X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=7a617dfd6115ee3012717ad60276f040b5bb87ed;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=73dc510eccae80b2a1702564f518aecee8a5242c;hpb=13f4c2a07b6913bc8248bcba82c073873ebaae55;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 73dc510ec..7a617dfd6 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -10,6 +10,7 @@ import java.util.List; import javax.naming.Binding; import javax.naming.Context; import javax.naming.InvalidNameException; +import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -23,7 +24,6 @@ import javax.transaction.TransactionManager; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.argeo.ArgeoException; import org.osgi.framework.Filter; /** @@ -39,26 +39,21 @@ public class LdapUserAdmin extends AbstractUserDirectory { super(properties); try { Hashtable connEnv = new Hashtable(); - connEnv.put(Context.INITIAL_CONTEXT_FACTORY, - "com.sun.jndi.ldap.LdapCtxFactory"); + connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); connEnv.put(Context.PROVIDER_URL, getUri().toString()); - connEnv.put("java.naming.ldap.attributes.binary", - LdifName.userPassword.name()); + connEnv.put("java.naming.ldap.attributes.binary", LdifName.userPassword.name()); initialLdapContext = new InitialLdapContext(connEnv, null); // StartTlsResponse tls = (StartTlsResponse) ctx // .extendedOperation(new StartTlsRequest()); // tls.negotiate(); - initialLdapContext.addToEnvironment( - Context.SECURITY_AUTHENTICATION, "simple"); + initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { - initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, - principal.toString()); + initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); Object creds = properties.get(Context.SECURITY_CREDENTIALS); if (creds != null) { - initialLdapContext.addToEnvironment( - Context.SECURITY_CREDENTIALS, creds.toString()); + initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, creds.toString()); } } @@ -98,30 +93,27 @@ public class LdapUserAdmin extends AbstractUserDirectory { LdifUser res; if (attrs.get(objectClass.name()).contains(getGroupObjectClass())) res = new LdifGroup(this, name, attrs); - else if (attrs.get(objectClass.name()).contains( - getUserObjectClass())) + else if (attrs.get(objectClass.name()).contains(getUserObjectClass())) res = new LdifUser(this, name, attrs); else - throw new UserDirectoryException("Unsupported LDAP type for " - + name); + throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; } catch (NamingException e) { - throw new UserDirectoryException("Cannot get role for " + name, e); + return null; } } @Override protected List doGetRoles(Filter f) { try { - String searchFilter = f != null ? f.toString() : "(|(" - + objectClass + "=" + getUserObjectClass() + ")(" - + objectClass + "=" + getGroupObjectClass() + "))"; + String searchFilter = f != null ? f.toString() + : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" + objectClass + "=" + + getGroupObjectClass() + "))"; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); - String searchBase = getBaseDn(); - NamingEnumeration results = getLdapContext().search( - searchBase, searchFilter, searchControls); + LdapName searchBase = getBaseDn(); + NamingEnumeration results = getLdapContext().search(searchBase, searchFilter, searchControls); ArrayList res = new ArrayList(); results: while (results.hasMoreElements()) { @@ -135,49 +127,41 @@ public class LdapUserAdmin extends AbstractUserDirectory { else if (objectClassAttr.contains(getUserObjectClass())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " - + searchResult.getName()); + log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role); } return res; } catch (Exception e) { - throw new UserDirectoryException( - "Cannot get roles for filter " + f, e); + throw new UserDirectoryException("Cannot get roles for filter " + f, e); } } - private LdapName toDn(String baseDn, Binding binding) - throws InvalidNameException { - return new LdapName(binding.isRelative() ? binding.getName() + "," - + baseDn : binding.getName()); + private LdapName toDn(LdapName baseDn, Binding binding) throws InvalidNameException { + return new LdapName(binding.isRelative() ? binding.getName() + "," + baseDn : binding.getName()); } @Override protected List getDirectGroups(LdapName dn) { List directGroups = new ArrayList(); try { - String searchFilter = "(&(" + objectClass + "=" - + getGroupObjectClass() + ")(" + getMemberAttributeId() + String searchFilter = "(&(" + objectClass + "=" + getGroupObjectClass() + ")(" + getMemberAttributeId() + "=" + dn + "))"; SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); - String searchBase = getBaseDn(); - NamingEnumeration results = getLdapContext().search( - searchBase, searchFilter, searchControls); + LdapName searchBase = getBaseDn(); + NamingEnumeration results = getLdapContext().search(searchBase, searchFilter, searchControls); while (results.hasMoreElements()) { - SearchResult searchResult = (SearchResult) results - .nextElement(); + SearchResult searchResult = (SearchResult) results.nextElement(); directGroups.add(toDn(searchBase, searchResult)); } return directGroups; } catch (Exception e) { - throw new ArgeoException("Cannot populate direct members of " + dn, - e); + throw new UserDirectoryException("Cannot populate direct members of " + dn, e); } } @@ -188,20 +172,17 @@ public class LdapUserAdmin extends AbstractUserDirectory { // delete for (LdapName dn : wc.getDeletedUsers().keySet()) { if (!entryExists(dn)) - throw new UserDirectoryException("User to delete no found " - + dn); + throw new UserDirectoryException("User to delete no found " + dn); } // add for (LdapName dn : wc.getNewUsers().keySet()) { - if (!entryExists(dn)) - throw new UserDirectoryException("User to create found " - + dn); + if (entryExists(dn)) + throw new UserDirectoryException("User to create found " + dn); } // modify for (LdapName dn : wc.getModifiedUsers().keySet()) { - if (!entryExists(dn)) - throw new UserDirectoryException("User to modify no found " - + dn); + if (!wc.getNewUsers().containsKey(dn) && !entryExists(dn)) + throw new UserDirectoryException("User to modify not found " + dn); } } catch (NamingException e) { throw new UserDirectoryException("Cannot prepare LDAP", e); @@ -209,7 +190,11 @@ public class LdapUserAdmin extends AbstractUserDirectory { } private boolean entryExists(LdapName dn) throws NamingException { - return getLdapContext().getAttributes(dn).size() != 0; + try { + return getLdapContext().getAttributes(dn).size() != 0; + } catch (NameNotFoundException e) { + return false; + } } @Override @@ -227,8 +212,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { // modify for (LdapName dn : wc.getModifiedUsers().keySet()) { Attributes modifiedAttrs = wc.getModifiedUsers().get(dn); - getLdapContext().modifyAttributes(dn, - DirContext.REPLACE_ATTRIBUTE, modifiedAttrs); + getLdapContext().modifyAttributes(dn, DirContext.REPLACE_ATTRIBUTE, modifiedAttrs); } } catch (NamingException e) { throw new UserDirectoryException("Cannot commit LDAP", e);