package org.argeo.security.ui.admin.internal;
import java.security.AccessController;
-import java.security.Principal;
+import java.util.List;
+import java.util.Set;
+import javax.naming.InvalidNameException;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.transaction.Status;
import javax.transaction.UserTransaction;
import org.argeo.ArgeoException;
+import org.argeo.cms.auth.AuthConstants;
+import org.argeo.cms.auth.CurrentUser;
+import org.argeo.osgi.useradmin.LdifName;
+import org.argeo.security.ui.admin.internal.providers.UserTransactionProvider;
import org.eclipse.ui.IWorkbenchWindow;
import org.eclipse.ui.PlatformUI;
import org.eclipse.ui.services.ISourceProviderService;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
+import org.osgi.service.useradmin.UserAdmin;
/** First effort to centralize back end methods used by the user admin UI */
public class UiAdminUtils {
- public final static String getUsername() {
+
+ /** returns the local name of the current connected user */
+ public final static String getUsername(UserAdmin userAdmin) {
+ LdapName dn = getLdapName();
+ return getUsername(getUser(userAdmin, dn));
+ }
+
+ /** Returns true if the current user is in the specified role */
+ public static boolean isUserInRole(String role) {
+ Set<String> roles = CurrentUser.roles();
+ return roles.contains(role);
+ }
+
+ public final static boolean isCurrentUser(User user) {
+ String userName = getProperty(user, LdifName.dn.name());
+ try {
+ LdapName selfUserName = UiAdminUtils.getLdapName();
+ LdapName userLdapName = new LdapName(userName);
+ if (userLdapName.equals(selfUserName))
+ return true;
+ else
+ return false;
+ } catch (InvalidNameException e) {
+ throw new ArgeoException("User " + user + " has an unvalid dn: "
+ + userName, e);
+ }
+ }
+
+ public final static LdapName getLdapName() {
Subject subject = Subject.getSubject(AccessController.getContext());
- Principal principal = subject.getPrincipals(X500Principal.class)
- .iterator().next();
- return principal.getName();
+ String name = subject.getPrincipals(X500Principal.class).iterator()
+ .next().toString();
+ LdapName dn;
+ try {
+ dn = new LdapName(name);
+ } catch (InvalidNameException e) {
+ throw new ArgeoException("Invalid user dn " + name, e);
+ }
+ return dn;
+ }
+ public final static User getUser(UserAdmin userAdmin, LdapName dn) {
+ User user = userAdmin.getUser(LdifName.dn.name(), dn.toString());
+ return user;
}
public final static String getUsername(User user) {
- String cn = getProperty(user, UserAdminConstants.KEY_CN);
+ String cn = getProperty(user, LdifName.dn.name());
if (isEmpty(cn))
- cn = getProperty(user, UserAdminConstants.KEY_UID);
+ cn = getProperty(user, LdifName.uid.name());
return cn;
}
+ /** Simply retrieves a display name of the relevant domain */
+ public final static String getDomainName(User user) {
+ String dn = (String) user.getProperties().get(LdifName.dn.name());
+ if (dn.endsWith(AuthConstants.ROLES_BASEDN))
+ return "System roles";
+ try {
+ LdapName name;
+ name = new LdapName(dn);
+ List<Rdn> rdns = name.getRdns();
+ String dname = null;
+ int i = 0;
+ loop: while (i < rdns.size()) {
+ Rdn currrRdn = rdns.get(i);
+ if (!"dc".equals(currrRdn.getType()))
+ break loop;
+ else {
+ String currVal = (String) currrRdn.getValue();
+ dname = dname == null ? currVal : currVal + "." + dname;
+ }
+ i++;
+ }
+ return dname;
+ } catch (InvalidNameException e) {
+ throw new ArgeoException("Unable to get domain name for " + dn, e);
+ }
+ }
+
public final static String getProperty(Role role, String key) {
Object obj = role.getProperties().get(key);
if (obj != null)
.getService(ISourceProviderService.class);
UserTransactionProvider esp = (UserTransactionProvider) sourceProviderService
.getSourceProvider(UserTransactionProvider.TRANSACTION_STATE);
- esp.setUserTransaction(userTransaction);
esp.fireTransactionStateChange();
} catch (Exception e) {
throw new ArgeoException("Unable to begin transaction", e);