]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserManagerImpl.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Additional HTTP headers
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsUserManagerImpl.java
1 package org.argeo.cms.internal.runtime;
2
3 import static org.argeo.api.acr.ldap.LdapAttr.cn;
4 import static org.argeo.api.acr.ldap.LdapAttr.description;
5 import static org.argeo.api.acr.ldap.LdapAttr.owner;
6
7 import java.time.ZoneOffset;
8 import java.time.ZonedDateTime;
9 import java.util.ArrayList;
10 import java.util.Arrays;
11 import java.util.Dictionary;
12 import java.util.HashMap;
13 import java.util.HashSet;
14 import java.util.List;
15 import java.util.Map;
16 import java.util.NavigableMap;
17 import java.util.Objects;
18 import java.util.Set;
19 import java.util.TreeMap;
20 import java.util.TreeSet;
21 import java.util.UUID;
22
23 import javax.naming.InvalidNameException;
24 import javax.naming.ldap.LdapName;
25 import javax.security.auth.Subject;
26 import javax.xml.namespace.QName;
27
28 import org.argeo.api.acr.NamespaceUtils;
29 import org.argeo.api.acr.ldap.LdapAttr;
30 import org.argeo.api.acr.ldap.NamingUtils;
31 import org.argeo.api.cms.CmsConstants;
32 import org.argeo.api.cms.CmsLog;
33 import org.argeo.api.cms.directory.CmsGroup;
34 import org.argeo.api.cms.directory.CmsUser;
35 import org.argeo.api.cms.directory.CmsUserManager;
36 import org.argeo.api.cms.directory.HierarchyUnit;
37 import org.argeo.api.cms.directory.UserDirectory;
38 import org.argeo.api.cms.transaction.WorkTransaction;
39 import org.argeo.cms.CurrentUser;
40 import org.argeo.cms.auth.UserAdminUtils;
41 import org.argeo.cms.directory.ldap.LdapEntry;
42 import org.argeo.cms.directory.ldap.SharedSecret;
43 import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
44 import org.argeo.cms.osgi.useradmin.TokenUtils;
45 import org.argeo.cms.runtime.DirectoryConf;
46 import org.osgi.framework.InvalidSyntaxException;
47 import org.osgi.service.useradmin.Authorization;
48 import org.osgi.service.useradmin.Group;
49 import org.osgi.service.useradmin.Role;
50 import org.osgi.service.useradmin.User;
51 import org.osgi.service.useradmin.UserAdmin;
52
53 /**
54 * Canonical implementation of the people {@link CmsUserManager}. Wraps
55 * interaction with users and groups.
56 *
57 * In a *READ-ONLY* mode. We want to be able to:
58 * <ul>
59 * <li>Retrieve my user and corresponding information (main info,
60 * groups...)</li>
61 * <li>List all local groups (not the system roles)</li>
62 * <li>If sufficient rights: retrieve a given user and its information</li>
63 * </ul>
64 */
65 public class CmsUserManagerImpl implements CmsUserManager {
66 private final static CmsLog log = CmsLog.getLog(CmsUserManagerImpl.class);
67
68 private UserAdmin userAdmin;
69 // private Map<String, String> serviceProperties;
70 private WorkTransaction userTransaction;
71
72 private final String[] knownProps = { LdapAttr.cn.name(), LdapAttr.sn.name(), LdapAttr.givenName.name(),
73 LdapAttr.uid.name() };
74
75 // private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
76 // .synchronizedMap(new LinkedHashMap<>());
77
78 private Set<UserDirectory> userDirectories = new HashSet<>();
79
80 public void start() {
81 log.debug(() -> "CMS user manager available");
82 }
83
84 public void stop() {
85
86 }
87
88 @Override
89 public String getMyMail() {
90 return getUserMail(CurrentUser.getUsername());
91 }
92
93 @Override
94 public Role[] getRoles(String filter) {
95 try {
96 return userAdmin.getRoles(filter);
97 } catch (InvalidSyntaxException e) {
98 throw new IllegalArgumentException("Invalid filter " + filter, e);
99 }
100 }
101
102 // ALL USER: WARNING access to this will be later reduced
103
104 /** Retrieve a user given his dn, or <code>null</code> if it doesn't exist. */
105 public CmsUser getUser(String dn) {
106 return (CmsUser) getUserAdmin().getRole(dn);
107 }
108
109 /** Can be a group or a user */
110 public String getUserDisplayName(String dn) {
111 // FIXME: during initialisation phase, the system logs "admin" as user
112 // name rather than the corresponding dn
113 if ("admin".equals(dn))
114 return "System Administrator";
115 else
116 return UserAdminUtils.getUserDisplayName(getUserAdmin(), dn);
117 }
118
119 @Override
120 public String getUserMail(String dn) {
121 return UserAdminUtils.getUserMail(getUserAdmin(), dn);
122 }
123
124 /** Lists all roles of the given user */
125 @Override
126 public String[] getUserRoles(String dn) {
127 Authorization currAuth = getUserAdmin().getAuthorization(getUser(dn));
128 return currAuth.getRoles();
129 }
130
131 @Override
132 public boolean isUserInRole(String userDn, String roleDn) {
133 String[] roles = getUserRoles(userDn);
134 for (String role : roles) {
135 if (role.equalsIgnoreCase(roleDn))
136 return true;
137 }
138 return false;
139 }
140
141 public Set<CmsUser> listUsersInGroup(String groupDn, String filter) {
142 Group group = (Group) userAdmin.getRole(groupDn);
143 if (group == null)
144 throw new IllegalArgumentException("Group " + groupDn + " not found");
145 Set<CmsUser> users = new HashSet<>();
146 addUsers(users, group, filter);
147 return users;
148 }
149
150 // @Override
151 // public Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep) {
152 // if(!hierarchyUnit.isFunctional())
153 // throw new IllegalArgumentException("Hierarchy unit "+hierarchyUnit.getBase()+" is not functional");
154 // UserDirectory directory = (UserDirectory)hierarchyUnit.getDirectory();
155 // Set<User> res = new HashSet<>();
156 // for(HierarchyUnit technicalHu:hierarchyUnit.getDirectHierarchyUnits(false)) {
157 // if(technicalHu.isFunctional())
158 // continue;
159 // for(Role role:directory.getHierarchyUnitRoles(technicalHu, null, false)) {
160 // if(role)
161 // }
162 // }
163 // return res;
164 // }
165
166 /** Recursively add users to list */
167 private void addUsers(Set<CmsUser> users, Group group, String filter) {
168 Role[] roles = group.getMembers();
169 for (Role role : roles) {
170 if (role.getType() == Role.GROUP) {
171 addUsers(users, (CmsGroup) role, filter);
172 } else if (role.getType() == Role.USER) {
173 if (match(role, filter))
174 users.add((CmsUser) role);
175 } else {
176 // ignore
177 }
178 }
179 }
180
181 public List<CmsUser> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
182 Role[] roles = null;
183 try {
184 roles = getUserAdmin().getRoles(filter);
185 } catch (InvalidSyntaxException e) {
186 throw new IllegalArgumentException("Unable to get roles with filter: " + filter, e);
187 }
188
189 List<CmsUser> users = new ArrayList<>();
190 for (Role role : roles) {
191 if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
192 && (includeSystemRoles
193 || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
194 if (match(role, filter))
195 users.add((CmsUser) role);
196 }
197 }
198 return users;
199 }
200
201 private boolean match(Role role, String filter) {
202 boolean doFilter = filter != null && !"".equals(filter);
203 if (doFilter) {
204 for (String prop : knownProps) {
205 Object currProp = null;
206 try {
207 currProp = role.getProperties().get(prop);
208 } catch (Exception e) {
209 throw e;
210 }
211 if (currProp != null) {
212 String currPropStr = ((String) currProp).toLowerCase();
213 if (currPropStr.contains(filter.toLowerCase())) {
214 return true;
215 }
216 }
217 }
218 return false;
219 } else
220 return true;
221 }
222
223 @Override
224 public CmsUser getUserFromLocalId(String localId) {
225 CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttr.uid.name(), localId);
226 if (user == null)
227 user = (CmsUser) getUserAdmin().getUser(LdapAttr.cn.name(), localId);
228 return user;
229 }
230
231 @Override
232 public String buildDefaultDN(String localId, int type) {
233 return buildDistinguishedName(localId, getDefaultDomainName(), type);
234 }
235
236 /*
237 * EDITION
238 */
239 @Override
240 public CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
241 try {
242 userTransaction.begin();
243 CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER);
244 if (properties != null) {
245 for (String key : properties.keySet())
246 user.getProperties().put(key, properties.get(key));
247 }
248 if (credentials != null) {
249 for (String key : credentials.keySet())
250 user.getCredentials().put(key, credentials.get(key));
251 }
252 userTransaction.commit();
253 return user;
254 } catch (Exception e) {
255 try {
256 userTransaction.rollback();
257 } catch (Exception e1) {
258 log.error("Could not roll back", e1);
259 }
260 if (e instanceof RuntimeException)
261 throw (RuntimeException) e;
262 else
263 throw new RuntimeException("Cannot create user " + username, e);
264 }
265 }
266
267 @Override
268 public CmsGroup createGroup(String dn) {
269 try {
270 userTransaction.begin();
271 CmsGroup group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
272 userTransaction.commit();
273 return group;
274 } catch (Exception e) {
275 try {
276 userTransaction.rollback();
277 } catch (Exception e1) {
278 log.error("Could not roll back", e1);
279 }
280 if (e instanceof RuntimeException)
281 throw (RuntimeException) e;
282 else
283 throw new RuntimeException("Cannot create group " + dn, e);
284 }
285 }
286
287 @Override
288 public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
289 String dn = LdapAttr.cn.name() + "=" + commonName + "," + groups.getBase();
290 CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
291 if (group != null)
292 return group;
293 try {
294 userTransaction.begin();
295 group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
296 userTransaction.commit();
297 return group;
298 } catch (Exception e) {
299 try {
300 userTransaction.rollback();
301 } catch (Exception e1) {
302 log.error("Could not roll back", e1);
303 }
304 if (e instanceof RuntimeException)
305 throw (RuntimeException) e;
306 else
307 throw new RuntimeException("Cannot create group " + commonName + " in " + groups, e);
308 }
309 }
310
311 @Override
312 public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole) {
313 String dn = LdapAttr.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
314 CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
315 if (group != null)
316 return group;
317 try {
318 userTransaction.begin();
319 group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
320 userTransaction.commit();
321 return group;
322 } catch (Exception e) {
323 try {
324 userTransaction.rollback();
325 } catch (Exception e1) {
326 log.error("Could not roll back", e1);
327 }
328 if (e instanceof RuntimeException)
329 throw (RuntimeException) e;
330 else
331 throw new RuntimeException("Cannot create system role " + systemRole + " in " + roles, e);
332 }
333 }
334
335 @Override
336 public HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path) {
337 HierarchyUnit hi = directory.getHierarchyUnit(path);
338 if (hi != null)
339 return hi;
340 try {
341 userTransaction.begin();
342 HierarchyUnit hierarchyUnit = directory.createHierarchyUnit(path);
343 userTransaction.commit();
344 return hierarchyUnit;
345 } catch (Exception e1) {
346 try {
347 if (!userTransaction.isNoTransactionStatus())
348 userTransaction.rollback();
349 } catch (Exception e2) {
350 if (log.isTraceEnabled())
351 log.trace("Cannot rollback transaction", e2);
352 }
353 throw new RuntimeException("Cannot create hierarchy unit " + path + " in directory " + directory, e1);
354 }
355 }
356
357 @Override
358 public void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
359 try {
360 userTransaction.begin();
361 LdapEntry.addObjectClasses(role.getProperties(), objectClasses);
362 for (String key : additionalProperties.keySet()) {
363 role.getProperties().put(key, additionalProperties.get(key));
364 }
365 userTransaction.commit();
366 } catch (Exception e1) {
367 try {
368 if (!userTransaction.isNoTransactionStatus())
369 userTransaction.rollback();
370 } catch (Exception e2) {
371 if (log.isTraceEnabled())
372 log.trace("Cannot rollback transaction", e2);
373 }
374 throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + role, e1);
375 }
376 }
377
378 @Override
379 public void addObjectClasses(HierarchyUnit hierarchyUnit, Set<String> objectClasses,
380 Map<String, Object> additionalProperties) {
381 try {
382 userTransaction.begin();
383 LdapEntry.addObjectClasses(hierarchyUnit.getProperties(), objectClasses);
384 for (String key : additionalProperties.keySet()) {
385 hierarchyUnit.getProperties().put(key, additionalProperties.get(key));
386 }
387 userTransaction.commit();
388 } catch (Exception e1) {
389 try {
390 if (!userTransaction.isNoTransactionStatus())
391 userTransaction.rollback();
392 } catch (Exception e2) {
393 if (log.isTraceEnabled())
394 log.trace("Cannot rollback transaction", e2);
395 }
396 throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + hierarchyUnit, e1);
397 }
398 }
399
400 @Override
401 public void edit(Runnable action) {
402 Objects.requireNonNull(action);
403 try {
404 userTransaction.begin();
405 action.run();
406 userTransaction.commit();
407 } catch (Exception e1) {
408 try {
409 if (!userTransaction.isNoTransactionStatus())
410 userTransaction.rollback();
411 } catch (Exception e2) {
412 if (log.isTraceEnabled())
413 log.trace("Cannot rollback transaction", e2);
414 }
415 throw new RuntimeException("Cannot edit", e1);
416 }
417 }
418
419 @Override
420 public void addMember(CmsGroup group, Role role) {
421 try {
422 userTransaction.begin();
423 group.addMember(role);
424 userTransaction.commit();
425 } catch (Exception e1) {
426 try {
427 if (!userTransaction.isNoTransactionStatus())
428 userTransaction.rollback();
429 } catch (Exception e2) {
430 if (log.isTraceEnabled())
431 log.trace("Cannot rollback transaction", e2);
432 }
433 throw new RuntimeException("Cannot add member " + role + " to group " + group, e1);
434 }
435 }
436
437 @Override
438 public void removeMember(CmsGroup group, Role role) {
439 try {
440 userTransaction.begin();
441 group.removeMember(role);
442 userTransaction.commit();
443 } catch (Exception e1) {
444 try {
445 if (!userTransaction.isNoTransactionStatus())
446 userTransaction.rollback();
447 } catch (Exception e2) {
448 if (log.isTraceEnabled())
449 log.trace("Cannot rollback transaction", e2);
450 }
451 throw new RuntimeException("Cannot remove member " + role + " from group " + group, e1);
452 }
453 }
454
455 @Override
456 public String getDefaultDomainName() {
457 Map<String, String> dns = getKnownBaseDns(true);
458 if (dns.size() == 1)
459 return dns.keySet().iterator().next();
460 else
461 throw new IllegalStateException("Current context contains " + dns.size() + " base dns: "
462 + dns.keySet().toString() + ". Unable to chose a default one.");
463 }
464
465 public Map<String, String> getKnownBaseDns(boolean onlyWritable) {
466 Map<String, String> dns = new HashMap<String, String>();
467 for (UserDirectory userDirectory : userDirectories) {
468 Boolean readOnly = userDirectory.isReadOnly();
469 String baseDn = userDirectory.getBase();
470
471 if (onlyWritable && readOnly)
472 continue;
473 if (baseDn.equalsIgnoreCase(CmsConstants.SYSTEM_ROLES_BASEDN))
474 continue;
475 if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
476 continue;
477 dns.put(baseDn, DirectoryConf.propertiesAsUri(userDirectory.getProperties()).toString());
478
479 }
480 return dns;
481 }
482
483 public Set<UserDirectory> getUserDirectories() {
484 TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase()));
485 res.addAll(userDirectories);
486 return res;
487 }
488
489 public String buildDistinguishedName(String localId, String baseDn, int type) {
490 Map<String, String> dns = getKnownBaseDns(true);
491 Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
492 String dn = null;
493 if (Role.GROUP == type)
494 dn = LdapAttr.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
495 else if (Role.USER == type)
496 dn = LdapAttr.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
497 else
498 throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
499 return dn;
500 }
501
502 @Override
503 public void changeOwnPassword(char[] oldPassword, char[] newPassword) {
504 String name = CurrentUser.getUsername();
505 LdapName dn;
506 try {
507 dn = new LdapName(name);
508 } catch (InvalidNameException e) {
509 throw new IllegalArgumentException("Invalid user dn " + name, e);
510 }
511 User user = (User) userAdmin.getRole(dn.toString());
512 if (!user.hasCredential(null, oldPassword))
513 throw new IllegalArgumentException("Invalid password");
514 if (Arrays.equals(newPassword, new char[0]))
515 throw new IllegalArgumentException("New password empty");
516 try {
517 userTransaction.begin();
518 user.getCredentials().put(null, newPassword);
519 userTransaction.commit();
520 } catch (Exception e) {
521 try {
522 userTransaction.rollback();
523 } catch (Exception e1) {
524 log.error("Could not roll back", e1);
525 }
526 if (e instanceof RuntimeException)
527 throw (RuntimeException) e;
528 else
529 throw new RuntimeException("Cannot change password", e);
530 }
531 }
532
533 public void resetPassword(String username, char[] newPassword) {
534 LdapName dn;
535 try {
536 dn = new LdapName(username);
537 } catch (InvalidNameException e) {
538 throw new IllegalArgumentException("Invalid user dn " + username, e);
539 }
540 User user = (User) userAdmin.getRole(dn.toString());
541 if (Arrays.equals(newPassword, new char[0]))
542 throw new IllegalArgumentException("New password empty");
543 try {
544 userTransaction.begin();
545 user.getCredentials().put(null, newPassword);
546 userTransaction.commit();
547 } catch (Exception e) {
548 try {
549 userTransaction.rollback();
550 } catch (Exception e1) {
551 log.error("Could not roll back", e1);
552 }
553 if (e instanceof RuntimeException)
554 throw (RuntimeException) e;
555 else
556 throw new RuntimeException("Cannot change password", e);
557 }
558 }
559
560 public String addSharedSecret(String email, int hours) {
561 User user = (User) userAdmin.getUser(LdapAttr.mail.name(), email);
562 try {
563 userTransaction.begin();
564 String uuid = UUID.randomUUID().toString();
565 SharedSecret sharedSecret = new SharedSecret(hours, uuid);
566 user.getCredentials().put(SharedSecret.X_SHARED_SECRET, sharedSecret.toAuthPassword());
567 String tokenStr = sharedSecret.getAuthInfo() + '$' + sharedSecret.getAuthValue();
568 userTransaction.commit();
569 return tokenStr;
570 } catch (Exception e) {
571 try {
572 userTransaction.rollback();
573 } catch (Exception e1) {
574 log.error("Could not roll back", e1);
575 }
576 if (e instanceof RuntimeException)
577 throw (RuntimeException) e;
578 else
579 throw new RuntimeException("Cannot change password", e);
580 }
581 }
582
583 @Deprecated
584 public String addSharedSecret(String username, String authInfo, String authToken) {
585 try {
586 userTransaction.begin();
587 User user = (User) userAdmin.getRole(username);
588 SharedSecret sharedSecret = new SharedSecret(authInfo, authToken);
589 user.getCredentials().put(SharedSecret.X_SHARED_SECRET, sharedSecret.toAuthPassword());
590 String tokenStr = sharedSecret.getAuthInfo() + '$' + sharedSecret.getAuthValue();
591 userTransaction.commit();
592 return tokenStr;
593 } catch (Exception e1) {
594 try {
595 if (!userTransaction.isNoTransactionStatus())
596 userTransaction.rollback();
597 } catch (Exception e2) {
598 if (log.isTraceEnabled())
599 log.trace("Cannot rollback transaction", e2);
600 }
601 throw new RuntimeException("Cannot add shared secret", e1);
602 }
603 }
604
605 @Override
606 public void expireAuthToken(String token) {
607 try {
608 userTransaction.begin();
609 String dn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
610 Group tokenGroup = (Group) userAdmin.getRole(dn);
611 String ldapDate = NamingUtils.instantToLdapDate(ZonedDateTime.now(ZoneOffset.UTC));
612 tokenGroup.getProperties().put(description.name(), ldapDate);
613 userTransaction.commit();
614 if (log.isDebugEnabled())
615 log.debug("Token " + token + " expired.");
616 } catch (Exception e1) {
617 try {
618 if (!userTransaction.isNoTransactionStatus())
619 userTransaction.rollback();
620 } catch (Exception e2) {
621 if (log.isTraceEnabled())
622 log.trace("Cannot rollback transaction", e2);
623 }
624 throw new RuntimeException("Cannot expire token", e1);
625 }
626 }
627
628 @Override
629 public void expireAuthTokens(Subject subject) {
630 Set<String> tokens = TokenUtils.tokensUsed(subject, CmsConstants.TOKENS_BASEDN);
631 for (String token : tokens)
632 expireAuthToken(token);
633 }
634
635 @Override
636 public void addAuthToken(String userDn, String token, Integer hours, String... roles) {
637 addAuthToken(userDn, token, ZonedDateTime.now().plusHours(hours), roles);
638 }
639
640 @Override
641 public void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles) {
642 try {
643 userTransaction.begin();
644 User user = (User) userAdmin.getRole(userDn);
645 String tokenDn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
646 Group tokenGroup = (Group) userAdmin.createRole(tokenDn, Role.GROUP);
647 if (roles != null)
648 for (String role : roles) {
649 Role r = userAdmin.getRole(role);
650 if (r != null)
651 tokenGroup.addMember(r);
652 else {
653 if (!role.equals(CmsConstants.ROLE_USER)) {
654 throw new IllegalStateException(
655 "Cannot add role " + role + " to token " + token + " for " + userDn);
656 }
657 }
658 }
659 tokenGroup.getProperties().put(owner.name(), user.getName());
660 if (expiryDate != null) {
661 String ldapDate = NamingUtils.instantToLdapDate(expiryDate);
662 tokenGroup.getProperties().put(description.name(), ldapDate);
663 }
664 userTransaction.commit();
665 } catch (Exception e1) {
666 try {
667 if (!userTransaction.isNoTransactionStatus())
668 userTransaction.rollback();
669 } catch (Exception e2) {
670 if (log.isTraceEnabled())
671 log.trace("Cannot rollback transaction", e2);
672 }
673 throw new RuntimeException("Cannot add token", e1);
674 }
675 }
676
677 @Override
678 public UserDirectory getDirectory(Role user) {
679 String name = user.getName();
680 NavigableMap<String, UserDirectory> possible = new TreeMap<>();
681 for (UserDirectory userDirectory : userDirectories) {
682 if (name.endsWith(userDirectory.getBase())) {
683 possible.put(userDirectory.getBase(), userDirectory);
684 }
685 }
686 if (possible.size() == 0)
687 throw new IllegalStateException("No user directory found for user " + name);
688 return possible.lastEntry().getValue();
689 }
690
691 // public User createUserFromPerson(Node person) {
692 // String email = JcrUtils.get(person, LdapAttrs.mail.property());
693 // String dn = buildDefaultDN(email, Role.USER);
694 // User user;
695 // try {
696 // userTransaction.begin();
697 // user = (User) userAdmin.createRole(dn, Role.USER);
698 // Dictionary<String, Object> userProperties = user.getProperties();
699 // String name = JcrUtils.get(person, LdapAttrs.displayName.property());
700 // userProperties.put(LdapAttrs.cn.name(), name);
701 // userProperties.put(LdapAttrs.displayName.name(), name);
702 // String givenName = JcrUtils.get(person, LdapAttrs.givenName.property());
703 // String surname = JcrUtils.get(person, LdapAttrs.sn.property());
704 // userProperties.put(LdapAttrs.givenName.name(), givenName);
705 // userProperties.put(LdapAttrs.sn.name(), surname);
706 // userProperties.put(LdapAttrs.mail.name(), email.toLowerCase());
707 // userTransaction.commit();
708 // } catch (Exception e) {
709 // try {
710 // userTransaction.rollback();
711 // } catch (Exception e1) {
712 // log.error("Could not roll back", e1);
713 // }
714 // if (e instanceof RuntimeException)
715 // throw (RuntimeException) e;
716 // else
717 // throw new RuntimeException("Cannot create user", e);
718 // }
719 // return user;
720 // }
721
722 public UserAdmin getUserAdmin() {
723 return userAdmin;
724 }
725
726 // public UserTransaction getUserTransaction() {
727 // return userTransaction;
728 // }
729
730 /* DEPENDENCY INJECTION */
731 public void setUserAdmin(UserAdmin userAdmin) {
732 this.userAdmin = userAdmin;
733
734 if (userAdmin instanceof AggregatingUserAdmin) {
735 userDirectories = ((AggregatingUserAdmin) userAdmin).getUserDirectories();
736 } else {
737 throw new IllegalArgumentException("Only " + AggregatingUserAdmin.class.getName() + " is supported.");
738 }
739
740 // this.serviceProperties = serviceProperties;
741 }
742
743 public void setUserTransaction(WorkTransaction userTransaction) {
744 this.userTransaction = userTransaction;
745 }
746
747 // public void addUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
748 // userDirectories.put(userDirectory, new Hashtable<>(properties));
749 // }
750 //
751 // public void removeUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
752 // userDirectories.remove(userDirectory);
753 // }
754
755 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi