X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=610f3f6400ca0bcc5d8753f9242192a09cd95ccb;hb=c38430e4dc4d8104162d7306675bc2f087d45a54;hp=e4b25ae81caceab5b2ff07b40364bc59bba67c86;hpb=6338d85d3f970dd0eb8845693ddad90a93b99d03;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java index e4b25ae81..610f3f640 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java @@ -1,6 +1,7 @@ package org.argeo.osgi.useradmin; import static org.argeo.naming.LdapAttrs.objectClass; +import static org.argeo.naming.LdapObjs.extensibleObject; import static org.argeo.naming.LdapObjs.inetOrgPerson; import static org.argeo.naming.LdapObjs.organizationalPerson; import static org.argeo.naming.LdapObjs.person; @@ -18,6 +19,7 @@ import java.util.Iterator; import java.util.List; import javax.naming.InvalidNameException; +import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; @@ -29,8 +31,6 @@ import javax.transaction.SystemException; import javax.transaction.Transaction; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.framework.FrameworkUtil; @@ -45,13 +45,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; - private final static Log log = LogFactory.getLog(AbstractUserDirectory.class); - private final Hashtable properties; private final LdapName baseDn, userBaseDn, groupBaseDn; private final String userObjectClass, userBase, groupObjectClass, groupBase; private final boolean readOnly; + private final boolean disabled; private final URI uri; private UserAdmin externalRoles; @@ -105,7 +104,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory readOnly = readOnlyDefault(uri); properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly)); } else - readOnly = new Boolean(readOnlyStr); + readOnly = Boolean.parseBoolean(readOnlyStr); + String disabledStr = UserAdminConf.disabled.getValue(properties); + if (disabledStr != null) + disabled = Boolean.parseBoolean(disabledStr); + else + disabled = false; } /** Returns the groups this user is a direct member of. */ @@ -113,7 +117,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected abstract Boolean daoHasRole(LdapName dn); - protected abstract DirectoryUser daoGetRole(LdapName key); + protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException; protected abstract List doGetRoles(Filter f); @@ -170,7 +174,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory private void collectRoles(DirectoryUser user, List allRoles) { Attributes attrs = user.getAttributes(); // TODO centralize attribute name - Attribute memberOf = attrs.get("memberOf"); + Attribute memberOf = attrs.get(LdapAttrs.memberOf.name()); if (memberOf != null) { try { NamingEnumeration values = memberOf.getAll(); @@ -179,8 +183,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory LdapName groupDn = new LdapName(value.toString()); DirectoryUser group = doGetRole(groupDn); allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add memberOf " + groupDn); } } catch (Exception e) { throw new UserDirectoryException("Cannot get memberOf groups for " + user, e); @@ -190,8 +192,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory // TODO check for loops DirectoryUser group = doGetRole(groupDn); allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add direct group " + groupDn); collectRoles(group, allRoles); } } @@ -209,7 +209,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected DirectoryUser doGetRole(LdapName dn) { UserDirectoryWorkingCopy wc = getWorkingCopy(); - DirectoryUser user = daoGetRole(dn); + DirectoryUser user; + try { + user = daoGetRole(dn); + } catch (NameNotFoundException e) { + user = null; + } if (wc != null) { if (user == null && wc.getNewUsers().containsKey(dn)) user = wc.getNewUsers().get(dn); @@ -219,7 +224,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return user; } - @SuppressWarnings("unchecked") @Override public Role[] getRoles(String filter) throws InvalidSyntaxException { UserDirectoryWorkingCopy wc = getWorkingCopy(); @@ -250,23 +254,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory doGetUser(key, value, collectedUsers); } else { throw new UserDirectoryException("Key cannot be null"); - // // try dn - // DirectoryUser user = null; - // try { - // user = (DirectoryUser) getRole(value); - // if (user != null) - // collectedUsers.add(user); - // } catch (Exception e) { - // // silent - // } - // // try all indexes - // for (String attr : getIndexedUserProperties()) - // doGetUser(attr, value, collectedUsers); } - if (collectedUsers.size() == 1) + + if (collectedUsers.size() == 1) { return collectedUsers.get(0); - else if (collectedUsers.size() > 1) - log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value); + } else if (collectedUsers.size() > 1) { + // log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : + // "") + value); + } return null; } @@ -289,6 +284,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory AbstractUserDirectory scopedUserAdmin = scope(user); try { DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + if (directoryUser == null) + throw new UserDirectoryException("No scoped user found for " + user); LdifAuthorization authorization = new LdifAuthorization(directoryUser, scopedUserAdmin.getAllRoles(directoryUser)); return authorization; @@ -313,12 +310,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory if (wc.getDeletedUsers().containsKey(dn)) { wc.getDeletedUsers().remove(dn); wc.getModifiedUsers().put(dn, attrs); + return getRole(name); } else { wc.getModifiedUsers().put(dn, attrs); DirectoryUser newRole = newRole(dn, type, attrs); wc.getNewUsers().put(dn, newRole); + return newRole; } - return getRole(name); } protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) { @@ -334,6 +332,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory objClass.add(person.name()); } objClass.add(top.name()); + objClass.add(extensibleObject.name()); attrs.put(objClass); newRole = new LdifUser(this, dn, attrs); } else if (type == Role.GROUP) { @@ -403,34 +402,34 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return uri; } - // protected List getIndexedUserProperties() { - // return indexedUserProperties; - // } - // - // protected void setIndexedUserProperties(List - // indexedUserProperties) { - // this.indexedUserProperties = indexedUserProperties; - // } - private static boolean readOnlyDefault(URI uri) { if (uri == null) return true; if (uri.getScheme() == null) return false;// assume relative file to be writable - if (uri.getScheme().equals("file")) { + if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) { File file = new File(uri); if (file.exists()) return !file.canWrite(); else return !file.getParentFile().canWrite(); + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) { + if (uri.getAuthority() != null)// assume writable if authenticated + return false; + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) { + return true; } - return true; + return true;// read only by default } public boolean isReadOnly() { return readOnly; } + public boolean isDisabled() { + return disabled; + } + protected UserAdmin getExternalRoles() { return externalRoles; }