import java.util.TreeMap;
import javax.naming.InvalidNameException;
+import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapName;
private boolean isFirstInit = false;
+ private final static String ROLES = "roles";
+
public DeployConfig(ConfigurationAdmin configurationAdmin, DataModels dataModels, boolean isClean) {
this.dataModels = dataModels;
// ConfigurationAdmin configurationAdmin =
List<String> activeCns = new ArrayList<>();
for (int i = 0; i < userDirectoryConfigs.size(); i++) {
Dictionary<String, Object> userDirectoryConfig = userDirectoryConfigs.get(i);
- String cn = UserAdminConf.baseDnHash(userDirectoryConfig);
+ String baseDn = (String) userDirectoryConfig.get(UserAdminConf.baseDn.name());
+ String cn;
+ if (NodeConstants.ROLES_BASEDN.equals(baseDn))
+ cn = ROLES;
+ else
+ cn = UserAdminConf.baseDnHash(userDirectoryConfig);
activeCns.add(cn);
userDirectoryConfig.put(NodeConstants.CN, cn);
putFactoryDeployConfig(NodeConstants.NODE_USER_ADMIN_PID, userDirectoryConfig);
if (log.isDebugEnabled())
log.debug("Clean state, loading from framework properties...");
setFromFrameworkProperties(isFirstInit);
- for (LdapName dn : deployConfigs.keySet()) {
+
+ // FIXME make it more robust
+ Configuration systemRolesConf = null;
+ LdapName systemRolesDn;
+ try {
+ // FIXME make it more robust
+ systemRolesDn = new LdapName("cn=roles,ou=org.argeo.api.userAdmin,ou=deploy,ou=node");
+ } catch (InvalidNameException e) {
+ throw new IllegalArgumentException(e);
+ }
+ deployConfigs: for (LdapName dn : deployConfigs.keySet()) {
Rdn lastRdn = dn.getRdn(dn.size() - 1);
LdapName prefix = (LdapName) dn.getPrefix(dn.size() - 1);
if (prefix.toString().equals(NodeConstants.DEPLOY_BASEDN)) {
// service factory definition
}
} else {
+ Attributes config = deployConfigs.get(dn);
+ Attribute disabled = config.get(UserAdminConf.disabled.name());
+ if (disabled != null)
+ continue deployConfigs;
// service factory service
Rdn beforeLastRdn = dn.getRdn(dn.size() - 2);
assert beforeLastRdn.getType().equals(NodeConstants.OU);
String factoryPid = beforeLastRdn.getValue().toString();
Configuration conf = configurationAdmin.createFactoryConfiguration(factoryPid.toString(), null);
- AttributesDictionary dico = new AttributesDictionary(deployConfigs.get(dn));
- conf.update(dico);
+ if (systemRolesDn.equals(dn)) {
+ systemRolesConf = configurationAdmin.createFactoryConfiguration(factoryPid.toString(), null);
+ } else {
+ AttributesDictionary dico = new AttributesDictionary(config);
+ conf.update(dico);
+ }
}
}
+
+ // system roles must be last since it triggers node user admin publication
+ if (systemRolesConf == null)
+ throw new IllegalStateException("System roles are not configured.");
+ systemRolesConf.update(new AttributesDictionary(deployConfigs.get(systemRolesDn)));
}
// TODO check consistency if not clean
}
Set<String> sysRoles = new HashSet<String>();
for (String role : rawAuthorization.getRoles()) {
Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
- systemRoles:for(String systemRole:auth.getRoles()) {
- if(role.equals(systemRole))
+ systemRoles: for (String systemRole : auth.getRoles()) {
+ if (role.equals(systemRole))
continue systemRoles;
sysRoles.add(systemRole);
}
return systemRoles;
if (tokensBaseDn != null && name.startsWith(tokensBaseDn))
return tokens;
- List<UserAdmin> res = new ArrayList<UserAdmin>(1);
- for (LdapName baseDn : businessRoles.keySet()) {
- AbstractUserDirectory ud = businessRoles.get(baseDn);
+ List<AbstractUserDirectory> res = new ArrayList<>(1);
+ userDirectories: for (LdapName baseDn : businessRoles.keySet()) {
+ AbstractUserDirectory userDirectory = businessRoles.get(baseDn);
if (name.startsWith(baseDn)) {
- if (!ud.isDisabled())
- res.add(ud);
- }
-// Object principal = ud.getProperties().get(Context.SECURITY_PRINCIPAL);
-// if (principal != null) {
-// try {
-// LdapName principalLdapName = new LdapName(principal.toString());
-// if (principalLdapName.equals(name))
-// res.add(ud);
-// } catch (InvalidNameException e) {
-// // silent
+ if (userDirectory.isDisabled())
+ continue userDirectories;
+// if (res.isEmpty()) {
+ res.add(userDirectory);
+// } else {
+// for (AbstractUserDirectory ud : res) {
+// LdapName bd = ud.getBaseDn();
+// if (userDirectory.getBaseDn().startsWith(bd)) {
+// // child user directory
+// }
+// }
// }
-// }
+ }
}
if (res.size() == 0)
throw new UserDirectoryException("Cannot find user admin for " + name);