Improve tokens management

[lgpl/argeo-commons.git] / org.argeo.enterprise / src / org / argeo / osgi / useradmin / LdapUserAdmin.java

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
index 456342e04e35f06b432f1f7c91193d28cba85914..10a75feb02bd220b7ffdcb46092479ebe133b302 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
@@ -39,7 +39,7 @@ public class LdapUserAdmin extends AbstractUserDirectory {
        private InitialLdapContext initialLdapContext = null;
 
        public LdapUserAdmin(Dictionary<String, ?> properties) {
-               super(properties);
+               super(null, properties);
                try {
                        Hashtable<String, Object> connEnv = new Hashtable<String, Object>();
                        connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
@@ -78,20 +78,22 @@ public class LdapUserAdmin extends AbstractUserDirectory {
                }
        }
 
-       @SuppressWarnings("unchecked")
        @Override
        protected AbstractUserDirectory scope(User user) {
                Dictionary<String, Object> credentials = user.getCredentials();
-               // FIXME use arrays
                String username = (String) credentials.get(SHARED_STATE_USERNAME);
                if (username == null)
                        username = user.getName();
-               // byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD);
-               // char[] password = DigestUtils.bytesToChars(pwd);
                Dictionary<String, Object> properties = cloneProperties();
                properties.put(Context.SECURITY_PRINCIPAL, username.toString());
-               // properties.put(Context.SECURITY_CREDENTIALS, password);
-               properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+               Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
+               byte[] pwd = (byte[]) pwdCred;
+               if (pwd != null) {
+                       char[] password = DigestUtils.bytesToChars(pwd);
+                       properties.put(Context.SECURITY_CREDENTIALS, new String(password));
+               } else {
+                       properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+               }
                return new LdapUserAdmin(properties);
        }
 
@@ -101,11 +103,15 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 
        @Override
        protected Boolean daoHasRole(LdapName dn) {
-               return daoGetRole(dn) != null;
+               try {
+                       return daoGetRole(dn) != null;
+               } catch (NameNotFoundException e) {
+                       return false;
+               }
        }
 
        @Override
-       protected DirectoryUser daoGetRole(LdapName name) {
+       protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException {
                try {
                        Attributes attrs = getLdapContext().getAttributes(name);
                        if (attrs.size() == 0)
@@ -119,8 +125,11 @@ public class LdapUserAdmin extends AbstractUserDirectory {
                        else
                                throw new UserDirectoryException("Unsupported LDAP type for " + name);
                        return res;
+               } catch (NameNotFoundException e) {
+                       throw e;
                } catch (NamingException e) {
-                       log.error("Cannot get role: "+e.getMessage());
+                       if (log.isTraceEnabled())
+                               log.error("Cannot get role: " + name, e);
                        return null;
                }
        }
@@ -144,9 +153,11 @@ public class LdapUserAdmin extends AbstractUserDirectory {
                                Attribute objectClassAttr = attrs.get(objectClass.name());
                                LdapName dn = toDn(searchBase, searchResult);
                                LdifUser role;
-                               if (objectClassAttr.contains(getGroupObjectClass()))
+                               if (objectClassAttr.contains(getGroupObjectClass())
+                                               || objectClassAttr.contains(getGroupObjectClass().toLowerCase()))
                                        role = new LdifGroup(this, dn, attrs);
-                               else if (objectClassAttr.contains(getUserObjectClass()))
+                               else if (objectClassAttr.contains(getUserObjectClass())
+                                               || objectClassAttr.contains(getUserObjectClass().toLowerCase()))
                                        role = new LdifUser(this, dn, attrs);
                                else {
                                        log.warn("Unsupported LDAP type for " + searchResult.getName());