X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=d6d721f6dcc9e33c84a765566b6e128760870e92;hb=efe7c2fa2b0f03ca6dc1386adcdc5764cb790202;hp=75cd44491cb20278714a5b96f138cda04978385d;hpb=9dba7b01008499bdaf15c754190906d3200713fe;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index 75cd44491..d6d721f6d 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -1,5 +1,8 @@ package org.argeo.cms.internal.kernel; +import static org.argeo.cms.internal.kernel.KernelUtils.getFrameworkProp; +import static org.argeo.cms.internal.kernel.KernelUtils.getOsgiInstanceDir; + import java.io.File; import java.io.IOException; import java.net.URI; @@ -14,6 +17,7 @@ import java.util.Map; import java.util.Set; import javax.jcr.Node; +import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.Value; @@ -44,7 +48,13 @@ import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; -public class NodeUserAdmin implements UserAdmin { +import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer; + +/** + * Aggregates multiple {@link UserDirectory} and integrates them with this node + * system roles. + */ +public class NodeUserAdmin implements UserAdmin, KernelConstants { private final static Log log = LogFactory.getLog(NodeUserAdmin.class); final static LdapName ROLES_BASE; static { @@ -56,110 +66,43 @@ public class NodeUserAdmin implements UserAdmin { } } + // DAOs private UserAdmin nodeRoles = null; private Map userAdmins = new HashMap(); + // JCR /** The home base path. */ private String homeBasePath = "/home"; private String peopleBasePath = ArgeoJcrConstants.PEOPLE_BASE_PATH; + private Repository repository; private Session adminSession; - public NodeUserAdmin(Session adminSession) { - this.adminSession = adminSession; - File osgiInstanceDir = KernelUtils.getOsgiInstanceDir(); - File nodeBaseDir = new File(osgiInstanceDir, "node"); - nodeBaseDir.mkdirs(); - - String userAdminUri = KernelUtils - .getFrameworkProp(KernelConstants.USERADMIN_URIS); - if (userAdminUri == null) { - String demoBaseDn = "dc=example,dc=com"; - File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif"); - if (!businessRolesFile.exists()) - try { - FileUtils.copyInputStreamToFile(getClass() - .getResourceAsStream(demoBaseDn + ".ldif"), - businessRolesFile); - } catch (IOException e) { - throw new CmsException("Cannot copy demo resource", e); - } - userAdminUri = businessRolesFile.toURI().toString(); - } + private final String cacheName = UserDirectory.class.getName(); - String[] uris = userAdminUri.split(" "); - for (String uri : uris) { - URI u; - try { - u = new URI(uri); - if (u.getPath() == null) - throw new CmsException("URI " + uri - + " must have a path in order to determine base DN"); - if (u.getScheme() == null) { - if (uri.startsWith("/") || uri.startsWith("./") - || uri.startsWith("../")) - u = new File(uri).getCanonicalFile().toURI(); - else if (!uri.contains("/")) - u = new File(nodeBaseDir, uri).getCanonicalFile() - .toURI(); - else - throw new CmsException("Cannot interpret " + uri - + " as an uri"); - } else if (u.getScheme().equals("file")) { - u = new File(u).getCanonicalFile().toURI(); - } - } catch (Exception e) { - throw new CmsException( - "Cannot interpret " + uri + " as an uri", e); - } - Dictionary properties = UserAdminConf.uriAsProperties(u - .toString()); - UserDirectory businessRoles; - if (u.getScheme().startsWith("ldap")) { - businessRoles = new LdapUserAdmin(properties); - } else { - businessRoles = new LdifUserAdmin(properties); - } - businessRoles.init(); - addUserAdmin(businessRoles.getBaseDn(), (UserAdmin) businessRoles); - if (log.isDebugEnabled()) - log.debug("User directory " + businessRoles.getBaseDn() + " [" - + u.getScheme() + "] enabled."); + public NodeUserAdmin(TransactionManager transactionManager, + Repository repository) { + this.repository = repository; + try { + this.adminSession = this.repository.login(); + } catch (RepositoryException e) { + throw new CmsException("Cannot log-in", e); } - // Node roles - String nodeRolesUri = KernelUtils - .getFrameworkProp(KernelConstants.ROLES_URI); - String baseNodeRoleDn = AuthConstants.ROLES_BASEDN; - if (nodeRolesUri == null) { - File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif"); - if (!nodeRolesFile.exists()) - try { - FileUtils.copyInputStreamToFile(getClass() - .getResourceAsStream("demo.ldif"), nodeRolesFile); - } catch (IOException e) { - throw new CmsException("Cannot copy demo resource", e); - } - nodeRolesUri = nodeRolesFile.toURI().toString(); - } + // DAOs + File nodeBaseDir = new File(getOsgiInstanceDir(), DIR_NODE); + nodeBaseDir.mkdirs(); + String userAdminUri = getFrameworkProp(USERADMIN_URIS); + initUserAdmins(userAdminUri, nodeBaseDir); + String nodeRolesUri = getFrameworkProp(ROLES_URI); + initNodeRoles(nodeRolesUri, nodeBaseDir); - Dictionary nodeRolesProperties = UserAdminConf - .uriAsProperties(nodeRolesUri); - if (!nodeRolesProperties.get(UserAdminConf.baseDn.property()).equals( - baseNodeRoleDn)) { - throw new CmsException("Invalid base dn for node roles"); - // TODO deal with "mounted" roles with a different baseDN - } - UserDirectory nodeRoles; - if (nodeRolesUri.startsWith("ldap")) { - nodeRoles = new LdapUserAdmin(nodeRolesProperties); - } else { - nodeRoles = new LdifUserAdmin(nodeRolesProperties); + // Transaction manager + ((UserDirectory) nodeRoles).setTransactionManager(transactionManager); + for (UserAdmin userAdmin : userAdmins.values()) { + if (userAdmin instanceof UserDirectory) + ((UserDirectory) userAdmin) + .setTransactionManager(transactionManager); } - nodeRoles.setExternalRoles(this); - nodeRoles.init(); - addUserAdmin(baseNodeRoleDn, (UserAdmin) nodeRoles); - if (log.isTraceEnabled()) - log.trace("Node roles enabled."); // JCR initJcr(adminSession); @@ -188,7 +131,15 @@ public class NodeUserAdmin implements UserAdmin { if (userAdmins.get(name) instanceof UserDirectory) { UserDirectory userDirectory = (UserDirectory) userAdmins .get(name); + try { + // FIXME Make it less bitronix dependant + EhCacheXAResourceProducer.unregisterXAResource(cacheName, + userDirectory.getXaResource()); + } catch (Exception e) { + log.error("Cannot unregister resource from Bitronix", e); + } userDirectory.destroy(); + } } } @@ -256,12 +207,7 @@ public class NodeUserAdmin implements UserAdmin { // // USER ADMIN AGGREGATOR // - public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) { - if (baseDn.equals(AuthConstants.ROLES_BASEDN)) { - nodeRoles = userAdmin; - return; - } - + public void addUserAdmin(String baseDn, UserAdmin userAdmin) { if (userAdmins.containsKey(baseDn)) throw new UserDirectoryException( "There is already a user admin for " + baseDn); @@ -271,22 +217,15 @@ public class NodeUserAdmin implements UserAdmin { throw new UserDirectoryException("Badly formatted base DN " + baseDn, e); } - } - - public synchronized void removeUserAdmin(String baseDn) { - if (baseDn.equals(AuthConstants.ROLES_BASEDN)) - throw new UserDirectoryException("Node roles cannot be removed."); - LdapName base; - try { - base = new LdapName(baseDn); - } catch (InvalidNameException e) { - throw new UserDirectoryException("Badly formatted base DN " - + baseDn, e); + if (userAdmin instanceof UserDirectory) { + try { + // FIXME Make it less bitronix dependant + EhCacheXAResourceProducer.registerXAResource(cacheName, + ((UserDirectory) userAdmin).getXaResource()); + } catch (Exception e) { + log.error("Cannot register resource to Bitronix", e); + } } - if (!userAdmins.containsKey(base)) - throw new UserDirectoryException("There is no user admin for " - + base); - userAdmins.remove(base); } private UserAdmin findUserAdmin(String name) { @@ -325,6 +264,107 @@ public class NodeUserAdmin implements UserAdmin { } } + private void initUserAdmins(String userAdminUri, File nodeBaseDir) { + if (userAdminUri == null) { + String demoBaseDn = "dc=example,dc=com"; + File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif"); + if (!businessRolesFile.exists()) + try { + FileUtils.copyInputStreamToFile(getClass() + .getResourceAsStream(demoBaseDn + ".ldif"), + businessRolesFile); + } catch (IOException e) { + throw new CmsException("Cannot copy demo resource", e); + } + userAdminUri = businessRolesFile.toURI().toString(); + } + String[] uris = userAdminUri.split(" "); + for (String uri : uris) { + URI u; + try { + u = new URI(uri); + if (u.getPath() == null) + throw new CmsException("URI " + uri + + " must have a path in order to determine base DN"); + if (u.getScheme() == null) { + if (uri.startsWith("/") || uri.startsWith("./") + || uri.startsWith("../")) + u = new File(uri).getCanonicalFile().toURI(); + else if (!uri.contains("/")) + u = new File(nodeBaseDir, uri).getCanonicalFile() + .toURI(); + else + throw new CmsException("Cannot interpret " + uri + + " as an uri"); + } else if (u.getScheme().equals("file")) { + u = new File(u).getCanonicalFile().toURI(); + } + } catch (Exception e) { + throw new CmsException( + "Cannot interpret " + uri + " as an uri", e); + } + Dictionary properties = UserAdminConf.uriAsProperties(u + .toString()); + UserDirectory businessRoles; + if (u.getScheme().startsWith("ldap")) { + businessRoles = new LdapUserAdmin(properties); + } else { + businessRoles = new LdifUserAdmin(properties); + } + businessRoles.init(); + String baseDn = businessRoles.getBaseDn(); + if (userAdmins.containsKey(baseDn)) + throw new UserDirectoryException( + "There is already a user admin for " + baseDn); + try { + userAdmins.put(new LdapName(baseDn), (UserAdmin) businessRoles); + } catch (InvalidNameException e) { + throw new UserDirectoryException("Badly formatted base DN " + + baseDn, e); + } + addUserAdmin(businessRoles.getBaseDn(), (UserAdmin) businessRoles); + if (log.isDebugEnabled()) + log.debug("User directory " + businessRoles.getBaseDn() + " [" + + u.getScheme() + "] enabled."); + } + + } + + private void initNodeRoles(String nodeRolesUri, File nodeBaseDir) { + String baseNodeRoleDn = AuthConstants.ROLES_BASEDN; + if (nodeRolesUri == null) { + File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif"); + if (!nodeRolesFile.exists()) + try { + FileUtils.copyInputStreamToFile(getClass() + .getResourceAsStream(baseNodeRoleDn + ".ldif"), + nodeRolesFile); + } catch (IOException e) { + throw new CmsException("Cannot copy demo resource", e); + } + nodeRolesUri = nodeRolesFile.toURI().toString(); + } + + Dictionary nodeRolesProperties = UserAdminConf + .uriAsProperties(nodeRolesUri); + if (!nodeRolesProperties.get(UserAdminConf.baseDn.property()).equals( + baseNodeRoleDn)) { + throw new CmsException("Invalid base dn for node roles"); + // TODO deal with "mounted" roles with a different baseDN + } + if (nodeRolesUri.startsWith("ldap")) { + nodeRoles = new LdapUserAdmin(nodeRolesProperties); + } else { + nodeRoles = new LdifUserAdmin(nodeRolesProperties); + } + ((UserDirectory) nodeRoles).setExternalRoles(this); + ((UserDirectory) nodeRoles).init(); + addUserAdmin(baseNodeRoleDn, (UserAdmin) nodeRoles); + if (log.isTraceEnabled()) + log.trace("Node roles enabled."); + + } + /* * JCR */