import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
+import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;
*/
public class AggregatingUserAdmin implements UserAdmin {
private final LdapName systemRolesBaseDn;
+ private final LdapName tokensBaseDn;
// DAOs
private AbstractUserDirectory systemRoles = null;
+ private AbstractUserDirectory tokens = null;
private Map<LdapName, AbstractUserDirectory> businessRoles = new HashMap<LdapName, AbstractUserDirectory>();
- public AggregatingUserAdmin(String systemRolesBaseDn) {
+ public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) {
try {
this.systemRolesBaseDn = new LdapName(systemRolesBaseDn);
+ if (tokensBaseDn != null)
+ this.tokensBaseDn = new LdapName(tokensBaseDn);
+ else
+ this.tokensBaseDn = null;
} catch (InvalidNameException e) {
throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e);
}
}
UserAdmin userAdmin = findUserAdmin(user.getName());
Authorization rawAuthorization = userAdmin.getAuthorization(user);
+ String usernameToUse;
+ String displayNameToUse;
+ if (user instanceof Group) {
+ String ownerDn = TokenUtils.userDn((Group) user);
+ if (ownerDn != null) {// tokens
+ UserAdmin ownerUserAdmin = findUserAdmin(ownerDn);
+ User ownerUser = (User) ownerUserAdmin.getRole(ownerDn);
+ usernameToUse = ownerDn;
+ displayNameToUse = LdifAuthorization.extractDisplayName(ownerUser);
+ } else {
+ usernameToUse = rawAuthorization.getName();
+ displayNameToUse = rawAuthorization.toString();
+ }
+ } else {// regular users
+ usernameToUse = rawAuthorization.getName();
+ displayNameToUse = rawAuthorization.toString();
+ }
// gather system roles
Set<String> sysRoles = new HashSet<String>();
for (String role : rawAuthorization.getRoles()) {
Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
sysRoles.addAll(Arrays.asList(auth.getRoles()));
}
- Authorization authorization = new AggregatingAuthorization(rawAuthorization.getName(),
- rawAuthorization.toString(), sysRoles, rawAuthorization.getRoles());
+ addAbstractSystemRoles(rawAuthorization, sysRoles);
+ Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
+ rawAuthorization.getRoles());
return authorization;
}
+ /**
+ * Enrich with application-specific roles which are strictly programmatic, such
+ * as anonymous/user semantics.
+ */
+ protected void addAbstractSystemRoles(Authorization rawAuthorization, Set<String> sysRoles) {
+
+ }
+
//
// USER ADMIN AGGREGATOR
//
if (isSystemRolesBaseDn(baseDn)) {
this.systemRoles = userDirectory;
systemRoles.setExternalRoles(this);
+ } else if (isTokensBaseDn(baseDn)) {
+ this.tokens = userDirectory;
+ tokens.setExternalRoles(this);
} else {
if (businessRoles.containsKey(baseDn))
throw new UserDirectoryException("There is already a user admin for " + baseDn);
private UserAdmin findUserAdmin(String name) {
try {
- return findUserAdmin(new LdapName(name));
+ UserAdmin userAdmin = findUserAdmin(new LdapName(name));
+ return userAdmin;
} catch (InvalidNameException e) {
throw new UserDirectoryException("Badly formatted name " + name, e);
}
private UserAdmin findUserAdmin(LdapName name) {
if (name.startsWith(systemRolesBaseDn))
return systemRoles;
+ if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
+ return tokens;
List<UserAdmin> res = new ArrayList<UserAdmin>(1);
for (LdapName baseDn : businessRoles.keySet()) {
- if (name.startsWith(baseDn))
- res.add(businessRoles.get(baseDn));
+ if (name.startsWith(baseDn)) {
+ AbstractUserDirectory ud = businessRoles.get(baseDn);
+ if (!ud.isDisabled())
+ res.add(ud);
+ }
}
if (res.size() == 0)
throw new UserDirectoryException("Cannot find user admin for " + name);
return baseDn.equals(systemRolesBaseDn);
}
+ protected boolean isTokensBaseDn(LdapName baseDn) {
+ return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
+ }
+
protected Dictionary<String, Object> currentState() {
Dictionary<String, Object> res = new Hashtable<String, Object>();
// res.put(NodeConstants.CN, NodeConstants.DEFAULT);
}
/**
- * Called before each user directory is destroyed, so that additional
- * actions can be performed.
+ * Called before each user directory is destroyed, so that additional actions
+ * can be performed.
*/
protected void preDestroy(AbstractUserDirectory userDirectory) {
}
projects / lgpl / argeo-commons.git / blobdiff