1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.core.Content;
38 import info.magnolia.cms.core.HierarchyManager;
39 import info.magnolia.cms.core.ItemType;
40 import info.magnolia.cms.core.NodeData;
41 import info.magnolia.cms.core.Path;
42 import info.magnolia.cms.util.NodeDataUtil;
43 import info.magnolia.cms.util.SystemContentWrapper;
44
45 import org.apache.commons.codec.binary.Base64;
46 import org.apache.commons.lang.StringUtils;
47 import org.apache.commons.lang.exception.ExceptionUtils;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
50
51 import javax.jcr.ItemNotFoundException;
52 import javax.jcr.PathNotFoundException;
53 import javax.jcr.PropertyType;
54 import javax.jcr.RepositoryException;
55 import java.io.Serializable;
56 import java.util.Collection;
57 import java.util.GregorianCalendar;
58 import java.util.Set;
59 import java.util.TreeSet;
60
61
62
63
64
65
66
67 public class MgnlUser extends AbstractUser implements Serializable {
68
69 private static final long serialVersionUID = 222L;
70
71 private static final Logger log = LoggerFactory.getLogger(MgnlUser.class);
72
73
74
75
76 private static final String NODE_ROLES = "roles";
77
78 private static final String NODE_GROUPS = "groups";
79
80
81
82
83 private static final Object mutex = new Object();
84
85
86 private final SystemContentWrapper userNode;
87
88
89
90
91 protected MgnlUser(Content userNode) {
92 this.userNode = new SystemContentWrapper(userNode);
93 }
94
95
96
97
98
99
100 public boolean inGroup(String groupName) {
101 return this.hasAny(groupName, NODE_GROUPS);
102 }
103
104
105
106
107
108 public void removeGroup(String groupName) throws UnsupportedOperationException {
109 this.remove(groupName, NODE_GROUPS);
110 }
111
112
113
114
115
116 public void addGroup(String groupName) throws UnsupportedOperationException {
117 this.add(groupName, NODE_GROUPS);
118 }
119
120 public boolean isEnabled() {
121 return NodeDataUtil.getBoolean(getUserNode(), "enabled", true);
122 }
123
124 public void setEnabled(boolean enabled) {
125 try {
126 NodeDataUtil.getOrCreateAndSet(getUserNode(), "enabled", enabled);
127 getUserNode().save();
128 } catch (RepositoryException e) {
129 throw new RuntimeException(e);
130 }
131 }
132
133
134
135
136
137
138 public boolean hasRole(String roleName) {
139 return this.hasAny(roleName, NODE_ROLES);
140 }
141
142 public void removeRole(String roleName) {
143 this.remove(roleName, NODE_ROLES);
144 }
145
146
147
148
149
150 public void addRole(String roleName) {
151 this.add(roleName, NODE_ROLES);
152 }
153
154
155
156
157
158
159 private boolean hasAny(String name, String nodeName) {
160 try {
161 HierarchyManager hm;
162 if (StringUtils.equalsIgnoreCase(nodeName, NODE_ROLES)) {
163 hm = MgnlSecurityUtil.getSystemHierarchyManager(ContentRepository.USER_ROLES);
164 }
165 else {
166 hm = MgnlSecurityUtil.getSystemHierarchyManager(ContentRepository.USER_GROUPS);
167 }
168
169 Content node = this.getUserNode().getContent(nodeName);
170 for (NodeData nodeData : node.getNodeDataCollection()) {
171
172 try {
173 if (hm.getContentByUUID(nodeData.getString()).getName().equalsIgnoreCase(name)) {
174 return true;
175 }
176 }
177 catch (ItemNotFoundException e) {
178 log.debug("Role [{}] does not exist in the ROLES repository", name);
179 }
180 catch (IllegalArgumentException e) {
181 log.debug("{} has invalid value", nodeData.getHandle());
182 }
183 }
184 }
185 catch (RepositoryException e) {
186 log.debug(e.getMessage(), e);
187 }
188 return false;
189 }
190
191
192
193
194
195
196 private void remove(String name, String nodeName) {
197 try {
198 HierarchyManager hm;
199 if (StringUtils.equalsIgnoreCase(nodeName, NODE_ROLES)) {
200 hm = MgnlSecurityUtil.getContextHierarchyManager(ContentRepository.USER_ROLES);
201 }
202 else {
203 hm = MgnlSecurityUtil.getContextHierarchyManager(ContentRepository.USER_GROUPS);
204 }
205 Content node = this.getUserNode().getContent(nodeName);
206
207 for (NodeData nodeData : node.getNodeDataCollection()) {
208
209 try {
210 if (hm.getContentByUUID(nodeData.getString()).getName().equalsIgnoreCase(name)) {
211 nodeData.delete();
212 }
213 }
214 catch (ItemNotFoundException e) {
215 log.debug("Role [{}] does not exist in the ROLES repository", name);
216 }
217 catch (IllegalArgumentException e) {
218 log.debug("{} has invalid value", nodeData.getHandle());
219 }
220 }
221 this.getUserNode().save();
222 }
223 catch (RepositoryException e) {
224 log.error("failed to remove " + name + " from user [" + this.getName() + "]", e);
225 }
226 }
227
228
229
230
231 private void add(String name, String nodeName) {
232 try {
233 final String hmName;
234 if (StringUtils.equalsIgnoreCase(nodeName, NODE_ROLES)) {
235 hmName = ContentRepository.USER_ROLES;
236 }
237 else {
238 hmName = ContentRepository.USER_GROUPS;
239 }
240 final HierarchyManager hm = MgnlSecurityUtil.getContextHierarchyManager(hmName);
241
242 if (!this.hasAny(name, nodeName)) {
243 if (!this.getUserNode().hasContent(nodeName)) {
244 this.getUserNode().createContent(nodeName, ItemType.CONTENTNODE);
245 }
246 Content node = this.getUserNode().getContent(nodeName);
247
248 try {
249 String value = hm.getContent("/" + name).getUUID();
250
251 HierarchyManager usersHM = MgnlSecurityUtil.getSystemHierarchyManager(ContentRepository.USERS);
252 String newName = Path.getUniqueLabel(usersHM, node.getHandle(), "0");
253 node.createNodeData(newName).setValue(value);
254 this.getUserNode().save();
255 }
256 catch (PathNotFoundException e) {
257 log.debug("[{}] does not exist in the {} repository", name, hmName);
258 }
259 }
260 }
261 catch (RepositoryException e) {
262 log.error("failed to add " + name + " to user [" + this.getName() + "]", e);
263 }
264 }
265
266
267
268
269
270 public String getName() {
271 return this.getUserNode().getName();
272 }
273
274
275
276
277
278 public String getPassword() {
279 final String encodedPassword = this.getUserNode().getNodeData("pswd").getString().trim();
280 return decodePassword(encodedPassword);
281 }
282
283 protected String decodePassword(String encodedPassword) {
284 return new String(Base64.decodeBase64(encodedPassword.getBytes()));
285 }
286
287
288
289
290 public String getLanguage() {
291 return this.getUserNode().getNodeData("language").getString();
292 }
293
294 public String getProperty(String propertyName) {
295 return NodeDataUtil.getString(getUserNode(), propertyName, null);
296 }
297
298 public void setProperty(String propertyName, String value) {
299 try {
300 NodeDataUtil.getOrCreateAndSet(getUserNode(), propertyName, value);
301 getUserNode().save();
302 } catch (RepositoryException e) {
303 throw new RuntimeException(e);
304 }
305 }
306
307 public Collection<String> getGroups() {
308 return MgnlSecurityUtil.collectPropertyNames(getUserNode(), "groups", ContentRepository.USER_GROUPS, false);
309 }
310
311 public Collection<String> getAllGroups() {
312 final Set<String> allGroups = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
313 try {
314
315 final Collection<String> groups = getGroups();
316 allGroups.addAll(groups);
317
318
319 final GroupManager gm = SecuritySupport.Factory.getInstance().getGroupManager();
320 for (String groupName : groups) {
321 final Group g = gm.getGroup(groupName);
322 allGroups.addAll(g.getAllGroups());
323 }
324
325 return allGroups;
326 } catch (AccessDeniedException e) {
327 throw new RuntimeException(e);
328 }
329 }
330
331 public Collection<String> getRoles() {
332 return MgnlSecurityUtil.collectPropertyNames(getUserNode(), "roles", ContentRepository.USER_ROLES, false);
333 }
334
335 public Collection<String> getAllRoles() {
336 final Set<String> allRoles = new TreeSet<String>(String.CASE_INSENSITIVE_ORDER);
337 try {
338
339 allRoles.addAll(getRoles());
340
341
342 final GroupManager gm = SecuritySupport.Factory.getInstance().getGroupManager();
343 final Collection<String> allGroups = getAllGroups();
344 for (String groupName : allGroups) {
345 final Group g = gm.getGroup(groupName);
346 allRoles.addAll(g.getRoles());
347 }
348
349 return allRoles;
350 } catch (AccessDeniedException e) {
351 throw new RuntimeException(e);
352 }
353 }
354
355
356
357
358 public void setLastAccess() {
359 NodeData lastaccess;
360 Exception finalException = null;
361 boolean success = false;
362
363 for(int i= 1; !success && i <=3; i++){
364 finalException = null;
365 try {
366
367 synchronized (mutex) {
368
369 if(i>1){
370 getUserNode().refresh(false);
371 }
372 lastaccess = NodeDataUtil.getOrCreate(this.getUserNode(), "lastaccess", PropertyType.DATE);
373 lastaccess.setValue(new GregorianCalendar());
374 getUserNode().save();
375 success = true;
376 }
377 }
378 catch (RepositoryException e) {
379 finalException = e;
380 log.debug("Unable to set the last access", e);
381 }
382 }
383 if(finalException != null){
384 log.warn("Unable to set the last access date due to a " + ExceptionUtils.getMessage(finalException));
385 }
386 }
387
388 public Content getUserNode() {
389 return userNode;
390 }
391 }