X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=f2d7c88fc232ca8d1090c065a5a2a5f9c1b5a975;hb=73a89e099608a51d9aef814a3f85a62947275f59;hp=c20260056ddbbd0951d35cba7f3b8db1c459a415;hpb=6decc943ce5bca1b57ef407b7e9c6bb6ad6f3c97;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index c20260056..f2d7c88fc 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@ -1,6 +1,7 @@
 package org.argeo.osgi.useradmin;
 
 import static org.argeo.naming.LdapAttrs.objectClass;
+import static org.argeo.naming.LdapObjs.extensibleObject;
 import static org.argeo.naming.LdapObjs.inetOrgPerson;
 import static org.argeo.naming.LdapObjs.organizationalPerson;
 import static org.argeo.naming.LdapObjs.person;
@@ -18,6 +19,7 @@ import java.util.Iterator;
 import java.util.List;
 
 import javax.naming.InvalidNameException;
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingEnumeration;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
@@ -29,8 +31,6 @@ import javax.transaction.SystemException;
 import javax.transaction.Transaction;
 import javax.transaction.TransactionManager;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.Filter;
 import org.osgi.framework.FrameworkUtil;
@@ -45,43 +45,47 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
 	static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
 
-	private final static Log log = LogFactory.getLog(AbstractUserDirectory.class);
-
 	private final Hashtable<String, Object> properties;
 	private final LdapName baseDn, userBaseDn, groupBaseDn;
 	private final String userObjectClass, userBase, groupObjectClass, groupBase;
 
 	private final boolean readOnly;
-	private final URI uri;
+	private final boolean disabled;
+	private final String uri;
 
 	private UserAdmin externalRoles;
 	// private List<String> indexedUserProperties = Arrays
 	// .asList(new String[] { LdapAttrs.uid.name(), LdapAttrs.mail.name(),
 	// LdapAttrs.cn.name() });
 
+	private final boolean scoped;
+
 	private String memberAttributeId = "member";
-	private List<String> credentialAttributeIds = Arrays.asList(new String[] { LdapAttrs.userPassword.name() });
+	private List<String> credentialAttributeIds = Arrays
+			.asList(new String[] { LdapAttrs.userPassword.name(), LdapAttrs.authPassword.name() });
 
 	// JTA
 	private TransactionManager transactionManager;
 	private WcXaResource xaResource = new WcXaResource(this);
 
-	public AbstractUserDirectory(Dictionary<String, ?> props) {
+	AbstractUserDirectory(URI uriArg, Dictionary<String, ?> props, boolean scoped) {
+		this.scoped = scoped;
 		properties = new Hashtable<String, Object>();
 		for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
 			String key = keys.nextElement();
 			properties.put(key, props.get(key));
 		}
 
-		String uriStr = UserAdminConf.uri.getValue(properties);
-		if (uriStr == null)
-			uri = null;
-		else
-			try {
-				uri = new URI(uriStr);
-			} catch (URISyntaxException e) {
-				throw new UserDirectoryException("Badly formatted URI " + uriStr, e);
-			}
+		if (uriArg != null) {
+			uri = uriArg.toString();
+			// uri from properties is ignored
+		} else {
+			String uriStr = UserAdminConf.uri.getValue(properties);
+			if (uriStr == null)
+				uri = null;
+			else
+				uri = uriStr;
+		}
 
 		userObjectClass = UserAdminConf.userObjectClass.getValue(properties);
 		userBase = UserAdminConf.userBase.getValue(properties);
@@ -99,7 +103,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			readOnly = readOnlyDefault(uri);
 			properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly));
 		} else
-			readOnly = new Boolean(readOnlyStr);
+			readOnly = Boolean.parseBoolean(readOnlyStr);
+		String disabledStr = UserAdminConf.disabled.getValue(properties);
+		if (disabledStr != null)
+			disabled = Boolean.parseBoolean(disabledStr);
+		else
+			disabled = false;
 	}
 
 	/** Returns the groups this user is a direct member of. */
@@ -107,7 +116,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
 	protected abstract Boolean daoHasRole(LdapName dn);
 
-	protected abstract DirectoryUser daoGetRole(LdapName key);
+	protected abstract DirectoryUser daoGetRole(LdapName key) throws NameNotFoundException;
 
 	protected abstract List<DirectoryUser> doGetRoles(Filter f);
 
@@ -164,17 +173,17 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 	private void collectRoles(DirectoryUser user, List<Role> allRoles) {
 		Attributes attrs = user.getAttributes();
 		// TODO centralize attribute name
-		Attribute memberOf = attrs.get("memberOf");
-		if (memberOf != null) {
+		Attribute memberOf = attrs.get(LdapAttrs.memberOf.name());
+		// if user belongs to this directory, we only check meberOf
+		if (memberOf != null && user.getDn().startsWith(getBaseDn())) {
 			try {
 				NamingEnumeration<?> values = memberOf.getAll();
 				while (values.hasMore()) {
 					Object value = values.next();
 					LdapName groupDn = new LdapName(value.toString());
 					DirectoryUser group = doGetRole(groupDn);
-					allRoles.add(group);
-					if (log.isDebugEnabled())
-						log.debug("Add memberOf " + groupDn);
+					if (group != null)
+						allRoles.add(group);
 				}
 			} catch (Exception e) {
 				throw new UserDirectoryException("Cannot get memberOf groups for " + user, e);
@@ -183,10 +192,10 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			for (LdapName groupDn : getDirectGroups(user.getDn())) {
 				// TODO check for loops
 				DirectoryUser group = doGetRole(groupDn);
-				allRoles.add(group);
-				if (log.isDebugEnabled())
-					log.debug("Add direct group " + groupDn);
-				collectRoles(group, allRoles);
+				if (group != null) {
+					allRoles.add(group);
+					collectRoles(group, allRoles);
+				}
 			}
 		}
 	}
@@ -203,7 +212,12 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 
 	protected DirectoryUser doGetRole(LdapName dn) {
 		UserDirectoryWorkingCopy wc = getWorkingCopy();
-		DirectoryUser user = daoGetRole(dn);
+		DirectoryUser user;
+		try {
+			user = daoGetRole(dn);
+		} catch (NameNotFoundException e) {
+			user = null;
+		}
 		if (wc != null) {
 			if (user == null && wc.getNewUsers().containsKey(dn))
 				user = wc.getNewUsers().get(dn);
@@ -213,7 +227,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return user;
 	}
 
-	@SuppressWarnings("unchecked")
 	@Override
 	public Role[] getRoles(String filter) throws InvalidSyntaxException {
 		UserDirectoryWorkingCopy wc = getWorkingCopy();
@@ -244,23 +257,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			doGetUser(key, value, collectedUsers);
 		} else {
 			throw new UserDirectoryException("Key cannot be null");
-			// // try dn
-			// DirectoryUser user = null;
-			// try {
-			// user = (DirectoryUser) getRole(value);
-			// if (user != null)
-			// collectedUsers.add(user);
-			// } catch (Exception e) {
-			// // silent
-			// }
-			// // try all indexes
-			// for (String attr : getIndexedUserProperties())
-			// doGetUser(attr, value, collectedUsers);
 		}
-		if (collectedUsers.size() == 1)
+
+		if (collectedUsers.size() == 1) {
 			return collectedUsers.get(0);
-		else if (collectedUsers.size() > 1)
-			log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" : "") + value);
+		} else if (collectedUsers.size() > 1) {
+			// log.warn(collectedUsers.size() + " users for " + (key != null ? key + "=" :
+			// "") + value);
+		}
 		return null;
 	}
 
@@ -283,6 +287,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 			AbstractUserDirectory scopedUserAdmin = scope(user);
 			try {
 				DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+				if (directoryUser == null)
+					throw new UserDirectoryException("No scoped user found for " + user);
 				LdifAuthorization authorization = new LdifAuthorization(directoryUser,
 						scopedUserAdmin.getAllRoles(directoryUser));
 				return authorization;
@@ -307,12 +313,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		if (wc.getDeletedUsers().containsKey(dn)) {
 			wc.getDeletedUsers().remove(dn);
 			wc.getModifiedUsers().put(dn, attrs);
+			return getRole(name);
 		} else {
 			wc.getModifiedUsers().put(dn, attrs);
 			DirectoryUser newRole = newRole(dn, type, attrs);
 			wc.getNewUsers().put(dn, newRole);
+			return newRole;
 		}
-		return getRole(name);
 	}
 
 	protected DirectoryUser newRole(LdapName dn, int type, Attributes attrs) {
@@ -328,6 +335,7 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 				objClass.add(person.name());
 			}
 			objClass.add(top.name());
+			objClass.add(extensibleObject.name());
 			attrs.put(objClass);
 			newRole = new LdifUser(this, dn, attrs);
 		} else if (type == Role.GROUP) {
@@ -393,36 +401,45 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return credentialAttributeIds;
 	}
 
-	protected URI getUri() {
+	protected String getUri() {
 		return uri;
 	}
 
-	// protected List<String> getIndexedUserProperties() {
-	// return indexedUserProperties;
-	// }
-	//
-	// protected void setIndexedUserProperties(List<String>
-	// indexedUserProperties) {
-	// this.indexedUserProperties = indexedUserProperties;
-	// }
-
-	private static boolean readOnlyDefault(URI uri) {
-		if (uri == null)
+	private static boolean readOnlyDefault(String uriStr) {
+		if (uriStr == null)
 			return true;
-		if (uri.getScheme().equals("file")) {
+		/// TODO make it more generic
+		URI uri;
+		try {
+			uri = new URI(uriStr.split(" ")[0]);
+		} catch (URISyntaxException e) {
+			throw new IllegalArgumentException(e);
+		}
+		if (uri.getScheme() == null)
+			return false;// assume relative file to be writable
+		if (uri.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
 			File file = new File(uri);
 			if (file.exists())
 				return !file.canWrite();
 			else
 				return !file.getParentFile().canWrite();
+		} else if (uri.getScheme().equals(UserAdminConf.SCHEME_LDAP)) {
+			if (uri.getAuthority() != null)// assume writable if authenticated
+				return false;
+		} else if (uri.getScheme().equals(UserAdminConf.SCHEME_OS)) {
+			return true;
 		}
-		return true;
+		return true;// read only by default
 	}
 
 	public boolean isReadOnly() {
 		return readOnly;
 	}
 
+	public boolean isDisabled() {
+		return disabled;
+	}
+
 	protected UserAdmin getExternalRoles() {
 		return externalRoles;
 	}
@@ -481,4 +498,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
 		return xaResource;
 	}
 
+	public boolean isScoped() {
+		return scoped;
+	}
+
 }