1 package org
.argeo
.osgi
.useradmin
;
3 import java
.util
.ArrayList
;
4 import java
.util
.Arrays
;
5 import java
.util
.Dictionary
;
6 import java
.util
.HashMap
;
7 import java
.util
.HashSet
;
8 import java
.util
.Hashtable
;
13 import javax
.naming
.InvalidNameException
;
14 import javax
.naming
.ldap
.LdapName
;
16 import org
.argeo
.naming
.LdapAttrs
;
17 import org
.osgi
.framework
.InvalidSyntaxException
;
18 import org
.osgi
.service
.useradmin
.Authorization
;
19 import org
.osgi
.service
.useradmin
.Group
;
20 import org
.osgi
.service
.useradmin
.Role
;
21 import org
.osgi
.service
.useradmin
.User
;
22 import org
.osgi
.service
.useradmin
.UserAdmin
;
25 * Aggregates multiple {@link UserDirectory} and integrates them with system
28 public class AggregatingUserAdmin
implements UserAdmin
{
29 private final LdapName systemRolesBaseDn
;
32 private AbstractUserDirectory systemRoles
= null;
33 private Map
<LdapName
, AbstractUserDirectory
> businessRoles
= new HashMap
<LdapName
, AbstractUserDirectory
>();
35 public AggregatingUserAdmin(String systemRolesBaseDn
) {
37 this.systemRolesBaseDn
= new LdapName(systemRolesBaseDn
);
38 } catch (InvalidNameException e
) {
39 throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin
.class, e
);
44 public Role
createRole(String name
, int type
) {
45 return findUserAdmin(name
).createRole(name
, type
);
49 public boolean removeRole(String name
) {
50 boolean actuallyDeleted
= findUserAdmin(name
).removeRole(name
);
51 systemRoles
.removeRole(name
);
52 return actuallyDeleted
;
56 public Role
getRole(String name
) {
57 return findUserAdmin(name
).getRole(name
);
61 public Role
[] getRoles(String filter
) throws InvalidSyntaxException
{
62 List
<Role
> res
= new ArrayList
<Role
>();
63 for (UserAdmin userAdmin
: businessRoles
.values()) {
64 res
.addAll(Arrays
.asList(userAdmin
.getRoles(filter
)));
66 res
.addAll(Arrays
.asList(systemRoles
.getRoles(filter
)));
67 return res
.toArray(new Role
[res
.size()]);
71 public User
getUser(String key
, String value
) {
72 List
<User
> res
= new ArrayList
<User
>();
73 for (UserAdmin userAdmin
: businessRoles
.values()) {
74 User u
= userAdmin
.getUser(key
, value
);
78 // Note: node roles cannot contain users, so it is not searched
79 return res
.size() == 1 ? res
.get(0) : null;
83 public Authorization
getAuthorization(User user
) {
84 if (user
== null) {// anonymous
85 return systemRoles
.getAuthorization(null);
87 UserAdmin userAdmin
= findUserAdmin(user
.getName());
88 Authorization rawAuthorization
= userAdmin
.getAuthorization(user
);
90 String displayNameToUse
;
91 if (user
instanceof Group
) {
92 String ownerDn
= (String
) user
.getProperties().get(LdapAttrs
.owner
.name());
93 if (ownerDn
!= null) {// tokens
94 UserAdmin ownerUserAdmin
= findUserAdmin(ownerDn
);
95 User ownerUser
= (User
) ownerUserAdmin
.getRole(ownerDn
);
96 usernameToUse
= ownerDn
;
97 displayNameToUse
= LdifAuthorization
.extractDisplayName(ownerUser
);
99 usernameToUse
= rawAuthorization
.getName();
100 displayNameToUse
= rawAuthorization
.toString();
102 } else {// regular users
103 usernameToUse
= rawAuthorization
.getName();
104 displayNameToUse
= rawAuthorization
.toString();
106 // gather system roles
107 Set
<String
> sysRoles
= new HashSet
<String
>();
108 for (String role
: rawAuthorization
.getRoles()) {
109 Authorization auth
= systemRoles
.getAuthorization((User
) userAdmin
.getRole(role
));
110 sysRoles
.addAll(Arrays
.asList(auth
.getRoles()));
112 addAbstractSystemRoles(rawAuthorization
, sysRoles
);
113 Authorization authorization
= new AggregatingAuthorization(usernameToUse
, displayNameToUse
, sysRoles
,
114 rawAuthorization
.getRoles());
115 return authorization
;
119 * Enrich with application-specific roles which are strictly programmatic, such
120 * as anonymous/user semantics.
122 protected void addAbstractSystemRoles(Authorization rawAuthorization
, Set
<String
> sysRoles
) {
127 // USER ADMIN AGGREGATOR
129 protected void addUserDirectory(AbstractUserDirectory userDirectory
) {
130 LdapName baseDn
= userDirectory
.getBaseDn();
131 if (isSystemRolesBaseDn(baseDn
)) {
132 this.systemRoles
= userDirectory
;
133 systemRoles
.setExternalRoles(this);
135 if (businessRoles
.containsKey(baseDn
))
136 throw new UserDirectoryException("There is already a user admin for " + baseDn
);
137 businessRoles
.put(baseDn
, userDirectory
);
139 userDirectory
.init();
140 postAdd(userDirectory
);
143 /** Called after a new user directory has been added */
144 protected void postAdd(AbstractUserDirectory userDirectory
) {
147 private UserAdmin
findUserAdmin(String name
) {
149 UserAdmin userAdmin
= findUserAdmin(new LdapName(name
));
151 } catch (InvalidNameException e
) {
152 throw new UserDirectoryException("Badly formatted name " + name
, e
);
156 private UserAdmin
findUserAdmin(LdapName name
) {
157 if (name
.startsWith(systemRolesBaseDn
))
159 List
<UserAdmin
> res
= new ArrayList
<UserAdmin
>(1);
160 for (LdapName baseDn
: businessRoles
.keySet()) {
161 if (name
.startsWith(baseDn
)) {
162 AbstractUserDirectory ud
= businessRoles
.get(baseDn
);
163 if (!ud
.isDisabled())
168 throw new UserDirectoryException("Cannot find user admin for " + name
);
170 throw new UserDirectoryException("Multiple user admin found for " + name
);
174 protected boolean isSystemRolesBaseDn(LdapName baseDn
) {
175 return baseDn
.equals(systemRolesBaseDn
);
178 protected Dictionary
<String
, Object
> currentState() {
179 Dictionary
<String
, Object
> res
= new Hashtable
<String
, Object
>();
180 // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
181 for (LdapName name
: businessRoles
.keySet()) {
182 AbstractUserDirectory userDirectory
= businessRoles
.get(name
);
183 String uri
= UserAdminConf
.propertiesAsUri(userDirectory
.getProperties()).toString();
189 public void destroy() {
190 for (LdapName name
: businessRoles
.keySet()) {
191 AbstractUserDirectory userDirectory
= businessRoles
.get(name
);
192 destroy(userDirectory
);
194 businessRoles
.clear();
195 businessRoles
= null;
196 destroy(systemRoles
);
200 private void destroy(AbstractUserDirectory userDirectory
) {
201 preDestroy(userDirectory
);
202 userDirectory
.destroy();
205 protected void removeUserDirectory(LdapName baseDn
) {
206 if (isSystemRolesBaseDn(baseDn
))
207 throw new UserDirectoryException("System roles cannot be removed ");
208 if (!businessRoles
.containsKey(baseDn
))
209 throw new UserDirectoryException("No user directory registered for " + baseDn
);
210 AbstractUserDirectory userDirectory
= businessRoles
.remove(baseDn
);
211 destroy(userDirectory
);
215 * Called before each user directory is destroyed, so that additional actions
218 protected void preDestroy(AbstractUserDirectory userDirectory
) {