X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=e4b25ae81caceab5b2ff07b40364bc59bba67c86;hb=6338d85d3f970dd0eb8845693ddad90a93b99d03;hp=5e7cbc61cde708cdf832e96e1a4736874757a4ff;hpb=db7aecc7170c024e0e39135cf6b8aa6ce7569ccb;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 5e7cbc61c..e4b25ae81 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -18,6 +18,8 @@ import java.util.Iterator;
 import java.util.List;
 
 import javax.naming.InvalidNameException;
+import javax.naming.NamingEnumeration;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
@@ -46,42 +48,55 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
 
 	private final Hashtable<String, Object> properties;
-	private final LdapName baseDn;
+	private final LdapName baseDn, userBaseDn, groupBaseDn;
 	private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
 	private final boolean readOnly;
 	private final URI uri;
 
 	private UserAdmin externalRoles;
-	private List<String> indexedUserProperties = Arrays
-			.asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() });
+	// private List<String> indexedUserProperties = Arrays
+	// .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
+	// LdapAttrs.cn.name() });
 
 	private String memberAttributeId = "member";
-	private List<String> credentialAttributeIds = Arrays.asList(new String[] { LdapAttrs.userPassword.name() });
+	private List<String> credentialAttributeIds = Arrays
+			.asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
 
 	// JTA
 	private TransactionManager transactionManager;
 	private WcXaResource xaResource = new WcXaResource(this);
 
-	public AbstractUserDirectory(Dictionary<String, ?> props) {
+	public AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props) {
 		properties = new Hashtable<String, Object>();
 		for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
 			String key = keys.nextElement();
 			properties.put(key, props.get(key));
 		}
 
-		String uriStr = UserAdminConf.uri.getValue(properties);
-		if (uriStr == null)
-			uri = null;
-		else
-			try {
-				uri = new URI(uriStr);
-			} catch (URISyntaxException e) {
-				throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
-			}
+		if (uriArg != null) {
+			uri = uriArg;
+			// uri from properties is ignored
+		} else {
+			String uriStr = UserAdminConf.uri.getValue(properties);
+			if (uriStr == null)
+				uri = null;
+			else
+				try {
+					uri = new URI(uriStr);
+				} catch (URISyntaxException e) {
+					throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
+				}
+		}
 
+		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
+		userBase = UserAdminConf.userBase.getValue(properties);
+		groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
+		groupBase = UserAdminConf.groupBase.getValue(properties);
 		try {
 			baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties));
+			userBaseDn = new LdapName(userBase + "," + baseDn);
+			groupBaseDn = new LdapName(groupBase + "," + baseDn);
 		} catch (InvalidNameException e) {
 			throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
 		}
@@ -91,11 +106,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
 		} else
 			readOnly = new Boolean(readOnlyStr);
-
-		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
-		userBase = UserAdminConf.userBase.getValue(properties);
-		groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties);
-		groupBase = UserAdminConf.groupBase.getValue(properties);
 	}
 
 	/** Returns the groups this user is a direct member of. */
@@ -158,11 +168,32 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	}
 
 	private void collectRoles(DirectoryUser user, List<Role> allRoles) {
-		for (LdapName groupDn : getDirectGroups(user.getDn())) {
-			// TODO check for loops
-			DirectoryUser group = doGetRole(groupDn);
-			allRoles.add(group);
-			collectRoles(group, allRoles);
+		Attributes attrs = user.getAttributes();
+		// TODO centralize attribute name
+		Attribute memberOf = attrs.get("memberOf");
+		if (memberOf != null) {
+			try {
+				NamingEnumeration<?> values = memberOf.getAll();
+				while (values.hasMore()) {
+					Object value = values.next();
+					LdapName groupDn = new LdapName(value.toString());
+					DirectoryUser group = doGetRole(groupDn);
+					allRoles.add(group);
+					if (log.isDebugEnabled())
+						log.debug("Add memberOf " + groupDn);
+				}
+			} catch (Exception e) {
+				throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
+			}
+		} else {
+			for (LdapName groupDn : getDirectGroups(user.getDn())) {
+				// TODO check for loops
+				DirectoryUser group = doGetRole(groupDn);
+				allRoles.add(group);
+				if (log.isDebugEnabled())
+					log.debug("Add direct group " + groupDn);
+				collectRoles(group, allRoles);
+			}
 		}
 	}
 
@@ -214,22 +245,23 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	@Override
 	public User getUser(String key, String value) {
 		// TODO check value null or empty
-		List<DirectoryUser> collectedUsers = new ArrayList<DirectoryUser>(getIndexedUserProperties().size());
+		List<DirectoryUser> collectedUsers = new ArrayList<DirectoryUser>();
 		if (key != null) {
 			doGetUser(key, value, collectedUsers);
 		} else {
-			// try dn
-			DirectoryUser user = null;
-			try {
-				user = (DirectoryUser) getRole(value);
-				if (user != null)
-					collectedUsers.add(user);
-			} catch (Exception e) {
-				// silent
-			}
-			// try all indexes
-			for (String attr : getIndexedUserProperties())
-				doGetUser(attr, value, collectedUsers);
+			throw new UserDirectoryException("Key cannot be null");
+			// // try dn
+			// DirectoryUser user = null;
+			// try {
+			// user = (DirectoryUser) getRole(value);
+			// if (user != null)
+			// collectedUsers.add(user);
+			// } catch (Exception e) {
+			// // silent
+			// }
+			// // try all indexes
+			// for (String attr : getIndexedUserProperties())
+			// doGetUser(attr, value, collectedUsers);
 		}
 		if (collectedUsers.size() == 1)
 			return collectedUsers.get(0);
@@ -255,11 +287,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		} else {
 			// bind
 			AbstractUserDirectory scopedUserAdmin = scope(user);
-			DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
-			LdifAuthorization authorization = new LdifAuthorization(directoryUser,
-					scopedUserAdmin.getAllRoles(directoryUser));
-			scopedUserAdmin.destroy();
-			return authorization;
+			try {
+				DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+				LdifAuthorization authorization = new LdifAuthorization(directoryUser,
+						scopedUserAdmin.getAllRoles(directoryUser));
+				return authorization;
+			} finally {
+				scopedUserAdmin.destroy();
+			}
 		}
 	}
 
@@ -368,17 +403,20 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return uri;
 	}
 
-	protected List<String> getIndexedUserProperties() {
-		return indexedUserProperties;
-	}
-
-	protected void setIndexedUserProperties(List<String> indexedUserProperties) {
-		this.indexedUserProperties = indexedUserProperties;
-	}
+	// protected List<String> getIndexedUserProperties() {
+	// return indexedUserProperties;
+	// }
+	//
+	// protected void setIndexedUserProperties(List<String>
+	// indexedUserProperties) {
+	// this.indexedUserProperties = indexedUserProperties;
+	// }
 
 	private static boolean readOnlyDefault(URI uri) {
 		if (uri == null)
 			return true;
+		if (uri.getScheme() == null)
+			return false;// assume relative file to be writable
 		if (uri.getScheme().equals("file")) {
 			File file = new File(uri);
 			if (file.exists())
@@ -397,9 +435,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return externalRoles;
 	}
 
-	public LdapName getBaseDn() {
-		// always clone so that the property is not modified by reference
-		return (LdapName) baseDn.clone();
+	protected int roleType(LdapName dn) {
+		if (dn.startsWith(groupBaseDn))
+			return Role.GROUP;
+		else if (dn.startsWith(userBaseDn))
+			return Role.USER;
+		else
+			return Role.GROUP;
 	}
 
 	/** dn can be null, in that case a default should be returned. */
@@ -423,6 +465,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return groupBase;
 	}
 
+	public LdapName getBaseDn() {
+		return (LdapName) baseDn.clone();
+	}
+
 	public Dictionary<String, Object> getProperties() {
 		return properties;
 	}