X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=f2d7c88fc232ca8d1090c065a5a2a5f9c1b5a975;hb=73a89e099608a51d9aef814a3f85a62947275f59;hp=95b1f07adec9705e2802df0e2fea989ea9d2f003;hpb=088c1b517a543e935d8ab65c3b2fd2d0269b551d;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index 95b1f07ad..f2d7c88fc 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -31,8 +31,6 @@ import javax.transaction.SystemException;
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
@@ -47,21 +45,21 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
 	static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
 
-	private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
-
 	private final Hashtable<String, Object> properties;
 	private final LdapName baseDn, userBaseDn, groupBaseDn;
 	private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
 	private final boolean readOnly;
 	private final boolean disabled;
-	private final URI uri;
+	private final String uri;
 
 	private UserAdmin externalRoles;
 	// private List<String> indexedUserProperties = Arrays
 	// .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
 	// LdapAttrs.cn.name() });
 
+	private final boolean scoped;
+
 	private String memberAttributeId = "member";
 	private List<String> credentialAttributeIds = Arrays
 			.asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
@@ -70,7 +68,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	private TransactionManager transactionManager;
 	private WcXaResource xaResource = new WcXaResource(this);
 
-	public AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props) {
+	AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props, boolean scoped) {
+		this.scoped = scoped;
 		properties = new Hashtable<String, Object>();
 		for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
 			String key = keys.nextElement();
@@ -78,18 +77,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		}
 
 		if (uriArg != null) {
-			uri = uriArg;
+			uri = uriArg.toString();
 			// uri from properties is ignored
 		} else {
 			String uriStr = UserAdminConf.uri.getValue(properties);
 			if (uriStr == null)
 				uri = null;
 			else
-				try {
-					uri = new URI(uriStr);
-				} catch (URISyntaxException e) {
-					throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
-				}
+				uri = uriStr;
 		}
 
 		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
@@ -108,10 +103,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			readOnly = readOnlyDefault(uri);
 			properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
 		} else
-			readOnly = new Boolean(readOnlyStr);
+			readOnly = Boolean.parseBoolean(readOnlyStr);
 		String disabledStr = UserAdminConf.disabled.getValue(properties);
 		if (disabledStr != null)
-			disabled = new Boolean(disabledStr);
+			disabled = Boolean.parseBoolean(disabledStr);
 		else
 			disabled = false;
 	}
@@ -179,16 +174,16 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		Attributes attrs = user.getAttributes();
 		// TODO centralize attribute name
 		Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
-		if (memberOf != null) {
+		// if user belongs to this directory, we only check meberOf
+		if (memberOf != null && user.getDn().startsWith(getBaseDn())) {
 			try {
 				NamingEnumeration<?> values = memberOf.getAll();
 				while (values.hasMore()) {
 					Object value = values.next();
 					LdapName groupDn = new LdapName(value.toString());
 					DirectoryUser group = doGetRole(groupDn);
-					allRoles.add(group);
-					if (log.isTraceEnabled())
-						log.trace("Add memberOf " + groupDn);
+					if (group != null)
+						allRoles.add(group);
 				}
 			} catch (Exception e) {
 				throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
@@ -197,10 +192,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			for (LdapName groupDn : getDirectGroups(user.getDn())) {
 				// TODO check for loops
 				DirectoryUser group = doGetRole(groupDn);
-				allRoles.add(group);
-				if (log.isTraceEnabled())
-					log.trace("Add direct group " + groupDn);
-				collectRoles(group, allRoles);
+				if (group != null) {
+					allRoles.add(group);
+					collectRoles(group, allRoles);
+				}
 			}
 		}
 	}
@@ -232,7 +227,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return user;
 	}
 
-	@SuppressWarnings("unchecked")
 	@Override
 	public Role[] getRoles(String filter) throws InvalidSyntaxException {
 		UserDirectoryWorkingCopy wc = getWorkingCopy();
@@ -263,23 +257,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			doGetUser(key, value, collectedUsers);
 		} else {
 			throw new UserDirectoryException("Key cannot be null");
-			// // try dn
-			// DirectoryUser user = null;
-			// try {
-			// user = (DirectoryUser) getRole(value);
-			// if (user != null)
-			// collectedUsers.add(user);
-			// } catch (Exception e) {
-			// // silent
-			// }
-			// // try all indexes
-			// for (String attr : getIndexedUserProperties())
-			// doGetUser(attr, value, collectedUsers);
 		}
-		if (collectedUsers.size() == 1)
+
+		if (collectedUsers.size() == 1) {
 			return collectedUsers.get(0);
-		else if (collectedUsers.size() > 1)
-			log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value);
+		} else if (collectedUsers.size() > 1) {
+			// log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" :
+			// "") + value);
+		}
 		return null;
 	}
 
@@ -416,13 +401,20 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return credentialAttributeIds;
 	}
 
-	protected URI getUri() {
+	protected String getUri() {
 		return uri;
 	}
 
-	private static boolean readOnlyDefault(URI uri) {
-		if (uri == null)
+	private static boolean readOnlyDefault(String uriStr) {
+		if (uriStr == null)
 			return true;
+		/// TODO make it more generic
+		URI uri;
+		try {
+			uri = new URI(uriStr.split(" ")[0]);
+		} catch (URISyntaxException e) {
+			throw new IllegalArgumentException(e);
+		}
 		if (uri.getScheme() == null)
 			return false;// assume relative file to be writable
 		if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
@@ -506,4 +498,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return xaResource;
 	}
 
+	public boolean isScoped() {
+		return scoped;
+	}
+
 }