X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=7b87a4b6e7fbd497cf8786c853cb7616589e8171;hb=6342d1d28f8338866c876f8b6364ce3f1eac28aa;hp=8cc7cb39581f5a8f4d50c47919e828969369fb31;hpb=270c84f092b77b6f101a742cff565d29ee756011;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index 8cc7cb395..7b87a4b6e 100644
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -1,65 +1,149 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.LdifName.inetOrgPerson;
+import static org.argeo.osgi.useradmin.LdifName.objectClass;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.Dictionary;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
 import java.util.SortedMap;
 import java.util.TreeMap;
 
-import javax.naming.InvalidNameException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
+import javax.transaction.TransactionManager;
 
-import org.osgi.framework.InvalidSyntaxException;
-import org.osgi.service.useradmin.Authorization;
+import org.apache.commons.io.IOUtils;
+import org.osgi.framework.Filter;
 import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.User;
-import org.osgi.service.useradmin.UserAdmin;
 
-public class LdifUserAdmin implements UserAdmin {
-	SortedMap<LdapName, LdifUser> users = new TreeMap<LdapName, LdifUser>();
-	SortedMap<LdapName, LdifGroup> groups = new TreeMap<LdapName, LdifGroup>();
+/**
+ * A user admin based on a LDIF files. Requires a {@link TransactionManager} and
+ * an open transaction for write access.
+ */
+public class LdifUserAdmin extends AbstractUserDirectory {
+	private SortedMap<LdapName, DirectoryUser> users = new TreeMap<LdapName, DirectoryUser>();
+	private SortedMap<LdapName, DirectoryGroup> groups = new TreeMap<LdapName, DirectoryGroup>();
+
+	public LdifUserAdmin(String uri, String baseDn) {
+		this(fromUri(uri, baseDn));
+	}
+
+	public LdifUserAdmin(Dictionary<String, ?> properties) {
+		super(properties);
+	}
 
 	public LdifUserAdmin(InputStream in) {
+		super(new Hashtable<String, Object>());
+		load(in);
+	}
+
+	private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
+		Hashtable<String, Object> res = new Hashtable<String, Object>();
+		res.put(UserAdminConf.uri.property(), uri);
+		res.put(UserAdminConf.baseDn.property(), baseDn);
+		return res;
+	}
+
+	public void init() {
+		try {
+			if (getUri().getScheme().equals("file")) {
+				File file = new File(getUri());
+				if (!file.exists())
+					return;
+			}
+			load(getUri().toURL().openStream());
+		} catch (Exception e) {
+			throw new UserDirectoryException("Cannot open URL " + getUri(), e);
+		}
+	}
+
+	public void save() {
+		if (getUri() == null)
+			throw new UserDirectoryException(
+					"Cannot save LDIF user admin: no URI is set");
+		if (isReadOnly())
+			throw new UserDirectoryException("Cannot save LDIF user admin: "
+					+ getUri() + " is read-only");
+		try (FileOutputStream out = new FileOutputStream(new File(getUri()))) {
+			save(out);
+		} catch (IOException e) {
+			throw new UserDirectoryException("Cannot save user admin to "
+					+ getUri(), e);
+		}
+	}
+
+	public void save(OutputStream out) throws IOException {
+		try {
+			LdifWriter ldifWriter = new LdifWriter(out);
+			for (LdapName name : groups.keySet())
+				ldifWriter.writeEntry(name, groups.get(name).getAttributes());
+			for (LdapName name : users.keySet())
+				ldifWriter.writeEntry(name, users.get(name).getAttributes());
+		} finally {
+			IOUtils.closeQuietly(out);
+		}
+	}
+
+	protected void load(InputStream in) {
 		try {
+			users.clear();
+			groups.clear();
+
 			LdifParser ldifParser = new LdifParser();
 			SortedMap<LdapName, Attributes> allEntries = ldifParser.read(in);
 			for (LdapName key : allEntries.keySet()) {
 				Attributes attributes = allEntries.get(key);
+				// check for inconsistency
+				Set<String> lowerCase = new HashSet<String>();
+				NamingEnumeration<String> ids = attributes.getIDs();
+				while (ids.hasMoreElements()) {
+					String id = ids.nextElement().toLowerCase();
+					if (lowerCase.contains(id))
+						throw new UserDirectoryException(key
+								+ " has duplicate id " + id);
+					lowerCase.add(id);
+				}
+
+				// analyse object classes
 				NamingEnumeration<?> objectClasses = attributes.get(
-						"objectClass").getAll();
+						objectClass.name()).getAll();
+				// System.out.println(key);
 				objectClasses: while (objectClasses.hasMore()) {
 					String objectClass = objectClasses.next().toString();
-					if (objectClass.equals("inetOrgPerson")) {
-						users.put(key, new LdifUser(key, attributes));
+					// System.out.println(" " + objectClass);
+					if (objectClass.equals(inetOrgPerson.name())) {
+						users.put(key, new LdifUser(this, key, attributes));
 						break objectClasses;
-					} else if (objectClass.equals("groupOfNames")) {
-						groups.put(key, new LdifGroup(key, attributes));
+					} else if (objectClass.equals(getGroupObjectClass())) {
+						groups.put(key, new LdifGroup(this, key, attributes));
 						break objectClasses;
 					}
 				}
 			}
-
-			// optimise
-			for (LdifGroup group : groups.values()) {
-				group.loadMembers(this);
-			}
 		} catch (Exception e) {
-			throw new ArgeoUserAdminException(
-					"Cannot initialise user admin service from LDIF", e);
+			throw new UserDirectoryException(
+					"Cannot load user admin service from LDIF", e);
 		}
 	}
 
-	@Override
-	public Role getRole(String name) {
-		LdapName key;
-		try {
-			key = new LdapName(name);
-		} catch (InvalidNameException e) {
-			// TODO implements default base DN
-			throw new IllegalArgumentException("Badly formatted role name: "
-					+ name, e);
-		}
+	public void destroy() {
+		users.clear();
+		users = null;
+		groups.clear();
+		groups = null;
+	}
 
+	protected DirectoryUser daoGetRole(LdapName key) {
 		if (groups.containsKey(key))
 			return groups.get(key);
 		if (users.containsKey(key))
@@ -67,29 +151,94 @@ public class LdifUserAdmin implements UserAdmin {
 		return null;
 	}
 
-	@Override
-	public Authorization getAuthorization(User user) {
-		return new LdifAuthorization((LdifUser) user);
+	protected Boolean daoHasRole(LdapName dn) {
+		return users.containsKey(dn) || groups.containsKey(dn);
+	}
+
+	@SuppressWarnings("unchecked")
+	protected List<DirectoryUser> doGetRoles(Filter f) {
+		ArrayList<DirectoryUser> res = new ArrayList<DirectoryUser>();
+		if (f == null) {
+			res.addAll(users.values());
+			res.addAll(groups.values());
+		} else {
+			for (DirectoryUser user : users.values()) {
+				// System.out.println("\n" + user.getName());
+				// Dictionary<String, Object> props = user.getProperties();
+				// for (Enumeration<String> keys = props.keys(); keys
+				// .hasMoreElements();) {
+				// String key = keys.nextElement();
+				// System.out.println(" " + key + "=" + props.get(key));
+				// }
+				if (f.match(user.getProperties()))
+					res.add(user);
+			}
+			for (DirectoryUser group : groups.values())
+				if (f.match(group.getProperties()))
+					res.add(group);
+		}
+		return res;
 	}
 
 	@Override
-	public Role createRole(String name, int type) {
-		throw new UnsupportedOperationException();
+	protected List<LdapName> getDirectGroups(LdapName dn) {
+		List<LdapName> directGroups = new ArrayList<LdapName>();
+		for (LdapName name : groups.keySet()) {
+			DirectoryGroup group = groups.get(name);
+			if (group.getMemberNames().contains(dn))
+				directGroups.add(group.getDn());
+		}
+		return directGroups;
 	}
 
 	@Override
-	public boolean removeRole(String name) {
-		throw new UnsupportedOperationException();
+	protected void prepare(UserDirectoryWorkingCopy wc) {
+		// delete
+		for (LdapName dn : wc.getDeletedUsers().keySet()) {
+			if (users.containsKey(dn))
+				users.remove(dn);
+			else if (groups.containsKey(dn))
+				groups.remove(dn);
+			else
+				throw new UserDirectoryException("User to delete not found "
+						+ dn);
+		}
+		// add
+		for (LdapName dn : wc.getNewUsers().keySet()) {
+			DirectoryUser user = wc.getNewUsers().get(dn);
+			if (users.containsKey(dn) || groups.containsKey(dn))
+				throw new UserDirectoryException("User to create found " + dn);
+			else if (Role.USER == user.getType())
+				users.put(dn, user);
+			else if (Role.GROUP == user.getType())
+				groups.put(dn, (DirectoryGroup) user);
+			else
+				throw new UserDirectoryException("Unsupported role type "
+						+ user.getType() + " for new user " + dn);
+		}
+		// modify
+		for (LdapName dn : wc.getModifiedUsers().keySet()) {
+			Attributes modifiedAttrs = wc.getModifiedUsers().get(dn);
+			DirectoryUser user;
+			if (users.containsKey(dn))
+				user = users.get(dn);
+			else if (groups.containsKey(dn))
+				user = groups.get(dn);
+			else
+				throw new UserDirectoryException("User to modify no found "
+						+ dn);
+			user.publishAttributes(modifiedAttrs);
+		}
 	}
 
 	@Override
-	public Role[] getRoles(String filter) throws InvalidSyntaxException {
-		throw new UnsupportedOperationException();
+	protected void commit(UserDirectoryWorkingCopy wc) {
+		save();
 	}
 
 	@Override
-	public User getUser(String key, String value) {
-		throw new UnsupportedOperationException();
+	protected void rollback(UserDirectoryWorkingCopy wc) {
+		init();
 	}
 
 }