From: Mathieu Baudier Date: Sat, 5 Sep 2015 10:09:43 +0000 (+0000) Subject: Rename node roles X-Git-Tag: argeo-commons-2.1.30~176 X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=27d9f106d83b7e747ae99bfd21cc6d3cdb60c560;p=lgpl%2Fargeo-commons.git Rename node roles git-svn-id: https://svn.argeo.org/commons/trunk@8368 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/cms/KernelHeader.java b/org.argeo.cms/src/org/argeo/cms/KernelHeader.java index 620699abf..649fc9c04 100644 --- a/org.argeo.cms/src/org/argeo/cms/KernelHeader.java +++ b/org.argeo.cms/src/org/argeo/cms/KernelHeader.java @@ -9,13 +9,15 @@ public interface KernelHeader { final static String LOGIN_CONTEXT_SINGLE_USER = "SINGLE_USER"; // RESERVED ROLES - public final static String ROLE_ADMIN = "cn=admin,ou=system,ou=node"; - public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin,ou=system,ou=node"; - public final static String ROLE_USER_ADMIN = "cn=userAdmin,ou=system,ou=node"; + final static String ROLES_BASEDN = "ou=roles,ou=node"; + public final static String ROLE_ADMIN = "cn=admin," + ROLES_BASEDN; + public final static String ROLE_GROUP_ADMIN = "cn=groupAdmin," + + ROLES_BASEDN; + public final static String ROLE_USER_ADMIN = "cn=userAdmin," + ROLES_BASEDN; // Special system groups that cannot be edited: // user U anonymous = everyone - public final static String ROLE_USER = "cn=user,ou=system,ou=node"; - public final static String ROLE_ANONYMOUS = "cn=anonymous,ou=system,ou=node"; + public final static String ROLE_USER = "cn=user," + ROLES_BASEDN; + public final static String ROLE_ANONYMOUS = "cn=anonymous," + ROLES_BASEDN; // RESERVED USERNAMES public final static String USERNAME_ADMIN = "root"; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java index 2663650b9..a9a3e7e9a 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/KernelConstants.java @@ -19,8 +19,6 @@ public interface KernelConstants { // Node Security /** URI to an LDIF file used as initialization or backend */ final static String USERADMIN_URI = "argeo.node.useradmin.uri"; - final static String ROLES_BASEDN = "ou=system,ou=node"; - final static String[] DEFAULT_CNDS = { "/org/argeo/jcr/argeo.cnd", "/org/argeo/cms/cms.cnd" }; diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index 83216d048..0a512fff9 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -86,7 +86,7 @@ class NodeSecurity implements AuthenticationManager { File osgiInstanceDir = KernelUtils.getOsgiInstanceDir(); File homeDir = new File(osgiInstanceDir, "node"); - String baseNodeRoleDn = KernelConstants.ROLES_BASEDN; + String baseNodeRoleDn = KernelHeader.ROLES_BASEDN; File nodeRolesFile = new File(homeDir, baseNodeRoleDn + ".ldif"); try { FileUtils.copyInputStreamToFile( diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java index d8dcf0e36..5459a2d13 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeUserAdmin.java @@ -11,6 +11,7 @@ import java.util.Set; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; +import org.argeo.cms.KernelHeader; import org.argeo.osgi.useradmin.ArgeoUserAdminException; import org.argeo.osgi.useradmin.UserAdminAggregator; import org.osgi.framework.InvalidSyntaxException; @@ -23,7 +24,7 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator { final static LdapName ROLES_BASE; static { try { - ROLES_BASE = new LdapName(KernelConstants.ROLES_BASEDN); + ROLES_BASE = new LdapName(KernelHeader.ROLES_BASEDN); } catch (InvalidNameException e) { throw new ArgeoUserAdminException("Cannot initialize " + NodeUserAdmin.class, e); @@ -89,7 +90,7 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator { // @Override public synchronized void addUserAdmin(String baseDn, UserAdmin userAdmin) { - if (baseDn.equals(KernelConstants.ROLES_BASEDN)) { + if (baseDn.equals(KernelHeader.ROLES_BASEDN)) { nodeRoles = userAdmin; return; } @@ -107,7 +108,7 @@ public class NodeUserAdmin implements UserAdmin, UserAdminAggregator { @Override public synchronized void removeUserAdmin(String baseDn) { - if (baseDn.equals(KernelConstants.ROLES_BASEDN)) + if (baseDn.equals(KernelHeader.ROLES_BASEDN)) throw new ArgeoUserAdminException("Node roles cannot be removed."); LdapName base; try { diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/demo.ldif b/org.argeo.cms/src/org/argeo/cms/internal/kernel/demo.ldif index 7370ea5af..5c49cbadc 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/demo.ldif +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/demo.ldif @@ -3,39 +3,34 @@ objectClass: organizationalUnit objectClass: top ou: node -dn: ou=system,ou=node +dn: ou=roles,ou=node objectClass: organizationalUnit objectClass: top ou: system -dn: cn=admin,ou=system,ou=node +dn: cn=admin,ou=roles,ou=node objectClass: groupOfNames objectClass: top cn: admin member: uid=root,ou=users,dc=example,dc=com -dn: cn=userAdmin,ou=system,ou=node +dn: cn=userAdmin,ou=roles,ou=node objectClass: groupOfNames objectClass: top cn: userAdmin -member: cn=admin,ou=system,ou=node +member: cn=admin,ou=roles,ou=node member: uid=demo,ou=users,dc=example,dc=com -dn: cn=groupAdmin,ou=system,ou=node +dn: cn=groupAdmin,ou=roles,ou=node objectClass: groupOfNames objectClass: top cn: groupAdmin -member: cn=admin,ou=system,ou=node +member: cn=admin,ou=roles,ou=node -dn: ou=org.argeo.cms,ou=node -objectClass: organizationalUnit -objectClass: top -ou: org.argeo.cms - -dn: cn=editor,ou=org.argeo.cms,ou=node +dn: cn=org.argeo.cms.editor,ou=roles,ou=node objectClass: groupOfNames objectClass: top cn: editor -member: cn=admin,ou=system,ou=node +member: cn=admin,ou=roles,ou=node member: uid=demo,ou=users,dc=example,dc=com diff --git a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java index 466402d4e..b11d7b4b5 100644 --- a/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java +++ b/org.argeo.security.jackrabbit/src/org/argeo/security/jackrabbit/SystemJackrabbitLoginModule.java @@ -39,10 +39,10 @@ public class SystemJackrabbitLoginModule implements LoginModule { // FIXME make it more generic for (Principal principal : principals) { if (principal.getName().equalsIgnoreCase( - "cn=admin,ou=system,ou=node")) + "cn=admin,ou=roles,ou=node")) isAdmin = true; else if (principal.getName().equalsIgnoreCase( - "cn=anonymous,ou=system,ou=node")) + "cn=anonymous,ou=roles,ou=node")) isAnonymous = true; } diff --git a/org.argeo.security.ui.rap/plugin.xml b/org.argeo.security.ui.rap/plugin.xml index 68d88f240..09ca35826 100644 --- a/org.argeo.security.ui.rap/plugin.xml +++ b/org.argeo.security.ui.rap/plugin.xml @@ -122,7 +122,7 @@ - + @@ -135,7 +135,7 @@ - + diff --git a/org.argeo.security.ui/plugin.xml b/org.argeo.security.ui/plugin.xml index 6978b3bd6..b843d9c91 100644 --- a/org.argeo.security.ui/plugin.xml +++ b/org.argeo.security.ui/plugin.xml @@ -59,7 +59,7 @@ - + @@ -71,7 +71,7 @@ - + @@ -83,7 +83,7 @@ - + @@ -95,7 +95,7 @@ - + @@ -108,7 +108,7 @@ - +