]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
LDIF user admin persistence based on transactions.
[lgpl/argeo-commons.git] / org.argeo.security.core / src / org / argeo / osgi / useradmin / LdapUserAdmin.java
diff --git a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
index 0173addbba8cc3f0b24d7a38630979552ec7070d..9bb8fbc7d44eadc5f0facbc8bb16a210bae0c74d 100644 (file)
--- a/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
+++ b/org.argeo.security.core/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
@@ -1,7 +1,7 @@
 package org.argeo.osgi.useradmin;
 
+import java.net.URI;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Hashtable;
 import java.util.List;
 
@@ -22,25 +22,23 @@ import org.apache.commons.logging.LogFactory;
 import org.argeo.ArgeoException;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
+import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.Role;
 import org.osgi.service.useradmin.User;
-import org.osgi.service.useradmin.UserAdmin;
 
-public class LdapUserAdmin implements UserAdmin {
+public class LdapUserAdmin extends AbstractUserDirectory {
        private final static Log log = LogFactory.getLog(LdapUserAdmin.class);
 
-       private List<String> indexedUserProperties = Arrays.asList(new String[] {
-                       "uid", "mail", "cn" });
-
        private String baseDn = "dc=example,dc=com";
        private InitialLdapContext initialLdapContext = null;
 
        public LdapUserAdmin(String uri) {
                try {
+                       setUri(new URI(uri));
                        Hashtable<String, Object> connEnv = new Hashtable<String, Object>();
                        connEnv.put(Context.INITIAL_CONTEXT_FACTORY,
                                        "com.sun.jndi.ldap.LdapCtxFactory");
-                       connEnv.put(Context.PROVIDER_URL, "ldap://localhost:10389/");
+                       connEnv.put(Context.PROVIDER_URL, getUri().toString());
                        connEnv.put("java.naming.ldap.attributes.binary", "userPassword");
                        // connEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
                        // connEnv.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
@@ -61,7 +59,7 @@ public class LdapUserAdmin implements UserAdmin {
                        log.debug(initialLdapContext.getAttributes(
                                        "uid=root,ou=users,dc=example,dc=com").get("cn"));
                } catch (Exception e) {
-                       throw new ArgeoUserAdminException("Cannot connect to LDAP", e);
+                       throw new UserDirectoryException("Cannot connect to LDAP", e);
                }
        }
 
@@ -92,29 +90,60 @@ public class LdapUserAdmin implements UserAdmin {
                        Attributes attrs = initialLdapContext.getAttributes(name);
                        LdifUser res;
                        if (attrs.get("objectClass").contains("groupOfNames"))
-                               res = new LdifGroup(new LdapName(name), attrs);
+                               res = new LdifGroup(this, new LdapName(name), attrs);
                        else if (attrs.get("objectClass").contains("inetOrgPerson"))
-                               res = new LdifUser(new LdapName(name), attrs);
+                               res = new LdifUser(this, new LdapName(name), attrs);
                        else
-                               throw new ArgeoUserAdminException("Unsupported LDAP type for "
+                               throw new UserDirectoryException("Unsupported LDAP type for "
                                                + name);
                        return res;
                } catch (NamingException e) {
-                       throw new ArgeoUserAdminException("Cannot get role for " + name, e);
+                       throw new UserDirectoryException("Cannot get role for " + name, e);
                }
        }
 
        @Override
        public Role[] getRoles(String filter) throws InvalidSyntaxException {
-               // TODO Auto-generated method stub
-               return null;
+               try {
+                       String searchFilter = filter;
+                       if (searchFilter == null)
+                               searchFilter = "(|(objectClass=inetOrgPerson)(objectClass=groupOfNames))";
+                       SearchControls searchControls = new SearchControls();
+                       searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+                       String searchBase = baseDn;
+                       NamingEnumeration<SearchResult> results = initialLdapContext
+                                       .search(searchBase, searchFilter, searchControls);
+
+                       ArrayList<Role> res = new ArrayList<Role>();
+                       while (results.hasMoreElements()) {
+                               SearchResult searchResult = results.next();
+                               Attributes attrs = searchResult.getAttributes();
+                               LdifUser role;
+                               if (attrs.get("objectClass").contains("groupOfNames"))
+                                       role = new LdifGroup(this, toDn(searchBase, searchResult),
+                                                       attrs);
+                               else if (attrs.get("objectClass").contains("inetOrgPerson"))
+                                       role = new LdifUser(this, toDn(searchBase, searchResult),
+                                                       attrs);
+                               else
+                                       throw new UserDirectoryException(
+                                                       "Unsupported LDAP type for "
+                                                                       + searchResult.getName());
+                               res.add(role);
+                       }
+                       return res.toArray(new Role[res.size()]);
+               } catch (Exception e) {
+                       throw new UserDirectoryException("Cannot get roles for filter "
+                                       + filter, e);
+               }
        }
 
        @Override
        public User getUser(String key, String value) {
                if (key == null) {
                        List<User> users = new ArrayList<User>();
-                       for (String prop : indexedUserProperties) {
+                       for (String prop : getIndexedUserProperties()) {
                                User user = getUser(prop, value);
                                if (user != null)
                                        users.add(user);
@@ -144,10 +173,10 @@ public class LdapUserAdmin implements UserAdmin {
                        }
                        if (searchResult == null)
                                return null;
-                       return new LdifUser(toDn(searchBase, searchResult),
+                       return new LdifUser(this, toDn(searchBase, searchResult),
                                        searchResult.getAttributes());
                } catch (Exception e) {
-                       throw new ArgeoUserAdminException("Cannot get user with " + key
+                       throw new UserDirectoryException("Cannot get user with " + key
                                        + "=" + value, e);
                }
        }
@@ -155,8 +184,8 @@ public class LdapUserAdmin implements UserAdmin {
        @Override
        public Authorization getAuthorization(User user) {
                LdifUser u = (LdifUser) user;
-               populateDirectMemberOf(u);
-               return new LdifAuthorization(u);
+               // populateDirectMemberOf(u);
+               return new LdifAuthorization(u, getAllRoles(u));
        }
 
        private LdapName toDn(String baseDn, Binding binding)
@@ -165,8 +194,38 @@ public class LdapUserAdmin implements UserAdmin {
                                + baseDn : binding.getName());
        }
 
-       void populateDirectMemberOf(LdifUser user) {
+       // void populateDirectMemberOf(LdifUser user) {
+       //
+       // try {
+       // String searchFilter = "(&(objectClass=groupOfNames)(member="
+       // + user.getName() + "))";
+       //
+       // SearchControls searchControls = new SearchControls();
+       // searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+       //
+       // String searchBase = "ou=node";
+       // NamingEnumeration<SearchResult> results = initialLdapContext
+       // .search(searchBase, searchFilter, searchControls);
+       //
+       // // TODO synchro
+       // //user.directMemberOf.clear();
+       // while (results.hasMoreElements()) {
+       // SearchResult searchResult = (SearchResult) results
+       // .nextElement();
+       // LdifGroup group = new LdifGroup(toDn(searchBase, searchResult),
+       // searchResult.getAttributes());
+       // populateDirectMemberOf(group);
+       // //user.directMemberOf.add(group);
+       // }
+       // } catch (Exception e) {
+       // throw new ArgeoException("Cannot populate direct members of "
+       // + user, e);
+       // }
+       // }
 
+       @Override
+       protected List<? extends Group> getDirectGroups(User user) {
+               List<Group> directGroups = new ArrayList<Group>();
                try {
                        String searchFilter = "(&(objectClass=groupOfNames)(member="
                                        + user.getName() + "))";
@@ -174,24 +233,26 @@ public class LdapUserAdmin implements UserAdmin {
                        SearchControls searchControls = new SearchControls();
                        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
-                       String searchBase = "ou=node";
+                       String searchBase = getGroupsSearchBase();
                        NamingEnumeration<SearchResult> results = initialLdapContext
                                        .search(searchBase, searchFilter, searchControls);
 
-                       // TODO synchro
-                       user.directMemberOf.clear();
                        while (results.hasMoreElements()) {
                                SearchResult searchResult = (SearchResult) results
                                                .nextElement();
-                               LdifGroup group = new LdifGroup(toDn(searchBase, searchResult),
-                                               searchResult.getAttributes());
-                               populateDirectMemberOf(group);
-                               user.directMemberOf.add(group);
+                               LdifGroup group = new LdifGroup(this, toDn(searchBase,
+                                               searchResult), searchResult.getAttributes());
+                               directGroups.add(group);
                        }
+                       return directGroups;
                } catch (Exception e) {
                        throw new ArgeoException("Cannot populate direct members of "
                                        + user, e);
                }
        }
 
+       protected String getGroupsSearchBase() {
+               // TODO configure group search base
+               return baseDn;
+       }
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi