]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix URI when using default LDIF
[lgpl/argeo-commons.git] / org.argeo.security.core / src / org / argeo / osgi / useradmin / AbstractUserDirectory.java
diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 1d2e72759b479151ddf032d8a8f9a1ac19ef5bd2..671f634969bd8f49db28a20eabace94a02df6c17 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -12,10 +12,10 @@ import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Dictionary;
-import java.util.HashMap;
+import java.util.Enumeration;
+import java.util.Hashtable;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
 
 import javax.naming.InvalidNameException;
 import javax.naming.directory.Attributes;
@@ -26,9 +26,6 @@ import javax.naming.ldap.Rdn;
 import javax.transaction.SystemException;
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
-import javax.transaction.xa.XAException;
-import javax.transaction.xa.XAResource;
-import javax.transaction.xa.Xid;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -36,22 +33,22 @@ import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
-import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
+/** Base class for a {@link UserDirectory}. */
 abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        private final static Log log = LogFactory
                        .getLog(AbstractUserDirectory.class);
 
-       private Dictionary<String, ?> properties;
-       private String baseDn = "dc=example,dc=com";
-       private String userObjectClass;
-       private String groupObjectClass;
+       private final Hashtable<String, Object> properties;
+       private final String baseDn;
+       private final String userObjectClass;
+       private final String groupObjectClass;
 
-       private boolean isReadOnly;
-       private URI uri;
+       private final boolean readOnly;
+       private final URI uri;
 
        private UserAdmin externalRoles;
        private List<String> indexedUserProperties = Arrays.asList(new String[] {
@@ -61,16 +58,17 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        private List<String> credentialAttributeIds = Arrays
                        .asList(new String[] { LdifName.userpassword.name() });
 
-       // private TransactionSynchronizationRegistry syncRegistry;
-       // private Object editingTransactionKey = null;
-
        private TransactionManager transactionManager;
-       private ThreadLocal<WorkingCopy> workingCopy = new ThreadLocal<AbstractUserDirectory.WorkingCopy>();
-       private Xid editingTransactionXid = null;
-
-       public AbstractUserDirectory(Dictionary<String, ?> properties) {
-               // TODO make a copy?
-               this.properties = properties;
+       // private TransactionSynchronizationRegistry transactionRegistry;
+       // private Xid editingTransactionXid = null;
+       private WcXaResource xaResource = new WcXaResource(this);
+
+       AbstractUserDirectory(Dictionary<String, ?> props) {
+               properties = new Hashtable<String, Object>();
+               for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
+                       String key = keys.nextElement();
+                       properties.put(key, props.get(key));
+               }
 
                String uriStr = UserAdminConf.uri.getValue(properties);
                if (uriStr == null)
@@ -79,29 +77,25 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                        try {
                                uri = new URI(uriStr);
                        } catch (URISyntaxException e) {
-                               throw new UserDirectoryException("Badly formatted URI", e);
+                               throw new UserDirectoryException("Badly formatted URI "
+                                               + uriStr, e);
                        }
 
                baseDn = UserAdminConf.baseDn.getValue(properties).toString();
-               String isReadOnly = UserAdminConf.readOnly.getValue(properties);
-               if (isReadOnly == null)
-                       this.isReadOnly = readOnlyDefault(uri);
-               else
-                       this.isReadOnly = new Boolean(isReadOnly);
+               String readOnlyStr = UserAdminConf.readOnly.getValue(properties);
+               if (readOnlyStr == null) {
+                       readOnly = readOnlyDefault(uri);
+                       properties.put(UserAdminConf.readOnly.property(),
+                                       Boolean.toString(readOnly));
+               } else
+                       readOnly = new Boolean(readOnlyStr);
 
-               this.userObjectClass = UserAdminConf.userObjectClass
-                               .getValue(properties);
-               this.groupObjectClass = UserAdminConf.groupObjectClass
-                               .getValue(properties);
+               userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
+               groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
        }
 
-       // public AbstractUserDirectory(URI uri, boolean isReadOnly) {
-       // this.uri = uri;
-       // this.isReadOnly = isReadOnly;
-       // }
-
-       /** Returns the {@link Group}s this user is a direct member of. */
-       protected abstract List<? extends DirectoryGroup> getDirectGroups(User user);
+       /** Returns the groups this user is a direct member of. */
+       protected abstract List<LdapName> getDirectGroups(LdapName dn);
 
        protected abstract Boolean daoHasRole(LdapName dn);
 
@@ -109,9 +103,6 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
 
        protected abstract List<DirectoryUser> doGetRoles(Filter f);
 
-       protected abstract void doGetUser(String key, String value,
-                       List<DirectoryUser> collectedUsers);
-
        public void init() {
 
        }
@@ -121,23 +112,21 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        }
 
        boolean isEditing() {
-               if (editingTransactionXid == null)
-                       return false;
-               return workingCopy.get() != null;
-               // Object currentTrKey = syncRegistry.getTransactionKey();
-               // if (currentTrKey == null)
+               // if (editingTransactionXid == null)
                // return false;
-               // return editingTransactionKey.equals(currentTrKey);
+               // return workingCopy.get() != null;
+               return xaResource.wc() != null;
        }
 
-       protected WorkingCopy getWorkingCopy() {
-               WorkingCopy wc = workingCopy.get();
+       protected UserDirectoryWorkingCopy getWorkingCopy() {
+               // UserDirectoryWorkingCopy wc = workingCopy.get();
+               UserDirectoryWorkingCopy wc = xaResource.wc();
                if (wc == null)
                        return null;
-               if (wc.xid == null) {
-                       workingCopy.set(null);
-                       return null;
-               }
+               // if (wc.getXid() == null) {
+               // workingCopy.set(null);
+               // return null;
+               // }
                return wc;
        }
 
@@ -151,27 +140,30 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                if (transaction == null)
                        throw new UserDirectoryException(
                                        "A transaction needs to be active in order to edit");
-               if (editingTransactionXid == null) {
-                       WorkingCopy wc = new WorkingCopy();
+               if (xaResource.wc() == null) {
+                       // UserDirectoryWorkingCopy wc = new UserDirectoryWorkingCopy(this);
                        try {
-                               transaction.enlistResource(wc);
-                               editingTransactionXid = wc.getXid();
-                               workingCopy.set(wc);
+                               transaction.enlistResource(xaResource);
+                               // editingTransactionXid = wc.getXid();
+                               // workingCopy.set(wc);
                        } catch (Exception e) {
-                               throw new UserDirectoryException("Cannot enlist " + wc, e);
+                               throw new UserDirectoryException("Cannot enlist " + xaResource,
+                                               e);
                        }
                } else {
-                       if (workingCopy.get() == null)
-                               throw new UserDirectoryException("Transaction "
-                                               + editingTransactionXid + " already editing");
-                       else if (!editingTransactionXid.equals(workingCopy.get().getXid()))
-                               throw new UserDirectoryException("Working copy Xid "
-                                               + workingCopy.get().getXid() + " inconsistent with"
-                                               + editingTransactionXid);
+                       // UserDirectoryWorkingCopy wc = xaResource.wc();
+                       // if (wc == null)
+                       // throw new UserDirectoryException("Transaction "
+                       // + editingTransactionXid + " already editing");
+                       // else if
+                       // (!editingTransactionXid.equals(workingCopy.get().getXid()))
+                       // throw new UserDirectoryException("Working copy Xid "
+                       // + workingCopy.get().getXid() + " inconsistent with"
+                       // + editingTransactionXid);
                }
        }
 
-       List<Role> getAllRoles(User user) {
+       List<Role> getAllRoles(DirectoryUser user) {
                List<Role> allRoles = new ArrayList<Role>();
                if (user != null) {
                        collectRoles(user, allRoles);
@@ -181,9 +173,10 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                return allRoles;
        }
 
-       private void collectRoles(User user, List<Role> allRoles) {
-               for (Group group : getDirectGroups(user)) {
+       private void collectRoles(DirectoryUser user, List<Role> allRoles) {
+               for (LdapName groupDn : getDirectGroups(user.getDn())) {
                        // TODO check for loops
+                       DirectoryUser group = doGetRole(groupDn);
                        allRoles.add(group);
                        collectRoles(group, allRoles);
                }
@@ -196,13 +189,16 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        // USER ADMIN
        @Override
        public Role getRole(String name) {
-               LdapName key = toDn(name);
-               WorkingCopy wc = getWorkingCopy();
-               DirectoryUser user = daoGetRole(key);
+               return doGetRole(toDn(name));
+       }
+
+       protected DirectoryUser doGetRole(LdapName dn) {
+               UserDirectoryWorkingCopy wc = getWorkingCopy();
+               DirectoryUser user = daoGetRole(dn);
                if (wc != null) {
-                       if (user == null && wc.getNewUsers().containsKey(key))
-                               user = wc.getNewUsers().get(key);
-                       else if (wc.getDeletedUsers().containsKey(key))
+                       if (user == null && wc.getNewUsers().containsKey(dn))
+                               user = wc.getNewUsers().get(dn);
+                       else if (wc.getDeletedUsers().containsKey(dn))
                                user = null;
                }
                return user;
@@ -211,7 +207,7 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        @SuppressWarnings("unchecked")
        @Override
        public Role[] getRoles(String filter) throws InvalidSyntaxException {
-               WorkingCopy wc = getWorkingCopy();
+               UserDirectoryWorkingCopy wc = getWorkingCopy();
                Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
                List<DirectoryUser> res = doGetRoles(f);
                if (wc != null) {
@@ -254,9 +250,25 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                }
                if (collectedUsers.size() == 1)
                        return collectedUsers.get(0);
+               else if (collectedUsers.size() > 1)
+                       log.warn(collectedUsers.size() + " users for "
+                                       + (key != null ? key + "=" : "") + value);
                return null;
        }
 
+       protected void doGetUser(String key, String value,
+                       List<DirectoryUser> collectedUsers) {
+               try {
+                       Filter f = FrameworkUtil.createFilter("(&(" + objectClass + "="
+                                       + getUserObjectClass() + ")(" + key + "=" + value + "))");
+                       List<DirectoryUser> users = doGetRoles(f);
+                       collectedUsers.addAll(users);
+               } catch (InvalidSyntaxException e) {
+                       throw new UserDirectoryException("Cannot get user with " + key
+                                       + "=" + value, e);
+               }
+       }
+
        @Override
        public Authorization getAuthorization(User user) {
                return new LdifAuthorization((DirectoryUser) user,
@@ -266,7 +278,7 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        @Override
        public Role createRole(String name, int type) {
                checkEdit();
-               WorkingCopy wc = getWorkingCopy();
+               UserDirectoryWorkingCopy wc = getWorkingCopy();
                LdapName dn = toDn(name);
                if ((daoHasRole(dn) && !wc.getDeletedUsers().containsKey(dn))
                                || wc.getNewUsers().containsKey(dn))
@@ -315,33 +327,41 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
        @Override
        public boolean removeRole(String name) {
                checkEdit();
-               WorkingCopy wc = getWorkingCopy();
+               UserDirectoryWorkingCopy wc = getWorkingCopy();
                LdapName dn = toDn(name);
-               if (!daoHasRole(dn) && !wc.getNewUsers().containsKey(dn))
-                       return false;
-               DirectoryUser user = (DirectoryUser) getRole(name);
-               wc.getDeletedUsers().put(dn, user);
-               // FIXME clarify directgroups
-               for (DirectoryGroup group : getDirectGroups(user)) {
+               boolean actuallyDeleted;
+               if (daoHasRole(dn) || wc.getNewUsers().containsKey(dn)) {
+                       DirectoryUser user = (DirectoryUser) getRole(name);
+                       wc.getDeletedUsers().put(dn, user);
+                       actuallyDeleted = true;
+               } else {// just removing from groups (e.g. system roles)
+                       actuallyDeleted = false;
+               }
+               for (LdapName groupDn : getDirectGroups(dn)) {
+                       DirectoryUser group = doGetRole(groupDn);
                        group.getAttributes().get(getMemberAttributeId())
                                        .remove(dn.toString());
                }
-               return true;
+               return actuallyDeleted;
        }
 
        // TRANSACTION
-       protected void prepare(WorkingCopy wc) {
+       protected void prepare(UserDirectoryWorkingCopy wc) {
 
        }
 
-       protected void commit(WorkingCopy wc) {
+       protected void commit(UserDirectoryWorkingCopy wc) {
 
        }
 
-       protected void rollback(WorkingCopy wc) {
+       protected void rollback(UserDirectoryWorkingCopy wc) {
 
        }
 
+       // void clearEditingTransactionXid() {
+       // editingTransactionXid = null;
+       // }
+
        // UTILITIES
        protected LdapName toDn(String name) {
                try {
@@ -365,10 +385,6 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                return uri;
        }
 
-       protected void setUri(URI uri) {
-               this.uri = uri;
-       }
-
        protected List<String> getIndexedUserProperties() {
                return indexedUserProperties;
        }
@@ -377,22 +393,21 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                this.indexedUserProperties = indexedUserProperties;
        }
 
-       protected void setReadOnly(boolean isReadOnly) {
-               this.isReadOnly = isReadOnly;
-       }
-
        private static boolean readOnlyDefault(URI uri) {
                if (uri == null)
                        return true;
                if (uri.getScheme().equals("file")) {
                        File file = new File(uri);
-                       return !file.canWrite();
+                       if (file.exists())
+                               return !file.canWrite();
+                       else
+                               return !file.getParentFile().canWrite();
                }
                return true;
        }
 
        public boolean isReadOnly() {
-               return isReadOnly;
+               return readOnly;
        }
 
        UserAdmin getExternalRoles() {
@@ -423,156 +438,8 @@ abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
                this.transactionManager = transactionManager;
        }
 
-       //
-       // XA RESOURCE
-       //
-       protected class WorkingCopy implements XAResource {
-               private Xid xid;
-               private int transactionTimeout = 0;
-
-               private Map<LdapName, DirectoryUser> newUsers = new HashMap<LdapName, DirectoryUser>();
-               private Map<LdapName, Attributes> modifiedUsers = new HashMap<LdapName, Attributes>();
-               private Map<LdapName, DirectoryUser> deletedUsers = new HashMap<LdapName, DirectoryUser>();
-
-               @Override
-               public void start(Xid xid, int flags) throws XAException {
-                       if (editingTransactionXid != null)
-                               throw new UserDirectoryException("Transaction "
-                                               + editingTransactionXid + " already editing");
-                       this.xid = xid;
-               }
-
-               @Override
-               public void end(Xid xid, int flags) throws XAException {
-                       checkXid(xid);
-
-                       // clean collections
-                       newUsers.clear();
-                       newUsers = null;
-                       modifiedUsers.clear();
-                       modifiedUsers = null;
-                       deletedUsers.clear();
-                       deletedUsers = null;
-
-                       // clean IDs
-                       this.xid = null;
-                       editingTransactionXid = null;
-               }
-
-               @Override
-               public int prepare(Xid xid) throws XAException {
-                       checkXid(xid);
-                       if (noModifications())
-                               return XA_RDONLY;
-                       try {
-                               AbstractUserDirectory.this.prepare(this);
-                       } catch (Exception e) {
-                               log.error("Cannot prepare " + xid, e);
-                               throw new XAException(XAException.XA_RBOTHER);
-                       }
-                       return XA_OK;
-               }
-
-               @Override
-               public void commit(Xid xid, boolean onePhase) throws XAException {
-                       checkXid(xid);
-                       if (noModifications())
-                               return;
-                       try {
-                               if (onePhase)
-                                       AbstractUserDirectory.this.prepare(this);
-                               AbstractUserDirectory.this.commit(this);
-                       } catch (Exception e) {
-                               log.error("Cannot commit " + xid, e);
-                               throw new XAException(XAException.XA_RBOTHER);
-                       }
-               }
-
-               @Override
-               public void rollback(Xid xid) throws XAException {
-                       checkXid(xid);
-                       try {
-                               AbstractUserDirectory.this.rollback(this);
-                       } catch (Exception e) {
-                               log.error("Cannot rollback " + xid, e);
-                               throw new XAException(XAException.XA_HEURMIX);
-                       }
-               }
-
-               @Override
-               public void forget(Xid xid) throws XAException {
-                       throw new UnsupportedOperationException();
-               }
-
-               @Override
-               public boolean isSameRM(XAResource xares) throws XAException {
-                       return xares == this;
-               }
-
-               @Override
-               public Xid[] recover(int flag) throws XAException {
-                       throw new UnsupportedOperationException();
-               }
-
-               @Override
-               public int getTransactionTimeout() throws XAException {
-                       return transactionTimeout;
-               }
-
-               @Override
-               public boolean setTransactionTimeout(int seconds) throws XAException {
-                       transactionTimeout = seconds;
-                       return true;
-               }
-
-               private Xid getXid() {
-                       return xid;
-               }
-
-               private void checkXid(Xid xid) throws XAException {
-                       if (this.xid == null)
-                               throw new XAException(XAException.XAER_OUTSIDE);
-                       if (!this.xid.equals(xid))
-                               throw new XAException(XAException.XAER_NOTA);
-               }
-
-               @Override
-               protected void finalize() throws Throwable {
-                       if (editingTransactionXid != null)
-                               log.warn("Editing transaction still referenced but no working copy "
-                                               + editingTransactionXid);
-                       editingTransactionXid = null;
-               }
-
-               public boolean noModifications() {
-                       return newUsers.size() == 0 && modifiedUsers.size() == 0
-                                       && deletedUsers.size() == 0;
-               }
-
-               public Attributes getAttributes(LdapName dn) {
-                       if (modifiedUsers.containsKey(dn))
-                               return modifiedUsers.get(dn);
-                       return null;
-               }
-
-               public void startEditing(DirectoryUser user) {
-                       LdapName dn = user.getDn();
-                       if (modifiedUsers.containsKey(dn))
-                               throw new UserDirectoryException("Already editing " + dn);
-                       modifiedUsers.put(dn, (Attributes) user.getAttributes().clone());
-               }
-
-               public Map<LdapName, DirectoryUser> getNewUsers() {
-                       return newUsers;
-               }
-
-               public Map<LdapName, DirectoryUser> getDeletedUsers() {
-                       return deletedUsers;
-               }
-
-               public Map<LdapName, Attributes> getModifiedUsers() {
-                       return modifiedUsers;
-               }
-
+       public WcXaResource getXaResource() {
+               return xaResource;
        }
+
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi