JDK HTTP server authentication

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / osgi / useradmin / AggregatingUserAdmin.java

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index 3857b08d0607027cf55e0a4b72528de70135b7e7..c1727f7465d2e4fbdde2bdeea3671cc51da90fc0 100644 (file)
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -93,6 +93,7 @@ public class AggregatingUserAdmin implements UserAdmin {
                }
                DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName());
                Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+               User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName());
                String usernameToUse;
                String displayNameToUse;
                if (user instanceof Group) {
@@ -113,6 +114,17 @@ public class AggregatingUserAdmin implements UserAdmin {
                }
 
                // gather roles from other referentials
+               List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+               for (LdapName otherBaseDn : businessRoles.keySet()) {
+                       if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
+                               continue;
+                       DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn);
+                       Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
+                       allRoles.addAll(Arrays.asList(auth.getRoles()));
+
+               }
+
+               // integrate system roles
                final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating
                if (user instanceof DirectoryUser) {
                        userAdminToUse = userReferentialOfThisUser;
@@ -136,7 +148,7 @@ public class AggregatingUserAdmin implements UserAdmin {
                        }
                        addAbstractSystemRoles(rawAuthorization, sysRoles);
                        Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
-                                       rawAuthorization.getRoles());
+                                       allRoles.toArray(new String[allRoles.size()]));
                        return authorization;
                } finally {
                        if (userAdminToUse != null && userAdminToUse.isScoped()) {
@@ -238,7 +250,11 @@ public class AggregatingUserAdmin implements UserAdmin {
 //             return res;
 //     }
 
-       public void destroy() {
+       public void start() {
+
+       }
+
+       public void stop() {
                for (LdapName name : businessRoles.keySet()) {
                        DirectoryUserAdmin userDirectory = businessRoles.get(name);
                        destroy(userDirectory);
@@ -254,6 +270,14 @@ public class AggregatingUserAdmin implements UserAdmin {
                userDirectory.destroy();
        }
 
+//     protected void removeUserDirectory(UserDirectory userDirectory) {
+//             LdapName baseDn = toLdapName(userDirectory.getContext());
+//             businessRoles.remove(baseDn);
+//             if (userDirectory instanceof DirectoryUserAdmin)
+//                     destroy((DirectoryUserAdmin) userDirectory);
+//     }
+
+       @Deprecated
        protected void removeUserDirectory(String basePath) {
                if (isSystemRolesBaseDn(basePath))
                        throw new IllegalArgumentException("System roles cannot be removed ");
@@ -274,6 +298,8 @@ public class AggregatingUserAdmin implements UserAdmin {
        public Set<UserDirectory> getUserDirectories() {
                TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
                res.addAll(businessRoles.values());
+               res.add(systemRoles);
                return res;
        }
+
 }