projects
/
lgpl
/
argeo-commons.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a8e6930
)
Start clarifying user admin.
author
Mathieu Baudier <mbaudier@argeo.org>
Mon, 13 Jun 2022 05:53:47 +0000
(07:53 +0200)
committer
Mathieu Baudier <mbaudier@argeo.org>
Mon, 13 Jun 2022 05:53:47 +0000
(07:53 +0200)
eclipse/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/internal/osgi/NodeUserAdmin.java
patch
|
blob
|
history
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
patch
|
blob
|
history
org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
patch
|
blob
|
history
org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
patch
|
blob
|
history
org.argeo.util/src/org/argeo/osgi/useradmin/OsUserUtils.java
patch
|
blob
|
history
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectory.java
patch
|
blob
|
history
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectoryException.java
patch
|
blob
|
history
diff --git
a/eclipse/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
b/eclipse/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
index 16aa78316142a1a37f2340293c7ee15b4437ff9d..465c15a17be6199487d90b7e7e95a9c5c9582ad3 100644
(file)
--- a/
eclipse/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
+++ b/
eclipse/org.argeo.cms.e4/src/org/argeo/cms/e4/users/UserAdminWrapper.java
@@
-91,7
+91,7
@@
public class UserAdminWrapper {
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
- String baseDn = userDirectory.getBase
Dn().toString
();
+ String baseDn = userDirectory.getBase
Path
();
if (onlyWritable && readOnly)
continue;
if (onlyWritable && readOnly)
continue;
diff --git
a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
index 19136606da492a3f5d6029bc5f526a5907aa03fd..782487a9ad7b083275e3db8d65810f750d0fbdcd 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
+++ b/
org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java
@@
-229,7
+229,7
@@
public class CmsUserManagerImpl implements CmsUserManager {
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
Map<String, String> dns = new HashMap<String, String>();
for (UserDirectory userDirectory : userDirectories.keySet()) {
Boolean readOnly = userDirectory.isReadOnly();
- String baseDn = userDirectory.getBase
Dn().toString
();
+ String baseDn = userDirectory.getBase
Path
();
if (onlyWritable && readOnly)
continue;
if (onlyWritable && readOnly)
continue;
diff --git
a/org.argeo.cms/src/org/argeo/cms/internal/osgi/NodeUserAdmin.java
b/org.argeo.cms/src/org/argeo/cms/internal/osgi/NodeUserAdmin.java
index 4eda98c35c6087bb36527a98781f26ab7eb3d2fd..0746d4301d5b324ac61921a56c77d720e342c767 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/internal/osgi/NodeUserAdmin.java
+++ b/
org.argeo.cms/src/org/argeo/cms/internal/osgi/NodeUserAdmin.java
@@
-5,9
+5,6
@@
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Hashtable;
import java.util.Map;
-import javax.naming.InvalidNameException;
-import javax.naming.ldap.LdapName;
-
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.cms.internal.runtime.CmsUserAdmin;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.cms.internal.runtime.CmsUserAdmin;
@@
-27,22
+24,17
@@
public class NodeUserAdmin extends CmsUserAdmin implements ManagedServiceFactory
private final static CmsLog log = CmsLog.getLog(NodeUserAdmin.class);
// OSGi
private final static CmsLog log = CmsLog.getLog(NodeUserAdmin.class);
// OSGi
- private Map<String,
LdapName
> pidToBaseDn = new HashMap<>();
+ private Map<String,
String
> pidToBaseDn = new HashMap<>();
@Override
public void updated(String pid, Dictionary<String, ?> properties) throws ConfigurationException {
@Override
public void updated(String pid, Dictionary<String, ?> properties) throws ConfigurationException {
- LdapName baseDn;
- try {
- baseDn = new LdapName((String) properties.get(UserAdminConf.baseDn.name()));
- } catch (InvalidNameException e) {
- throw new IllegalArgumentException(e);
- }
+ String basePath = (String) properties.get(UserAdminConf.baseDn.name());
// FIXME make updates more robust
// FIXME make updates more robust
- if (pidToBaseDn.containsValue(base
Dn
)) {
+ if (pidToBaseDn.containsValue(base
Path
)) {
if (log.isDebugEnabled())
if (log.isDebugEnabled())
- log.debug("Ignoring user directory update of " + base
Dn
);
+ log.debug("Ignoring user directory update of " + base
Path
);
return;
}
return;
}
@@
-50,14
+42,14
@@
public class NodeUserAdmin extends CmsUserAdmin implements ManagedServiceFactory
// OSGi
Hashtable<String, Object> regProps = new Hashtable<>();
regProps.put(Constants.SERVICE_PID, pid);
// OSGi
Hashtable<String, Object> regProps = new Hashtable<>();
regProps.put(Constants.SERVICE_PID, pid);
- if (isSystemRolesBaseDn(base
Dn
))
+ if (isSystemRolesBaseDn(base
Path
))
regProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
regProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
- regProps.put(UserAdminConf.baseDn.name(), base
Dn
);
+ regProps.put(UserAdminConf.baseDn.name(), base
Path
);
CmsActivator.getBundleContext().registerService(UserDirectory.class, userDirectory, regProps);
CmsActivator.getBundleContext().registerService(UserDirectory.class, userDirectory, regProps);
- pidToBaseDn.put(pid, base
Dn
);
+ pidToBaseDn.put(pid, base
Path
);
- if (isSystemRolesBaseDn(base
Dn
)) {
+ if (isSystemRolesBaseDn(base
Path
)) {
// publishes itself as user admin only when system roles are available
Dictionary<String, Object> userAdminregProps = new Hashtable<>();
userAdminregProps.put(CmsConstants.CN, CmsConstants.DEFAULT);
// publishes itself as user admin only when system roles are available
Dictionary<String, Object> userAdminregProps = new Hashtable<>();
userAdminregProps.put(CmsConstants.CN, CmsConstants.DEFAULT);
@@
-71,8
+63,8
@@
public class NodeUserAdmin extends CmsUserAdmin implements ManagedServiceFactory
// assert pidToServiceRegs.get(pid) != null;
assert pidToBaseDn.get(pid) != null;
// pidToServiceRegs.remove(pid).unregister();
// assert pidToServiceRegs.get(pid) != null;
assert pidToBaseDn.get(pid) != null;
// pidToServiceRegs.remove(pid).unregister();
-
LdapName baseDn
= pidToBaseDn.remove(pid);
- removeUserDirectory(base
Dn
);
+
String basePath
= pidToBaseDn.remove(pid);
+ removeUserDirectory(base
Path
);
}
@Override
}
@Override
diff --git
a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
index 9364ee4a3069bfdfcf905d41ae74ecc21172180b..391c94a3da1c3011b06846b34727b4da4001891e 100644
(file)
--- a/
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
+++ b/
org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java
@@
-11,9
+11,9
@@
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Iterator;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Iterator;
+import java.util.Optional;
import java.util.Set;
import java.util.Set;
-import javax.naming.ldap.LdapName;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@
-35,7
+35,6
@@
import org.argeo.cms.internal.http.client.HttpCredentialProvider;
import org.argeo.cms.internal.http.client.SpnegoAuthScheme;
import org.argeo.osgi.transaction.WorkControl;
import org.argeo.osgi.transaction.WorkTransaction;
import org.argeo.cms.internal.http.client.SpnegoAuthScheme;
import org.argeo.osgi.transaction.WorkControl;
import org.argeo.osgi.transaction.WorkTransaction;
-import org.argeo.osgi.useradmin.AbstractUserDirectory;
import org.argeo.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.osgi.useradmin.LdapUserAdmin;
import org.argeo.osgi.useradmin.LdifUserAdmin;
import org.argeo.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.osgi.useradmin.LdapUserAdmin;
import org.argeo.osgi.useradmin.LdifUserAdmin;
@@
-96,7
+95,7
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
}
// Create
}
// Create
-
Abstract
UserDirectory userDirectory;
+ UserDirectory userDirectory;
if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme())
|| UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) {
userDirectory = new LdapUserAdmin(properties);
if (realm != null || UserAdminConf.SCHEME_LDAP.equals(u.getScheme())
|| UserAdminConf.SCHEME_LDAPS.equals(u.getScheme())) {
userDirectory = new LdapUserAdmin(properties);
@@
-108,14
+107,14
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
} else {
throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
}
} else {
throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
}
-
LdapName baseDn = userDirectory.getBaseDn
();
+
String basePath = userDirectory.getBasePath
();
addUserDirectory(userDirectory);
addUserDirectory(userDirectory);
- if (isSystemRolesBaseDn(base
Dn
)) {
+ if (isSystemRolesBaseDn(base
Path
)) {
addStandardSystemRoles();
}
if (log.isDebugEnabled()) {
addStandardSystemRoles();
}
if (log.isDebugEnabled()) {
- log.debug("User directory " + userDirectory.getBase
Dn
() + (u != null ? " [" + u.getScheme() + "]" : "")
+ log.debug("User directory " + userDirectory.getBase
Path
() + (u != null ? " [" + u.getScheme() + "]" : "")
+ " enabled." + (realm != null ? " " + realm + " realm." : ""));
}
return userDirectory;
+ " enabled." + (realm != null ? " " + realm + " realm." : ""));
}
return userDirectory;
@@
-153,13
+152,14
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
}
}
}
}
- protected void postAdd(AbstractUserDirectory userDirectory) {
+ @Override
+ protected void postAdd(UserDirectory userDirectory) {
userDirectory.setTransactionControl(transactionManager);
userDirectory.setTransactionControl(transactionManager);
- O
bject realm = userDirectory.getProperties().get(UserAdminConf.realm.name()
);
- if (realm
!= null
) {
+ O
ptional<String> realm = userDirectory.getRealm(
);
+ if (realm
.isPresent()
) {
if (Files.exists(nodeKeyTab)) {
if (Files.exists(nodeKeyTab)) {
- String servicePrincipal = getKerberosServicePrincipal(realm.
toString
());
+ String servicePrincipal = getKerberosServicePrincipal(realm.
get
());
if (servicePrincipal != null) {
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
if (servicePrincipal != null) {
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
@@
-193,9
+193,10
@@
public class CmsUserAdmin extends AggregatingUserAdmin {
}
}
}
}
- protected void preDestroy(AbstractUserDirectory userDirectory) {
- Object realm = userDirectory.getProperties().get(UserAdminConf.realm.name());
- if (realm != null) {
+ @Override
+ protected void preDestroy(UserDirectory userDirectory) {
+ Optional<String> realm = userDirectory.getRealm();
+ if (realm.isPresent()) {
if (acceptorCredentials != null) {
try {
acceptorCredentials.dispose();
if (acceptorCredentials != null) {
try {
acceptorCredentials.dispose();
diff --git
a/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
b/org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
index e028e384e1a8a7af1b5656124e0a66e6f50e9c00..19cd06886ba3b83b2daa1ef42e291e88876b72a0 100644
(file)
--- a/
org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
+++ b/
org.argeo.util/src/org/argeo/osgi/useradmin/AbstractUserDirectory.java
@@
-17,10
+17,12
@@
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
+import java.util.Optional;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.InvalidNameException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
@@
-39,7
+41,7
@@
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;
/** Base class for a {@link UserDirectory}. */
import org.osgi.service.useradmin.UserAdmin;
/** Base class for a {@link UserDirectory}. */
-
public
abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
+abstract class AbstractUserDirectory implements UserAdmin, UserDirectory {
static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
@@
-99,7
+101,8
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
userBaseDn = new LdapName(userBase + "," + baseDn);
groupBaseDn = new LdapName(groupBase + "," + baseDn);
} catch (InvalidNameException e) {
userBaseDn = new LdapName(userBase + "," + baseDn);
groupBaseDn = new LdapName(groupBase + "," + baseDn);
} catch (InvalidNameException e) {
- throw new UserDirectoryException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties), e);
+ throw new IllegalArgumentException("Badly formated base DN " + UserAdminConf.baseDn.getValue(properties),
+ e);
}
String readOnlyStr = UserAdminConf.readOnly.getValue(properties);
if (readOnlyStr == null) {
}
String readOnlyStr = UserAdminConf.readOnly.getValue(properties);
if (readOnlyStr == null) {
@@
-133,6
+136,19
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
}
}
+ @Override
+ public String getBasePath() {
+ return getBaseDn().toString();
+ }
+
+ @Override
+ public Optional<String> getRealm() {
+ Object realm = getProperties().get(UserAdminConf.realm.name());
+ if (realm == null)
+ return Optional.empty();
+ return Optional.of(realm.toString());
+ }
+
protected boolean isEditing() {
return xaResource.wc() != null;
}
protected boolean isEditing() {
return xaResource.wc() != null;
}
@@
-145,20
+161,11
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
}
protected void checkEdit() {
}
protected void checkEdit() {
-// Transaction transaction;
-// try {
-// transaction = transactionManager.getTransaction();
-// } catch (SystemException e) {
-// throw new UserDirectoryException("Cannot get transaction", e);
-// }
-// if (transaction == null)
-// throw new UserDirectoryException("A transaction needs to be active in order to edit");
if (xaResource.wc() == null) {
try {
if (xaResource.wc() == null) {
try {
-// transaction.enlistResource(xaResource);
transactionControl.getWorkContext().registerXAResource(xaResource, null);
} catch (Exception e) {
transactionControl.getWorkContext().registerXAResource(xaResource, null);
} catch (Exception e) {
- throw new
UserDirectory
Exception("Cannot enlist " + xaResource, e);
+ throw new
IllegalState
Exception("Cannot enlist " + xaResource, e);
}
} else {
}
}
} else {
}
@@
-189,8
+196,8
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
if (group != null)
allRoles.add(group);
}
if (group != null)
allRoles.add(group);
}
- } catch (Exception e) {
- throw new
UserDirectory
Exception("Cannot get memberOf groups for " + user, e);
+ } catch (
Naming
Exception e) {
+ throw new
IllegalState
Exception("Cannot get memberOf groups for " + user, e);
}
} else {
for (LdapName groupDn : getDirectGroups(user.getDn())) {
}
} else {
for (LdapName groupDn : getDirectGroups(user.getDn())) {
@@
-211,7
+218,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
// USER ADMIN
@Override
public Role getRole(String name) {
// USER ADMIN
@Override
public Role getRole(String name) {
- return doGetRole(to
Dn
(name));
+ return doGetRole(to
LdapName
(name));
}
protected DirectoryUser doGetRole(LdapName dn) {
}
protected DirectoryUser doGetRole(LdapName dn) {
@@
-260,7
+267,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
- throw new
UserDirectory
Exception("Key cannot be null");
+ throw new
IllegalArgument
Exception("Key cannot be null");
}
if (collectedUsers.size() == 1) {
}
if (collectedUsers.size() == 1) {
@@
-278,7
+285,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
List<DirectoryUser> users = doGetRoles(f);
collectedUsers.addAll(users);
} catch (InvalidSyntaxException e) {
List<DirectoryUser> users = doGetRoles(f);
collectedUsers.addAll(users);
} catch (InvalidSyntaxException e) {
- throw new
UserDirectory
Exception("Cannot get user with " + key + "=" + value, e);
+ throw new
IllegalArgument
Exception("Cannot get user with " + key + "=" + value, e);
}
}
}
}
@@
-292,7
+299,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
try {
DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
if (directoryUser == null)
try {
DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
if (directoryUser == null)
- throw new
UserDirectory
Exception("No scoped user found for " + user);
+ throw new
IllegalState
Exception("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
scopedUserAdmin.getAllRoles(directoryUser));
return authorization;
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
scopedUserAdmin.getAllRoles(directoryUser));
return authorization;
@@
-306,9
+313,9
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
public Role createRole(String name, int type) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
public Role createRole(String name, int type) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
- LdapName dn = to
Dn
(name);
+ LdapName dn = to
LdapName
(name);
if ((daoHasRole(dn) && !wc.getDeletedUsers().containsKey(dn)) || wc.getNewUsers().containsKey(dn))
if ((daoHasRole(dn) && !wc.getDeletedUsers().containsKey(dn)) || wc.getNewUsers().containsKey(dn))
- throw new
UserDirectory
Exception("Already a role " + name);
+ throw new
IllegalArgument
Exception("Already a role " + name);
BasicAttributes attrs = new BasicAttributes(true);
// attrs.put(LdifName.dn.name(), dn.toString());
Rdn nameRdn = dn.getRdn(dn.size() - 1);
BasicAttributes attrs = new BasicAttributes(true);
// attrs.put(LdifName.dn.name(), dn.toString());
Rdn nameRdn = dn.getRdn(dn.size() - 1);
@@
-350,7
+357,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
attrs.put(objClass);
newRole = new LdifGroup(this, dn, attrs);
} else
attrs.put(objClass);
newRole = new LdifGroup(this, dn, attrs);
} else
- throw new
UserDirectory
Exception("Unsupported type " + type);
+ throw new
IllegalArgument
Exception("Unsupported type " + type);
return newRole;
}
return newRole;
}
@@
-358,7
+365,7
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
public boolean removeRole(String name) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
public boolean removeRole(String name) {
checkEdit();
UserDirectoryWorkingCopy wc = getWorkingCopy();
- LdapName dn = to
Dn
(name);
+ LdapName dn = to
LdapName
(name);
boolean actuallyDeleted;
if (daoHasRole(dn) || wc.getNewUsers().containsKey(dn)) {
DirectoryUser user = (DirectoryUser) getRole(name);
boolean actuallyDeleted;
if (daoHasRole(dn) || wc.getNewUsers().containsKey(dn)) {
DirectoryUser user = (DirectoryUser) getRole(name);
@@
-387,15
+394,6
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
}
}
- // UTILITIES
- protected LdapName toDn(String name) {
- try {
- return new LdapName(name);
- } catch (InvalidNameException e) {
- throw new UserDirectoryException("Badly formatted name", e);
- }
- }
-
// GETTERS
protected String getMemberAttributeId() {
return memberAttributeId;
// GETTERS
protected String getMemberAttributeId() {
return memberAttributeId;
@@
-514,4
+512,14
@@
public abstract class AbstractUserDirectory implements UserAdmin, UserDirectory
return scoped;
}
return scoped;
}
+ /*
+ * STATIC UTILITIES
+ */
+ static LdapName toLdapName(String name) {
+ try {
+ return new LdapName(name);
+ } catch (InvalidNameException e) {
+ throw new IllegalArgumentException(name + " is not an LDAP name", e);
+ }
+ }
}
}
diff --git
a/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
b/org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
index c274ed97e581c934515d11adce2bf19b82e2661a..5613c28484ac4dff444505d5b96f3e1ab6e74434 100644
(file)
--- a/
org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
+++ b/
org.argeo.util/src/org/argeo/osgi/useradmin/AggregatingUserAdmin.java
@@
-1,5
+1,7
@@
package org.argeo.osgi.useradmin;
package org.argeo.osgi.useradmin;
+import static org.argeo.osgi.useradmin.AbstractUserDirectory.toLdapName;
+
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
@@
-75,9
+77,9
@@
public class AggregatingUserAdmin implements UserAdmin {
public User getUser(String key, String value) {
List<User> res = new ArrayList<User>();
for (UserAdmin userAdmin : businessRoles.values()) {
public User getUser(String key, String value) {
List<User> res = new ArrayList<User>();
for (UserAdmin userAdmin : businessRoles.values()) {
-
User u = userAdmin.getUser(key, value);
-
if (u != null)
-
res.add(u);
+ User u = userAdmin.getUser(key, value);
+ if (u != null)
+ res.add(u);
}
// Note: node roles cannot contain users, so it is not searched
return res.size() == 1 ? res.get(0) : null;
}
// Note: node roles cannot contain users, so it is not searched
return res.size() == 1 ? res.get(0) : null;
@@
-153,15
+155,19
@@
public class AggregatingUserAdmin implements UserAdmin {
//
// USER ADMIN AGGREGATOR
//
//
// USER ADMIN AGGREGATOR
//
- protected void addUserDirectory(AbstractUserDirectory userDirectory) {
- LdapName baseDn = userDirectory.getBaseDn();
- if (isSystemRolesBaseDn(baseDn)) {
+ protected void addUserDirectory(UserDirectory ud) {
+ if (!(ud instanceof AbstractUserDirectory))
+ throw new IllegalArgumentException("Only " + AbstractUserDirectory.class.getName() + " is supported");
+ AbstractUserDirectory userDirectory = (AbstractUserDirectory) ud;
+ String basePath = userDirectory.getBasePath();
+ if (isSystemRolesBaseDn(basePath)) {
this.systemRoles = userDirectory;
systemRoles.setExternalRoles(this);
this.systemRoles = userDirectory;
systemRoles.setExternalRoles(this);
- } else if (isTokensBaseDn(base
Dn
)) {
+ } else if (isTokensBaseDn(base
Path
)) {
this.tokens = userDirectory;
tokens.setExternalRoles(this);
} else {
this.tokens = userDirectory;
tokens.setExternalRoles(this);
} else {
+ LdapName baseDn = toLdapName(basePath);
if (businessRoles.containsKey(baseDn))
throw new UserDirectoryException("There is already a user admin for " + baseDn);
businessRoles.put(baseDn, userDirectory);
if (businessRoles.containsKey(baseDn))
throw new UserDirectoryException("There is already a user admin for " + baseDn);
businessRoles.put(baseDn, userDirectory);
@@
-171,20
+177,9
@@
public class AggregatingUserAdmin implements UserAdmin {
}
/** Called after a new user directory has been added */
}
/** Called after a new user directory has been added */
- protected void postAdd(
Abstract
UserDirectory userDirectory) {
+ protected void postAdd(UserDirectory userDirectory) {
}
}
-// private UserAdmin findUserAdmin(User user) {
-// if (user == null)
-// throw new IllegalArgumentException("User should not be null");
-// AbstractUserDirectory userAdmin = findUserAdmin(user.getName());
-// if (user instanceof DirectoryUser) {
-// return userAdmin;
-// } else {
-// return userAdmin.scope(user);
-// }
-// }
-
private AbstractUserDirectory findUserAdmin(String name) {
try {
return findUserAdmin(new LdapName(name));
private AbstractUserDirectory findUserAdmin(String name) {
try {
return findUserAdmin(new LdapName(name));
@@
-223,12
+218,12
@@
public class AggregatingUserAdmin implements UserAdmin {
return res.get(0);
}
return res.get(0);
}
- protected boolean isSystemRolesBaseDn(
LdapName baseDn
) {
- return
baseDn
.equals(systemRolesBaseDn);
+ protected boolean isSystemRolesBaseDn(
String basePath
) {
+ return
toLdapName(basePath)
.equals(systemRolesBaseDn);
}
}
- protected boolean isTokensBaseDn(
LdapName baseDn
) {
- return tokensBaseDn != null &&
baseDn
.equals(tokensBaseDn);
+ protected boolean isTokensBaseDn(
String basePath
) {
+ return tokensBaseDn != null &&
toLdapName(basePath)
.equals(tokensBaseDn);
}
// protected Dictionary<String, Object> currentState() {
}
// protected Dictionary<String, Object> currentState() {
@@
-258,9
+253,10
@@
public class AggregatingUserAdmin implements UserAdmin {
userDirectory.destroy();
}
userDirectory.destroy();
}
- protected void removeUserDirectory(
LdapName baseDn
) {
- if (isSystemRolesBaseDn(base
Dn
))
+ protected void removeUserDirectory(
String basePath
) {
+ if (isSystemRolesBaseDn(base
Path
))
throw new UserDirectoryException("System roles cannot be removed ");
throw new UserDirectoryException("System roles cannot be removed ");
+ LdapName baseDn = toLdapName(basePath);
if (!businessRoles.containsKey(baseDn))
throw new UserDirectoryException("No user directory registered for " + baseDn);
AbstractUserDirectory userDirectory = businessRoles.remove(baseDn);
if (!businessRoles.containsKey(baseDn))
throw new UserDirectoryException("No user directory registered for " + baseDn);
AbstractUserDirectory userDirectory = businessRoles.remove(baseDn);
@@
-271,7
+267,7
@@
public class AggregatingUserAdmin implements UserAdmin {
* Called before each user directory is destroyed, so that additional actions
* can be performed.
*/
* Called before each user directory is destroyed, so that additional actions
* can be performed.
*/
- protected void preDestroy(
Abstract
UserDirectory userDirectory) {
+ protected void preDestroy(UserDirectory userDirectory) {
}
}
}
}
diff --git
a/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserUtils.java
b/org.argeo.util/src/org/argeo/osgi/useradmin/OsUserUtils.java
index ad6bf881653aabd565e1f16abfc99b69ea621f42..5d0cbf687c55cf1f07d90a7d72d091ff048dddec 100644
(file)
--- a/
org.argeo.util/src/org/argeo/osgi/useradmin/OsUserUtils.java
+++ b/
org.argeo.util/src/org/argeo/osgi/useradmin/OsUserUtils.java
@@
-10,9
+10,10
@@
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
+/** Log in based on JDK-provided OS integration. */
public class OsUserUtils {
public class OsUserUtils {
- private static String LOGIN_CONTEXT_USER_NIX = "USER_NIX";
- private static String LOGIN_CONTEXT_USER_NT = "USER_NT";
+ private
final
static String LOGIN_CONTEXT_USER_NIX = "USER_NIX";
+ private
final
static String LOGIN_CONTEXT_USER_NT = "USER_NT";
public static String getOsUsername() {
return System.getProperty("user.name");
public static String getOsUsername() {
return System.getProperty("user.name");
diff --git
a/org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectory.java
b/org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectory.java
index ff80c5ac8385bf4aacac7699102754004cbdb6a6..7d773a9e72283aed73fabe695314e1cd2da12a4f 100644
(file)
--- a/
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectory.java
+++ b/
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectory.java
@@
-1,15
+1,22
@@
package org.argeo.osgi.useradmin;
package org.argeo.osgi.useradmin;
-import javax.naming.ldap.LdapName;
-import javax.transaction.xa.XAResource;
+import java.util.Optional;
+
+import org.argeo.osgi.transaction.WorkControl;
/** Information about a user directory. */
public interface UserDirectory {
/** Information about a user directory. */
public interface UserDirectory {
- /** The base DN of all entries in this user directory */
- LdapName getBaseDn();
+ /**
+ * The base of the hierarchy defined by this directory. This could typically be
+ * an LDAP base DN.
+ */
+ String getBasePath();
+
+// /** The base DN of all entries in this user directory */
+// LdapName getBaseDn();
-
/** The related {@link XAResource} */
-
XAResource getXaResource();
+
//
/** The related {@link XAResource} */
+
//
XAResource getXaResource();
boolean isReadOnly();
boolean isReadOnly();
@@
-22,4
+29,9
@@
public interface UserDirectory {
String getGroupObjectClass();
String getGroupBase();
String getGroupObjectClass();
String getGroupBase();
+
+ Optional<String> getRealm();
+
+ @Deprecated
+ void setTransactionControl(WorkControl transactionControl);
}
}
diff --git
a/org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectoryException.java
b/org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectoryException.java
index 613d0fdf0abb600776341750933162820428d466..0140a196d3db3d4b831e811bdbf7b68e682b3d53 100644
(file)
--- a/
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectoryException.java
+++ b/
org.argeo.util/src/org/argeo/osgi/useradmin/UserDirectoryException.java
@@
-6,6
+6,7
@@
import org.osgi.service.useradmin.UserAdmin;
* Exceptions related to Argeo's implementation of OSGi {@link UserAdmin}
* service.
*/
* Exceptions related to Argeo's implementation of OSGi {@link UserAdmin}
* service.
*/
+@Deprecated
public class UserDirectoryException extends RuntimeException {
private static final long serialVersionUID = 1419352360062048603L;
public class UserDirectoryException extends RuntimeException {
private static final long serialVersionUID = 1419352360062048603L;