X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAbstractUserDirectory.java;h=f76f49d51362aecaa390494c9743b2b244e037d9;hb=a2ad417ed1d0219ac29d70ae985939764c13ce38;hp=e8dd6f2a6974af43f0b5dda922256c847c27f8b7;hpb=0243aa5633af84d8608ba912483dbaaaefac42f1;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java index e8dd6f2a6..f76f49d51 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java @@ -40,10 +40,13 @@ import org.osgi.service.useradmin.UserAdmin; /** Base class for a {@link UserDirectory}. */ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory { + static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; + static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; + private final static Log log = LogFactory.getLog(AbstractUserDirectory.class); private final Hashtable properties; - private final LdapName baseDn; + private final LdapName baseDn, userBaseDn, groupBaseDn; private final String userObjectClass, userBase, groupObjectClass, groupBase; private final boolean readOnly; @@ -77,8 +80,14 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory throw new UserDirectoryException("Badly formatted URI " + uriStr, e); } + userObjectClass = UserAdminConf.userObjectClass.getValue(properties); + userBase = UserAdminConf.userBase.getValue(properties); + groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties); + groupBase = UserAdminConf.groupBase.getValue(properties); try { baseDn = new LdapName(UserAdminConf.baseDn.getValue(properties)); + userBaseDn = new LdapName(userBase + "," + baseDn); + groupBaseDn = new LdapName(groupBase + "," + baseDn); } catch (InvalidNameException e) { throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e); } @@ -88,11 +97,6 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory properties.put(UserAdminConf.readOnly.name(), Boolean.toString(readOnly)); } else readOnly = new Boolean(readOnlyStr); - - userObjectClass = UserAdminConf.userObjectClass.getValue(properties); - userBase = UserAdminConf.userBase.getValue(properties); - groupObjectClass = UserAdminConf.groupObjectClass.getValue(properties); - groupBase = UserAdminConf.groupBase.getValue(properties); } /** Returns the groups this user is a direct member of. */ @@ -104,6 +108,8 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory protected abstract List doGetRoles(Filter f); + protected abstract AbstractUserDirectory scope(User user); + public void init() { } @@ -245,7 +251,17 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory @Override public Authorization getAuthorization(User user) { - return new LdifAuthorization((DirectoryUser) user, getAllRoles((DirectoryUser) user)); + if (user == null || user instanceof DirectoryUser) { + return new LdifAuthorization(user, getAllRoles((DirectoryUser) user)); + } else { + // bind + AbstractUserDirectory scopedUserAdmin = scope(user); + DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + LdifAuthorization authorization = new LdifAuthorization(directoryUser, + scopedUserAdmin.getAllRoles(directoryUser)); + scopedUserAdmin.destroy(); + return authorization; + } } @Override @@ -382,9 +398,13 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return externalRoles; } - public LdapName getBaseDn() { - // always clone so that the property is not modified by reference - return (LdapName) baseDn.clone(); + protected int roleType(LdapName dn) { + if (dn.startsWith(groupBaseDn)) + return Role.GROUP; + else if (dn.startsWith(userBaseDn)) + return Role.USER; + else + return Role.GROUP; } /** dn can be null, in that case a default should be returned. */ @@ -408,10 +428,18 @@ public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory return groupBase; } + public LdapName getBaseDn() { + return (LdapName) baseDn.clone(); + } + public Dictionary getProperties() { return properties; } + public Dictionary cloneProperties() { + return new Hashtable<>(properties); + } + public void setExternalRoles(UserAdmin externalRoles) { this.externalRoles = externalRoles; }