X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=ef253800ca304d9b3af6302b1e4df365a65c7af6;hb=f3ea14abccc33b1c3326417a87c91145be776c72;hp=ad6a83fb5d437d5b519c662b15623dc3523abe3e;hpb=4c7e1885b8bf3c93fa0919ace122e3f289a925ea;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java index ad6a83fb5..ef253800c 100644 --- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java @@ -1,11 +1,12 @@ package org.argeo.osgi.useradmin; -import static org.argeo.osgi.useradmin.AbstractUserDirectory.toLdapName; +import static org.argeo.osgi.useradmin.DirectoryUserAdmin.toLdapName; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; +import java.util.Hashtable; import java.util.List; import java.util.Map; import java.util.Set; @@ -14,6 +15,7 @@ import java.util.TreeSet; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; +import org.argeo.util.directory.DirectoryConf; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.Group; @@ -30,9 +32,9 @@ public class AggregatingUserAdmin implements UserAdmin { private final LdapName tokensBaseDn; // DAOs - private AbstractUserDirectory systemRoles = null; - private AbstractUserDirectory tokens = null; - private Map businessRoles = new HashMap(); + private DirectoryUserAdmin systemRoles = null; + private DirectoryUserAdmin tokens = null; + private Map businessRoles = new HashMap(); // TODO rather use an empty constructor and an init method public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) { @@ -43,7 +45,7 @@ public class AggregatingUserAdmin implements UserAdmin { else this.tokensBaseDn = null; } catch (InvalidNameException e) { - throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e); + throw new IllegalStateException("Cannot initialize " + AggregatingUserAdmin.class, e); } } @@ -91,8 +93,9 @@ public class AggregatingUserAdmin implements UserAdmin { if (user == null) {// anonymous return systemRoles.getAuthorization(null); } - AbstractUserDirectory userReferentialOfThisUser = findUserAdmin(user.getName()); + DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName()); Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user); + User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName()); String usernameToUse; String displayNameToUse; if (user instanceof Group) { @@ -113,11 +116,22 @@ public class AggregatingUserAdmin implements UserAdmin { } // gather roles from other referentials - final AbstractUserDirectory userAdminToUse;// possibly scoped when authenticating + List allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles())); + for (LdapName otherBaseDn : businessRoles.keySet()) { + if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn())) + continue; + DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn); + Authorization auth = otherUserAdmin.getAuthorization(retrievedUser); + allRoles.addAll(Arrays.asList(auth.getRoles())); + + } + + // integrate system roles + final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating if (user instanceof DirectoryUser) { userAdminToUse = userReferentialOfThisUser; } else if (user instanceof AuthenticatingUser) { - userAdminToUse = userReferentialOfThisUser.scope(user); + userAdminToUse = (DirectoryUserAdmin) userReferentialOfThisUser.scope(user); } else { throw new IllegalArgumentException("Unsupported user type " + user.getClass()); } @@ -136,7 +150,7 @@ public class AggregatingUserAdmin implements UserAdmin { } addAbstractSystemRoles(rawAuthorization, sysRoles); Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles, - rawAuthorization.getRoles()); + allRoles.toArray(new String[allRoles.size()])); return authorization; } finally { if (userAdminToUse != null && userAdminToUse.isScoped()) { @@ -157,10 +171,10 @@ public class AggregatingUserAdmin implements UserAdmin { // USER ADMIN AGGREGATOR // protected void addUserDirectory(UserDirectory ud) { - if (!(ud instanceof AbstractUserDirectory)) - throw new IllegalArgumentException("Only " + AbstractUserDirectory.class.getName() + " is supported"); - AbstractUserDirectory userDirectory = (AbstractUserDirectory) ud; - String basePath = userDirectory.getBasePath(); + if (!(ud instanceof DirectoryUserAdmin)) + throw new IllegalArgumentException("Only " + DirectoryUserAdmin.class.getName() + " is supported"); + DirectoryUserAdmin userDirectory = (DirectoryUserAdmin) ud; + String basePath = userDirectory.getContext(); if (isSystemRolesBaseDn(basePath)) { this.systemRoles = userDirectory; systemRoles.setExternalRoles(this); @@ -170,7 +184,7 @@ public class AggregatingUserAdmin implements UserAdmin { } else { LdapName baseDn = toLdapName(basePath); if (businessRoles.containsKey(baseDn)) - throw new UserDirectoryException("There is already a user admin for " + baseDn); + throw new IllegalStateException("There is already a user admin for " + baseDn); businessRoles.put(baseDn, userDirectory); } userDirectory.init(); @@ -181,22 +195,22 @@ public class AggregatingUserAdmin implements UserAdmin { protected void postAdd(UserDirectory userDirectory) { } - private AbstractUserDirectory findUserAdmin(String name) { + private DirectoryUserAdmin findUserAdmin(String name) { try { return findUserAdmin(new LdapName(name)); } catch (InvalidNameException e) { - throw new UserDirectoryException("Badly formatted name " + name, e); + throw new IllegalArgumentException("Badly formatted name " + name, e); } } - private AbstractUserDirectory findUserAdmin(LdapName name) { + private DirectoryUserAdmin findUserAdmin(LdapName name) { if (name.startsWith(systemRolesBaseDn)) return systemRoles; if (tokensBaseDn != null && name.startsWith(tokensBaseDn)) return tokens; - List res = new ArrayList<>(1); + List res = new ArrayList<>(1); userDirectories: for (LdapName baseDn : businessRoles.keySet()) { - AbstractUserDirectory userDirectory = businessRoles.get(baseDn); + DirectoryUserAdmin userDirectory = businessRoles.get(baseDn); if (name.startsWith(baseDn)) { if (userDirectory.isDisabled()) continue userDirectories; @@ -213,9 +227,9 @@ public class AggregatingUserAdmin implements UserAdmin { } } if (res.size() == 0) - throw new UserDirectoryException("Cannot find user admin for " + name); + throw new IllegalStateException("Cannot find user admin for " + name); if (res.size() > 1) - throw new UserDirectoryException("Multiple user admin found for " + name); + throw new IllegalStateException("Multiple user admin found for " + name); return res.get(0); } @@ -238,9 +252,18 @@ public class AggregatingUserAdmin implements UserAdmin { // return res; // } - public void destroy() { + public void start() { + if (systemRoles == null) { + // TODO do we really need separate system roles? + Hashtable properties = new Hashtable<>(); + properties.put(DirectoryConf.baseDn.name(), "ou=roles,ou=system"); + systemRoles = new DirectoryUserAdmin(properties); + } + } + + public void stop() { for (LdapName name : businessRoles.keySet()) { - AbstractUserDirectory userDirectory = businessRoles.get(name); + DirectoryUserAdmin userDirectory = businessRoles.get(name); destroy(userDirectory); } businessRoles.clear(); @@ -249,18 +272,26 @@ public class AggregatingUserAdmin implements UserAdmin { systemRoles = null; } - private void destroy(AbstractUserDirectory userDirectory) { + private void destroy(DirectoryUserAdmin userDirectory) { preDestroy(userDirectory); userDirectory.destroy(); } +// protected void removeUserDirectory(UserDirectory userDirectory) { +// LdapName baseDn = toLdapName(userDirectory.getContext()); +// businessRoles.remove(baseDn); +// if (userDirectory instanceof DirectoryUserAdmin) +// destroy((DirectoryUserAdmin) userDirectory); +// } + + @Deprecated protected void removeUserDirectory(String basePath) { if (isSystemRolesBaseDn(basePath)) - throw new UserDirectoryException("System roles cannot be removed "); + throw new IllegalArgumentException("System roles cannot be removed "); LdapName baseDn = toLdapName(basePath); if (!businessRoles.containsKey(baseDn)) - throw new UserDirectoryException("No user directory registered for " + baseDn); - AbstractUserDirectory userDirectory = businessRoles.remove(baseDn); + throw new IllegalStateException("No user directory registered for " + baseDn); + DirectoryUserAdmin userDirectory = businessRoles.remove(baseDn); destroy(userDirectory); } @@ -272,8 +303,10 @@ public class AggregatingUserAdmin implements UserAdmin { } public Set getUserDirectories() { - TreeSet res = new TreeSet<>((o1, o2) -> o1.getBasePath().compareTo(o2.getBasePath())); + TreeSet res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext())); res.addAll(businessRoles.values()); + res.add(systemRoles); return res; } + }