X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=58f6eb1face2b1c92a76fad634abeeb9db918adb;hb=4e5217621733b3f8b9c2427a688a18c68dbc1e5d;hp=7a617dfd6115ee3012717ad60276f040b5bb87ed;hpb=e66b9893b0e511f8ab295e3cee42b7dc966f1597;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 7a617dfd6..58f6eb1fa 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -1,6 +1,6 @@ package org.argeo.osgi.useradmin; -import static org.argeo.osgi.useradmin.LdifName.objectClass; +import static org.argeo.naming.LdapAttrs.objectClass; import java.util.ArrayList; import java.util.Dictionary; @@ -22,32 +22,35 @@ import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapName; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; +import org.osgi.service.useradmin.Role; +import org.osgi.service.useradmin.User; /** * A user admin based on a LDAP server. Requires a {@link TransactionManager} * and an open transaction for write access. */ public class LdapUserAdmin extends AbstractUserDirectory { - private final static Log log = LogFactory.getLog(LdapUserAdmin.class); - private InitialLdapContext initialLdapContext = null; public LdapUserAdmin(Dictionary properties) { - super(properties); + super(null, properties); try { Hashtable connEnv = new Hashtable(); connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); connEnv.put(Context.PROVIDER_URL, getUri().toString()); - connEnv.put("java.naming.ldap.attributes.binary", LdifName.userPassword.name()); + connEnv.put("java.naming.ldap.attributes.binary", LdapAttrs.userPassword.name()); initialLdapContext = new InitialLdapContext(connEnv, null); // StartTlsResponse tls = (StartTlsResponse) ctx // .extendedOperation(new StartTlsRequest()); // tls.negotiate(); - initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); + Object securityAuthentication = properties.get(Context.SECURITY_AUTHENTICATION); + if (securityAuthentication != null) + initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, securityAuthentication); + else + initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); @@ -57,10 +60,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { } } - // initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, - // "uid=admin,ou=system"); - // initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, - // "secret"); } catch (Exception e) { throw new UserDirectoryException("Cannot connect to LDAP", e); } @@ -71,8 +70,27 @@ public class LdapUserAdmin extends AbstractUserDirectory { // tls.close(); initialLdapContext.close(); } catch (NamingException e) { - log.error("Cannot destroy LDAP user admin", e); + e.printStackTrace(); + } + } + + @Override + protected AbstractUserDirectory scope(User user) { + Dictionary credentials = user.getCredentials(); + String username = (String) credentials.get(SHARED_STATE_USERNAME); + if (username == null) + username = user.getName(); + Dictionary properties = cloneProperties(); + properties.put(Context.SECURITY_PRINCIPAL, username.toString()); + Object pwdCred = credentials.get(SHARED_STATE_PASSWORD); + byte[] pwd = (byte[]) pwdCred; + if (pwd != null) { + char[] password = DigestUtils.bytesToChars(pwd); + properties.put(Context.SECURITY_CREDENTIALS, new String(password)); + } else { + properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); } + return new LdapUserAdmin(properties); } protected InitialLdapContext getLdapContext() { @@ -81,23 +99,30 @@ public class LdapUserAdmin extends AbstractUserDirectory { @Override protected Boolean daoHasRole(LdapName dn) { - return daoGetRole(dn) != null; + try { + return daoGetRole(dn) != null; + } catch (NameNotFoundException e) { + return false; + } } @Override - protected DirectoryUser daoGetRole(LdapName name) { + protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException { try { Attributes attrs = getLdapContext().getAttributes(name); if (attrs.size() == 0) return null; + int roleType = roleType(name); LdifUser res; - if (attrs.get(objectClass.name()).contains(getGroupObjectClass())) + if (roleType == Role.GROUP) res = new LdifGroup(this, name, attrs); - else if (attrs.get(objectClass.name()).contains(getUserObjectClass())) + else if (roleType == Role.USER) res = new LdifUser(this, name, attrs); else throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; + } catch (NameNotFoundException e) { + throw e; } catch (NamingException e) { return null; } @@ -122,12 +147,14 @@ public class LdapUserAdmin extends AbstractUserDirectory { Attribute objectClassAttr = attrs.get(objectClass.name()); LdapName dn = toDn(searchBase, searchResult); LdifUser role; - if (objectClassAttr.contains(getGroupObjectClass())) + if (objectClassAttr.contains(getGroupObjectClass()) + || objectClassAttr.contains(getGroupObjectClass().toLowerCase())) role = new LdifGroup(this, dn, attrs); - else if (objectClassAttr.contains(getUserObjectClass())) + else if (objectClassAttr.contains(getUserObjectClass()) + || objectClassAttr.contains(getUserObjectClass().toLowerCase())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " + searchResult.getName()); +// log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role);