import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import javax.transaction.SystemException;
-import javax.transaction.Transaction;
-import javax.transaction.TransactionManager;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.argeo.naming.LdapAttrs;
-import org.argeo.naming.LdapObjs;
+import org.argeo.osgi.transaction.WorkControl;
import org.osgi.framework.Filter;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.InvalidSyntaxException;
static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
- private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
-
private final Hashtable<String, Object> properties;
private final LdapName baseDn, userBaseDn, groupBaseDn;
private final String userObjectClass, userBase, groupObjectClass, groupBase;
private final boolean readOnly;
- private final URI uri;
+ private final boolean disabled;
+ private final String uri;
private UserAdmin externalRoles;
// private List<String> indexedUserProperties = Arrays
// .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
// LdapAttrs.cn.name() });
+ private final boolean scoped;
+
private String memberAttributeId = "member";
private List<String> credentialAttributeIds = Arrays
.asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
- // JTA
- private TransactionManager transactionManager;
+ // Transaction
+// private TransactionManager transactionManager;
+ private WorkControl transactionControl;
private WcXaResource xaResource = new WcXaResource(this);
- public AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props) {
+ AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props, boolean scoped) {
+ this.scoped = scoped;
properties = new Hashtable<String, Object>();
for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
String key = keys.nextElement();
}
if (uriArg != null) {
- uri = uriArg;
+ uri = uriArg.toString();
// uri from properties is ignored
} else {
String uriStr = UserAdminConf.uri.getValue(properties);
if (uriStr == null)
uri = null;
else
- try {
- uri = new URI(uriStr);
- } catch (URISyntaxException e) {
- throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
- }
+ uri = uriStr;
}
userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
readOnly = readOnlyDefault(uri);
properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
} else
- readOnly = new Boolean(readOnlyStr);
+ readOnly = Boolean.parseBoolean(readOnlyStr);
+ String disabledStr = UserAdminConf.disabled.getValue(properties);
+ if (disabledStr != null)
+ disabled = Boolean.parseBoolean(disabledStr);
+ else
+ disabled = false;
}
/** Returns the groups this user is a direct member of. */
}
protected void checkEdit() {
- Transaction transaction;
- try {
- transaction = transactionManager.getTransaction();
- } catch (SystemException e) {
- throw new UserDirectoryException("Cannot get transaction", e);
- }
- if (transaction == null)
- throw new UserDirectoryException("A transaction needs to be active in order to edit");
+// Transaction transaction;
+// try {
+// transaction = transactionManager.getTransaction();
+// } catch (SystemException e) {
+// throw new UserDirectoryException("Cannot get transaction", e);
+// }
+// if (transaction == null)
+// throw new UserDirectoryException("A transaction needs to be active in order to edit");
if (xaResource.wc() == null) {
try {
- transaction.enlistResource(xaResource);
+// transaction.enlistResource(xaResource);
+ transactionControl.getWorkContext().registerXAResource(xaResource, null);
} catch (Exception e) {
throw new UserDirectoryException("Cannot enlist " + xaResource, e);
}
private void collectRoles(DirectoryUser user, List<Role> allRoles) {
Attributes attrs = user.getAttributes();
// TODO centralize attribute name
- Attribute memberOf = attrs.get("memberOf");
- if (memberOf != null) {
+ Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
+ // if user belongs to this directory, we only check meberOf
+ if (memberOf != null && user.getDn().startsWith(getBaseDn())) {
try {
NamingEnumeration<?> values = memberOf.getAll();
while (values.hasMore()) {
Object value = values.next();
LdapName groupDn = new LdapName(value.toString());
DirectoryUser group = doGetRole(groupDn);
- allRoles.add(group);
- if (log.isDebugEnabled())
- log.debug("Add memberOf " + groupDn);
+ if (group != null)
+ allRoles.add(group);
}
} catch (Exception e) {
throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
for (LdapName groupDn : getDirectGroups(user.getDn())) {
// TODO check for loops
DirectoryUser group = doGetRole(groupDn);
- allRoles.add(group);
- if (log.isDebugEnabled())
- log.debug("Add direct group " + groupDn);
- collectRoles(group, allRoles);
+ if (group != null) {
+ allRoles.add(group);
+ collectRoles(group, allRoles);
+ }
}
}
}
return user;
}
- @SuppressWarnings("unchecked")
@Override
public Role[] getRoles(String filter) throws InvalidSyntaxException {
UserDirectoryWorkingCopy wc = getWorkingCopy();
doGetUser(key, value, collectedUsers);
} else {
throw new UserDirectoryException("Key cannot be null");
- // // try dn
- // DirectoryUser user = null;
- // try {
- // user = (DirectoryUser) getRole(value);
- // if (user != null)
- // collectedUsers.add(user);
- // } catch (Exception e) {
- // // silent
- // }
- // // try all indexes
- // for (String attr : getIndexedUserProperties())
- // doGetUser(attr, value, collectedUsers);
}
- if (collectedUsers.size() == 1)
+
+ if (collectedUsers.size() == 1) {
return collectedUsers.get(0);
- else if (collectedUsers.size() > 1)
- log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value);
+ } else if (collectedUsers.size() > 1) {
+ // log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" :
+ // "") + value);
+ }
return null;
}
AbstractUserDirectory scopedUserAdmin = scope(user);
try {
DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+ if (directoryUser == null)
+ throw new UserDirectoryException("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
scopedUserAdmin.getAllRoles(directoryUser));
return authorization;
return credentialAttributeIds;
}
- protected URI getUri() {
+ protected String getUri() {
return uri;
}
- // protected List<String> getIndexedUserProperties() {
- // return indexedUserProperties;
- // }
- //
- // protected void setIndexedUserProperties(List<String>
- // indexedUserProperties) {
- // this.indexedUserProperties = indexedUserProperties;
- // }
-
- private static boolean readOnlyDefault(URI uri) {
- if (uri == null)
+ private static boolean readOnlyDefault(String uriStr) {
+ if (uriStr == null)
return true;
+ /// TODO make it more generic
+ URI uri;
+ try {
+ uri = new URI(uriStr.split(" ")[0]);
+ } catch (URISyntaxException e) {
+ throw new IllegalArgumentException(e);
+ }
if (uri.getScheme() == null)
return false;// assume relative file to be writable
- if (uri.getScheme().equals("file")) {
+ if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
File file = new File(uri);
if (file.exists())
return !file.canWrite();
else
return !file.getParentFile().canWrite();
+ } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) {
+ if (uri.getAuthority() != null)// assume writable if authenticated
+ return false;
+ } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) {
+ return true;
}
- return true;
+ return true;// read only by default
}
public boolean isReadOnly() {
return readOnly;
}
+ public boolean isDisabled() {
+ return disabled;
+ }
+
protected UserAdmin getExternalRoles() {
return externalRoles;
}
this.externalRoles = externalRoles;
}
- public void setTransactionManager(TransactionManager transactionManager) {
- this.transactionManager = transactionManager;
+// public void setTransactionManager(TransactionManager transactionManager) {
+// this.transactionManager = transactionManager;
+// }
+
+ public void setTransactionControl(WorkControl transactionControl) {
+ this.transactionControl = transactionControl;
}
public WcXaResource getXaResource() {
return xaResource;
}
+ public boolean isScoped() {
+ return scoped;
+ }
+
}