X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=acbf1112f1e24d92b35926420aabc538406ecf5c;hb=062d7f43d0208823ac81160c517ab6a2d7404765;hp=5796b46c4e0e19cb7c22b94c3dc5e7362289affd;hpb=e96c7f26228b70f604e41b7a56ce6c5836da9e12;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java index 5796b46c4..acbf1112f 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java @@ -1,6 +1,14 @@ package org.argeo.osgi.useradmin; import java.io.InputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Dictionary; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; import java.util.SortedMap; import java.util.TreeMap; @@ -15,34 +23,103 @@ import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; +/** User admin implementation using LDIF file(s) as backend. */ public class LdifUserAdmin implements UserAdmin { - private SortedMap roles = new TreeMap(); + SortedMap users = new TreeMap(); + SortedMap groups = new TreeMap(); + + private final boolean isReadOnly; + private final URI uri; + + private List indexedUserProperties = Arrays.asList(new String[] { + "uid", "mail", "cn" }); + private Map> userIndexes = new LinkedHashMap>(); + + public LdifUserAdmin(String uri) { + this(uri, true); + } + + public LdifUserAdmin(String uri, boolean isReadOnly) { + this.isReadOnly = isReadOnly; + try { + this.uri = new URI(uri); + } catch (URISyntaxException e) { + throw new ArgeoUserAdminException("Invalid URI " + uri, e); + } + + if (!isReadOnly && !this.uri.getScheme().equals("file:")) + throw new UnsupportedOperationException(this.uri.getScheme() + + "not supported read-write."); + + try { + load(this.uri.toURL().openStream()); + } catch (Exception e) { + throw new ArgeoUserAdminException("Cannot open URL " + this.uri, e); + } + } public LdifUserAdmin(InputStream in) { + load(in); + isReadOnly = true; + this.uri = null; + } + + protected void load(InputStream in) { try { LdifParser ldifParser = new LdifParser(); SortedMap allEntries = ldifParser.read(in); for (LdapName key : allEntries.keySet()) { Attributes attributes = allEntries.get(key); - NamingEnumeration objectClasses = attributes.get("objectClass") - .getAll(); + NamingEnumeration objectClasses = attributes.get( + "objectClass").getAll(); objectClasses: while (objectClasses.hasMore()) { String objectClass = objectClasses.next().toString(); if (objectClass.equals("inetOrgPerson")) { - roles.put(key, new LdifUser(key, attributes)); + users.put(key, new LdifUser(key, attributes)); break objectClasses; } else if (objectClass.equals("groupOfNames")) { - roles.put(key, new LdifGroup(key, attributes)); + groups.put(key, new LdifGroup(key, attributes)); break objectClasses; } } } + + // optimise + for (LdifGroup group : groups.values()) + group.loadMembers(this); + + // indexes + for (String attr : indexedUserProperties) + userIndexes.put(attr, new TreeMap()); + + for (LdifUser user : users.values()) { + Dictionary properties = user.getProperties(); + for (String attr : indexedUserProperties) { + Object value = properties.get(attr); + if (value != null) { + LdifUser otherUser = userIndexes.get(attr).put( + value.toString(), user); + if (otherUser != null) + throw new ArgeoUserAdminException("User " + user + + " and user " + otherUser + + " both habe property " + attr + + " set to " + value); + } + } + } } catch (Exception e) { throw new ArgeoUserAdminException( - "Cannot initialise user admin service from LDIF", e); + "Cannot load user admin service from LDIF", e); } } + public void destroy() { + users.clear(); + users = null; + groups.clear(); + groups = null; + } + @Override public Role getRole(String name) { LdapName key; @@ -54,15 +131,16 @@ public class LdifUserAdmin implements UserAdmin { + name, e); } - if (!roles.containsKey(key)) - return null; - return roles.get(key); + if (groups.containsKey(key)) + return groups.get(key); + if (users.containsKey(key)) + return users.get(key); + return null; } @Override public Authorization getAuthorization(User user) { - // TODO Auto-generated method stub - return null; + return new LdifAuthorization((LdifUser) user); } @Override @@ -77,12 +155,50 @@ public class LdifUserAdmin implements UserAdmin { @Override public Role[] getRoles(String filter) throws InvalidSyntaxException { + if (filter == null) { + ArrayList res = new ArrayList(); + res.addAll(users.values()); + res.addAll(groups.values()); + return res.toArray(new Role[res.size()]); + } throw new UnsupportedOperationException(); } @Override public User getUser(String key, String value) { - throw new UnsupportedOperationException(); + // TODO check value null or empty + if (key != null) { + if (!userIndexes.containsKey(key)) + return null; + return userIndexes.get(key).get(value); + } + + // Try all indexes + List collectedUsers = new ArrayList( + indexedUserProperties.size()); + // try dn + LdifUser user = null; + try { + user = (LdifUser) getRole(value); + if (user != null) + collectedUsers.add(user); + } catch (Exception e) { + // silent + } + for (String attr : userIndexes.keySet()) { + user = userIndexes.get(attr).get(value); + if (user != null) + collectedUsers.add(user); + } + + if (collectedUsers.size() == 1) + return collectedUsers.get(0); + return null; + // throw new UnsupportedOperationException(); + } + + public boolean getIsReadOnly() { + return isReadOnly; } }