X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=11efa9e0f9dc9920520b9f800a9b7c17d9061bce;hb=4185ff8826f893a4a1f054f61a11b89333c3e85d;hp=40e23541ba0ad46b3c444acfd586a094c3a4d9d0;hpb=ed3d525b21f55ed76763381b91c888404487e3e1;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index 40e23541b..11efa9e0f 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -25,7 +25,6 @@ import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; -import javax.transaction.TransactionManager; import org.apache.commons.httpclient.auth.AuthPolicy; import org.apache.commons.httpclient.auth.CredentialsProvider; @@ -35,9 +34,13 @@ import org.apache.commons.httpclient.params.HttpParams; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.api.NodeConstants; +import org.argeo.cms.CmsUserManager; +import org.argeo.cms.internal.auth.CmsUserManagerImpl; import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; import org.argeo.naming.DnsBrowser; +import org.argeo.osgi.transaction.WorkControl; +import org.argeo.osgi.transaction.WorkTransaction; import org.argeo.osgi.useradmin.AbstractUserDirectory; import org.argeo.osgi.useradmin.AggregatingUserAdmin; import org.argeo.osgi.useradmin.LdapUserAdmin; @@ -52,6 +55,7 @@ import org.ietf.jgss.GSSName; import org.ietf.jgss.Oid; import org.osgi.framework.BundleContext; import org.osgi.framework.Constants; +import org.osgi.framework.ServiceReference; import org.osgi.service.cm.ConfigurationException; import org.osgi.service.cm.ManagedServiceFactory; import org.osgi.service.useradmin.Authorization; @@ -72,7 +76,7 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // private ServiceRegistration userAdminReg; // JTA - private final ServiceTracker tmTracker; + private final ServiceTracker tmTracker; // private final String cacheName = UserDirectory.class.getName(); // GSS API @@ -82,11 +86,25 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor private boolean singleUser = false; // private boolean systemRolesAvailable = false; + CmsUserManagerImpl userManager; + public NodeUserAdmin(String systemRolesBaseDn, String tokensBaseDn) { super(systemRolesBaseDn, tokensBaseDn); BundleContext bc = Activator.getBundleContext(); if (bc != null) { - tmTracker = new ServiceTracker<>(bc, TransactionManager.class, null); + tmTracker = new ServiceTracker<>(bc, WorkControl.class, null) { + + @Override + public WorkControl addingService(ServiceReference reference) { + WorkControl workControl = super.addingService(reference); + userManager = new CmsUserManagerImpl(); + userManager.setUserAdmin(NodeUserAdmin.this); + // FIXME make it more robust + userManager.setUserTransaction((WorkTransaction) workControl); + bc.registerService(CmsUserManager.class, userManager, null); + return workControl; + } + }; tmTracker.open(); } else { tmTracker = null; @@ -96,20 +114,25 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor @Override public void updated(String pid, Dictionary properties) throws ConfigurationException { String uri = (String) properties.get(UserAdminConf.uri.name()); + Object realm = properties.get(UserAdminConf.realm.name()); URI u; try { if (uri == null) { String baseDn = (String) properties.get(UserAdminConf.baseDn.name()); u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + baseDn + ".ldif"); - } else + } else if (realm != null) { + u = null; + } else { u = new URI(uri); + } } catch (URISyntaxException e) { throw new IllegalArgumentException("Badly formatted URI " + uri, e); } // Create AbstractUserDirectory userDirectory; - if (UserAdminConf.SCHEME_LDAP.equals(u.getScheme())) { + if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme()) + || UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) { userDirectory = new LdapUserAdmin(properties); } else if (UserAdminConf.SCHEME_FILE.equals(u.getScheme())) { userDirectory = new LdifUserAdmin(u, properties); @@ -119,12 +142,11 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor } else { throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); } - Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); addUserDirectory(userDirectory); // OSGi LdapName baseDn = userDirectory.getBaseDn(); - Dictionary regProps = new Hashtable<>(); + Hashtable regProps = new Hashtable<>(); regProps.put(Constants.SERVICE_PID, pid); if (isSystemRolesBaseDn(baseDn)) regProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE); @@ -132,12 +154,14 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // ServiceRegistration reg = // bc.registerService(UserDirectory.class, userDirectory, regProps); Activator.registerService(UserDirectory.class, userDirectory, regProps); + userManager.addUserDirectory(userDirectory, regProps); pidToBaseDn.put(pid, baseDn); // pidToServiceRegs.put(pid, reg); - if (log.isDebugEnabled()) - log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled." - + (realm != null ? " " + realm + " realm." : "")); + if (log.isDebugEnabled()) { + log.debug("User directory " + userDirectory.getBaseDn() + (u != null ? " [" + u.getScheme() + "]" : "") + + " enabled." + (realm != null ? " " + realm + " realm." : "")); + } if (isSystemRolesBaseDn(baseDn)) { // publishes only when system roles are available @@ -189,10 +213,10 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor protected void postAdd(AbstractUserDirectory userDirectory) { // JTA - TransactionManager tm = tmTracker != null ? tmTracker.getService() : null; + WorkControl tm = tmTracker != null ? tmTracker.getService() : null; if (tm == null) throw new IllegalStateException("A JTA transaction manager must be available."); - userDirectory.setTransactionManager(tm); + userDirectory.setTransactionControl(tm); // if (tmTracker.getService() instanceof BitronixTransactionManager) // EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource());