X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=521ae8bb6e89916c6b88ea490767658e8b3012fa;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=a03a25f09e5ce58fc21208f9817608d75df54fdb;hpb=268e023a9de5db2549431a4415e584ac68a4f98b;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index a03a25f09..521ae8bb6 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -1,5 +1,8 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.LdifName.inetOrgPerson;
+import static org.argeo.osgi.useradmin.LdifName.objectClass;
+
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -7,8 +10,10 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.Dictionary;
+import java.util.HashSet;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.Set;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
@@ -17,7 +22,8 @@ import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
 import javax.transaction.TransactionManager;
 
-import org.apache.commons.io.IOUtils;
+import org.argeo.util.naming.LdifParser;
+import org.argeo.util.naming.LdifWriter;
 import org.osgi.framework.Filter;
 import org.osgi.service.useradmin.Role;
 
@@ -40,14 +46,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	public LdifUserAdmin(InputStream in) {
 		super(new Hashtable<String, Object>());
 		load(in);
-		setReadOnly(true);
-		setUri(null);
 	}
 
 	private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
 		Hashtable<String, Object> res = new Hashtable<String, Object>();
-		res.put(UserAdminConf.uri.property(), uri);
-		res.put(UserAdminConf.baseDn.property(), baseDn);
+		res.put(UserAdminConf.uri.name(), uri);
+		res.put(UserAdminConf.baseDn.name(), baseDn);
 		return res;
 	}
 
@@ -65,13 +69,14 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	}
 
 	public void save() {
-		if (getUri() == null || isReadOnly())
-			throw new UserDirectoryException("Cannot save LDIF user admin");
+		if (getUri() == null)
+			throw new UserDirectoryException("Cannot save LDIF user admin: no URI is set");
+		if (isReadOnly())
+			throw new UserDirectoryException("Cannot save LDIF user admin: " + getUri() + " is read-only");
 		try (FileOutputStream out = new FileOutputStream(new File(getUri()))) {
 			save(out);
 		} catch (IOException e) {
-			throw new UserDirectoryException("Cannot save user admin to "
-					+ getUri(), e);
+			throw new UserDirectoryException("Cannot save user admin to " + getUri(), e);
 		}
 	}
 
@@ -83,7 +88,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			for (LdapName name : users.keySet())
 				ldifWriter.writeEntry(name, users.get(name).getAttributes());
 		} finally {
-			IOUtils.closeQuietly(out);
+			out.close();
 		}
 	}
 
@@ -96,26 +101,39 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			SortedMap<LdapName, Attributes> allEntries = ldifParser.read(in);
 			for (LdapName key : allEntries.keySet()) {
 				Attributes attributes = allEntries.get(key);
-				NamingEnumeration<?> objectClasses = attributes.get(
-						"objectClass").getAll();
+				// check for inconsistency
+				Set<String> lowerCase = new HashSet<String>();
+				NamingEnumeration<String> ids = attributes.getIDs();
+				while (ids.hasMoreElements()) {
+					String id = ids.nextElement().toLowerCase();
+					if (lowerCase.contains(id))
+						throw new UserDirectoryException(key + " has duplicate id " + id);
+					lowerCase.add(id);
+				}
+
+				// analyse object classes
+				NamingEnumeration<?> objectClasses = attributes.get(objectClass.name()).getAll();
+				// System.out.println(key);
 				objectClasses: while (objectClasses.hasMore()) {
 					String objectClass = objectClasses.next().toString();
-					if (objectClass.equals("inetOrgPerson")) {
+					// System.out.println(" " + objectClass);
+					if (objectClass.equals(inetOrgPerson.name())) {
 						users.put(key, new LdifUser(this, key, attributes));
 						break objectClasses;
-					} else if (objectClass.equals("groupOfNames")) {
+					} else if (objectClass.equals(getGroupObjectClass())) {
 						groups.put(key, new LdifGroup(this, key, attributes));
 						break objectClasses;
 					}
 				}
 			}
 		} catch (Exception e) {
-			throw new UserDirectoryException(
-					"Cannot load user admin service from LDIF", e);
+			throw new UserDirectoryException("Cannot load user admin service from LDIF", e);
 		}
 	}
 
 	public void destroy() {
+		if (users == null || groups == null)
+			throw new UserDirectoryException("User directory " + getBaseDn() + " is already destroyed");
 		users.clear();
 		users = null;
 		groups.clear();
@@ -141,10 +159,17 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			res.addAll(users.values());
 			res.addAll(groups.values());
 		} else {
-			// Filter f = FrameworkUtil.createFilter(filter);
-			for (DirectoryUser user : users.values())
+			for (DirectoryUser user : users.values()) {
+				// System.out.println("\n" + user.getName());
+				// Dictionary<String, Object> props = user.getProperties();
+				// for (Enumeration<String> keys = props.keys(); keys
+				// .hasMoreElements();) {
+				// String key = keys.nextElement();
+				// System.out.println(" " + key + "=" + props.get(key));
+				// }
 				if (f.match(user.getProperties()))
 					res.add(user);
+			}
 			for (DirectoryUser group : groups.values())
 				if (f.match(group.getProperties()))
 					res.add(group);
@@ -164,7 +189,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	}
 
 	@Override
-	protected void prepare(WorkingCopy wc) {
+	protected void prepare(UserDirectoryWorkingCopy wc) {
 		// delete
 		for (LdapName dn : wc.getDeletedUsers().keySet()) {
 			if (users.containsKey(dn))
@@ -172,19 +197,19 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			else if (groups.containsKey(dn))
 				groups.remove(dn);
 			else
-				throw new UserDirectoryException("User to delete no found "
-						+ dn);
+				throw new UserDirectoryException("User to delete not found " + dn);
 		}
 		// add
 		for (LdapName dn : wc.getNewUsers().keySet()) {
 			DirectoryUser user = wc.getNewUsers().get(dn);
-			if (Role.USER == user.getType())
+			if (users.containsKey(dn) || groups.containsKey(dn))
+				throw new UserDirectoryException("User to create found " + dn);
+			else if (Role.USER == user.getType())
 				users.put(dn, user);
 			else if (Role.GROUP == user.getType())
 				groups.put(dn, (DirectoryGroup) user);
 			else
-				throw new UserDirectoryException("Unsupported role type "
-						+ user.getType() + " for new user " + dn);
+				throw new UserDirectoryException("Unsupported role type " + user.getType() + " for new user " + dn);
 		}
 		// modify
 		for (LdapName dn : wc.getModifiedUsers().keySet()) {
@@ -195,19 +220,18 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			else if (groups.containsKey(dn))
 				user = groups.get(dn);
 			else
-				throw new UserDirectoryException("User to modify no found "
-						+ dn);
+				throw new UserDirectoryException("User to modify no found " + dn);
 			user.publishAttributes(modifiedAttrs);
 		}
 	}
 
 	@Override
-	protected void commit(WorkingCopy wc) {
+	protected void commit(UserDirectoryWorkingCopy wc) {
 		save();
 	}
 
 	@Override
-	protected void rollback(WorkingCopy wc) {
+	protected void rollback(UserDirectoryWorkingCopy wc) {
 		init();
 	}