From: Mathieu Baudier Date: Fri, 30 Sep 2016 10:57:32 +0000 (+0000) Subject: Improve Commons API X-Git-Tag: argeo-commons-2.1.48~7 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=fd8f2c91e47d38445ba9702b40559939162f666d;p=lgpl%2Fargeo-commons.git Improve Commons API git-svn-id: https://svn.argeo.org/commons/trunk@9229 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java b/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java index 04b6f0a9d..a169ce77a 100644 --- a/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java +++ b/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/AnonymousEntryPoint.java @@ -24,7 +24,7 @@ import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; +import org.argeo.node.NodeConstants; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.swt.widgets.Display; @@ -56,7 +56,7 @@ public class AnonymousEntryPoint implements EntryPoint { final LoginContext loginContext; try { - loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); loginContext.login(); } catch (LoginException e1) { diff --git a/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java b/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java deleted file mode 100644 index a681527f7..000000000 --- a/org.argeo.cms.ui.workbench.rap/src/org/argeo/security/ui/rap/SecureEntryPoint.java +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (C) 2007-2012 Argeo GmbH - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.argeo.security.ui.rap; - -import java.security.AccessControlContext; -import java.security.AccessController; -import java.security.PrivilegedAction; - -import javax.security.auth.Subject; -import javax.security.auth.login.CredentialNotFoundException; -import javax.security.auth.login.FailedLoginException; -import javax.security.auth.login.LoginContext; -import javax.security.auth.login.LoginException; -import javax.security.auth.x500.X500Principal; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; -import org.argeo.cms.auth.ThreadDeathLoginException; -import org.argeo.cms.widgets.auth.DefaultLoginDialog; -import org.argeo.eclipse.ui.dialogs.ErrorFeedback; -import org.eclipse.jface.dialogs.MessageDialog; -import org.eclipse.rap.rwt.RWT; -import org.eclipse.rap.rwt.application.EntryPoint; -import org.eclipse.swt.widgets.Display; -import org.eclipse.ui.PlatformUI; - -/** - * RAP entry point with login capabilities. Once the user has been - * authenticated, the workbench is run as a privileged action by the related - * subject. - */ -@Deprecated -public class SecureEntryPoint implements EntryPoint { - final static String ACCESS_CONTROL_CONTEXT = "org.argeo.node.accessControlContext"; - private final static Log log = LogFactory.getLog(SecureEntryPoint.class); - - /** - * How many seconds to wait before invalidating the session if the user has - * not yet logged in. - */ - private Integer loginTimeout = 1 * 60; - // TODO make it configurable - /** Default session timeout is 8 hours (European working day length) */ - private Integer sessionTimeout = 8 * 60 * 60; - - /** Override to provide an application specific workbench advisor */ - protected RapWorkbenchAdvisor createRapWorkbenchAdvisor(String username) { - return new RapWorkbenchAdvisor(username); - } - - @Override - public final int createUI() { - // Short login timeout so that the modal dialog login doesn't hang - // around too long - RWT.getRequest().getSession().setMaxInactiveInterval(loginTimeout); - - final Display display = PlatformUI.createDisplay(); - - // load context from session - HttpServletRequest httpRequest = RWT.getRequest(); - final HttpSession httpSession = httpRequest.getSession(); - AccessControlContext acc = (AccessControlContext) httpSession - .getAttribute(ACCESS_CONTROL_CONTEXT); - - final Subject subject; - if (acc != null - && Subject.getSubject(acc).getPrincipals(X500Principal.class) - .size() == 1) { - subject = Subject.getSubject(acc); - } else { - subject = new Subject(); - - final LoginContext loginContext; - DefaultLoginDialog callbackHandler; - try { - callbackHandler = new DefaultLoginDialog( - display.getActiveShell()); - loginContext = new LoginContext( - AuthConstants.LOGIN_CONTEXT_USER, subject, - callbackHandler); - } catch (LoginException e1) { - throw new CmsException("Cannot initialize login context", e1); - } - - tryLogin: while (subject.getPrincipals(X500Principal.class).size() == 0) { - try { - loginContext.login(); - if (subject.getPrincipals(X500Principal.class).size() == 0) - throw new CmsException("Login succeeded but no auth");// fatal - - // add thread locale to RWT session - // if (log.isTraceEnabled()) - // log.trace("Locale " + LocaleUtils.threadLocale.get()); - // RWT.setLocale(LocaleUtils.threadLocale.get()); - - // once the user is logged in, longer session timeout - RWT.getRequest().getSession() - .setMaxInactiveInterval(sessionTimeout); - - if (log.isDebugEnabled()) - log.debug("Authenticated " + subject); - } catch (FailedLoginException e) { - MessageDialog.openInformation(display.getActiveShell(), - "Bad Credentials", e.getMessage()); - // retry login - continue tryLogin; - } catch (CredentialNotFoundException e) { - MessageDialog.openInformation(display.getActiveShell(), - "No Credentials", e.getMessage()); - // retry login - continue tryLogin; - } catch (LoginException e) { - callbackHandler.getShell().dispose(); - return processLoginDeath(display, e); - } - } - } - final String username = subject.getPrincipals(X500Principal.class) - .iterator().next().getName(); - // Logout callback when the display is disposed - display.disposeExec(new Runnable() { - public void run() { - if (log.isTraceEnabled()) - log.trace("Display disposed"); - try { - LoginContext loginContext = new LoginContext( - AuthConstants.LOGIN_CONTEXT_USER, subject); - loginContext.logout(); - } catch (LoginException e) { - log.error("Error when logging out", e); - } - } - }); - - // - // RUN THE WORKBENCH - // - Integer returnCode = null; - try { - returnCode = Subject.doAs(subject, new PrivilegedAction() { - public Integer run() { - // add security context to session - httpSession.setAttribute(ACCESS_CONTROL_CONTEXT, - AccessController.getContext()); - - // start workbench - RapWorkbenchAdvisor workbenchAdvisor = createRapWorkbenchAdvisor(username); - int result = PlatformUI.createAndRunWorkbench(display, - workbenchAdvisor); - return new Integer(result); - } - }); - // Explicit exit from workbench - fullLogout(subject, username); - } finally { - display.dispose(); - } - return returnCode; - } - - private Integer processLoginDeath(Display display, Throwable e) { - // check thread death - ThreadDeath td = wasCausedByThreadDeath(e); - if (td != null) { - display.dispose(); - throw td; - } - if (!display.isDisposed()) { - ErrorFeedback.show("Unexpected exception during authentication", e); - // this was not just bad credentials or death thread - RWT.getRequest().getSession().setMaxInactiveInterval(1); - display.dispose(); - return -1; - } else { - throw new CmsException( - "Unexpected exception during authentication", e); - } - - } - - /** - * If there is a {@link ThreadDeath} in the root causes, rethrow it - * (important for RAP cleaning mechanism) - */ - protected ThreadDeath wasCausedByThreadDeath(Throwable t) { - if (t instanceof ThreadDeath) - return (ThreadDeath) t; - if (t instanceof ThreadDeathLoginException) - return ((ThreadDeathLoginException) t).getThreadDeath(); - if (t.getCause() != null) - return wasCausedByThreadDeath(t.getCause()); - else - return null; - } - - private void fullLogout(Subject subject, String username) { - try { - LoginContext loginContext = new LoginContext( - AuthConstants.LOGIN_CONTEXT_USER, subject); - loginContext.logout(); - HttpServletRequest httpRequest = RWT.getRequest(); - HttpSession httpSession = httpRequest.getSession(); - httpSession.setAttribute(ACCESS_CONTROL_CONTEXT, null); - RWT.getRequest().getSession().setMaxInactiveInterval(1); - log.info("Logged out " + (username != null ? username : "") - + " (THREAD=" + Thread.currentThread().getId() + ")"); - } catch (LoginException e) { - log.error("Error when logging out", e); - } - } -} diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/GroupsView.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/GroupsView.java index 32bbc9ffb..ec20a04e7 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/GroupsView.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/GroupsView.java @@ -21,7 +21,6 @@ import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.workbench.WorkbenchUiPlugin; import org.argeo.cms.ui.workbench.internal.useradmin.UiUserAdminListener; import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper; @@ -36,6 +35,7 @@ import org.argeo.eclipse.ui.ColumnDefinition; import org.argeo.eclipse.ui.EclipseUiUtils; import org.argeo.eclipse.ui.parts.LdifUsersTable; import org.argeo.node.ArgeoNames; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.eclipse.jface.viewers.TableViewer; import org.eclipse.swt.SWT; @@ -74,7 +74,7 @@ public class GroupsView extends ViewPart implements ArgeoNames { public void createPartControl(Composite parent) { parent.setLayout(EclipseUiUtils.noSpaceGridLayout()); - boolean isAdmin = UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN); + boolean isAdmin = UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN); // Define the displayed columns columnDefs.add(new ColumnDefinition(new RoleIconLP(), "", 26)); @@ -190,7 +190,7 @@ public class GroupsView extends ViewPart implements ArgeoNames { if (!showSystemRoles) builder.append("(!(").append(LdifName.dn.name()) .append("=*") - .append(AuthConstants.ROLES_BASEDN) + .append(NodeConstants.ROLES_BASEDN) .append("))"); builder.append("(|"); builder.append(tmpBuilder.toString()); @@ -203,7 +203,7 @@ public class GroupsView extends ViewPart implements ArgeoNames { .append(LdifName.groupOfNames.name()) .append(")(!(").append(LdifName.dn.name()) .append("=*") - .append(AuthConstants.ROLES_BASEDN) + .append(NodeConstants.ROLES_BASEDN) .append(")))"); else builder.append("(").append(LdifName.objectClass.name()) diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserBatchUpdateWizard.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserBatchUpdateWizard.java index 984008bf7..29ff106ee 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserBatchUpdateWizard.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserBatchUpdateWizard.java @@ -11,7 +11,6 @@ import javax.transaction.UserTransaction; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper; import org.argeo.cms.ui.workbench.internal.useradmin.providers.CommonNameLP; import org.argeo.cms.ui.workbench.internal.useradmin.providers.DomainNameLP; @@ -22,6 +21,7 @@ import org.argeo.eclipse.ui.ColumnDefinition; import org.argeo.eclipse.ui.EclipseUiUtils; import org.argeo.eclipse.ui.parts.LdifUsersTable; import org.argeo.node.ArgeoNames; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.eclipse.jface.dialogs.IPageChangeProvider; import org.eclipse.jface.dialogs.IPageChangedListener; @@ -415,7 +415,7 @@ public class UserBatchUpdateWizard extends Wizard { 200)); // Only show technical DN to admin - if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN)) + if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN)) columnDefs.add(new ColumnDefinition(new UserNameLP(), "Distinguished Name", 300)); @@ -529,7 +529,7 @@ public class UserBatchUpdateWizard extends Wizard { columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 200)); // Only show technical DN to admin - if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN)) + if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN)) columnDefs.add(new ColumnDefinition(new UserNameLP(), "Distinguished Name", 300)); userTableCmp = new ChosenUsersTableViewer(pageCmp, SWT.MULTI diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserMainPage.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserMainPage.java index ea0b8784a..d96dfbc90 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserMainPage.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UserMainPage.java @@ -20,7 +20,6 @@ import java.util.Iterator; import java.util.List; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.workbench.internal.useradmin.SecurityAdminImages; import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper; import org.argeo.cms.ui.workbench.internal.useradmin.parts.UserEditor.GroupChangeListener; @@ -36,6 +35,7 @@ import org.argeo.eclipse.ui.ColumnDefinition; import org.argeo.eclipse.ui.EclipseUiUtils; import org.argeo.eclipse.ui.parts.LdifUsersTable; import org.argeo.node.ArgeoNames; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.eclipse.jface.action.Action; import org.eclipse.jface.action.ToolBarManager; @@ -253,7 +253,7 @@ public class UserMainPage extends FormPage implements ArgeoNames { Composite body = (Composite) section.getClient(); body.setLayout(EclipseUiUtils.noSpaceGridLayout()); - boolean isAdmin = UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN); + boolean isAdmin = UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN); // Displayed columns List columnDefs = new ArrayList(); diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UsersView.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UsersView.java index e4c265461..9e8f9d197 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UsersView.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/parts/UsersView.java @@ -19,7 +19,6 @@ import java.util.ArrayList; import java.util.List; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.workbench.WorkbenchUiPlugin; import org.argeo.cms.ui.workbench.internal.useradmin.UiUserAdminListener; import org.argeo.cms.ui.workbench.internal.useradmin.UserAdminWrapper; @@ -34,6 +33,7 @@ import org.argeo.eclipse.ui.ColumnDefinition; import org.argeo.eclipse.ui.EclipseUiUtils; import org.argeo.eclipse.ui.parts.LdifUsersTable; import org.argeo.node.ArgeoNames; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.eclipse.jface.viewers.TableViewer; import org.eclipse.swt.SWT; @@ -75,7 +75,7 @@ public class UsersView extends ViewPart implements ArgeoNames { columnDefs.add(new ColumnDefinition(new MailLP(), "E-mail", 150)); columnDefs.add(new ColumnDefinition(new DomainNameLP(), "Domain", 200)); // Only show technical DN to admin - if (UserAdminUtils.isUserInRole(AuthConstants.ROLE_ADMIN)) + if (UserAdminUtils.isUserInRole(NodeConstants.ROLE_ADMIN)) columnDefs.add(new ColumnDefinition(new UserNameLP(), "Distinguished Name", 300)); diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/RoleIconLP.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/RoleIconLP.java index 125791f4b..f482a16eb 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/RoleIconLP.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/RoleIconLP.java @@ -1,7 +1,7 @@ package org.argeo.cms.ui.workbench.internal.useradmin.providers; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.workbench.internal.useradmin.SecurityAdminImages; +import org.argeo.node.NodeConstants; import org.eclipse.swt.graphics.Image; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; @@ -19,7 +19,7 @@ public class RoleIconLP extends UserAdminAbstractLP { public Image getImage(Object element) { User user = (User) element; String dn = user.getName(); - if (dn.endsWith(AuthConstants.ROLES_BASEDN)) + if (dn.endsWith(NodeConstants.ROLES_BASEDN)) return SecurityAdminImages.ICON_ROLE; else if (user.getType() == Role.GROUP) return SecurityAdminImages.ICON_GROUP; diff --git a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/UserFilter.java b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/UserFilter.java index 624ee546d..04c275647 100644 --- a/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/UserFilter.java +++ b/org.argeo.cms.ui.workbench/src/org/argeo/cms/ui/workbench/internal/useradmin/providers/UserFilter.java @@ -2,8 +2,8 @@ package org.argeo.cms.ui.workbench.internal.useradmin.providers; import static org.argeo.eclipse.ui.EclipseUiUtils.notEmpty; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.util.useradmin.UserAdminUtils; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.eclipse.jface.viewers.Viewer; import org.eclipse.jface.viewers.ViewerFilter; @@ -37,7 +37,7 @@ public class UserFilter extends ViewerFilter { User user = (User) element; if (!showSystemRole && user.getName().matches( - ".*(" + AuthConstants.ROLES_BASEDN + ")")) + ".*(" + NodeConstants.ROLES_BASEDN + ")")) // UserAdminUtils.getProperty(user, LdifName.dn.name()) // .toLowerCase().endsWith(AuthConstants.ROLES_BASEDN)) return false; diff --git a/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java b/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java index a5fa5ef65..5072c628d 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/ui/AbstractCmsEntryPoint.java @@ -20,11 +20,11 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.jcr.JcrUtils; import org.argeo.node.NodeAuthenticated; +import org.argeo.node.NodeConstants; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.AbstractEntryPoint; import org.eclipse.rap.rwt.client.WebClient; @@ -72,12 +72,12 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement // Initial login try { - loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, subject, + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject, new HttpRequestCallbackHandler(UiContext.getHttpRequest())); loginContext.login(); } catch (CredentialNotFoundException e) { try { - loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); loginContext.login(); } catch (LoginException e1) { throw new CmsException("Cannot log as anonymous", e); @@ -137,7 +137,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement */ protected Node getDefaultNode(Session session) throws RepositoryException { if (!session.hasPermission(defaultPath, "read")) { - if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) + if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) // TODO throw a special exception throw new CmsException("Login required"); else @@ -169,7 +169,7 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint implement throw new CmsException("Login context should not be null"); try { loginContext.logout(); - LoginContext anonymousLc = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + LoginContext anonymousLc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); anonymousLc.login(); authChange(anonymousLc); } catch (LoginException e) { diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/CmsUtils.java b/org.argeo.cms.ui/src/org/argeo/cms/util/CmsUtils.java index a21c05a72..665c4c614 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/CmsUtils.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/CmsUtils.java @@ -14,7 +14,6 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.ui.CmsConstants; import org.argeo.cms.ui.CmsView; import org.argeo.eclipse.ui.specific.UiContext; @@ -80,7 +79,7 @@ public class CmsUtils implements CmsConstants { if (log.isTraceEnabled()) log.trace(userId + " : " + node.getPath()); StringBuilder buf = new StringBuilder(); - boolean isAnonymous = userId.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS); + boolean isAnonymous = userId.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); if (isAnonymous) buf.append(WEBDAV_PUBLIC); else diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java b/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java index 424b8b23c..3c3746b72 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/LoginEntryPoint.java @@ -9,7 +9,6 @@ import javax.security.auth.login.LoginException; import javax.servlet.http.HttpServletRequest; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.cms.ui.CmsImageManager; @@ -19,6 +18,7 @@ import org.argeo.cms.widgets.auth.CmsLogin; import org.argeo.cms.widgets.auth.CmsLoginShell; import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.node.NodeAuthenticated; +import org.argeo.node.NodeConstants; import org.eclipse.rap.rwt.RWT; import org.eclipse.rap.rwt.application.EntryPoint; import org.eclipse.swt.events.SelectionListener; @@ -37,7 +37,7 @@ public class LoginEntryPoint implements EntryPoint, CmsView { UiContext.setData(NodeAuthenticated.KEY, this); try { // try pre-auth - loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject, new HttpRequestCallbackHandler(getRequest())); loginContext.login(); } catch (CredentialNotFoundException e) { diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/SimpleErgonomics.java b/org.argeo.cms.ui/src/org/argeo/cms/util/SimpleErgonomics.java index a16587a22..b7b76e4e6 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/SimpleErgonomics.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/SimpleErgonomics.java @@ -111,8 +111,9 @@ public class SimpleErgonomics extends AbstractCmsEntryPoint { try { Node node = getNode(); if (node == null) - throw new CmsException("Context cannot be null"); - uiProvider.createUi(bodyArea, node); + log.error("Context cannot be null"); + else + uiProvider.createUi(bodyArea, node); } catch (RepositoryException e) { throw new CmsException("Cannot refresh body", e); } diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/UserMenuLink.java b/org.argeo.cms.ui/src/org/argeo/cms/util/UserMenuLink.java index f7c9a7c8f..08af8d3da 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/UserMenuLink.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/UserMenuLink.java @@ -4,9 +4,9 @@ import javax.jcr.Node; import javax.security.auth.Subject; import org.argeo.cms.CmsMsg; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.ui.CmsStyles; +import org.argeo.node.NodeConstants; import org.eclipse.swt.events.DisposeEvent; import org.eclipse.swt.events.DisposeListener; import org.eclipse.swt.events.MouseEvent; @@ -26,7 +26,7 @@ public class UserMenuLink extends MenuLink { public Control createUi(Composite parent, Node context) { Subject subject = CmsUtils.getCmsView().getSubject(); String username = CurrentUser.getUsername(subject); - if (username.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS)) + if (username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS)) setLabel(CmsMsg.login.lead()); else { setLabel(CurrentUser.getDisplayName(subject)); diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminUtils.java b/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminUtils.java index 953eb02c3..01ec0d831 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminUtils.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminUtils.java @@ -11,12 +11,12 @@ import javax.security.auth.Subject; import javax.security.auth.x500.X500Principal; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.ui.CmsView; import org.argeo.cms.util.CmsUtils; import org.argeo.eclipse.ui.EclipseUiUtils; import org.argeo.jcr.JcrUtils; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.LdifName; import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; @@ -207,7 +207,7 @@ public class UserAdminUtils { /** Simply retrieves a display name of the relevant domain */ public final static String getDomainName(User user) { String dn = user.getName(); - if (dn.endsWith(AuthConstants.ROLES_BASEDN)) + if (dn.endsWith(NodeConstants.ROLES_BASEDN)) return "System roles"; try { LdapName name = new LdapName(dn); diff --git a/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminWrapper.java b/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminWrapper.java index aa764d57c..d38e77eb4 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminWrapper.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/util/useradmin/UserAdminWrapper.java @@ -10,7 +10,7 @@ import javax.transaction.Status; import javax.transaction.UserTransaction; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; +import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.UserAdminConf; import org.osgi.framework.ServiceReference; import org.osgi.service.useradmin.UserAdmin; @@ -74,7 +74,7 @@ public abstract class UserAdminWrapper { if (onlyWritable && "true".equals(readOnly)) continue; - if (baseDn.equalsIgnoreCase(AuthConstants.ROLES_BASEDN)) + if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN)) continue; dns.put(baseDn, uri); } diff --git a/org.argeo.cms.ui/src/org/argeo/cms/widgets/auth/CmsLogin.java b/org.argeo.cms.ui/src/org/argeo/cms/widgets/auth/CmsLogin.java index c8b1fcfd6..792471996 100644 --- a/org.argeo.cms.ui/src/org/argeo/cms/widgets/auth/CmsLogin.java +++ b/org.argeo.cms.ui/src/org/argeo/cms/widgets/auth/CmsLogin.java @@ -2,8 +2,6 @@ package org.argeo.cms.widgets.auth; import static org.argeo.cms.CmsMsg.password; import static org.argeo.cms.CmsMsg.username; -import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_ANONYMOUS; -import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_USER; import java.io.IOException; import java.util.List; @@ -30,6 +28,7 @@ import org.argeo.cms.ui.CmsStyles; import org.argeo.cms.ui.CmsView; import org.argeo.cms.ui.internal.Activator; import org.argeo.cms.util.CmsUtils; +import org.argeo.node.NodeConstants; import org.eclipse.rap.rwt.RWT; import org.eclipse.swt.SWT; import org.eclipse.swt.events.MouseAdapter; @@ -254,8 +253,8 @@ public class CmsLogin implements CmsStyles, CallbackHandler { // // LOGIN // - new LoginContext(LOGIN_CONTEXT_ANONYMOUS, subject).logout(); - loginContext = new LoginContext(LOGIN_CONTEXT_USER, subject, this); + new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject).logout(); + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, subject, this); loginContext.login(); } catch (FailedLoginException e) { log.warn(e.getMessage()); diff --git a/org.argeo.cms/src/org/argeo/cms/auth/AuthConstants.java b/org.argeo.cms/src/org/argeo/cms/auth/AuthConstants.java index baf093b8a..a0ceec069 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/AuthConstants.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/AuthConstants.java @@ -1,25 +1,53 @@ package org.argeo.cms.auth; +import org.argeo.node.NodeConstants; import org.osgi.service.http.HttpContext; /** Public properties of the CMS Kernel */ public interface AuthConstants { // LOGIN CONTEXTS - final static String LOGIN_CONTEXT_USER = "USER"; - final static String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS"; - final static String LOGIN_CONTEXT_DATA_ADMIN = "DATA_ADMIN"; - final static String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER"; + /** + * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_USER} instead + */ + final static String LOGIN_CONTEXT_USER = NodeConstants.LOGIN_CONTEXT_USER; + /** + * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_ANONYMOUS} instead + */ + final static String LOGIN_CONTEXT_ANONYMOUS = NodeConstants.LOGIN_CONTEXT_ANONYMOUS; + /** + * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_DATA_ADMIN} instead + */ + final static String LOGIN_CONTEXT_DATA_ADMIN = NodeConstants.LOGIN_CONTEXT_DATA_ADMIN; + /** + * @deprecated Use {@link NodeConstants#LOGIN_CONTEXT_SINGLE_USER} instead + */ + final static String LOGIN_CONTEXT_SINGLE_USER = NodeConstants.LOGIN_CONTEXT_SINGLE_USER; // RESERVED ROLES - public final static String ROLE_KERNEL = "OU=node"; - public final static String ROLES_BASEDN = "ou=roles,ou=node"; - public final static String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN; - public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin," + ROLES_BASEDN; - public final static String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN; + // public final static String ROLE_KERNEL = "OU=node"; + /** + * @deprecated Use {@link NodeConstants#ROLES_BASEDN} instead + */ + public final static String ROLES_BASEDN = NodeConstants.ROLES_BASEDN; + /** + * @deprecated Use {@link NodeConstants#ROLE_ADMIN} instead + */ + public final static String ROLE_ADMIN = NodeConstants.ROLE_ADMIN; + public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin," + NodeConstants.ROLES_BASEDN; + /** + * @deprecated Use {@link NodeConstants#ROLE_USER_ADMIN} instead + */ + public final static String ROLE_USER_ADMIN = NodeConstants.ROLE_USER_ADMIN; // Special system groups that cannot be edited: // user U anonymous = everyone - public final static String ROLE_USER = "cn=user," + ROLES_BASEDN; - public final static String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN; + /** + * @deprecated Use {@link NodeConstants#ROLE_USER} instead + */ + public final static String ROLE_USER = NodeConstants.ROLE_USER; + /** + * @deprecated Use {@link NodeConstants#ROLE_ANONYMOUS} instead + */ + public final static String ROLE_ANONYMOUS = NodeConstants.ROLE_ANONYMOUS; // SHARED STATE KEYS // compatible with com.sun.security.auth.module.*LoginModule diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java index 2d606f2a8..bc438a255 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/CurrentUser.java @@ -27,6 +27,7 @@ import javax.security.auth.x500.X500Principal; import org.argeo.cms.CmsException; import org.argeo.eclipse.ui.specific.UiContext; import org.argeo.node.NodeAuthenticated; +import org.argeo.node.NodeConstants; import org.osgi.service.useradmin.Authorization; /** Static utilities */ @@ -50,7 +51,7 @@ public final class CurrentUser { public static boolean isAnonymous(Subject subject) { String username = getUsername(subject); return username == null - || username.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS); + || username.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); } private static Subject currentSubject() { diff --git a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java index a4b7498da..956b4a65c 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/NodeUserLoginModule.java @@ -21,24 +21,25 @@ import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.argeo.cms.CmsException; import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.node.NodeConstants; import org.osgi.service.useradmin.Authorization; public class NodeUserLoginModule implements LoginModule, AuthConstants { private Subject subject; private Map sharedState = null; - private final static LdapName ROLE_KERNEL_NAME, ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME; + private final static LdapName ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME; private final static List RESERVED_ROLES; private final static X500Principal ROLE_ANONYMOUS_PRINCIPAL; static { try { - ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL); - ROLE_ADMIN_NAME = new LdapName(AuthConstants.ROLE_ADMIN); - ROLE_USER_NAME = new LdapName(AuthConstants.ROLE_USER); - ROLE_ANONYMOUS_NAME = new LdapName(AuthConstants.ROLE_ANONYMOUS); - RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_KERNEL_NAME, - ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN), - new LdapName(AuthConstants.ROLE_USER_ADMIN) })); + // ROLE_KERNEL_NAME = new LdapName(AuthConstants.ROLE_KERNEL); + ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN); + ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER); + ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS); + RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(new LdapName[] { ROLE_ADMIN_NAME, + ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, new LdapName(AuthConstants.ROLE_GROUP_ADMIN), + new LdapName(NodeConstants.ROLE_USER_ADMIN) })); ROLE_ANONYMOUS_PRINCIPAL = new X500Principal(ROLE_ANONYMOUS_NAME.toString()); } catch (InvalidNameException e) { throw new Error("Cannot initialize login module class", e); @@ -148,8 +149,7 @@ public class NodeUserLoginModule implements LoginModule, AuthConstants { } private void checkImpliedPrincipalName(LdapName roleName) { - if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName) - || ROLE_KERNEL_NAME.equals(roleName)) + if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName)) throw new CmsException(roleName + " cannot be listed as role"); } } diff --git a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java index 9b65f22ff..23bbf2345 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/SingleUserLoginModule.java @@ -13,6 +13,7 @@ import javax.security.auth.x500.X500Principal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.principal.AdminPrincipal; import org.argeo.cms.internal.auth.ImpliedByPrincipal; +import org.argeo.node.NodeConstants; public class SingleUserLoginModule implements LoginModule, AuthConstants { private Subject subject; @@ -35,7 +36,7 @@ public class SingleUserLoginModule implements LoginModule, AuthConstants { + ",dc=localhost,dc=localdomain"); Set principals = subject.getPrincipals(); principals.add(principal); - principals.add(new ImpliedByPrincipal(ROLE_ADMIN, principal)); + principals.add(new ImpliedByPrincipal(NodeConstants.ROLE_ADMIN, principal)); // Jackrabbit principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); return true; diff --git a/org.argeo.cms/src/org/argeo/cms/auth/ThreadDeathLoginException.java b/org.argeo.cms/src/org/argeo/cms/auth/ThreadDeathLoginException.java deleted file mode 100644 index fb49dc2be..000000000 --- a/org.argeo.cms/src/org/argeo/cms/auth/ThreadDeathLoginException.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.argeo.cms.auth; - -import javax.security.auth.login.LoginException; - -public class ThreadDeathLoginException extends LoginException { - private static final long serialVersionUID = 4359130889332276894L; - - private final ThreadDeath threadDeath; - - public ThreadDeathLoginException(String msg, ThreadDeath cause) { - this.threadDeath = cause; - } - - public ThreadDeath getThreadDeath() { - return threadDeath; - } -} \ No newline at end of file diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java index fa6f849af..3dfbc0ddb 100644 --- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java @@ -64,8 +64,8 @@ public class UserAdminLoginModule implements LoginModule, AuthConstants { callbackHandler.handle(new Callback[] { nameCallback, passwordCallback, langCallback }); } catch (IOException e) { throw new LoginException("Cannot handle callback: " + e.getMessage()); - } catch (ThreadDeath e) { - throw new ThreadDeathLoginException("Callbackhandler thread died", e); +// } catch (ThreadDeath e) { +// throw new ThreadDeathLoginException("Callbackhandler thread died", e); } catch (UnsupportedCallbackException e) { return false; } diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java index 00d0085d1..b042b3f9f 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/KernelLoginModule.java @@ -1,98 +1,82 @@ package org.argeo.cms.internal.auth; -import java.security.Principal; -import java.security.cert.CertPath; -import java.util.Map; -import java.util.Set; - -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.LoginException; -import javax.security.auth.spi.LoginModule; -import javax.security.auth.x500.X500Principal; -import javax.security.auth.x500.X500PrivateCredential; - -import org.apache.jackrabbit.core.security.SecurityConstants; -import org.apache.jackrabbit.core.security.principal.AdminPrincipal; -import org.argeo.cms.auth.AuthConstants; - -public class KernelLoginModule implements LoginModule { - private Subject subject; - - @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, - Map sharedState, Map options) { - this.subject = subject; - } - - @Override - public boolean login() throws LoginException { - // TODO check permission at code level ? - return true; - } - - @Override - public boolean commit() throws LoginException { - // Check that kernel has been logged in w/ certificate - // Name - Set names = subject.getPrincipals(X500Principal.class); - if (names.isEmpty() || names.size() > 1) { - // throw new LoginException("Kernel must have been named"); - // TODO set not hardened - subject.getPrincipals().add( - new X500Principal(AuthConstants.ROLE_KERNEL)); - } else { - X500Principal name = names.iterator().next(); - if (!AuthConstants.ROLE_KERNEL.equals(name.getName())) - throw new LoginException("Kernel must be named " - + AuthConstants.ROLE_KERNEL); - // Private certificate - Set privateCerts = subject - .getPrivateCredentials(X500PrivateCredential.class); - X500PrivateCredential privateCert = null; - for (X500PrivateCredential pCert : privateCerts) { - if (pCert.getCertificate().getSubjectX500Principal() - .equals(name)) { - privateCert = pCert; - } - } - if (privateCert == null) - throw new LoginException( - "Kernel must have a private certificate"); - // Certificate path - Set certPaths = subject - .getPublicCredentials(CertPath.class); - CertPath certPath = null; - for (CertPath cPath : certPaths) { - if (cPath.getCertificates().get(0) - .equals(privateCert.getCertificate())) { - certPath = cPath; - } - } - if (certPath == null) - throw new LoginException("Kernel must have a certificate path"); - } - Set principals = subject.getPrincipals(); - // Add admin roles - - // Add data access roles - principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); - - return true; - } - - @Override - public boolean abort() throws LoginException { - return true; - } - - @Override - public boolean logout() throws LoginException { - // clear everything - subject.getPrincipals().clear(); - subject.getPublicCredentials().clear(); - subject.getPrivateCredentials().clear(); - return true; - } +public class KernelLoginModule {//implements LoginModule { +// private Subject subject; +// +// @Override +// public void initialize(Subject subject, CallbackHandler callbackHandler, +// Map sharedState, Map options) { +// this.subject = subject; +// } +// +// @Override +// public boolean login() throws LoginException { +// // TODO check permission at code level ? +// return true; +// } +// +// @Override +// public boolean commit() throws LoginException { +// // Check that kernel has been logged in w/ certificate +// // Name +// Set names = subject.getPrincipals(X500Principal.class); +// if (names.isEmpty() || names.size() > 1) { +// // throw new LoginException("Kernel must have been named"); +// // TODO set not hardened +// subject.getPrincipals().add( +// new X500Principal(AuthConstants.ROLE_KERNEL)); +// } else { +// X500Principal name = names.iterator().next(); +// if (!AuthConstants.ROLE_KERNEL.equals(name.getName())) +// throw new LoginException("Kernel must be named " +// + AuthConstants.ROLE_KERNEL); +// // Private certificate +// Set privateCerts = subject +// .getPrivateCredentials(X500PrivateCredential.class); +// X500PrivateCredential privateCert = null; +// for (X500PrivateCredential pCert : privateCerts) { +// if (pCert.getCertificate().getSubjectX500Principal() +// .equals(name)) { +// privateCert = pCert; +// } +// } +// if (privateCert == null) +// throw new LoginException( +// "Kernel must have a private certificate"); +// // Certificate path +// Set certPaths = subject +// .getPublicCredentials(CertPath.class); +// CertPath certPath = null; +// for (CertPath cPath : certPaths) { +// if (cPath.getCertificates().get(0) +// .equals(privateCert.getCertificate())) { +// certPath = cPath; +// } +// } +// if (certPath == null) +// throw new LoginException("Kernel must have a certificate path"); +// } +// Set principals = subject.getPrincipals(); +// // Add admin roles +// +// // Add data access roles +// principals.add(new AdminPrincipal(SecurityConstants.ADMIN_ID)); +// +// return true; +// } +// +// @Override +// public boolean abort() throws LoginException { +// return true; +// } +// +// @Override +// public boolean logout() throws LoginException { +// // clear everything +// subject.getPrincipals().clear(); +// subject.getPublicCredentials().clear(); +// subject.getPrivateCredentials().clear(); +// return true; +// } } diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsState.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsState.java index 7ed19d20c..1d98772ed 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsState.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/CmsState.java @@ -19,7 +19,6 @@ import javax.transaction.UserTransaction; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.i18n.LocaleUtils; import org.argeo.node.NodeConstants; import org.argeo.node.NodeState; @@ -98,7 +97,7 @@ public class CmsState implements NodeState { bc.registerService(RepositoryFactory.class, repositoryFactory, null); // Security - NodeUserAdmin userAdmin = new NodeUserAdmin(AuthConstants.ROLES_BASEDN); + NodeUserAdmin userAdmin = new NodeUserAdmin(NodeConstants.ROLES_BASEDN); shutdownHooks.add(() -> userAdmin.destroy()); bc.registerService(ManagedServiceFactory.class, userAdmin, LangUtils.dico(Constants.SERVICE_PID, NodeConstants.NODE_USER_ADMIN_PID)); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java index e7d9460ce..a2202e309 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/DataHttp.java @@ -1,7 +1,5 @@ package org.argeo.cms.internal.kernel; -import static org.argeo.cms.auth.AuthConstants.LOGIN_CONTEXT_USER; - import java.io.IOException; import java.io.Serializable; import java.net.URL; @@ -32,7 +30,6 @@ import org.apache.jackrabbit.server.SessionProvider; import org.apache.jackrabbit.server.remoting.davex.JcrRemotingServlet; import org.apache.jackrabbit.webdav.simple.SimpleWebdavServlet; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.cms.auth.HttpRequestCallback; import org.argeo.cms.auth.HttpRequestCallbackHandler; import org.argeo.jcr.JcrUtils; @@ -147,7 +144,7 @@ class DataHttp implements KernelConstants { if (authorization == null) throw new CmsException("Not authenticated"); try { - LoginContext lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_USER, + LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)); lc.login(); return lc.getSubject(); @@ -197,7 +194,7 @@ class DataHttp implements KernelConstants { if (anonymous) { Subject subject = KernelUtils.anonymousLogin(); Authorization authorization = subject.getPrivateCredentials(Authorization.class).iterator().next(); - request.setAttribute(REMOTE_USER, AuthConstants.ROLE_ANONYMOUS); + request.setAttribute(REMOTE_USER, NodeConstants.ROLE_ANONYMOUS); request.setAttribute(AUTHORIZATION, authorization); return true; } @@ -205,13 +202,13 @@ class DataHttp implements KernelConstants { if (log.isTraceEnabled()) KernelUtils.logRequestHeaders(log, request); try { - new LoginContext(LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login(); + new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, new HttpRequestCallbackHandler(request)).login(); return true; } catch (CredentialNotFoundException e) { CallbackHandler token = basicAuth(request); if (token != null) { try { - LoginContext lc = new LoginContext(LOGIN_CONTEXT_USER, token); + LoginContext lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_USER, token); lc.login(); // Note: this is impossible to reliably clear the // authorization header when access from a browser. diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInitProperties.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInitProperties.java index b0af36366..a1c87cf6b 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInitProperties.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInitProperties.java @@ -15,9 +15,7 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.node.NodeConstants; -import org.argeo.node.RepoConf; import org.argeo.osgi.useradmin.UserAdminConf; import org.eclipse.equinox.http.jetty.JettyConstants; @@ -83,7 +81,7 @@ class FirstInitProperties { // node roles String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI); - String baseNodeRoleDn = AuthConstants.ROLES_BASEDN; + String baseNodeRoleDn = NodeConstants.ROLES_BASEDN; if (nodeRolesUri == null) { File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif"); if (!nodeRolesFile.exists()) diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java index 237f16fb3..aac2a3d9e 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java @@ -16,7 +16,6 @@ import javax.security.auth.login.LoginContext; import org.apache.jackrabbit.core.security.SecurityConstants; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.jcr.JcrRepositoryWrapper; import org.argeo.jcr.JcrUtils; import org.argeo.node.ArgeoNames; @@ -38,7 +37,7 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { setRepository(repository); LoginContext lc; try { - lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_DATA_ADMIN); + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN); lc.login(); } catch (javax.security.auth.login.LoginException e1) { throw new CmsException("Cannot login as systrem", e1); @@ -85,10 +84,10 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { String username = session.getUserID(); if (username == null) return; - if (session.getUserID().equals(AuthConstants.ROLE_ANONYMOUS)) - return; - if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) + if (session.getUserID().equals(NodeConstants.ROLE_ANONYMOUS)) return; +// if (session.getUserID().equals(AuthConstants.ROLE_KERNEL)) +// return; if (session.getUserID().equals(SecurityConstants.ADMIN_ID)) return; @@ -115,9 +114,9 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants { adminSession.save(); JcrUtils.addPrivilege(adminSession, homeBasePath, - AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); + NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_READ); JcrUtils.addPrivilege(adminSession, peopleBasePath, - AuthConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); + NodeConstants.ROLE_USER_ADMIN, Privilege.JCR_ALL); adminSession.save(); } catch (RepositoryException e) { throw new CmsException("Cannot initialize node user admin", e); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java index 9c480647d..8d3044013 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java @@ -26,7 +26,6 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.argeo.cms.CmsException; -import org.argeo.cms.auth.AuthConstants; import org.argeo.node.NodeConstants; import org.osgi.framework.Bundle; import org.osgi.framework.BundleContext; @@ -117,7 +116,7 @@ class KernelUtils implements KernelConstants { Subject subject = new Subject(); LoginContext lc; try { - lc = new LoginContext(AuthConstants.LOGIN_CONTEXT_ANONYMOUS, subject); + lc = new LoginContext(NodeConstants.LOGIN_CONTEXT_ANONYMOUS, subject); lc.login(); return subject; } catch (LoginException e) { @@ -162,7 +161,7 @@ class KernelUtils implements KernelConstants { Thread.currentThread().setContextClassLoader(KernelUtils.class.getClassLoader()); LoginContext loginContext; try { - loginContext = new LoginContext(AuthConstants.LOGIN_CONTEXT_DATA_ADMIN); + loginContext = new LoginContext(NodeConstants.LOGIN_CONTEXT_DATA_ADMIN); loginContext.login(); } catch (LoginException e1) { throw new CmsException("Could not login as data admin", e1); @@ -241,7 +240,7 @@ class KernelUtils implements KernelConstants { // if (log.isTraceEnabled()) // log.trace(userId + " : " + node.getPath()); StringBuilder buf = new StringBuilder(); - boolean isAnonymous = userId.equalsIgnoreCase(AuthConstants.ROLE_ANONYMOUS); + boolean isAnonymous = userId.equalsIgnoreCase(NodeConstants.ROLE_ANONYMOUS); if (isAnonymous) buf.append(WEBDAV_PUBLIC); else diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeDeployConfig.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeDeployConfig.java index 3cfb8db91..2f4af2eae 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeDeployConfig.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeDeployConfig.java @@ -22,7 +22,6 @@ import org.argeo.naming.AttributesDictionary; import org.argeo.naming.LdifParser; import org.argeo.naming.LdifWriter; import org.argeo.node.NodeConstants; -import org.argeo.node.RepoConf; class NodeDeployConfig { private final String BASE = "ou=deploy,ou=node"; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index 94579be18..d887e92f8 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -24,6 +24,7 @@ import org.argeo.cms.CmsException; import org.argeo.cms.auth.AuthConstants; /** Low-level kernel security */ +@Deprecated class NodeSecurity implements KernelConstants { private final static Log log = LogFactory.getLog(NodeSecurity.class); @@ -77,7 +78,7 @@ class NodeSecurity implements KernelConstants { @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { // alias - ((NameCallback) callbacks[1]).setName(AuthConstants.ROLE_KERNEL); +// ((NameCallback) callbacks[1]).setName(AuthConstants.ROLE_KERNEL); // store pwd ((PasswordCallback) callbacks[2]).setPassword("changeit".toCharArray()); // key pwd @@ -137,8 +138,8 @@ class NodeSecurity implements KernelConstants { try { keyStoreFile.getParentFile().mkdirs(); KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd); - PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal(AuthConstants.ROLE_KERNEL), 1024, - keyPwd); +// PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal(AuthConstants.ROLE_KERNEL), 1024, +// keyPwd); PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore); if (log.isDebugEnabled()) log.debug("Created keystore " + keyStoreFile); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepoConf.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepoConf.java new file mode 100644 index 000000000..b039db590 --- /dev/null +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepoConf.java @@ -0,0 +1,67 @@ +package org.argeo.cms.internal.kernel; + +import org.argeo.osgi.metatype.EnumAD; +import org.argeo.osgi.metatype.EnumOCD; + +/** JCR repository configuration */ +enum RepoConf implements EnumAD { + /** Repository type */ + type("localfs"), + /** Default workspace */ + @Deprecated defaultWorkspace("main"), + /** Database URL */ + dburl(null), + /** Database user */ + dbuser(null), + /** Database password */ + dbpassword(null), + + /** The identifier (can be an URL locating the repo) */ + labeledUri(null), + // + // JACKRABBIT SPECIFIC + // + /** Maximum database pool size */ + maxPoolSize(10), + /** Maximum cache size in MB */ + @Deprecated maxCacheMB(null), + /** Bundle cache size in MB */ + bundleCacheMB(8), + /** Extractor pool size */ + extractorPoolSize(0), + /** Search cache size */ + searchCacheSize(1000), + /** Max volatile index size */ + maxVolatileIndexSize(1048576); + + /** The default value. */ + private Object def; + private String oid; + + RepoConf(String oid, Object def) { + this.oid = oid; + this.def = def; + } + + RepoConf(Object def) { + this.def = def; + } + + public Object getDefault() { + return def; + } + + @Override + public String getID() { + if (oid != null) + return oid; + return EnumAD.super.getID(); + } + + public static class OCD extends EnumOCD { + public OCD(String locale) { + super(RepoConf.class, locale); + } + } + +} diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepositoryBuilder.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepositoryBuilder.java index 0fc028f49..9bd81211e 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepositoryBuilder.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/RepositoryBuilder.java @@ -26,7 +26,6 @@ import org.apache.jackrabbit.core.config.RepositoryConfigurationParser; import org.argeo.cms.CmsException; import org.argeo.jcr.ArgeoJcrException; import org.argeo.node.NodeConstants; -import org.argeo.node.RepoConf; import org.xml.sax.InputSource; /** Can interpret properties in order to create an actual JCR repository. */ diff --git a/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumAD.java b/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumAD.java new file mode 100644 index 000000000..83b61e459 --- /dev/null +++ b/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumAD.java @@ -0,0 +1,59 @@ +package org.argeo.osgi.metatype; + +import org.osgi.service.metatype.AttributeDefinition; + +public interface EnumAD extends AttributeDefinition { + String name(); + + default Object getDefault() { + return null; + } + + @Override + default String getName() { + return name(); + } + + @Override + default String getID() { + return getClass().getName() + "." + name(); + } + + @Override + default String getDescription() { + return null; + } + + @Override + default int getCardinality() { + return 0; + } + + @Override + default int getType() { + return STRING; + } + + @Override + default String[] getOptionValues() { + return null; + } + + @Override + default String[] getOptionLabels() { + return null; + } + + @Override + default String validate(String value) { + return null; + } + + @Override + default String[] getDefaultValue() { + Object value = getDefault(); + if (value == null) + return null; + return new String[] { value.toString() }; + } +} diff --git a/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumOCD.java b/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumOCD.java new file mode 100644 index 000000000..97c7d56e1 --- /dev/null +++ b/org.argeo.enterprise/src/org/argeo/osgi/metatype/EnumOCD.java @@ -0,0 +1,54 @@ +package org.argeo.osgi.metatype; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.EnumSet; +import java.util.List; + +import org.osgi.service.metatype.AttributeDefinition; +import org.osgi.service.metatype.ObjectClassDefinition; + +public class EnumOCD> implements ObjectClassDefinition { + private final Class enumClass; + private String locale; + + public EnumOCD(Class clazz, String locale) { + this.enumClass = clazz; + this.locale = locale; + } + + @Override + public String getName() { + return null; + } + + public String getLocale() { + return locale; + } + + @Override + public String getID() { + return enumClass.getName(); + } + + @Override + public String getDescription() { + return null; + } + + @Override + public AttributeDefinition[] getAttributeDefinitions(int filter) { + EnumSet set = EnumSet.allOf(enumClass); + List attrs = new ArrayList<>(); + for (T key : set) + attrs.add((AttributeDefinition) key); + return attrs.toArray(new AttributeDefinition[attrs.size()]); + } + + @Override + public InputStream getIcon(int size) throws IOException { + return null; + } + +} diff --git a/org.argeo.node.api/src/org/argeo/node/EnumAD.java b/org.argeo.node.api/src/org/argeo/node/EnumAD.java deleted file mode 100644 index 1ee6d39f0..000000000 --- a/org.argeo.node.api/src/org/argeo/node/EnumAD.java +++ /dev/null @@ -1,59 +0,0 @@ -package org.argeo.node; - -import org.osgi.service.metatype.AttributeDefinition; - -interface EnumAD extends AttributeDefinition { - String name(); - - default Object getDefault() { - return null; - } - - @Override - default String getName() { - return name(); - } - - @Override - default String getID() { - return getClass().getName() + "." + name(); - } - - @Override - default String getDescription() { - return null; - } - - @Override - default int getCardinality() { - return 0; - } - - @Override - default int getType() { - return STRING; - } - - @Override - default String[] getOptionValues() { - return null; - } - - @Override - default String[] getOptionLabels() { - return null; - } - - @Override - default String validate(String value) { - return null; - } - - @Override - default String[] getDefaultValue() { - Object value = getDefault(); - if (value == null) - return null; - return new String[] { value.toString() }; - } -} diff --git a/org.argeo.node.api/src/org/argeo/node/EnumOCD.java b/org.argeo.node.api/src/org/argeo/node/EnumOCD.java deleted file mode 100644 index c5a191ee9..000000000 --- a/org.argeo.node.api/src/org/argeo/node/EnumOCD.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.argeo.node; - -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.EnumSet; -import java.util.List; - -import org.osgi.service.metatype.AttributeDefinition; -import org.osgi.service.metatype.ObjectClassDefinition; - -class EnumOCD> implements ObjectClassDefinition { - private final Class enumClass; - private String locale; - - public EnumOCD(Class clazz, String locale) { - this.enumClass = clazz; - this.locale = locale; - } - - @Override - public String getName() { - return null; - } - - public String getLocale() { - return locale; - } - - @Override - public String getID() { - return enumClass.getName(); - } - - @Override - public String getDescription() { - return null; - } - - @Override - public AttributeDefinition[] getAttributeDefinitions(int filter) { - EnumSet set = EnumSet.allOf(enumClass); - List attrs = new ArrayList<>(); - for (T key : set) - attrs.add((AttributeDefinition) key); - return attrs.toArray(new AttributeDefinition[attrs.size()]); - } - - @Override - public InputStream getIcon(int size) throws IOException { - return null; - } - -} diff --git a/org.argeo.node.api/src/org/argeo/node/NodeConstants.java b/org.argeo.node.api/src/org/argeo/node/NodeConstants.java index be31a2638..2bb6d06ef 100644 --- a/org.argeo.node.api/src/org/argeo/node/NodeConstants.java +++ b/org.argeo.node.api/src/org/argeo/node/NodeConstants.java @@ -49,13 +49,32 @@ public interface NodeConstants { * STANDARD VALUES */ String DEFAULT = "default"; + + /* + * RESERVED ROLES + */ + String ROLES_BASEDN = "ou=roles,ou=node"; + String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN; + String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN; + // Special system groups that cannot be edited: + // user U anonymous = everyone + String ROLE_USER = "cn=user," + ROLES_BASEDN; + String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN; + + /* + * LOGIN CONTEXTS + */ + String LOGIN_CONTEXT_USER = "USER"; + String LOGIN_CONTEXT_ANONYMOUS = "ANONYMOUS"; + String LOGIN_CONTEXT_DATA_ADMIN = "DATA_ADMIN"; + String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER"; + /* * LEGACY */ String ARGEO_BASE_PATH = "/argeo:system"; String PEOPLE_BASE_PATH = NodeConstants.ARGEO_BASE_PATH + "/argeo:people"; - String DATA_MODELS_BASE_PATH = NodeConstants.ARGEO_BASE_PATH - + "/argeo:dataModels"; + String DATA_MODELS_BASE_PATH = NodeConstants.ARGEO_BASE_PATH + "/argeo:dataModels"; String ALIAS_HOME = "home"; // standard aliases /** diff --git a/org.argeo.node.api/src/org/argeo/node/RepoConf.java b/org.argeo.node.api/src/org/argeo/node/RepoConf.java deleted file mode 100644 index be4f6f7f7..000000000 --- a/org.argeo.node.api/src/org/argeo/node/RepoConf.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.argeo.node; - -/** JCR repository configuration */ -public enum RepoConf implements EnumAD { - /** Repository type */ - type("localfs"), - /** Default workspace */ - @Deprecated - defaultWorkspace("main"), - /** Database URL */ - dburl(null), - /** Database user */ - dbuser(null), - /** Database password */ - dbpassword(null), - - /** The identifier (can be an URL locating the repo) */ - labeledUri(null), - // - // JACKRABBIT SPECIFIC - // - /** Maximum database pool size */ - maxPoolSize(10), - /** Maximum cache size in MB */ - @Deprecated - maxCacheMB(null), - /** Bundle cache size in MB */ - bundleCacheMB(8), - /** Extractor pool size */ - extractorPoolSize(0), - /** Search cache size */ - searchCacheSize(1000), - /** Max volatile index size */ - maxVolatileIndexSize(1048576); - - /** The default value. */ - private Object def; - private String oid; - - RepoConf(String oid, Object def) { - this.oid = oid; - this.def = def; - } - - RepoConf(Object def) { - this.def = def; - } - - public Object getDefault() { - return def; - } - - @Override - public String getID() { - if (oid != null) - return oid; - return EnumAD.super.getID(); - } - - public static class OCD extends EnumOCD { - public OCD(String locale) { - super(RepoConf.class, locale); - } - } - -}