X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=7279877e0e8ec46690a7f95b72ba062b234f8a34;hb=5986e55820cba0821f0c16627c4ab144863c82ab;hp=56f2f5c170bdc67719c2dcde9c28935065fa1a47;hpb=54e74b900b1c0f7b1de0def771de35e50a8d4071;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 56f2f5c17..7279877e0 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -27,13 +27,9 @@ import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
-import javax.transaction.SystemException;
-import javax.transaction.Transaction;
-import javax.transaction.TransactionManager;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
+import org.argeo.osgi.transaction.WorkControl;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.InvalidSyntaxException;
@@ -47,29 +43,32 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
 	static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
 
-	private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
-
 	private final Hashtable<String, Object> properties;
 	private final LdapName baseDn, userBaseDn, groupBaseDn;
 	private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
 	private final boolean readOnly;
-	private final URI uri;
+	private final boolean disabled;
+	private final String uri;
 
 	private UserAdmin externalRoles;
 	// private List<String> indexedUserProperties = Arrays
 	// .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
 	// LdapAttrs.cn.name() });
 
+	private final boolean scoped;
+
 	private String memberAttributeId = "member";
 	private List<String> credentialAttributeIds = Arrays
 			.asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
 
-	// JTA
-	private TransactionManager transactionManager;
+	// Transaction
+//	private TransactionManager transactionManager;
+	private WorkControl transactionControl;
 	private WcXaResource xaResource = new WcXaResource(this);
 
-	public AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props) {
+	AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props, boolean scoped) {
+		this.scoped = scoped;
 		properties = new Hashtable<String, Object>();
 		for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
 			String key = keys.nextElement();
@@ -77,18 +76,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		}
 
 		if (uriArg != null) {
-			uri = uriArg;
+			uri = uriArg.toString();
 			// uri from properties is ignored
 		} else {
 			String uriStr = UserAdminConf.uri.getValue(properties);
 			if (uriStr == null)
 				uri = null;
 			else
-				try {
-					uri = new URI(uriStr);
-				} catch (URISyntaxException e) {
-					throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
-				}
+				uri = uriStr;
 		}
 
 		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
@@ -107,7 +102,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			readOnly = readOnlyDefault(uri);
 			properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
 		} else
-			readOnly = new Boolean(readOnlyStr);
+			readOnly = Boolean.parseBoolean(readOnlyStr);
+		String disabledStr = UserAdminConf.disabled.getValue(properties);
+		if (disabledStr != null)
+			disabled = Boolean.parseBoolean(disabledStr);
+		else
+			disabled = false;
 	}
 
 	/** Returns the groups this user is a direct member of. */
@@ -141,17 +141,18 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	}
 
 	protected void checkEdit() {
-		Transaction transaction;
-		try {
-			transaction = transactionManager.getTransaction();
-		} catch (SystemException e) {
-			throw new UserDirectoryException("Cannot get transaction", e);
-		}
-		if (transaction == null)
-			throw new UserDirectoryException("A transaction needs to be active in order to edit");
+//		Transaction transaction;
+//		try {
+//			transaction = transactionManager.getTransaction();
+//		} catch (SystemException e) {
+//			throw new UserDirectoryException("Cannot get transaction", e);
+//		}
+//		if (transaction == null)
+//			throw new UserDirectoryException("A transaction needs to be active in order to edit");
 		if (xaResource.wc() == null) {
 			try {
-				transaction.enlistResource(xaResource);
+//				transaction.enlistResource(xaResource);
+				transactionControl.getWorkContext().registerXAResource(xaResource, null);
 			} catch (Exception e) {
 				throw new UserDirectoryException("Cannot enlist " + xaResource, e);
 			}
@@ -173,16 +174,16 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		Attributes attrs = user.getAttributes();
 		// TODO centralize attribute name
 		Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
-		if (memberOf != null) {
+		// if user belongs to this directory, we only check meberOf
+		if (memberOf != null && user.getDn().startsWith(getBaseDn())) {
 			try {
 				NamingEnumeration<?> values = memberOf.getAll();
 				while (values.hasMore()) {
 					Object value = values.next();
 					LdapName groupDn = new LdapName(value.toString());
 					DirectoryUser group = doGetRole(groupDn);
-					allRoles.add(group);
-					if (log.isTraceEnabled())
-						log.trace("Add memberOf " + groupDn);
+					if (group != null)
+						allRoles.add(group);
 				}
 			} catch (Exception e) {
 				throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
@@ -191,10 +192,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			for (LdapName groupDn : getDirectGroups(user.getDn())) {
 				// TODO check for loops
 				DirectoryUser group = doGetRole(groupDn);
-				allRoles.add(group);
-				if (log.isTraceEnabled())
-					log.trace("Add direct group " + groupDn);
-				collectRoles(group, allRoles);
+				if (group != null) {
+					allRoles.add(group);
+					collectRoles(group, allRoles);
+				}
 			}
 		}
 	}
@@ -226,7 +227,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return user;
 	}
 
-	@SuppressWarnings("unchecked")
 	@Override
 	public Role[] getRoles(String filter) throws InvalidSyntaxException {
 		UserDirectoryWorkingCopy wc = getWorkingCopy();
@@ -257,23 +257,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			doGetUser(key, value, collectedUsers);
 		} else {
 			throw new UserDirectoryException("Key cannot be null");
-			// // try dn
-			// DirectoryUser user = null;
-			// try {
-			// user = (DirectoryUser) getRole(value);
-			// if (user != null)
-			// collectedUsers.add(user);
-			// } catch (Exception e) {
-			// // silent
-			// }
-			// // try all indexes
-			// for (String attr : getIndexedUserProperties())
-			// doGetUser(attr, value, collectedUsers);
 		}
-		if (collectedUsers.size() == 1)
+
+		if (collectedUsers.size() == 1) {
 			return collectedUsers.get(0);
-		else if (collectedUsers.size() > 1)
-			log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value);
+		} else if (collectedUsers.size() > 1) {
+			// log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" :
+			// "") + value);
+		}
 		return null;
 	}
 
@@ -410,13 +401,20 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return credentialAttributeIds;
 	}
 
-	protected URI getUri() {
+	protected String getUri() {
 		return uri;
 	}
 
-	private static boolean readOnlyDefault(URI uri) {
-		if (uri == null)
+	private static boolean readOnlyDefault(String uriStr) {
+		if (uriStr == null)
 			return true;
+		/// TODO make it more generic
+		URI uri;
+		try {
+			uri = new URI(uriStr.split(" ")[0]);
+		} catch (URISyntaxException e) {
+			throw new IllegalArgumentException(e);
+		}
 		if (uri.getScheme() == null)
 			return false;// assume relative file to be writable
 		if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
@@ -438,6 +436,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return readOnly;
 	}
 
+	public boolean isDisabled() {
+		return disabled;
+	}
+
 	protected UserAdmin getExternalRoles() {
 		return externalRoles;
 	}
@@ -488,12 +490,20 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		this.externalRoles = externalRoles;
 	}
 
-	public void setTransactionManager(TransactionManager transactionManager) {
-		this.transactionManager = transactionManager;
+//	public void setTransactionManager(TransactionManager transactionManager) {
+//		this.transactionManager = transactionManager;
+//	}
+
+	public void setTransactionControl(WorkControl transactionControl) {
+		this.transactionControl = transactionControl;
 	}
 
 	public WcXaResource getXaResource() {
 		return xaResource;
 	}
 
+	public boolean isScoped() {
+		return scoped;
+	}
+
 }