interface BasicTestConstants {
final static String ROOT_USER_DN = "uid=root+cn=Super Admin,ou=People,dc=demo,dc=example,dc=org";
+ final static String DEMO_USER_DN = "uid=demo,ou=People,dc=demo,dc=example,dc=org";
final static String ADMIN_GROUP_DN = "cn=admin,ou=Roles,dc=demo,dc=example,dc=org";
+ final static String EDITOR_GROUP_DN = "cn=editor,ou=Roles,dc=demo,dc=example,dc=org";
}
package org.argeo.osgi.useradmin;
+import java.util.Arrays;
+import java.util.List;
+
import junit.framework.TestCase;
+import org.osgi.service.useradmin.Authorization;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
.getResourceAsStream("basic.ldif"));
User rootUser = (User) userAdmin.getRole(ROOT_USER_DN);
assertNotNull(rootUser);
+ User demoUser = (User) userAdmin.getRole(DEMO_USER_DN);
+ assertNotNull(demoUser);
+
Group adminGroup = (Group) userAdmin.getRole(ADMIN_GROUP_DN);
assertNotNull(adminGroup);
Role[] members = adminGroup.getMembers();
assertEquals(1, members.length);
- assertEquals(rootUser.getName(), members[0].getName());
+ assertEquals(rootUser, members[0]);
+
+ Group editorGroup = (Group) userAdmin.getRole(EDITOR_GROUP_DN);
+ assertNotNull(editorGroup);
+ members = editorGroup.getMembers();
+ assertEquals(2, members.length);
+ assertEquals(adminGroup, members[0]);
+ assertEquals(demoUser, members[1]);
+
+ Authorization rootAuth = userAdmin.getAuthorization(rootUser);
+ List<String> rootRoles = Arrays.asList(rootAuth.getRoles());
+ assertEquals(3, rootRoles.size());
+ assertTrue(rootRoles.contains(ROOT_USER_DN));
+ assertTrue(rootRoles.contains(ADMIN_GROUP_DN));
+ assertTrue(rootRoles.contains(EDITOR_GROUP_DN));
}
}
objectClass: groupOfNames
objectClass: top
cn: admin
-member: uid=root+cn=Super Admin,ou=People,dc=demo,dc=example,dc=org
\ No newline at end of file
+member: uid=root+cn=Super Admin,ou=People,dc=demo,dc=example,dc=org
+
+dn: cn=editor,ou=Roles,dc=demo,dc=example,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: admin
+member: cn=admin,ou=Roles,dc=demo,dc=example,dc=org
+member: uid=demo,ou=People,dc=demo,dc=example,dc=org
+
--- /dev/null
+package org.argeo.osgi.useradmin;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.osgi.service.useradmin.Authorization;
+import org.osgi.service.useradmin.Role;
+
+public class LdifAuthorization implements Authorization {
+ private final LdifUser user;
+
+ public LdifAuthorization(LdifUser user) {
+ this.user = user;
+ }
+
+ @Override
+ public String getName() {
+ return user.getName();
+ }
+
+ @Override
+ public boolean hasRole(String name) {
+ for (Role role : getAllRoles()) {
+ if (role.getName().equals(name))
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public String[] getRoles() {
+ List<Role> allRoles = getAllRoles();
+ String[] res = new String[allRoles.size() + 1];
+ res[0] = user.getName();
+ for (int i = 0; i < allRoles.size(); i++)
+ res[i + 1] = allRoles.get(i).getName();
+ return res;
+ }
+
+ List<Role> getAllRoles() {
+ List<Role> allRoles = new ArrayList<Role>();
+ collectRoles(user, allRoles);
+ return allRoles;
+ }
+
+ private void collectRoles(LdifUser user, List<Role> allRoles) {
+ for (LdifGroup group : user.directMemberOf) {
+ // TODO check for loops
+ allRoles.add(group);
+ collectRoles(group, allRoles);
+ }
+ }
+
+}
import org.osgi.service.useradmin.Role;
public class LdifGroup extends LdifUser implements Group {
+ // optimisation
+ List<Role> directMembers = null;
public LdifGroup(LdapName dn, Attributes attributes) {
super(dn, attributes);
@Override
public Role[] getMembers() {
+ if (directMembers != null)
+ return directMembers.toArray(new Role[directMembers.size()]);
+ else
+ throw new ArgeoUserAdminException("Members have not been loaded.");
+
+ // Attribute memberAttribute = getAttributes().get("member");
+ // if (memberAttribute == null)
+ // return new Role[0];
+ // try {
+ // List<Role> roles = new ArrayList<Role>();
+ // NamingEnumeration values = memberAttribute.getAll();
+ // while (values.hasMore()) {
+ // LdapName dn = new LdapName(values.next().toString());
+ // roles.add(new LdifUser(dn, null));
+ // }
+ // return roles.toArray(new Role[roles.size()]);
+ // } catch (Exception e) {
+ // throw new ArgeoUserAdminException("Cannot get members", e);
+ // }
+ }
+
+ void loadMembers(LdifUserAdmin userAdmin) {
+ directMembers = new ArrayList<Role>();
+ for (LdapName ldapName : getMemberNames()) {
+ LdifUser role;
+ if (userAdmin.groups.containsKey(ldapName))
+ role = userAdmin.groups.get(ldapName);
+ else if (userAdmin.users.containsKey(ldapName))
+ role = userAdmin.users.get(ldapName);
+ else
+ throw new ArgeoUserAdminException("No roel found for "
+ + ldapName);
+ role.directMemberOf.add(this);
+ directMembers.add(role);
+ }
+ }
+
+ List<LdapName> getMemberNames() {
Attribute memberAttribute = getAttributes().get("member");
if (memberAttribute == null)
- return new Role[0];
+ return new ArrayList<LdapName>();
try {
- List<Role> roles = new ArrayList<Role>();
+ List<LdapName> roles = new ArrayList<LdapName>();
NamingEnumeration values = memberAttribute.getAll();
while (values.hasMore()) {
LdapName dn = new LdapName(values.next().toString());
- roles.add(new LdifUser(dn, null));
+ roles.add(dn);
}
- return roles.toArray(new Role[roles.size()]);
+ return roles;
} catch (Exception e) {
throw new ArgeoUserAdminException("Cannot get members", e);
}
public int getType() {
return GROUP;
}
-
}
package org.argeo.osgi.useradmin;
+import java.util.ArrayList;
import java.util.Dictionary;
-import java.util.Hashtable;
+import java.util.List;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
import org.osgi.service.useradmin.User;
-import org.osgi.service.useradmin.UserAdmin;
class LdifUser implements User {
+ // optimisation
+ List<LdifGroup> directMemberOf = new ArrayList<LdifGroup>();
+
private final LdapName dn;
- private final Attributes attributes;
+ private Attributes attributes;
LdifUser(LdapName dn, Attributes attributes) {
this.dn = dn;
return attributes;
}
+ @Override
+ public int hashCode() {
+ return dn.hashCode();
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj instanceof LdifUser) {
+ LdifUser that = (LdifUser) obj;
+ return this.dn.equals(that.dn);
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return dn.toString();
+ }
+
}
import org.osgi.service.useradmin.UserAdmin;
public class LdifUserAdmin implements UserAdmin {
- private SortedMap<LdapName, Role> roles = new TreeMap<LdapName, Role>();
+ SortedMap<LdapName, LdifUser> users = new TreeMap<LdapName, LdifUser>();
+ SortedMap<LdapName, LdifGroup> groups = new TreeMap<LdapName, LdifGroup>();
public LdifUserAdmin(InputStream in) {
try {
objectClasses: while (objectClasses.hasMore()) {
String objectClass = objectClasses.next().toString();
if (objectClass.equals("inetOrgPerson")) {
- roles.put(key, new LdifUser(key, attributes));
+ users.put(key, new LdifUser(key, attributes));
break objectClasses;
} else if (objectClass.equals("groupOfNames")) {
- roles.put(key, new LdifGroup(key, attributes));
+ groups.put(key, new LdifGroup(key, attributes));
break objectClasses;
}
}
}
+
+ // optimise
+ for (LdifGroup group : groups.values()) {
+ group.loadMembers(this);
+ }
} catch (Exception e) {
throw new ArgeoUserAdminException(
"Cannot initialise user admin service from LDIF", e);
+ name, e);
}
- if (!roles.containsKey(key))
- return null;
- return roles.get(key);
+ if (groups.containsKey(key))
+ return groups.get(key);
+ if (users.containsKey(key))
+ return users.get(key);
+ return null;
}
@Override
public Authorization getAuthorization(User user) {
- // TODO Auto-generated method stub
- return null;
+ return new LdifAuthorization((LdifUser) user);
}
@Override