1 package org
.argeo
.cms
.internal
.runtime
;
3 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.cn
;
4 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.description
;
5 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.owner
;
7 import java
.time
.ZoneOffset
;
8 import java
.time
.ZonedDateTime
;
9 import java
.util
.ArrayList
;
10 import java
.util
.Arrays
;
11 import java
.util
.Dictionary
;
12 import java
.util
.HashMap
;
13 import java
.util
.HashSet
;
14 import java
.util
.List
;
16 import java
.util
.NavigableMap
;
17 import java
.util
.Objects
;
19 import java
.util
.TreeMap
;
20 import java
.util
.TreeSet
;
21 import java
.util
.UUID
;
23 import javax
.naming
.InvalidNameException
;
24 import javax
.naming
.ldap
.LdapName
;
25 import javax
.security
.auth
.Subject
;
26 import javax
.xml
.namespace
.QName
;
28 import org
.argeo
.api
.acr
.NamespaceUtils
;
29 import org
.argeo
.api
.acr
.ldap
.LdapAttr
;
30 import org
.argeo
.api
.acr
.ldap
.NamingUtils
;
31 import org
.argeo
.api
.cms
.CmsConstants
;
32 import org
.argeo
.api
.cms
.CmsLog
;
33 import org
.argeo
.api
.cms
.directory
.CmsGroup
;
34 import org
.argeo
.api
.cms
.directory
.CmsUser
;
35 import org
.argeo
.api
.cms
.directory
.CmsUserManager
;
36 import org
.argeo
.api
.cms
.directory
.HierarchyUnit
;
37 import org
.argeo
.api
.cms
.directory
.UserDirectory
;
38 import org
.argeo
.api
.cms
.transaction
.WorkTransaction
;
39 import org
.argeo
.cms
.CurrentUser
;
40 import org
.argeo
.cms
.auth
.UserAdminUtils
;
41 import org
.argeo
.cms
.directory
.ldap
.LdapEntry
;
42 import org
.argeo
.cms
.directory
.ldap
.SharedSecret
;
43 import org
.argeo
.cms
.osgi
.useradmin
.AggregatingUserAdmin
;
44 import org
.argeo
.cms
.osgi
.useradmin
.TokenUtils
;
45 import org
.argeo
.cms
.runtime
.DirectoryConf
;
46 import org
.osgi
.framework
.InvalidSyntaxException
;
47 import org
.osgi
.service
.useradmin
.Authorization
;
48 import org
.osgi
.service
.useradmin
.Group
;
49 import org
.osgi
.service
.useradmin
.Role
;
50 import org
.osgi
.service
.useradmin
.User
;
51 import org
.osgi
.service
.useradmin
.UserAdmin
;
54 * Canonical implementation of the people {@link CmsUserManager}. Wraps
55 * interaction with users and groups.
57 * In a *READ-ONLY* mode. We want to be able to:
59 * <li>Retrieve my user and corresponding information (main info,
61 * <li>List all local groups (not the system roles)</li>
62 * <li>If sufficient rights: retrieve a given user and its information</li>
65 public class CmsUserManagerImpl
implements CmsUserManager
{
66 private final static CmsLog log
= CmsLog
.getLog(CmsUserManagerImpl
.class);
68 private UserAdmin userAdmin
;
69 // private Map<String, String> serviceProperties;
70 private WorkTransaction userTransaction
;
72 private final String
[] knownProps
= { LdapAttr
.cn
.name(), LdapAttr
.sn
.name(), LdapAttr
.givenName
.name(),
73 LdapAttr
.uid
.name() };
75 // private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
76 // .synchronizedMap(new LinkedHashMap<>());
78 private Set
<UserDirectory
> userDirectories
= new HashSet
<>();
81 log
.debug(() -> "CMS user manager available");
89 public String
getMyMail() {
90 return getUserMail(CurrentUser
.getUsername());
94 public Role
[] getRoles(String filter
) {
96 return userAdmin
.getRoles(filter
);
97 } catch (InvalidSyntaxException e
) {
98 throw new IllegalArgumentException("Invalid filter " + filter
, e
);
102 // ALL USER: WARNING access to this will be later reduced
104 /** Retrieve a user given his dn, or <code>null</code> if it doesn't exist. */
105 public CmsUser
getUser(String dn
) {
106 return (CmsUser
) getUserAdmin().getRole(dn
);
109 /** Can be a group or a user */
110 public String
getUserDisplayName(String dn
) {
111 // FIXME: during initialisation phase, the system logs "admin" as user
112 // name rather than the corresponding dn
113 if ("admin".equals(dn
))
114 return "System Administrator";
116 return UserAdminUtils
.getUserDisplayName(getUserAdmin(), dn
);
120 public String
getUserMail(String dn
) {
121 return UserAdminUtils
.getUserMail(getUserAdmin(), dn
);
124 /** Lists all roles of the given user */
126 public String
[] getUserRoles(String dn
) {
127 Authorization currAuth
= getUserAdmin().getAuthorization(getUser(dn
));
128 return currAuth
.getRoles();
132 public boolean isUserInRole(String userDn
, String roleDn
) {
133 String
[] roles
= getUserRoles(userDn
);
134 for (String role
: roles
) {
135 if (role
.equalsIgnoreCase(roleDn
))
141 public Set
<CmsUser
> listUsersInGroup(String groupDn
, String filter
) {
142 Group group
= (Group
) userAdmin
.getRole(groupDn
);
144 throw new IllegalArgumentException("Group " + groupDn
+ " not found");
145 Set
<CmsUser
> users
= new HashSet
<>();
146 addUsers(users
, group
, filter
);
151 // public Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep) {
152 // if(!hierarchyUnit.isFunctional())
153 // throw new IllegalArgumentException("Hierarchy unit "+hierarchyUnit.getBase()+" is not functional");
154 // UserDirectory directory = (UserDirectory)hierarchyUnit.getDirectory();
155 // Set<User> res = new HashSet<>();
156 // for(HierarchyUnit technicalHu:hierarchyUnit.getDirectHierarchyUnits(false)) {
157 // if(technicalHu.isFunctional())
159 // for(Role role:directory.getHierarchyUnitRoles(technicalHu, null, false)) {
166 /** Recursively add users to list */
167 private void addUsers(Set
<CmsUser
> users
, Group group
, String filter
) {
168 Role
[] roles
= group
.getMembers();
169 for (Role role
: roles
) {
170 if (role
.getType() == Role
.GROUP
) {
171 addUsers(users
, (CmsGroup
) role
, filter
);
172 } else if (role
.getType() == Role
.USER
) {
173 if (match(role
, filter
))
174 users
.add((CmsUser
) role
);
181 public List
<CmsUser
> listGroups(String filter
, boolean includeUsers
, boolean includeSystemRoles
) {
184 roles
= getUserAdmin().getRoles(filter
);
185 } catch (InvalidSyntaxException e
) {
186 throw new IllegalArgumentException("Unable to get roles with filter: " + filter
, e
);
189 List
<CmsUser
> users
= new ArrayList
<>();
190 for (Role role
: roles
) {
191 if ((includeUsers
&& role
.getType() == Role
.USER
|| role
.getType() == Role
.GROUP
) && !users
.contains(role
)
192 && (includeSystemRoles
193 || !role
.getName().toLowerCase().endsWith(CmsConstants
.SYSTEM_ROLES_BASEDN
))) {
194 if (match(role
, filter
))
195 users
.add((CmsUser
) role
);
201 private boolean match(Role role
, String filter
) {
202 boolean doFilter
= filter
!= null && !"".equals(filter
);
204 for (String prop
: knownProps
) {
205 Object currProp
= null;
207 currProp
= role
.getProperties().get(prop
);
208 } catch (Exception e
) {
211 if (currProp
!= null) {
212 String currPropStr
= ((String
) currProp
).toLowerCase();
213 if (currPropStr
.contains(filter
.toLowerCase())) {
224 public CmsUser
getUserFromLocalId(String localId
) {
225 CmsUser user
= (CmsUser
) getUserAdmin().getUser(LdapAttr
.uid
.name(), localId
);
227 user
= (CmsUser
) getUserAdmin().getUser(LdapAttr
.cn
.name(), localId
);
232 public String
buildDefaultDN(String localId
, int type
) {
233 return buildDistinguishedName(localId
, getDefaultDomainName(), type
);
240 public CmsUser
createUser(String username
, Map
<String
, Object
> properties
, Map
<String
, Object
> credentials
) {
242 userTransaction
.begin();
243 CmsUser user
= (CmsUser
) userAdmin
.createRole(username
, Role
.USER
);
244 if (properties
!= null) {
245 for (String key
: properties
.keySet())
246 user
.getProperties().put(key
, properties
.get(key
));
248 if (credentials
!= null) {
249 for (String key
: credentials
.keySet())
250 user
.getCredentials().put(key
, credentials
.get(key
));
252 userTransaction
.commit();
254 } catch (Exception e
) {
256 userTransaction
.rollback();
257 } catch (Exception e1
) {
258 log
.error("Could not roll back", e1
);
260 if (e
instanceof RuntimeException
)
261 throw (RuntimeException
) e
;
263 throw new RuntimeException("Cannot create user " + username
, e
);
268 public CmsGroup
createGroup(String dn
) {
270 userTransaction
.begin();
271 CmsGroup group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
272 userTransaction
.commit();
274 } catch (Exception e
) {
276 userTransaction
.rollback();
277 } catch (Exception e1
) {
278 log
.error("Could not roll back", e1
);
280 if (e
instanceof RuntimeException
)
281 throw (RuntimeException
) e
;
283 throw new RuntimeException("Cannot create group " + dn
, e
);
288 public CmsGroup
getOrCreateGroup(HierarchyUnit groups
, String commonName
) {
289 String dn
= LdapAttr
.cn
.name() + "=" + commonName
+ "," + groups
.getBase();
290 CmsGroup group
= (CmsGroup
) getUserAdmin().getRole(dn
);
294 userTransaction
.begin();
295 group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
296 userTransaction
.commit();
298 } catch (Exception e
) {
300 userTransaction
.rollback();
301 } catch (Exception e1
) {
302 log
.error("Could not roll back", e1
);
304 if (e
instanceof RuntimeException
)
305 throw (RuntimeException
) e
;
307 throw new RuntimeException("Cannot create group " + commonName
+ " in " + groups
, e
);
312 public CmsGroup
getOrCreateSystemRole(HierarchyUnit roles
, QName systemRole
) {
313 String dn
= LdapAttr
.cn
.name() + "=" + NamespaceUtils
.toPrefixedName(systemRole
) + "," + roles
.getBase();
314 CmsGroup group
= (CmsGroup
) getUserAdmin().getRole(dn
);
318 userTransaction
.begin();
319 group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
320 userTransaction
.commit();
322 } catch (Exception e
) {
324 userTransaction
.rollback();
325 } catch (Exception e1
) {
326 log
.error("Could not roll back", e1
);
328 if (e
instanceof RuntimeException
)
329 throw (RuntimeException
) e
;
331 throw new RuntimeException("Cannot create system role " + systemRole
+ " in " + roles
, e
);
336 public HierarchyUnit
getOrCreateHierarchyUnit(UserDirectory directory
, String path
) {
337 HierarchyUnit hi
= directory
.getHierarchyUnit(path
);
341 userTransaction
.begin();
342 HierarchyUnit hierarchyUnit
= directory
.createHierarchyUnit(path
);
343 userTransaction
.commit();
344 return hierarchyUnit
;
345 } catch (Exception e1
) {
347 if (!userTransaction
.isNoTransactionStatus())
348 userTransaction
.rollback();
349 } catch (Exception e2
) {
350 if (log
.isTraceEnabled())
351 log
.trace("Cannot rollback transaction", e2
);
353 throw new RuntimeException("Cannot create hierarchy unit " + path
+ " in directory " + directory
, e1
);
358 public void addObjectClasses(Role role
, Set
<String
> objectClasses
, Map
<String
, Object
> additionalProperties
) {
360 userTransaction
.begin();
361 LdapEntry
.addObjectClasses(role
.getProperties(), objectClasses
);
362 for (String key
: additionalProperties
.keySet()) {
363 role
.getProperties().put(key
, additionalProperties
.get(key
));
365 userTransaction
.commit();
366 } catch (Exception e1
) {
368 if (!userTransaction
.isNoTransactionStatus())
369 userTransaction
.rollback();
370 } catch (Exception e2
) {
371 if (log
.isTraceEnabled())
372 log
.trace("Cannot rollback transaction", e2
);
374 throw new RuntimeException("Cannot add object classes " + objectClasses
+ " to " + role
, e1
);
379 public void addObjectClasses(HierarchyUnit hierarchyUnit
, Set
<String
> objectClasses
,
380 Map
<String
, Object
> additionalProperties
) {
382 userTransaction
.begin();
383 LdapEntry
.addObjectClasses(hierarchyUnit
.getProperties(), objectClasses
);
384 for (String key
: additionalProperties
.keySet()) {
385 hierarchyUnit
.getProperties().put(key
, additionalProperties
.get(key
));
387 userTransaction
.commit();
388 } catch (Exception e1
) {
390 if (!userTransaction
.isNoTransactionStatus())
391 userTransaction
.rollback();
392 } catch (Exception e2
) {
393 if (log
.isTraceEnabled())
394 log
.trace("Cannot rollback transaction", e2
);
396 throw new RuntimeException("Cannot add object classes " + objectClasses
+ " to " + hierarchyUnit
, e1
);
401 public void edit(Runnable action
) {
402 Objects
.requireNonNull(action
);
404 userTransaction
.begin();
406 userTransaction
.commit();
407 } catch (Exception e1
) {
409 if (!userTransaction
.isNoTransactionStatus())
410 userTransaction
.rollback();
411 } catch (Exception e2
) {
412 if (log
.isTraceEnabled())
413 log
.trace("Cannot rollback transaction", e2
);
415 throw new RuntimeException("Cannot edit", e1
);
420 public void addMember(CmsGroup group
, Role role
) {
422 userTransaction
.begin();
423 group
.addMember(role
);
424 userTransaction
.commit();
425 } catch (Exception e1
) {
427 if (!userTransaction
.isNoTransactionStatus())
428 userTransaction
.rollback();
429 } catch (Exception e2
) {
430 if (log
.isTraceEnabled())
431 log
.trace("Cannot rollback transaction", e2
);
433 throw new RuntimeException("Cannot add member " + role
+ " to group " + group
, e1
);
438 public void removeMember(CmsGroup group
, Role role
) {
440 userTransaction
.begin();
441 group
.removeMember(role
);
442 userTransaction
.commit();
443 } catch (Exception e1
) {
445 if (!userTransaction
.isNoTransactionStatus())
446 userTransaction
.rollback();
447 } catch (Exception e2
) {
448 if (log
.isTraceEnabled())
449 log
.trace("Cannot rollback transaction", e2
);
451 throw new RuntimeException("Cannot remove member " + role
+ " from group " + group
, e1
);
456 public String
getDefaultDomainName() {
457 Map
<String
, String
> dns
= getKnownBaseDns(true);
459 return dns
.keySet().iterator().next();
461 throw new IllegalStateException("Current context contains " + dns
.size() + " base dns: "
462 + dns
.keySet().toString() + ". Unable to chose a default one.");
465 public Map
<String
, String
> getKnownBaseDns(boolean onlyWritable
) {
466 Map
<String
, String
> dns
= new HashMap
<String
, String
>();
467 for (UserDirectory userDirectory
: userDirectories
) {
468 Boolean readOnly
= userDirectory
.isReadOnly();
469 String baseDn
= userDirectory
.getBase();
471 if (onlyWritable
&& readOnly
)
473 if (baseDn
.equalsIgnoreCase(CmsConstants
.SYSTEM_ROLES_BASEDN
))
475 if (baseDn
.equalsIgnoreCase(CmsConstants
.TOKENS_BASEDN
))
477 dns
.put(baseDn
, DirectoryConf
.propertiesAsUri(userDirectory
.getProperties()).toString());
483 public Set
<UserDirectory
> getUserDirectories() {
484 TreeSet
<UserDirectory
> res
= new TreeSet
<>((o1
, o2
) -> o1
.getBase().compareTo(o2
.getBase()));
485 res
.addAll(userDirectories
);
489 public String
buildDistinguishedName(String localId
, String baseDn
, int type
) {
490 Map
<String
, String
> dns
= getKnownBaseDns(true);
491 Dictionary
<String
, ?
> props
= DirectoryConf
.uriAsProperties(dns
.get(baseDn
));
493 if (Role
.GROUP
== type
)
494 dn
= LdapAttr
.cn
.name() + "=" + localId
+ "," + DirectoryConf
.groupBase
.getValue(props
) + "," + baseDn
;
495 else if (Role
.USER
== type
)
496 dn
= LdapAttr
.uid
.name() + "=" + localId
+ "," + DirectoryConf
.userBase
.getValue(props
) + "," + baseDn
;
498 throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId
);
503 public void changeOwnPassword(char[] oldPassword
, char[] newPassword
) {
504 String name
= CurrentUser
.getUsername();
507 dn
= new LdapName(name
);
508 } catch (InvalidNameException e
) {
509 throw new IllegalArgumentException("Invalid user dn " + name
, e
);
511 User user
= (User
) userAdmin
.getRole(dn
.toString());
512 if (!user
.hasCredential(null, oldPassword
))
513 throw new IllegalArgumentException("Invalid password");
514 if (Arrays
.equals(newPassword
, new char[0]))
515 throw new IllegalArgumentException("New password empty");
517 userTransaction
.begin();
518 user
.getCredentials().put(null, newPassword
);
519 userTransaction
.commit();
520 } catch (Exception e
) {
522 userTransaction
.rollback();
523 } catch (Exception e1
) {
524 log
.error("Could not roll back", e1
);
526 if (e
instanceof RuntimeException
)
527 throw (RuntimeException
) e
;
529 throw new RuntimeException("Cannot change password", e
);
533 public void resetPassword(String username
, char[] newPassword
) {
536 dn
= new LdapName(username
);
537 } catch (InvalidNameException e
) {
538 throw new IllegalArgumentException("Invalid user dn " + username
, e
);
540 User user
= (User
) userAdmin
.getRole(dn
.toString());
541 if (Arrays
.equals(newPassword
, new char[0]))
542 throw new IllegalArgumentException("New password empty");
544 userTransaction
.begin();
545 user
.getCredentials().put(null, newPassword
);
546 userTransaction
.commit();
547 } catch (Exception e
) {
549 userTransaction
.rollback();
550 } catch (Exception e1
) {
551 log
.error("Could not roll back", e1
);
553 if (e
instanceof RuntimeException
)
554 throw (RuntimeException
) e
;
556 throw new RuntimeException("Cannot change password", e
);
560 public String
addSharedSecret(String email
, int hours
) {
561 User user
= (User
) userAdmin
.getUser(LdapAttr
.mail
.name(), email
);
563 userTransaction
.begin();
564 String uuid
= UUID
.randomUUID().toString();
565 SharedSecret sharedSecret
= new SharedSecret(hours
, uuid
);
566 user
.getCredentials().put(SharedSecret
.X_SHARED_SECRET
, sharedSecret
.toAuthPassword());
567 String tokenStr
= sharedSecret
.getAuthInfo() + '$' + sharedSecret
.getAuthValue();
568 userTransaction
.commit();
570 } catch (Exception e
) {
572 userTransaction
.rollback();
573 } catch (Exception e1
) {
574 log
.error("Could not roll back", e1
);
576 if (e
instanceof RuntimeException
)
577 throw (RuntimeException
) e
;
579 throw new RuntimeException("Cannot change password", e
);
584 public String
addSharedSecret(String username
, String authInfo
, String authToken
) {
586 userTransaction
.begin();
587 User user
= (User
) userAdmin
.getRole(username
);
588 SharedSecret sharedSecret
= new SharedSecret(authInfo
, authToken
);
589 user
.getCredentials().put(SharedSecret
.X_SHARED_SECRET
, sharedSecret
.toAuthPassword());
590 String tokenStr
= sharedSecret
.getAuthInfo() + '$' + sharedSecret
.getAuthValue();
591 userTransaction
.commit();
593 } catch (Exception e1
) {
595 if (!userTransaction
.isNoTransactionStatus())
596 userTransaction
.rollback();
597 } catch (Exception e2
) {
598 if (log
.isTraceEnabled())
599 log
.trace("Cannot rollback transaction", e2
);
601 throw new RuntimeException("Cannot add shared secret", e1
);
606 public void expireAuthToken(String token
) {
608 userTransaction
.begin();
609 String dn
= cn
+ "=" + token
+ "," + CmsConstants
.TOKENS_BASEDN
;
610 Group tokenGroup
= (Group
) userAdmin
.getRole(dn
);
611 String ldapDate
= NamingUtils
.instantToLdapDate(ZonedDateTime
.now(ZoneOffset
.UTC
));
612 tokenGroup
.getProperties().put(description
.name(), ldapDate
);
613 userTransaction
.commit();
614 if (log
.isDebugEnabled())
615 log
.debug("Token " + token
+ " expired.");
616 } catch (Exception e1
) {
618 if (!userTransaction
.isNoTransactionStatus())
619 userTransaction
.rollback();
620 } catch (Exception e2
) {
621 if (log
.isTraceEnabled())
622 log
.trace("Cannot rollback transaction", e2
);
624 throw new RuntimeException("Cannot expire token", e1
);
629 public void expireAuthTokens(Subject subject
) {
630 Set
<String
> tokens
= TokenUtils
.tokensUsed(subject
, CmsConstants
.TOKENS_BASEDN
);
631 for (String token
: tokens
)
632 expireAuthToken(token
);
636 public void addAuthToken(String userDn
, String token
, Integer hours
, String
... roles
) {
637 addAuthToken(userDn
, token
, ZonedDateTime
.now().plusHours(hours
), roles
);
641 public void addAuthToken(String userDn
, String token
, ZonedDateTime expiryDate
, String
... roles
) {
643 userTransaction
.begin();
644 User user
= (User
) userAdmin
.getRole(userDn
);
645 String tokenDn
= cn
+ "=" + token
+ "," + CmsConstants
.TOKENS_BASEDN
;
646 Group tokenGroup
= (Group
) userAdmin
.createRole(tokenDn
, Role
.GROUP
);
648 for (String role
: roles
) {
649 Role r
= userAdmin
.getRole(role
);
651 tokenGroup
.addMember(r
);
653 if (!role
.equals(CmsConstants
.ROLE_USER
)) {
654 throw new IllegalStateException(
655 "Cannot add role " + role
+ " to token " + token
+ " for " + userDn
);
659 tokenGroup
.getProperties().put(owner
.name(), user
.getName());
660 if (expiryDate
!= null) {
661 String ldapDate
= NamingUtils
.instantToLdapDate(expiryDate
);
662 tokenGroup
.getProperties().put(description
.name(), ldapDate
);
664 userTransaction
.commit();
665 } catch (Exception e1
) {
667 if (!userTransaction
.isNoTransactionStatus())
668 userTransaction
.rollback();
669 } catch (Exception e2
) {
670 if (log
.isTraceEnabled())
671 log
.trace("Cannot rollback transaction", e2
);
673 throw new RuntimeException("Cannot add token", e1
);
678 public UserDirectory
getDirectory(Role user
) {
679 String name
= user
.getName();
680 NavigableMap
<String
, UserDirectory
> possible
= new TreeMap
<>();
681 for (UserDirectory userDirectory
: userDirectories
) {
682 if (name
.endsWith(userDirectory
.getBase())) {
683 possible
.put(userDirectory
.getBase(), userDirectory
);
686 if (possible
.size() == 0)
687 throw new IllegalStateException("No user directory found for user " + name
);
688 return possible
.lastEntry().getValue();
691 // public User createUserFromPerson(Node person) {
692 // String email = JcrUtils.get(person, LdapAttrs.mail.property());
693 // String dn = buildDefaultDN(email, Role.USER);
696 // userTransaction.begin();
697 // user = (User) userAdmin.createRole(dn, Role.USER);
698 // Dictionary<String, Object> userProperties = user.getProperties();
699 // String name = JcrUtils.get(person, LdapAttrs.displayName.property());
700 // userProperties.put(LdapAttrs.cn.name(), name);
701 // userProperties.put(LdapAttrs.displayName.name(), name);
702 // String givenName = JcrUtils.get(person, LdapAttrs.givenName.property());
703 // String surname = JcrUtils.get(person, LdapAttrs.sn.property());
704 // userProperties.put(LdapAttrs.givenName.name(), givenName);
705 // userProperties.put(LdapAttrs.sn.name(), surname);
706 // userProperties.put(LdapAttrs.mail.name(), email.toLowerCase());
707 // userTransaction.commit();
708 // } catch (Exception e) {
710 // userTransaction.rollback();
711 // } catch (Exception e1) {
712 // log.error("Could not roll back", e1);
714 // if (e instanceof RuntimeException)
715 // throw (RuntimeException) e;
717 // throw new RuntimeException("Cannot create user", e);
722 public UserAdmin
getUserAdmin() {
726 // public UserTransaction getUserTransaction() {
727 // return userTransaction;
730 /* DEPENDENCY INJECTION */
731 public void setUserAdmin(UserAdmin userAdmin
) {
732 this.userAdmin
= userAdmin
;
734 if (userAdmin
instanceof AggregatingUserAdmin
) {
735 userDirectories
= ((AggregatingUserAdmin
) userAdmin
).getUserDirectories();
737 throw new IllegalArgumentException("Only " + AggregatingUserAdmin
.class.getName() + " is supported.");
740 // this.serviceProperties = serviceProperties;
743 public void setUserTransaction(WorkTransaction userTransaction
) {
744 this.userTransaction
= userTransaction
;
747 // public void addUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
748 // userDirectories.put(userDirectory, new Hashtable<>(properties));
751 // public void removeUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
752 // userDirectories.remove(userDirectory);