]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix add member to LDIF group
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / NodeUserAdmin.java
1 package org.argeo.cms.internal.kernel;
2
3 import java.util.ArrayList;
4 import java.util.Arrays;
5 import java.util.HashMap;
6 import java.util.HashSet;
7 import java.util.List;
8 import java.util.Map;
9 import java.util.Set;
10
11 import javax.naming.InvalidNameException;
12 import javax.naming.ldap.LdapName;
13 import javax.transaction.Transaction;
14 import javax.transaction.TransactionManager;
15 import javax.transaction.TransactionSynchronizationRegistry;
16
17 import org.argeo.cms.KernelHeader;
18 import org.argeo.osgi.useradmin.AbstractUserDirectory;
19 import org.argeo.osgi.useradmin.UserAdminAggregator;
20 import org.argeo.osgi.useradmin.UserDirectoryException;
21 import org.osgi.framework.InvalidSyntaxException;
22 import org.osgi.service.useradmin.Authorization;
23 import org.osgi.service.useradmin.Role;
24 import org.osgi.service.useradmin.User;
25 import org.osgi.service.useradmin.UserAdmin;
26
27 public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
28 final static LdapName ROLES_BASE;
29 static {
30 try {
31 ROLES_BASE = new LdapName(KernelHeader.ROLES_BASEDN);
32 } catch (InvalidNameException e) {
33 throw new UserDirectoryException("Cannot initialize "
34 + NodeUserAdmin.class, e);
35 }
36 }
37
38 private UserAdmin nodeRoles = null;
39 private Map<LdapName, UserAdmin> userAdmins = new HashMap<LdapName, UserAdmin>();
40
41 private TransactionSynchronizationRegistry syncRegistry;
42 private TransactionManager transactionManager;
43
44 @Override
45 public Role createRole(String name, int type) {
46 return findUserAdmin(name).createRole(name, type);
47 }
48
49 @Override
50 public boolean removeRole(String name) {
51 return findUserAdmin(name).removeRole(name);
52 }
53
54 @Override
55 public Role getRole(String name) {
56 return findUserAdmin(name).getRole(name);
57 }
58
59 @Override
60 public Role[] getRoles(String filter) throws InvalidSyntaxException {
61 List<Role> res = new ArrayList<Role>();
62 for (UserAdmin userAdmin : userAdmins.values()) {
63 res.addAll(Arrays.asList(userAdmin.getRoles(filter)));
64 }
65 res.addAll(Arrays.asList(nodeRoles.getRoles(filter)));
66 return res.toArray(new Role[res.size()]);
67 }
68
69 @Override
70 public User getUser(String key, String value) {
71 List<User> res = new ArrayList<User>();
72 for (UserAdmin userAdmin : userAdmins.values()) {
73 User u = userAdmin.getUser(key, value);
74 if (u != null)
75 res.add(u);
76 }
77 // Note: node roles cannot contain users, so it is not searched
78 return res.size() == 1 ? res.get(0) : null;
79 }
80
81 @Override
82 public Authorization getAuthorization(User user) {
83 UserAdmin userAdmin = findUserAdmin(user.getName());
84 Authorization rawAuthorization = userAdmin.getAuthorization(user);
85 // gather system roles
86 Set<String> systemRoles = new HashSet<String>();
87 for (String role : rawAuthorization.getRoles()) {
88 Authorization auth = nodeRoles.getAuthorization((User) userAdmin
89 .getRole(role));
90 systemRoles.addAll(Arrays.asList(auth.getRoles()));
91 }
92 return new NodeAuthorization(rawAuthorization.getName(),
93 rawAuthorization.toString(), systemRoles,
94 rawAuthorization.getRoles());
95 }
96
97 //
98 // USER ADMIN AGGREGATOR
99 //
100 @Override
101 public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) {
102 if (userAdmin instanceof AbstractUserDirectory)
103 ((AbstractUserDirectory) userAdmin).setSyncRegistry(syncRegistry);
104
105 if (baseDn.equals(KernelHeader.ROLES_BASEDN)) {
106 nodeRoles = userAdmin;
107 return;
108 }
109
110 if (userAdmins.containsKey(baseDn))
111 throw new UserDirectoryException(
112 "There is already a user admin for " + baseDn);
113 try {
114 userAdmins.put(new LdapName(baseDn), userAdmin);
115 } catch (InvalidNameException e) {
116 throw new UserDirectoryException("Badly formatted base DN "
117 + baseDn, e);
118 }
119 }
120
121 @Override
122 public synchronized void removeUserAdmin(String baseDn) {
123 if (baseDn.equals(KernelHeader.ROLES_BASEDN))
124 throw new UserDirectoryException("Node roles cannot be removed.");
125 LdapName base;
126 try {
127 base = new LdapName(baseDn);
128 } catch (InvalidNameException e) {
129 throw new UserDirectoryException("Badly formatted base DN "
130 + baseDn, e);
131 }
132 if (!userAdmins.containsKey(base))
133 throw new UserDirectoryException("There is no user admin for "
134 + base);
135 UserAdmin userAdmin = userAdmins.remove(base);
136 if (userAdmin instanceof AbstractUserDirectory)
137 ((AbstractUserDirectory) userAdmin).setSyncRegistry(null);
138 }
139
140 private UserAdmin findUserAdmin(String name) {
141 try {
142 return findUserAdmin(new LdapName(name));
143 } catch (InvalidNameException e) {
144 throw new UserDirectoryException("Badly formatted name " + name, e);
145 }
146 }
147
148 private UserAdmin findUserAdmin(LdapName name) {
149 if (name.startsWith(ROLES_BASE))
150 return nodeRoles;
151 List<UserAdmin> res = new ArrayList<UserAdmin>(1);
152 for (LdapName baseDn : userAdmins.keySet()) {
153 if (name.startsWith(baseDn))
154 res.add(userAdmins.get(baseDn));
155 }
156 if (res.size() == 0)
157 throw new UserDirectoryException("Cannot find user admin for "
158 + name);
159 if (res.size() > 1)
160 throw new UserDirectoryException("Multiple user admin found for "
161 + name);
162 return res.get(0);
163 }
164
165 public void setTransactionManager(TransactionManager transactionManager) {
166 this.transactionManager = transactionManager;
167 if (nodeRoles instanceof AbstractUserDirectory)
168 ((AbstractUserDirectory) nodeRoles)
169 .setTransactionManager(transactionManager);
170 for (UserAdmin userAdmin : userAdmins.values()) {
171 if (userAdmin instanceof AbstractUserDirectory)
172 ((AbstractUserDirectory) userAdmin)
173 .setTransactionManager(transactionManager);
174 }
175 }
176
177 public void setSyncRegistry(TransactionSynchronizationRegistry syncRegistry) {
178 this.syncRegistry = syncRegistry;
179 if (nodeRoles instanceof AbstractUserDirectory)
180 ((AbstractUserDirectory) nodeRoles).setSyncRegistry(syncRegistry);
181 for (UserAdmin userAdmin : userAdmins.values()) {
182 if (userAdmin instanceof AbstractUserDirectory)
183 ((AbstractUserDirectory) userAdmin)
184 .setSyncRegistry(syncRegistry);
185 }
186 }
187
188 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi