X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsUserAdmin.java;h=890e283914d9d2027c5e4964a07239c101b46ff9;hb=eb4324be6ac9cdff15828a21ee7d3f6ca2f19fb9;hp=7c4d807746ff481e7bcdd56f7058ecc5d3b8c86c;hpb=b843d903237a2a4192c40d8c933e71137284050b;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java index 7c4d80774..890e28391 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java @@ -11,9 +11,9 @@ import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Dictionary; import java.util.Iterator; +import java.util.Optional; import java.util.Set; -import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; @@ -35,7 +35,6 @@ import org.argeo.cms.internal.http.client.HttpCredentialProvider; import org.argeo.cms.internal.http.client.SpnegoAuthScheme; import org.argeo.osgi.transaction.WorkControl; import org.argeo.osgi.transaction.WorkTransaction; -import org.argeo.osgi.useradmin.AbstractUserDirectory; import org.argeo.osgi.useradmin.AggregatingUserAdmin; import org.argeo.osgi.useradmin.LdapUserAdmin; import org.argeo.osgi.useradmin.LdifUserAdmin; @@ -56,7 +55,7 @@ import org.osgi.service.useradmin.Role; * Aggregates multiple {@link UserDirectory} and integrates them with system * roles. */ -public class CmsUserAdmin extends AggregatingUserAdmin { +public class CmsUserAdmin extends AggregatingUserAdmin { private final static CmsLog log = CmsLog.getLog(CmsUserAdmin.class); // GSS API @@ -77,7 +76,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { public void stop() { } - + public UserDirectory enableUserDirectory(Dictionary properties) { String uri = (String) properties.get(UserAdminConf.uri.name()); Object realm = properties.get(UserAdminConf.realm.name()); @@ -96,7 +95,7 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } // Create - AbstractUserDirectory userDirectory; + UserDirectory userDirectory; if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme()) || UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) { userDirectory = new LdapUserAdmin(properties); @@ -108,20 +107,19 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } else { throw new IllegalArgumentException("Unsupported scheme " + u.getScheme()); } - LdapName baseDn = userDirectory.getBaseDn(); + String basePath = userDirectory.getContext(); addUserDirectory(userDirectory); - if (isSystemRolesBaseDn(baseDn)) { + if (isSystemRolesBaseDn(basePath)) { addStandardSystemRoles(); - } + } if (log.isDebugEnabled()) { - log.debug("User directory " + userDirectory.getBaseDn() + (u != null ? " [" + u.getScheme() + "]" : "") + log.debug("User directory " + userDirectory.getContext() + (u != null ? " [" + u.getScheme() + "]" : "") + " enabled." + (realm != null ? " " + realm + " realm." : "")); } return userDirectory; } - protected void addStandardSystemRoles() { // we assume UserTransaction is already available (TODO make it more robust) try { @@ -145,7 +143,6 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - @Override protected void addAbstractSystemRoles(Authorization rawAuthorization, Set sysRoles) { if (rawAuthorization.getName() == null) { @@ -155,13 +152,14 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - protected void postAdd(AbstractUserDirectory userDirectory) { + @Override + protected void postAdd(UserDirectory userDirectory) { userDirectory.setTransactionControl(transactionManager); - Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); - if (realm != null) { + Optional realm = userDirectory.getRealm(); + if (realm.isPresent()) { if (Files.exists(nodeKeyTab)) { - String servicePrincipal = getKerberosServicePrincipal(realm.toString()); + String servicePrincipal = getKerberosServicePrincipal(realm.get()); if (servicePrincipal != null) { CallbackHandler callbackHandler = new CallbackHandler() { @Override @@ -195,9 +193,10 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } } - protected void preDestroy(AbstractUserDirectory userDirectory) { - Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name()); - if (realm != null) { + @Override + protected void preDestroy(UserDirectory userDirectory) { + Optional realm = userDirectory.getRealm(); + if (realm.isPresent()) { if (acceptorCredentials != null) { try { acceptorCredentials.dispose(); @@ -229,6 +228,13 @@ public class CmsUserAdmin extends AggregatingUserAdmin { } private GSSCredential logInAsAcceptor(Subject subject, String servicePrincipal) { + // not static because class is not supported by Android + final Oid KERBEROS_OID; + try { + KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); + } catch (GSSException e) { + throw new IllegalStateException("Cannot create Kerberos OID", e); + } // GSS Iterator krb5It = subject.getPrincipals(KerberosPrincipal.class).iterator(); if (!krb5It.hasNext()) @@ -288,12 +294,4 @@ public class CmsUserAdmin extends AggregatingUserAdmin { * STATIC */ - public final static Oid KERBEROS_OID; - static { - try { - KERBEROS_OID = new Oid("1.3.6.1.5.5.2"); - } catch (GSSException e) { - throw new IllegalStateException("Cannot create Kerberos OID", e); - } - } }