import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.argeo.api.NodeConstants;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.UserAdminUtils;
import org.argeo.naming.LdapAttrs;
import org.argeo.naming.NamingUtils;
import org.argeo.naming.SharedSecret;
-import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.TokenUtils;
import org.argeo.osgi.useradmin.UserAdminConf;
+import org.argeo.osgi.useradmin.UserDirectory;
import org.osgi.framework.InvalidSyntaxException;
-import org.osgi.framework.ServiceReference;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
private final static Log log = LogFactory.getLog(CmsUserManagerImpl.class);
private UserAdmin userAdmin;
- @Deprecated
- private ServiceReference<UserAdmin> userAdminServiceReference;
- private Map<String, String> serviceProperties;
+// private Map<String, String> serviceProperties;
private UserTransaction userTransaction;
+ private Map<UserDirectory, Hashtable<String, String>> userDirectories = Collections
+ .synchronizedMap(new LinkedHashMap<>());
+
@Override
public String getMyMail() {
return getUserMail(CurrentUser.getUsername());
+ dns.keySet().toString() + ". Unable to chose a default one.");
}
+// public Map<String, String> getKnownBaseDns(boolean onlyWritable) {
+// Map<String, String> dns = new HashMap<String, String>();
+// String[] propertyKeys = serviceProperties.keySet().toArray(new String[serviceProperties.size()]);
+// for (String uri : propertyKeys) {
+// if (!uri.startsWith("/"))
+// continue;
+// Dictionary<String, ?> props = UserAdminConf.uriAsProperties(uri);
+// String readOnly = UserAdminConf.readOnly.getValue(props);
+// String baseDn = UserAdminConf.baseDn.getValue(props);
+//
+// if (onlyWritable && "true".equals(readOnly))
+// continue;
+// if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
+// continue;
+// if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN))
+// continue;
+// dns.put(baseDn, uri);
+// }
+// return dns;
+// }
+
public Map<String, String> getKnownBaseDns(boolean onlyWritable) {
Map<String, String> dns = new HashMap<String, String>();
- String[] propertyKeys = userAdminServiceReference != null ? userAdminServiceReference.getPropertyKeys()
- : serviceProperties.keySet().toArray(new String[serviceProperties.size()]);
- for (String uri : propertyKeys) {
- if (!uri.startsWith("/"))
- continue;
- Dictionary<String, ?> props = UserAdminConf.uriAsProperties(uri);
- String readOnly = UserAdminConf.readOnly.getValue(props);
- String baseDn = UserAdminConf.baseDn.getValue(props);
+ for (UserDirectory userDirectory : userDirectories.keySet()) {
+ Boolean readOnly = userDirectory.isReadOnly();
+ String baseDn = userDirectory.getBaseDn().toString();
- if (onlyWritable && "true".equals(readOnly))
+ if (onlyWritable && readOnly)
continue;
if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN))
continue;
- dns.put(baseDn, uri);
+ dns.put(baseDn, UserAdminConf.propertiesAsUri(userDirectories.get(userDirectory)).toString());
+
}
return dns;
}
@Override
public void addAuthToken(String userDn, String token, Integer hours, String... roles) {
+ addAuthToken(userDn, token, ZonedDateTime.now().plusHours(hours), roles);
+ }
+
+ @Override
+ public void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles) {
try {
userTransaction.begin();
User user = (User) userAdmin.getRole(userDn);
String tokenDn = cn + "=" + token + "," + NodeConstants.TOKENS_BASEDN;
Group tokenGroup = (Group) userAdmin.createRole(tokenDn, Role.GROUP);
- for (String role : roles) {
- Role r = userAdmin.getRole(role);
- if (r != null)
- tokenGroup.addMember(r);
- else {
- if (!role.equals(NodeConstants.ROLE_USER)) {
- throw new IllegalStateException(
- "Cannot add role " + role + " to token " + token + " for " + userDn);
+ if (roles != null)
+ for (String role : roles) {
+ Role r = userAdmin.getRole(role);
+ if (r != null)
+ tokenGroup.addMember(r);
+ else {
+ if (!role.equals(NodeConstants.ROLE_USER)) {
+ throw new IllegalStateException(
+ "Cannot add role " + role + " to token " + token + " for " + userDn);
+ }
}
}
- }
tokenGroup.getProperties().put(owner.name(), user.getName());
- if (hours != null) {
- String ldapDate = NamingUtils.instantToLdapDate(ZonedDateTime.now().plusHours(hours));
+ if (expiryDate != null) {
+ String ldapDate = NamingUtils.instantToLdapDate(expiryDate);
tokenGroup.getProperties().put(description.name(), ldapDate);
}
userTransaction.commit();
}
/* DEPENDENCY INJECTION */
- public void setUserAdmin(UserAdmin userAdmin, Map<String, String> serviceProperties) {
+ public void setUserAdmin(UserAdmin userAdmin) {
this.userAdmin = userAdmin;
- this.serviceProperties = serviceProperties;
+// this.serviceProperties = serviceProperties;
}
public void setUserTransaction(UserTransaction userTransaction) {
this.userTransaction = userTransaction;
}
+
+ public void addUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+ userDirectories.put(userDirectory, new Hashtable<>(properties));
+ }
+
+ public void removeUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+ userDirectories.remove(userDirectory);
+ }
+
}