X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=69affd25a2b160d8c1f154e883a4e11fb6fcc547;hb=fb22feb37b0c2340d3d846dce4b6f47d0f728efb;hp=d1d4721389bcad5ab05acd536a6e5c60ec8ae216;hpb=0e17ab40fd2df40dcfacc414ef8fe2d4503dbbfa;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index d1d472138..69affd25a 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -34,11 +34,11 @@ import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.commons.httpclient.params.HttpParams; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.api.NodeConstants; import org.argeo.cms.CmsException; import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; import org.argeo.naming.DnsBrowser; -import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.AbstractUserDirectory; import org.argeo.osgi.useradmin.AggregatingUserAdmin; import org.argeo.osgi.useradmin.LdapUserAdmin; @@ -61,9 +61,6 @@ import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.UserAdmin; import org.osgi.util.tracker.ServiceTracker; -import bitronix.tm.BitronixTransactionManager; -import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer; - /** * Aggregates multiple {@link UserDirectory} and integrates them with system * roles. @@ -75,20 +72,21 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // OSGi private Map pidToBaseDn = new HashMap<>(); private Map> pidToServiceRegs = new HashMap<>(); - private ServiceRegistration userAdminReg; +// private ServiceRegistration userAdminReg; // JTA private final ServiceTracker tmTracker; - private final String cacheName = UserDirectory.class.getName(); + // private final String cacheName = UserDirectory.class.getName(); // GSS API private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH); private GSSCredential acceptorCredentials; private boolean singleUser = false; +// private boolean systemRolesAvailable = false; - public NodeUserAdmin(String systemRolesBaseDn) { - super(systemRolesBaseDn); + public NodeUserAdmin(String systemRolesBaseDn, String tokensBaseDn) { + super(systemRolesBaseDn, tokensBaseDn); tmTracker = new ServiceTracker<>(bc, TransactionManager.class, null); tmTracker.open(); } @@ -138,14 +136,28 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor + (realm != null ? " " + realm + " realm." : "")); if (isSystemRolesBaseDn(baseDn)) { - if (userAdminReg != null) - userAdminReg.unregister(); - // register self as main user admin - Dictionary userAdminregProps = currentState(); + // publishes only when system roles are available + Dictionary userAdminregProps = new Hashtable<>(); userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT); userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE); - userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps); + bc.registerService(UserAdmin.class, this, userAdminregProps); } + +// if (isSystemRolesBaseDn(baseDn)) +// systemRolesAvailable = true; +// +// // start publishing only when system roles are available +// if (systemRolesAvailable) { +// // The list of baseDns is published as properties +// // TODO clients should rather reference USerDirectory services +// if (userAdminReg != null) +// userAdminReg.unregister(); +// // register self as main user admin +// Dictionary userAdminregProps = currentState(); +// userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT); +// userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE); +// userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps); +// } } @Override @@ -177,8 +189,8 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor if (tm == null) throw new CmsException("A JTA transaction manager must be available."); userDirectory.setTransactionManager(tm); - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -218,8 +230,8 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor } protected void preDestroy(AbstractUserDirectory userDirectory) { - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -244,7 +256,7 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor boolean consistentIp = localhost.getHostAddress().equals(ipfromDns); String kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT"); if (consistentIp && kerberosDomain != null && kerberosDomain.equals(realm) && Files.exists(nodeKeyTab)) { - return NodeHttp.DEFAULT_SERVICE + "/" + hostname + "@" + kerberosDomain; + return KernelConstants.DEFAULT_KERBEROS_SERVICE + "/" + hostname + "@" + kerberosDomain; } else return null; } catch (Exception e) {