1 package org
.argeo
.cms
.internal
.runtime
;
3 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.cn
;
4 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.description
;
5 import static org
.argeo
.api
.acr
.ldap
.LdapAttr
.owner
;
7 import java
.time
.ZoneOffset
;
8 import java
.time
.ZonedDateTime
;
9 import java
.util
.ArrayList
;
10 import java
.util
.Arrays
;
11 import java
.util
.Dictionary
;
12 import java
.util
.HashMap
;
13 import java
.util
.HashSet
;
14 import java
.util
.List
;
16 import java
.util
.NavigableMap
;
17 import java
.util
.Objects
;
19 import java
.util
.TreeMap
;
20 import java
.util
.TreeSet
;
21 import java
.util
.UUID
;
23 import javax
.naming
.InvalidNameException
;
24 import javax
.naming
.ldap
.LdapName
;
25 import javax
.security
.auth
.Subject
;
26 import javax
.xml
.namespace
.QName
;
28 import org
.argeo
.api
.acr
.NamespaceUtils
;
29 import org
.argeo
.api
.acr
.ldap
.LdapAttr
;
30 import org
.argeo
.api
.acr
.ldap
.NamingUtils
;
31 import org
.argeo
.api
.cms
.CmsConstants
;
32 import org
.argeo
.api
.cms
.CmsLog
;
33 import org
.argeo
.api
.cms
.directory
.CmsGroup
;
34 import org
.argeo
.api
.cms
.directory
.CmsRole
;
35 import org
.argeo
.api
.cms
.directory
.CmsUser
;
36 import org
.argeo
.api
.cms
.directory
.CmsUserManager
;
37 import org
.argeo
.api
.cms
.directory
.HierarchyUnit
;
38 import org
.argeo
.api
.cms
.directory
.UserDirectory
;
39 import org
.argeo
.api
.cms
.transaction
.WorkTransaction
;
40 import org
.argeo
.cms
.CurrentUser
;
41 import org
.argeo
.cms
.auth
.UserAdminUtils
;
42 import org
.argeo
.cms
.directory
.ldap
.LdapEntry
;
43 import org
.argeo
.cms
.directory
.ldap
.SharedSecret
;
44 import org
.argeo
.cms
.osgi
.useradmin
.AggregatingUserAdmin
;
45 import org
.argeo
.cms
.osgi
.useradmin
.TokenUtils
;
46 import org
.argeo
.cms
.runtime
.DirectoryConf
;
47 import org
.osgi
.framework
.InvalidSyntaxException
;
48 import org
.osgi
.service
.useradmin
.Authorization
;
49 import org
.osgi
.service
.useradmin
.Group
;
50 import org
.osgi
.service
.useradmin
.Role
;
51 import org
.osgi
.service
.useradmin
.User
;
52 import org
.osgi
.service
.useradmin
.UserAdmin
;
55 * Canonical implementation of the people {@link CmsUserManager}. Wraps
56 * interaction with users and groups.
58 * In a *READ-ONLY* mode. We want to be able to:
60 * <li>Retrieve my user and corresponding information (main info,
62 * <li>List all local groups (not the system roles)</li>
63 * <li>If sufficient rights: retrieve a given user and its information</li>
66 public class CmsUserManagerImpl
implements CmsUserManager
{
67 private final static CmsLog log
= CmsLog
.getLog(CmsUserManagerImpl
.class);
69 private UserAdmin userAdmin
;
70 // private Map<String, String> serviceProperties;
71 private WorkTransaction userTransaction
;
73 private final String
[] knownProps
= { LdapAttr
.cn
.name(), LdapAttr
.sn
.name(), LdapAttr
.givenName
.name(),
74 LdapAttr
.uid
.name() };
76 // private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
77 // .synchronizedMap(new LinkedHashMap<>());
79 private Set
<UserDirectory
> userDirectories
= new HashSet
<>();
82 log
.debug(() -> "CMS user manager available");
90 // public String getMyMail() {
91 // return getUserMail(CurrentUser.getUsername());
95 public CmsRole
[] getRoles(String filter
) {
97 Role
[] roles
= userAdmin
.getRoles(filter
);
98 CmsRole
[] res
= new CmsRole
[roles
.length
];
99 for (int i
= 0; i
< roles
.length
; i
++)
100 res
[i
] = (CmsRole
) roles
[i
];
102 } catch (InvalidSyntaxException e
) {
103 throw new IllegalArgumentException("Invalid filter " + filter
, e
);
107 // ALL USER: WARNING access to this will be later reduced
109 /** Retrieve a user given his dn, or <code>null</code> if it doesn't exist. */
110 public CmsUser
getUser(String dn
) {
111 return (CmsUser
) getUserAdmin().getRole(dn
);
114 /** Can be a group or a user */
115 public String
getUserDisplayName(String dn
) {
116 // FIXME: during initialisation phase, the system logs "admin" as user
117 // name rather than the corresponding dn
118 if ("admin".equals(dn
))
119 return "System Administrator";
121 return UserAdminUtils
.getUserDisplayName(getUserAdmin(), dn
);
125 public String
getUserMail(String dn
) {
126 return UserAdminUtils
.getUserMail(getUserAdmin(), dn
);
129 /** Lists all roles of the given user */
131 public String
[] getUserRoles(String dn
) {
132 Authorization currAuth
= getUserAdmin().getAuthorization((User
) getUser(dn
));
133 return currAuth
.getRoles();
137 public boolean isUserInRole(String userDn
, String roleDn
) {
138 String
[] roles
= getUserRoles(userDn
);
139 for (String role
: roles
) {
140 if (role
.equalsIgnoreCase(roleDn
))
146 public Set
<CmsUser
> listUsersInGroup(String groupDn
, String filter
) {
147 Group group
= (Group
) userAdmin
.getRole(groupDn
);
149 throw new IllegalArgumentException("Group " + groupDn
+ " not found");
150 Set
<CmsUser
> users
= new HashSet
<>();
151 addUsers(users
, group
, filter
);
155 /** Recursively add users to list */
156 private void addUsers(Set
<CmsUser
> users
, Group group
, String filter
) {
157 Role
[] roles
= ((Group
) group
).getMembers();
158 for (Role role
: roles
) {
159 if (role
.getType() == Role
.GROUP
) {
160 addUsers(users
, (Group
) role
, filter
);
161 } else if (role
.getType() == Role
.USER
) {
162 if (match(role
, filter
))
163 users
.add((CmsUser
) role
);
170 public List
<CmsUser
> listGroups(String filter
, boolean includeUsers
, boolean includeSystemRoles
) {
173 roles
= getUserAdmin().getRoles(filter
);
174 } catch (InvalidSyntaxException e
) {
175 throw new IllegalArgumentException("Unable to get roles with filter: " + filter
, e
);
178 List
<CmsUser
> users
= new ArrayList
<>();
179 for (Role role
: roles
) {
180 if ((includeUsers
&& role
.getType() == Role
.USER
|| role
.getType() == Role
.GROUP
) && !users
.contains(role
)
181 && (includeSystemRoles
182 || !role
.getName().toLowerCase().endsWith(CmsConstants
.SYSTEM_ROLES_BASEDN
))) {
183 if (match(role
, filter
))
184 users
.add((CmsUser
) role
);
190 private boolean match(Role role
, String filter
) {
191 boolean doFilter
= filter
!= null && !"".equals(filter
);
193 for (String prop
: knownProps
) {
194 Object currProp
= null;
196 currProp
= role
.getProperties().get(prop
);
197 } catch (Exception e
) {
200 if (currProp
!= null) {
201 String currPropStr
= ((String
) currProp
).toLowerCase();
202 if (currPropStr
.contains(filter
.toLowerCase())) {
213 public CmsUser
getUserFromLocalId(String localId
) {
214 CmsUser user
= (CmsUser
) getUserAdmin().getUser(LdapAttr
.uid
.name(), localId
);
216 user
= (CmsUser
) getUserAdmin().getUser(LdapAttr
.cn
.name(), localId
);
221 public String
buildDefaultDN(String localId
, int type
) {
222 return buildDistinguishedName(localId
, getDefaultDomainName(), type
);
229 public CmsUser
createUser(String username
, Map
<String
, Object
> properties
, Map
<String
, Object
> credentials
) {
231 userTransaction
.begin();
232 User user
= (User
) userAdmin
.createRole(username
, Role
.USER
);
233 if (properties
!= null) {
234 for (String key
: properties
.keySet())
235 user
.getProperties().put(key
, properties
.get(key
));
237 if (credentials
!= null) {
238 for (String key
: credentials
.keySet())
239 user
.getCredentials().put(key
, credentials
.get(key
));
241 userTransaction
.commit();
242 return (CmsUser
) user
;
243 } catch (Exception e
) {
245 userTransaction
.rollback();
246 } catch (Exception e1
) {
247 log
.error("Could not roll back", e1
);
249 if (e
instanceof RuntimeException
)
250 throw (RuntimeException
) e
;
252 throw new RuntimeException("Cannot create user " + username
, e
);
257 public CmsGroup
createGroup(String dn
) {
259 userTransaction
.begin();
260 CmsGroup group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
261 userTransaction
.commit();
263 } catch (Exception e
) {
265 userTransaction
.rollback();
266 } catch (Exception e1
) {
267 log
.error("Could not roll back", e1
);
269 if (e
instanceof RuntimeException
)
270 throw (RuntimeException
) e
;
272 throw new RuntimeException("Cannot create group " + dn
, e
);
277 public CmsGroup
getOrCreateGroup(HierarchyUnit groups
, String commonName
) {
278 String dn
= LdapAttr
.cn
.name() + "=" + commonName
+ "," + groups
.getBase();
279 CmsGroup group
= (CmsGroup
) getUserAdmin().getRole(dn
);
283 userTransaction
.begin();
284 group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
285 userTransaction
.commit();
287 } catch (Exception e
) {
289 userTransaction
.rollback();
290 } catch (Exception e1
) {
291 log
.error("Could not roll back", e1
);
293 if (e
instanceof RuntimeException
)
294 throw (RuntimeException
) e
;
296 throw new RuntimeException("Cannot create group " + commonName
+ " in " + groups
, e
);
301 public CmsGroup
getOrCreateSystemRole(HierarchyUnit roles
, QName systemRole
) {
302 String dn
= LdapAttr
.cn
.name() + "=" + NamespaceUtils
.toPrefixedName(systemRole
) + "," + roles
.getBase();
303 CmsGroup group
= (CmsGroup
) getUserAdmin().getRole(dn
);
307 userTransaction
.begin();
308 group
= (CmsGroup
) userAdmin
.createRole(dn
, Role
.GROUP
);
309 userTransaction
.commit();
311 } catch (Exception e
) {
313 userTransaction
.rollback();
314 } catch (Exception e1
) {
315 log
.error("Could not roll back", e1
);
317 if (e
instanceof RuntimeException
)
318 throw (RuntimeException
) e
;
320 throw new RuntimeException("Cannot create system role " + systemRole
+ " in " + roles
, e
);
325 public HierarchyUnit
getOrCreateHierarchyUnit(UserDirectory directory
, String path
) {
326 HierarchyUnit hi
= directory
.getHierarchyUnit(path
);
330 userTransaction
.begin();
331 HierarchyUnit hierarchyUnit
= directory
.createHierarchyUnit(path
);
332 userTransaction
.commit();
333 return hierarchyUnit
;
334 } catch (Exception e1
) {
336 if (!userTransaction
.isNoTransactionStatus())
337 userTransaction
.rollback();
338 } catch (Exception e2
) {
339 if (log
.isTraceEnabled())
340 log
.trace("Cannot rollback transaction", e2
);
342 throw new RuntimeException("Cannot create hierarchy unit " + path
+ " in directory " + directory
, e1
);
347 public void addObjectClasses(CmsRole role
, Set
<String
> objectClasses
, Map
<String
, Object
> additionalProperties
) {
349 userTransaction
.begin();
350 LdapEntry
.addObjectClasses(role
.getProperties(), objectClasses
);
351 for (String key
: additionalProperties
.keySet()) {
352 role
.getProperties().put(key
, additionalProperties
.get(key
));
354 userTransaction
.commit();
355 } catch (Exception e1
) {
357 if (!userTransaction
.isNoTransactionStatus())
358 userTransaction
.rollback();
359 } catch (Exception e2
) {
360 if (log
.isTraceEnabled())
361 log
.trace("Cannot rollback transaction", e2
);
363 throw new RuntimeException("Cannot add object classes " + objectClasses
+ " to " + role
, e1
);
368 public void addObjectClasses(HierarchyUnit hierarchyUnit
, Set
<String
> objectClasses
,
369 Map
<String
, Object
> additionalProperties
) {
371 userTransaction
.begin();
372 LdapEntry
.addObjectClasses(hierarchyUnit
.getProperties(), objectClasses
);
373 for (String key
: additionalProperties
.keySet()) {
374 hierarchyUnit
.getProperties().put(key
, additionalProperties
.get(key
));
376 userTransaction
.commit();
377 } catch (Exception e1
) {
379 if (!userTransaction
.isNoTransactionStatus())
380 userTransaction
.rollback();
381 } catch (Exception e2
) {
382 if (log
.isTraceEnabled())
383 log
.trace("Cannot rollback transaction", e2
);
385 throw new RuntimeException("Cannot add object classes " + objectClasses
+ " to " + hierarchyUnit
, e1
);
390 public void edit(Runnable action
) {
391 Objects
.requireNonNull(action
);
393 userTransaction
.begin();
395 userTransaction
.commit();
396 } catch (Exception e1
) {
398 if (!userTransaction
.isNoTransactionStatus())
399 userTransaction
.rollback();
400 } catch (Exception e2
) {
401 if (log
.isTraceEnabled())
402 log
.trace("Cannot rollback transaction", e2
);
404 throw new RuntimeException("Cannot edit", e1
);
409 public void addMember(CmsGroup group
, CmsRole role
) {
411 userTransaction
.begin();
412 ((Group
) group
).addMember((Role
) role
);
413 userTransaction
.commit();
414 } catch (Exception e1
) {
416 if (!userTransaction
.isNoTransactionStatus())
417 userTransaction
.rollback();
418 } catch (Exception e2
) {
419 if (log
.isTraceEnabled())
420 log
.trace("Cannot rollback transaction", e2
);
422 throw new RuntimeException("Cannot add member " + role
+ " to group " + group
, e1
);
427 public void removeMember(CmsGroup group
, CmsRole role
) {
429 userTransaction
.begin();
430 ((Group
) group
).removeMember((Role
) role
);
431 userTransaction
.commit();
432 } catch (Exception e1
) {
434 if (!userTransaction
.isNoTransactionStatus())
435 userTransaction
.rollback();
436 } catch (Exception e2
) {
437 if (log
.isTraceEnabled())
438 log
.trace("Cannot rollback transaction", e2
);
440 throw new RuntimeException("Cannot remove member " + role
+ " from group " + group
, e1
);
445 public String
getDefaultDomainName() {
446 Map
<String
, String
> dns
= getKnownBaseDns(true);
448 return dns
.keySet().iterator().next();
450 throw new IllegalStateException("Current context contains " + dns
.size() + " base dns: "
451 + dns
.keySet().toString() + ". Unable to chose a default one.");
454 public Map
<String
, String
> getKnownBaseDns(boolean onlyWritable
) {
455 Map
<String
, String
> dns
= new HashMap
<String
, String
>();
456 for (UserDirectory userDirectory
: userDirectories
) {
457 Boolean readOnly
= userDirectory
.isReadOnly();
458 String baseDn
= userDirectory
.getBase();
460 if (onlyWritable
&& readOnly
)
462 if (baseDn
.equalsIgnoreCase(CmsConstants
.SYSTEM_ROLES_BASEDN
))
464 if (baseDn
.equalsIgnoreCase(CmsConstants
.TOKENS_BASEDN
))
466 dns
.put(baseDn
, DirectoryConf
.propertiesAsUri(userDirectory
.getProperties()).toString());
472 public Set
<UserDirectory
> getUserDirectories() {
473 TreeSet
<UserDirectory
> res
= new TreeSet
<>((o1
, o2
) -> o1
.getBase().compareTo(o2
.getBase()));
474 res
.addAll(userDirectories
);
478 public String
buildDistinguishedName(String localId
, String baseDn
, int type
) {
479 Map
<String
, String
> dns
= getKnownBaseDns(true);
480 Dictionary
<String
, ?
> props
= DirectoryConf
.uriAsProperties(dns
.get(baseDn
));
482 if (Role
.GROUP
== type
)
483 dn
= LdapAttr
.cn
.name() + "=" + localId
+ "," + DirectoryConf
.groupBase
.getValue(props
) + "," + baseDn
;
484 else if (Role
.USER
== type
)
485 dn
= LdapAttr
.uid
.name() + "=" + localId
+ "," + DirectoryConf
.userBase
.getValue(props
) + "," + baseDn
;
487 throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId
);
492 public void changeOwnPassword(char[] oldPassword
, char[] newPassword
) {
493 String name
= CurrentUser
.getUsername();
496 dn
= new LdapName(name
);
497 } catch (InvalidNameException e
) {
498 throw new IllegalArgumentException("Invalid user dn " + name
, e
);
500 User user
= (User
) userAdmin
.getRole(dn
.toString());
501 if (!user
.hasCredential(null, oldPassword
))
502 throw new IllegalArgumentException("Invalid password");
503 if (Arrays
.equals(newPassword
, new char[0]))
504 throw new IllegalArgumentException("New password empty");
506 userTransaction
.begin();
507 user
.getCredentials().put(null, newPassword
);
508 userTransaction
.commit();
509 } catch (Exception e
) {
511 userTransaction
.rollback();
512 } catch (Exception e1
) {
513 log
.error("Could not roll back", e1
);
515 if (e
instanceof RuntimeException
)
516 throw (RuntimeException
) e
;
518 throw new RuntimeException("Cannot change password", e
);
522 public void resetPassword(String username
, char[] newPassword
) {
525 dn
= new LdapName(username
);
526 } catch (InvalidNameException e
) {
527 throw new IllegalArgumentException("Invalid user dn " + username
, e
);
529 User user
= (User
) userAdmin
.getRole(dn
.toString());
530 if (Arrays
.equals(newPassword
, new char[0]))
531 throw new IllegalArgumentException("New password empty");
533 userTransaction
.begin();
534 user
.getCredentials().put(null, newPassword
);
535 userTransaction
.commit();
536 } catch (Exception e
) {
538 userTransaction
.rollback();
539 } catch (Exception e1
) {
540 log
.error("Could not roll back", e1
);
542 if (e
instanceof RuntimeException
)
543 throw (RuntimeException
) e
;
545 throw new RuntimeException("Cannot change password", e
);
549 public String
addSharedSecret(String email
, int hours
) {
550 User user
= (User
) userAdmin
.getUser(LdapAttr
.mail
.name(), email
);
552 userTransaction
.begin();
553 String uuid
= UUID
.randomUUID().toString();
554 SharedSecret sharedSecret
= new SharedSecret(hours
, uuid
);
555 user
.getCredentials().put(SharedSecret
.X_SHARED_SECRET
, sharedSecret
.toAuthPassword());
556 String tokenStr
= sharedSecret
.getAuthInfo() + '$' + sharedSecret
.getAuthValue();
557 userTransaction
.commit();
559 } catch (Exception e
) {
561 userTransaction
.rollback();
562 } catch (Exception e1
) {
563 log
.error("Could not roll back", e1
);
565 if (e
instanceof RuntimeException
)
566 throw (RuntimeException
) e
;
568 throw new RuntimeException("Cannot change password", e
);
573 public String
addSharedSecret(String username
, String authInfo
, String authToken
) {
575 userTransaction
.begin();
576 User user
= (User
) userAdmin
.getRole(username
);
577 SharedSecret sharedSecret
= new SharedSecret(authInfo
, authToken
);
578 user
.getCredentials().put(SharedSecret
.X_SHARED_SECRET
, sharedSecret
.toAuthPassword());
579 String tokenStr
= sharedSecret
.getAuthInfo() + '$' + sharedSecret
.getAuthValue();
580 userTransaction
.commit();
582 } catch (Exception e1
) {
584 if (!userTransaction
.isNoTransactionStatus())
585 userTransaction
.rollback();
586 } catch (Exception e2
) {
587 if (log
.isTraceEnabled())
588 log
.trace("Cannot rollback transaction", e2
);
590 throw new RuntimeException("Cannot add shared secret", e1
);
595 public void expireAuthToken(String token
) {
597 userTransaction
.begin();
598 String dn
= cn
+ "=" + token
+ "," + CmsConstants
.TOKENS_BASEDN
;
599 Group tokenGroup
= (Group
) userAdmin
.getRole(dn
);
600 String ldapDate
= NamingUtils
.instantToLdapDate(ZonedDateTime
.now(ZoneOffset
.UTC
));
601 tokenGroup
.getProperties().put(description
.name(), ldapDate
);
602 userTransaction
.commit();
603 if (log
.isDebugEnabled())
604 log
.debug("Token " + token
+ " expired.");
605 } catch (Exception e1
) {
607 if (!userTransaction
.isNoTransactionStatus())
608 userTransaction
.rollback();
609 } catch (Exception e2
) {
610 if (log
.isTraceEnabled())
611 log
.trace("Cannot rollback transaction", e2
);
613 throw new RuntimeException("Cannot expire token", e1
);
618 public void expireAuthTokens(Subject subject
) {
619 Set
<String
> tokens
= TokenUtils
.tokensUsed(subject
, CmsConstants
.TOKENS_BASEDN
);
620 for (String token
: tokens
)
621 expireAuthToken(token
);
625 public void addAuthToken(String userDn
, String token
, Integer hours
, String
... roles
) {
626 addAuthToken(userDn
, token
, ZonedDateTime
.now().plusHours(hours
), roles
);
630 public void addAuthToken(String userDn
, String token
, ZonedDateTime expiryDate
, String
... roles
) {
632 userTransaction
.begin();
633 User user
= (User
) userAdmin
.getRole(userDn
);
634 String tokenDn
= cn
+ "=" + token
+ "," + CmsConstants
.TOKENS_BASEDN
;
635 Group tokenGroup
= (Group
) userAdmin
.createRole(tokenDn
, Role
.GROUP
);
637 for (String role
: roles
) {
638 Role r
= userAdmin
.getRole(role
);
640 tokenGroup
.addMember(r
);
642 if (!role
.equals(CmsConstants
.ROLE_USER
)) {
643 throw new IllegalStateException(
644 "Cannot add role " + role
+ " to token " + token
+ " for " + userDn
);
648 tokenGroup
.getProperties().put(owner
.name(), user
.getName());
649 if (expiryDate
!= null) {
650 String ldapDate
= NamingUtils
.instantToLdapDate(expiryDate
);
651 tokenGroup
.getProperties().put(description
.name(), ldapDate
);
653 userTransaction
.commit();
654 } catch (Exception e1
) {
656 if (!userTransaction
.isNoTransactionStatus())
657 userTransaction
.rollback();
658 } catch (Exception e2
) {
659 if (log
.isTraceEnabled())
660 log
.trace("Cannot rollback transaction", e2
);
662 throw new RuntimeException("Cannot add token", e1
);
667 public UserDirectory
getDirectory(CmsRole user
) {
668 String name
= user
.getName();
669 NavigableMap
<String
, UserDirectory
> possible
= new TreeMap
<>();
670 for (UserDirectory userDirectory
: userDirectories
) {
671 if (name
.endsWith(userDirectory
.getBase())) {
672 possible
.put(userDirectory
.getBase(), userDirectory
);
675 if (possible
.size() == 0)
676 throw new IllegalStateException("No user directory found for user " + name
);
677 return possible
.lastEntry().getValue();
680 // public User createUserFromPerson(Node person) {
681 // String email = JcrUtils.get(person, LdapAttrs.mail.property());
682 // String dn = buildDefaultDN(email, Role.USER);
685 // userTransaction.begin();
686 // user = (User) userAdmin.createRole(dn, Role.USER);
687 // Dictionary<String, Object> userProperties = user.getProperties();
688 // String name = JcrUtils.get(person, LdapAttrs.displayName.property());
689 // userProperties.put(LdapAttrs.cn.name(), name);
690 // userProperties.put(LdapAttrs.displayName.name(), name);
691 // String givenName = JcrUtils.get(person, LdapAttrs.givenName.property());
692 // String surname = JcrUtils.get(person, LdapAttrs.sn.property());
693 // userProperties.put(LdapAttrs.givenName.name(), givenName);
694 // userProperties.put(LdapAttrs.sn.name(), surname);
695 // userProperties.put(LdapAttrs.mail.name(), email.toLowerCase());
696 // userTransaction.commit();
697 // } catch (Exception e) {
699 // userTransaction.rollback();
700 // } catch (Exception e1) {
701 // log.error("Could not roll back", e1);
703 // if (e instanceof RuntimeException)
704 // throw (RuntimeException) e;
706 // throw new RuntimeException("Cannot create user", e);
711 public UserAdmin
getUserAdmin() {
715 // public UserTransaction getUserTransaction() {
716 // return userTransaction;
719 /* DEPENDENCY INJECTION */
720 public void setUserAdmin(UserAdmin userAdmin
) {
721 this.userAdmin
= userAdmin
;
723 if (userAdmin
instanceof AggregatingUserAdmin
) {
724 userDirectories
= ((AggregatingUserAdmin
) userAdmin
).getUserDirectories();
726 throw new IllegalArgumentException("Only " + AggregatingUserAdmin
.class.getName() + " is supported.");
729 // this.serviceProperties = serviceProperties;
732 public void setUserTransaction(WorkTransaction userTransaction
) {
733 this.userTransaction
= userTransaction
;
736 // public void addUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
737 // userDirectories.put(userDirectory, new Hashtable<>(properties));
740 // public void removeUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
741 // userDirectories.remove(userDirectory);