package org.argeo.cms.internal.auth;
-import static org.argeo.naming.LdapAttrs.cn;
-import static org.argeo.naming.LdapAttrs.description;
-import static org.argeo.naming.LdapAttrs.owner;
+import static org.argeo.util.naming.LdapAttrs.cn;
+import static org.argeo.util.naming.LdapAttrs.description;
+import static org.argeo.util.naming.LdapAttrs.owner;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
+import java.util.NavigableMap;
import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
import java.util.UUID;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
-import javax.transaction.Status;
-import javax.transaction.UserTransaction;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.api.NodeConstants;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsLog;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.auth.UserAdminUtils;
-import org.argeo.naming.LdapAttrs;
-import org.argeo.naming.NamingUtils;
-import org.argeo.naming.SharedSecret;
import org.argeo.osgi.useradmin.TokenUtils;
-import org.argeo.osgi.useradmin.UserAdminConf;
import org.argeo.osgi.useradmin.UserDirectory;
+import org.argeo.util.directory.DirectoryConf;
+import org.argeo.util.directory.ldap.SharedSecret;
+import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.NamingUtils;
+import org.argeo.util.transaction.WorkTransaction;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Group;
* </ul>
*/
public class CmsUserManagerImpl implements CmsUserManager {
- private final static Log log = LogFactory.getLog(CmsUserManagerImpl.class);
+ private final static CmsLog log = CmsLog.getLog(CmsUserManagerImpl.class);
private UserAdmin userAdmin;
// private Map<String, String> serviceProperties;
- private UserTransaction userTransaction;
+ private WorkTransaction userTransaction;
- private Map<UserDirectory, Hashtable<String, String>> userDirectories = Collections
+ private Map<UserDirectory, Hashtable<String, Object>> userDirectories = Collections
.synchronizedMap(new LinkedHashMap<>());
@Override
List<User> users = new ArrayList<User>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
- && (includeSystemRoles || !role.getName().toLowerCase().endsWith(NodeConstants.ROLES_BASEDN))) {
+ && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.ROLES_BASEDN))) {
if (match(role, filter))
users.add((User) role);
}
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
- String baseDn = userDirectory.getBaseDn().toString();
+ String baseDn = userDirectory.getContext();
if (onlyWritable && readOnly)
continue;
- if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.ROLES_BASEDN))
continue;
- if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN))
+ if (baseDn.equalsIgnoreCase(CmsConstants.TOKENS_BASEDN))
continue;
- dns.put(baseDn, UserAdminConf.propertiesAsUri(userDirectories.get(userDirectory)).toString());
+ dns.put(baseDn, DirectoryConf.propertiesAsUri(userDirectories.get(userDirectory)).toString());
}
return dns;
}
+ public Set<UserDirectory> getUserDirectories() {
+ TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
+ res.addAll(userDirectories.keySet());
+ return res;
+ }
+
public String buildDistinguishedName(String localId, String baseDn, int type) {
Map<String, String> dns = getKnownBaseDns(true);
- Dictionary<String, ?> props = UserAdminConf.uriAsProperties(dns.get(baseDn));
+ Dictionary<String, ?> props = DirectoryConf.uriAsProperties(dns.get(baseDn));
String dn = null;
if (Role.GROUP == type)
- dn = LdapAttrs.cn.name() + "=" + localId + "," + UserAdminConf.groupBase.getValue(props) + "," + baseDn;
+ dn = LdapAttrs.cn.name() + "=" + localId + "," + DirectoryConf.groupBase.getValue(props) + "," + baseDn;
else if (Role.USER == type)
- dn = LdapAttrs.uid.name() + "=" + localId + "," + UserAdminConf.userBase.getValue(props) + "," + baseDn;
+ dn = LdapAttrs.uid.name() + "=" + localId + "," + DirectoryConf.userBase.getValue(props) + "," + baseDn;
else
throw new IllegalStateException("Unknown role type. " + "Cannot deduce dn for " + localId);
return dn;
return tokenStr;
} catch (Exception e1) {
try {
- if (userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
+ if (!userTransaction.isNoTransactionStatus())
userTransaction.rollback();
} catch (Exception e2) {
if (log.isTraceEnabled())
public void expireAuthToken(String token) {
try {
userTransaction.begin();
- String dn = cn + "=" + token + "," + NodeConstants.TOKENS_BASEDN;
+ String dn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
Group tokenGroup = (Group) userAdmin.getRole(dn);
String ldapDate = NamingUtils.instantToLdapDate(ZonedDateTime.now(ZoneOffset.UTC));
tokenGroup.getProperties().put(description.name(), ldapDate);
log.debug("Token " + token + " expired.");
} catch (Exception e1) {
try {
- if (userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
+ if (!userTransaction.isNoTransactionStatus())
userTransaction.rollback();
} catch (Exception e2) {
if (log.isTraceEnabled())
@Override
public void expireAuthTokens(Subject subject) {
- Set<String> tokens = TokenUtils.tokensUsed(subject, NodeConstants.TOKENS_BASEDN);
+ Set<String> tokens = TokenUtils.tokensUsed(subject, CmsConstants.TOKENS_BASEDN);
for (String token : tokens)
expireAuthToken(token);
}
try {
userTransaction.begin();
User user = (User) userAdmin.getRole(userDn);
- String tokenDn = cn + "=" + token + "," + NodeConstants.TOKENS_BASEDN;
+ String tokenDn = cn + "=" + token + "," + CmsConstants.TOKENS_BASEDN;
Group tokenGroup = (Group) userAdmin.createRole(tokenDn, Role.GROUP);
if (roles != null)
for (String role : roles) {
if (r != null)
tokenGroup.addMember(r);
else {
- if (!role.equals(NodeConstants.ROLE_USER)) {
+ if (!role.equals(CmsConstants.ROLE_USER)) {
throw new IllegalStateException(
"Cannot add role " + role + " to token " + token + " for " + userDn);
}
userTransaction.commit();
} catch (Exception e1) {
try {
- if (userTransaction.getStatus() != Status.STATUS_NO_TRANSACTION)
+ if (!userTransaction.isNoTransactionStatus())
userTransaction.rollback();
} catch (Exception e2) {
if (log.isTraceEnabled())
}
}
+ @Override
+ public UserDirectory getDirectory(Role user) {
+ String name = user.getName();
+ NavigableMap<String, UserDirectory> possible = new TreeMap<>();
+ for (UserDirectory userDirectory : userDirectories.keySet()) {
+ if (name.endsWith(userDirectory.getContext())) {
+ possible.put(userDirectory.getContext(), userDirectory);
+ }
+ }
+ if (possible.size() == 0)
+ throw new IllegalStateException("No user directory found for user " + name);
+ return possible.lastEntry().getValue();
+ }
+
// public User createUserFromPerson(Node person) {
// String email = JcrUtils.get(person, LdapAttrs.mail.property());
// String dn = buildDefaultDN(email, Role.USER);
return userAdmin;
}
- public UserTransaction getUserTransaction() {
- return userTransaction;
- }
+// public UserTransaction getUserTransaction() {
+// return userTransaction;
+// }
/* DEPENDENCY INJECTION */
public void setUserAdmin(UserAdmin userAdmin) {
// this.serviceProperties = serviceProperties;
}
- public void setUserTransaction(UserTransaction userTransaction) {
+ public void setUserTransaction(WorkTransaction userTransaction) {
this.userTransaction = userTransaction;
}
-
- public void addUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+
+ public void addUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
userDirectories.put(userDirectory, new Hashtable<>(properties));
}
- public void removeUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+ public void removeUserDirectory(UserDirectory userDirectory, Map<String, Object> properties) {
userDirectories.remove(userDirectory);
}
projects / lgpl / argeo-commons.git / blobdiff