From: Mathieu Baudier Date: Sun, 20 May 2018 11:37:21 +0000 (+0200) Subject: Programatically add standard system roles X-Git-Tag: argeo-commons-2.1.74~28 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=8e9b429428549d18c14e6ccfab31d9c88fca68bc;p=lgpl%2Fargeo-commons.git Programatically add standard system roles --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java index 4d5b68e64..c4dee903f 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsDeployment.java @@ -17,6 +17,7 @@ import java.util.Set; import javax.jcr.Repository; import javax.jcr.Session; import javax.security.auth.callback.CallbackHandler; +import javax.transaction.UserTransaction; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -44,6 +45,7 @@ import org.osgi.framework.wiring.BundleWiring; import org.osgi.service.cm.Configuration; import org.osgi.service.cm.ConfigurationAdmin; import org.osgi.service.cm.ManagedService; +import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.UserAdmin; import org.osgi.util.tracker.ServiceTracker; @@ -103,9 +105,11 @@ public class CmsDeployment implements NodeDeployment { ServiceTracker userAdminSt = new ServiceTracker(bc, UserAdmin.class, null) { @Override public UserAdmin addingService(ServiceReference reference) { + UserAdmin userAdmin = super.addingService(reference); + addStandardSystemRoles(userAdmin); userAdminAvailable = true; checkReadiness(); - return super.addingService(reference); + return userAdmin; } }; // userAdminSt.open(); @@ -151,6 +155,26 @@ public class CmsDeployment implements NodeDeployment { KernelUtils.asyncOpen(confAdminSt); } + private void addStandardSystemRoles(UserAdmin userAdmin) { + // we assume UserTransaction is already available (TODO make it more robust) + UserTransaction userTransaction = bc.getService(bc.getServiceReference(UserTransaction.class)); + try { + userTransaction.begin(); + if (userAdmin.getRole(NodeConstants.ROLE_ADMIN) == null) + userAdmin.createRole(NodeConstants.ROLE_ADMIN, Role.GROUP); + if (userAdmin.getRole(NodeConstants.ROLE_USER_ADMIN) == null) + userAdmin.createRole(NodeConstants.ROLE_USER_ADMIN, Role.GROUP); + userTransaction.commit(); + } catch (Exception e) { + try { + userTransaction.rollback(); + } catch (Exception e1) { + // silent + } + throw new CmsException("Cannot add standard system roles", e); + } + } + private void loadIpaJaasConfiguration() { if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) { String jaasConfig = KernelConstants.JAAS_CONFIG_IPA; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif index d4c151c63..85247edce 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/ou=roles,ou=node.ldif @@ -7,21 +7,3 @@ dn: ou=roles,ou=node objectClass: organizationalUnit objectClass: top ou: roles - -dn: cn=admin,ou=roles,ou=node -objectClass: groupOfNames -objectClass: top -cn: admin -member: uid=root,ou=People,dc=example,dc=com - -dn: cn=userAdmin,ou=roles,ou=node -objectClass: groupOfNames -objectClass: top -cn: userAdmin -member: cn=admin,ou=roles,ou=node - -dn: cn=registering,ou=roles,ou=node -objectClass: groupOfNames -objectClass: top -cn: registering -