Introduce CMS Message Dialog and improve l10n

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / NodeUserAdmin.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java

index 8410b3958aef378d49a34dbd260b43f83696a128..dc9d33a3b5fa9bcb7751fb269c288786ba003b7e 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java
@@ -14,6 +14,7 @@ import java.util.HashMap;
  import java.util.Hashtable;
  import java.util.Iterator;
  import java.util.Map;
+import java.util.Set;
  
  import javax.naming.ldap.LdapName;
  import javax.security.auth.Subject;
@@ -28,14 +29,12 @@ import javax.transaction.TransactionManager;
  
  import org.apache.commons.httpclient.auth.AuthPolicy;
  import org.apache.commons.httpclient.auth.CredentialsProvider;
-import org.apache.commons.httpclient.cookie.CookiePolicy;
  import org.apache.commons.httpclient.params.DefaultHttpParams;
  import org.apache.commons.httpclient.params.HttpMethodParams;
  import org.apache.commons.httpclient.params.HttpParams;
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
  import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.http.NodeHttp;
  import org.argeo.cms.internal.http.client.HttpCredentialProvider;
  import org.argeo.cms.internal.http.client.SpnegoAuthScheme;
  import org.argeo.naming.DnsBrowser;
@@ -44,6 +43,7 @@ import org.argeo.osgi.useradmin.AbstractUserDirectory;
  import org.argeo.osgi.useradmin.AggregatingUserAdmin;
  import org.argeo.osgi.useradmin.LdapUserAdmin;
  import org.argeo.osgi.useradmin.LdifUserAdmin;
+import org.argeo.osgi.useradmin.OsUserDirectory;
  import org.argeo.osgi.useradmin.UserAdminConf;
  import org.argeo.osgi.useradmin.UserDirectory;
  import org.ietf.jgss.GSSCredential;
@@ -57,6 +57,7 @@ import org.osgi.framework.FrameworkUtil;
  import org.osgi.framework.ServiceRegistration;
  import org.osgi.service.cm.ConfigurationException;
  import org.osgi.service.cm.ManagedServiceFactory;
+import org.osgi.service.useradmin.Authorization;
  import org.osgi.service.useradmin.UserAdmin;
  import org.osgi.util.tracker.ServiceTracker;
  
@@ -84,6 +85,8 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
         private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH);
         private GSSCredential acceptorCredentials;
  
+       private boolean singleUser = false;
+
         public NodeUserAdmin(String systemRolesBaseDn) {
                 super(systemRolesBaseDn);
                 tmTracker = new ServiceTracker<>(bc, TransactionManager.class, null);
@@ -105,8 +108,17 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
                 }
  
                 // Create
-               AbstractUserDirectory userDirectory = u.getScheme().equals("ldap") ? new LdapUserAdmin(properties)
-                               : new LdifUserAdmin(u, properties);
+               AbstractUserDirectory userDirectory;
+               if (UserAdminConf.SCHEME_LDAP.equals(u.getScheme())) {
+                       userDirectory = new LdapUserAdmin(properties);
+               } else if (UserAdminConf.SCHEME_FILE.equals(u.getScheme())) {
+                       userDirectory = new LdifUserAdmin(u, properties);
+               } else if (UserAdminConf.SCHEME_OS.equals(u.getScheme())) {
+                       userDirectory = new OsUserDirectory(u, properties);
+                       singleUser = true;
+               } else {
+                       throw new CmsException("Unsupported scheme " + u.getScheme());
+               }
                 Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
                 addUserDirectory(userDirectory);
  
@@ -125,15 +137,15 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
                         log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled."
                                         + (realm != null ? " " + realm + " realm." : ""));
  
-               if (!isSystemRolesBaseDn(baseDn)) {
-                       if (userAdminReg != null)
-                               userAdminReg.unregister();
-                       // register self as main user admin
-                       Dictionary<String, Object> userAdminregProps = currentState();
-                       userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT);
-                       userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
-                       userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps);
-               }
+               // if (isSystemRolesBaseDn(baseDn)) {
+               if (userAdminReg != null)
+                       userAdminReg.unregister();
+               // register self as main user admin
+               Dictionary<String, Object> userAdminregProps = currentState();
+               userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT);
+               userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
+               userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps);
+               // }
         }
  
         @Override
@@ -150,6 +162,15 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
                 return "Node User Admin";
         }
  
+       @Override
+       protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
+               if (rawAuthorization.getName() == null) {
+                       sysRoles.add(NodeConstants.ROLE_ANONYMOUS);
+               } else {
+                       sysRoles.add(NodeConstants.ROLE_USER);
+               }
+       }
+
         protected void postAdd(AbstractUserDirectory userDirectory) {
                 // JTA
                 TransactionManager tm = tmTracker.getService();
@@ -191,7 +212,7 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
                         // schemes.add(AuthPolicy.BASIC);// incompatible with Basic
                         params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
                         params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider());
-                       params.setParameter(HttpMethodParams.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY);
+                       params.setParameter(HttpMethodParams.COOKIE_POLICY, KernelConstants.COOKIE_POLICY_BROWSER_COMPATIBILITY);
                         // params.setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
                 }
         }
@@ -272,6 +293,10 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor
                 return acceptorCredentials;
         }
  
+       public boolean isSingleUser() {
+               return singleUser;
+       }
+
         public final static Oid KERBEROS_OID;
         static {
                 try {