X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeUserAdmin.java;h=f00c3c769f5ef00c6a4b37f0518bacb6f9d3b6bb;hb=09d97fb1d28c9bbe4b2ec9fc511adf5127a256c1;hp=8410b3958aef378d49a34dbd260b43f83696a128;hpb=6338d85d3f970dd0eb8845693ddad90a93b99d03;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index 8410b3958..f00c3c769 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -14,6 +14,7 @@ import java.util.HashMap; import java.util.Hashtable; import java.util.Iterator; import java.util.Map; +import java.util.Set; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; @@ -28,14 +29,12 @@ import javax.transaction.TransactionManager; import org.apache.commons.httpclient.auth.AuthPolicy; import org.apache.commons.httpclient.auth.CredentialsProvider; -import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.params.DefaultHttpParams; import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.commons.httpclient.params.HttpParams; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.internal.http.NodeHttp; import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; import org.argeo.naming.DnsBrowser; @@ -44,6 +43,7 @@ import org.argeo.osgi.useradmin.AbstractUserDirectory; import org.argeo.osgi.useradmin.AggregatingUserAdmin; import org.argeo.osgi.useradmin.LdapUserAdmin; import org.argeo.osgi.useradmin.LdifUserAdmin; +import org.argeo.osgi.useradmin.OsUserDirectory; import org.argeo.osgi.useradmin.UserAdminConf; import org.argeo.osgi.useradmin.UserDirectory; import org.ietf.jgss.GSSCredential; @@ -57,12 +57,10 @@ import org.osgi.framework.FrameworkUtil; import org.osgi.framework.ServiceRegistration; import org.osgi.service.cm.ConfigurationException; import org.osgi.service.cm.ManagedServiceFactory; +import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.UserAdmin; import org.osgi.util.tracker.ServiceTracker; -import bitronix.tm.BitronixTransactionManager; -import bitronix.tm.resource.ehcache.EhCacheXAResourceProducer; - /** * Aggregates multiple {@link UserDirectory} and integrates them with system * roles. @@ -78,12 +76,15 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // JTA private final ServiceTracker tmTracker; - private final String cacheName = UserDirectory.class.getName(); + // private final String cacheName = UserDirectory.class.getName(); // GSS API private Path nodeKeyTab = KernelUtils.getOsgiInstancePath(KernelConstants.NODE_KEY_TAB_PATH); private GSSCredential acceptorCredentials; + private boolean singleUser = false; + private boolean systemRolesAvailable = false; + public NodeUserAdmin(String systemRolesBaseDn) { super(systemRolesBaseDn); tmTracker = new ServiceTracker<>(bc, TransactionManager.class, null); @@ -105,8 +106,17 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor } // Create - AbstractUserDirectory userDirectory = u.getScheme().equals("ldap") ? new LdapUserAdmin(properties) - : new LdifUserAdmin(u, properties); + AbstractUserDirectory userDirectory; + if (UserAdminConf.SCHEME_LDAP.equals(u.getScheme())) { + userDirectory = new LdapUserAdmin(properties); + } else if (UserAdminConf.SCHEME_FILE.equals(u.getScheme())) { + userDirectory = new LdifUserAdmin(u, properties); + } else if (UserAdminConf.SCHEME_OS.equals(u.getScheme())) { + userDirectory = new OsUserDirectory(u, properties); + singleUser = true; + } else { + throw new CmsException("Unsupported scheme " + u.getScheme()); + } Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); addUserDirectory(userDirectory); @@ -125,7 +135,13 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled." + (realm != null ? " " + realm + " realm." : "")); - if (!isSystemRolesBaseDn(baseDn)) { + if (isSystemRolesBaseDn(baseDn)) + systemRolesAvailable = true; + + // start publishing only when system roles are available + if (systemRolesAvailable) { + // The list of baseDns is published as properties + // TODO clients should rather reference USerDirectory services if (userAdminReg != null) userAdminReg.unregister(); // register self as main user admin @@ -150,14 +166,23 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor return "Node User Admin"; } + @Override + protected void addAbstractSystemRoles(Authorization rawAuthorization, Set sysRoles) { + if (rawAuthorization.getName() == null) { + sysRoles.add(NodeConstants.ROLE_ANONYMOUS); + } else { + sysRoles.add(NodeConstants.ROLE_USER); + } + } + protected void postAdd(AbstractUserDirectory userDirectory) { // JTA TransactionManager tm = tmTracker.getService(); if (tm == null) throw new CmsException("A JTA transaction manager must be available."); userDirectory.setTransactionManager(tm); - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.registerXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -191,14 +216,14 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor // schemes.add(AuthPolicy.BASIC);// incompatible with Basic params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes); params.setParameter(CredentialsProvider.PROVIDER, new HttpCredentialProvider()); - params.setParameter(HttpMethodParams.COOKIE_POLICY, CookiePolicy.BROWSER_COMPATIBILITY); + params.setParameter(HttpMethodParams.COOKIE_POLICY, KernelConstants.COOKIE_POLICY_BROWSER_COMPATIBILITY); // params.setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); } } protected void preDestroy(AbstractUserDirectory userDirectory) { - if (tmTracker.getService() instanceof BitronixTransactionManager) - EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); +// if (tmTracker.getService() instanceof BitronixTransactionManager) +// EhCacheXAResourceProducer.unregisterXAResource(cacheName, userDirectory.getXaResource()); Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); if (realm != null) { @@ -272,6 +297,10 @@ class NodeUserAdmin extends AggregatingUserAdmin implements ManagedServiceFactor return acceptorCredentials; } + public boolean isSingleUser() { + return singleUser; + } + public final static Oid KERBEROS_OID; static { try {