1 package org
.argeo
.osgi
.useradmin
;
3 import java
.util
.ArrayList
;
4 import java
.util
.Arrays
;
5 import java
.util
.HashMap
;
6 import java
.util
.HashSet
;
11 import javax
.naming
.InvalidNameException
;
12 import javax
.naming
.ldap
.LdapName
;
14 import org
.osgi
.framework
.InvalidSyntaxException
;
15 import org
.osgi
.service
.useradmin
.Authorization
;
16 import org
.osgi
.service
.useradmin
.Group
;
17 import org
.osgi
.service
.useradmin
.Role
;
18 import org
.osgi
.service
.useradmin
.User
;
19 import org
.osgi
.service
.useradmin
.UserAdmin
;
22 * Aggregates multiple {@link UserDirectory} and integrates them with system
25 public class AggregatingUserAdmin
implements UserAdmin
{
26 private final LdapName systemRolesBaseDn
;
27 private final LdapName tokensBaseDn
;
30 private AbstractUserDirectory systemRoles
= null;
31 private AbstractUserDirectory tokens
= null;
32 private Map
<LdapName
, AbstractUserDirectory
> businessRoles
= new HashMap
<LdapName
, AbstractUserDirectory
>();
34 public AggregatingUserAdmin(String systemRolesBaseDn
, String tokensBaseDn
) {
36 this.systemRolesBaseDn
= new LdapName(systemRolesBaseDn
);
37 if (tokensBaseDn
!= null)
38 this.tokensBaseDn
= new LdapName(tokensBaseDn
);
40 this.tokensBaseDn
= null;
41 } catch (InvalidNameException e
) {
42 throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin
.class, e
);
47 public Role
createRole(String name
, int type
) {
48 return findUserAdmin(name
).createRole(name
, type
);
52 public boolean removeRole(String name
) {
53 boolean actuallyDeleted
= findUserAdmin(name
).removeRole(name
);
54 systemRoles
.removeRole(name
);
55 return actuallyDeleted
;
59 public Role
getRole(String name
) {
60 return findUserAdmin(name
).getRole(name
);
64 public Role
[] getRoles(String filter
) throws InvalidSyntaxException
{
65 List
<Role
> res
= new ArrayList
<Role
>();
66 for (UserAdmin userAdmin
: businessRoles
.values()) {
67 res
.addAll(Arrays
.asList(userAdmin
.getRoles(filter
)));
69 res
.addAll(Arrays
.asList(systemRoles
.getRoles(filter
)));
70 return res
.toArray(new Role
[res
.size()]);
74 public User
getUser(String key
, String value
) {
75 List
<User
> res
= new ArrayList
<User
>();
76 for (UserAdmin userAdmin
: businessRoles
.values()) {
77 User u
= userAdmin
.getUser(key
, value
);
81 // Note: node roles cannot contain users, so it is not searched
82 return res
.size() == 1 ? res
.get(0) : null;
86 public Authorization
getAuthorization(User user
) {
87 if (user
== null) {// anonymous
88 return systemRoles
.getAuthorization(null);
90 UserAdmin userAdmin
= findUserAdmin(user
.getName());
91 Authorization rawAuthorization
= userAdmin
.getAuthorization(user
);
93 String displayNameToUse
;
94 if (user
instanceof Group
) {
95 String ownerDn
= TokenUtils
.userDn((Group
) user
);
96 if (ownerDn
!= null) {// tokens
97 UserAdmin ownerUserAdmin
= findUserAdmin(ownerDn
);
98 User ownerUser
= (User
) ownerUserAdmin
.getRole(ownerDn
);
99 usernameToUse
= ownerDn
;
100 displayNameToUse
= LdifAuthorization
.extractDisplayName(ownerUser
);
102 usernameToUse
= rawAuthorization
.getName();
103 displayNameToUse
= rawAuthorization
.toString();
105 } else {// regular users
106 usernameToUse
= rawAuthorization
.getName();
107 displayNameToUse
= rawAuthorization
.toString();
109 // gather system roles
110 Set
<String
> sysRoles
= new HashSet
<String
>();
111 for (String role
: rawAuthorization
.getRoles()) {
112 Authorization auth
= systemRoles
.getAuthorization((User
) userAdmin
.getRole(role
));
113 systemRoles
:for(String systemRole
:auth
.getRoles()) {
114 if(role
.equals(systemRole
))
115 continue systemRoles
;
116 sysRoles
.add(systemRole
);
118 // sysRoles.addAll(Arrays.asList(auth.getRoles()));
120 addAbstractSystemRoles(rawAuthorization
, sysRoles
);
121 Authorization authorization
= new AggregatingAuthorization(usernameToUse
, displayNameToUse
, sysRoles
,
122 rawAuthorization
.getRoles());
123 return authorization
;
127 * Enrich with application-specific roles which are strictly programmatic, such
128 * as anonymous/user semantics.
130 protected void addAbstractSystemRoles(Authorization rawAuthorization
, Set
<String
> sysRoles
) {
135 // USER ADMIN AGGREGATOR
137 protected void addUserDirectory(AbstractUserDirectory userDirectory
) {
138 LdapName baseDn
= userDirectory
.getBaseDn();
139 if (isSystemRolesBaseDn(baseDn
)) {
140 this.systemRoles
= userDirectory
;
141 systemRoles
.setExternalRoles(this);
142 } else if (isTokensBaseDn(baseDn
)) {
143 this.tokens
= userDirectory
;
144 tokens
.setExternalRoles(this);
146 if (businessRoles
.containsKey(baseDn
))
147 throw new UserDirectoryException("There is already a user admin for " + baseDn
);
148 businessRoles
.put(baseDn
, userDirectory
);
150 userDirectory
.init();
151 postAdd(userDirectory
);
154 /** Called after a new user directory has been added */
155 protected void postAdd(AbstractUserDirectory userDirectory
) {
158 private UserAdmin
findUserAdmin(String name
) {
160 UserAdmin userAdmin
= findUserAdmin(new LdapName(name
));
162 } catch (InvalidNameException e
) {
163 throw new UserDirectoryException("Badly formatted name " + name
, e
);
167 private UserAdmin
findUserAdmin(LdapName name
) {
168 if (name
.startsWith(systemRolesBaseDn
))
170 if (tokensBaseDn
!= null && name
.startsWith(tokensBaseDn
))
172 List
<UserAdmin
> res
= new ArrayList
<UserAdmin
>(1);
173 for (LdapName baseDn
: businessRoles
.keySet()) {
174 AbstractUserDirectory ud
= businessRoles
.get(baseDn
);
175 if (name
.startsWith(baseDn
)) {
176 if (!ud
.isDisabled())
179 // Object principal = ud.getProperties().get(Context.SECURITY_PRINCIPAL);
180 // if (principal != null) {
182 // LdapName principalLdapName = new LdapName(principal.toString());
183 // if (principalLdapName.equals(name))
185 // } catch (InvalidNameException e) {
191 throw new UserDirectoryException("Cannot find user admin for " + name
);
193 throw new UserDirectoryException("Multiple user admin found for " + name
);
197 protected boolean isSystemRolesBaseDn(LdapName baseDn
) {
198 return baseDn
.equals(systemRolesBaseDn
);
201 protected boolean isTokensBaseDn(LdapName baseDn
) {
202 return tokensBaseDn
!= null && baseDn
.equals(tokensBaseDn
);
205 // protected Dictionary<String, Object> currentState() {
206 // Dictionary<String, Object> res = new Hashtable<String, Object>();
207 // // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
208 // for (LdapName name : businessRoles.keySet()) {
209 // AbstractUserDirectory userDirectory = businessRoles.get(name);
210 // String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
216 public void destroy() {
217 for (LdapName name
: businessRoles
.keySet()) {
218 AbstractUserDirectory userDirectory
= businessRoles
.get(name
);
219 destroy(userDirectory
);
221 businessRoles
.clear();
222 businessRoles
= null;
223 destroy(systemRoles
);
227 private void destroy(AbstractUserDirectory userDirectory
) {
228 preDestroy(userDirectory
);
229 userDirectory
.destroy();
232 protected void removeUserDirectory(LdapName baseDn
) {
233 if (isSystemRolesBaseDn(baseDn
))
234 throw new UserDirectoryException("System roles cannot be removed ");
235 if (!businessRoles
.containsKey(baseDn
))
236 throw new UserDirectoryException("No user directory registered for " + baseDn
);
237 AbstractUserDirectory userDirectory
= businessRoles
.remove(baseDn
);
238 destroy(userDirectory
);
242 * Called before each user directory is destroyed, so that additional actions
245 protected void preDestroy(AbstractUserDirectory userDirectory
) {