X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=f2d7c88fc232ca8d1090c065a5a2a5f9c1b5a975;hb=73a89e099608a51d9aef814a3f85a62947275f59;hp=66b6e91e27eac392fc4af28fb7791a3efb454a40;hpb=780f1fce719bb66b4e4899c2339cb49d62c07dc6;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java index 66b6e91e2..f2d7c88fc 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java @@ -31,10 +31,7 @@ import javax.transaction.SystemException; import javax.transaction.Transaction; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; -import org.argeo.naming.LdapObjs; import org.osgi.framework.Filter; import org.osgi.framework.FrameworkUtil; import org.osgi.framework.InvalidSyntaxException; @@ -48,20 +45,21 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; - private final static Log log = LogFactory.getLog(AbstractUserDirectory.class); - private final Hashtable properties; private final LdapName baseDn, userBaseDn, groupBaseDn; private final String userObjectClass, userBase, groupObjectClass, groupBase; private final boolean readOnly; - private final URI uri; + private final boolean disabled; + private final String uri; private UserAdmin externalRoles; // private List indexedUserProperties = Arrays // .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(), // LdapAttrs.cn.name() }); + private final boolean scoped; + private String memberAttributeId = "member"; private List credentialAttributeIds = Arrays .asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() }); @@ -70,7 +68,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory private TransactionManager transactionManager; private WcXaResource xaResource = new WcXaResource(this); - public AbstractUserDirectory(URI uriArg, Dictionary props) { + AbstractUserDirectory(URI uriArg, Dictionary props, boolean scoped) { + this.scoped = scoped; properties = new Hashtable(); for (Enumeration keys = props.keys(); keys.hasMoreElements();) { String key = keys.nextElement(); @@ -78,18 +77,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory } if (uriArg != null) { - uri = uriArg; + uri = uriArg.toString(); // uri from properties is ignored } else { String uriStr = UserAdminConf.uri.getValue(properties); if (uriStr == null) uri = null; else - try { - uri = new URI(uriStr); - } catch (URISyntaxException e) { - throw new UserDirectoryException("Badly formatted URI " + uriStr, e); - } + uri = uriStr; } userObjectClass = UserAdminConf.userObjectClass.getValue(properties); @@ -108,7 +103,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory readOnly = readOnlyDefault(uri); properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly)); } else - readOnly = new Boolean(readOnlyStr); + readOnly = Boolean.parseBoolean(readOnlyStr); + String disabledStr = UserAdminConf.disabled.getValue(properties); + if (disabledStr != null) + disabled = Boolean.parseBoolean(disabledStr); + else + disabled = false; } /** Returns the groups this user is a direct member of. */ @@ -173,17 +173,17 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory private void collectRoles(DirectoryUser user, List allRoles) { Attributes attrs = user.getAttributes(); // TODO centralize attribute name - Attribute memberOf = attrs.get("memberOf"); - if (memberOf != null) { + Attribute memberOf = attrs.get(LdapAttrs.memberOf.name()); + // if user belongs to this directory, we only check meberOf + if (memberOf != null && user.getDn().startsWith(getBaseDn())) { try { NamingEnumeration values = memberOf.getAll(); while (values.hasMore()) { Object value = values.next(); LdapName groupDn = new LdapName(value.toString()); DirectoryUser group = doGetRole(groupDn); - allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add memberOf " + groupDn); + if (group != null) + allRoles.add(group); } } catch (Exception e) { throw new UserDirectoryException("Cannot get memberOf groups for " + user, e); @@ -192,10 +192,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory for (LdapName groupDn : getDirectGroups(user.getDn())) { // TODO check for loops DirectoryUser group = doGetRole(groupDn); - allRoles.add(group); - if (log.isDebugEnabled()) - log.debug("Add direct group " + groupDn); - collectRoles(group, allRoles); + if (group != null) { + allRoles.add(group); + collectRoles(group, allRoles); + } } } } @@ -227,7 +227,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return user; } - @SuppressWarnings("unchecked") @Override public Role[] getRoles(String filter) throws InvalidSyntaxException { UserDirectoryWorkingCopy wc = getWorkingCopy(); @@ -258,23 +257,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory doGetUser(key, value, collectedUsers); } else { throw new UserDirectoryException("Key cannot be null"); - // // try dn - // DirectoryUser user = null; - // try { - // user = (DirectoryUser) getRole(value); - // if (user != null) - // collectedUsers.add(user); - // } catch (Exception e) { - // // silent - // } - // // try all indexes - // for (String attr : getIndexedUserProperties()) - // doGetUser(attr, value, collectedUsers); } - if (collectedUsers.size() == 1) + + if (collectedUsers.size() == 1) { return collectedUsers.get(0); - else if (collectedUsers.size() > 1) - log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value); + } else if (collectedUsers.size() > 1) { + // log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : + // "") + value); + } return null; } @@ -297,6 +287,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory AbstractUserDirectory scopedUserAdmin = scope(user); try { DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + if (directoryUser == null) + throw new UserDirectoryException("No scoped user found for " + user); LdifAuthorization authorization = new LdifAuthorization(directoryUser, scopedUserAdmin.getAllRoles(directoryUser)); return authorization; @@ -409,38 +401,45 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return credentialAttributeIds; } - protected URI getUri() { + protected String getUri() { return uri; } - // protected List getIndexedUserProperties() { - // return indexedUserProperties; - // } - // - // protected void setIndexedUserProperties(List - // indexedUserProperties) { - // this.indexedUserProperties = indexedUserProperties; - // } - - private static boolean readOnlyDefault(URI uri) { - if (uri == null) + private static boolean readOnlyDefault(String uriStr) { + if (uriStr == null) return true; + /// TODO make it more generic + URI uri; + try { + uri = new URI(uriStr.split(" ")[0]); + } catch (URISyntaxException e) { + throw new IllegalArgumentException(e); + } if (uri.getScheme() == null) return false;// assume relative file to be writable - if (uri.getScheme().equals("file")) { + if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) { File file = new File(uri); if (file.exists()) return !file.canWrite(); else return !file.getParentFile().canWrite(); + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) { + if (uri.getAuthority() != null)// assume writable if authenticated + return false; + } else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) { + return true; } - return true; + return true;// read only by default } public boolean isReadOnly() { return readOnly; } + public boolean isDisabled() { + return disabled; + } + protected UserAdmin getExternalRoles() { return externalRoles; } @@ -499,4 +498,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return xaResource; } + public boolean isScoped() { + return scoped; + } + }