X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=521ae8bb6e89916c6b88ea490767658e8b3012fa;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=ee7128a45108e879530f880b92f8453b9a583853;hpb=137290df09ccfb49fcdfc72b611aa8d32182342c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java index ee7128a45..521ae8bb6 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java @@ -1,5 +1,8 @@ package org.argeo.osgi.useradmin; +import static org.argeo.osgi.useradmin.LdifName.inetOrgPerson; +import static org.argeo.osgi.useradmin.LdifName.objectClass; + import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -7,29 +10,30 @@ import java.io.InputStream; import java.io.OutputStream; import java.util.ArrayList; import java.util.Dictionary; +import java.util.HashSet; import java.util.Hashtable; -import java.util.LinkedHashMap; import java.util.List; -import java.util.Map; +import java.util.Set; import java.util.SortedMap; import java.util.TreeMap; -import javax.naming.InvalidNameException; import javax.naming.NamingEnumeration; import javax.naming.directory.Attributes; import javax.naming.ldap.LdapName; +import javax.transaction.TransactionManager; -import org.apache.commons.io.IOUtils; +import org.argeo.util.naming.LdifParser; +import org.argeo.util.naming.LdifWriter; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; -import org.osgi.service.useradmin.User; -/** User admin implementation using LDIF file(s) as backend. */ +/** + * A user admin based on a LDIF files. Requires a {@link TransactionManager} and + * an open transaction for write access. + */ public class LdifUserAdmin extends AbstractUserDirectory { - SortedMap users = new TreeMap(); - SortedMap groups = new TreeMap(); - - private Map> userIndexes = new LinkedHashMap>(); + private SortedMap users = new TreeMap(); + private SortedMap groups = new TreeMap(); public LdifUserAdmin(String uri, String baseDn) { this(fromUri(uri, baseDn)); @@ -42,14 +46,12 @@ public class LdifUserAdmin extends AbstractUserDirectory { public LdifUserAdmin(InputStream in) { super(new Hashtable()); load(in); - setReadOnly(true); - setUri(null); } private static Dictionary fromUri(String uri, String baseDn) { Hashtable res = new Hashtable(); - res.put(UserAdminConf.uri.property(), uri); - res.put(UserAdminConf.baseDn.property(), baseDn); + res.put(UserAdminConf.uri.name(), uri); + res.put(UserAdminConf.baseDn.name(), baseDn); return res; } @@ -67,13 +69,14 @@ public class LdifUserAdmin extends AbstractUserDirectory { } public void save() { - if (getUri() == null || isReadOnly()) - throw new UserDirectoryException("Cannot save LDIF user admin"); + if (getUri() == null) + throw new UserDirectoryException("Cannot save LDIF user admin: no URI is set"); + if (isReadOnly()) + throw new UserDirectoryException("Cannot save LDIF user admin: " + getUri() + " is read-only"); try (FileOutputStream out = new FileOutputStream(new File(getUri()))) { save(out); } catch (IOException e) { - throw new UserDirectoryException("Cannot save user admin to " - + getUri(), e); + throw new UserDirectoryException("Cannot save user admin to " + getUri(), e); } } @@ -85,11 +88,10 @@ public class LdifUserAdmin extends AbstractUserDirectory { for (LdapName name : users.keySet()) ldifWriter.writeEntry(name, users.get(name).getAttributes()); } finally { - IOUtils.closeQuietly(out); + out.close(); } } - @SuppressWarnings("unchecked") protected void load(InputStream in) { try { users.clear(); @@ -99,46 +101,39 @@ public class LdifUserAdmin extends AbstractUserDirectory { SortedMap allEntries = ldifParser.read(in); for (LdapName key : allEntries.keySet()) { Attributes attributes = allEntries.get(key); - NamingEnumeration objectClasses = attributes.get( - "objectClass").getAll(); + // check for inconsistency + Set lowerCase = new HashSet(); + NamingEnumeration ids = attributes.getIDs(); + while (ids.hasMoreElements()) { + String id = ids.nextElement().toLowerCase(); + if (lowerCase.contains(id)) + throw new UserDirectoryException(key + " has duplicate id " + id); + lowerCase.add(id); + } + + // analyse object classes + NamingEnumeration objectClasses = attributes.get(objectClass.name()).getAll(); + // System.out.println(key); objectClasses: while (objectClasses.hasMore()) { String objectClass = objectClasses.next().toString(); - if (objectClass.equals("inetOrgPerson")) { + // System.out.println(" " + objectClass); + if (objectClass.equals(inetOrgPerson.name())) { users.put(key, new LdifUser(this, key, attributes)); break objectClasses; - } else if (objectClass.equals("groupOfNames")) { + } else if (objectClass.equals(getGroupObjectClass())) { groups.put(key, new LdifGroup(this, key, attributes)); break objectClasses; } } } - - // indexes - for (String attr : getIndexedUserProperties()) - userIndexes.put(attr, new TreeMap()); - - for (DirectoryUser user : users.values()) { - Dictionary properties = user.getProperties(); - for (String attr : getIndexedUserProperties()) { - Object value = properties.get(attr); - if (value != null) { - DirectoryUser otherUser = userIndexes.get(attr).put( - value.toString(), user); - if (otherUser != null) - throw new UserDirectoryException("User " + user - + " and user " + otherUser - + " both have property " + attr - + " set to " + value); - } - } - } } catch (Exception e) { - throw new UserDirectoryException( - "Cannot load user admin service from LDIF", e); + throw new UserDirectoryException("Cannot load user admin service from LDIF", e); } } public void destroy() { + if (users == null || groups == null) + throw new UserDirectoryException("User directory " + getBaseDn() + " is already destroyed"); users.clear(); users = null; groups.clear(); @@ -164,10 +159,17 @@ public class LdifUserAdmin extends AbstractUserDirectory { res.addAll(users.values()); res.addAll(groups.values()); } else { - // Filter f = FrameworkUtil.createFilter(filter); - for (DirectoryUser user : users.values()) + for (DirectoryUser user : users.values()) { + // System.out.println("\n" + user.getName()); + // Dictionary props = user.getProperties(); + // for (Enumeration keys = props.keys(); keys + // .hasMoreElements();) { + // String key = keys.nextElement(); + // System.out.println(" " + key + "=" + props.get(key)); + // } if (f.match(user.getProperties())) res.add(user); + } for (DirectoryUser group : groups.values()) if (f.match(group.getProperties())) res.add(group); @@ -175,38 +177,19 @@ public class LdifUserAdmin extends AbstractUserDirectory { return res; } - protected void doGetUser(String key, String value, - List collectedUsers) { - assert key != null; - DirectoryUser user = userIndexes.get(key).get(value); - if (user != null) - collectedUsers.add(user); - } - @Override - protected List getDirectGroups(User user) { - LdapName dn; - if (user instanceof LdifUser) - dn = ((LdifUser) user).getDn(); - else - try { - dn = new LdapName(user.getName()); - } catch (InvalidNameException e) { - throw new UserDirectoryException("Badly formatted user name " - + user.getName(), e); - } - - List directGroups = new ArrayList(); + protected List getDirectGroups(LdapName dn) { + List directGroups = new ArrayList(); for (LdapName name : groups.keySet()) { DirectoryGroup group = groups.get(name); if (group.getMemberNames().contains(dn)) - directGroups.add(group); + directGroups.add(group.getDn()); } return directGroups; } @Override - protected void prepare(WorkingCopy wc) { + protected void prepare(UserDirectoryWorkingCopy wc) { // delete for (LdapName dn : wc.getDeletedUsers().keySet()) { if (users.containsKey(dn)) @@ -214,19 +197,19 @@ public class LdifUserAdmin extends AbstractUserDirectory { else if (groups.containsKey(dn)) groups.remove(dn); else - throw new UserDirectoryException("User to delete no found " - + dn); + throw new UserDirectoryException("User to delete not found " + dn); } // add for (LdapName dn : wc.getNewUsers().keySet()) { DirectoryUser user = wc.getNewUsers().get(dn); - if (Role.USER == user.getType()) + if (users.containsKey(dn) || groups.containsKey(dn)) + throw new UserDirectoryException("User to create found " + dn); + else if (Role.USER == user.getType()) users.put(dn, user); else if (Role.GROUP == user.getType()) groups.put(dn, (DirectoryGroup) user); else - throw new UserDirectoryException("Unsupported role type " - + user.getType() + " for new user " + dn); + throw new UserDirectoryException("Unsupported role type " + user.getType() + " for new user " + dn); } // modify for (LdapName dn : wc.getModifiedUsers().keySet()) { @@ -237,19 +220,18 @@ public class LdifUserAdmin extends AbstractUserDirectory { else if (groups.containsKey(dn)) user = groups.get(dn); else - throw new UserDirectoryException("User to modify no found " - + dn); + throw new UserDirectoryException("User to modify no found " + dn); user.publishAttributes(modifiedAttrs); } } @Override - protected void commit(WorkingCopy wc) { + protected void commit(UserDirectoryWorkingCopy wc) { save(); } @Override - protected void rollback(WorkingCopy wc) { + protected void rollback(UserDirectoryWorkingCopy wc) { init(); }