- UserAdmin userAdmin = findUserAdmin(user.getName());
- Authorization rawAuthorization = userAdmin.getAuthorization(user);
- // gather system roles
- Set<String> sysRoles = new HashSet<String>();
- for (String role : rawAuthorization.getRoles()) {
- Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
- sysRoles.addAll(Arrays.asList(auth.getRoles()));
+ AbstractUserDirectory userReferentialOfThisUser = findUserAdmin(user.getName());
+ Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+ String usernameToUse;
+ String displayNameToUse;
+ if (user instanceof Group) {
+ // TODO check whether this is still working
+ String ownerDn = TokenUtils.userDn((Group) user);
+ if (ownerDn != null) {// tokens
+ UserAdmin ownerUserAdmin = findUserAdmin(ownerDn);
+ User ownerUser = (User) ownerUserAdmin.getRole(ownerDn);
+ usernameToUse = ownerDn;
+ displayNameToUse = LdifAuthorization.extractDisplayName(ownerUser);
+ } else {
+ usernameToUse = rawAuthorization.getName();
+ displayNameToUse = rawAuthorization.toString();
+ }
+ } else {// regular users
+ usernameToUse = rawAuthorization.getName();
+ displayNameToUse = rawAuthorization.toString();
+ }
+
+ // gather roles from other referentials
+ final AbstractUserDirectory userAdminToUse;// possibly scoped when authenticating
+ if (user instanceof DirectoryUser) {
+ userAdminToUse = userReferentialOfThisUser;
+ } else if (user instanceof AuthenticatingUser) {
+ userAdminToUse = userReferentialOfThisUser.scope(user);
+ } else {
+ throw new IllegalArgumentException("Unsupported user type " + user.getClass());
+ }
+
+ try {
+ Set<String> sysRoles = new HashSet<String>();
+ for (String role : rawAuthorization.getRoles()) {
+ User userOrGroup = (User) userAdminToUse.getRole(role);
+ Authorization auth = systemRoles.getAuthorization(userOrGroup);
+ systemRoles: for (String systemRole : auth.getRoles()) {
+ if (role.equals(systemRole))
+ continue systemRoles;
+ sysRoles.add(systemRole);
+ }
+// sysRoles.addAll(Arrays.asList(auth.getRoles()));
+ }
+ addAbstractSystemRoles(rawAuthorization, sysRoles);
+ Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
+ rawAuthorization.getRoles());
+ return authorization;
+ } finally {
+ if (userAdminToUse != null && userAdminToUse.isScoped()) {
+ userAdminToUse.destroy();
+ }