X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=7b87a4b6e7fbd497cf8786c853cb7616589e8171;hb=0b8aa4c76cb7a1d19abf93a4c1ae0c973abdab5b;hp=9bf558b313b274a035d272a4db62d0f87db01381;hpb=e91af5c65a42b3ff98400caa552965cdb3f730e6;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index 9bf558b31..7b87a4b6e 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -1,5 +1,8 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.LdifName.inetOrgPerson;
+import static org.argeo.osgi.useradmin.LdifName.objectClass;
+
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -7,29 +10,29 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.Dictionary;
+import java.util.HashSet;
 import java.util.Hashtable;
-import java.util.LinkedHashMap;
 import java.util.List;
-import java.util.Map;
+import java.util.Set;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
-import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
+import javax.transaction.TransactionManager;
 
 import org.apache.commons.io.IOUtils;
 import org.osgi.framework.Filter;
 import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.User;
 
-/** User admin implementation using LDIF file(s) as backend. */
+/**
+ * A user admin based on a LDIF files. Requires a {@link TransactionManager} and
+ * an open transaction for write access.
+ */
 public class LdifUserAdmin extends AbstractUserDirectory {
-	SortedMap<LdapName, DirectoryUser> users = new TreeMap<LdapName, DirectoryUser>();
-	SortedMap<LdapName, DirectoryGroup> groups = new TreeMap<LdapName, DirectoryGroup>();
-
-	private Map<String, Map<String, DirectoryUser>> userIndexes = new LinkedHashMap<String, Map<String, DirectoryUser>>();
+	private SortedMap<LdapName, DirectoryUser> users = new TreeMap<LdapName, DirectoryUser>();
+	private SortedMap<LdapName, DirectoryGroup> groups = new TreeMap<LdapName, DirectoryGroup>();
 
 	public LdifUserAdmin(String uri, String baseDn) {
 		this(fromUri(uri, baseDn));
@@ -42,14 +45,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	public LdifUserAdmin(InputStream in) {
 		super(new Hashtable<String, Object>());
 		load(in);
-		setReadOnly(true);
-		setUri(null);
 	}
 
 	private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
 		Hashtable<String, Object> res = new Hashtable<String, Object>();
-		res.put(LdapProperties.uri.getFullName(), uri);
-		res.put(LdapProperties.baseDn.getFullName(), baseDn);
+		res.put(UserAdminConf.uri.property(), uri);
+		res.put(UserAdminConf.baseDn.property(), baseDn);
 		return res;
 	}
 
@@ -67,8 +68,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	}
 
 	public void save() {
-		if (getUri() == null || isReadOnly())
-			throw new UserDirectoryException("Cannot save LDIF user admin");
+		if (getUri() == null)
+			throw new UserDirectoryException(
+					"Cannot save LDIF user admin: no URI is set");
+		if (isReadOnly())
+			throw new UserDirectoryException("Cannot save LDIF user admin: "
+					+ getUri() + " is read-only");
 		try (FileOutputStream out = new FileOutputStream(new File(getUri()))) {
 			save(out);
 		} catch (IOException e) {
@@ -98,43 +103,33 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			SortedMap<LdapName, Attributes> allEntries = ldifParser.read(in);
 			for (LdapName key : allEntries.keySet()) {
 				Attributes attributes = allEntries.get(key);
+				// check for inconsistency
+				Set<String> lowerCase = new HashSet<String>();
+				NamingEnumeration<String> ids = attributes.getIDs();
+				while (ids.hasMoreElements()) {
+					String id = ids.nextElement().toLowerCase();
+					if (lowerCase.contains(id))
+						throw new UserDirectoryException(key
+								+ " has duplicate id " + id);
+					lowerCase.add(id);
+				}
+
+				// analyse object classes
 				NamingEnumeration<?> objectClasses = attributes.get(
-						"objectClass").getAll();
+						objectClass.name()).getAll();
+				// System.out.println(key);
 				objectClasses: while (objectClasses.hasMore()) {
 					String objectClass = objectClasses.next().toString();
-					if (objectClass.equals("inetOrgPerson")) {
+					// System.out.println(" " + objectClass);
+					if (objectClass.equals(inetOrgPerson.name())) {
 						users.put(key, new LdifUser(this, key, attributes));
 						break objectClasses;
-					} else if (objectClass.equals("groupOfNames")) {
+					} else if (objectClass.equals(getGroupObjectClass())) {
 						groups.put(key, new LdifGroup(this, key, attributes));
 						break objectClasses;
 					}
 				}
 			}
-
-			// optimise
-			// for (LdifGroup group : groups.values())
-			// loadMembers(group);
-
-			// indexes
-			for (String attr : getIndexedUserProperties())
-				userIndexes.put(attr, new TreeMap<String, DirectoryUser>());
-
-			for (DirectoryUser user : users.values()) {
-				Dictionary<String, Object> properties = user.getProperties();
-				for (String attr : getIndexedUserProperties()) {
-					Object value = properties.get(attr);
-					if (value != null) {
-						DirectoryUser otherUser = userIndexes.get(attr).put(
-								value.toString(), user);
-						if (otherUser != null)
-							throw new UserDirectoryException("User " + user
-									+ " and user " + otherUser
-									+ " both have property " + attr
-									+ " set to " + value);
-					}
-				}
-			}
 		} catch (Exception e) {
 			throw new UserDirectoryException(
 					"Cannot load user admin service from LDIF", e);
@@ -160,35 +155,24 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 		return users.containsKey(dn) || groups.containsKey(dn);
 	}
 
-	// @Override
-	// public boolean removeRole(String name) {
-	// LdapName dn = toDn(name);
-	// LdifUser role = null;
-	// if (users.containsKey(dn))
-	// role = users.remove(dn);
-	// else if (groups.containsKey(dn))
-	// role = groups.remove(dn);
-	// else
-	// throw new UserDirectoryException("There is no role " + name);
-	// if (role == null)
-	// return false;
-	// for (LdifGroup group : getDirectGroups(role)) {
-	// group.getAttributes().get(getMemberAttributeId())
-	// .remove(dn.toString());
-	// }
-	// return true;
-	// }
-
+	@SuppressWarnings("unchecked")
 	protected List<DirectoryUser> doGetRoles(Filter f) {
 		ArrayList<DirectoryUser> res = new ArrayList<DirectoryUser>();
 		if (f == null) {
 			res.addAll(users.values());
 			res.addAll(groups.values());
 		} else {
-			// Filter f = FrameworkUtil.createFilter(filter);
-			for (DirectoryUser user : users.values())
+			for (DirectoryUser user : users.values()) {
+				// System.out.println("\n" + user.getName());
+				// Dictionary<String, Object> props = user.getProperties();
+				// for (Enumeration<String> keys = props.keys(); keys
+				// .hasMoreElements();) {
+				// String key = keys.nextElement();
+				// System.out.println(" " + key + "=" + props.get(key));
+				// }
 				if (f.match(user.getProperties()))
 					res.add(user);
+			}
 			for (DirectoryUser group : groups.values())
 				if (f.match(group.getProperties()))
 					res.add(group);
@@ -196,38 +180,19 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 		return res;
 	}
 
-	protected void doGetUser(String key, String value,
-			List<DirectoryUser> collectedUsers) {
-		assert key != null;
-		DirectoryUser user = userIndexes.get(key).get(value);
-		if (user != null)
-			collectedUsers.add(user);
-	}
-
 	@Override
-	protected List<DirectoryGroup> getDirectGroups(User user) {
-		LdapName dn;
-		if (user instanceof LdifUser)
-			dn = ((LdifUser) user).getDn();
-		else
-			try {
-				dn = new LdapName(user.getName());
-			} catch (InvalidNameException e) {
-				throw new UserDirectoryException("Badly formatted user name "
-						+ user.getName(), e);
-			}
-
-		List<DirectoryGroup> directGroups = new ArrayList<DirectoryGroup>();
+	protected List<LdapName> getDirectGroups(LdapName dn) {
+		List<LdapName> directGroups = new ArrayList<LdapName>();
 		for (LdapName name : groups.keySet()) {
 			DirectoryGroup group = groups.get(name);
 			if (group.getMemberNames().contains(dn))
-				directGroups.add(group);
+				directGroups.add(group.getDn());
 		}
 		return directGroups;
 	}
 
 	@Override
-	protected void prepare(WorkingCopy wc) {
+	protected void prepare(UserDirectoryWorkingCopy wc) {
 		// delete
 		for (LdapName dn : wc.getDeletedUsers().keySet()) {
 			if (users.containsKey(dn))
@@ -235,13 +200,15 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 			else if (groups.containsKey(dn))
 				groups.remove(dn);
 			else
-				throw new UserDirectoryException("User to delete no found "
+				throw new UserDirectoryException("User to delete not found "
 						+ dn);
 		}
 		// add
 		for (LdapName dn : wc.getNewUsers().keySet()) {
 			DirectoryUser user = wc.getNewUsers().get(dn);
-			if (Role.USER == user.getType())
+			if (users.containsKey(dn) || groups.containsKey(dn))
+				throw new UserDirectoryException("User to create found " + dn);
+			else if (Role.USER == user.getType())
 				users.put(dn, user);
 			else if (Role.GROUP == user.getType())
 				groups.put(dn, (DirectoryGroup) user);
@@ -265,12 +232,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
 	}
 
 	@Override
-	protected void commit(WorkingCopy wc) {
+	protected void commit(UserDirectoryWorkingCopy wc) {
 		save();
 	}
 
 	@Override
-	protected void rollback(WorkingCopy wc) {
+	protected void rollback(UserDirectoryWorkingCopy wc) {
 		init();
 	}