X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FAggregatingUserAdmin.java;h=ef253800ca304d9b3af6302b1e4df365a65c7af6;hb=f3ea14abccc33b1c3326417a87c91145be776c72;hp=bee513546cdd25a0f0adad343d07b2857ca8cab7;hpb=9f729eeb8255a9d800ad2506735dda8cc215a135;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index bee513546..ef253800c 100644
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@ -1,16 +1,21 @@
 package org.argeo.osgi.useradmin;
 
+import static org.argeo.osgi.useradmin.DirectoryUserAdmin.toLdapName;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeSet;
 
 import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 
+import org.argeo.util.directory.DirectoryConf;
 import org.osgi.framework.InvalidSyntaxException;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.Group;
@@ -27,10 +32,11 @@ public class AggregatingUserAdmin implements UserAdmin {
 	private final LdapName tokensBaseDn;
 
 	// DAOs
-	private AbstractUserDirectory systemRoles = null;
-	private AbstractUserDirectory tokens = null;
-	private Map<LdapName, AbstractUserDirectory> businessRoles = new HashMap<LdapName, AbstractUserDirectory>();
+	private DirectoryUserAdmin systemRoles = null;
+	private DirectoryUserAdmin tokens = null;
+	private Map<LdapName, DirectoryUserAdmin> businessRoles = new HashMap<LdapName, DirectoryUserAdmin>();
 
+	// TODO rather use an empty constructor and an init method
 	public AggregatingUserAdmin(String systemRolesBaseDn, String tokensBaseDn) {
 		try {
 			this.systemRolesBaseDn = new LdapName(systemRolesBaseDn);
@@ -39,7 +45,7 @@ public class AggregatingUserAdmin implements UserAdmin {
 			else
 				this.tokensBaseDn = null;
 		} catch (InvalidNameException e) {
-			throw new UserDirectoryException("Cannot initialize " + AggregatingUserAdmin.class, e);
+			throw new IllegalStateException("Cannot initialize " + AggregatingUserAdmin.class, e);
 		}
 	}
 
@@ -74,9 +80,9 @@ public class AggregatingUserAdmin implements UserAdmin {
 	public User getUser(String key, String value) {
 		List<User> res = new ArrayList<User>();
 		for (UserAdmin userAdmin : businessRoles.values()) {
-				User u = userAdmin.getUser(key, value);
-				if (u != null)
-					res.add(u);
+			User u = userAdmin.getUser(key, value);
+			if (u != null)
+				res.add(u);
 		}
 		// Note: node roles cannot contain users, so it is not searched
 		return res.size() == 1 ? res.get(0) : null;
@@ -87,8 +93,9 @@ public class AggregatingUserAdmin implements UserAdmin {
 		if (user == null) {// anonymous
 			return systemRoles.getAuthorization(null);
 		}
-		AbstractUserDirectory userReferentialOfThisUser = findUserAdmin(user.getName());
+		DirectoryUserAdmin userReferentialOfThisUser = findUserAdmin(user.getName());
 		Authorization rawAuthorization = userReferentialOfThisUser.getAuthorization(user);
+		User retrievedUser = (User) userReferentialOfThisUser.getRole(user.getName());
 		String usernameToUse;
 		String displayNameToUse;
 		if (user instanceof Group) {
@@ -109,11 +116,22 @@ public class AggregatingUserAdmin implements UserAdmin {
 		}
 
 		// gather roles from other referentials
-		final AbstractUserDirectory userAdminToUse;// possibly scoped when authenticating
+		List<String> allRoles = new ArrayList<>(Arrays.asList(rawAuthorization.getRoles()));
+		for (LdapName otherBaseDn : businessRoles.keySet()) {
+			if (otherBaseDn.equals(userReferentialOfThisUser.getBaseDn()))
+				continue;
+			DirectoryUserAdmin otherUserAdmin = businessRoles.get(otherBaseDn);
+			Authorization auth = otherUserAdmin.getAuthorization(retrievedUser);
+			allRoles.addAll(Arrays.asList(auth.getRoles()));
+
+		}
+
+		// integrate system roles
+		final DirectoryUserAdmin userAdminToUse;// possibly scoped when authenticating
 		if (user instanceof DirectoryUser) {
 			userAdminToUse = userReferentialOfThisUser;
 		} else if (user instanceof AuthenticatingUser) {
-			userAdminToUse = userReferentialOfThisUser.scope(user);
+			userAdminToUse = (DirectoryUserAdmin) userReferentialOfThisUser.scope(user);
 		} else {
 			throw new IllegalArgumentException("Unsupported user type " + user.getClass());
 		}
@@ -132,7 +150,7 @@ public class AggregatingUserAdmin implements UserAdmin {
 			}
 			addAbstractSystemRoles(rawAuthorization, sysRoles);
 			Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
-					rawAuthorization.getRoles());
+					allRoles.toArray(new String[allRoles.size()]));
 			return authorization;
 		} finally {
 			if (userAdminToUse != null && userAdminToUse.isScoped()) {
@@ -152,17 +170,21 @@ public class AggregatingUserAdmin implements UserAdmin {
 	//
 	// USER ADMIN AGGREGATOR
 	//
-	protected void addUserDirectory(AbstractUserDirectory userDirectory) {
-		LdapName baseDn = userDirectory.getBaseDn();
-		if (isSystemRolesBaseDn(baseDn)) {
+	protected void addUserDirectory(UserDirectory ud) {
+		if (!(ud instanceof DirectoryUserAdmin))
+			throw new IllegalArgumentException("Only " + DirectoryUserAdmin.class.getName() + " is supported");
+		DirectoryUserAdmin userDirectory = (DirectoryUserAdmin) ud;
+		String basePath = userDirectory.getContext();
+		if (isSystemRolesBaseDn(basePath)) {
 			this.systemRoles = userDirectory;
 			systemRoles.setExternalRoles(this);
-		} else if (isTokensBaseDn(baseDn)) {
+		} else if (isTokensBaseDn(basePath)) {
 			this.tokens = userDirectory;
 			tokens.setExternalRoles(this);
 		} else {
+			LdapName baseDn = toLdapName(basePath);
 			if (businessRoles.containsKey(baseDn))
-				throw new UserDirectoryException("There is already a user admin for " + baseDn);
+				throw new IllegalStateException("There is already a user admin for " + baseDn);
 			businessRoles.put(baseDn, userDirectory);
 		}
 		userDirectory.init();
@@ -170,36 +192,25 @@ public class AggregatingUserAdmin implements UserAdmin {
 	}
 
 	/** Called after a new user directory has been added */
-	protected void postAdd(AbstractUserDirectory userDirectory) {
+	protected void postAdd(UserDirectory userDirectory) {
 	}
 
-//	private UserAdmin findUserAdmin(User user) {
-//		if (user == null)
-//			throw new IllegalArgumentException("User should not be null");
-//		AbstractUserDirectory userAdmin = findUserAdmin(user.getName());
-//		if (user instanceof DirectoryUser) {
-//			return userAdmin;
-//		} else {
-//			return userAdmin.scope(user);
-//		}
-//	}
-
-	private AbstractUserDirectory findUserAdmin(String name) {
+	private DirectoryUserAdmin findUserAdmin(String name) {
 		try {
 			return findUserAdmin(new LdapName(name));
 		} catch (InvalidNameException e) {
-			throw new UserDirectoryException("Badly formatted name " + name, e);
+			throw new IllegalArgumentException("Badly formatted name " + name, e);
 		}
 	}
 
-	private AbstractUserDirectory findUserAdmin(LdapName name) {
+	private DirectoryUserAdmin findUserAdmin(LdapName name) {
 		if (name.startsWith(systemRolesBaseDn))
 			return systemRoles;
 		if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
 			return tokens;
-		List<AbstractUserDirectory> res = new ArrayList<>(1);
+		List<DirectoryUserAdmin> res = new ArrayList<>(1);
 		userDirectories: for (LdapName baseDn : businessRoles.keySet()) {
-			AbstractUserDirectory userDirectory = businessRoles.get(baseDn);
+			DirectoryUserAdmin userDirectory = businessRoles.get(baseDn);
 			if (name.startsWith(baseDn)) {
 				if (userDirectory.isDisabled())
 					continue userDirectories;
@@ -216,18 +227,18 @@ public class AggregatingUserAdmin implements UserAdmin {
 			}
 		}
 		if (res.size() == 0)
-			throw new UserDirectoryException("Cannot find user admin for " + name);
+			throw new IllegalStateException("Cannot find user admin for " + name);
 		if (res.size() > 1)
-			throw new UserDirectoryException("Multiple user admin found for " + name);
+			throw new IllegalStateException("Multiple user admin found for " + name);
 		return res.get(0);
 	}
 
-	protected boolean isSystemRolesBaseDn(LdapName baseDn) {
-		return baseDn.equals(systemRolesBaseDn);
+	protected boolean isSystemRolesBaseDn(String basePath) {
+		return toLdapName(basePath).equals(systemRolesBaseDn);
 	}
 
-	protected boolean isTokensBaseDn(LdapName baseDn) {
-		return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
+	protected boolean isTokensBaseDn(String basePath) {
+		return tokensBaseDn != null && toLdapName(basePath).equals(tokensBaseDn);
 	}
 
 //	protected Dictionary<String, Object> currentState() {
@@ -241,9 +252,18 @@ public class AggregatingUserAdmin implements UserAdmin {
 //		return res;
 //	}
 
-	public void destroy() {
+	public void start() {
+		if (systemRoles == null) {
+			// TODO do we really need separate system roles?
+			Hashtable<String, Object> properties = new Hashtable<>();
+			properties.put(DirectoryConf.baseDn.name(), "ou=roles,ou=system");
+			systemRoles = new DirectoryUserAdmin(properties);
+		}
+	}
+
+	public void stop() {
 		for (LdapName name : businessRoles.keySet()) {
-			AbstractUserDirectory userDirectory = businessRoles.get(name);
+			DirectoryUserAdmin userDirectory = businessRoles.get(name);
 			destroy(userDirectory);
 		}
 		businessRoles.clear();
@@ -252,17 +272,26 @@ public class AggregatingUserAdmin implements UserAdmin {
 		systemRoles = null;
 	}
 
-	private void destroy(AbstractUserDirectory userDirectory) {
+	private void destroy(DirectoryUserAdmin userDirectory) {
 		preDestroy(userDirectory);
 		userDirectory.destroy();
 	}
 
-	protected void removeUserDirectory(LdapName baseDn) {
-		if (isSystemRolesBaseDn(baseDn))
-			throw new UserDirectoryException("System roles cannot be removed ");
+//	protected void removeUserDirectory(UserDirectory userDirectory) {
+//		LdapName baseDn = toLdapName(userDirectory.getContext());
+//		businessRoles.remove(baseDn);
+//		if (userDirectory instanceof DirectoryUserAdmin)
+//			destroy((DirectoryUserAdmin) userDirectory);
+//	}
+
+	@Deprecated
+	protected void removeUserDirectory(String basePath) {
+		if (isSystemRolesBaseDn(basePath))
+			throw new IllegalArgumentException("System roles cannot be removed ");
+		LdapName baseDn = toLdapName(basePath);
 		if (!businessRoles.containsKey(baseDn))
-			throw new UserDirectoryException("No user directory registered for " + baseDn);
-		AbstractUserDirectory userDirectory = businessRoles.remove(baseDn);
+			throw new IllegalStateException("No user directory registered for " + baseDn);
+		DirectoryUserAdmin userDirectory = businessRoles.remove(baseDn);
 		destroy(userDirectory);
 	}
 
@@ -270,7 +299,14 @@ public class AggregatingUserAdmin implements UserAdmin {
 	 * Called before each user directory is destroyed, so that additional actions
 	 * can be performed.
 	 */
-	protected void preDestroy(AbstractUserDirectory userDirectory) {
+	protected void preDestroy(UserDirectory userDirectory) {
+	}
+
+	public Set<UserDirectory> getUserDirectories() {
+		TreeSet<UserDirectory> res = new TreeSet<>((o1, o2) -> o1.getContext().compareTo(o2.getContext()));
+		res.addAll(businessRoles.values());
+		res.add(systemRoles);
+		return res;
 	}
 
 }