X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=85a44708204312646d30b7db4f235599231957a3;hb=164c1973ae47df75031cc55b15b52de0226ff035;hp=f7a7c6e478ba8197e9ef414e5c7fce8e5a20f8aa;hpb=e61a7a2dbff5e17fbf1c6c8bbd7fa687935d2897;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index f7a7c6e47..85a447082 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -2,10 +2,8 @@ package org.argeo.osgi.useradmin; import java.util.ArrayList; import java.util.Arrays; -import java.util.Dictionary; import java.util.HashMap; import java.util.HashSet; -import java.util.Hashtable; import java.util.List; import java.util.Map; import java.util.Set; @@ -15,6 +13,7 @@ import javax.naming.ldap.LdapName; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; +import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; import org.osgi.service.useradmin.UserAdmin; @@ -25,14 +24,20 @@ import org.osgi.service.useradmin.UserAdmin; */ public class AggregatingUserAdmin implements UserAdmin { private final LdapName systemRolesBaseDn; + private final LdapName tokensBaseDn; // DAOs private AbstractUserDirectory systemRoles = null; + private AbstractUserDirectory tokens = null; private Map businessRoles = new HashMap(); - public AggregatingUserAdmin(String systemRolesBaseDn) { + public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) { try { this.systemRolesBaseDn = new LdapName(systemRolesBaseDn); + if (tokensBaseDn != null) + this.tokensBaseDn = new LdapName(tokensBaseDn); + else + this.tokensBaseDn = null; } catch (InvalidNameException e) { throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e); } @@ -84,6 +89,23 @@ public class AggregatingUserAdmin implements UserAdmin { } UserAdmin userAdmin = findUserAdmin(user.getName()); Authorization rawAuthorization = userAdmin.getAuthorization(user); + String usernameToUse; + String displayNameToUse; + if (user instanceof Group) { + String ownerDn = TokenUtils.userDn((Group) user); + if (ownerDn != null) {// tokens + UserAdmin ownerUserAdmin = findUserAdmin(ownerDn); + User ownerUser = (User) ownerUserAdmin.getRole(ownerDn); + usernameToUse = ownerDn; + displayNameToUse = LdifAuthorization.extractDisplayName(ownerUser); + } else { + usernameToUse = rawAuthorization.getName(); + displayNameToUse = rawAuthorization.toString(); + } + } else {// regular users + usernameToUse = rawAuthorization.getName(); + displayNameToUse = rawAuthorization.toString(); + } // gather system roles Set sysRoles = new HashSet(); for (String role : rawAuthorization.getRoles()) { @@ -91,8 +113,8 @@ public class AggregatingUserAdmin implements UserAdmin { sysRoles.addAll(Arrays.asList(auth.getRoles())); } addAbstractSystemRoles(rawAuthorization, sysRoles); - Authorization authorization = new AggregatingAuthorization(rawAuthorization.getName(), - rawAuthorization.toString(), sysRoles, rawAuthorization.getRoles()); + Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles, + rawAuthorization.getRoles()); return authorization; } @@ -112,6 +134,9 @@ public class AggregatingUserAdmin implements UserAdmin { if (isSystemRolesBaseDn(baseDn)) { this.systemRoles = userDirectory; systemRoles.setExternalRoles(this); + } else if (isTokensBaseDn(baseDn)) { + this.tokens = userDirectory; + tokens.setExternalRoles(this); } else { if (businessRoles.containsKey(baseDn)) throw new UserDirectoryException("There is already a user admin for " + baseDn); @@ -137,13 +162,25 @@ public class AggregatingUserAdmin implements UserAdmin { private UserAdmin findUserAdmin(LdapName name) { if (name.startsWith(systemRolesBaseDn)) return systemRoles; + if (tokensBaseDn != null && name.startsWith(tokensBaseDn)) + return tokens; List res = new ArrayList(1); for (LdapName baseDn : businessRoles.keySet()) { + AbstractUserDirectory ud = businessRoles.get(baseDn); if (name.startsWith(baseDn)) { - AbstractUserDirectory ud = businessRoles.get(baseDn); if (!ud.isDisabled()) res.add(ud); } +// Object principal = ud.getProperties().get(Context.SECURITY_PRINCIPAL); +// if (principal != null) { +// try { +// LdapName principalLdapName = new LdapName(principal.toString()); +// if (principalLdapName.equals(name)) +// res.add(ud); +// } catch (InvalidNameException e) { +// // silent +// } +// } } if (res.size() == 0) throw new UserDirectoryException("Cannot find user admin for " + name); @@ -156,17 +193,21 @@ public class AggregatingUserAdmin implements UserAdmin { return baseDn.equals(systemRolesBaseDn); } - protected Dictionary currentState() { - Dictionary res = new Hashtable(); - // res.put(NodeConstants.CN, NodeConstants.DEFAULT); - for (LdapName name : businessRoles.keySet()) { - AbstractUserDirectory userDirectory = businessRoles.get(name); - String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString(); - res.put(uri, ""); - } - return res; + protected boolean isTokensBaseDn(LdapName baseDn) { + return tokensBaseDn != null && baseDn.equals(tokensBaseDn); } +// protected Dictionary currentState() { +// Dictionary res = new Hashtable(); +// // res.put(NodeConstants.CN, NodeConstants.DEFAULT); +// for (LdapName name : businessRoles.keySet()) { +// AbstractUserDirectory userDirectory = businessRoles.get(name); +// String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString(); +// res.put(uri, ""); +// } +// return res; +// } + public void destroy() { for (LdapName name : businessRoles.keySet()) { AbstractUserDirectory userDirectory = businessRoles.get(name);