<service>
<provide interface="org.argeo.cms.e4.users.UserAdminWrapper"/>
</service>
+ <reference bind="addUserDirectory" cardinality="0..n" interface="org.argeo.osgi.useradmin.UserDirectory" name="UserDirectory" policy="static" unbind="removeUserDirectory"/>
</scr:component>
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Dictionary;
import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
import javax.transaction.Status;
import javax.transaction.UserTransaction;
import org.argeo.api.NodeConstants;
import org.argeo.cms.CmsException;
import org.argeo.osgi.useradmin.UserAdminConf;
+import org.argeo.osgi.useradmin.UserDirectory;
import org.osgi.service.useradmin.UserAdmin;
import org.osgi.service.useradmin.UserAdminEvent;
import org.osgi.service.useradmin.UserAdminListener;
private UserAdmin userAdmin;
// private ServiceReference<UserAdmin> userAdminServiceReference;
- private Set<String> uris;
+// private Set<String> uris;
+ private Map<UserDirectory, Hashtable<String, String>> userDirectories = Collections
+ .synchronizedMap(new LinkedHashMap<>());
private UserTransaction userTransaction;
// First effort to simplify UX while managing users and groups
public Map<String, String> getKnownBaseDns(boolean onlyWritable) {
Map<String, String> dns = new HashMap<String, String>();
- for (String uri : uris) {
- if (!uri.startsWith("/"))
- continue;
- Dictionary<String, ?> props = UserAdminConf.uriAsProperties(uri);
- String readOnly = UserAdminConf.readOnly.getValue(props);
- String baseDn = UserAdminConf.baseDn.getValue(props);
+ for (UserDirectory userDirectory : userDirectories.keySet()) {
+ Boolean readOnly = userDirectory.isReadOnly();
+ String baseDn = userDirectory.getBaseDn().toString();
- if (onlyWritable && "true".equals(readOnly))
+ if (onlyWritable && readOnly)
continue;
if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
continue;
if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN))
continue;
- dns.put(baseDn, uri);
+ dns.put(baseDn, UserAdminConf.propertiesAsUri(userDirectories.get(userDirectory)).toString());
+
}
+// for (String uri : uris) {
+// if (!uri.startsWith("/"))
+// continue;
+// Dictionary<String, ?> props = UserAdminConf.uriAsProperties(uri);
+// String readOnly = UserAdminConf.readOnly.getValue(props);
+// String baseDn = UserAdminConf.baseDn.getValue(props);
+//
+// if (onlyWritable && "true".equals(readOnly))
+// continue;
+// if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN))
+// continue;
+// if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN))
+// continue;
+// dns.put(baseDn, uri);
+// }
return dns;
}
/* DEPENDENCY INJECTION */
public void setUserAdmin(UserAdmin userAdmin, Map<String, String> properties) {
this.userAdmin = userAdmin;
- this.uris = Collections.unmodifiableSortedSet(new TreeSet<>(properties.keySet()));
+// this.uris = Collections.unmodifiableSortedSet(new TreeSet<>(properties.keySet()));
}
public void setUserTransaction(UserTransaction userTransaction) {
this.userTransaction = userTransaction;
}
+ public void addUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+ userDirectories.put(userDirectory, new Hashtable<>(properties));
+ }
+
+ public void removeUserDirectory(UserDirectory userDirectory, Map<String, String> properties) {
+ userDirectories.remove(userDirectory);
+ }
+
// public void setUserAdminServiceReference(
// ServiceReference<UserAdmin> userAdminServiceReference) {
// this.userAdminServiceReference = userAdminServiceReference;
OSGI-INF/filesServletContext.xml,\
OSGI-INF/filesServlet.xml
-Provide-Capability: cms.datamodel;name=argeo;cnd=/org/argeo/cms/argeo.cnd;abstract=true
+Provide-Capability: cms.datamodel;name=argeo;cnd=/org/argeo/cms/argeo.cnd;abstract=true,\
+osgi.service;objectClass="javax.jcr.Repository"
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.params.DefaultHttpParams;
import org.apache.commons.httpclient.params.HttpParams;
-import org.argeo.cms.internal.kernel.NodeHttp;
+import org.argeo.cms.internal.kernel.KernelConstants;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
} catch (URIException e1) {
throw new IllegalStateException("Cannot authenticate", e1);
}
- String serverPrinc = NodeHttp.DEFAULT_SERVICE + "@" + hostname;
+ String serverPrinc = KernelConstants.DEFAULT_KERBEROS_SERVICE + "@" + hostname;
try {
// Get service's principal name
String DEFAULT_HOME_BASE_PATH = "/home";
String DEFAULT_USERS_BASE_PATH = "/users";
String DEFAULT_GROUPS_BASE_PATH = "/groups";
+
+ // KERBEROS
+ String DEFAULT_KERBEROS_SERVICE = "HTTP";
// HTTP client
String COOKIE_POLICY_BROWSER_COMPATIBILITY = "compatibility";
public class NodeHttp implements KernelConstants {
private final static Log log = LogFactory.getLog(NodeHttp.class);
- public final static String DEFAULT_SERVICE = "HTTP";
-
private final BundleContext bc = FrameworkUtil.getBundle(getClass()).getBundleContext();
private ServiceTracker<Repository, Repository> repositories;
// OSGi
private Map<String, LdapName> pidToBaseDn = new HashMap<>();
private Map<String, ServiceRegistration<UserDirectory>> pidToServiceRegs = new HashMap<>();
- private ServiceRegistration<UserAdmin> userAdminReg;
+// private ServiceRegistration<UserAdmin> userAdminReg;
// JTA
private final ServiceTracker<TransactionManager, TransactionManager> tmTracker;
private GSSCredential acceptorCredentials;
private boolean singleUser = false;
- private boolean systemRolesAvailable = false;
+// private boolean systemRolesAvailable = false;
public NodeUserAdmin(String systemRolesBaseDn, String tokensBaseDn) {
super(systemRolesBaseDn, tokensBaseDn);
log.debug("User directory " + userDirectory.getBaseDn() + " [" + u.getScheme() + "] enabled."
+ (realm != null ? " " + realm + " realm." : ""));
- if (isSystemRolesBaseDn(baseDn))
- systemRolesAvailable = true;
-
- // start publishing only when system roles are available
- if (systemRolesAvailable) {
- // The list of baseDns is published as properties
- // TODO clients should rather reference USerDirectory services
- if (userAdminReg != null)
- userAdminReg.unregister();
- // register self as main user admin
- Dictionary<String, Object> userAdminregProps = currentState();
+ if (isSystemRolesBaseDn(baseDn)) {
+ // publishes only when system roles are available
+ Dictionary<String, Object> userAdminregProps = new Hashtable<>();
userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT);
userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
- userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps);
+ bc.registerService(UserAdmin.class, this, userAdminregProps);
}
+
+// if (isSystemRolesBaseDn(baseDn))
+// systemRolesAvailable = true;
+//
+// // start publishing only when system roles are available
+// if (systemRolesAvailable) {
+// // The list of baseDns is published as properties
+// // TODO clients should rather reference USerDirectory services
+// if (userAdminReg != null)
+// userAdminReg.unregister();
+// // register self as main user admin
+// Dictionary<String, Object> userAdminregProps = currentState();
+// userAdminregProps.put(NodeConstants.CN, NodeConstants.DEFAULT);
+// userAdminregProps.put(Constants.SERVICE_RANKING, Integer.MAX_VALUE);
+// userAdminReg = bc.registerService(UserAdmin.class, this, userAdminregProps);
+// }
}
@Override
boolean consistentIp = localhost.getHostAddress().equals(ipfromDns);
String kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT");
if (consistentIp && kerberosDomain != null && kerberosDomain.equals(realm) && Files.exists(nodeKeyTab)) {
- return NodeHttp.DEFAULT_SERVICE + "/" + hostname + "@" + kerberosDomain;
+ return KernelConstants.DEFAULT_KERBEROS_SERVICE + "/" + hostname + "@" + kerberosDomain;
} else
return null;
} catch (Exception e) {
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Set;
return tokensBaseDn != null && baseDn.equals(tokensBaseDn);
}
- protected Dictionary<String, Object> currentState() {
- Dictionary<String, Object> res = new Hashtable<String, Object>();
- // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
- for (LdapName name : businessRoles.keySet()) {
- AbstractUserDirectory userDirectory = businessRoles.get(name);
- String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
- res.put(uri, "");
- }
- return res;
- }
+// protected Dictionary<String, Object> currentState() {
+// Dictionary<String, Object> res = new Hashtable<String, Object>();
+// // res.put(NodeConstants.CN, NodeConstants.DEFAULT);
+// for (LdapName name : businessRoles.keySet()) {
+// AbstractUserDirectory userDirectory = businessRoles.get(name);
+// String uri = UserAdminConf.propertiesAsUri(userDirectory.getProperties()).toString();
+// res.put(uri, "");
+// }
+// return res;
+// }
public void destroy() {
for (LdapName name : businessRoles.keySet()) {
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.Dictionary;
-import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import org.argeo.naming.DnsBrowser;
import org.argeo.naming.NamingUtils;
-import org.osgi.framework.Constants;
/** Properties used to configure user admins. */
public enum UserAdminConf {
StringBuilder query = new StringBuilder();
boolean first = true;
- for (Enumeration<String> keys = properties.keys(); keys.hasMoreElements();) {
- String key = keys.nextElement();
- // TODO clarify which keys are relevant (list only the enum?)
- if (!key.equals("service.factoryPid") && !key.equals("cn") && !key.equals("dn")
- && !key.equals(Constants.SERVICE_PID) && !key.startsWith("java") && !key.equals(baseDn.name())
- && !key.equals(uri.name())) {
- if (first)
- first = false;
- else
- query.append('&');
- query.append(valueOf(key).name());
- query.append('=').append(properties.get(key).toString());
- }
+// for (Enumeration<String> keys = properties.keys(); keys.hasMoreElements();) {
+// String key = keys.nextElement();
+// // TODO clarify which keys are relevant (list only the enum?)
+// if (!key.equals("service.factoryPid") && !key.equals("cn") && !key.equals("dn")
+// && !key.equals(Constants.SERVICE_PID) && !key.startsWith("java") && !key.equals(baseDn.name())
+// && !key.equals(uri.name()) && !key.equals(Constants.OBJECTCLASS)
+// && !key.equals(Constants.SERVICE_ID) && !key.equals("bundle.id")) {
+// if (first)
+// first = false;
+// else
+// query.append('&');
+// query.append(valueOf(key).name());
+// query.append('=').append(properties.get(key).toString());
+// }
+// }
+
+ keys: for (UserAdminConf key : UserAdminConf.values()) {
+ if (key.equals(baseDn))
+ continue keys;
+ Object value = properties.get(key.name());
+ if (value == null)
+ continue keys;
+ if (first)
+ first = false;
+ else
+ query.append('&');
+ query.append(key.name());
+ query.append('=').append(value.toString());
+
}
- String bDn = (String) properties.get(baseDn.name());
+ Object bDnObj = properties.get(baseDn.name());
+ String bDn = bDnObj != null ? bDnObj.toString() : null;
try {
return new URI(null, null, bDn != null ? '/' + bDn : null, query.length() != 0 ? query.toString() : null,
null);