+ public LdifUserAdmin(URI uri, Dictionary<String, ?> properties) {
+ super(uri, properties);
+ }
+
+ @Override
+ protected AbstractUserDirectory scope(User user) {
+ Dictionary<String, Object> credentials = user.getCredentials();
+ String username = (String) credentials.get(SHARED_STATE_USERNAME);
+ if (username == null)
+ username = user.getName();
+ Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
+ byte[] pwd = (byte[]) pwdCred;
+ if (pwd != null) {
+ char[] password = DigestUtils.bytesToChars(pwd);
+ User directoryUser = (User) getRole(username);
+ if (!directoryUser.hasCredential(null, password))
+ throw new UserDirectoryException("Invalid credentials");
+ } else {
+ throw new UserDirectoryException("Password is required");
+ }
+ Dictionary<String, Object> properties = cloneProperties();
+ properties.put(UserAdminConf.readOnly.name(), "true");
+ LdifUserAdmin scopedUserAdmin = new LdifUserAdmin(properties);
+ scopedUserAdmin.groups = Collections.unmodifiableSortedMap(groups);
+ scopedUserAdmin.users = Collections.unmodifiableSortedMap(users);
+ return scopedUserAdmin;