Make aggregation authorization more robust.

[lgpl/argeo-commons.git] / org.argeo.enterprise / src / org / argeo / osgi / useradmin / AggregatingUserAdmin.java

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 75ca9ae884605a81ac07a219455030e5f5990172..f3e51804a78e12760f0ee3720f5ad76aa3e2a0e3 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -2,10 +2,8 @@ package org.argeo.osgi.useradmin;
 
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Dictionary;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -112,7 +110,12 @@ public class AggregatingUserAdmin implements UserAdmin {
                Set<String> sysRoles = new HashSet<String>();
                for (String role : rawAuthorization.getRoles()) {
                        Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
-                       sysRoles.addAll(Arrays.asList(auth.getRoles()));
+                       systemRoles:for(String systemRole:auth.getRoles()) {
+                               if(role.equals(systemRole))
+                                       continue systemRoles;
+                               sysRoles.add(systemRole);
+                       }
+//                     sysRoles.addAll(Arrays.asList(auth.getRoles()));
                }
                addAbstractSystemRoles(rawAuthorization, sysRoles);
                Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
@@ -168,11 +171,21 @@ public class AggregatingUserAdmin implements UserAdmin {
                        return tokens;
                List<UserAdmin> res = new ArrayList<UserAdmin>(1);
                for (LdapName baseDn : businessRoles.keySet()) {
+                       AbstractUserDirectory ud = businessRoles.get(baseDn);
                        if (name.startsWith(baseDn)) {
-                               AbstractUserDirectory ud = businessRoles.get(baseDn);
                                if (!ud.isDisabled())
                                        res.add(ud);
                        }
+//                     Object principal = ud.getProperties().get(Context.SECURITY_PRINCIPAL);
+//                     if (principal != null) {
+//                             try {
+//                                     LdapName principalLdapName = new LdapName(principal.toString());
+//                                     if (principalLdapName.equals(name))
+//                                             res.add(ud);
+//                             } catch (InvalidNameException e) {
+//                                     // silent
+//                             }
+//                     }
                }
                if (res.size() == 0)
                        throw new UserDirectoryException("Cannot find user admin for " + name);
@@ -189,16 +202,16 @@ public class AggregatingUserAdmin implements UserAdmin {
                return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
        }
 
-       protected Dictionary<String, Object> currentState() {
-               Dictionary<String, Object> res = new Hashtable<String, Object>();
-               // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
-               for (LdapName name : businessRoles.keySet()) {
-                       AbstractUserDirectory userDirectory = businessRoles.get(name);
-                       String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
-                       res.put(uri, "");
-               }
-               return res;
-       }
+//     protected Dictionary<String, Object> currentState() {
+//             Dictionary<String, Object> res = new Hashtable<String, Object>();
+//             // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
+//             for (LdapName name : businessRoles.keySet()) {
+//                     AbstractUserDirectory userDirectory = businessRoles.get(name);
+//                     String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
+//                     res.put(uri, "");
+//             }
+//             return res;
+//     }
 
        public void destroy() {
                for (LdapName name : businessRoles.keySet()) {