse.jface.dialogs.MessageDialog;
-import org.eclipse.rap.rwt.RWT;
-import org.eclipse.rap.rwt.application.EntryPoint;
-import org.eclipse.swt.widgets.Display;
-import org.eclipse.ui.PlatformUI;
-
-/**
- * RAP entry point with login capabilities. Once the user has been
- * authenticated, the workbench is run as a privileged action by the related
- * subject.
- */
-@Deprecated
-public class SecureEntryPoint implements EntryPoint {
- final static String ACCESS_CONTROL_CONTEXT = "org.argeo.node.accessControlContext";
- private final static Log log = LogFactory.getLog(SecureEntryPoint.class);
-
- /**
- * How many seconds to wait before invalidating the session if the user has
- * not yet logged in.
- */
- private Integer loginTimeout = 1 * 60;
- // TODO make it configurable
- /** Default session timeout is 8 hours (European working day length) */
- private Integer sessionTimeout = 8 * 60 * 60;
-
- /** Override to provide an application specific workbench advisor */
- protected RapWorkbenchAdvisor createRapWorkbenchAdvisor(String username) {
- return new RapWorkbenchAdvisor(username);
- }
-
- @Override
- public final int createUI() {
- // Short login timeout so that the modal dialog login doesn't hang
- // around too long
- RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout);
-
- final Display display = PlatformUI.createDisplay();
-
- // load context from session
- HttpServletRequest httpRequest = RWT.getRequest();
- final HttpSession httpSession = httpRequest.getSession();
- AccessControlContext acc = (AccessControlContext) httpSession
- .getAttribute(ACCESS_CONTROL_CONTEXT);
-
- final Subject subject;
- if (acc != null
- && Subject.getSubject(acc).getPrincipals(X500Principal.class)
- .size() == 1) {
- subject = Subject.getSubject(acc);
- } else {
- subject = new Subject();
-
- final LoginContext loginContext;
- DefaultLoginDialog callbackHandler;
- try {
- callbackHandler = new DefaultLoginDialog(
- display.getActiveShell());
- loginContext = new LoginContext(
- AuthConstants.LOGIN_CONTEXT_USER, subject,
- callbackHandler);
- } catch (LoginException e1) {
- throw new CmsException("Cannot initialize login context", e1);
- }
-
- tryLogin: while (subject.getPrincipals(X500Principal.class).size() == 0) {
- try {
- loginContext.login();
- if (subject.getPrincipals(X500Principal.class).size() == 0)
- throw new CmsException("Login succeeded but no auth");// fatal
-
- // add thread locale to RWT session
- // if (log.isTraceEnabled())
- // log.trace("Locale " + LocaleUtils.threadLocale.get());
- // RWT.setLocale(LocaleUtils.threadLocale.get());
-
- // once the user is logged in, longer session timeout
- RWT.getRequest().getSession()
- .setMaxInactiveInterval(sessionTimeout);
-
- if (log.isDebugEnabled())
- log.debug("Authenticated " + subject);
- } catch (FailedLoginException e) {
- MessageDialog.openInformation(display.getActiveShell(),
- "Bad Credentials", e.getMessage());
- // retry login
- continue tryLogin;
- } catch (CredentialNotFoundException e) {
- MessageDialog.openInformation(display.getActiveShell(),
- "No Credentials", e.getMessage());
- // retry login
- continue tryLogin;
- } catch (LoginException e) {
- callbackHandler.getShell().dispose();
- return processLoginDeath(display, e);
- }
- }
- }
- final String username = subject.getPrincipals(X500Principal.class)
- .iterator().next().getName();
- // Logout callback when the display is disposed
- display.disposeExec(new Runnable() {
- public void run() {
- if (log.isTraceEnabled())
- log.trace("Display disposed");
- try {
- LoginContext loginContext = new LoginContext(
- AuthConstants.LOGIN_CONTEXT_USER, subject);
- loginContext.logout();
- } catch (LoginException e) {
- log.error("Error when logging out", e);
- }
- }
- });
-
- //
- // RUN THE WORKBENCH
- //
- Integer returnCode = null;
- try {
- returnCode = Subject.doAs(subject, new PrivilegedAction<Integer>() {
- public Integer run() {
- // add security context to session
- httpSession.setAttribute(ACCESS_CONTROL_CONTEXT,
- AccessController.getContext());
-
- // start workbench
- RapWorkbenchAdvisor workbenchAdvisor = createRapWorkbenchAdvisor(username);
- int result = PlatformUI.createAndRunWorkbench(display,
- workbenchAdvisor);
- return new Integer(result);
- }
- });
- // Explicit exit from workbench
- fullLogout(subject, username);
- } finally {
- display.dispose();
- }
- return returnCode;
- }
-
- private Integer processLoginDeath(Display display, Throwable e) {
- // check thread death
- ThreadDeath td = wasCausedByThreadDeath(e);
- if (td != null) {
- display.dispose();
- throw td;
- }
- if (!display.isDisposed()) {
- ErrorFeedback.show("Unexpected exception during authentication", e);
- // this was not just bad credentials or death thread
- RWT.getRequest().getSession().setMaxInactiveInterval(1);
- display.dispose();
- return -1;
- } else {
- throw new CmsException(
- "Unexpected exception during authentication", e);
- }
-
- }
-
- /**
- * If there is a {@link ThreadDeath} in the root causes, rethrow it
- * (important for RAP cleaning mechanism)
- */
- protected ThreadDeath wasCausedByThreadDeath(Throwable t) {
- if (t instanceof ThreadDeath)
- return (ThreadDeath) t;
- if (t instanceof ThreadDeathLoginException)
- return ((ThreadDeathLoginException) t).getThreadDeath();
- if (t.getCause() != null)
- return wasCausedByThreadDeath(t.getCause());
- else
- return null;
- }
-
- private void fullLogout(Subject subject, String username) {
- try {
- LoginContext loginContext = new LoginContext(
- AuthConstants.LOGIN_CONTEXT_USER, subject);
- loginContext.logout();
- HttpServletRequest httpRequest = RWT.getRequest();
- HttpSession httpSession = httpRequest.getSession();
- httpSession.setAttribute(ACCESS_CONTROL_CONTEXT, null);
- RWT.getRequest().getSession().setMaxInactiveInterval(1);
- log.info("Logged out " + (username != null ? username : "")
- + " (THREAD=" + Thread.currentThread().getId() + ")");
- } catch (LoginException e) {
- log.error("Error when logging out", e);
- }
- }
-}
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.workbench.WorkbenchUiPlugin;
import org.argeo.cms.ui.workbench.internal.useradmin.UiUserAdminListener;
import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.argeo.node.ArgeoNames;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.eclipse.jface.viewers.TableViewer;
import org.eclipse.swt.SWT;
public void createPartControl(Composite parent) {
parent.setLayout(EclipseUiUtils.noSpaceGridLayout());
- boolean isAdmin = UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN);
+ boolean isAdmin = UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN);
// Define the displayed columns
columnDefs.add(new ColumnDefinition(new RoleIconLP(), "", 26));
if (!showSystemRoles)
builder.append("(!(").append(LdifName.dn.name())
.append("=*")
- .append(AuthConstants.ROLES_BASEDN)
+ .append(NodeConstants.ROLES_BASEDN)
.append("))");
builder.append("(|");
builder.append(tmpBuilder.toString());
.append(LdifName.groupOfNames.name())
.append(")(!(").append(LdifName.dn.name())
.append("=*")
- .append(AuthConstants.ROLES_BASEDN)
+ .append(NodeConstants.ROLES_BASEDN)
.append(")))");
else
builder.append("(").append(LdifName.objectClass.name())
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper;
import org.argeo.cms.ui.workbench.internal.useradmin.providers.CommonNameLP;
import org.argeo.cms.ui.workbench.internal.useradmin.providers.DomainNameLP;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.argeo.node.ArgeoNames;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.eclipse.jface.dialogs.IPageChangeProvider;
import org.eclipse.jface.dialogs.IPageChangedListener;
200));
// Only show technical DN to admin
- if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN))
columnDefs.add(new ColumnDefinition(new UserNameLP(),
"Distinguished Name", 300));
columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain",
200));
// Only show technical DN to admin
- if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN))
columnDefs.add(new ColumnDefinition(new UserNameLP(),
"Distinguished Name", 300));
userTableCmp = new ChosenUsersTableViewer(pageCmp, SWT.MULTI
import java.util.List;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.workbench.internal.useradmin.SecurityAdminImages;
import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper;
import org.argeo.cms.ui.workbench.internal.useradmin.parts.UserEditor.GroupChangeListener;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.argeo.node.ArgeoNames;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.eclipse.jface.action.Action;
import org.eclipse.jface.action.ToolBarManager;
Composite body = (Composite) section.getClient();
body.setLayout(EclipseUiUtils.noSpaceGridLayout());
- boolean isAdmin = UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN);
+ boolean isAdmin = UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN);
// Displayed columns
List<ColumnDefinition> columnDefs = new ArrayList<ColumnDefinition>();
import java.util.List;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.workbench.WorkbenchUiPlugin;
import org.argeo.cms.ui.workbench.internal.useradmin.UiUserAdminListener;
import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.eclipse.ui.parts.LdifUsersTable;
import org.argeo.node.ArgeoNames;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.eclipse.jface.viewers.TableViewer;
import org.eclipse.swt.SWT;
columnDefs.add(new ColumnDefinition(new MailLP(), "E-mail", 150));
columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 200));
// Only show technical DN to admin
- if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN))
+ if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN))
columnDefs.add(new ColumnDefinition(new UserNameLP(),
"Distinguished Name", 300));
package org.argeo.cms.ui.workbench.internal.useradmin.providers;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.workbench.internal.useradmin.SecurityAdminImages;
+import org.argeo.node.NodeConstants;
import org.eclipse.swt.graphics.Image;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
public Image getImage(Object element) {
User user = (User) element;
String dn = user.getName();
- if (dn.endsWith(AuthConstants.ROLES_BASEDN))
+ if (dn.endsWith(NodeConstants.ROLES_BASEDN))
return SecurityAdminImages.ICON_ROLE;
else if (user.getType() == Role.GROUP)
return SecurityAdminImages.ICON_GROUP;
import static org.argeo.eclipse.ui.EclipseUiUtils.notEmpty;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.util.useradmin.UserAdminUtils;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.eclipse.jface.viewers.Viewer;
import org.eclipse.jface.viewers.ViewerFilter;
User user = (User) element;
if (!showSystemRole
&& user.getName().matches(
- ".*(" + AuthConstants.ROLES_BASEDN + ")"))
+ ".*(" + NodeConstants.ROLES_BASEDN + ")"))
// UserAdminUtils.getProperty(user, LdifName.dn.name())
// .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN))
return false;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.eclipse.ui.specific.UiContext;
import org.argeo.jcr.JcrUtils;
import org.argeo.node.NodeAuthenticated;
+import org.argeo.node.NodeConstants;
import org.eclipse.rap.rwt.RWT;
import org.eclipse.rap.rwt.application.AbstractEntryPoint;
import org.eclipse.rap.rwt.client.WebClient;
// Initial login
try {
- loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, subject,
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject,
new HttpRequestCallbackHandler(UiContext.getHttpRequest()));
loginContext.login();
} catch (CredentialNotFoundException e) {
try {
- loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
loginContext.login();
} catch (LoginException e1) {
throw new CmsException("Cannot log as anonymous", e);
*/
protected Node getDefaultNode(Session session) throws RepositoryException {
if (!session.hasPermission(defaultPath, "read")) {
- if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS))
+ if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
// TODO throw a special exception
throw new CmsException("Login required");
else
throw new CmsException("Login context should not be null");
try {
loginContext.logout();
- LoginContext anonymousLc = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
+ LoginContext anonymousLc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
anonymousLc.login();
authChange(anonymousLc);
} catch (LoginException e) {
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.ui.CmsConstants;
import org.argeo.cms.ui.CmsView;
import org.argeo.eclipse.ui.specific.UiContext;
if (log.isTraceEnabled())
log.trace(userId + " : " + node.getPath());
StringBuilder buf = new StringBuilder();
- boolean isAnonymous = userId.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS);
+ boolean isAnonymous = userId.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
if (isAnonymous)
buf.append(WEBDAV_PUBLIC);
else
import javax.servlet.http.HttpServletRequest;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.cms.ui.CmsImageManager;
import org.argeo.cms.widgets.auth.CmsLoginShell;
import org.argeo.eclipse.ui.specific.UiContext;
import org.argeo.node.NodeAuthenticated;
+import org.argeo.node.NodeConstants;
import org.eclipse.rap.rwt.RWT;
import org.eclipse.rap.rwt.application.EntryPoint;
import org.eclipse.swt.events.SelectionListener;
UiContext.setData(NodeAuthenticated.KEY, this);
try {
// try pre-auth
- loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER,
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER,
subject, new HttpRequestCallbackHandler(getRequest()));
loginContext.login();
} catch (CredentialNotFoundException e) {
try {
Node node = getNode();
if (node == null)
- throw new CmsException("Context cannot be null");
- uiProvider.createUi(bodyArea, node);
+ log.error("Context cannot be null");
+ else
+ uiProvider.createUi(bodyArea, node);
} catch (RepositoryException e) {
throw new CmsException("Cannot refresh body", e);
}
import javax.security.auth.Subject;
import org.argeo.cms.CmsMsg;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.ui.CmsStyles;
+import org.argeo.node.NodeConstants;
import org.eclipse.swt.events.DisposeEvent;
import org.eclipse.swt.events.DisposeListener;
import org.eclipse.swt.events.MouseEvent;
public Control createUi(Composite parent, Node context) {
Subject subject = CmsUtils.getCmsView().getSubject();
String username = CurrentUser.getUsername(subject);
- if (username.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS))
+ if (username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS))
setLabel(CmsMsg.login.lead());
else {
setLabel(CurrentUser.getDisplayName(subject));
import javax.security.auth.x500.X500Principal;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.ui.CmsView;
import org.argeo.cms.util.CmsUtils;
import org.argeo.eclipse.ui.EclipseUiUtils;
import org.argeo.jcr.JcrUtils;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.LdifName;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
/** Simply retrieves a display name of the relevant domain */
public final static String getDomainName(User user) {
String dn = user.getName();
- if (dn.endsWith(AuthConstants.ROLES_BASEDN))
+ if (dn.endsWith(NodeConstants.ROLES_BASEDN))
return "System roles";
try {
LdapName name = new LdapName(dn);
import javax.transaction.UserTransaction;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
+import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.UserAdminConf;
import org.osgi.framework.ServiceReference;
import org.osgi.service.useradmin.UserAdmin;
if (onlyWritable && "true".equals(readOnly))
continue;
- if (baseDn.equalsIgnoreCase(AuthConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
continue;
dns.put(baseDn, uri);
}
import static org.argeo.cms.CmsMsg.password;
import static org.argeo.cms.CmsMsg.username;
-import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_ANONYMOUS;
-import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_USER;
import java.io.IOException;
import java.util.List;
import org.argeo.cms.ui.CmsView;
import org.argeo.cms.ui.internal.Activator;
import org.argeo.cms.util.CmsUtils;
+import org.argeo.node.NodeConstants;
import org.eclipse.rap.rwt.RWT;
import org.eclipse.swt.SWT;
import org.eclipse.swt.events.MouseAdapter;
//
// LOGIN
//
- new LoginContext(LOGIN_CONTEXT_ANONYMOUS, subject).logout();
- loginContext = new LoginContext(LOGIN_CONTEXT_USER, subject, this);
+ new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject).logout();
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject, this);
loginContext.login();
} catch (FailedLoginException e) {
log.warn(e.getMessage());
package org.argeo.cms.auth;
+import org.argeo.node.NodeConstants;
import org.osgi.service.http.HttpContext;
/** Public properties of the CMS Kernel */
public interface AuthConstants {
// LOGIN CONTEXTS
- final static String LOGIN_CONTEXT_USER = "USER";
- final static String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS";
- final static String LOGIN_CONTEXT_DATA_ADMIN = "DATA_ADMIN";
- final static String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER";
+ /**
+ * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_USER} instead
+ */
+ final static String LOGIN_CONTEXT_USER = NodeConstants.LOGIN_CONTEXT_USER;
+ /**
+ * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_ANONYMOUS} instead
+ */
+ final static String LOGIN_CONTEXT_ANONYMOUS = NodeConstants.LOGIN_CONTEXT_ANONYMOUS;
+ /**
+ * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_DATA_ADMIN} instead
+ */
+ final static String LOGIN_CONTEXT_DATA_ADMIN = NodeConstants.LOGIN_CONTEXT_DATA_ADMIN;
+ /**
+ * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_SINGLE_USER} instead
+ */
+ final static String LOGIN_CONTEXT_SINGLE_USER = NodeConstants.LOGIN_CONTEXT_SINGLE_USER;
// RESERVED ROLES
- public final static String ROLE_KERNEL = "OU=node";
- public final static String ROLES_BASEDN = "ou=roles,ou=node";
- public final static String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN;
- public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin," + ROLES_BASEDN;
- public final static String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN;
+ // public final static String ROLE_KERNEL = "OU=node";
+ /**
+ * @deprecated Use {@link NodeConstants#ROLES_BASEDN} instead
+ */
+ public final static String ROLES_BASEDN = NodeConstants.ROLES_BASEDN;
+ /**
+ * @deprecated Use {@link NodeConstants#ROLE_ADMIN} instead
+ */
+ public final static String ROLE_ADMIN = NodeConstants.ROLE_ADMIN;
+ public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin," + NodeConstants.ROLES_BASEDN;
+ /**
+ * @deprecated Use {@link NodeConstants#ROLE_USER_ADMIN} instead
+ */
+ public final static String ROLE_USER_ADMIN = NodeConstants.ROLE_USER_ADMIN;
// Special system groups that cannot be edited:
// user U anonymous = everyone
- public final static String ROLE_USER = "cn=user," + ROLES_BASEDN;
- public final static String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN;
+ /**
+ * @deprecated Use {@link NodeConstants#ROLE_USER} instead
+ */
+ public final static String ROLE_USER = NodeConstants.ROLE_USER;
+ /**
+ * @deprecated Use {@link NodeConstants#ROLE_ANONYMOUS} instead
+ */
+ public final static String ROLE_ANONYMOUS = NodeConstants.ROLE_ANONYMOUS;
// SHARED STATE KEYS
// compatible with com.sun.security.auth.module.*LoginModule
import org.argeo.cms.CmsException;
import org.argeo.eclipse.ui.specific.UiContext;
import org.argeo.node.NodeAuthenticated;
+import org.argeo.node.NodeConstants;
import org.osgi.service.useradmin.Authorization;
/** Static utilities */
public static boolean isAnonymous(Subject subject) {
String username = getUsername(subject);
return username == null
- || username.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS);
+ || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
}
private static Subject currentSubject() {
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.argeo.cms.CmsException;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
+import org.argeo.node.NodeConstants;
import org.osgi.service.useradmin.Authorization;
public class NodeUserLoginModule implements LoginModule, AuthConstants {
private Subject subject;
private Map<String, Object> sharedState = null;
- private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
+ private final static LdapName ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME;
private final static List<LdapName> RESERVED_ROLES;
private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL;
static {
try {
- ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL);
- ROLE_ADMIN_NAME = new LdapName(AuthConstants.ROLE_ADMIN);
- ROLE_USER_NAME = new LdapName(AuthConstants.ROLE_USER);
- ROLE_ANONYMOUS_NAME = new LdapName(AuthConstants.ROLE_ANONYMOUS);
- RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_KERNEL_NAME,
- ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
- new LdapName(AuthConstants.ROLE_USER_ADMIN) }));
+ // ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL);
+ ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN);
+ ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER);
+ ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS);
+ RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_ADMIN_NAME,
+ ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN),
+ new LdapName(NodeConstants.ROLE_USER_ADMIN) }));
ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString());
} catch (InvalidNameException e) {
throw new Error("Cannot initialize login module class", e);
}
private void checkImpliedPrincipalName(LdapName roleName) {
- if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName)
- || ROLE_KERNEL_NAME.equals(roleName))
+ if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
throw new CmsException(roleName + " cannot be listed as role");
}
}
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.argeo.cms.internal.auth.ImpliedByPrincipal;
+import org.argeo.node.NodeConstants;
public class SingleUserLoginModule implements LoginModule, AuthConstants {
private Subject subject;
+ ",dc=localhost,dc=localdomain");
Set<Principal> principals = subject.getPrincipals();
principals.add(principal);
- principals.add(new ImpliedByPrincipal(ROLE_ADMIN, principal));
+ principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal));
// Jackrabbit
principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
return true;
+++ /dev/null
-package org.argeo.cms.auth;
-
-import javax.security.auth.login.LoginException;
-
-public class ThreadDeathLoginException extends LoginException {
- private static final long serialVersionUID = 4359130889332276894L;
-
- private final ThreadDeath threadDeath;
-
- public ThreadDeathLoginException(String msg, ThreadDeath cause) {
- this.threadDeath = cause;
- }
-
- public ThreadDeath getThreadDeath() {
- return threadDeath;
- }
-}
\ No newline at end of file
callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback });
} catch (IOException e) {
throw new LoginException("Cannot handle callback: " + e.getMessage());
- } catch (ThreadDeath e) {
- throw new ThreadDeathLoginException("Callbackhandler thread died", e);
+// } catch (ThreadDeath e) {
+// throw new ThreadDeathLoginException("Callbackhandler thread died", e);
} catch (UnsupportedCallbackException e) {
return false;
}
package org.argeo.cms.internal.auth;
-import java.security.Principal;
-import java.security.cert.CertPath;
-import java.util.Map;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
-import javax.security.auth.spi.LoginModule;
-import javax.security.auth.x500.X500Principal;
-import javax.security.auth.x500.X500PrivateCredential;
-
-import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.argeo.cms.auth.AuthConstants;
-
-public class KernelLoginModule implements LoginModule {
- private Subject subject;
-
- @Override
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String, ?> sharedState, Map<String, ?> options) {
- this.subject = subject;
- }
-
- @Override
- public boolean login() throws LoginException {
- // TODO check permission at code level ?
- return true;
- }
-
- @Override
- public boolean commit() throws LoginException {
- // Check that kernel has been logged in w/ certificate
- // Name
- Set<X500Principal> names = subject.getPrincipals(X500Principal.class);
- if (names.isEmpty() || names.size() > 1) {
- // throw new LoginException("Kernel must have been named");
- // TODO set not hardened
- subject.getPrincipals().add(
- new X500Principal(AuthConstants.ROLE_KERNEL));
- } else {
- X500Principal name = names.iterator().next();
- if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
- throw new LoginException("Kernel must be named "
- + AuthConstants.ROLE_KERNEL);
- // Private certificate
- Set<X500PrivateCredential> privateCerts = subject
- .getPrivateCredentials(X500PrivateCredential.class);
- X500PrivateCredential privateCert = null;
- for (X500PrivateCredential pCert : privateCerts) {
- if (pCert.getCertificate().getSubjectX500Principal()
- .equals(name)) {
- privateCert = pCert;
- }
- }
- if (privateCert == null)
- throw new LoginException(
- "Kernel must have a private certificate");
- // Certificate path
- Set<CertPath> certPaths = subject
- .getPublicCredentials(CertPath.class);
- CertPath certPath = null;
- for (CertPath cPath : certPaths) {
- if (cPath.getCertificates().get(0)
- .equals(privateCert.getCertificate())) {
- certPath = cPath;
- }
- }
- if (certPath == null)
- throw new LoginException("Kernel must have a certificate path");
- }
- Set<Principal> principals = subject.getPrincipals();
- // Add admin roles
-
- // Add data access roles
- principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
-
- return true;
- }
-
- @Override
- public boolean abort() throws LoginException {
- return true;
- }
-
- @Override
- public boolean logout() throws LoginException {
- // clear everything
- subject.getPrincipals().clear();
- subject.getPublicCredentials().clear();
- subject.getPrivateCredentials().clear();
- return true;
- }
+public class KernelLoginModule {//implements LoginModule {
+// private Subject subject;
+//
+// @Override
+// public void initialize(Subject subject, CallbackHandler callbackHandler,
+// Map<String, ?> sharedState, Map<String, ?> options) {
+// this.subject = subject;
+// }
+//
+// @Override
+// public boolean login() throws LoginException {
+// // TODO check permission at code level ?
+// return true;
+// }
+//
+// @Override
+// public boolean commit() throws LoginException {
+// // Check that kernel has been logged in w/ certificate
+// // Name
+// Set<X500Principal> names = subject.getPrincipals(X500Principal.class);
+// if (names.isEmpty() || names.size() > 1) {
+// // throw new LoginException("Kernel must have been named");
+// // TODO set not hardened
+// subject.getPrincipals().add(
+// new X500Principal(AuthConstants.ROLE_KERNEL));
+// } else {
+// X500Principal name = names.iterator().next();
+// if (!AuthConstants.ROLE_KERNEL.equals(name.getName()))
+// throw new LoginException("Kernel must be named "
+// + AuthConstants.ROLE_KERNEL);
+// // Private certificate
+// Set<X500PrivateCredential> privateCerts = subject
+// .getPrivateCredentials(X500PrivateCredential.class);
+// X500PrivateCredential privateCert = null;
+// for (X500PrivateCredential pCert : privateCerts) {
+// if (pCert.getCertificate().getSubjectX500Principal()
+// .equals(name)) {
+// privateCert = pCert;
+// }
+// }
+// if (privateCert == null)
+// throw new LoginException(
+// "Kernel must have a private certificate");
+// // Certificate path
+// Set<CertPath> certPaths = subject
+// .getPublicCredentials(CertPath.class);
+// CertPath certPath = null;
+// for (CertPath cPath : certPaths) {
+// if (cPath.getCertificates().get(0)
+// .equals(privateCert.getCertificate())) {
+// certPath = cPath;
+// }
+// }
+// if (certPath == null)
+// throw new LoginException("Kernel must have a certificate path");
+// }
+// Set<Principal> principals = subject.getPrincipals();
+// // Add admin roles
+//
+// // Add data access roles
+// principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID));
+//
+// return true;
+// }
+//
+// @Override
+// public boolean abort() throws LoginException {
+// return true;
+// }
+//
+// @Override
+// public boolean logout() throws LoginException {
+// // clear everything
+// subject.getPrincipals().clear();
+// subject.getPublicCredentials().clear();
+// subject.getPrivateCredentials().clear();
+// return true;
+// }
}
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.i18n.LocaleUtils;
import org.argeo.node.NodeConstants;
import org.argeo.node.NodeState;
bc.registerService(RepositoryFactory.class, repositoryFactory, null);
// Security
- NodeUserAdmin userAdmin = new NodeUserAdmin(AuthConstants.ROLES_BASEDN);
+ NodeUserAdmin userAdmin = new NodeUserAdmin(NodeConstants.ROLES_BASEDN);
shutdownHooks.add(() -> userAdmin.destroy());
bc.registerService(ManagedServiceFactory.class, userAdmin,
LangUtils.dico(Constants.SERVICE_PID, NodeConstants.NODE_USER_ADMIN_PID));
package org.argeo.cms.internal.kernel;
-import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_USER;
-
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet;
import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.cms.auth.HttpRequestCallback;
import org.argeo.cms.auth.HttpRequestCallbackHandler;
import org.argeo.jcr.JcrUtils;
if (authorization == null)
throw new CmsException("Not authenticated");
try {
- LoginContext lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER,
+ LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER,
new HttpRequestCallbackHandler(request));
lc.login();
return lc.getSubject();
if (anonymous) {
Subject subject = KernelUtils.anonymousLogin();
Authorization authorization = subject.getPrivateCredentials(Authorization.class).iterator().next();
- request.setAttribute(REMOTE_USER, AuthConstants.ROLE_ANONYMOUS);
+ request.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS);
request.setAttribute(AUTHORIZATION, authorization);
return true;
}
if (log.isTraceEnabled())
KernelUtils.logRequestHeaders(log, request);
try {
- new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login();
+ new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login();
return true;
} catch (CredentialNotFoundException e) {
CallbackHandler token = basicAuth(request);
if (token != null) {
try {
- LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER, token);
+ LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token);
lc.login();
// Note: this is impossible to reliably clear the
// authorization header when access from a browser.
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.node.NodeConstants;
-import org.argeo.node.RepoConf;
import org.argeo.osgi.useradmin.UserAdminConf;
import org.eclipse.equinox.http.jetty.JettyConstants;
// node roles
String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
- String baseNodeRoleDn = AuthConstants.ROLES_BASEDN;
+ String baseNodeRoleDn = NodeConstants.ROLES_BASEDN;
if (nodeRolesUri == null) {
File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif");
if (!nodeRolesFile.exists())
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.jcr.JcrRepositoryWrapper;
import org.argeo.jcr.JcrUtils;
import org.argeo.node.ArgeoNames;
setRepository(repository);
LoginContext lc;
try {
- lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_DATA_ADMIN);
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN);
lc.login();
} catch (javax.security.auth.login.LoginException e1) {
throw new CmsException("Cannot login as systrem", e1);
String username = session.getUserID();
if (username == null)
return;
- if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS))
- return;
- if (session.getUserID().equals(AuthConstants.ROLE_KERNEL))
+ if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS))
return;
+// if (session.getUserID().equals(AuthConstants.ROLE_KERNEL))
+// return;
if (session.getUserID().equals(SecurityConstants.ADMIN_ID))
return;
adminSession.save();
JcrUtils.addPrivilege(adminSession, homeBasePath,
- AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
+ NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ);
JcrUtils.addPrivilege(adminSession, peopleBasePath,
- AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
+ NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL);
adminSession.save();
} catch (RepositoryException e) {
throw new CmsException("Cannot initialize node user admin", e);
import org.apache.commons.logging.Log;
import org.argeo.cms.CmsException;
-import org.argeo.cms.auth.AuthConstants;
import org.argeo.node.NodeConstants;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
Subject subject = new Subject();
LoginContext lc;
try {
- lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
+ lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject);
lc.login();
return subject;
} catch (LoginException e) {
Thread.currentThread().setContextClassLoader(KernelUtils.class.getClassLoader());
LoginContext loginContext;
try {
- loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_DATA_ADMIN);
+ loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN);
loginContext.login();
} catch (LoginException e1) {
throw new CmsException("Could not login as data admin", e1);
// if (log.isTraceEnabled())
// log.trace(userId + " : " + node.getPath());
StringBuilder buf = new StringBuilder();
- boolean isAnonymous = userId.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS);
+ boolean isAnonymous = userId.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS);
if (isAnonymous)
buf.append(WEBDAV_PUBLIC);
else
import org.argeo.naming.LdifParser;
import org.argeo.naming.LdifWriter;
import org.argeo.node.NodeConstants;
-import org.argeo.node.RepoConf;
class NodeDeployConfig {
private final String BASE = "ou=deploy,ou=node";
import org.argeo.cms.auth.AuthConstants;
/** Low-level kernel security */
+@Deprecated
class NodeSecurity implements KernelConstants {
private final static Log log = LogFactory.getLog(NodeSecurity.class);
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
// alias
- ((NameCallback) callbacks[1]).setName(AuthConstants.ROLE_KERNEL);
+// ((NameCallback) callbacks[1]).setName(AuthConstants.ROLE_KERNEL);
// store pwd
((PasswordCallback) callbacks[2]).setPassword("changeit".toCharArray());
// key pwd
try {
keyStoreFile.getParentFile().mkdirs();
KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
- PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal(AuthConstants.ROLE_KERNEL), 1024,
- keyPwd);
+// PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal(AuthConstants.ROLE_KERNEL), 1024,
+// keyPwd);
PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
if (log.isDebugEnabled())
log.debug("Created keystore " + keyStoreFile);
--- /dev/null
+package org.argeo.cms.internal.kernel;
+
+import org.argeo.osgi.metatype.EnumAD;
+import org.argeo.osgi.metatype.EnumOCD;
+
+/** JCR repository configuration */
+enum RepoConf implements EnumAD {
+ /** Repository type */
+ type("localfs"),
+ /** Default workspace */
+ @Deprecated defaultWorkspace("main"),
+ /** Database URL */
+ dburl(null),
+ /** Database user */
+ dbuser(null),
+ /** Database password */
+ dbpassword(null),
+
+ /** The identifier (can be an URL locating the repo) */
+ labeledUri(null),
+ //
+ // JACKRABBIT SPECIFIC
+ //
+ /** Maximum database pool size */
+ maxPoolSize(10),
+ /** Maximum cache size in MB */
+ @Deprecated maxCacheMB(null),
+ /** Bundle cache size in MB */
+ bundleCacheMB(8),
+ /** Extractor pool size */
+ extractorPoolSize(0),
+ /** Search cache size */
+ searchCacheSize(1000),
+ /** Max volatile index size */
+ maxVolatileIndexSize(1048576);
+
+ /** The default value. */
+ private Object def;
+ private String oid;
+
+ RepoConf(String oid, Object def) {
+ this.oid = oid;
+ this.def = def;
+ }
+
+ RepoConf(Object def) {
+ this.def = def;
+ }
+
+ public Object getDefault() {
+ return def;
+ }
+
+ @Override
+ public String getID() {
+ if (oid != null)
+ return oid;
+ return EnumAD.super.getID();
+ }
+
+ public static class OCD extends EnumOCD<RepoConf> {
+ public OCD(String locale) {
+ super(RepoConf.class, locale);
+ }
+ }
+
+}
import org.argeo.cms.CmsException;
import org.argeo.jcr.ArgeoJcrException;
import org.argeo.node.NodeConstants;
-import org.argeo.node.RepoConf;
import org.xml.sax.InputSource;
/** Can interpret properties in order to create an actual JCR repository. */
--- /dev/null
+package org.argeo.osgi.metatype;
+
+import org.osgi.service.metatype.AttributeDefinition;
+
+public interface EnumAD extends AttributeDefinition {
+ String name();
+
+ default Object getDefault() {
+ return null;
+ }
+
+ @Override
+ default String getName() {
+ return name();
+ }
+
+ @Override
+ default String getID() {
+ return getClass().getName() + "." + name();
+ }
+
+ @Override
+ default String getDescription() {
+ return null;
+ }
+
+ @Override
+ default int getCardinality() {
+ return 0;
+ }
+
+ @Override
+ default int getType() {
+ return STRING;
+ }
+
+ @Override
+ default String[] getOptionValues() {
+ return null;
+ }
+
+ @Override
+ default String[] getOptionLabels() {
+ return null;
+ }
+
+ @Override
+ default String validate(String value) {
+ return null;
+ }
+
+ @Override
+ default String[] getDefaultValue() {
+ Object value = getDefault();
+ if (value == null)
+ return null;
+ return new String[] { value.toString() };
+ }
+}
--- /dev/null
+package org.argeo.osgi.metatype;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.List;
+
+import org.osgi.service.metatype.AttributeDefinition;
+import org.osgi.service.metatype.ObjectClassDefinition;
+
+public class EnumOCD<T extends Enum<T>> implements ObjectClassDefinition {
+ private final Class<T> enumClass;
+ private String locale;
+
+ public EnumOCD(Class<T> clazz, String locale) {
+ this.enumClass = clazz;
+ this.locale = locale;
+ }
+
+ @Override
+ public String getName() {
+ return null;
+ }
+
+ public String getLocale() {
+ return locale;
+ }
+
+ @Override
+ public String getID() {
+ return enumClass.getName();
+ }
+
+ @Override
+ public String getDescription() {
+ return null;
+ }
+
+ @Override
+ public AttributeDefinition[] getAttributeDefinitions(int filter) {
+ EnumSet<T> set = EnumSet.allOf(enumClass);
+ List<AttributeDefinition> attrs = new ArrayList<>();
+ for (T key : set)
+ attrs.add((AttributeDefinition) key);
+ return attrs.toArray(new AttributeDefinition[attrs.size()]);
+ }
+
+ @Override
+ public InputStream getIcon(int size) throws IOException {
+ return null;
+ }
+
+}
+++ /dev/null
-package org.argeo.node;
-
-import org.osgi.service.metatype.AttributeDefinition;
-
-interface EnumAD extends AttributeDefinition {
- String name();
-
- default Object getDefault() {
- return null;
- }
-
- @Override
- default String getName() {
- return name();
- }
-
- @Override
- default String getID() {
- return getClass().getName() + "." + name();
- }
-
- @Override
- default String getDescription() {
- return null;
- }
-
- @Override
- default int getCardinality() {
- return 0;
- }
-
- @Override
- default int getType() {
- return STRING;
- }
-
- @Override
- default String[] getOptionValues() {
- return null;
- }
-
- @Override
- default String[] getOptionLabels() {
- return null;
- }
-
- @Override
- default String validate(String value) {
- return null;
- }
-
- @Override
- default String[] getDefaultValue() {
- Object value = getDefault();
- if (value == null)
- return null;
- return new String[] { value.toString() };
- }
-}
+++ /dev/null
-package org.argeo.node;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.EnumSet;
-import java.util.List;
-
-import org.osgi.service.metatype.AttributeDefinition;
-import org.osgi.service.metatype.ObjectClassDefinition;
-
-class EnumOCD<T extends Enum<T>> implements ObjectClassDefinition {
- private final Class<T> enumClass;
- private String locale;
-
- public EnumOCD(Class<T> clazz, String locale) {
- this.enumClass = clazz;
- this.locale = locale;
- }
-
- @Override
- public String getName() {
- return null;
- }
-
- public String getLocale() {
- return locale;
- }
-
- @Override
- public String getID() {
- return enumClass.getName();
- }
-
- @Override
- public String getDescription() {
- return null;
- }
-
- @Override
- public AttributeDefinition[] getAttributeDefinitions(int filter) {
- EnumSet<T> set = EnumSet.allOf(enumClass);
- List<AttributeDefinition> attrs = new ArrayList<>();
- for (T key : set)
- attrs.add((AttributeDefinition) key);
- return attrs.toArray(new AttributeDefinition[attrs.size()]);
- }
-
- @Override
- public InputStream getIcon(int size) throws IOException {
- return null;
- }
-
-}
* STANDARD VALUES
*/
String DEFAULT = "default";
+
+ /*
+ * RESERVED ROLES
+ */
+ String ROLES_BASEDN = "ou=roles,ou=node";
+ String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN;
+ String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN;
+ // Special system groups that cannot be edited:
+ // user U anonymous = everyone
+ String ROLE_USER = "cn=user," + ROLES_BASEDN;
+ String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN;
+
+ /*
+ * LOGIN CONTEXTS
+ */
+ String LOGIN_CONTEXT_USER = "USER";
+ String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS";
+ String LOGIN_CONTEXT_DATA_ADMIN = "DATA_ADMIN";
+ String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER";
+
/*
* LEGACY
*/
String ARGEO_BASE_PATH = "/argeo:system";
String PEOPLE_BASE_PATH = NodeConstants.ARGEO_BASE_PATH + "/argeo:people";
- String DATA_MODELS_BASE_PATH = NodeConstants.ARGEO_BASE_PATH
- + "/argeo:dataModels";
+ String DATA_MODELS_BASE_PATH = NodeConstants.ARGEO_BASE_PATH + "/argeo:dataModels";
String ALIAS_HOME = "home";
// standard aliases
/**
+++ /dev/null
-package org.argeo.node;
-
-/** JCR repository configuration */
-public enum RepoConf implements EnumAD {
- /** Repository type */
- type("localfs"),
- /** Default workspace */
- @Deprecated
- defaultWorkspace("main"),
- /** Database URL */
- dburl(null),
- /** Database user */
- dbuser(null),
- /** Database password */
- dbpassword(null),
-
- /** The identifier (can be an URL locating the repo) */
- labeledUri(null),
- //
- // JACKRABBIT SPECIFIC
- //
- /** Maximum database pool size */
- maxPoolSize(10),
- /** Maximum cache size in MB */
- @Deprecated
- maxCacheMB(null),
- /** Bundle cache size in MB */
- bundleCacheMB(8),
- /** Extractor pool size */
- extractorPoolSize(0),
- /** Search cache size */
- searchCacheSize(1000),
- /** Max volatile index size */
- maxVolatileIndexSize(1048576);
-
- /** The default value. */
- private Object def;
- private String oid;
-
- RepoConf(String oid, Object def) {
- this.oid = oid;
- this.def = def;
- }
-
- RepoConf(Object def) {
- this.def = def;
- }
-
- public Object getDefault() {
- return def;
- }
-
- @Override
- public String getID() {
- if (oid != null)
- return oid;
- return EnumAD.super.getID();
- }
-
- public static class OCD extends EnumOCD<RepoConf> {
- public OCD(String locale) {
- super(RepoConf.class, locale);
- }
- }
-
-}