import java.util.List;
import javax.naming.InvalidNameException;
+import javax.naming.NamingEnumeration;
+import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
private final Hashtable<String, Object> properties;
- private final LdapName baseDn;
+ private final LdapName baseDn, userBaseDn, groupBaseDn;
private final String userObjectClass, userBase, groupObjectClass, groupBase;
private final boolean readOnly;
private final URI uri;
private UserAdmin externalRoles;
- private List<String> indexedUserProperties = Arrays
- .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() });
+ // private List<String> indexedUserProperties = Arrays
+ // .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
+ // LdapAttrs.cn.name() });
private String memberAttributeId = "member";
- private List<String> credentialAttributeIds = Arrays.asList(new String[] { LdapAttrs.userPassword.name() });
+ private List<String> credentialAttributeIds = Arrays
+ .asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
// JTA
private TransactionManager transactionManager;
private WcXaResource xaResource = new WcXaResource(this);
- public AbstractUserDirectory(Dictionary<String, ?> props) {
+ public AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props) {
properties = new Hashtable<String, Object>();
for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
String key = keys.nextElement();
properties.put(key, props.get(key));
}
- String uriStr = UserAdminConf.uri.getValue(properties);
- if (uriStr == null)
- uri = null;
- else
- try {
- uri = new URI(uriStr);
- } catch (URISyntaxException e) {
- throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
- }
+ if (uriArg != null) {
+ uri = uriArg;
+ // uri from properties is ignored
+ } else {
+ String uriStr = UserAdminConf.uri.getValue(properties);
+ if (uriStr == null)
+ uri = null;
+ else
+ try {
+ uri = new URI(uriStr);
+ } catch (URISyntaxException e) {
+ throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
+ }
+ }
+ userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
+ userBase = UserAdminConf.userBase.getValue(properties);
+ groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
+ groupBase = UserAdminConf.groupBase.getValue(properties);
try {
baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
+ userBaseDn = new LdapName(userBase + "," + baseDn);
+ groupBaseDn = new LdapName(groupBase + "," + baseDn);
} catch (InvalidNameException e) {
throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
}
properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
} else
readOnly = new Boolean(readOnlyStr);
-
- userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
- userBase = UserAdminConf.userBase.getValue(properties);
- groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
- groupBase = UserAdminConf.groupBase.getValue(properties);
}
/** Returns the groups this user is a direct member of. */
}
private void collectRoles(DirectoryUser user, List<Role> allRoles) {
- for (LdapName groupDn : getDirectGroups(user.getDn())) {
- // TODO check for loops
- DirectoryUser group = doGetRole(groupDn);
- allRoles.add(group);
- collectRoles(group, allRoles);
+ Attributes attrs = user.getAttributes();
+ // TODO centralize attribute name
+ Attribute memberOf = attrs.get("memberOf");
+ if (memberOf != null) {
+ try {
+ NamingEnumeration<?> values = memberOf.getAll();
+ while (values.hasMore()) {
+ Object value = values.next();
+ LdapName groupDn = new LdapName(value.toString());
+ DirectoryUser group = doGetRole(groupDn);
+ allRoles.add(group);
+ if (log.isDebugEnabled())
+ log.debug("Add memberOf " + groupDn);
+ }
+ } catch (Exception e) {
+ throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
+ }
+ } else {
+ for (LdapName groupDn : getDirectGroups(user.getDn())) {
+ // TODO check for loops
+ DirectoryUser group = doGetRole(groupDn);
+ allRoles.add(group);
+ if (log.isDebugEnabled())
+ log.debug("Add direct group " + groupDn);
+ collectRoles(group, allRoles);
+ }
}
}
@Override
public User getUser(String key, String value) {
// TODO check value null or empty
- List<DirectoryUser> collectedUsers = new ArrayList<DirectoryUser>(getIndexedUserProperties().size());
+ List<DirectoryUser> collectedUsers = new ArrayList<DirectoryUser>();
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
- // try dn
- DirectoryUser user = null;
- try {
- user = (DirectoryUser) getRole(value);
- if (user != null)
- collectedUsers.add(user);
- } catch (Exception e) {
- // silent
- }
- // try all indexes
- for (String attr : getIndexedUserProperties())
- doGetUser(attr, value, collectedUsers);
+ throw new UserDirectoryException("Key cannot be null");
+ // // try dn
+ // DirectoryUser user = null;
+ // try {
+ // user = (DirectoryUser) getRole(value);
+ // if (user != null)
+ // collectedUsers.add(user);
+ // } catch (Exception e) {
+ // // silent
+ // }
+ // // try all indexes
+ // for (String attr : getIndexedUserProperties())
+ // doGetUser(attr, value, collectedUsers);
}
if (collectedUsers.size() == 1)
return collectedUsers.get(0);
} else {
// bind
AbstractUserDirectory scopedUserAdmin = scope(user);
- DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
- LdifAuthorization authorization = new LdifAuthorization(directoryUser,
- scopedUserAdmin.getAllRoles(directoryUser));
- scopedUserAdmin.destroy();
- return authorization;
+ try {
+ DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+ LdifAuthorization authorization = new LdifAuthorization(directoryUser,
+ scopedUserAdmin.getAllRoles(directoryUser));
+ return authorization;
+ } finally {
+ scopedUserAdmin.destroy();
+ }
}
}
return uri;
}
- protected List<String> getIndexedUserProperties() {
- return indexedUserProperties;
- }
-
- protected void setIndexedUserProperties(List<String> indexedUserProperties) {
- this.indexedUserProperties = indexedUserProperties;
- }
+ // protected List<String> getIndexedUserProperties() {
+ // return indexedUserProperties;
+ // }
+ //
+ // protected void setIndexedUserProperties(List<String>
+ // indexedUserProperties) {
+ // this.indexedUserProperties = indexedUserProperties;
+ // }
private static boolean readOnlyDefault(URI uri) {
if (uri == null)
return true;
+ if (uri.getScheme() == null)
+ return false;// assume relative file to be writable
if (uri.getScheme().equals("file")) {
File file = new File(uri);
if (file.exists())
return externalRoles;
}
- public LdapName getBaseDn() {
- // always clone so that the property is not modified by reference
- return (LdapName) baseDn.clone();
+ protected int roleType(LdapName dn) {
+ if (dn.startsWith(groupBaseDn))
+ return Role.GROUP;
+ else if (dn.startsWith(userBaseDn))
+ return Role.USER;
+ else
+ return Role.GROUP;
}
/** dn can be null, in that case a default should be returned. */
return groupBase;
}
+ public LdapName getBaseDn() {
+ return (LdapName) baseDn.clone();
+ }
+
public Dictionary<String, Object> getProperties() {
return properties;
}