import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
+import java.util.Optional;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import org.osgi.service.useradmin.UserAdmin;
/** Base class for a {@link UserDirectory}. */
-public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
+abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
userBaseDn = new LdapName(userBase + "," + baseDn);
groupBaseDn = new LdapName(groupBase + "," + baseDn);
} catch (InvalidNameException e) {
- throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
+ throw new IllegalArgumentException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties),
+ e);
}
String readOnlyStr = UserAdminConf.readOnly.getValue(properties);
if (readOnlyStr == null) {
protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException;
- protected abstract List<DirectoryUser> doGetRoles(Filter f);
+ protected abstract List<DirectoryUser> doGetRoles(LdapName searchBase, Filter f, boolean deep);
protected abstract AbstractUserDirectory scope(User user);
}
+ @Override
+ public String getBasePath() {
+ return getBaseDn().toString();
+ }
+
+ @Override
+ public Optional<String> getRealm() {
+ Object realm = getProperties().get(UserAdminConf.realm.name());
+ if (realm == null)
+ return Optional.empty();
+ return Optional.of(realm.toString());
+ }
+
protected boolean isEditing() {
return xaResource.wc() != null;
}
}
protected void checkEdit() {
-// Transaction transaction;
-// try {
-// transaction = transactionManager.getTransaction();
-// } catch (SystemException e) {
-// throw new UserDirectoryException("Cannot get transaction", e);
-// }
-// if (transaction == null)
-// throw new UserDirectoryException("A transaction needs to be active in order to edit");
if (xaResource.wc() == null) {
try {
-// transaction.enlistResource(xaResource);
transactionControl.getWorkContext().registerXAResource(xaResource, null);
} catch (Exception e) {
- throw new UserDirectoryException("Cannot enlist " + xaResource, e);
+ throw new IllegalStateException("Cannot enlist " + xaResource, e);
}
} else {
}
if (group != null)
allRoles.add(group);
}
- } catch (Exception e) {
- throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
+ } catch (NamingException e) {
+ throw new IllegalStateException("Cannot get memberOf groups for " + user, e);
}
} else {
for (LdapName groupDn : getDirectGroups(user.getDn())) {
// USER ADMIN
@Override
public Role getRole(String name) {
- return doGetRole(toDn(name));
+ return doGetRole(toLdapName(name));
}
protected DirectoryUser doGetRole(LdapName dn) {
@Override
public Role[] getRoles(String filter) throws InvalidSyntaxException {
+// UserDirectoryWorkingCopy wc = getWorkingCopy();
+// Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
+// List<DirectoryUser> res = doGetRoles(getBaseDn(), f, true);
+// if (wc != null) {
+// for (Iterator<DirectoryUser> it = res.iterator(); it.hasNext();) {
+// DirectoryUser user = it.next();
+// LdapName dn = user.getDn();
+// if (wc.getDeletedUsers().containsKey(dn))
+// it.remove();
+// }
+// for (DirectoryUser user : wc.getNewUsers().values()) {
+// if (f == null || f.match(user.getProperties()))
+// res.add(user);
+// }
+// // no need to check modified users,
+// // since doGetRoles was already based on the modified attributes
+// }
+ List<? extends Role> res = getRoles(getBaseDn(), filter, true);
+ return res.toArray(new Role[res.size()]);
+ }
+
+ List<DirectoryUser> getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException {
UserDirectoryWorkingCopy wc = getWorkingCopy();
Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
- List<DirectoryUser> res = doGetRoles(f);
+ List<DirectoryUser> res = doGetRoles(searchBase, f, deep);
if (wc != null) {
for (Iterator<DirectoryUser> it = res.iterator(); it.hasNext();) {
DirectoryUser user = it.next();
// no need to check modified users,
// since doGetRoles was already based on the modified attributes
}
- return res.toArray(new Role[res.size()]);
+
+ // if non deep we also search users and groups
+ if (!deep) {
+ try {
+ if (!(searchBase.endsWith(new LdapName(getUserBase()))
+ || searchBase.endsWith(new LdapName(getGroupBase())))) {
+ LdapName usersBase = (LdapName) ((LdapName) searchBase.clone()).add(getUserBase());
+ res.addAll(getRoles(usersBase, filter, false));
+ LdapName groupsBase = (LdapName) ((LdapName) searchBase.clone()).add(getGroupBase());
+ res.addAll(getRoles(groupsBase, filter, false));
+ }
+ } catch (InvalidNameException e) {
+ throw new IllegalStateException("Cannot search users and groups", e);
+ }
+ }
+ return res;
}
@Override
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
- throw new UserDirectoryException("Key cannot be null");
+ throw new IllegalArgumentException("Key cannot be null");
}
if (collectedUsers.size() == 1) {
protected void doGetUser(String key, String value, List<DirectoryUser> collectedUsers) {
try {
Filter f = FrameworkUtil.createFilter("(" + key + "=" + value + ")");
- List<DirectoryUser> users = doGetRoles(f);
+ List<DirectoryUser> users = doGetRoles(getBaseDn(), f, true);
collectedUsers.addAll(users);
} catch (InvalidSyntaxException e) {
- throw new UserDirectoryException("Cannot get user with " + key + "=" + value, e);
+ throw new IllegalArgumentException("Cannot get user with " + key + "=" + value, e);
}
}
try {
DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
if (directoryUser == null)
- throw new UserDirectoryException("No scoped user found for " + user);
+ throw new IllegalStateException("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
scopedUserAdmin.getAllRoles(directoryUser));
return authorization;
public Role createRole(String name, int type) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
- LdapName dn = toDn(name);
+ LdapName dn = toLdapName(name);
if ((daoHasRole(dn) && !wc.getDeletedUsers().containsKey(dn)) || wc.getNewUsers().containsKey(dn))
- throw new UserDirectoryException("Already a role " + name);
+ throw new IllegalArgumentException("Already a role " + name);
BasicAttributes attrs = new BasicAttributes(true);
// attrs.put(LdifName.dn.name(), dn.toString());
Rdn nameRdn = dn.getRdn(dn.size() - 1);
attrs.put(objClass);
newRole = new LdifGroup(this, dn, attrs);
} else
- throw new UserDirectoryException("Unsupported type " + type);
+ throw new IllegalArgumentException("Unsupported type " + type);
return newRole;
}
public boolean removeRole(String name) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
- LdapName dn = toDn(name);
+ LdapName dn = toLdapName(name);
boolean actuallyDeleted;
if (daoHasRole(dn) || wc.getNewUsers().containsKey(dn)) {
DirectoryUser user = (DirectoryUser) getRole(name);
}
- // UTILITIES
- protected LdapName toDn(String name) {
+ /*
+ * HIERARCHY
+ */
+ @Override
+ public int getHierarchyChildCount() {
+ return 0;
+ }
+
+ @Override
+ public HierarchyUnit getHierarchyChild(int i) {
+ throw new IllegalArgumentException("No child hierarchy unit available");
+ }
+
+ @Override
+ public int getHierarchyUnitType() {
+ return 0;
+ }
+
+ @Override
+ public String getHierarchyUnitName() {
+ String name = baseDn.getRdn(baseDn.size() - 1).getValue().toString();
+ // TODO check ou, o, etc.
+ return name;
+ }
+
+ @Override
+ public List<? extends Role> getRoles(String filter, boolean deep) {
try {
- return new LdapName(name);
- } catch (InvalidNameException e) {
- throw new UserDirectoryException("Badly formatted name", e);
+ return getRoles(getBaseDn(), filter, deep);
+ } catch (InvalidSyntaxException e) {
+ throw new IllegalArgumentException("Cannot filter " + filter + " " + getBaseDn(), e);
}
}
return scoped;
}
+ @Override
+ public int hashCode() {
+ return baseDn.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return "User Directory " + baseDn.toString();
+ }
+
+ /*
+ * STATIC UTILITIES
+ */
+ static LdapName toLdapName(String name) {
+ try {
+ return new LdapName(name);
+ } catch (InvalidNameException e) {
+ throw new IllegalArgumentException(name + " is not an LDAP name", e);
+ }
+ }
}