X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.security.core%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdifUserAdmin.java;h=dacae7964f1ee74a24415529655fbd7940133a44;hb=e86e3691db8b4a426a6d5fd3cf255dc82fe05fc1;hp=acbf1112f1e24d92b35926420aabc538406ecf5c;hpb=062d7f43d0208823ac81160c517ab6a2d7404765;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java index acbf1112f..dacae7964 100644 --- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java +++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java @@ -4,7 +4,6 @@ import java.io.InputStream; import java.net.URI; import java.net.URISyntaxException; import java.util.ArrayList; -import java.util.Arrays; import java.util.Dictionary; import java.util.LinkedHashMap; import java.util.List; @@ -15,24 +14,22 @@ import java.util.TreeMap; import javax.naming.InvalidNameException; import javax.naming.NamingEnumeration; import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttributes; import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import org.osgi.framework.Filter; +import org.osgi.framework.FrameworkUtil; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; -import org.osgi.service.useradmin.UserAdmin; /** User admin implementation using LDIF file(s) as backend. */ -public class LdifUserAdmin implements UserAdmin { +public class LdifUserAdmin extends AbstractLdapUserAdmin { SortedMap users = new TreeMap(); SortedMap groups = new TreeMap(); - private final boolean isReadOnly; - private final URI uri; - - private List indexedUserProperties = Arrays.asList(new String[] { - "uid", "mail", "cn" }); private Map> userIndexes = new LinkedHashMap>(); public LdifUserAdmin(String uri) { @@ -40,28 +37,31 @@ public class LdifUserAdmin implements UserAdmin { } public LdifUserAdmin(String uri, boolean isReadOnly) { - this.isReadOnly = isReadOnly; + setReadOnly(isReadOnly); try { - this.uri = new URI(uri); + setUri(new URI(uri)); } catch (URISyntaxException e) { throw new ArgeoUserAdminException("Invalid URI " + uri, e); } - if (!isReadOnly && !this.uri.getScheme().equals("file:")) - throw new UnsupportedOperationException(this.uri.getScheme() + if (!isReadOnly && !getUri().getScheme().equals("file:")) + throw new UnsupportedOperationException(getUri().getScheme() + "not supported read-write."); - try { - load(this.uri.toURL().openStream()); - } catch (Exception e) { - throw new ArgeoUserAdminException("Cannot open URL " + this.uri, e); - } } public LdifUserAdmin(InputStream in) { load(in); - isReadOnly = true; - this.uri = null; + setReadOnly(true); + setUri(null); + } + + public void init() { + try { + load(getUri().toURL().openStream()); + } catch (Exception e) { + throw new ArgeoUserAdminException("Cannot open URL " + getUri(), e); + } } protected void load(InputStream in) { @@ -86,15 +86,15 @@ public class LdifUserAdmin implements UserAdmin { // optimise for (LdifGroup group : groups.values()) - group.loadMembers(this); + loadMembers(group); // indexes - for (String attr : indexedUserProperties) + for (String attr : getIndexedUserProperties()) userIndexes.put(attr, new TreeMap()); for (LdifUser user : users.values()) { Dictionary properties = user.getProperties(); - for (String attr : indexedUserProperties) { + for (String attr : getIndexedUserProperties()) { Object value = properties.get(attr); if (value != null) { LdifUser otherUser = userIndexes.get(attr).put( @@ -102,7 +102,7 @@ public class LdifUserAdmin implements UserAdmin { if (otherUser != null) throw new ArgeoUserAdminException("User " + user + " and user " + otherUser - + " both habe property " + attr + + " both have property " + attr + " set to " + value); } } @@ -145,23 +145,78 @@ public class LdifUserAdmin implements UserAdmin { @Override public Role createRole(String name, int type) { - throw new UnsupportedOperationException(); + try { + LdapName dn = new LdapName(name); + if (users.containsKey(dn) || groups.containsKey(dn)) + throw new ArgeoUserAdminException("Already a role " + name); + + BasicAttributes attrs = new BasicAttributes(); + attrs.put("dn", dn.toString()); + Rdn nameRdn = dn.getRdn(dn.size() - 1); + // TODO deal with multiple attr RDN + attrs.put(nameRdn.getType(), nameRdn.getValue()); + LdifUser newRole; + if (type == Role.USER) { + newRole = new LdifUser(dn, attrs); + users.put(dn, newRole); + } else if (type == Role.GROUP) { + newRole = new LdifGroup(dn, attrs); + groups.put(dn, (LdifGroup) newRole); + } else + throw new ArgeoUserAdminException("Unsupported type " + type); + return newRole; + } catch (InvalidNameException e) { + throw new ArgeoUserAdminException("Cannot create role " + name, e); + } } @Override public boolean removeRole(String name) { - throw new UnsupportedOperationException(); + try { + LdapName dn = new LdapName(name); + LdifUser role = null; + if (users.containsKey(dn)) + role = users.remove(dn); + else if (groups.containsKey(dn)) + role = groups.remove(dn); + else + throw new ArgeoUserAdminException("There is no role " + name); + if (role == null) + return false; + for (LdifGroup group : role.directMemberOf) { + group.directMembers.remove(role); + group.getAttributes().get(group.getMemberAttrName()) + .remove(dn.toString()); + } + if (role instanceof LdifGroup) { + LdifGroup group = (LdifGroup) role; + for (Role user : group.directMembers) { + if (user instanceof LdifUser) + ((LdifUser) user).directMemberOf.remove(group); + } + } + return true; + } catch (InvalidNameException e) { + throw new ArgeoUserAdminException("Cannot create role " + name, e); + } } @Override public Role[] getRoles(String filter) throws InvalidSyntaxException { + ArrayList res = new ArrayList(); if (filter == null) { - ArrayList res = new ArrayList(); res.addAll(users.values()); res.addAll(groups.values()); - return res.toArray(new Role[res.size()]); + } else { + Filter f = FrameworkUtil.createFilter(filter); + for (LdifUser user : users.values()) + if (f.match(user.getProperties())) + res.add(user); + for (LdifUser group : groups.values()) + if (f.match(group.getProperties())) + res.add(group); } - throw new UnsupportedOperationException(); + return res.toArray(new Role[res.size()]); } @Override @@ -175,7 +230,7 @@ public class LdifUserAdmin implements UserAdmin { // Try all indexes List collectedUsers = new ArrayList( - indexedUserProperties.size()); + getIndexedUserProperties().size()); // try dn LdifUser user = null; try { @@ -197,8 +252,25 @@ public class LdifUserAdmin implements UserAdmin { // throw new UnsupportedOperationException(); } - public boolean getIsReadOnly() { - return isReadOnly; + protected void loadMembers(LdifGroup group) { + group.directMembers = new ArrayList(); + for (LdapName ldapName : group.getMemberNames()) { + LdifUser role = null; + if (groups.containsKey(ldapName)) + role = groups.get(ldapName); + else if (users.containsKey(ldapName)) + role = users.get(ldapName); + else { + if (getExternalRoles() != null) + role = (LdifUser) getExternalRoles().getRole( + ldapName.toString()); + if (role == null) + throw new ArgeoUserAdminException("No role found for " + + ldapName); + } + role.directMemberOf.add(group); + group.directMembers.add(role); + } } }