Remoting working

Clean up code

git-svn-id: https://svn.argeo.org/commons/trunk@8403 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java
index 189dd08d769b14f602391c14961caa98308e07fa..08dad56b803c28bedf147e9e055ffa214e247e21 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java
@@ -84,14 +84,6 @@ final class Kernel implements ServiceListener {
                try {
                        // Transaction
                        transactionManager = new SimpleTransactionManager();
-                       bundleContext.registerService(TransactionManager.class,
-                                       transactionManager, null);
-                       bundleContext.registerService(UserTransaction.class,
-                                       transactionManager, null);
-                       bundleContext.registerService(
-                                       TransactionSynchronizationRegistry.class,
-                                       transactionManager.getTransactionSynchronizationRegistry(),
-                                       null);
 
                        // Jackrabbit node
                        node = new JackrabbitNode(bundleContext);
@@ -105,7 +97,7 @@ final class Kernel implements ServiceListener {
 
                        // Equinox dependency
                        ExtendedHttpService httpService = waitForHttpService();
-                       nodeHttp = new NodeHttp(httpService, node, nodeSecurity);
+                       nodeHttp = new NodeHttp(httpService, node);
 
                        // Kernel thread
                        kernelThread = new KernelThread(this);
@@ -113,6 +105,14 @@ final class Kernel implements ServiceListener {
                        kernelThread.start();
 
                        // Publish services to OSGi
+                       bundleContext.registerService(TransactionManager.class,
+                                       transactionManager, null);
+                       bundleContext.registerService(UserTransaction.class,
+                                       transactionManager, null);
+                       bundleContext.registerService(
+                                       TransactionSynchronizationRegistry.class,
+                                       transactionManager.getTransactionSynchronizationRegistry(),
+                                       null);
                        nodeSecurity.publish();
                        node.publish(repositoryFactory);
                        bundleContext.registerService(RepositoryFactory.class,

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java
index 579138c0f2e111965eb5b0748941322563af9c76..1d7e0868e1e6102bce439f7d7ad31fb3c3aec64a 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelUtils.java
@@ -3,25 +3,19 @@ package org.argeo.cms.internal.kernel;
 import java.io.File;
 import java.io.IOException;
 import java.net.URI;
-import java.util.Collections;
 import java.util.Dictionary;
 import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.List;
 import java.util.Properties;
 
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.argeo.cms.CmsException;
 import org.argeo.cms.KernelHeader;
-import org.argeo.cms.internal.auth.GrantedAuthorityPrincipal;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
 
 /** Package utilities */
 class KernelUtils implements KernelConstants {
@@ -76,25 +70,38 @@ class KernelUtils implements KernelConstants {
        }
 
        // Security
-       @Deprecated
-       static void anonymousLogin(AuthenticationManager authenticationManager) {
+       static Subject anonymousLogin() {
+               Subject subject = new Subject();
+               LoginContext lc;
                try {
-                       List<GrantedAuthorityPrincipal> anonAuthorities = Collections
-                                       .singletonList(new GrantedAuthorityPrincipal(
-                                                       KernelHeader.ROLE_ANONYMOUS));
-                       UserDetails anonUser = new User(KernelHeader.USERNAME_ANONYMOUS,
-                                       "", true, true, true, true, anonAuthorities);
-                       AnonymousAuthenticationToken anonToken = new AnonymousAuthenticationToken(
-                                       DEFAULT_SECURITY_KEY, anonUser, anonAuthorities);
-                       Authentication authentication = authenticationManager
-                                       .authenticate(anonToken);
-                       SecurityContextHolder.getContext()
-                                       .setAuthentication(authentication);
-               } catch (Exception e) {
-                       throw new CmsException("Cannot authenticate", e);
+                       lc = new LoginContext(KernelHeader.LOGIN_CONTEXT_ANONYMOUS, subject);
+                       lc.login();
+                       return subject;
+               } catch (LoginException e) {
+                       throw new CmsException("Cannot login as anonymous", e);
                }
        }
 
+       // @Deprecated
+       // static void anonymousLogin(AuthenticationManager authenticationManager) {
+       // try {
+       // List<GrantedAuthorityPrincipal> anonAuthorities = Collections
+       // .singletonList(new GrantedAuthorityPrincipal(
+       // KernelHeader.ROLE_ANONYMOUS));
+       // UserDetails anonUser = new User(KernelHeader.USERNAME_ANONYMOUS,
+       // "", true, true, true, true, anonAuthorities);
+       // AnonymousAuthenticationToken anonToken = new
+       // AnonymousAuthenticationToken(
+       // DEFAULT_SECURITY_KEY, anonUser, anonAuthorities);
+       // Authentication authentication = authenticationManager
+       // .authenticate(anonToken);
+       // SecurityContextHolder.getContext()
+       // .setAuthentication(authentication);
+       // } catch (Exception e) {
+       // throw new CmsException("Cannot authenticate", e);
+       // }
+       // }
+
        // HTTP
        static void logRequestHeaders(Log log, HttpServletRequest request) {
                if (!log.isDebugEnabled())

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
index 9a35e279ce28164ba6d53c79367c3b0f1021a2f8..964ada11e52cb523120a842dd34be7e44a866e7a 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeHttp.java
@@ -1,14 +1,21 @@
 package org.argeo.cms.internal.kernel;
 
-import static org.argeo.jackrabbit.servlet.WebdavServlet.INIT_PARAM_RESOURCE_CONFIG;
-
 import java.io.IOException;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Properties;
 import java.util.StringTokenizer;
 
 import javax.jcr.Repository;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
 import javax.servlet.FilterChain;
 import javax.servlet.Servlet;
 import javax.servlet.ServletException;
@@ -20,17 +27,13 @@ import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.cms.CmsException;
+import org.argeo.cms.KernelHeader;
 import org.argeo.jackrabbit.servlet.OpenInViewSessionProvider;
 import org.argeo.jackrabbit.servlet.RemotingServlet;
 import org.argeo.jackrabbit.servlet.WebdavServlet;
 import org.argeo.jcr.ArgeoJcrConstants;
-import org.argeo.security.NodeAuthenticationToken;
 import org.eclipse.equinox.http.servlet.ExtendedHttpService;
 import org.osgi.service.http.NamespaceException;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * Intercepts and enriches http access, mainly focusing on security and
@@ -43,7 +46,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
        private final static String HEADER_AUTHORIZATION = "Authorization";
        private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
-       private final AuthenticationManager authenticationManager;
+       // private final AuthenticationManager authenticationManager;
        private final ExtendedHttpService httpService;
 
        // FIXME Make it more unique
@@ -57,10 +60,9 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
        // WebDav / JCR remoting
        private OpenInViewSessionProvider sessionProvider;
 
-       NodeHttp(ExtendedHttpService httpService, JackrabbitNode node,
-                       NodeSecurity authenticationManager) {
+       NodeHttp(ExtendedHttpService httpService, JackrabbitNode node) {
                // this.bundleContext = bundleContext;
-               this.authenticationManager = authenticationManager;
+               // this.authenticationManager = authenticationManager;
 
                this.httpService = httpService;
 
@@ -108,7 +110,7 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                String pathPrefix = anonymous ? WEBDAV_PUBLIC : WEBDAV_PRIVATE;
                String path = pathPrefix + "/" + alias;
                Properties ip = new Properties();
-               ip.setProperty(INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG);
+               ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_CONFIG, WEBDAV_CONFIG);
                ip.setProperty(WebdavServlet.INIT_PARAM_RESOURCE_PATH_PREFIX, path);
                httpService.registerFilter(path, anonymous ? new AnonymousFilter()
                                : new DavFilter(), null, null);
@@ -149,24 +151,35 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                httpSession.setAttribute(ATTR_AUTH, Boolean.TRUE);
        }
 
-       private NodeAuthenticationToken basicAuth(String authHeader) {
+       private CallbackHandler basicAuth(String authHeader) {
                if (authHeader != null) {
                        StringTokenizer st = new StringTokenizer(authHeader);
                        if (st.hasMoreTokens()) {
                                String basic = st.nextToken();
                                if (basic.equalsIgnoreCase("Basic")) {
                                        try {
+                                               // TODO manipulate char[]
                                                String credentials = new String(Base64.decodeBase64(st
                                                                .nextToken()), "UTF-8");
                                                // log.debug("Credentials: " + credentials);
                                                int p = credentials.indexOf(":");
                                                if (p != -1) {
-                                                       String login = credentials.substring(0, p).trim();
-                                                       String password = credentials.substring(p + 1)
+                                                       final String login = credentials.substring(0, p)
                                                                        .trim();
-
-                                                       return new NodeAuthenticationToken(login,
-                                                                       password.toCharArray());
+                                                       final char[] password = credentials
+                                                                       .substring(p + 1).trim().toCharArray();
+
+                                                       return new CallbackHandler() {
+                                                               public void handle(Callback[] callbacks) {
+                                                                       for (Callback cb : callbacks) {
+                                                                               if (cb instanceof NameCallback)
+                                                                                       ((NameCallback) cb).setName(login);
+                                                                               else if (cb instanceof PasswordCallback)
+                                                                                       ((PasswordCallback) cb)
+                                                                                                       .setPassword(password);
+                                                                       }
+                                                               }
+                                                       };
                                                } else {
                                                        throw new CmsException(
                                                                        "Invalid authentication token");
@@ -275,8 +288,10 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
        private class AnonymousFilter extends HttpFilter {
                @Override
                public void doFilter(HttpSession httpSession,
-                               HttpServletRequest request, HttpServletResponse response,
-                               FilterChain filterChain) throws IOException, ServletException {
+                               final HttpServletRequest request,
+                               final HttpServletResponse response,
+                               final FilterChain filterChain) throws IOException,
+                               ServletException {
 
                        // Authenticate from session
                        // if (isSessionAuthenticated(httpSession)) {
@@ -284,8 +299,22 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
                        // return;
                        // }
 
-                       KernelUtils.anonymousLogin(authenticationManager);
-                       filterChain.doFilter(request, response);
+                       Subject subject = KernelUtils.anonymousLogin();
+                       try {
+                               Subject.doAs(subject, new PrivilegedExceptionAction<Void>() {
+                                       public Void run() throws IOException, ServletException {
+                                               filterChain.doFilter(request, response);
+                                               return null;
+                                       }
+                               });
+                       } catch (PrivilegedActionException e) {
+                               if (e.getCause() instanceof ServletException)
+                                       throw (ServletException) e.getCause();
+                               else if (e.getCause() instanceof IOException)
+                                       throw (IOException) e.getCause();
+                               else
+                                       throw new CmsException("Unexpected exception", e.getCause());
+                       }
                }
        }
 
@@ -294,25 +323,47 @@ class NodeHttp implements KernelConstants, ArgeoJcrConstants {
 
                @Override
                public void doFilter(HttpSession httpSession,
-                               HttpServletRequest request, HttpServletResponse response,
-                               FilterChain filterChain) throws IOException, ServletException {
-
-                       // Authenticate from session
-                       // if (isSessionAuthenticated(httpSession)) {
-                       // filterChain.doFilter(request, response);
-                       // return;
-                       // }
+                               final HttpServletRequest request,
+                               final HttpServletResponse response,
+                               final FilterChain filterChain) throws IOException,
+                               ServletException {
 
                        // Process basic auth
                        String basicAuth = request.getHeader(HEADER_AUTHORIZATION);
                        if (basicAuth != null) {
-                               UsernamePasswordAuthenticationToken token = basicAuth(basicAuth);
-                               Authentication auth = authenticationManager.authenticate(token);
-                               SecurityContextHolder.getContext().setAuthentication(auth);
-                               // httpSession.setAttribute(SPRING_SECURITY_CONTEXT_KEY,
-                               // SecurityContextHolder.getContext());
-                               // httpSession.setAttribute(ATTR_AUTH, Boolean.FALSE);
-                               filterChain.doFilter(request, response);
+                               CallbackHandler token = basicAuth(basicAuth);
+                               // FIXME Login
+                               // Authentication auth =
+                               // authenticationManager.authenticate(token);
+                               // SecurityContextHolder.getContext().setAuthentication(auth);
+                               // filterChain.doFilter(request, response);
+                               Subject subject;
+                               try {
+                                       LoginContext lc = new LoginContext(
+                                                       KernelHeader.LOGIN_CONTEXT_USER, token);
+                                       lc.login();
+                                       subject = lc.getSubject();
+                               } catch (LoginException e) {
+                                       throw new CmsException("Could not login", e);
+                               }
+                               try {
+                                       Subject.doAs(subject,
+                                                       new PrivilegedExceptionAction<Void>() {
+                                                               public Void run() throws IOException,
+                                                                               ServletException {
+                                                                       filterChain.doFilter(request, response);
+                                                                       return null;
+                                                               }
+                                                       });
+                               } catch (PrivilegedActionException e) {
+                                       if (e.getCause() instanceof ServletException)
+                                               throw (ServletException) e.getCause();
+                                       else if (e.getCause() instanceof IOException)
+                                               throw (IOException) e.getCause();
+                                       else
+                                               throw new CmsException("Unexpected exception",
+                                                               e.getCause());
+                               }
                                return;
                        }
 

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
index e396ca09e6b7d5e0e0b0c314b0715505d09789d3..9227eaeb9af02d389cca96b09b909f1b45383863 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
@@ -26,7 +26,6 @@ import org.argeo.osgi.useradmin.AbstractUserDirectory;
 import org.argeo.osgi.useradmin.LdapProperties;
 import org.argeo.osgi.useradmin.LdapUserAdmin;
 import org.argeo.osgi.useradmin.LdifUserAdmin;
-import org.argeo.osgi.useradmin.UserAdminAggregator;
 import org.argeo.osgi.useradmin.UserDirectoryException;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
@@ -34,7 +33,7 @@ import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
 import org.osgi.service.useradmin.UserAdmin;
 
-public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
+public class NodeUserAdmin implements UserAdmin {
        private final static Log log = LogFactory.getLog(NodeUserAdmin.class);
        final static LdapName ROLES_BASE;
        static {
@@ -49,8 +48,6 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
        private UserAdmin nodeRoles = null;
        private Map<LdapName, UserAdmin> userAdmins = new HashMap<LdapName, UserAdmin>();
 
-       private TransactionManager transactionManager;
-
        public NodeUserAdmin() {
                File osgiInstanceDir = KernelUtils.getOsgiInstanceDir();
                File nodeBaseDir = new File(osgiInstanceDir, "node");
@@ -207,6 +204,9 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
 
        @Override
        public Authorization getAuthorization(User user) {
+               if (user == null) {
+                       return nodeRoles.getAuthorization(null);
+               }
                UserAdmin userAdmin = findUserAdmin(user.getName());
                Authorization rawAuthorization = userAdmin.getAuthorization(user);
                // gather system roles
@@ -224,7 +224,6 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
        //
        // USER ADMIN AGGREGATOR
        //
-       @Override
        public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) {
                if (baseDn.equals(KernelHeader.ROLES_BASEDN)) {
                        nodeRoles = userAdmin;
@@ -242,7 +241,6 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
                }
        }
 
-       @Override
        public synchronized void removeUserAdmin(String baseDn) {
                if (baseDn.equals(KernelHeader.ROLES_BASEDN))
                        throw new UserDirectoryException("Node roles cannot be removed.");
@@ -285,7 +283,6 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator {
        }
 
        public void setTransactionManager(TransactionManager transactionManager) {
-               this.transactionManager = transactionManager;
                if (nodeRoles instanceof AbstractUserDirectory)
                        ((AbstractUserDirectory) nodeRoles)
                                        .setTransactionManager(transactionManager);

diff --git a/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHander.java b/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHander.java
deleted file mode 100644 (file)
index 60510b5..0000000
--- a/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHander.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.argeo.osgi.auth;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.osgi.framework.BundleContext;
-
-public class BundleContextCallbackHander implements CallbackHandler {
-       private final BundleContext bundleContext;
-
-       public BundleContextCallbackHander(BundleContext bundleContext) {
-               this.bundleContext = bundleContext;
-       }
-
-       @Override
-       public void handle(Callback[] callbacks) throws IOException,
-                       UnsupportedCallbackException {
-               for (Callback callback : callbacks) {
-                       if (!(callback instanceof BundleContextCallback))
-                               throw new UnsupportedCallbackException(callback);
-                       ((BundleContextCallback) callback).setBundleContext(bundleContext);
-               }
-
-       }
-
-}

diff --git a/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHandler.java b/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHandler.java
new file mode 100644 (file)
index 0000000..37733e0
--- /dev/null
+++ b/org.argeo.security.core/src/org/argeo/osgi/auth/BundleContextCallbackHandler.java
@@ -0,0 +1,29 @@
+package org.argeo.osgi.auth;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.osgi.framework.BundleContext;
+
+public class BundleContextCallbackHandler implements CallbackHandler {
+       private final BundleContext bundleContext;
+
+       public BundleContextCallbackHandler(BundleContext bundleContext) {
+               this.bundleContext = bundleContext;
+       }
+
+       @Override
+       public void handle(Callback[] callbacks) throws IOException,
+                       UnsupportedCallbackException {
+               for (Callback callback : callbacks) {
+                       if (!(callback instanceof BundleContextCallback))
+                               throw new UnsupportedCallbackException(callback);
+                       ((BundleContextCallback) callback).setBundleContext(bundleContext);
+               }
+
+       }
+
+}

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 95e1fc0b6bfada624a72f31a542e3aee0d3cf07f..f689400025b26721b41a5c19b34536d17f7bd169 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -26,7 +26,6 @@ import javax.naming.ldap.Rdn;
 import javax.transaction.SystemException;
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
-import javax.transaction.TransactionSynchronizationRegistry;
 import javax.transaction.xa.XAException;
 import javax.transaction.xa.XAResource;
 import javax.transaction.xa.Xid;
@@ -209,6 +208,7 @@ public abstract class AbstractUserDirectory implements UserAdmin {
                return user;
        }
 
+       @SuppressWarnings("unchecked")
        @Override
        public Role[] getRoles(String filter) throws InvalidSyntaxException {
                WorkingCopy wc = getWorkingCopy();
@@ -411,6 +411,10 @@ public abstract class AbstractUserDirectory implements UserAdmin {
                return groupObjectClass;
        }
 
+       protected Dictionary<String, ?> getProperties() {
+               return properties;
+       }
+
        public void setExternalRoles(UserAdmin externalRoles) {
                this.externalRoles = externalRoles;
        }

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifAuthorization.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifAuthorization.java
index 3a2aeca2ea5c2715a58ee84815d82b700b82819f..147001b0a0701a4ad95c8e996f2aeaebdec48719 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifAuthorization.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifAuthorization.java
@@ -14,6 +14,7 @@ public class LdifAuthorization implements Authorization {
        private final String displayName;
        private final List<String> allRoles;
 
+       @SuppressWarnings("unchecked")
        public LdifAuthorization(User user, List<Role> allRoles) {
                if (user == null) {
                        this.name = null;

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
index 9bf558b313b274a035d272a4db62d0f87db01381..750d6a82a0537903e7d210c76a18e128aa5a184b 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -89,6 +89,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                }
        }
 
+       @SuppressWarnings("unchecked")
        protected void load(InputStream in) {
                try {
                        users.clear();
@@ -112,16 +113,12 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                                }
                        }
 
-                       // optimise
-                       // for (LdifGroup group : groups.values())
-                       // loadMembers(group);
-
                        // indexes
                        for (String attr : getIndexedUserProperties())
                                userIndexes.put(attr, new TreeMap<String, DirectoryUser>());
 
                        for (DirectoryUser user : users.values()) {
-                               Dictionary<String, Object> properties = user.getProperties();
+                               Dictionary<String, ?> properties = user.getProperties();
                                for (String attr : getIndexedUserProperties()) {
                                        Object value = properties.get(attr);
                                        if (value != null) {
@@ -160,25 +157,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                return users.containsKey(dn) || groups.containsKey(dn);
        }
 
-       // @Override
-       // public boolean removeRole(String name) {
-       // LdapName dn = toDn(name);
-       // LdifUser role = null;
-       // if (users.containsKey(dn))
-       // role = users.remove(dn);
-       // else if (groups.containsKey(dn))
-       // role = groups.remove(dn);
-       // else
-       // throw new UserDirectoryException("There is no role " + name);
-       // if (role == null)
-       // return false;
-       // for (LdifGroup group : getDirectGroups(role)) {
-       // group.getAttributes().get(getMemberAttributeId())
-       // .remove(dn.toString());
-       // }
-       // return true;
-       // }
-
+       @SuppressWarnings("unchecked")
        protected List<DirectoryUser> doGetRoles(Filter f) {
                ArrayList<DirectoryUser> res = new ArrayList<DirectoryUser>();
                if (f == null) {

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminAggregator.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminAggregator.java
deleted file mode 100644 (file)
index 9113117..0000000
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminAggregator.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package org.argeo.osgi.useradmin;
-
-import org.osgi.service.useradmin.UserAdmin;
-
-public interface UserAdminAggregator {
-       public void addUserAdmin(String baseDn, UserAdmin userAdmin);
-
-       public void removeUserAdmin(String baseDn);
-}

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminWorkingCopy.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminWorkingCopy.java
deleted file mode 100644 (file)
index 7103d7a..0000000
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserAdminWorkingCopy.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package org.argeo.osgi.useradmin;
-
-import org.osgi.service.useradmin.Role;
-import org.osgi.service.useradmin.UserAdmin;
-
-public interface UserAdminWorkingCopy extends UserAdmin {
-       public void commit();
-
-       public void rollback();
-
-       public Boolean isEditable(Role role);
-
-       public <T extends Role> T getPublished(T role);
-}

diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserDirectoryTransaction.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserDirectoryTransaction.java
deleted file mode 100644 (file)
index 24e3cbe..0000000
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/UserDirectoryTransaction.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.argeo.osgi.useradmin;
-
-import javax.transaction.UserTransaction;
-
-import org.osgi.service.useradmin.UserAdmin;
-
-class UserDirectoryTransaction {
-       static ThreadLocal<UserDirectoryTransaction> current = new ThreadLocal<UserDirectoryTransaction>();
-
-       private UserAdmin userAdmin;
-
-       private UserTransaction userTransaction;
-
-       public UserDirectoryTransaction(UserAdmin userAdmin) {
-               this.userAdmin = userAdmin;
-               if (current.get() != null)
-                       throw new UserDirectoryException("Transaction " + current.get()
-                                       + " already active.");
-               current.set(this);
-       }
-
-       public void setUserTransaction(UserTransaction userTransaction) {
-               this.userTransaction = userTransaction;
-       }
-
-}

diff --git a/org.argeo.security.ui/src/org/argeo/security/ui/commands/OpenChangePasswordDialog.java b/org.argeo.security.ui/src/org/argeo/security/ui/commands/OpenChangePasswordDialog.java
index b930b66338d681bd41dbd4d49ef987b4b7411e78..560cc8bc9f3de093a340288e192dc5ad7ffabdc5 100644 (file)
--- a/org.argeo.security.ui/src/org/argeo/security/ui/commands/OpenChangePasswordDialog.java
+++ b/org.argeo.security.ui/src/org/argeo/security/ui/commands/OpenChangePasswordDialog.java
@@ -63,6 +63,7 @@ public class OpenChangePasswordDialog extends AbstractHandler {
                return null;
        }
 
+       @SuppressWarnings("unchecked")
        protected void changePassword(char[] oldPassword, char[] newPassword) {
                Subject subject = Subject.getSubject(AccessController.getContext());
                String name = subject.getPrincipals(X500Principal.class).iterator()

diff --git a/org.argeo.security.ui/src/org/argeo/security/ui/views/UserProfile.java b/org.argeo.security.ui/src/org/argeo/security/ui/views/UserProfile.java
index dd7f6cdd297e182b86dbf974beb7350936249c85..83438e8aae5130f481ee0c0dea3a9eaf02de80a4 100644 (file)
--- a/org.argeo.security.ui/src/org/argeo/security/ui/views/UserProfile.java
+++ b/org.argeo.security.ui/src/org/argeo/security/ui/views/UserProfile.java
@@ -30,7 +30,6 @@ import org.eclipse.swt.layout.GridLayout;
 import org.eclipse.swt.widgets.Composite;
 import org.eclipse.swt.widgets.Table;
 import org.eclipse.ui.part.ViewPart;
-import org.springframework.security.core.Authentication;
 
 /** Information about the currently logged in user */
 public class UserProfile extends ViewPart {