/** Base class for a {@link UserDirectory}. */
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
+ static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
+ static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
+
private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
private final Hashtable<String, Object> properties;
- private final LdapName baseDn;
+ private final LdapName baseDn, userBaseDn, groupBaseDn;
private final String userObjectClass, userBase, groupObjectClass, groupBase;
private final boolean readOnly;
throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
}
+ userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
+ userBase = UserAdminConf.userBase.getValue(properties);
+ groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
+ groupBase = UserAdminConf.groupBase.getValue(properties);
try {
baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
+ userBaseDn = new LdapName(userBase + "," + baseDn);
+ groupBaseDn = new LdapName(groupBase + "," + baseDn);
} catch (InvalidNameException e) {
throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
}
properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
} else
readOnly = new Boolean(readOnlyStr);
-
- userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
- userBase = UserAdminConf.userBase.getValue(properties);
- groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
- groupBase = UserAdminConf.groupBase.getValue(properties);
}
/** Returns the groups this user is a direct member of. */
protected abstract List<DirectoryUser> doGetRoles(Filter f);
+ protected abstract AbstractUserDirectory scope(User user);
+
public void init() {
}
@Override
public Authorization getAuthorization(User user) {
- return new LdifAuthorization((DirectoryUser) user, getAllRoles((DirectoryUser) user));
+ if (user == null || user instanceof DirectoryUser) {
+ return new LdifAuthorization(user, getAllRoles((DirectoryUser) user));
+ } else {
+ // bind
+ AbstractUserDirectory scopedUserAdmin = scope(user);
+ DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+ LdifAuthorization authorization = new LdifAuthorization(directoryUser,
+ scopedUserAdmin.getAllRoles(directoryUser));
+ scopedUserAdmin.destroy();
+ return authorization;
+ }
}
@Override
return externalRoles;
}
- public LdapName getBaseDn() {
- // always clone so that the property is not modified by reference
- return (LdapName) baseDn.clone();
+ protected int roleType(LdapName dn) {
+ if (dn.startsWith(groupBaseDn))
+ return Role.GROUP;
+ else if (dn.startsWith(userBaseDn))
+ return Role.USER;
+ else
+ return Role.GROUP;
}
/** dn can be null, in that case a default should be returned. */
return groupBase;
}
+ public LdapName getBaseDn() {
+ return (LdapName) baseDn.clone();
+ }
+
public Dictionary<String, Object> getProperties() {
return properties;
}
+ public Dictionary<String, Object> cloneProperties() {
+ return new Hashtable<>(properties);
+ }
+
public void setExternalRoles(UserAdmin externalRoles) {
this.externalRoles = externalRoles;
}