X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=f2d7c88fc232ca8d1090c065a5a2a5f9c1b5a975;hb=73a89e099608a51d9aef814a3f85a62947275f59;hp=03eeeebdc854d8e8398d1246a1c8079d23f53121;hpb=e1f70fb64c4f0d8c6bbe6cdf19e369509eb43182;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java index 03eeeebdc..f2d7c88fc 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java @@ -1,6 +1,7 @@ package org.argeo.osgi.useradmin; import static org.argeo.naming.LdapAttrs.objectClass; +import static org.argeo.naming.LdapObjs.extensibleObject; import static org.argeo.naming.LdapObjs.inetOrgPerson; import static org.argeo.naming.LdapObjs.organizationalPerson; import static org.argeo.naming.LdapObjs.person; @@ -18,6 +19,7 @@ import java.util.Iterator; import java.util.List; import javax.naming.InvalidNameException; +import javax.naming.NameNotFoundException; import javax.naming.NamingEnumeration; import javax.naming.directory.Attribute; import javax.naming.directory.Attributes; @@ -29,8 +31,6 @@ import javax.transaction.SystemException; import javax.transaction.Transaction; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.framework.FrameworkUtil; @@ -45,42 +45,47 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; - private final static Log log = LogFactory.getLog(AbstractUserDirectory.class); - private final Hashtable properties; private final LdapName baseDn, userBaseDn, groupBaseDn; private final String userObjectClass, userBase, groupObjectClass, groupBase; private final boolean readOnly; - private final URI uri; + private final boolean disabled; + private final String uri; private UserAdmin externalRoles; - private List indexedUserProperties = Arrays - .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), LdapAttrs.cn.name() }); + // private List indexedUserProperties = Arrays + // .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), + // LdapAttrs.cn.name() }); + + private final boolean scoped; private String memberAttributeId = "member"; - private List credentialAttributeIds = Arrays.asList(new String[] { LdapAttrs.userPassword.name() }); + private List credentialAttributeIds = Arrays + .asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() }); // JTA private TransactionManager transactionManager; private WcXaResource xaResource = new WcXaResource(this); - public AbstractUserDirectory(Dictionary props) { + AbstractUserDirectory(URI uriArg, Dictionary props, boolean scoped) { + this.scoped = scoped; properties = new Hashtable(); for (Enumeration keys = props.keys(); keys.hasMoreElements();) { String key = keys.nextElement(); properties.put(key, props.get(key)); } - String uriStr = UserAdminConf.uri.getValue(properties); - if (uriStr == null) - uri = null; - else - try { - uri = new URI(uriStr); - } catch (URISyntaxException e) { - throw new UserDirectoryException("Badly formatted URI " + uriStr, e); - } + if (uriArg != null) { + uri = uriArg.toString(); + // uri from properties is ignored + } else { + String uriStr = UserAdminConf.uri.getValue(properties); + if (uriStr == null) + uri = null; + else + uri = uriStr; + } userObjectClass = UserAdminConf.userObjectClass.getValue(properties); userBase = UserAdminConf.userBase.getValue(properties); @@ -98,7 +103,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory readOnly = readOnlyDefault(uri); properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly)); } else - readOnly = new Boolean(readOnlyStr); + readOnly = Boolean.parseBoolean(readOnlyStr); + String disabledStr = UserAdminConf.disabled.getValue(properties); + if (disabledStr != null) + disabled = Boolean.parseBoolean(disabledStr); + else + disabled = false; } /** Returns the groups this user is a direct member of. */ @@ -106,7 +116,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected abstract Boolean daoHasRole(LdapName dn); - protected abstract DirectoryUser daoGetRole(LdapName key); + protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException; protected abstract List doGetRoles(Filter f); @@ -163,17 +173,17 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory private void collectRoles(DirectoryUser user, List allRoles) { Attributes attrs = user.getAttributes(); // TODO centralize attribute name - Attribute memberOf = attrs.get("memberOf"); - if (memberOf != null) { + Attribute memberOf = attrs.get(LdapAttrs.memberOf.name()); + // if user belongs to this directory, we only check meberOf + if (memberOf != null && user.getDn().startsWith(getBaseDn())) { try { NamingEnumeration values = memberOf.getAll(); while (values.hasMore()) { Object value = values.next(); LdapName groupDn = new LdapName(value.toString()); DirectoryUser group = doGetRole(groupDn); - allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add memberOf " + groupDn); + if (group != null) + allRoles.add(group); } } catch (Exception e) { throw new UserDirectoryException("Cannot get memberOf groups for " + user, e); @@ -182,10 +192,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory for (LdapName groupDn : getDirectGroups(user.getDn())) { // TODO check for loops DirectoryUser group = doGetRole(groupDn); - allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add direct group " + groupDn); - collectRoles(group, allRoles); + if (group != null) { + allRoles.add(group); + collectRoles(group, allRoles); + } } } } @@ -202,7 +212,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected DirectoryUser doGetRole(LdapName dn) { UserDirectoryWorkingCopy wc = getWorkingCopy(); - DirectoryUser user = daoGetRole(dn); + DirectoryUser user; + try { + user = daoGetRole(dn); + } catch (NameNotFoundException e) { + user = null; + } if (wc != null) { if (user == null && wc.getNewUsers().containsKey(dn)) user = wc.getNewUsers().get(dn); @@ -212,7 +227,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return user; } - @SuppressWarnings("unchecked") @Override public Role[] getRoles(String filter) throws InvalidSyntaxException { UserDirectoryWorkingCopy wc = getWorkingCopy(); @@ -238,27 +252,19 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory @Override public User getUser(String key, String value) { // TODO check value null or empty - List collectedUsers = new ArrayList(getIndexedUserProperties().size()); + List collectedUsers = new ArrayList(); if (key != null) { doGetUser(key, value, collectedUsers); } else { - // try dn - DirectoryUser user = null; - try { - user = (DirectoryUser) getRole(value); - if (user != null) - collectedUsers.add(user); - } catch (Exception e) { - // silent - } - // try all indexes - for (String attr : getIndexedUserProperties()) - doGetUser(attr, value, collectedUsers); + throw new UserDirectoryException("Key cannot be null"); } - if (collectedUsers.size() == 1) + + if (collectedUsers.size() == 1) { return collectedUsers.get(0); - else if (collectedUsers.size() > 1) - log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value); + } else if (collectedUsers.size() > 1) { + // log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : + // "") + value); + } return null; } @@ -279,11 +285,16 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory } else { // bind AbstractUserDirectory scopedUserAdmin = scope(user); - DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); - LdifAuthorization authorization = new LdifAuthorization(directoryUser, - scopedUserAdmin.getAllRoles(directoryUser)); - scopedUserAdmin.destroy(); - return authorization; + try { + DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + if (directoryUser == null) + throw new UserDirectoryException("No scoped user found for " + user); + LdifAuthorization authorization = new LdifAuthorization(directoryUser, + scopedUserAdmin.getAllRoles(directoryUser)); + return authorization; + } finally { + scopedUserAdmin.destroy(); + } } } @@ -302,12 +313,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory if (wc.getDeletedUsers().containsKey(dn)) { wc.getDeletedUsers().remove(dn); wc.getModifiedUsers().put(dn, attrs); + return getRole(name); } else { wc.getModifiedUsers().put(dn, attrs); DirectoryUser newRole = newRole(dn, type, attrs); wc.getNewUsers().put(dn, newRole); + return newRole; } - return getRole(name); } protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) { @@ -323,6 +335,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory objClass.add(person.name()); } objClass.add(top.name()); + objClass.add(extensibleObject.name()); attrs.put(objClass); newRole = new LdifUser(this, dn, attrs); } else if (type == Role.GROUP) { @@ -388,35 +401,45 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return credentialAttributeIds; } - protected URI getUri() { + protected String getUri() { return uri; } - protected List getIndexedUserProperties() { - return indexedUserProperties; - } - - protected void setIndexedUserProperties(List indexedUserProperties) { - this.indexedUserProperties = indexedUserProperties; - } - - private static boolean readOnlyDefault(URI uri) { - if (uri == null) + private static boolean readOnlyDefault(String uriStr) { + if (uriStr == null) return true; - if (uri.getScheme().equals("file")) { + /// TODO make it more generic + URI uri; + try { + uri = new URI(uriStr.split(" ")[0]); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e); + } + if (uri.getScheme() == null) + return false;// assume relative file to be writable + if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) { File file = new File(uri); if (file.exists()) return !file.canWrite(); else return !file.getParentFile().canWrite(); + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) { + if (uri.getAuthority() != null)// assume writable if authenticated + return false; + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) { + return true; } - return true; + return true;// read only by default } public boolean isReadOnly() { return readOnly; } + public boolean isDisabled() { + return disabled; + } + protected UserAdmin getExternalRoles() { return externalRoles; } @@ -475,4 +498,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return xaResource; } + public boolean isScoped() { + return scoped; + } + }