package org.argeo.cms.internal.runtime;
-import static org.argeo.api.acr.ldap.LdapAttrs.cn;
-import static org.argeo.api.acr.ldap.LdapAttrs.description;
-import static org.argeo.api.acr.ldap.LdapAttrs.owner;
+import static org.argeo.api.acr.ldap.LdapAttr.cn;
+import static org.argeo.api.acr.ldap.LdapAttr.description;
+import static org.argeo.api.acr.ldap.LdapAttr.owner;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import javax.xml.namespace.QName;
import org.argeo.api.acr.NamespaceUtils;
-import org.argeo.api.acr.ldap.LdapAttrs;
+import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.acr.ldap.NamingUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.api.cms.transaction.WorkTransaction;
-import org.argeo.cms.auth.CurrentUser;
+import org.argeo.cms.CurrentUser;
import org.argeo.cms.auth.UserAdminUtils;
import org.argeo.cms.directory.ldap.LdapEntry;
import org.argeo.cms.directory.ldap.SharedSecret;
// private Map<String, String> serviceProperties;
private WorkTransaction userTransaction;
- private final String[] knownProps = { LdapAttrs.cn.name(), LdapAttrs.sn.name(), LdapAttrs.givenName.name(),
- LdapAttrs.uid.name() };
+ private final String[] knownProps = { LdapAttr.cn.name(), LdapAttr.sn.name(), LdapAttr.givenName.name(),
+ LdapAttr.uid.name() };
// private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
// .synchronizedMap(new LinkedHashMap<>());
@Override
public CmsUser getUserFromLocalId(String localId) {
- CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
+ CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttr.uid.name(), localId);
if (user == null)
- user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
+ user = (CmsUser) getUserAdmin().getUser(LdapAttr.cn.name(), localId);
return user;
}
}
}
+ @Override
+ public CmsGroup createGroup(String dn) {
+ try {
+ userTransaction.begin();
+ CmsGroup group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
+ userTransaction.commit();
+ return group;
+ } catch (Exception e) {
+ try {
+ userTransaction.rollback();
+ } catch (Exception e1) {
+ log.error("Could not roll back", e1);
+ }
+ if (e instanceof RuntimeException)
+ throw (RuntimeException) e;
+ else
+ throw new RuntimeException("Cannot create group " + dn, e);
+ }
+ }
+
@Override
public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
+ String dn = LdapAttr.cn.name() + "=" + commonName + "," + groups.getBase();
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
try {
- String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
- CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
- if (group != null)
- return group;
userTransaction.begin();
group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
@Override
public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole) {
+ String dn = LdapAttr.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
+ if (group != null)
+ return group;
try {
- String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
- CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
- if (group != null)
- return group;
userTransaction.begin();
group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
if (log.isTraceEnabled())
log.trace("Cannot rollback transaction", e2);
}
- throw new RuntimeException("Cannot add object classes " + role + " to group " + group, e1);
+ throw new RuntimeException("Cannot add member " + role + " to group " + group, e1);
+ }
+ }
+
+ @Override
+ public void removeMember(CmsGroup group, Role role) {
+ try {
+ userTransaction.begin();
+ group.removeMember(role);
+ userTransaction.commit();
+ } catch (Exception e1) {
+ try {
+ if (!userTransaction.isNoTransactionStatus())
+ userTransaction.rollback();
+ } catch (Exception e2) {
+ if (log.isTraceEnabled())
+ log.trace("Cannot rollback transaction", e2);
+ }
+ throw new RuntimeException("Cannot remove member " + role + " from group " + group, e1);
}
}
Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
String dn = null;
if (Role.GROUP == type)
- dn = LdapAttrs.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
else if (Role.USER == type)
- dn = LdapAttrs.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
+ dn = LdapAttr.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
else
throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
return dn;
}
public String addSharedSecret(String email, int hours) {
- User user = (User) userAdmin.getUser(LdapAttrs.mail.name(), email);
+ User user = (User) userAdmin.getUser(LdapAttr.mail.name(), email);
try {
userTransaction.begin();
String uuid = UUID.randomUUID().toString();