]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserManagerImpl.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix IPA initialisation
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsUserManagerImpl.java
1 package org.argeo.cms.internal.runtime;
2
3 import static org.argeo.api.acr.ldap.LdapAttr.cn;
4 import static org.argeo.api.acr.ldap.LdapAttr.description;
5 import static org.argeo.api.acr.ldap.LdapAttr.owner;
6
7 import java.time.ZoneOffset;
8 import java.time.ZonedDateTime;
9 import java.util.ArrayList;
10 import java.util.Arrays;
11 import java.util.Dictionary;
12 import java.util.HashMap;
13 import java.util.HashSet;
14 import java.util.List;
15 import java.util.Map;
16 import java.util.NavigableMap;
17 import java.util.Objects;
18 import java.util.Set;
19 import java.util.TreeMap;
20 import java.util.TreeSet;
21 import java.util.UUID;
22
23 import javax.naming.InvalidNameException;
24 import javax.naming.ldap.LdapName;
25 import javax.security.auth.Subject;
26 import javax.xml.namespace.QName;
27
28 import org.argeo.api.acr.NamespaceUtils;
29 import org.argeo.api.acr.ldap.LdapAttr;
30 import org.argeo.api.acr.ldap.NamingUtils;
31 import org.argeo.api.cms.CmsConstants;
32 import org.argeo.api.cms.CmsLog;
33 import org.argeo.api.cms.directory.CmsGroup;
34 import org.argeo.api.cms.directory.CmsRole;
35 import org.argeo.api.cms.directory.CmsUser;
36 import org.argeo.api.cms.directory.CmsUserManager;
37 import org.argeo.api.cms.directory.HierarchyUnit;
38 import org.argeo.api.cms.directory.UserDirectory;
39 import org.argeo.api.cms.transaction.WorkTransaction;
40 import org.argeo.cms.CurrentUser;
41 import org.argeo.cms.auth.UserAdminUtils;
42 import org.argeo.cms.directory.ldap.LdapEntry;
43 import org.argeo.cms.directory.ldap.SharedSecret;
44 import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
45 import org.argeo.cms.osgi.useradmin.TokenUtils;
46 import org.argeo.cms.runtime.DirectoryConf;
47 import org.osgi.framework.InvalidSyntaxException;
48 import org.osgi.service.useradmin.Authorization;
49 import org.osgi.service.useradmin.Group;
50 import org.osgi.service.useradmin.Role;
51 import org.osgi.service.useradmin.User;
52 import org.osgi.service.useradmin.UserAdmin;
53
54 /**
55 * Canonical implementation of the people {@link CmsUserManager}. Wraps
56 * interaction with users and groups.
57 *
58 * In a *READ-ONLY* mode. We want to be able to:
59 * <ul>
60 * <li>Retrieve my user and corresponding information (main info,
61 * groups...)</li>
62 * <li>List all local groups (not the system roles)</li>
63 * <li>If sufficient rights: retrieve a given user and its information</li>
64 * </ul>
65 */
66 public class CmsUserManagerImpl implements CmsUserManager {
67 private final static CmsLog log = CmsLog.getLog(CmsUserManagerImpl.class);
68
69 private UserAdmin userAdmin;
70 // private Map<String, String> serviceProperties;
71 private WorkTransaction userTransaction;
72
73 private final String[] knownProps = { LdapAttr.cn.name(), LdapAttr.sn.name(), LdapAttr.givenName.name(),
74 LdapAttr.uid.name() };
75
76 // private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
77 // .synchronizedMap(new LinkedHashMap<>());
78
79 private Set<UserDirectory> userDirectories = new HashSet<>();
80
81 public void start() {
82 log.debug(() -> "CMS user manager available");
83 }
84
85 public void stop() {
86
87 }
88
89 // @Override
90 // public String getMyMail() {
91 // return getUserMail(CurrentUser.getUsername());
92 // }
93
94 @Override
95 public CmsRole[] getRoles(String filter) {
96 try {
97 Role[] roles = userAdmin.getRoles(filter);
98 CmsRole[] res = new CmsRole[roles.length];
99 for (int i = 0; i < roles.length; i++)
100 res[i] = (CmsRole) roles[i];
101 return res;
102 } catch (InvalidSyntaxException e) {
103 throw new IllegalArgumentException("Invalid filter " + filter, e);
104 }
105 }
106
107 // ALL USER: WARNING access to this will be later reduced
108
109 /** Retrieve a user given his dn, or <code>null</code> if it doesn't exist. */
110 public CmsUser getUser(String dn) {
111 return (CmsUser) getUserAdmin().getRole(dn);
112 }
113
114 /** Can be a group or a user */
115 public String getUserDisplayName(String dn) {
116 // FIXME: during initialisation phase, the system logs "admin" as user
117 // name rather than the corresponding dn
118 if ("admin".equals(dn))
119 return "System Administrator";
120 else
121 return UserAdminUtils.getUserDisplayName(getUserAdmin(), dn);
122 }
123
124 @Override
125 public String getUserMail(String dn) {
126 return UserAdminUtils.getUserMail(getUserAdmin(), dn);
127 }
128
129 /** Lists all roles of the given user */
130 @Override
131 public String[] getUserRoles(String dn) {
132 Authorization currAuth = getUserAdmin().getAuthorization((User) getUser(dn));
133 return currAuth.getRoles();
134 }
135
136 @Override
137 public boolean isUserInRole(String userDn, String roleDn) {
138 String[] roles = getUserRoles(userDn);
139 for (String role : roles) {
140 if (role.equalsIgnoreCase(roleDn))
141 return true;
142 }
143 return false;
144 }
145
146 public Set<CmsUser> listUsersInGroup(String groupDn, String filter) {
147 Group group = (Group) userAdmin.getRole(groupDn);
148 if (group == null)
149 throw new IllegalArgumentException("Group " + groupDn + " not found");
150 Set<CmsUser> users = new HashSet<>();
151 addUsers(users, group, filter);
152 return users;
153 }
154
155 /** Recursively add users to list */
156 private void addUsers(Set<CmsUser> users, Group group, String filter) {
157 Role[] roles = ((Group) group).getMembers();
158 for (Role role : roles) {
159 if (role.getType() == Role.GROUP) {
160 addUsers(users, (Group) role, filter);
161 } else if (role.getType() == Role.USER) {
162 if (match(role, filter))
163 users.add((CmsUser) role);
164 } else {
165 // ignore
166 }
167 }
168 }
169
170 public List<CmsUser> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
171 Role[] roles = null;
172 try {
173 roles = getUserAdmin().getRoles(filter);
174 } catch (InvalidSyntaxException e) {
175 throw new IllegalArgumentException("Unable to get roles with filter: " + filter, e);
176 }
177
178 List<CmsUser> users = new ArrayList<>();
179 for (Role role : roles) {
180 if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
181 && (includeSystemRoles
182 || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
183 if (match(role, filter))
184 users.add((CmsUser) role);
185 }
186 }
187 return users;
188 }
189
190 private boolean match(Role role, String filter) {
191 boolean doFilter = filter != null && !"".equals(filter);
192 if (doFilter) {
193 for (String prop : knownProps) {
194 Object currProp = null;
195 try {
196 currProp = role.getProperties().get(prop);
197 } catch (Exception e) {
198 throw e;
199 }
200 if (currProp != null) {
201 String currPropStr = ((String) currProp).toLowerCase();
202 if (currPropStr.contains(filter.toLowerCase())) {
203 return true;
204 }
205 }
206 }
207 return false;
208 } else
209 return true;
210 }
211
212 @Override
213 public CmsUser getUserFromLocalId(String localId) {
214 CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttr.uid.name(), localId);
215 if (user == null)
216 user = (CmsUser) getUserAdmin().getUser(LdapAttr.cn.name(), localId);
217 return user;
218 }
219
220 @Override
221 public String buildDefaultDN(String localId, int type) {
222 return buildDistinguishedName(localId, getDefaultDomainName(), type);
223 }
224
225 /*
226 * EDITION
227 */
228 @Override
229 public CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
230 try {
231 userTransaction.begin();
232 User user = (User) userAdmin.createRole(username, Role.USER);
233 if (properties != null) {
234 for (String key : properties.keySet())
235 user.getProperties().put(key, properties.get(key));
236 }
237 if (credentials != null) {
238 for (String key : credentials.keySet())
239 user.getCredentials().put(key, credentials.get(key));
240 }
241 userTransaction.commit();
242 return (CmsUser) user;
243 } catch (Exception e) {
244 try {
245 userTransaction.rollback();
246 } catch (Exception e1) {
247 log.error("Could not roll back", e1);
248 }
249 if (e instanceof RuntimeException)
250 throw (RuntimeException) e;
251 else
252 throw new RuntimeException("Cannot create user " + username, e);
253 }
254 }
255
256 @Override
257 public CmsGroup createGroup(String dn) {
258 try {
259 userTransaction.begin();
260 CmsGroup group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
261 userTransaction.commit();
262 return group;
263 } catch (Exception e) {
264 try {
265 userTransaction.rollback();
266 } catch (Exception e1) {
267 log.error("Could not roll back", e1);
268 }
269 if (e instanceof RuntimeException)
270 throw (RuntimeException) e;
271 else
272 throw new RuntimeException("Cannot create group " + dn, e);
273 }
274 }
275
276 @Override
277 public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
278 String dn = LdapAttr.cn.name() + "=" + commonName + "," + groups.getBase();
279 CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
280 if (group != null)
281 return group;
282 try {
283 userTransaction.begin();
284 group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
285 userTransaction.commit();
286 return group;
287 } catch (Exception e) {
288 try {
289 userTransaction.rollback();
290 } catch (Exception e1) {
291 log.error("Could not roll back", e1);
292 }
293 if (e instanceof RuntimeException)
294 throw (RuntimeException) e;
295 else
296 throw new RuntimeException("Cannot create group " + commonName + " in " + groups, e);
297 }
298 }
299
300 @Override
301 public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, QName systemRole) {
302 String dn = LdapAttr.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole) + "," + roles.getBase();
303 CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
304 if (group != null)
305 return group;
306 try {
307 userTransaction.begin();
308 group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
309 userTransaction.commit();
310 return group;
311 } catch (Exception e) {
312 try {
313 userTransaction.rollback();
314 } catch (Exception e1) {
315 log.error("Could not roll back", e1);
316 }
317 if (e instanceof RuntimeException)
318 throw (RuntimeException) e;
319 else
320 throw new RuntimeException("Cannot create system role " + systemRole + " in " + roles, e);
321 }
322 }
323
324 @Override
325 public HierarchyUnit getOrCreateHierarchyUnit(UserDirectory directory, String path) {
326 HierarchyUnit hi = directory.getHierarchyUnit(path);
327 if (hi != null)
328 return hi;
329 try {
330 userTransaction.begin();
331 HierarchyUnit hierarchyUnit = directory.createHierarchyUnit(path);
332 userTransaction.commit();
333 return hierarchyUnit;
334 } catch (Exception e1) {
335 try {
336 if (!userTransaction.isNoTransactionStatus())
337 userTransaction.rollback();
338 } catch (Exception e2) {
339 if (log.isTraceEnabled())
340 log.trace("Cannot rollback transaction", e2);
341 }
342 throw new RuntimeException("Cannot create hierarchy unit " + path + " in directory " + directory, e1);
343 }
344 }
345
346 @Override
347 public void addObjectClasses(CmsRole role, Set<String> objectClasses, Map<String, Object> additionalProperties) {
348 try {
349 userTransaction.begin();
350 LdapEntry.addObjectClasses(role.getProperties(), objectClasses);
351 for (String key : additionalProperties.keySet()) {
352 role.getProperties().put(key, additionalProperties.get(key));
353 }
354 userTransaction.commit();
355 } catch (Exception e1) {
356 try {
357 if (!userTransaction.isNoTransactionStatus())
358 userTransaction.rollback();
359 } catch (Exception e2) {
360 if (log.isTraceEnabled())
361 log.trace("Cannot rollback transaction", e2);
362 }
363 throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + role, e1);
364 }
365 }
366
367 @Override
368 public void addObjectClasses(HierarchyUnit hierarchyUnit, Set<String> objectClasses,
369 Map<String, Object> additionalProperties) {
370 try {
371 userTransaction.begin();
372 LdapEntry.addObjectClasses(hierarchyUnit.getProperties(), objectClasses);
373 for (String key : additionalProperties.keySet()) {
374 hierarchyUnit.getProperties().put(key, additionalProperties.get(key));
375 }
376 userTransaction.commit();
377 } catch (Exception e1) {
378 try {
379 if (!userTransaction.isNoTransactionStatus())
380 userTransaction.rollback();
381 } catch (Exception e2) {
382 if (log.isTraceEnabled())
383 log.trace("Cannot rollback transaction", e2);
384 }
385 throw new RuntimeException("Cannot add object classes " + objectClasses + " to " + hierarchyUnit, e1);
386 }
387 }
388
389 @Override
390 public void edit(Runnable action) {
391 Objects.requireNonNull(action);
392 try {
393 userTransaction.begin();
394 action.run();
395 userTransaction.commit();
396 } catch (Exception e1) {
397 try {
398 if (!userTransaction.isNoTransactionStatus())
399 userTransaction.rollback();
400 } catch (Exception e2) {
401 if (log.isTraceEnabled())
402 log.trace("Cannot rollback transaction", e2);
403 }
404 throw new RuntimeException("Cannot edit", e1);
405 }
406 }
407
408 @Override
409 public void addMember(CmsGroup group, CmsRole role) {
410 try {
411 userTransaction.begin();
412 ((Group) group).addMember((Role) role);
413 userTransaction.commit();
414 } catch (Exception e1) {
415 try {
416 if (!userTransaction.isNoTransactionStatus())
417 userTransaction.rollback();
418 } catch (Exception e2) {
419 if (log.isTraceEnabled())
420 log.trace("Cannot rollback transaction", e2);
421 }
422 throw new RuntimeException("Cannot add member " + role + " to group " + group, e1);
423 }
424 }
425
426 @Override
427 public void removeMember(CmsGroup group, CmsRole role) {
428 try {
429 userTransaction.begin();
430 ((Group) group).removeMember((Role) role);
431 userTransaction.commit();
432 } catch (Exception e1) {
433 try {
434 if (!userTransaction.isNoTransactionStatus())
435 userTransaction.rollback();
436 } catch (Exception e2) {
437 if (log.isTraceEnabled())
438 log.trace("Cannot rollback transaction", e2);
439 }
440 throw new RuntimeException("Cannot remove member " + role + " from group " + group, e1);
441 }
442 }
443
444 @Override
445 public String getDefaultDomainName() {
446 Map<String, String> dns = getKnownBaseDns(true);
447 if (dns.size() == 1)
448 return dns.keySet().iterator().next();
449 else
450 throw new IllegalStateException("Current context contains " + dns.size() + " base dns: "
451 + dns.keySet().toString() + ". Unable to chose a default one.");
452 }
453
454 public Map<String, String> getKnownBaseDns(boolean onlyWritable) {
455 Map<String, String> dns = new HashMap<String, String>();
456 for (UserDirectory userDirectory : userDirectories) {
457 Boolean readOnly = userDirectory.isReadOnly();
458 String baseDn = userDirectory.getBase();
459
460 if (onlyWritable && readOnly)
461 continue;
462 if (baseDn.equalsIgnoreCase(CmsConstants.SYSTEM_ROLES_BASEDN))
463 continue;
464 if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
465 continue;
466 dns.put(baseDn, DirectoryConf.propertiesAsUri(userDirectory.getProperties()).toString());
467
468 }
469 return dns;
470 }
471
472 public Set<UserDirectory> getUserDirectories() {
473 TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase()));
474 res.addAll(userDirectories);
475 return res;
476 }
477
478 public String buildDistinguishedName(String localId, String baseDn, int type) {
479 Map<String, String> dns = getKnownBaseDns(true);
480 Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
481 String dn = null;
482 if (Role.GROUP == type)
483 dn = LdapAttr.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
484 else if (Role.USER == type)
485 dn = LdapAttr.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
486 else
487 throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
488 return dn;
489 }
490
491 @Override
492 public void changeOwnPassword(char[] oldPassword, char[] newPassword) {
493 String name = CurrentUser.getUsername();
494 LdapName dn;
495 try {
496 dn = new LdapName(name);
497 } catch (InvalidNameException e) {
498 throw new IllegalArgumentException("Invalid user dn " + name, e);
499 }
500 User user = (User) userAdmin.getRole(dn.toString());
501 if (!user.hasCredential(null, oldPassword))
502 throw new IllegalArgumentException("Invalid password");
503 if (Arrays.equals(newPassword, new char[0]))
504 throw new IllegalArgumentException("New password empty");
505 try {
506 userTransaction.begin();
507 user.getCredentials().put(null, newPassword);
508 userTransaction.commit();
509 } catch (Exception e) {
510 try {
511 userTransaction.rollback();
512 } catch (Exception e1) {
513 log.error("Could not roll back", e1);
514 }
515 if (e instanceof RuntimeException)
516 throw (RuntimeException) e;
517 else
518 throw new RuntimeException("Cannot change password", e);
519 }
520 }
521
522 public void resetPassword(String username, char[] newPassword) {
523 LdapName dn;
524 try {
525 dn = new LdapName(username);
526 } catch (InvalidNameException e) {
527 throw new IllegalArgumentException("Invalid user dn " + username, e);
528 }
529 User user = (User) userAdmin.getRole(dn.toString());
530 if (Arrays.equals(newPassword, new char[0]))
531 throw new IllegalArgumentException("New password empty");
532 try {
533 userTransaction.begin();
534 user.getCredentials().put(null, newPassword);
535 userTransaction.commit();
536 } catch (Exception e) {
537 try {
538 userTransaction.rollback();
539 } catch (Exception e1) {
540 log.error("Could not roll back", e1);
541 }
542 if (e instanceof RuntimeException)
543 throw (RuntimeException) e;
544 else
545 throw new RuntimeException("Cannot change password", e);
546 }
547 }
548
549 public String addSharedSecret(String email, int hours) {
550 User user = (User) userAdmin.getUser(LdapAttr.mail.name(), email);
551 try {
552 userTransaction.begin();
553 String uuid = UUID.randomUUID().toString();
554 SharedSecret sharedSecret = new SharedSecret(hours, uuid);
555 user.getCredentials().put(SharedSecret.X_SHARED_SECRET, sharedSecret.toAuthPassword());
556 String tokenStr = sharedSecret.getAuthInfo() + '$' + sharedSecret.getAuthValue();
557 userTransaction.commit();
558 return tokenStr;
559 } catch (Exception e) {
560 try {
561 userTransaction.rollback();
562 } catch (Exception e1) {
563 log.error("Could not roll back", e1);
564 }
565 if (e instanceof RuntimeException)
566 throw (RuntimeException) e;
567 else
568 throw new RuntimeException("Cannot change password", e);
569 }
570 }
571
572 @Deprecated
573 public String addSharedSecret(String username, String authInfo, String authToken) {
574 try {
575 userTransaction.begin();
576 User user = (User) userAdmin.getRole(username);
577 SharedSecret sharedSecret = new SharedSecret(authInfo, authToken);
578 user.getCredentials().put(SharedSecret.X_SHARED_SECRET, sharedSecret.toAuthPassword());
579 String tokenStr = sharedSecret.getAuthInfo() + '$' + sharedSecret.getAuthValue();
580 userTransaction.commit();
581 return tokenStr;
582 } catch (Exception e1) {
583 try {
584 if (!userTransaction.isNoTransactionStatus())
585 userTransaction.rollback();
586 } catch (Exception e2) {
587 if (log.isTraceEnabled())
588 log.trace("Cannot rollback transaction", e2);
589 }
590 throw new RuntimeException("Cannot add shared secret", e1);
591 }
592 }
593
594 @Override
595 public void expireAuthToken(String token) {
596 try {
597 userTransaction.begin();
598 String dn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
599 Group tokenGroup = (Group) userAdmin.getRole(dn);
600 String ldapDate = NamingUtils.instantToLdapDate(ZonedDateTime.now(ZoneOffset.UTC));
601 tokenGroup.getProperties().put(description.name(), ldapDate);
602 userTransaction.commit();
603 if (log.isDebugEnabled())
604 log.debug("Token " + token + " expired.");
605 } catch (Exception e1) {
606 try {
607 if (!userTransaction.isNoTransactionStatus())
608 userTransaction.rollback();
609 } catch (Exception e2) {
610 if (log.isTraceEnabled())
611 log.trace("Cannot rollback transaction", e2);
612 }
613 throw new RuntimeException("Cannot expire token", e1);
614 }
615 }
616
617 @Override
618 public void expireAuthTokens(Subject subject) {
619 Set<String> tokens = TokenUtils.tokensUsed(subject, CmsConstants.TOKENS_BASEDN);
620 for (String token : tokens)
621 expireAuthToken(token);
622 }
623
624 @Override
625 public void addAuthToken(String userDn, String token, Integer hours, String... roles) {
626 addAuthToken(userDn, token, ZonedDateTime.now().plusHours(hours), roles);
627 }
628
629 @Override
630 public void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles) {
631 try {
632 userTransaction.begin();
633 User user = (User) userAdmin.getRole(userDn);
634 String tokenDn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
635 Group tokenGroup = (Group) userAdmin.createRole(tokenDn, Role.GROUP);
636 if (roles != null)
637 for (String role : roles) {
638 Role r = userAdmin.getRole(role);
639 if (r != null)
640 tokenGroup.addMember(r);
641 else {
642 if (!role.equals(CmsConstants.ROLE_USER)) {
643 throw new IllegalStateException(
644 "Cannot add role " + role + " to token " + token + " for " + userDn);
645 }
646 }
647 }
648 tokenGroup.getProperties().put(owner.name(), user.getName());
649 if (expiryDate != null) {
650 String ldapDate = NamingUtils.instantToLdapDate(expiryDate);
651 tokenGroup.getProperties().put(description.name(), ldapDate);
652 }
653 userTransaction.commit();
654 } catch (Exception e1) {
655 try {
656 if (!userTransaction.isNoTransactionStatus())
657 userTransaction.rollback();
658 } catch (Exception e2) {
659 if (log.isTraceEnabled())
660 log.trace("Cannot rollback transaction", e2);
661 }
662 throw new RuntimeException("Cannot add token", e1);
663 }
664 }
665
666 @Override
667 public UserDirectory getDirectory(CmsRole user) {
668 String name = user.getName();
669 NavigableMap<String, UserDirectory> possible = new TreeMap<>();
670 for (UserDirectory userDirectory : userDirectories) {
671 if (name.endsWith(userDirectory.getBase())) {
672 possible.put(userDirectory.getBase(), userDirectory);
673 }
674 }
675 if (possible.size() == 0)
676 throw new IllegalStateException("No user directory found for user " + name);
677 return possible.lastEntry().getValue();
678 }
679
680 // public User createUserFromPerson(Node person) {
681 // String email = JcrUtils.get(person, LdapAttrs.mail.property());
682 // String dn = buildDefaultDN(email, Role.USER);
683 // User user;
684 // try {
685 // userTransaction.begin();
686 // user = (User) userAdmin.createRole(dn, Role.USER);
687 // Dictionary<String, Object> userProperties = user.getProperties();
688 // String name = JcrUtils.get(person, LdapAttrs.displayName.property());
689 // userProperties.put(LdapAttrs.cn.name(), name);
690 // userProperties.put(LdapAttrs.displayName.name(), name);
691 // String givenName = JcrUtils.get(person, LdapAttrs.givenName.property());
692 // String surname = JcrUtils.get(person, LdapAttrs.sn.property());
693 // userProperties.put(LdapAttrs.givenName.name(), givenName);
694 // userProperties.put(LdapAttrs.sn.name(), surname);
695 // userProperties.put(LdapAttrs.mail.name(), email.toLowerCase());
696 // userTransaction.commit();
697 // } catch (Exception e) {
698 // try {
699 // userTransaction.rollback();
700 // } catch (Exception e1) {
701 // log.error("Could not roll back", e1);
702 // }
703 // if (e instanceof RuntimeException)
704 // throw (RuntimeException) e;
705 // else
706 // throw new RuntimeException("Cannot create user", e);
707 // }
708 // return user;
709 // }
710
711 public UserAdmin getUserAdmin() {
712 return userAdmin;
713 }
714
715 // public UserTransaction getUserTransaction() {
716 // return userTransaction;
717 // }
718
719 /* DEPENDENCY INJECTION */
720 public void setUserAdmin(UserAdmin userAdmin) {
721 this.userAdmin = userAdmin;
722
723 if (userAdmin instanceof AggregatingUserAdmin) {
724 userDirectories = ((AggregatingUserAdmin) userAdmin).getUserDirectories();
725 } else {
726 throw new IllegalArgumentException("Only " + AggregatingUserAdmin.class.getName() + " is supported.");
727 }
728
729 // this.serviceProperties = serviceProperties;
730 }
731
732 public void setUserTransaction(WorkTransaction userTransaction) {
733 this.userTransaction = userTransaction;
734 }
735
736 // public void addUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
737 // userDirectories.put(userDirectory, new Hashtable<>(properties));
738 // }
739 //
740 // public void removeUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
741 // userDirectories.remove(userDirectory);
742 // }
743
744 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi