org.apache.jackrabbit.core.security.user
Class UserManagerImpl

java.lang.Object
  extended by org.apache.jackrabbit.core.ProtectedItemModifier
      extended by org.apache.jackrabbit.core.security.user.UserManagerImpl
All Implemented Interfaces:
UserManager, SessionListener
Direct Known Subclasses:
UserPerWorkspaceUserManager

public class UserManagerImpl
extends ProtectedItemModifier
implements UserManager, SessionListener

Default implementation of the UserManager interface with the following characteristics:

The built-in logic applies the following rules: Examples: Creating an non-existing user with ID 'aSmith' without specifying an intermediate path would result in the following structure:
 + rep:security            [nt:unstructured]
   + rep:authorizables     [rep:AuthorizableFolder]
     + rep:users           [rep:AuthorizableFolder]
       + a                 [rep:AuthorizableFolder]
         + aS              [rep:AuthorizableFolder]
           + aSmith        [rep:User]
 
Creating a non-existing user with ID 'aSmith' specifying an intermediate path 'some/tree' would result in the following structure:
 + rep:security            [nt:unstructured]
   + rep:authorizables     [rep:AuthorizableFolder]
     + rep:users           [rep:AuthorizableFolder]
       + some              [rep:AuthorizableFolder]
         + tree            [rep:AuthorizableFolder]
           + aSmith        [rep:User]
 
This UserManager is able to handle the following configuration options:


Field Summary
static String AUTHORIZABLES_PATH
           
static String GROUP_ADMIN_GROUP_NAME
          Configuration key and default value for the the name of the 'GroupAdmin' group-principal
static String GROUPS_PATH
           
static Name MIX_REP_IMPERSONATABLE
           
static NameFactory NF
           
static Name NT_REP_AUTHORIZABLE
           
static Name NT_REP_AUTHORIZABLE_FOLDER
           
static Name NT_REP_GROUP
           
static Name NT_REP_USER
           
static Name P_GROUPS
          Deprecated. As of 2.0 group membership is stored with the group node.
static Name P_IMPERSONATORS
          Name of the user property containing the principal names of those allowed to impersonate.
static Name P_MEMBERS
           
static Name P_PASSWORD
           
static Name P_PRINCIPAL_NAME
           
static Name P_USERID
          Deprecated. As of 2.0 the id-hash is stored with the jcr:uuid making the rep:userId property redundant. It has been removed from the node type definition.
static String PARAM_AUTO_EXPAND_SIZE
          This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is enabled.
The default value is 1000.
static String PARAM_AUTO_EXPAND_TREE
          If this parameter is present and its value is true, the trees containing user and group nodes will automatically created additional hierarchy levels if the number of nodes on a given level exceeds the maximal allowed size.
static String PARAM_COMPATIBILE_JR16
          Flag to enable a minimal backwards compatibility with Jackrabbit < v2.0
If the param is present and its value is true looking up authorizables by ID will use the NodeResolver if not found otherwise.
If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more.
By default this option is disabled.
static String PARAM_DEFAULT_DEPTH
          Parameter used to change the number of levels that are used by default store authorizable nodes.
The default number of levels is 2.
static String PARAM_GROUPS_PATH
          Configuration option to change the default path for creating groups.
static String PARAM_USERS_PATH
          Configuration option to change the default path for creating users.
static String SECURITY_ROOT_PATH
          root-path to security related content e.g.
static String USER_ADMIN_GROUP_NAME
          Configuration key and default value for the the name of the 'UserAdmin' group-principal.
static String USERS_PATH
           
 
Fields inherited from interface org.apache.jackrabbit.api.security.user.UserManager
SEARCH_TYPE_AUTHORIZABLE, SEARCH_TYPE_GROUP, SEARCH_TYPE_USER
 
Constructor Summary
UserManagerImpl(SessionImpl session, String adminId)
          Create a new UserManager with the default configuration.
UserManagerImpl(SessionImpl session, String adminId, Properties config)
          Create a new UserManager for the given session.
 
Method Summary
 void autoSave(boolean enable)
          Always throws unsupportedRepositoryOperationException as modification of the autosave behavior is not supported.
 Group createGroup(Principal principal)
          Same as createGroup(java.security.Principal, String ) where the intermediate path is null.
 Group createGroup(Principal principal, String intermediatePath)
          Create a new Group from the given principal.
 User createUser(String userID, String password)
          Creates an User for the given userID / password pair; neither of the specified parameters can be null.
Same as UserManager.createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.
 User createUser(String userID, String password, Principal principal, String intermediatePath)
          Creates an User for the given parameters.
protected  Group doCreateGroup(NodeImpl node)
          Build the group object from the given group node.
protected  User doCreateUser(NodeImpl node)
          Build the user object from the given user node.
 Iterator<Authorizable> findAuthorizables(String propertyName, String value)
          Returns all Authorizables that have property with the given name and that Property equals the given value.
 Iterator<Authorizable> findAuthorizables(String propertyName, String value, int searchType)
          Returns all Authorizables that have property with the given name and that Property equals the given value.
 Authorizable getAuthorizable(Principal principal)
          Get the Authorizable by its main Principal.
 Authorizable getAuthorizable(String id)
          Get the Authorizable by its id.
 String getGroupsPath()
          Implementation specific methods releaving where groups are created within the content.
 String getUsersPath()
          Implementation specific methods releaving where users are created within the content.
 boolean isAutoSave()
          Always returns true as by default the autoSave behavior cannot be altered (see also autoSave(boolean).
 void loggedOut(SessionImpl session)
          Called when a Session has been 'closed' by calling Session.logout()
 void loggingOut(SessionImpl session)
          Called when a Session is about to be 'closed' by calling Session.logout()
 
Methods inherited from class org.apache.jackrabbit.core.ProtectedItemModifier
addNode, addNode, markModified, removeItem, setProperty, setProperty, setProperty, setProperty
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PARAM_USERS_PATH

public static final String PARAM_USERS_PATH
Configuration option to change the default path for creating users.

See Also:
Constant Field Values

PARAM_GROUPS_PATH

public static final String PARAM_GROUPS_PATH
Configuration option to change the default path for creating groups.

See Also:
Constant Field Values

PARAM_COMPATIBILE_JR16

public static final String PARAM_COMPATIBILE_JR16
Flag to enable a minimal backwards compatibility with Jackrabbit < v2.0
If the param is present and its value is true looking up authorizables by ID will use the NodeResolver if not found otherwise.
If the parameter is missing (or false) users and groups created with a Jackrabbit repository < v2.0 will not be found any more.
By default this option is disabled.

See Also:
Constant Field Values

PARAM_DEFAULT_DEPTH

public static final String PARAM_DEFAULT_DEPTH
Parameter used to change the number of levels that are used by default store authorizable nodes.
The default number of levels is 2.

NOTE: Changing the default depth once users and groups have been created in the repository will cause inconsistencies, due to the fact that the resolution of ID to an authorizable relies on the structure defined by the default depth.
It is recommended to remove all authorizable nodes that will not be reachable any more, before this config option is changed.

See Also:
Constant Field Values

PARAM_AUTO_EXPAND_TREE

public static final String PARAM_AUTO_EXPAND_TREE
If this parameter is present and its value is true, the trees containing user and group nodes will automatically created additional hierarchy levels if the number of nodes on a given level exceeds the maximal allowed size.
By default this option is disabled.

See Also:
Constant Field Values

PARAM_AUTO_EXPAND_SIZE

public static final String PARAM_AUTO_EXPAND_SIZE
This parameter only takes effect if PARAM_AUTO_EXPAND_TREE is enabled.
The default value is 1000.

See Also:
Constant Field Values

NF

public static final NameFactory NF

SECURITY_ROOT_PATH

public static final String SECURITY_ROOT_PATH
root-path to security related content e.g. principals

See Also:
Constant Field Values

AUTHORIZABLES_PATH

public static final String AUTHORIZABLES_PATH
See Also:
Constant Field Values

USERS_PATH

public static final String USERS_PATH
See Also:
Constant Field Values

GROUPS_PATH

public static final String GROUPS_PATH
See Also:
Constant Field Values

USER_ADMIN_GROUP_NAME

public static final String USER_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'UserAdmin' group-principal.

See Also:
Constant Field Values

GROUP_ADMIN_GROUP_NAME

public static final String GROUP_ADMIN_GROUP_NAME
Configuration key and default value for the the name of the 'GroupAdmin' group-principal

See Also:
Constant Field Values

P_PRINCIPAL_NAME

public static final Name P_PRINCIPAL_NAME

P_USERID

public static final Name P_USERID
Deprecated. As of 2.0 the id-hash is stored with the jcr:uuid making the rep:userId property redundant. It has been removed from the node type definition.

P_PASSWORD

public static final Name P_PASSWORD

P_GROUPS

public static final Name P_GROUPS
Deprecated. As of 2.0 group membership is stored with the group node.
See Also:
P_MEMBERS

P_MEMBERS

public static final Name P_MEMBERS

P_IMPERSONATORS

public static final Name P_IMPERSONATORS
Name of the user property containing the principal names of those allowed to impersonate.


NT_REP_AUTHORIZABLE

public static final Name NT_REP_AUTHORIZABLE

NT_REP_AUTHORIZABLE_FOLDER

public static final Name NT_REP_AUTHORIZABLE_FOLDER

NT_REP_USER

public static final Name NT_REP_USER

NT_REP_GROUP

public static final Name NT_REP_GROUP

MIX_REP_IMPERSONATABLE

public static final Name MIX_REP_IMPERSONATABLE
Constructor Detail

UserManagerImpl

public UserManagerImpl(SessionImpl session,
                       String adminId)
                throws RepositoryException
Create a new UserManager with the default configuration.

Parameters:
session - The editing/reading session.
adminId - The user ID of the administrator.
Throws:
RepositoryException - If an error occurs.

UserManagerImpl

public UserManagerImpl(SessionImpl session,
                       String adminId,
                       Properties config)
                throws RepositoryException
Create a new UserManager for the given session. Currently the following configuration options are respected: See the overall introduction for details.

Parameters:
session - The editing/reading session.
adminId - The user ID of the administrator.
config - The configuration parameters.
Throws:
RepositoryException - If an error occurs.
Method Detail

getUsersPath

public String getUsersPath()
Implementation specific methods releaving where users are created within the content.

Returns:
root path for user content.
See Also:
For the corresponding configuration parameter.

getGroupsPath

public String getGroupsPath()
Implementation specific methods releaving where groups are created within the content.

Returns:
root path for group content.
See Also:
For the corresponding configuration parameter.

getAuthorizable

public Authorizable getAuthorizable(String id)
                             throws RepositoryException
Description copied from interface: UserManager
Get the Authorizable by its id.

Specified by:
getAuthorizable in interface UserManager
Parameters:
id - The user or group id.
Returns:
Authorizable or null, if not present.
Throws:
RepositoryException - If an error occurs.
See Also:
UserManager.getAuthorizable(String)

getAuthorizable

public Authorizable getAuthorizable(Principal principal)
                             throws RepositoryException
Description copied from interface: UserManager
Get the Authorizable by its main Principal.

Specified by:
getAuthorizable in interface UserManager
Returns:
Authorizable or null, if not present.
Throws:
RepositoryException - If an error occurs.
See Also:
UserManager.getAuthorizable(Principal)

findAuthorizables

public Iterator<Authorizable> findAuthorizables(String propertyName,
                                                String value)
                                         throws RepositoryException
Description copied from interface: UserManager
Returns all Authorizables that have property with the given name and that Property equals the given value.

Specified by:
findAuthorizables in interface UserManager
Returns:
All Authorizables that have a property with the given name exactly matching the given value.
Throws:
RepositoryException - If an error occurs.
See Also:
UserManager.findAuthorizables(String,String)

findAuthorizables

public Iterator<Authorizable> findAuthorizables(String propertyName,
                                                String value,
                                                int searchType)
                                         throws RepositoryException
Description copied from interface: UserManager
Returns all Authorizables that have property with the given name and that Property equals the given value. In contrast to UserManager.findAuthorizables(String, String) the type of authorizable is respected while executing the search.

Specified by:
findAuthorizables in interface UserManager
searchType - Any of the following constants:
Returns:
An iterator of Authorizable.
Throws:
RepositoryException - If an error occurs.
See Also:
UserManager.findAuthorizables(String,String, int)

createUser

public User createUser(String userID,
                       String password)
                throws RepositoryException
Description copied from interface: UserManager
Creates an User for the given userID / password pair; neither of the specified parameters can be null.
Same as UserManager.createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.

Specified by:
createUser in interface UserManager
Parameters:
userID - The id of the new user.
password - The initial password of this user.
Returns:
The new User.
Throws:
AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.
RepositoryException - If another error occurs.
See Also:
UserManager.createUser(String,String)

createUser

public User createUser(String userID,
                       String password,
                       Principal principal,
                       String intermediatePath)
                throws AuthorizableExistsException,
                       RepositoryException
Description copied from interface: UserManager
Creates an User for the given parameters. If the implementation is not able to deal with the intermediatePath that parameter should be ignored. Except for the intermediatePath, neither of the specified parameters can be null.

Specified by:
createUser in interface UserManager
Returns:
The new User.
Throws:
AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.
RepositoryException - If the current Session is not allowed to create users or some another error occurs.
See Also:
UserManager.createUser(String, String, java.security.Principal, String)

createGroup

public Group createGroup(Principal principal)
                  throws RepositoryException
Same as createGroup(java.security.Principal, String ) where the intermediate path is null.

Specified by:
createGroup in interface UserManager
Parameters:
principal - A non-null Principal
Returns:
The new Group.
Throws:
AuthorizableExistsException - in case the given principal is already in use with another Authorizable.
RepositoryException - If another error occurs.
See Also:
UserManager.createGroup(Principal)

createGroup

public Group createGroup(Principal principal,
                         String intermediatePath)
                  throws AuthorizableExistsException,
                         RepositoryException
Create a new Group from the given principal. It will be created below the defined group path.
Non-existant elements of the Path will be created as nodes of type rep:AuthorizableFolder. The group ID will be generated from the principal name. If the name conflicts with an existing authorizable ID (may happen in cases where principal name != ID) the principal name is expanded by a suffix; otherwise the resulting group ID equals the principal name.

Specified by:
createGroup in interface UserManager
Parameters:
principal - A principal that doesn't yet represent an existing user or group.
intermediatePath - Is always ignored.
Returns:
A new group.
Throws:
AuthorizableExistsException
RepositoryException
See Also:
UserManager.createGroup(java.security.Principal, String)

isAutoSave

public boolean isAutoSave()
Always returns true as by default the autoSave behavior cannot be altered (see also autoSave(boolean).

Specified by:
isAutoSave in interface UserManager
Returns:
Always true.
See Also:
UserManager.isAutoSave()

autoSave

public void autoSave(boolean enable)
              throws UnsupportedRepositoryOperationException,
                     RepositoryException
Always throws unsupportedRepositoryOperationException as modification of the autosave behavior is not supported.

Specified by:
autoSave in interface UserManager
Parameters:
enable - If true changes made through this API will be automatically saved; otherwise an explict call to Session.save() is required in order to persist changes.
Throws:
UnsupportedRepositoryOperationException - If the implementation does not allow to change the auto save behavior.
RepositoryException - If some other error occurs.
See Also:
UserManager.autoSave(boolean)

doCreateUser

protected User doCreateUser(NodeImpl node)
                     throws RepositoryException
Build the user object from the given user node. May be overridden to return a custom implementation.

Parameters:
node - user node
Returns:
the user object
Throws:
RepositoryException - if an error occurs

doCreateGroup

protected Group doCreateGroup(NodeImpl node)
                       throws RepositoryException
Build the group object from the given group node. May be overridden to return a custom implementation.

Parameters:
node - group node
Returns:
A group
Throws:
RepositoryException - if an error occurs

loggingOut

public void loggingOut(SessionImpl session)
Description copied from interface: SessionListener
Called when a Session is about to be 'closed' by calling Session.logout()
Specified by:
loggingOut in interface SessionListener
Parameters:
session - the Session that is about to be 'closed'
See Also:
SessionListener.loggingOut(org.apache.jackrabbit.core.SessionImpl)

loggedOut

public void loggedOut(SessionImpl session)
Description copied from interface: SessionListener
Called when a Session has been 'closed' by calling Session.logout()
Specified by:
loggedOut in interface SessionListener
Parameters:
session - the Session that has been 'closed'
See Also:
SessionListener.loggedOut(org.apache.jackrabbit.core.SessionImpl)


Copyright © 2004-2010 The Apache Software Foundation. All Rights Reserved.