import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Iterator;
+import java.util.Optional;
import java.util.Set;
-import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.argeo.cms.internal.http.client.SpnegoAuthScheme;
import org.argeo.osgi.transaction.WorkControl;
import org.argeo.osgi.transaction.WorkTransaction;
-import org.argeo.osgi.useradmin.AbstractUserDirectory;
import org.argeo.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.osgi.useradmin.LdapUserAdmin;
import org.argeo.osgi.useradmin.LdifUserAdmin;
* Aggregates multiple {@link UserDirectory} and integrates them with system
* roles.
*/
-public class CmsUserAdmin extends AggregatingUserAdmin {
+public class CmsUserAdmin extends AggregatingUserAdmin {
private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class);
// GSS API
public void stop() {
}
-
+
public UserDirectory enableUserDirectory(Dictionary<String, ?> properties) {
String uri = (String) properties.get(UserAdminConf.uri.name());
Object realm = properties.get(UserAdminConf.realm.name());
}
// Create
- AbstractUserDirectory userDirectory;
+ UserDirectory userDirectory;
if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme())
|| UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) {
userDirectory = new LdapUserAdmin(properties);
} else {
throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
}
- LdapName baseDn = userDirectory.getBaseDn();
+ String basePath = userDirectory.getContext();
addUserDirectory(userDirectory);
- if (isSystemRolesBaseDn(baseDn)) {
+ if (isSystemRolesBaseDn(basePath)) {
addStandardSystemRoles();
- }
+ }
if (log.isDebugEnabled()) {
- log.debug("User directory " + userDirectory.getBaseDn() + (u != null ? " [" + u.getScheme() + "]" : "")
+ log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "")
+ " enabled." + (realm != null ? " " + realm + " realm." : ""));
}
return userDirectory;
}
-
protected void addStandardSystemRoles() {
// we assume UserTransaction is already available (TODO make it more robust)
try {
}
}
-
@Override
protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
if (rawAuthorization.getName() == null) {
}
}
- protected void postAdd(AbstractUserDirectory userDirectory) {
+ @Override
+ protected void postAdd(UserDirectory userDirectory) {
userDirectory.setTransactionControl(transactionManager);
- Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
- if (realm != null) {
+ Optional<String> realm = userDirectory.getRealm();
+ if (realm.isPresent()) {
if (Files.exists(nodeKeyTab)) {
- String servicePrincipal = getKerberosServicePrincipal(realm.toString());
+ String servicePrincipal = getKerberosServicePrincipal(realm.get());
if (servicePrincipal != null) {
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
}
}
- protected void preDestroy(AbstractUserDirectory userDirectory) {
- Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
- if (realm != null) {
+ @Override
+ protected void preDestroy(UserDirectory userDirectory) {
+ Optional<String> realm = userDirectory.getRealm();
+ if (realm.isPresent()) {
if (acceptorCredentials != null) {
try {
acceptorCredentials.dispose();
}
private GSSCredential logInAsAcceptor(Subject subject, String servicePrincipal) {
+ // not static because class is not supported by Android
+ final Oid KERBEROS_OID;
+ try {
+ KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
+ } catch (GSSException e) {
+ throw new IllegalStateException("Cannot create Kerberos OID", e);
+ }
// GSS
Iterator<KerberosPrincipal> krb5It = subject.getPrincipals(KerberosPrincipal.class).iterator();
if (!krb5It.hasNext())
* STATIC
*/
- public final static Oid KERBEROS_OID;
- static {
- try {
- KERBEROS_OID = new Oid("1.3.6.1.5.5.2");
- } catch (GSSException e) {
- throw new IllegalStateException("Cannot create Kerberos OID", e);
- }
- }
}