X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsUserAdmin.java;h=64e32b16a36a7d90e8645777b5e8727c789ec04b;hb=e41a5f598aa4692ee4109e5442e5fcd8565e98bd;hp=7c4d807746ff481e7bcdd56f7058ecc5d3b8c86c;hpb=b843d903237a2a4192c40d8c933e71137284050b;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java index 7c4d80774..64e32b16a 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java @@ -11,9 +11,9 @@ import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Dictionary; import java.util.Iterator; +import java.util.Optional; import java.util.Set; -import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -33,16 +33,13 @@ import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; -import org.argeo.osgi.transaction.WorkControl; -import org.argeo.osgi.transaction.WorkTransaction; -import org.argeo.osgi.useradmin.AbstractUserDirectory; +import org.argeo.osgi.useradmin.DirectoryUserAdmin; import org.argeo.osgi.useradmin.AggregatingUserAdmin; -import org.argeo.osgi.useradmin.LdapUserAdmin; -import org.argeo.osgi.useradmin.LdifUserAdmin; -import org.argeo.osgi.useradmin.OsUserDirectory; -import org.argeo.osgi.useradmin.UserAdminConf; import org.argeo.osgi.useradmin.UserDirectory; -import org.argeo.util.naming.DnsBrowser; +import org.argeo.util.directory.DirectoryConf; +import org.argeo.util.naming.dns.DnsBrowser; +import org.argeo.util.transaction.WorkControl; +import org.argeo.util.transaction.WorkTransaction; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; import org.ietf.jgss.GSSManager; @@ -56,7 +53,7 @@ import org.osgi.service.useradmin.Role; * Aggregates multiple {@link UserDirectory} and integrates them with system * roles. */ -public class CmsUserAdmin extends AggregatingUserAdmin { +public class CmsUserAdmin extends AggregatingUserAdmin { private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class); // GSS API @@ -77,14 +74,14 @@ public class CmsUserAdmin extends AggregatingUserAdmin { public void stop() { } - + public UserDirectory enableUserDirectory(Dictionary properties) { - String uri = (String) properties.get(UserAdminConf.uri.name()); - Object realm = properties.get(UserAdminConf.realm.name()); + String uri = (String) properties.get(DirectoryConf.uri.name()); + Object realm = properties.get(DirectoryConf.realm.name()); URI u; try { if (uri == null) { - String baseDn = (String) properties.get(UserAdminConf.baseDn.name()); + String baseDn = (String) properties.get(DirectoryConf.baseDn.name()); u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + baseDn + ".ldif"); } else if (realm != null) { u = null; @@ -96,32 +93,31 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } // Create - AbstractUserDirectory userDirectory; - if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme()) - || UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) { - userDirectory = new LdapUserAdmin(properties); - } else if (UserAdminConf.SCHEME_FILE.equals(u.getScheme())) { - userDirectory = new LdifUserAdmin(u, properties); - } else if (UserAdminConf.SCHEME_OS.equals(u.getScheme())) { - userDirectory = new OsUserDirectory(u, properties); - singleUser = true; - } else { - throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); - } - LdapName baseDn = userDirectory.getBaseDn(); + UserDirectory userDirectory = new DirectoryUserAdmin(u, properties); +// if (realm != null || DirectoryConf.SCHEME_LDAP.equals(u.getScheme()) +// || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) { +// userDirectory = new LdapUserAdmin(properties); +// } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) { +// userDirectory = new LdifUserAdmin(u, properties); +// } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) { +// userDirectory = new OsUserDirectory(u, properties); +// singleUser = true; +// } else { +// throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); +// } + String basePath = userDirectory.getContext(); addUserDirectory(userDirectory); - if (isSystemRolesBaseDn(baseDn)) { + if (isSystemRolesBaseDn(basePath)) { addStandardSystemRoles(); - } + } if (log.isDebugEnabled()) { - log.debug("User directory " + userDirectory.getBaseDn() + (u != null ? " [" + u.getScheme() + "]" : "") + log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "") + " enabled." + (realm != null ? " " + realm + " realm." : "")); } return userDirectory; } - protected void addStandardSystemRoles() { // we assume UserTransaction is already available (TODO make it more robust) try { @@ -145,7 +141,6 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - @Override protected void addAbstractSystemRoles(Authorization rawAuthorization, Set sysRoles) { if (rawAuthorization.getName() == null) { @@ -155,13 +150,14 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - protected void postAdd(AbstractUserDirectory userDirectory) { + @Override + protected void postAdd(UserDirectory userDirectory) { userDirectory.setTransactionControl(transactionManager); - Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); - if (realm != null) { + Optional realm = userDirectory.getRealm(); + if (realm.isPresent()) { if (Files.exists(nodeKeyTab)) { - String servicePrincipal = getKerberosServicePrincipal(realm.toString()); + String servicePrincipal = getKerberosServicePrincipal(realm.get()); if (servicePrincipal != null) { CallbackHandler callbackHandler = new CallbackHandler() { @Override @@ -195,9 +191,10 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - protected void preDestroy(AbstractUserDirectory userDirectory) { - Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); - if (realm != null) { + @Override + protected void preDestroy(UserDirectory userDirectory) { + Optional realm = userDirectory.getRealm(); + if (realm.isPresent()) { if (acceptorCredentials != null) { try { acceptorCredentials.dispose(); @@ -229,6 +226,13 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } private GSSCredential logInAsAcceptor(Subject subject, String servicePrincipal) { + // not static because class is not supported by Android + final Oid KERBEROS_OID; + try { + KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); + } catch (GSSException e) { + throw new IllegalStateException("Cannot create Kerberos OID", e); + } // GSS Iterator krb5It = subject.getPrincipals(KerberosPrincipal.class).iterator(); if (!krb5It.hasNext()) @@ -288,12 +292,4 @@ public class CmsUserAdmin extends AggregatingUserAdmin { * STATIC */ - public final static Oid KERBEROS_OID; - static { - try { - KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); - } catch (GSSException e) { - throw new IllegalStateException("Cannot create Kerberos OID", e); - } - } }