]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable OSGi configuration admin and LDIF-based deploy config.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsUserAdmin.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
index 7c4d807746ff481e7bcdd56f7058ecc5d3b8c86c..18a880e31470f2738bb5af79dd3e696c3fca5190 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
@@ -5,15 +5,17 @@ import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URL;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Dictionary;
 import java.util.Iterator;
+import java.util.List;
+import java.util.Optional;
 import java.util.Set;
 
-import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -31,18 +33,16 @@ import org.apache.commons.httpclient.params.HttpParams;
 import org.argeo.api.cms.CmsAuth;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
+import org.argeo.api.cms.CmsState;
 import org.argeo.cms.internal.http.client.HttpCredentialProvider;
 import org.argeo.cms.internal.http.client.SpnegoAuthScheme;
-import org.argeo.osgi.transaction.WorkControl;
-import org.argeo.osgi.transaction.WorkTransaction;
-import org.argeo.osgi.useradmin.AbstractUserDirectory;
 import org.argeo.osgi.useradmin.AggregatingUserAdmin;
-import org.argeo.osgi.useradmin.LdapUserAdmin;
-import org.argeo.osgi.useradmin.LdifUserAdmin;
-import org.argeo.osgi.useradmin.OsUserDirectory;
-import org.argeo.osgi.useradmin.UserAdminConf;
+import org.argeo.osgi.useradmin.DirectoryUserAdmin;
 import org.argeo.osgi.useradmin.UserDirectory;
-import org.argeo.util.naming.DnsBrowser;
+import org.argeo.util.directory.DirectoryConf;
+import org.argeo.util.naming.dns.DnsBrowser;
+import org.argeo.util.transaction.WorkControl;
+import org.argeo.util.transaction.WorkTransaction;
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
@@ -56,7 +56,7 @@ import org.osgi.service.useradmin.Role;
  * Aggregates multiple {@link UserDirectory} and integrates them with system
  * roles.
  */
-public class CmsUserAdmin extends AggregatingUserAdmin  {
+public class CmsUserAdmin extends AggregatingUserAdmin {
        private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class);
 
        // GSS API
@@ -68,23 +68,36 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
        private WorkControl transactionManager;
        private WorkTransaction userTransaction;
 
+       private CmsState cmsState;
+
        public CmsUserAdmin() {
                super(CmsConstants.ROLES_BASEDN, CmsConstants.TOKENS_BASEDN);
        }
 
        public void start() {
+               super.start();
+               List<Dictionary<String, Object>> configs = InitUtils.getUserDirectoryConfigs();
+               for (Dictionary<String, Object> config : configs) {
+                       UserDirectory userDirectory = enableUserDirectory(config);
+                       if (userDirectory.getRealm().isPresent())
+                               loadIpaJaasConfiguration();
+               }
        }
 
        public void stop() {
+//             for (UserDirectory userDirectory : getUserDirectories()) {
+//                     removeUserDirectory(userDirectory);
+//             }
+               super.stop();
        }
-       
+
        public UserDirectory enableUserDirectory(Dictionary<String, ?> properties) {
-               String uri = (String) properties.get(UserAdminConf.uri.name());
-               Object realm = properties.get(UserAdminConf.realm.name());
+               String uri = (String) properties.get(DirectoryConf.uri.name());
+               Object realm = properties.get(DirectoryConf.realm.name());
                URI u;
                try {
                        if (uri == null) {
-                               String baseDn = (String) properties.get(UserAdminConf.baseDn.name());
+                               String baseDn = (String) properties.get(DirectoryConf.baseDn.name());
                                u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + baseDn + ".ldif");
                        } else if (realm != null) {
                                u = null;
@@ -96,32 +109,31 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                }
 
                // Create
-               AbstractUserDirectory userDirectory;
-               if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme())
-                               || UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) {
-                       userDirectory = new LdapUserAdmin(properties);
-               } else if (UserAdminConf.SCHEME_FILE.equals(u.getScheme())) {
-                       userDirectory = new LdifUserAdmin(u, properties);
-               } else if (UserAdminConf.SCHEME_OS.equals(u.getScheme())) {
-                       userDirectory = new OsUserDirectory(u, properties);
-                       singleUser = true;
-               } else {
-                       throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
-               }
-               LdapName baseDn = userDirectory.getBaseDn();
+               UserDirectory userDirectory = new DirectoryUserAdmin(u, properties);
+//             if (realm != null || DirectoryConf.SCHEME_LDAP.equals(u.getScheme())
+//                             || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
+//                     userDirectory = new LdapUserAdmin(properties);
+//             } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
+//                     userDirectory = new LdifUserAdmin(u, properties);
+//             } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
+//                     userDirectory = new OsUserDirectory(u, properties);
+//                     singleUser = true;
+//             } else {
+//                     throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
+//             }
+               String basePath = userDirectory.getContext();
 
                addUserDirectory(userDirectory);
-               if (isSystemRolesBaseDn(baseDn)) {
+               if (isSystemRolesBaseDn(basePath)) {
                        addStandardSystemRoles();
-               }       
+               }
                if (log.isDebugEnabled()) {
-                       log.debug("User directory " + userDirectory.getBaseDn() + (u != null ? " [" + u.getScheme() + "]" : "")
+                       log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "")
                                        + " enabled." + (realm != null ? " " + realm + " realm." : ""));
                }
                return userDirectory;
        }
 
-
        protected void addStandardSystemRoles() {
                // we assume UserTransaction is already available (TODO make it more robust)
                try {
@@ -145,7 +157,6 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                }
        }
 
-
        @Override
        protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
                if (rawAuthorization.getName() == null) {
@@ -155,13 +166,14 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                }
        }
 
-       protected void postAdd(AbstractUserDirectory userDirectory) {
+       @Override
+       protected void postAdd(UserDirectory userDirectory) {
                userDirectory.setTransactionControl(transactionManager);
 
-               Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
-               if (realm != null) {
+               Optional<String> realm = userDirectory.getRealm();
+               if (realm.isPresent()) {
                        if (Files.exists(nodeKeyTab)) {
-                               String servicePrincipal = getKerberosServicePrincipal(realm.toString());
+                               String servicePrincipal = getKerberosServicePrincipal(realm.get());
                                if (servicePrincipal != null) {
                                        CallbackHandler callbackHandler = new CallbackHandler() {
                                                @Override
@@ -195,9 +207,10 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                }
        }
 
-       protected void preDestroy(AbstractUserDirectory userDirectory) {
-               Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
-               if (realm != null) {
+       @Override
+       protected void preDestroy(UserDirectory userDirectory) {
+               Optional<String> realm = userDirectory.getRealm();
+               if (realm.isPresent()) {
                        if (acceptorCredentials != null) {
                                try {
                                        acceptorCredentials.dispose();
@@ -209,6 +222,15 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                }
        }
 
+       private void loadIpaJaasConfiguration() {
+               if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) {
+                       String jaasConfig = KernelConstants.JAAS_CONFIG_IPA;
+                       URL url = getClass().getClassLoader().getResource(jaasConfig);
+                       KernelUtils.setJaasConfiguration(url);
+                       log.debug("Set IPA JAAS configuration.");
+               }
+       }
+
        private String getKerberosServicePrincipal(String realm) {
                String hostname;
                try (DnsBrowser dnsBrowser = new DnsBrowser()) {
@@ -229,6 +251,13 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
        }
 
        private GSSCredential logInAsAcceptor(Subject subject, String servicePrincipal) {
+               // not static because class is not supported by Android
+               final Oid KERBEROS_OID;
+               try {
+                       KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
+               } catch (GSSException e) {
+                       throw new IllegalStateException("Cannot create Kerberos OID", e);
+               }
                // GSS
                Iterator<KerberosPrincipal> krb5It = subject.getPrincipals(KerberosPrincipal.class).iterator();
                if (!krb5It.hasNext())
@@ -284,16 +313,8 @@ public class CmsUserAdmin extends AggregatingUserAdmin  {
                this.userTransaction = userTransaction;
        }
 
-       /*
-        * STATIC
-        */
-
-       public final static Oid KERBEROS_OID;
-       static {
-               try {
-                       KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
-               } catch (GSSException e) {
-                       throw new IllegalStateException("Cannot create Kerberos OID", e);
-               }
+       public void setCmsState(CmsState cmsState) {
+               this.cmsState = cmsState;
        }
+
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi