<!-- AUTHENTICATION -->
<bean id="ldapAuthenticationProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
- <constructor-arg ref="passwordComparisonAuthenticator" />
+ <constructor-arg ref="ldapAuthenticator" />
<constructor-arg ref="authoritiesPopulator" />
<property name="userDetailsContextMapper" ref="jcrUserDetailsContextMapper" />
</bean>
- <bean id="passwordComparisonAuthenticator"
- class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator">
+ <bean id="ldapAuthenticator"
+ class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value>
</list>
</property>
- <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}" />
- <property name="passwordEncoder" ref="passwordEncoder" />
</bean>
+ <!-- DOESN'T WORK WITH SSHA -->
+ <!-- <bean id="passwordComparisonAuthenticator" -->
+ <!-- class="org.springframework.security.providers.ldap.authenticator.PasswordComparisonAuthenticator"> -->
+ <!-- <constructor-arg ref="contextSource" /> -->
+ <!-- <property name="userDnPatterns"> -->
+ <!-- <list> -->
+ <!-- <value><![CDATA[${argeo.ldap.usernameAttribute}={0},${argeo.ldap.userBase}]]></value> -->
+ <!-- </list> -->
+ <!-- </property> -->
+ <!-- <property name="passwordAttributeName" value="${argeo.ldap.passwordAttribute}"
+ /> -->
+ <!-- <property name="passwordEncoder" ref="passwordEncoder" /> -->
+ <!-- </bean> -->
+
<!-- USER DETAILS -->
<bean id="securityDao" class="org.argeo.security.ldap.ArgeoSecurityDaoLdap">
<constructor-arg ref="contextSource" />
protected void addPages() {
try {
addPage(new DefaultUserMainPage(this,
- userHome.getNode(ArgeoNames.ARGEO_USER_PROFILE)));
+ userHome.getNode(ArgeoNames.ARGEO_PROFILE)));
addPage(new UserRolesPage(this, userDetails, userAdminService));
} catch (Exception e) {
throw new ArgeoException("Cannot add pages", e);
.getWorkspace()
.getQueryManager()
.createQuery(
- "select [" + ARGEO_USER_PROFILE + "] from ["
+ "select [" + ARGEO_PROFILE + "] from ["
+ ARGEO_USER_HOME + "]", Query.JCR_SQL2);
NodeIterator nit = query.execute().getNodes();
List<Node> userProfiles = new ArrayList<Node>();
else
return userName;
case 1:
- return userHome.getNode(ARGEO_USER_PROFILE)
+ return userHome.getNode(ARGEO_PROFILE)
.getProperty(ARGEO_FIRST_NAME).getString();
case 2:
- return userHome.getNode(ARGEO_USER_PROFILE)
+ return userHome.getNode(ARGEO_PROFILE)
.getProperty(ARGEO_LAST_NAME).getString();
case 3:
- return userHome.getNode(ARGEO_USER_PROFILE)
+ return userHome.getNode(ARGEO_PROFILE)
.getProperty(ARGEO_PRIMARY_EMAIL).getString();
default:
throw new ArgeoException("Unmanaged column " + columnIndex);
import org.apache.commons.logging.LogFactory;
import org.argeo.ArgeoException;
import org.argeo.jcr.ArgeoNames;
-import org.argeo.jcr.ArgeoTypes;
import org.argeo.jcr.JcrUtils;
import org.argeo.security.jcr.JcrUserDetails;
import org.springframework.ldap.core.DirContextAdapter;
// session = nodeRepo.login();
Node userHome = JcrUtils.getUserHome(session, username);
if (userHome == null)
- userHome = createUserHome(session, username);
+ userHome = JcrUtils.createUserHome(session, homeBasePath,
+ username);
String userHomePath = userHome.getPath();
- Node userProfile;
- if (userHome.hasNode(ARGEO_USER_PROFILE)) {
- userProfile = userHome.getNode(ARGEO_USER_PROFILE);
+ Node userProfile = userHome.getNode(ARGEO_PROFILE);
+ if (userHome.hasNode(ARGEO_PROFILE)) {
+ userProfile = userHome.getNode(ARGEO_PROFILE);
} else {
- userProfile = userHome.addNode(ARGEO_USER_PROFILE);
+ userProfile = userHome.addNode(ARGEO_PROFILE);
userProfile.addMixin(NodeType.MIX_TITLE);
userProfile.addMixin(NodeType.MIX_CREATED);
userProfile.addMixin(NodeType.MIX_LAST_MODIFIED);
}
}
- protected Node createUserHome(Session session, String username) {
- try {
- Node userHome = JcrUtils.mkdirs(session,
- usernameToHomePath(username));
- userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
- userHome.setProperty(ARGEO_USER_ID, username);
- return userHome;
- } catch (RepositoryException e) {
- throw new ArgeoException("Cannot create home node for user "
- + username, e);
- }
- }
-
- protected String usernameToHomePath(String username) {
- return homeBasePath + '/' + JcrUtils.firstCharsToPath(username, 2)
- + '/' + username;
- }
-
public void mapUserToContext(UserDetails user, final DirContextAdapter ctx) {
if (!(user instanceof JcrUserDetails))
throw new ArgeoException("Unsupported user details: "
// repositoryFactory, ArgeoJcrConstants.ALIAS_NODE);
// session = nodeRepo.login();
Node userProfile = session.getNode(jcrUserDetails.getHomePath()
- + '/' + ARGEO_USER_PROFILE);
+ + '/' + ARGEO_PROFILE);
for (String jcrProperty : propertyToAttributes.keySet())
jcrToLdap(userProfile, jcrProperty, ctx);
if (log.isDebugEnabled())
public final static String ARGEO_URI = "argeo:uri";
public final static String ARGEO_USER_ID = "argeo:userID";
-
+
// user profile
- public final static String ARGEO_USER_PROFILE = "argeo:userProfile";
+ public final static String ARGEO_PROFILE = "argeo:profile";
public final static String ARGEO_FIRST_NAME = "argeo:firstName";
public final static String ARGEO_LAST_NAME = "argeo:lastName";
public final static String ARGEO_PRIMARY_EMAIL = "argeo:primaryEmail";
public interface ArgeoTypes {
public final static String ARGEO_LINK = "argeo:link";
public final static String ARGEO_USER_HOME = "argeo:userHome";
+ public final static String ARGEO_USER_PROFILE = "argeo:userProfile";
}
return getUserHome(session, userID);
}
+ /** Get the profile of the user attached to this session. */
+ public static Node getUserProfile(Session session) {
+ String userID = session.getUserID();
+ return getUserProfile(session, userID);
+ }
+
/**
* Returns the home node of the session user or null if none was found.
*
throw new ArgeoException("Cannot find home for user " + userID, e);
}
}
+
+ public static Node getUserProfile(Session session, String userID) {
+ try {
+ QueryObjectModelFactory qomf = session.getWorkspace()
+ .getQueryManager().getQOMFactory();
+ Selector sel = qomf.selector(ArgeoTypes.ARGEO_USER_PROFILE,
+ "userProfile");
+ DynamicOperand userIdDop = qomf.propertyValue("userProfile",
+ ArgeoNames.ARGEO_USER_ID);
+ StaticOperand userIdSop = qomf.literal(session.getValueFactory()
+ .createValue(userID));
+ Constraint constraint = qomf.comparison(userIdDop,
+ QueryObjectModelFactory.JCR_OPERATOR_EQUAL_TO, userIdSop);
+ Query query = qomf.createQuery(sel, constraint, null, null);
+ Node userHome = JcrUtils.querySingleNode(query);
+ return userHome;
+ } catch (RepositoryException e) {
+ throw new ArgeoException("Cannot find profile for user " + userID,
+ e);
+ }
+ }
+
+ public static Node createUserHome(Session session, String homeBasePath,
+ String username) {
+ try {
+ if (session.hasPendingChanges())
+ throw new ArgeoException(
+ "Session has pending changes, save them first");
+ String homePath = homeBasePath + '/'
+ + firstCharsToPath(username, 2) + '/' + username;
+ Node userHome = JcrUtils.mkdirs(session, homePath);
+
+ Node userProfile = userHome.addNode(ArgeoNames.ARGEO_PROFILE);
+ userProfile.addMixin(ArgeoTypes.ARGEO_USER_PROFILE);
+ userProfile.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+ session.save();
+ // we need to save the profile before adding the user home type
+ PropertyIterator pit = userHome.getProperties();
+ while (pit.hasNext()) {
+ Property p = pit.nextProperty();
+ log.debug(p.getName() + "=" + p.getValue().getString());
+ }
+ userHome.addMixin(ArgeoTypes.ARGEO_USER_HOME);
+ // see
+ // http://jackrabbit.510166.n4.nabble.com/Jackrabbit-2-0-beta-6-Problem-adding-a-Mixin-type-with-mandatory-properties-after-setting-propertiesn-td1290332.html
+ userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
+ session.save();
+ return userHome;
+ } catch (RepositoryException e) {
+ discardQuietly(session);
+ throw new ArgeoException("Cannot create home node for user "
+ + username, e);
+ }
+ }
}
// URI(s)
- argeo:uri (STRING) m
-// HOME DIRECTORIES
-[argeo:home] > nt:unstructured, mix:created, mix:lastModified
-orderable
-+ * (argeo:userHome) *
-
+// USER NODES
+// user should be lower case, between 3 and 15 characters long
[argeo:userHome] > mix:created, mix:lastModified
mixin
-- argeo:userID (STRING) m
+- argeo:userID (STRING) m < '^[a-z0-9_]{3,15}$'
++ argeo:profile (argeo:userProfile)
+
+[argeo:userProfile] > mix:created, mix:lastModified, mix:title, mix:versionable
+mixin
+- argeo:userID (STRING) m < '^[a-z0-9_]{3,15}$'