X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=58f6eb1face2b1c92a76fad634abeeb9db918adb;hb=4e5217621733b3f8b9c2427a688a18c68dbc1e5d;hp=7486e3ecf25b38685d6fe8d996ba573f6325ff07;hpb=3714331f776988facff3632d86ad3f6d6352220c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 7486e3ecf..58f6eb1fa 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -22,8 +22,6 @@ import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapName; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; @@ -34,12 +32,10 @@ import org.osgi.service.useradmin.User; * and an open transaction for write access. */ public class LdapUserAdmin extends AbstractUserDirectory { - private final static Log log = LogFactory.getLog(LdapUserAdmin.class); - private InitialLdapContext initialLdapContext = null; public LdapUserAdmin(Dictionary properties) { - super(properties); + super(null, properties); try { Hashtable connEnv = new Hashtable(); connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); @@ -74,24 +70,26 @@ public class LdapUserAdmin extends AbstractUserDirectory { // tls.close(); initialLdapContext.close(); } catch (NamingException e) { - log.error("Cannot destroy LDAP user admin", e); + e.printStackTrace(); } } - @SuppressWarnings("unchecked") @Override protected AbstractUserDirectory scope(User user) { Dictionary credentials = user.getCredentials(); - // FIXME use arrays String username = (String) credentials.get(SHARED_STATE_USERNAME); if (username == null) username = user.getName(); - // byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD); - // char[] password = DigestUtils.bytesToChars(pwd); Dictionary properties = cloneProperties(); properties.put(Context.SECURITY_PRINCIPAL, username.toString()); - // properties.put(Context.SECURITY_CREDENTIALS, password); - properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + Object pwdCred = credentials.get(SHARED_STATE_PASSWORD); + byte[] pwd = (byte[]) pwdCred; + if (pwd != null) { + char[] password = DigestUtils.bytesToChars(pwd); + properties.put(Context.SECURITY_CREDENTIALS, new String(password)); + } else { + properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + } return new LdapUserAdmin(properties); } @@ -101,11 +99,15 @@ public class LdapUserAdmin extends AbstractUserDirectory { @Override protected Boolean daoHasRole(LdapName dn) { - return daoGetRole(dn) != null; + try { + return daoGetRole(dn) != null; + } catch (NameNotFoundException e) { + return false; + } } @Override - protected DirectoryUser daoGetRole(LdapName name) { + protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException { try { Attributes attrs = getLdapContext().getAttributes(name); if (attrs.size() == 0) @@ -119,8 +121,9 @@ public class LdapUserAdmin extends AbstractUserDirectory { else throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; + } catch (NameNotFoundException e) { + throw e; } catch (NamingException e) { - log.error("Cannot get role: " + name, e); return null; } } @@ -151,7 +154,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { || objectClassAttr.contains(getUserObjectClass().toLowerCase())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " + searchResult.getName()); +// log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role);