Improve tokens management

[lgpl/argeo-commons.git] / org.argeo.enterprise / src / org / argeo / osgi / useradmin / LdifUserAdmin.java
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java

index 3e683b6116fbc2b435ff53e9871f3319d63f676f..e75c698221b9ee63b07e5f322d124f8bd4463a8a 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -10,6 +10,7 @@ import java.io.InputStream;
  import java.io.OutputStream;
  import java.net.URI;
  import java.util.ArrayList;
+import java.util.Collections;
  import java.util.Dictionary;
  import java.util.HashSet;
  import java.util.Hashtable;
@@ -18,6 +19,7 @@ import java.util.Set;
  import java.util.SortedMap;
  import java.util.TreeMap;
  
+import javax.naming.NameNotFoundException;
  import javax.naming.NamingEnumeration;
  import javax.naming.directory.Attributes;
  import javax.naming.ldap.LdapName;
@@ -49,17 +51,28 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                 super(uri, properties);
         }
  
-       @Deprecated
-       public LdifUserAdmin(InputStream in) {
-               super(null, new Hashtable<String, Object>());
-               load(in);
-       }
-
         @Override
         protected AbstractUserDirectory scope(User user) {
+               Dictionary<String, Object> credentials = user.getCredentials();
+               String username = (String) credentials.get(SHARED_STATE_USERNAME);
+               if (username == null)
+                       username = user.getName();
+               Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
+               byte[] pwd = (byte[]) pwdCred;
+               if (pwd != null) {
+                       char[] password = DigestUtils.bytesToChars(pwd);
+                       User directoryUser = (User) getRole(username);
+                       if (!directoryUser.hasCredential(null, password))
+                               throw new UserDirectoryException("Invalid credentials");
+               } else {
+                       throw new UserDirectoryException("Password is required");
+               }
                 Dictionary<String, Object> properties = cloneProperties();
                 properties.put(UserAdminConf.readOnly.name(), "true");
-               return new LdifUserAdmin(properties);
+               LdifUserAdmin scopedUserAdmin = new LdifUserAdmin(properties);
+               scopedUserAdmin.groups = Collections.unmodifiableSortedMap(groups);
+               scopedUserAdmin.users = Collections.unmodifiableSortedMap(users);
+               return scopedUserAdmin;
         }
  
         private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
@@ -148,25 +161,24 @@ public class LdifUserAdmin extends AbstractUserDirectory {
         public void destroy() {
                 if (users == null || groups == null)
                         throw new UserDirectoryException("User directory " + getBaseDn() + " is already destroyed");
-               users.clear();
                 users = null;
-               groups.clear();
                 groups = null;
         }
  
-       protected DirectoryUser daoGetRole(LdapName key) {
+       @Override
+       protected DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException {
                 if (groups.containsKey(key))
                         return groups.get(key);
                 if (users.containsKey(key))
                         return users.get(key);
-               return null;
+               throw new NameNotFoundException(key + " not persisted");
         }
  
+       @Override
         protected Boolean daoHasRole(LdapName dn) {
                 return users.containsKey(dn) || groups.containsKey(dn);
         }
  
-       @SuppressWarnings("unchecked")
         protected List<DirectoryUser> doGetRoles(Filter f) {
                 ArrayList<DirectoryUser> res = new ArrayList<DirectoryUser>();
                 if (f == null) {
@@ -174,13 +186,6 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                         res.addAll(groups.values());
                 } else {
                         for (DirectoryUser user : users.values()) {
-                               // System.out.println("\n" + user.getName());
-                               // Dictionary<String, Object> props = user.getProperties();
-                               // for (Enumeration<String> keys = props.keys(); keys
-                               // .hasMoreElements();) {
-                               // String key = keys.nextElement();
-                               // System.out.println(" " + key + "=" + props.get(key));
-                               // }
                                 if (f.match(user.getProperties()))
                                         res.add(user);
                         }