| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.sling.jcr.repoinit.impl; |
| |
| import javax.jcr.Session; |
| |
| import org.apache.sling.repoinit.parser.operations.CreateServiceUser; |
| import org.apache.sling.repoinit.parser.operations.CreateUser; |
| import org.apache.sling.repoinit.parser.operations.DeleteServiceUser; |
| import org.apache.sling.repoinit.parser.operations.DeleteUser; |
| import org.apache.sling.repoinit.parser.operations.DisableServiceUser; |
| |
| /** OperationVisitor which processes only operations related to |
| * service users and ACLs. Having several such specialized visitors |
| * makes it easy to control the execution order. |
| */ |
| class UserVisitor extends DoNothingVisitor { |
| |
| /** Create a visitor using the supplied JCR Session. |
| * @param s must have sufficient rights to create users |
| * and set ACLs. |
| */ |
| public UserVisitor(Session s) { |
| super(s); |
| } |
| |
| @Override |
| public void visitCreateServiceUser(CreateServiceUser s) { |
| final String username = s.getUsername(); |
| try { |
| if (!UserUtil.userExists(session, username)) { |
| log.info("Creating service user {}", username); |
| UserUtil.createServiceUser(session, username, s.getPath()); |
| } else if (UserUtil.isServiceUser(session, username)) { |
| log.info("Service user {} already exists, no changes made.", username); |
| } else { |
| final String message = String.format("Existing user %s is not a service user.", username); |
| throw new RuntimeException(message); |
| } |
| } catch(Exception e) { |
| report(e, "Unable to create service user [" + username + "]:" + e); |
| } |
| } |
| |
| @Override |
| public void visitDeleteServiceUser(DeleteServiceUser s) { |
| final String username = s.getUsername(); |
| log.info("Deleting service user {}", username); |
| try { |
| UserUtil.deleteUser(session, username); |
| } catch(Exception e) { |
| report(e, "Unable to delete service user [" + username + "]:" + e); |
| } |
| } |
| |
| @Override |
| public void visitCreateUser(CreateUser u) { |
| final String username = u.getUsername(); |
| try { |
| if(!UserUtil.userExists(session, username)) { |
| final String pwd = u.getPassword(); |
| if(pwd != null) { |
| // TODO we might revise this warning once we're able |
| // to create users by providing their encoded password |
| // using u.getPasswordEncoding - for now I think only cleartext works |
| log.warn("Creating user {} with cleartext password - should NOT be used on production systems", username); |
| } else { |
| log.info("Creating user {}", username); |
| } |
| UserUtil.createUser(session, username, pwd, u.getPath()); |
| } else { |
| log.info("User {} already exists, no changes made", username); |
| } |
| } catch(Exception e) { |
| report(e, "Unable to create user [" + username + "]:" + e); |
| } |
| } |
| |
| @Override |
| public void visitDeleteUser(DeleteUser u) { |
| final String username = u.getUsername(); |
| log.info("Deleting user {}", username); |
| try { |
| if (!UserUtil.deleteUser(session, username)) { |
| log.debug("User {} doesn't exist - assuming delete to be a noop.", username); |
| } |
| } catch(Exception e) { |
| report(e, "Unable to delete user [" + username + "]:" + e); |
| } |
| } |
| |
| @Override |
| public void visitDisableServiceUser(DisableServiceUser dsu) { |
| final String username = dsu.getUsername(); |
| final String reason = dsu.getParametersDescription(); |
| log.info("Disabling service user {} reason {}", new String[]{username, reason}); |
| try { |
| if (!UserUtil.disableUser(session, username, reason)) { |
| log.debug("Service user {} doesn't existing - assuming disable to be a noop.", username); |
| } |
| } catch(Exception e) { |
| report(e, "Unable to disable service user [" + username + "]:" + e); |
| } |
| } |
| |
| } |