X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=4613ef5289fbb331ecc61e8d982c93c6d3e41c87;hb=ea63d7d123a50ff10657946ce3d928a57944621d;hp=608a1f7518edd88eae8450c6e3f2e8fccac51167;hpb=9a9418f4c0df975756de3093df71d757c72a386d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index 608a1f751..4613ef528 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -5,85 +5,57 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Dictionary;
-import java.util.LinkedHashMap;
+import java.util.Hashtable;
 import java.util.List;
-import java.util.Map;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
-import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
+import javax.transaction.TransactionManager;
 
 import org.apache.commons.io.IOUtils;
 import org.osgi.framework.Filter;
 import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.User;
 
-/** User admin implementation using LDIF file(s) as backend. */
+/**
+ * A user admin based on a LDIF files. Requires a {@link TransactionManager} and
+ * an open transaction for write access.
+ */
 public class LdifUserAdmin extends AbstractUserDirectory {
-	SortedMap<LdapName, DirectoryUser> users = new TreeMap<LdapName, DirectoryUser>();
-	SortedMap<LdapName, DirectoryGroup> groups = new TreeMap<LdapName, DirectoryGroup>();
-
-	private Map<String, Map<String, DirectoryUser>> userIndexes = new LinkedHashMap<String, Map<String, DirectoryUser>>();
-
-	// private Map<LdapName, List<LdifGroup>> directMemberOf = new
-	// TreeMap<LdapName, List<LdifGroup>>();
-
-	public LdifUserAdmin(String uri) {
-		this(uri, readOnlyDefault(uri));
-	}
-
-	public LdifUserAdmin(String uri, boolean isReadOnly) {
-		setReadOnly(isReadOnly);
-		try {
-			setUri(new URI(uri));
-		} catch (URISyntaxException e) {
-			throw new UserDirectoryException("Invalid URI " + uri, e);
-		}
-
-		if (!isReadOnly && !getUri().getScheme().equals("file"))
-			throw new UnsupportedOperationException(getUri().getScheme()
-					+ " not supported read-write.");
+	private SortedMap<LdapName, DirectoryUser> users = new TreeMap<LdapName, DirectoryUser>();
+	private SortedMap<LdapName, DirectoryGroup> groups = new TreeMap<LdapName, DirectoryGroup>();
 
+	public LdifUserAdmin(String uri, String baseDn) {
+		this(fromUri(uri, baseDn));
 	}
 
-	public LdifUserAdmin(URI uri, boolean isReadOnly) {
-		setReadOnly(isReadOnly);
-		setUri(uri);
-		if (!isReadOnly && !getUri().getScheme().equals("file"))
-			throw new UnsupportedOperationException(getUri().getScheme()
-					+ " not supported read-write.");
-
+	public LdifUserAdmin(Dictionary<String, ?> properties) {
+		super(properties);
 	}
 
 	public LdifUserAdmin(InputStream in) {
+		super(new Hashtable<String, Object>());
 		load(in);
-		setReadOnly(true);
-		setUri(null);
 	}
 
-	private static boolean readOnlyDefault(String uriStr) {
-		URI uri;
-		try {
-			uri = new URI(uriStr);
-		} catch (Exception e) {
-			throw new UserDirectoryException("Invalid URI " + uriStr, e);
-		}
-		if (uri.getScheme().equals("file")) {
-			File file = new File(uri);
-			return !file.canWrite();
-		}
-		return true;
+	private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
+		Hashtable<String, Object> res = new Hashtable<String, Object>();
+		res.put(UserAdminConf.uri.property(), uri);
+		res.put(UserAdminConf.baseDn.property(), baseDn);
+		return res;
 	}
 
 	public void init() {
 		try {
+			if (getUri().getScheme().equals("file")) {
+				File file = new File(getUri());
+				if (!file.exists())
+					return;
+			}
 			load(getUri().toURL().openStream());
 		} catch (Exception e) {
 			throw new UserDirectoryException("Cannot open URL " + getUri(), e);
@@ -91,8 +63,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	}
 
 	public void save() {
-		if (getUri() == null || isReadOnly())
-			throw new UserDirectoryException("Cannot save LDIF user admin");
+		if (getUri() == null)
+			throw new UserDirectoryException(
+					"Cannot save LDIF user admin: no URI is set");
+		if (isReadOnly())
+			throw new UserDirectoryException("Cannot save LDIF user admin: "
+					+ getUri() + " is read-only");
 		try (FileOutputStream out = new FileOutputStream(new File(getUri()))) {
 			save(out);
 		} catch (IOException e) {
@@ -135,30 +111,6 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 					}
 				}
 			}
-
-			// optimise
-			// for (LdifGroup group : groups.values())
-			// loadMembers(group);
-
-			// indexes
-			for (String attr : getIndexedUserProperties())
-				userIndexes.put(attr, new TreeMap<String, DirectoryUser>());
-
-			for (DirectoryUser user : users.values()) {
-				Dictionary<String, Object> properties = user.getProperties();
-				for (String attr : getIndexedUserProperties()) {
-					Object value = properties.get(attr);
-					if (value != null) {
-						DirectoryUser otherUser = userIndexes.get(attr).put(
-								value.toString(), user);
-						if (otherUser != null)
-							throw new UserDirectoryException("User " + user
-									+ " and user " + otherUser
-									+ " both have property " + attr
-									+ " set to " + value);
-					}
-				}
-			}
 		} catch (Exception e) {
 			throw new UserDirectoryException(
 					"Cannot load user admin service from LDIF", e);
@@ -184,25 +136,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 		return users.containsKey(dn) || groups.containsKey(dn);
 	}
 
-	// @Override
-	// public boolean removeRole(String name) {
-	// LdapName dn = toDn(name);
-	// LdifUser role = null;
-	// if (users.containsKey(dn))
-	// role = users.remove(dn);
-	// else if (groups.containsKey(dn))
-	// role = groups.remove(dn);
-	// else
-	// throw new UserDirectoryException("There is no role " + name);
-	// if (role == null)
-	// return false;
-	// for (LdifGroup group : getDirectGroups(role)) {
-	// group.getAttributes().get(getMemberAttributeId())
-	// .remove(dn.toString());
-	// }
-	// return true;
-	// }
-
+	@SuppressWarnings("unchecked")
 	protected List<DirectoryUser> doGetRoles(Filter f) {
 		ArrayList<DirectoryUser> res = new ArrayList<DirectoryUser>();
 		if (f == null) {
@@ -220,32 +154,13 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 		return res;
 	}
 
-	protected void doGetUser(String key, String value,
-			List<DirectoryUser> collectedUsers) {
-		assert key != null;
-		DirectoryUser user = userIndexes.get(key).get(value);
-		if (user != null)
-			collectedUsers.add(user);
-	}
-
 	@Override
-	protected List<DirectoryGroup> getDirectGroups(User user) {
-		LdapName dn;
-		if (user instanceof LdifUser)
-			dn = ((LdifUser) user).getDn();
-		else
-			try {
-				dn = new LdapName(user.getName());
-			} catch (InvalidNameException e) {
-				throw new UserDirectoryException("Badly formatted user name "
-						+ user.getName(), e);
-			}
-
-		List<DirectoryGroup> directGroups = new ArrayList<DirectoryGroup>();
+	protected List<LdapName> getDirectGroups(LdapName dn) {
+		List<LdapName> directGroups = new ArrayList<LdapName>();
 		for (LdapName name : groups.keySet()) {
 			DirectoryGroup group = groups.get(name);
 			if (group.getMemberNames().contains(dn))
-				directGroups.add(group);
+				directGroups.add(group.getDn());
 		}
 		return directGroups;
 	}