X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=56f2f5c170bdc67719c2dcde9c28935065fa1a47;hb=77935b7e3c0cb16a295af7059ed48ed1b916de2d;hp=e4b25ae81caceab5b2ff07b40364bc59bba67c86;hpb=6338d85d3f970dd0eb8845693ddad90a93b99d03;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java index e4b25ae81..56f2f5c17 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java @@ -1,6 +1,7 @@ package org.argeo.osgi.useradmin; import static org.argeo.naming.LdapAttrs.objectClass; +import static org.argeo.naming.LdapObjs.extensibleObject; import static org.argeo.naming.LdapObjs.inetOrgPerson; import static org.argeo.naming.LdapObjs.organizationalPerson; import static org.argeo.naming.LdapObjs.person; @@ -18,6 +19,7 @@ import java.util.Iterator; import java.util.List; import javax.naming.InvalidNameException; +import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; @@ -113,7 +115,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected abstract Boolean daoHasRole(LdapName dn); - protected abstract DirectoryUser daoGetRole(LdapName key); + protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException; protected abstract List doGetRoles(Filter f); @@ -170,7 +172,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory private void collectRoles(DirectoryUser user, List allRoles) { Attributes attrs = user.getAttributes(); // TODO centralize attribute name - Attribute memberOf = attrs.get("memberOf"); + Attribute memberOf = attrs.get(LdapAttrs.memberOf.name()); if (memberOf != null) { try { NamingEnumeration values = memberOf.getAll(); @@ -179,8 +181,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory LdapName groupDn = new LdapName(value.toString()); DirectoryUser group = doGetRole(groupDn); allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add memberOf " + groupDn); + if (log.isTraceEnabled()) + log.trace("Add memberOf " + groupDn); } } catch (Exception e) { throw new UserDirectoryException("Cannot get memberOf groups for " + user, e); @@ -190,8 +192,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory // TODO check for loops DirectoryUser group = doGetRole(groupDn); allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add direct group " + groupDn); + if (log.isTraceEnabled()) + log.trace("Add direct group " + groupDn); collectRoles(group, allRoles); } } @@ -209,7 +211,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected DirectoryUser doGetRole(LdapName dn) { UserDirectoryWorkingCopy wc = getWorkingCopy(); - DirectoryUser user = daoGetRole(dn); + DirectoryUser user; + try { + user = daoGetRole(dn); + } catch (NameNotFoundException e) { + user = null; + } if (wc != null) { if (user == null && wc.getNewUsers().containsKey(dn)) user = wc.getNewUsers().get(dn); @@ -289,6 +296,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory AbstractUserDirectory scopedUserAdmin = scope(user); try { DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + if (directoryUser == null) + throw new UserDirectoryException("No scoped user found for " + user); LdifAuthorization authorization = new LdifAuthorization(directoryUser, scopedUserAdmin.getAllRoles(directoryUser)); return authorization; @@ -313,12 +322,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory if (wc.getDeletedUsers().containsKey(dn)) { wc.getDeletedUsers().remove(dn); wc.getModifiedUsers().put(dn, attrs); + return getRole(name); } else { wc.getModifiedUsers().put(dn, attrs); DirectoryUser newRole = newRole(dn, type, attrs); wc.getNewUsers().put(dn, newRole); + return newRole; } - return getRole(name); } protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) { @@ -334,6 +344,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory objClass.add(person.name()); } objClass.add(top.name()); + objClass.add(extensibleObject.name()); attrs.put(objClass); newRole = new LdifUser(this, dn, attrs); } else if (type == Role.GROUP) { @@ -403,28 +414,24 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return uri; } - // protected List getIndexedUserProperties() { - // return indexedUserProperties; - // } - // - // protected void setIndexedUserProperties(List - // indexedUserProperties) { - // this.indexedUserProperties = indexedUserProperties; - // } - private static boolean readOnlyDefault(URI uri) { if (uri == null) return true; if (uri.getScheme() == null) return false;// assume relative file to be writable - if (uri.getScheme().equals("file")) { + if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) { File file = new File(uri); if (file.exists()) return !file.canWrite(); else return !file.getParentFile().canWrite(); + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) { + if (uri.getAuthority() != null)// assume writable if authenticated + return false; + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) { + return true; } - return true; + return true;// read only by default } public boolean isReadOnly() {