import java.io.File;
import java.io.IOException;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
import org.argeo.cms.KernelHeader;
-import org.argeo.osgi.useradmin.AbstractUserDirectory;
-import org.argeo.osgi.useradmin.LdapProperties;
import org.argeo.osgi.useradmin.LdapUserAdmin;
import org.argeo.osgi.useradmin.LdifUserAdmin;
-import org.argeo.osgi.useradmin.UserAdminAggregator;
+import org.argeo.osgi.useradmin.UserAdminConf;
+import org.argeo.osgi.useradmin.UserDirectory;
import org.argeo.osgi.useradmin.UserDirectoryException;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;
-public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
+public class NodeUserAdmin implements UserAdmin {
private final static Log log = LogFactory.getLog(NodeUserAdmin.class);
final static LdapName ROLES_BASE;
static {
private UserAdmin nodeRoles = null;
private Map<LdapName, UserAdmin> userAdmins = new HashMap<LdapName, UserAdmin>();
- private TransactionManager transactionManager;
-
public NodeUserAdmin() {
File osgiInstanceDir = KernelUtils.getOsgiInstanceDir();
File nodeBaseDir = new File(osgiInstanceDir, "node");
nodeBaseDir.mkdirs();
String userAdminUri = KernelUtils
- .getFrameworkProp(KernelConstants.USERADMIN_URI);
+ .getFrameworkProp(KernelConstants.USERADMIN_URIS);
if (userAdminUri == null) {
String demoBaseDn = "dc=example,dc=com";
File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif");
URI u;
try {
u = new URI(uri);
+ if (u.getPath() == null)
+ throw new CmsException("URI " + uri
+ + " must have a path in order to determine base DN");
if (u.getScheme() == null) {
- if (uri.startsWith("/"))
- u = new File(uri).getAbsoluteFile().toURI();
+ if (uri.startsWith("/") || uri.startsWith("./")
+ || uri.startsWith("../"))
+ u = new File(uri).getCanonicalFile().toURI();
else if (!uri.contains("/"))
- u = new File(nodeBaseDir, uri).getAbsoluteFile()
+ u = new File(nodeBaseDir, uri).getCanonicalFile()
.toURI();
else
throw new CmsException("Cannot interpret " + uri
+ " as an uri");
+ } else if (u.getScheme().equals("file")) {
+ u = new File(u).getCanonicalFile().toURI();
}
- } catch (URISyntaxException e) {
+ } catch (Exception e) {
throw new CmsException(
"Cannot interpret " + uri + " as an uri", e);
}
- Dictionary<String, ?> properties = LdapProperties.uriAsProperties(u
+ Dictionary<String, ?> properties = UserAdminConf.uriAsProperties(u
.toString());
- AbstractUserDirectory businessRoles;
+ UserDirectory businessRoles;
if (u.getScheme().startsWith("ldap")) {
businessRoles = new LdapUserAdmin(properties);
} else {
businessRoles = new LdifUserAdmin(properties);
}
businessRoles.init();
- addUserAdmin(businessRoles.getBaseDn(), businessRoles);
+ addUserAdmin(businessRoles.getBaseDn(), (UserAdmin) businessRoles);
if (log.isDebugEnabled())
log.debug("User directory " + businessRoles.getBaseDn() + " ["
+ u.getScheme() + "] enabled.");
nodeRolesUri = nodeRolesFile.toURI().toString();
}
- Dictionary<String, ?> nodeRolesProperties = LdapProperties
+ Dictionary<String, ?> nodeRolesProperties = UserAdminConf
.uriAsProperties(nodeRolesUri);
- if (!nodeRolesProperties.get(LdapProperties.baseDn.getFullName())
- .equals(baseNodeRoleDn)) {
+ if (!nodeRolesProperties.get(UserAdminConf.baseDn.property()).equals(
+ baseNodeRoleDn)) {
throw new CmsException("Invalid base dn for node roles");
// TODO deal with "mounted" roles with a different baseDN
}
- AbstractUserDirectory nodeRoles;
+ UserDirectory nodeRoles;
if (nodeRolesUri.startsWith("ldap")) {
nodeRoles = new LdapUserAdmin(nodeRolesProperties);
} else {
}
nodeRoles.setExternalRoles(this);
nodeRoles.init();
- addUserAdmin(baseNodeRoleDn, nodeRoles);
+ addUserAdmin(baseNodeRoleDn, (UserAdmin) nodeRoles);
if (log.isTraceEnabled())
log.trace("Node roles enabled.");
}
- String asConfigUris() {
- StringBuilder buf = new StringBuilder();
+ Dictionary<String, ?> currentState() {
+ Dictionary<String, Object> res = new Hashtable<String, Object>();
for (LdapName name : userAdmins.keySet()) {
- buf.append('/').append(name.toString());
- if (userAdmins.get(name) instanceof AbstractUserDirectory) {
- AbstractUserDirectory userDirectory = (AbstractUserDirectory) userAdmins
+ StringBuilder buf = new StringBuilder();
+ if (userAdmins.get(name) instanceof UserDirectory) {
+ UserDirectory userDirectory = (UserDirectory) userAdmins
.get(name);
- if (userDirectory.isReadOnly())
- buf.append('?').append(LdapProperties.readOnly.name())
- .append("=true");
+ String uri = UserAdminConf.propertiesAsUri(
+ userDirectory.getProperties()).toString();
+ res.put(uri, "");
+ } else {
+ buf.append('/').append(name.toString())
+ .append("?readOnly=true");
}
- buf.append(' ');
}
- return buf.toString();
+ return res;
}
public void destroy() {
for (LdapName name : userAdmins.keySet()) {
- if (userAdmins.get(name) instanceof AbstractUserDirectory) {
- AbstractUserDirectory userDirectory = (AbstractUserDirectory) userAdmins
+ if (userAdmins.get(name) instanceof UserDirectory) {
+ UserDirectory userDirectory = (UserDirectory) userAdmins
.get(name);
userDirectory.destroy();
}
@Override
public boolean removeRole(String name) {
- return findUserAdmin(name).removeRole(name);
+ boolean actuallyDeleted = findUserAdmin(name).removeRole(name);
+ nodeRoles.removeRole(name);
+ return actuallyDeleted;
}
@Override
@Override
public Authorization getAuthorization(User user) {
+ if (user == null) {
+ return nodeRoles.getAuthorization(null);
+ }
UserAdmin userAdmin = findUserAdmin(user.getName());
Authorization rawAuthorization = userAdmin.getAuthorization(user);
// gather system roles
//
// USER ADMIN AGGREGATOR
//
- @Override
public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) {
if (baseDn.equals(KernelHeader.ROLES_BASEDN)) {
nodeRoles = userAdmin;
}
}
- @Override
public synchronized void removeUserAdmin(String baseDn) {
if (baseDn.equals(KernelHeader.ROLES_BASEDN))
throw new UserDirectoryException("Node roles cannot be removed.");
}
public void setTransactionManager(TransactionManager transactionManager) {
- this.transactionManager = transactionManager;
- if (nodeRoles instanceof AbstractUserDirectory)
- ((AbstractUserDirectory) nodeRoles)
+ if (nodeRoles instanceof UserDirectory)
+ ((UserDirectory) nodeRoles)
.setTransactionManager(transactionManager);
for (UserAdmin userAdmin : userAdmins.values()) {
- if (userAdmin instanceof AbstractUserDirectory)
- ((AbstractUserDirectory) userAdmin)
+ if (userAdmin instanceof UserDirectory)
+ ((UserDirectory) userAdmin)
.setTransactionManager(transactionManager);
}
}
projects / lgpl / argeo-commons.git / blobdiff