1 package org
.argeo
.osgi
.useradmin
;
3 import java
.util
.ArrayList
;
4 import java
.util
.Arrays
;
5 import java
.util
.Dictionary
;
6 import java
.util
.HashMap
;
7 import java
.util
.HashSet
;
8 import java
.util
.Hashtable
;
13 import javax
.naming
.InvalidNameException
;
14 import javax
.naming
.ldap
.LdapName
;
16 import org
.osgi
.framework
.InvalidSyntaxException
;
17 import org
.osgi
.service
.useradmin
.Authorization
;
18 import org
.osgi
.service
.useradmin
.Group
;
19 import org
.osgi
.service
.useradmin
.Role
;
20 import org
.osgi
.service
.useradmin
.User
;
21 import org
.osgi
.service
.useradmin
.UserAdmin
;
24 * Aggregates multiple {@link UserDirectory} and integrates them with system
27 public class AggregatingUserAdmin
implements UserAdmin
{
28 private final LdapName systemRolesBaseDn
;
29 private final LdapName tokensBaseDn
;
32 private AbstractUserDirectory systemRoles
= null;
33 private AbstractUserDirectory tokens
= null;
34 private Map
<LdapName
, AbstractUserDirectory
> businessRoles
= new HashMap
<LdapName
, AbstractUserDirectory
>();
36 public AggregatingUserAdmin(String systemRolesBaseDn
, String tokensBaseDn
) {
38 this.systemRolesBaseDn
= new LdapName(systemRolesBaseDn
);
39 if (tokensBaseDn
!= null)
40 this.tokensBaseDn
= new LdapName(tokensBaseDn
);
42 this.tokensBaseDn
= null;
43 } catch (InvalidNameException e
) {
44 throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin
.class, e
);
49 public Role
createRole(String name
, int type
) {
50 return findUserAdmin(name
).createRole(name
, type
);
54 public boolean removeRole(String name
) {
55 boolean actuallyDeleted
= findUserAdmin(name
).removeRole(name
);
56 systemRoles
.removeRole(name
);
57 return actuallyDeleted
;
61 public Role
getRole(String name
) {
62 return findUserAdmin(name
).getRole(name
);
66 public Role
[] getRoles(String filter
) throws InvalidSyntaxException
{
67 List
<Role
> res
= new ArrayList
<Role
>();
68 for (UserAdmin userAdmin
: businessRoles
.values()) {
69 res
.addAll(Arrays
.asList(userAdmin
.getRoles(filter
)));
71 res
.addAll(Arrays
.asList(systemRoles
.getRoles(filter
)));
72 return res
.toArray(new Role
[res
.size()]);
76 public User
getUser(String key
, String value
) {
77 List
<User
> res
= new ArrayList
<User
>();
78 for (UserAdmin userAdmin
: businessRoles
.values()) {
79 User u
= userAdmin
.getUser(key
, value
);
83 // Note: node roles cannot contain users, so it is not searched
84 return res
.size() == 1 ? res
.get(0) : null;
88 public Authorization
getAuthorization(User user
) {
89 if (user
== null) {// anonymous
90 return systemRoles
.getAuthorization(null);
92 UserAdmin userAdmin
= findUserAdmin(user
.getName());
93 Authorization rawAuthorization
= userAdmin
.getAuthorization(user
);
95 String displayNameToUse
;
96 if (user
instanceof Group
) {
97 String ownerDn
= TokenUtils
.userDn((Group
) user
);
98 if (ownerDn
!= null) {// tokens
99 UserAdmin ownerUserAdmin
= findUserAdmin(ownerDn
);
100 User ownerUser
= (User
) ownerUserAdmin
.getRole(ownerDn
);
101 usernameToUse
= ownerDn
;
102 displayNameToUse
= LdifAuthorization
.extractDisplayName(ownerUser
);
104 usernameToUse
= rawAuthorization
.getName();
105 displayNameToUse
= rawAuthorization
.toString();
107 } else {// regular users
108 usernameToUse
= rawAuthorization
.getName();
109 displayNameToUse
= rawAuthorization
.toString();
111 // gather system roles
112 Set
<String
> sysRoles
= new HashSet
<String
>();
113 for (String role
: rawAuthorization
.getRoles()) {
114 Authorization auth
= systemRoles
.getAuthorization((User
) userAdmin
.getRole(role
));
115 sysRoles
.addAll(Arrays
.asList(auth
.getRoles()));
117 addAbstractSystemRoles(rawAuthorization
, sysRoles
);
118 Authorization authorization
= new AggregatingAuthorization(usernameToUse
, displayNameToUse
, sysRoles
,
119 rawAuthorization
.getRoles());
120 return authorization
;
124 * Enrich with application-specific roles which are strictly programmatic, such
125 * as anonymous/user semantics.
127 protected void addAbstractSystemRoles(Authorization rawAuthorization
, Set
<String
> sysRoles
) {
132 // USER ADMIN AGGREGATOR
134 protected void addUserDirectory(AbstractUserDirectory userDirectory
) {
135 LdapName baseDn
= userDirectory
.getBaseDn();
136 if (isSystemRolesBaseDn(baseDn
)) {
137 this.systemRoles
= userDirectory
;
138 systemRoles
.setExternalRoles(this);
139 } else if (isTokensBaseDn(baseDn
)) {
140 this.tokens
= userDirectory
;
141 tokens
.setExternalRoles(this);
143 if (businessRoles
.containsKey(baseDn
))
144 throw new UserDirectoryException("There is already a user admin for " + baseDn
);
145 businessRoles
.put(baseDn
, userDirectory
);
147 userDirectory
.init();
148 postAdd(userDirectory
);
151 /** Called after a new user directory has been added */
152 protected void postAdd(AbstractUserDirectory userDirectory
) {
155 private UserAdmin
findUserAdmin(String name
) {
157 UserAdmin userAdmin
= findUserAdmin(new LdapName(name
));
159 } catch (InvalidNameException e
) {
160 throw new UserDirectoryException("Badly formatted name " + name
, e
);
164 private UserAdmin
findUserAdmin(LdapName name
) {
165 if (name
.startsWith(systemRolesBaseDn
))
167 if (tokensBaseDn
!= null && name
.startsWith(tokensBaseDn
))
169 List
<UserAdmin
> res
= new ArrayList
<UserAdmin
>(1);
170 for (LdapName baseDn
: businessRoles
.keySet()) {
171 if (name
.startsWith(baseDn
)) {
172 AbstractUserDirectory ud
= businessRoles
.get(baseDn
);
173 if (!ud
.isDisabled())
178 throw new UserDirectoryException("Cannot find user admin for " + name
);
180 throw new UserDirectoryException("Multiple user admin found for " + name
);
184 protected boolean isSystemRolesBaseDn(LdapName baseDn
) {
185 return baseDn
.equals(systemRolesBaseDn
);
188 protected boolean isTokensBaseDn(LdapName baseDn
) {
189 return tokensBaseDn
!= null && baseDn
.equals(tokensBaseDn
);
192 protected Dictionary
<String
, Object
> currentState() {
193 Dictionary
<String
, Object
> res
= new Hashtable
<String
, Object
>();
194 // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
195 for (LdapName name
: businessRoles
.keySet()) {
196 AbstractUserDirectory userDirectory
= businessRoles
.get(name
);
197 String uri
= UserAdminConf
.propertiesAsUri(userDirectory
.getProperties()).toString();
203 public void destroy() {
204 for (LdapName name
: businessRoles
.keySet()) {
205 AbstractUserDirectory userDirectory
= businessRoles
.get(name
);
206 destroy(userDirectory
);
208 businessRoles
.clear();
209 businessRoles
= null;
210 destroy(systemRoles
);
214 private void destroy(AbstractUserDirectory userDirectory
) {
215 preDestroy(userDirectory
);
216 userDirectory
.destroy();
219 protected void removeUserDirectory(LdapName baseDn
) {
220 if (isSystemRolesBaseDn(baseDn
))
221 throw new UserDirectoryException("System roles cannot be removed ");
222 if (!businessRoles
.containsKey(baseDn
))
223 throw new UserDirectoryException("No user directory registered for " + baseDn
);
224 AbstractUserDirectory userDirectory
= businessRoles
.remove(baseDn
);
225 destroy(userDirectory
);
229 * Called before each user directory is destroyed, so that additional actions
232 protected void preDestroy(AbstractUserDirectory userDirectory
) {