package org.argeo.api.cms.directory;
-import org.osgi.service.useradmin.Authorization;
-
/** An authorisation to a CMS system. */
-public interface CmsAuthorization extends Authorization {
+public interface CmsAuthorization {
/** The role which did imply this role, <code>null</code> if a direct role. */
default String getImplyingRole(String role) {
return null;
package org.argeo.api.cms.directory;
-import org.osgi.service.useradmin.Group;
+import java.util.Set;
-/** A group in a user directroy. */
-public interface CmsGroup extends Group, CmsUser {
-// List<LdapName> getMemberNames();
+/** A group in a user directory. */
+public interface CmsGroup extends CmsUser {
+ Set<? extends CmsRole> getDirectMembers();
}
--- /dev/null
+package org.argeo.api.cms.directory;
+
+import java.util.Dictionary;
+
+/** Parent of user/group hierarchy */
+public interface CmsRole {
+ String getName();
+
+ // TODO replace with Map or ACR content
+ @Deprecated
+ Dictionary<String, Object> getProperties();
+}
package org.argeo.api.cms.directory;
-import org.osgi.service.useradmin.User;
-
/**
* An entity with credentials which can log in to a system. Can be a real person
* or not.
*/
-public interface CmsUser extends User {
+public interface CmsUser extends CmsRole {
+ String getDisplayName();
}
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
-import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.User;
-
/**
* Provide method interfaces to manage user concepts without accessing directly
* the userAdmin.
Set<UserDirectory> getUserDirectories();
// CurrentUser
- /** Returns the e-mail of the current logged in user */
- String getMyMail();
+// /** Returns the e-mail of the current logged in user */
+// String getMyMail();
// Other users
- /** Returns a {@link User} given a username */
+ /** Returns a {@link CmsUser} given a username */
CmsUser getUser(String username);
/** Can be a group or a user */
// Search
/** Returns a filtered list of roles */
- Role[] getRoles(String filter);
+ CmsRole[] getRoles(String filter);
/** Recursively lists users in a given group. */
Set<CmsUser> listUsersInGroup(String groupDn, String filter);
CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole);
/** Add additional object classes to this role. */
- void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties);
+ void addObjectClasses(CmsRole role, Set<String> objectClasses, Map<String, Object> additionalProperties);
/** Add additional object classes to this hierarchy unit. */
void addObjectClasses(HierarchyUnit hierarchyUnit, Set<String> objectClasses,
Map<String, Object> additionalProperties);
/** Add a member to this group. */
- void addMember(CmsGroup group, Role role);
+ void addMember(CmsGroup group, CmsRole role);
/** Remove a member from this group. */
- void removeMember(CmsGroup group, Role role);
-
+ void removeMember(CmsGroup group, CmsRole role);
+
void edit(Runnable action);
/* MISCELLANEOUS */
String getDefaultDomainName();
/**
- * Search for a {@link User} (might also be a group) whose uid or cn is equals
+ * Search for a {@link CmsUser} (might also be a group) whose uid or cn is equals
* to localId within the various user repositories defined in the current
* context.
*/
void expireAuthTokens(Subject subject);
- UserDirectory getDirectory(Role role);
+ UserDirectory getDirectory(CmsRole role);
/** Create a new hierarchy unit. Does nothing if it already exists. */
HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path);
package org.argeo.api.cms.directory;
-import org.osgi.service.useradmin.Role;
-
/** Information about a user directory. */
public interface UserDirectory extends CmsDirectory {
- HierarchyUnit getHierarchyUnit(Role role);
+ HierarchyUnit getHierarchyUnit(CmsRole role);
- Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep);
+ Iterable<? extends CmsRole> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep);
- String getRolePath(Role role);
+ String getRolePath(CmsRole role);
- String getRoleSimpleName(Role role);
+ String getRoleSimpleName(CmsRole role);
- Role getRoleByPath(String path);
+ CmsRole getRoleByPath(String path);
}
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsSession;
import org.argeo.api.cms.directory.CmsDirectory;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.CmsUserManager;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.util.CurrentSubject;
-import org.osgi.service.useradmin.Role;
/** Utilities and routines around {@link Content}. */
public class ContentUtils {
* DIRECTORY
*/
- public static Content roleToContent(CmsUserManager userManager, ContentSession contentSession, Role role) {
+ public static Content roleToContent(CmsUserManager userManager, ContentSession contentSession, CmsRole role) {
UserDirectory userDirectory = userManager.getDirectory(role);
String path = directoryPath(userDirectory) + userDirectory.getRolePath(role);
Content content = contentSession.get(path);
import org.argeo.api.acr.spi.ContentProvider;
import org.argeo.api.acr.spi.ProvidedContent;
import org.argeo.api.acr.spi.ProvidedSession;
+import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.CmsUserManager;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.acr.AbstractSimpleContentProvider;
import org.argeo.cms.acr.ContentUtils;
-import org.osgi.service.useradmin.User;
/** A {@link ContentProvider} based on a {@link CmsUserManager} service. */
public class DirectoryContentProvider extends AbstractSimpleContentProvider<CmsUserManager> {
// } catch (InvalidNameException e) {
// throw new IllegalStateException("Cannot interpret " + segments + " as DN", e);
// }
- User user = (User) userDirectory.getRoleByPath(pathWithinUserDirectory);
+ CmsUser user = (CmsUser) userDirectory.getRoleByPath(pathWithinUserDirectory);
if (user != null) {
HierarchyUnit parent = userDirectory.getHierarchyUnit(user);
return new RoleContent(session, this, new HierarchyUnitContent(session, this, parent), user);
import org.argeo.api.acr.Content;
import org.argeo.api.acr.ContentName;
-import org.argeo.api.acr.CrName;
import org.argeo.api.acr.DName;
import org.argeo.api.acr.spi.ProvidedSession;
import org.argeo.api.cms.directory.CmsDirectory;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
-import org.osgi.service.useradmin.Role;
class HierarchyUnitContent extends AbstractDirectoryContent {
private HierarchyUnit hierarchyUnit;
for (HierarchyUnit hu : hierarchyUnit.getDirectHierarchyUnits(false))
lst.add(new HierarchyUnitContent(getSession(), provider, hu));
- for (Role role : ((UserDirectory) hierarchyUnit.getDirectory()).getHierarchyUnitRoles(hierarchyUnit, null,
+ for (CmsRole role : ((UserDirectory) hierarchyUnit.getDirectory()).getHierarchyUnitRoles(hierarchyUnit, null,
false))
lst.add(new RoleContent(getSession(), provider, this, role));
return lst.iterator();
import org.argeo.api.acr.Content;
import org.argeo.api.acr.ContentName;
import org.argeo.api.acr.spi.ProvidedSession;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.UserDirectory;
import org.osgi.service.useradmin.Role;
class RoleContent extends AbstractDirectoryContent {
private HierarchyUnitContent parent;
- private Role role;
+ private CmsRole role;
public RoleContent(ProvidedSession session, DirectoryContentProvider provider, HierarchyUnitContent parent,
- Role role) {
+ CmsRole role) {
super(session, provider);
this.parent = parent;
this.role = role;
}
@Override
+ @Deprecated
Dictionary<String, Object> doGetProperties() {
return role.getProperties();
}
@SuppressWarnings("unchecked")
@Override
public <A> A adapt(Class<A> clss) {
- if (Role.class.isAssignableFrom(clss))
+ if (CmsRole.class.isAssignableFrom(clss))
return (A) role;
+ // TODO do we need this?
+// if (Role.class.isAssignableFrom(clss))
+// return (A) role;
return super.adapt(clss);
}
+++ /dev/null
-package org.argeo.cms.auth;
-
-import javax.xml.namespace.QName;
-
-import org.argeo.api.acr.ArgeoNamespace;
-import org.argeo.api.acr.ContentName;
-import org.argeo.cms.SystemRole;
-
-/** Standard CMS system roles. */
-public enum CmsRole implements SystemRole {
- userAdmin, //
- groupAdmin, //
- //
- ;
-
- private final static String QUALIFIER = "cms.";
-
- private final ContentName name;
-
- CmsRole() {
- name = new ContentName(ArgeoNamespace.ROLE_NAMESPACE_URI, QUALIFIER + name());
- }
-
- @Override
- public QName qName() {
- return name;
- }
-
- @Override
- public String toString() {
- return name.toPrefixedString();
- }
-}
--- /dev/null
+package org.argeo.cms.auth;
+
+import javax.xml.namespace.QName;
+
+import org.argeo.api.acr.ArgeoNamespace;
+import org.argeo.api.acr.ContentName;
+import org.argeo.cms.SystemRole;
+
+/** Standard CMS system roles. */
+public enum CmsSystemRole implements SystemRole {
+ userAdmin, //
+ groupAdmin, //
+ //
+ ;
+
+ private final static String QUALIFIER = "cms.";
+
+ private final ContentName name;
+
+ CmsSystemRole() {
+ name = new ContentName(ArgeoNamespace.ROLE_NAMESPACE_URI, QUALIFIER + name());
+ }
+
+ @Override
+ public QName qName() {
+ return name;
+ }
+
+ @Override
+ public String toString() {
+ return name.toPrefixedString();
+ }
+}
import org.osgi.service.useradmin.UserAdmin;
/** Centralise common patterns to manage users with a {@link UserAdmin} */
+@Deprecated
+// TODO use CmsRole after migrating to qualified properties
public class UserAdminUtils {
// CURRENTUSER HELPERS
return getUserDisplayName(user);
}
+ public static String getUserDisplayName(org.argeo.api.cms.directory.CmsRole user) {
+ return getUserDisplayName((Role) user);
+ }
+
public static String getUserDisplayName(Role user) {
String dName = getProperty(user, LdapAttr.displayName.name());
if (isEmpty(dName))
import javax.naming.directory.BasicAttribute;
import javax.naming.ldap.LdapName;
+import org.argeo.api.acr.QNamed;
import org.argeo.api.acr.ldap.LdapAttr;
import org.argeo.api.acr.ldap.LdapObj;
import org.argeo.api.cms.directory.DirectoryDigestUtils;
return credentials;
}
+ protected String getPropertyAsString(QNamed key) {
+ return getPropertyAsString(key.localName());
+ }
+
+ protected String getPropertyAsString(String key) {
+ Object res = getProperties().get(key);
+ if (res == null)
+ return null;
+ return res.toString();
+ }
+
/*
* CREDENTIALS
*/
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.CmsUserManager;
import org.argeo.api.cms.directory.HierarchyUnit;
}
- @Override
- public String getMyMail() {
- return getUserMail(CurrentUser.getUsername());
- }
+// @Override
+// public String getMyMail() {
+// return getUserMail(CurrentUser.getUsername());
+// }
@Override
- public Role[] getRoles(String filter) {
+ public CmsRole[] getRoles(String filter) {
try {
- return userAdmin.getRoles(filter);
+ Role[] roles = userAdmin.getRoles(filter);
+ CmsRole[] res = new CmsRole[roles.length];
+ for (int i = 0; i < roles.length; i++)
+ res[i] = (CmsRole) roles[i];
+ return res;
} catch (InvalidSyntaxException e) {
throw new IllegalArgumentException("Invalid filter " + filter, e);
}
/** Lists all roles of the given user */
@Override
public String[] getUserRoles(String dn) {
- Authorization currAuth = getUserAdmin().getAuthorization(getUser(dn));
+ Authorization currAuth = getUserAdmin().getAuthorization((User) getUser(dn));
return currAuth.getRoles();
}
return users;
}
-// @Override
-// public Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep) {
-// if(!hierarchyUnit.isFunctional())
-// throw new IllegalArgumentException("Hierarchy unit "+hierarchyUnit.getBase()+" is not functional");
-// UserDirectory directory = (UserDirectory)hierarchyUnit.getDirectory();
-// Set<User> res = new HashSet<>();
-// for(HierarchyUnit technicalHu:hierarchyUnit.getDirectHierarchyUnits(false)) {
-// if(technicalHu.isFunctional())
-// continue;
-// for(Role role:directory.getHierarchyUnitRoles(technicalHu, null, false)) {
-// if(role)
-// }
-// }
-// return res;
-// }
-
/** Recursively add users to list */
private void addUsers(Set<CmsUser> users, Group group, String filter) {
- Role[] roles = group.getMembers();
+ Role[] roles = ((Group) group).getMembers();
for (Role role : roles) {
if (role.getType() == Role.GROUP) {
- addUsers(users, (CmsGroup) role, filter);
+ addUsers(users, (Group) role, filter);
} else if (role.getType() == Role.USER) {
if (match(role, filter))
users.add((CmsUser) role);
public CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
try {
userTransaction.begin();
- CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER);
+ User user = (User) userAdmin.createRole(username, Role.USER);
if (properties != null) {
for (String key : properties.keySet())
user.getProperties().put(key, properties.get(key));
user.getCredentials().put(key, credentials.get(key));
}
userTransaction.commit();
- return user;
+ return (CmsUser) user;
} catch (Exception e) {
try {
userTransaction.rollback();
}
@Override
- public void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
+ public void addObjectClasses(CmsRole role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
try {
userTransaction.begin();
LdapEntry.addObjectClasses(role.getProperties(), objectClasses);
}
@Override
- public void addMember(CmsGroup group, Role role) {
+ public void addMember(CmsGroup group, CmsRole role) {
try {
userTransaction.begin();
- group.addMember(role);
+ ((Group) group).addMember((Role) role);
userTransaction.commit();
} catch (Exception e1) {
try {
}
@Override
- public void removeMember(CmsGroup group, Role role) {
+ public void removeMember(CmsGroup group, CmsRole role) {
try {
userTransaction.begin();
- group.removeMember(role);
+ ((Group) group).removeMember((Role) role);
userTransaction.commit();
} catch (Exception e1) {
try {
}
@Override
- public UserDirectory getDirectory(Role user) {
+ public UserDirectory getDirectory(CmsRole user) {
String name = user.getName();
NavigableMap<String, UserDirectory> possible = new TreeMap<>();
for (UserDirectory userDirectory : userDirectories) {
import org.osgi.service.useradmin.Authorization;
/** An {@link Authorization} which combines roles form various auth sources. */
-class AggregatingAuthorization implements CmsAuthorization {
+class AggregatingAuthorization implements CmsAuthorization, Authorization {
private final String name;
private final String displayName;
private final Set<String> systemRoles;
--- /dev/null
+package org.argeo.cms.osgi.useradmin;
+
+import org.argeo.api.cms.directory.CmsAuthorization;
+import org.osgi.service.useradmin.Authorization;
+
+/** Merging interface between CMS and OSGi user management APIs. */
+interface CmsOsgiAuthorization extends CmsAuthorization, Authorization {
+
+}
--- /dev/null
+package org.argeo.cms.osgi.useradmin;
+
+import org.argeo.api.cms.directory.CmsGroup;
+import org.osgi.service.useradmin.Group;
+
+/** Merging interface between CMS and OSGi user management APIs. */
+interface CmsOsgiGroup extends CmsOsgiUser, CmsGroup, Group {
+
+}
--- /dev/null
+package org.argeo.cms.osgi.useradmin;
+
+import org.argeo.api.cms.directory.CmsRole;
+import org.osgi.service.useradmin.Role;
+
+/** Merging interface between CMS and OSGi user management APIs. */
+interface CmsOsgiRole extends CmsRole, Role {
+
+}
--- /dev/null
+package org.argeo.cms.osgi.useradmin;
+
+import org.argeo.api.cms.directory.CmsUser;
+import org.osgi.service.useradmin.User;
+
+/** Merging interface between CMS and OSGi user management APIs. */
+interface CmsOsgiUser extends CmsOsgiRole, CmsUser, User {
+
+}
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.api.cms.directory.DirectoryDigestUtils;
-import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
}
@Override
- public String getRolePath(Role role) {
+ public String getRolePath(CmsRole role) {
return nameToRelativePath(LdapNameUtils.toLdapName(role.getName()));
}
@Override
- public String getRoleSimpleName(Role role) {
+ public String getRoleSimpleName(CmsRole role) {
LdapName dn = LdapNameUtils.toLdapName(role.getName());
String name = LdapNameUtils.getLastRdnValue(dn);
return name;
}
@Override
- public Role getRoleByPath(String path) {
+ public CmsRole getRoleByPath(String path) {
LdapEntry entry = doGetRole(pathToName(path));
- if (!(entry instanceof Role)) {
+ if (!(entry instanceof CmsRole)) {
return null;
// throw new IllegalStateException("Path must be a UserAdmin Role.");
} else {
- return (Role) entry;
+ return (CmsRole) entry;
}
}
- protected List<Role> getAllRoles(CmsUser user) {
- List<Role> allRoles = new ArrayList<Role>();
+ protected List<CmsOsgiRole> getAllRoles(CmsOsgiUser user) {
+ List<CmsOsgiRole> allRoles = new ArrayList<CmsOsgiRole>();
if (user != null) {
collectRoles((LdapEntry) user, allRoles);
allRoles.add(user);
return allRoles;
}
- private void collectRoles(LdapEntry user, List<Role> allRoles) {
+ private void collectRoles(LdapEntry user, List<CmsOsgiRole> allRoles) {
List<LdapEntry> allEntries = new ArrayList<>();
LdapEntry entry = user;
collectGroups(entry, allEntries);
for (LdapEntry e : allEntries) {
- if (e instanceof Role)
- allRoles.add((Role) e);
+ if (e instanceof CmsOsgiRole)
+ allRoles.add((CmsOsgiRole) e);
}
}
- private void collectAnonymousRoles(List<Role> allRoles) {
+ private void collectAnonymousRoles(List<CmsOsgiRole> allRoles) {
// TODO gather anonymous roles
}
return res.toArray(new Role[res.size()]);
}
- List<CmsUser> getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException {
+ List<CmsOsgiUser> getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException {
LdapEntryWorkingCopy wc = getWorkingCopy();
// Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
List<LdapEntry> searchRes = getDirectoryDao().doGetEntries(searchBase, filter, deep);
- List<CmsUser> res = new ArrayList<>();
+ List<CmsOsgiUser> res = new ArrayList<>();
for (LdapEntry entry : searchRes)
- res.add((CmsUser) entry);
+ res.add((CmsOsgiUser) entry);
if (wc != null) {
- for (Iterator<CmsUser> it = res.iterator(); it.hasNext();) {
- CmsUser user = (CmsUser) it.next();
+ for (Iterator<CmsOsgiUser> it = res.iterator(); it.hasNext();) {
+ CmsOsgiUser user = it.next();
LdapName dn = LdapNameUtils.toLdapName(user.getName());
if (wc.getDeletedData().containsKey(dn))
it.remove();
}
Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
for (LdapEntry ldapEntry : wc.getNewData().values()) {
- CmsUser user = (CmsUser) ldapEntry;
+ CmsOsgiUser user = (CmsOsgiUser) ldapEntry;
if (f == null || f.match(user.getProperties()))
res.add(user);
}
@Override
public User getUser(String key, String value) {
// TODO check value null or empty
- List<CmsUser> collectedUsers = new ArrayList<CmsUser>();
+ List<CmsOsgiUser> collectedUsers = new ArrayList<>();
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
return null;
}
- protected void doGetUser(String key, String value, List<CmsUser> collectedUsers) {
+ protected void doGetUser(String key, String value, List<CmsOsgiUser> collectedUsers) {
String f = "(" + key + "=" + value + ")";
List<LdapEntry> users = getDirectoryDao().doGetEntries(getBaseDn(), f, true);
for (LdapEntry entry : users)
- collectedUsers.add((CmsUser) entry);
+ collectedUsers.add((CmsOsgiUser) entry);
}
@Override
return new LdifAuthorization(user, getAllRoles(null));
}
LdapName userName = toLdapName(user.getName());
- if (isExternal(userName) && user instanceof LdapEntry) {
- List<Role> allRoles = new ArrayList<Role>();
- collectRoles((LdapEntry) user, allRoles);
+ if (isExternal(userName) && user instanceof LdapEntry ldapEntry) {
+ List<CmsOsgiRole> allRoles = new ArrayList<>();
+ collectRoles(ldapEntry, allRoles);
return new LdifAuthorization(user, allRoles);
} else {
return getAuthorizationFromScoped(scopedUserAdmin, user);
}
- if (user instanceof CmsUser) {
- return new LdifAuthorization(user, getAllRoles((CmsUser) user));
+ if (user instanceof CmsOsgiUser u) {
+ return new LdifAuthorization(user, getAllRoles(u));
} else {
// bind with authenticating user
DirectoryUserAdmin scopedUserAdmin = scope(user).orElseThrow();
private Authorization getAuthorizationFromScoped(DirectoryUserAdmin scopedUserAdmin, User user) {
try {
- CmsUser directoryUser = (CmsUser) scopedUserAdmin.getRole(user.getName());
+ CmsOsgiUser directoryUser = (CmsOsgiUser) scopedUserAdmin.getRole(user.getName());
if (directoryUser == null)
throw new IllegalStateException("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
* HIERARCHY
*/
@Override
- public HierarchyUnit getHierarchyUnit(Role role) {
+ public HierarchyUnit getHierarchyUnit(CmsRole role) {
LdapName dn = LdapNameUtils.toLdapName(role.getName());
LdapName huDn = LdapNameUtils.getParent(dn);
HierarchyUnit hierarchyUnit = getDirectoryDao().doGetHierarchyUnit(huDn);
}
@Override
- public Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep) {
+ public Iterable<? extends CmsRole> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep) {
LdapName dn = LdapNameUtils.toLdapName(hierarchyUnit.getBase());
try {
return getRoles(dn, filter, deep);
import org.argeo.api.acr.ldap.LdapAttr;
import org.osgi.service.useradmin.Authorization;
-import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
/** Basic authorization. */
-class LdifAuthorization implements Authorization {
+class LdifAuthorization implements CmsOsgiAuthorization {
private final String name;
private final String displayName;
private final List<String> allRoles;
- public LdifAuthorization(User user, List<Role> allRoles) {
+ public LdifAuthorization(User user, List<CmsOsgiRole> allRoles) {
if (user == null) {
this.name = null;
this.displayName = "anonymous";
package org.argeo.cms.osgi.useradmin;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.directory.Attribute;
import javax.naming.ldap.LdapName;
-import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsRole;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.osgi.service.useradmin.Role;
/** Directory group implementation */
-class LdifGroup extends LdifUser implements CmsGroup {
+class LdifGroup extends LdifUser implements CmsOsgiGroup {
private final String memberAttributeId;
LdifGroup(AbstractLdapDirectory userAdmin, LdapName dn) {
@Override
public Role[] getMembers() {
- List<Role> directMembers = new ArrayList<Role>();
+ Set<CmsOsgiRole> directMembers = new HashSet<>();
for (LdapName ldapName : getReferences(memberAttributeId)) {
- Role role = findRole(ldapName);
+ CmsOsgiRole role = findRole(ldapName);
if (role == null) {
throw new IllegalStateException("Role " + ldapName + " not found.");
}
return directMembers.toArray(new Role[directMembers.size()]);
}
+ @Override
+ public Set<? extends CmsRole> getDirectMembers() {
+ return doGetDirectMembers();
+ }
+
+ protected Set<CmsOsgiRole> doGetDirectMembers() {
+ Set<CmsOsgiRole> directMembers = new HashSet<>();
+ for (LdapName ldapName : getReferences(memberAttributeId)) {
+ CmsOsgiRole role = findRole(ldapName);
+ if (role == null) {
+ throw new IllegalStateException("Role " + ldapName + " not found.");
+ }
+ directMembers.add(role);
+ }
+ return directMembers;
+ }
+
/**
* Whether a role with this name can be found from this context.
*
* @return The related {@link Role} or <code>null</code>.
*/
- protected Role findRole(LdapName ldapName) {
+ protected CmsOsgiRole findRole(LdapName ldapName) {
Role role = getUserAdmin().getRole(ldapName.toString());
if (role == null) {
if (getUserAdmin().getExternalRoles() != null)
role = getUserAdmin().getExternalRoles().getRole(ldapName.toString());
}
- return role;
+ return (CmsOsgiRole) role;
}
// @Override
import javax.naming.ldap.LdapName;
-import org.argeo.api.cms.directory.CmsUser;
+import org.argeo.api.acr.ldap.LdapAttr;
+import org.argeo.cms.auth.UserAdminUtils;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.argeo.cms.directory.ldap.DefaultLdapEntry;
+import org.argeo.cms.util.LangUtils;
/** Directory user implementation */
-class LdifUser extends DefaultLdapEntry implements CmsUser {
+class LdifUser extends DefaultLdapEntry implements CmsOsgiUser {
LdifUser(AbstractLdapDirectory userAdmin, LdapName dn) {
super(userAdmin, dn);
}
return USER;
}
+ public String getDisplayName() {
+ String dName = getPropertyAsString(LdapAttr.displayName);
+ if (LangUtils.isEmpty(dName))
+ dName = getPropertyAsString(LdapAttr.cn);
+ if (LangUtils.isEmpty(dName))
+ dName = getPropertyAsString(LdapAttr.uid);
+ if (LangUtils.isEmpty(dName))
+ dName = UserAdminUtils.getUserLocalId(getName());
+ return dName;
+ }
+
}
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
-import java.util.Comparator;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.HashMap;
/** Utilities around Java basic features. */
public class LangUtils {
/*
- * NON-API OSGi
+ * OBJECTS and STRINGS
*/
/**
- * Returns an array with the names of the provided classes. Useful when
- * registering services with multiple interfaces in OSGi.
+ * Whether this {@link String} is <code>null</null>, empty, or only white
+ * spaces.
*/
- public static String[] names(Class<?>... clzz) {
- String[] res = new String[clzz.length];
- for (int i = 0; i < clzz.length; i++)
- res[i] = clzz[i].getName();
- return res;
+ public static boolean isEmpty(String str) {
+ return str == null || "".equals(str.strip());
}
-// /*
-// * MAP
-// */
-// /**
-// * Creates a new {@link Map} with one key-value pair. Key should not be null,
-// * but if the value is null, it returns an empty {@link Map}.
-// *
-// * @deprecated Use {@link Collections#singletonMap(Object, Object)} instead.
-// */
-// @Deprecated
-// public static Map<String, Object> map(String key, Object value) {
-// assert key != null;
-// HashMap<String, Object> props = new HashMap<>();
-// if (value != null)
-// props.put(key, value);
-// return props;
-// }
-
/*
* DICTIONARY
*/
return count > 1 ? count + " seconds" : count + " second";
}
+ /*
+ * NON-API OSGi
+ */
+ /**
+ * Returns an array with the names of the provided classes. Useful when
+ * registering services with multiple interfaces in OSGi.
+ */
+ public static String[] names(Class<?>... clzz) {
+ String[] res = new String[clzz.length];
+ for (int i = 0; i < clzz.length; i++)
+ res[i] = clzz[i].getName();
+ return res;
+ }
+
/** Singleton constructor. */
private LangUtils() {