Fix LDIF user directory scoping

author Mathieu Baudier <mbaudier@argeo.org>

Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)

committer Mathieu Baudier <mbaudier@argeo.org>

Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)
author Mathieu Baudier <mbaudier@argeo.org>
Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)
committer Mathieu Baudier <mbaudier@argeo.org>
Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)
diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java

index aab96dd7ad4cf7c319e34da4fe1c15a9517c003e..8668152d6d7aac69a77c20d879cc92b75e10b539 100644 (file)
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdifUserAdmin.java
@@ -10,6 +10,7 @@ import java.io.InputStream;
  import java.io.OutputStream;
  import java.net.URI;
  import java.util.ArrayList;
+import java.util.Collections;
  import java.util.Dictionary;
  import java.util.HashSet;
  import java.util.Hashtable;
@@ -50,17 +51,29 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                 super(uri, properties);
         }
  
-       @Deprecated
-       public LdifUserAdmin(InputStream in) {
-               super(null, new Hashtable<String, Object>());
-               load(in);
-       }
-
+       @SuppressWarnings("unchecked")
         @Override
         protected AbstractUserDirectory scope(User user) {
+               Dictionary<String, Object> credentials = user.getCredentials();
+               String username = (String) credentials.get(SHARED_STATE_USERNAME);
+               if (username == null)
+                       username = user.getName();
+               Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
+               byte[] pwd = (byte[]) pwdCred;
+               if (pwd != null) {
+                       char[] password = DigestUtils.bytesToChars(pwd);
+                       User directoryUser = (User) getRole(username);
+                       if (!directoryUser.hasCredential(null, password))
+                               throw new UserDirectoryException("Invalid credentials");
+               } else {
+                       throw new UserDirectoryException("Password is required");
+               }
                 Dictionary<String, Object> properties = cloneProperties();
                 properties.put(UserAdminConf.readOnly.name(), "true");
-               return new LdifUserAdmin(properties);
+               LdifUserAdmin scopedUserAdmin = new LdifUserAdmin(properties);
+               scopedUserAdmin.groups = Collections.unmodifiableSortedMap(groups);
+               scopedUserAdmin.users = Collections.unmodifiableSortedMap(users);
+               return scopedUserAdmin;
         }
  
         private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
@@ -149,9 +162,7 @@ public class LdifUserAdmin extends AbstractUserDirectory {
         public void destroy() {
                 if (users == null || groups == null)
                         throw new UserDirectoryException("User directory " + getBaseDn() + " is already destroyed");
-               users.clear();
                 users = null;
-               groups.clear();
                 groups = null;
         }
  
@@ -177,13 +188,6 @@ public class LdifUserAdmin extends AbstractUserDirectory {
                         res.addAll(groups.values());
                 } else {
                         for (DirectoryUser user : users.values()) {
-                               // System.out.println("\n" + user.getName());
-                               // Dictionary<String, Object> props = user.getProperties();
-                               // for (Enumeration<String> keys = props.keys(); keys
-                               // .hasMoreElements();) {
-                               // String key = keys.nextElement();
-                               // System.out.println(" " + key + "=" + props.get(key));
-                               // }
                                 if (f.match(user.getProperties()))
                                         res.add(user);
                         }
author	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Wed, 15 Nov 2017 12:14:01 +0000 (13:14 +0100)