]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Introduce IPA support.
[lgpl/argeo-commons.git] / org.argeo.enterprise / src / org / argeo / osgi / useradmin / AbstractUserDirectory.java
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 3f5bf850d55a890093804df97993f27f1eb809e4..f76f49d51362aecaa390494c9743b2b244e037d9 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -1,10 +1,10 @@
 package org.argeo.osgi.useradmin;
 
-import static org.argeo.osgi.useradmin.LdifName.inetOrgPerson;
-import static org.argeo.osgi.useradmin.LdifName.objectClass;
-import static org.argeo.osgi.useradmin.LdifName.organizationalPerson;
-import static org.argeo.osgi.useradmin.LdifName.person;
-import static org.argeo.osgi.useradmin.LdifName.top;
+import static org.argeo.naming.LdapAttrs.objectClass;
+import static org.argeo.naming.LdapObjs.inetOrgPerson;
+import static org.argeo.naming.LdapObjs.organizationalPerson;
+import static org.argeo.naming.LdapObjs.person;
+import static org.argeo.naming.LdapObjs.top;
 
 import java.io.File;
 import java.net.URI;
@@ -29,6 +29,7 @@ import javax.transaction.TransactionManager;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -39,10 +40,13 @@ import org.osgi.service.useradmin.UserAdmin;
 
 /** Base class for a {@link UserDirectory}. */
 public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
+       static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
+       static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
+
        private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
 
        private final Hashtable<String, Object> properties;
-       private final LdapName baseDn;
+       private final LdapName baseDn, userBaseDn, groupBaseDn;
        private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
        private final boolean readOnly;
@@ -50,10 +54,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
        private UserAdmin externalRoles;
        private List<String> indexedUserProperties = Arrays
-                       .asList(new String[] { LdifName.uid.name(), LdifName.mail.name(), LdifName.cn.name() });
+                       .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() });
 
        private String memberAttributeId = "member";
-       private List<String> credentialAttributeIds = Arrays.asList(new String[] { LdifName.userPassword.name() });
+       private List<String> credentialAttributeIds = Arrays.asList(new String[] { LdapAttrs.userPassword.name() });
 
        // JTA
        private TransactionManager transactionManager;
@@ -76,8 +80,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                                throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
                        }
 
+               userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
+               userBase = UserAdminConf.userBase.getValue(properties);
+               groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
+               groupBase = UserAdminConf.groupBase.getValue(properties);
                try {
                        baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
+                       userBaseDn = new LdapName(userBase + "," + baseDn);
+                       groupBaseDn = new LdapName(groupBase + "," + baseDn);
                } catch (InvalidNameException e) {
                        throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
                }
@@ -87,11 +97,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                        properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
                } else
                        readOnly = new Boolean(readOnlyStr);
-
-               userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
-               userBase = UserAdminConf.userBase.getValue(properties);
-               groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
-               groupBase = UserAdminConf.groupBase.getValue(properties);
        }
 
        /** Returns the groups this user is a direct member of. */
@@ -103,6 +108,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
        protected abstract List<DirectoryUser> doGetRoles(Filter f);
 
+       protected abstract AbstractUserDirectory scope(User user);
+
        public void init() {
 
        }
@@ -244,7 +251,17 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
        @Override
        public Authorization getAuthorization(User user) {
-               return new LdifAuthorization((DirectoryUser) user, getAllRoles((DirectoryUser) user));
+               if (user == null || user instanceof DirectoryUser) {
+                       return new LdifAuthorization(user, getAllRoles((DirectoryUser) user));
+               } else {
+                       // bind
+                       AbstractUserDirectory scopedUserAdmin = scope(user);
+                       DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+                       LdifAuthorization authorization = new LdifAuthorization(directoryUser,
+                                       scopedUserAdmin.getAllRoles(directoryUser));
+                       scopedUserAdmin.destroy();
+                       return authorization;
+               }
        }
 
        @Override
@@ -381,9 +398,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                return externalRoles;
        }
 
-       public LdapName getBaseDn() {
-               // always clone so that the property is not modified by reference
-               return (LdapName) baseDn.clone();
+       protected int roleType(LdapName dn) {
+               if (dn.startsWith(groupBaseDn))
+                       return Role.GROUP;
+               else if (dn.startsWith(userBaseDn))
+                       return Role.USER;
+               else
+                       return Role.GROUP;
        }
 
        /** dn can be null, in that case a default should be returned. */
@@ -407,10 +428,18 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
                return groupBase;
        }
 
+       public LdapName getBaseDn() {
+               return (LdapName) baseDn.clone();
+       }
+
        public Dictionary<String, Object> getProperties() {
                return properties;
        }
 
+       public Dictionary<String, Object> cloneProperties() {
+               return new Hashtable<>(properties);
+       }
+
        public void setExternalRoles(UserAdmin externalRoles) {
                this.externalRoles = externalRoles;
        }
Argeo Commons - Lightweight integration framework in pure Java/OSGi