X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=69affd25a2b160d8c1f154e883a4e11fb6fcc547;hb=fb22feb37b0c2340d3d846dce4b6f47d0f728efb;hp=f1132a64260a1ebca5d9e41011aa79ff195442f4;hpb=6a62c05a487ba34946b1924a039603e68b1d54e6;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index f1132a642..69affd25a 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -29,17 +29,16 @@ import javax.transaction.TransactionManager; import org.apache.commons.httpclient.auth.AuthPolicy; import org.apache.commons.httpclient.auth.CredentialsProvider; -import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.params.DefaultHttpParams; import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.commons.httpclient.params.HttpParams; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.api.NodeConstants; import org.argeo.cms.CmsException; import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; import org.argeo.naming.DnsBrowser; -import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.AbstractUserDirectory; import org.argeo.osgi.useradmin.AggregatingUserAdmin; import org.argeo.osgi.useradmin.LdapUserAdmin; @@ -62,9 +61,6 @@ import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.UserAdmin; import org.osgi.util.tracker.ServiceTracker; -import bitronix.tm.BitronixTransactionManager; -import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer; - /** * Aggregates multiple {@link UserDirectory} and integrates them with system * roles. @@ -76,20 +72,21 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // OSGi private Map pidToBaseDn = new HashMap<>(); private Map> pidToServiceRegs = new HashMap<>(); - private ServiceRegistration userAdminReg; +// private ServiceRegistration userAdminReg; // JTA private final ServiceTracker tmTracker; - private final String cacheName = UserDirectory.class.getName(); + // private final String cacheName = UserDirectory.class.getName(); // GSS API private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH); private GSSCredential acceptorCredentials; private boolean singleUser = false; +// private boolean systemRolesAvailable = false; - public NodeUserAdmin(String systemRolesBaseDn) { - super(systemRolesBaseDn); + public NodeUserAdmin(String systemRolesBaseDn, String tokensBaseDn) { + super(systemRolesBaseDn, tokensBaseDn); tmTracker = new ServiceTracker<>(bc, TransactionManager.class, null); tmTracker.open(); } @@ -138,15 +135,29 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled." + (realm != null ? " " + realm + " realm." : "")); - if (!isSystemRolesBaseDn(baseDn)) { - if (userAdminReg != null) - userAdminReg.unregister(); - // register self as main user admin - Dictionary userAdminregProps = currentState(); + if (isSystemRolesBaseDn(baseDn)) { + // publishes only when system roles are available + Dictionary userAdminregProps = new Hashtable<>(); userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT); userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE); - userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps); + bc.registerService(UserAdmin.class, this, userAdminregProps); } + +// if (isSystemRolesBaseDn(baseDn)) +// systemRolesAvailable = true; +// +// // start publishing only when system roles are available +// if (systemRolesAvailable) { +// // The list of baseDns is published as properties +// // TODO clients should rather reference USerDirectory services +// if (userAdminReg != null) +// userAdminReg.unregister(); +// // register self as main user admin +// Dictionary userAdminregProps = currentState(); +// userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT); +// userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE); +// userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps); +// } } @Override @@ -162,14 +173,12 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor public String getName() { return "Node User Admin"; } - - @Override protected void addAbstractSystemRoles(Authorization rawAuthorization, Set sysRoles) { - if(rawAuthorization.getName()==null) { + if (rawAuthorization.getName() == null) { sysRoles.add(NodeConstants.ROLE_ANONYMOUS); - }else { + } else { sysRoles.add(NodeConstants.ROLE_USER); } } @@ -180,8 +189,8 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor if (tm == null) throw new CmsException("A JTA transaction manager must be available."); userDirectory.setTransactionManager(tm); - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -215,14 +224,14 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // schemes.add(AuthPolicy.BASIC);// incompatible with Basic params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes); params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider()); - params.setParameter(HttpMethodParams.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY); + params.setParameter(HttpMethodParams.COOKIE_POLICY, KernelConstants.COOKIE_POLICY_BROWSER_COMPATIBILITY); // params.setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); } } protected void preDestroy(AbstractUserDirectory userDirectory) { - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -247,7 +256,7 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor boolean consistentIp = localhost.getHostAddress().equals(ipfromDns); String kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT"); if (consistentIp && kerberosDomain != null && kerberosDomain.equals(realm) && Files.exists(nodeKeyTab)) { - return NodeHttp.DEFAULT_SERVICE + "/" + hostname + "@" + kerberosDomain; + return KernelConstants.DEFAULT_KERBEROS_SERVICE + "/" + hostname + "@" + kerberosDomain; } else return null; } catch (Exception e) {