X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=22c178ef473916f6597ab471d8f69dd7dbb36b7a;hb=164c1973ae47df75031cc55b15b52de0226ff035;hp=978b9a6692b24de651bd02c16a59391b4356a86d;hpb=c6774c9dacea9aeeeaa594abf56a3331289bd3ba;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 978b9a669..22c178ef4 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -22,8 +22,6 @@ import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapName; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; @@ -34,12 +32,13 @@ import org.osgi.service.useradmin.User; * and an open transaction for write access. */ public class LdapUserAdmin extends AbstractUserDirectory { - private final static Log log = LogFactory.getLog(LdapUserAdmin.class); - private InitialLdapContext initialLdapContext = null; +// private LdapName adminUserDn = null; +// private LdifUser adminUser = null; + public LdapUserAdmin(Dictionary properties) { - super(properties); + super(null, properties); try { Hashtable connEnv = new Hashtable(); connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); @@ -58,11 +57,15 @@ public class LdapUserAdmin extends AbstractUserDirectory { Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); +// adminUserDn = new LdapName(principal.toString()); +// BasicAttributes adminUserAttrs = new BasicAttributes(); +// adminUser = new LdifUser(this, adminUserDn, adminUserAttrs); Object creds = properties.get(Context.SECURITY_CREDENTIALS); if (creds != null) { initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, creds.toString()); - +// adminUserAttrs.put(LdapAttrs.userPassword.name(), adminUser.hash(creds.toString().toCharArray())); } +// adminUserAttrs.put(LdapAttrs.memberOf.name(), "cn=admin,ou=roles,ou=node"); } } catch (Exception e) { throw new UserDirectoryException("Cannot connect to LDAP", e); @@ -74,24 +77,26 @@ public class LdapUserAdmin extends AbstractUserDirectory { // tls.close(); initialLdapContext.close(); } catch (NamingException e) { - log.error("Cannot destroy LDAP user admin", e); + e.printStackTrace(); } } - @SuppressWarnings("unchecked") @Override protected AbstractUserDirectory scope(User user) { Dictionary credentials = user.getCredentials(); - // FIXME use arrays String username = (String) credentials.get(SHARED_STATE_USERNAME); if (username == null) username = user.getName(); - // byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD); - // char[] password = DigestUtils.bytesToChars(pwd); Dictionary properties = cloneProperties(); properties.put(Context.SECURITY_PRINCIPAL, username.toString()); - // properties.put(Context.SECURITY_CREDENTIALS, password); - properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + Object pwdCred = credentials.get(SHARED_STATE_PASSWORD); + byte[] pwd = (byte[]) pwdCred; + if (pwd != null) { + char[] password = DigestUtils.bytesToChars(pwd); + properties.put(Context.SECURITY_CREDENTIALS, new String(password)); + } else { + properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + } return new LdapUserAdmin(properties); } @@ -101,11 +106,15 @@ public class LdapUserAdmin extends AbstractUserDirectory { @Override protected Boolean daoHasRole(LdapName dn) { - return daoGetRole(dn) != null; + try { + return daoGetRole(dn) != null; + } catch (NameNotFoundException e) { + return false; + } } @Override - protected DirectoryUser daoGetRole(LdapName name) { + protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException { try { Attributes attrs = getLdapContext().getAttributes(name); if (attrs.size() == 0) @@ -119,14 +128,19 @@ public class LdapUserAdmin extends AbstractUserDirectory { else throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; + } catch (NameNotFoundException e) { +// if (adminUserDn != null && adminUserDn.equals(name)) { +// return adminUser; +// } + throw e; } catch (NamingException e) { - log.error("Cannot get role: " + e.getMessage()); return null; } } @Override protected List doGetRoles(Filter f) { + ArrayList res = new ArrayList(); try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" + objectClass + "=" @@ -137,7 +151,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { LdapName searchBase = getBaseDn(); NamingEnumeration results = getLdapContext().search(searchBase, searchFilter, searchControls); - ArrayList res = new ArrayList(); results: while (results.hasMoreElements()) { SearchResult searchResult = results.next(); Attributes attrs = searchResult.getAttributes(); @@ -151,12 +164,14 @@ public class LdapUserAdmin extends AbstractUserDirectory { || objectClassAttr.contains(getUserObjectClass().toLowerCase())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " + searchResult.getName()); +// log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role); } return res; +// } catch (NameNotFoundException e) { +// return res; } catch (Exception e) { throw new UserDirectoryException("Cannot get roles for filter " + f, e); }