X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=83b2f170951b0b15951c93ee3e8e97a5d0d8c155;hb=02248ae439aabf998fb03524d125228d00c469e8;hp=ef253800ca304d9b3af6302b1e4df365a65c7af6;hpb=f3ea14abccc33b1c3326417a87c91145be776c72;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index ef253800c..83b2f1709 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -9,6 +9,7 @@ import java.util.HashSet; import java.util.Hashtable; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Set; import java.util.TreeSet; @@ -88,6 +89,7 @@ public class AggregatingUserAdmin implements UserAdmin { return res.size() == 1 ? res.get(0) : null; } + /** Builds an authorisation by scanning all referentials. */ @Override public Authorization getAuthorization(User user) { if (user == null) {// anonymous @@ -120,21 +122,17 @@ public class AggregatingUserAdmin implements UserAdmin { for (LdapName otherBaseDn : businessRoles.keySet()) { if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn())) continue; - DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn); + DirectoryUserAdmin otherUserAdmin = userAdminToUse(user, businessRoles.get(otherBaseDn)); + if (otherUserAdmin == null) + continue; Authorization auth = otherUserAdmin.getAuthorization(retrievedUser); allRoles.addAll(Arrays.asList(auth.getRoles())); } // integrate system roles - final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating - if (user instanceof DirectoryUser) { - userAdminToUse = userReferentialOfThisUser; - } else if (user instanceof AuthenticatingUser) { - userAdminToUse = (DirectoryUserAdmin) userReferentialOfThisUser.scope(user); - } else { - throw new IllegalArgumentException("Unsupported user type " + user.getClass()); - } + final DirectoryUserAdmin userAdminToUse = userAdminToUse(retrievedUser, userReferentialOfThisUser); + Objects.requireNonNull(userAdminToUse); try { Set sysRoles = new HashSet(); @@ -159,6 +157,18 @@ public class AggregatingUserAdmin implements UserAdmin { } } + /** Decide whether to scope or not */ + private DirectoryUserAdmin userAdminToUse(User user, DirectoryUserAdmin userAdmin) { + if (user instanceof DirectoryUser) { + return userAdmin; + } else if (user instanceof AuthenticatingUser) { + return userAdmin.scope(user).orElse(null); + } else { + throw new IllegalArgumentException("Unsupported user type " + user.getClass()); + } + + } + /** * Enrich with application-specific roles which are strictly programmatic, such * as anonymous/user semantics. @@ -174,7 +184,7 @@ public class AggregatingUserAdmin implements UserAdmin { if (!(ud instanceof DirectoryUserAdmin)) throw new IllegalArgumentException("Only " + DirectoryUserAdmin.class.getName() + " is supported"); DirectoryUserAdmin userDirectory = (DirectoryUserAdmin) ud; - String basePath = userDirectory.getContext(); + String basePath = userDirectory.getBase(); if (isSystemRolesBaseDn(basePath)) { this.systemRoles = userDirectory; systemRoles.setExternalRoles(this); @@ -303,7 +313,7 @@ public class AggregatingUserAdmin implements UserAdmin { } public Set getUserDirectories() { - TreeSet res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext())); + TreeSet res = new TreeSet<>((o1, o2) -> o1.getBase().compareTo(o2.getBase())); res.addAll(businessRoles.values()); res.add(systemRoles); return res;