import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
-import org.argeo.cms.internal.osgi.NodeUserAdmin;
import org.argeo.cms.internal.runtime.CmsContextImpl;
import org.argeo.cms.security.CryptoKeyring;
import org.argeo.osgi.useradmin.AuthenticatingUser;
throw new LoginException("Kerberos login " + authenticatingUser.getName()
+ " is inconsistent with user admin login " + authenticatedUser.getName());
}
+ if (log.isTraceEnabled())
+ log.trace("Retrieve authorization for " + authenticatingUser + "... ");
authorization = Subject.doAs(subject, new PrivilegedAction<Authorization>() {
@Override
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.Subject;
-import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosTicket;
import org.argeo.util.CurrentSubject;
package org.argeo.osgi.useradmin;
-import java.util.Dictionary;
-
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
return USER;
}
- @Override
- public Dictionary<String, Object> getCredentials() {
- return credentials;
- }
}
}
+ @Override
+ public Attributes doGetAttributes(LdapName name) {
+ try {
+ return doGetEntry(name).getAttributes();
+ } catch (NameNotFoundException e) {
+ throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn(), e);
+ }
+ }
}
private Attributes publishedAttributes;
// Temporarily expose the fields
- protected final AttributeDictionary properties;
- protected final AttributeDictionary credentials;
+ protected AttributeDictionary properties;
+ protected AttributeDictionary credentials;
protected DefaultLdapEntry(AbstractLdapDirectory directory, LdapName dn, Attributes attributes) {
Objects.requireNonNull(directory);
this.directory = directory;
this.dn = dn;
this.publishedAttributes = attributes;
- properties = new AttributeDictionary(false);
- credentials = new AttributeDictionary(true);
+// properties = new AttributeDictionary(false);
+// credentials = new AttributeDictionary(true);
}
@Override
}
public synchronized Attributes getAttributes() {
+ // lazy loading
+ if (publishedAttributes == null)
+ publishedAttributes = getDirectory().getDirectoryDao().doGetAttributes(dn);
return isEditing() ? getModifiedAttributes() : publishedAttributes;
}
public synchronized void publishAttributes(Attributes modifiedAttributes) {
publishedAttributes = modifiedAttributes;
}
-
+
/*
* PROPERTIES
*/
@Override
public Dictionary<String, Object> getProperties() {
+ if (properties == null)
+ properties = new AttributeDictionary(false);
return properties;
}
+ public Dictionary<String, Object> getCredentials() {
+ if (credentials == null)
+ credentials = new AttributeDictionary(false);
+ return credentials;
+ }
+
/*
* CREDENTIALS
*/
}
}
+ public synchronized boolean entryExists(LdapName name) throws NamingException {
+ String[] noAttrOID = new String[] { "1.1" };
+ try {
+ getLdapContext().getAttributes(name, noAttrOID);
+ return true;
+ } catch (CommunicationException e) {
+ reconnect();
+ getLdapContext().getAttributes(name, noAttrOID);
+ return true;
+ } catch (NameNotFoundException e) {
+ return false;
+ }
+ }
+
public synchronized void prepareChanges(WorkingCopy<?, ?, LdapName> wc) throws NamingException {
// make sure connection will work
reconnect();
}
- protected boolean entryExists(LdapName dn) throws NamingException {
- try {
- return getAttributes(dn).size() != 0;
- } catch (NameNotFoundException e) {
- return false;
- }
- }
+// protected boolean entryExists(LdapName dn) throws NamingException {
+// try {
+// return getAttributes(dn).size() != 0;
+// } catch (NameNotFoundException e) {
+// return false;
+// }
+// }
public synchronized void commitChanges(LdapEntryWorkingCopy wc) throws NamingException {
// delete
@Override
public Boolean entryExists(LdapName dn) {
try {
- return doGetEntry(dn) != null;
+ return ldapConnection.entryExists(dn);
} catch (NameNotFoundException e) {
return false;
+ } catch (NamingException e) {
+ throw new IllegalStateException("Cannot check " + dn, e);
}
}
@Override
public LdapEntry doGetEntry(LdapName name) throws NameNotFoundException {
- try {
- Attributes attrs = ldapConnection.getAttributes(name);
- if (attrs.size() == 0)
- return null;
+ if (!entryExists(name))
+ throw new NameNotFoundException(name + " was not found in " + getDirectory().getBaseDn());
+// try {
+// Attributes attrs = ldapConnection.getAttributes(name);
+// if (attrs.size() == 0)
+// return null;
+
// int roleType = roleType(name);
LdapEntry res;
Rdn technicalRdn = LdapNameUtils.getParentRdn(name);
if (getDirectory().getGroupBaseRdn().equals(technicalRdn))
- res = newGroup(name, attrs);
+ res = newGroup(name, null);
else if (getDirectory().getSystemRoleBaseRdn().equals(technicalRdn))
- res = newGroup(name, attrs);
+ res = newGroup(name, null);
else if (getDirectory().getUserBaseRdn().equals(technicalRdn))
- res = newUser(name, attrs);
+ res = newUser(name, null);
else
- res = new DefaultLdapEntry(getDirectory(), name, attrs);
+ res = new DefaultLdapEntry(getDirectory(), name, null);
// if (isGroup(name))
// res = newGroup(name, attrs);
// else
// else
// throw new IllegalArgumentException("Unsupported LDAP type for " + name);
return res;
- } catch (NameNotFoundException e) {
- throw e;
- } catch (NamingException e) {
- return null;
- }
+// } catch (NameNotFoundException e) {
+// throw e;
+// }
}
// protected boolean isGroup(LdapName dn) {
// "Cannot find role type, " + technicalRdn + " is not a technical RDN for " + dn);
// }
+ @Override
+ public Attributes doGetAttributes(LdapName name) {
+ try {
+ Attributes attrs = ldapConnection.getAttributes(name);
+ return attrs;
+ } catch (NamingException e) {
+ throw new IllegalStateException("Cannot get attributes for " + name);
+ }
+ }
+
@Override
public List<LdapEntry> doGetEntries(LdapName searchBase, String f, boolean deep) {
ArrayList<LdapEntry> res = new ArrayList<>();
LdapEntry doGetEntry(LdapName name) throws NameNotFoundException;
+ Attributes doGetAttributes(LdapName name);
+
List<LdapEntry> doGetEntries(LdapName searchBase, String filter, boolean deep);
List<LdapName> getDirectGroups(LdapName dn);
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
-import java.util.Dictionary;
import java.util.HashSet;
-import java.util.Hashtable;
import java.util.List;
import java.util.NavigableMap;
import java.util.Objects;
import javax.naming.directory.Attributes;
import javax.naming.ldap.LdapName;
-import org.argeo.util.directory.DirectoryConf;
import org.argeo.util.directory.HierarchyUnit;
import org.argeo.util.naming.LdapObjs;
import org.osgi.framework.Filter;
// return scopedUserAdmin;
// }
- private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
- Hashtable<String, Object> res = new Hashtable<String, Object>();
- res.put(DirectoryConf.uri.name(), uri);
- res.put(DirectoryConf.baseDn.name(), baseDn);
- return res;
- }
+// private static Dictionary<String, Object> fromUri(String uri, String baseDn) {
+// Hashtable<String, Object> res = new Hashtable<String, Object>();
+// res.put(DirectoryConf.uri.name(), uri);
+// res.put(DirectoryConf.baseDn.name(), baseDn);
+// return res;
+// }
public void init() {
throw new NameNotFoundException(key + " not persisted");
}
+ @Override
+ public Attributes doGetAttributes(LdapName name) {
+ try {
+ return doGetEntry(name).getAttributes();
+ } catch (NameNotFoundException e) {
+ throw new IllegalStateException(name + " doe not exist in " + getDirectory().getBaseDn(), e);
+ }
+ }
+
@Override
public Boolean entryExists(LdapName dn) {
return entries.containsKey(dn);// || groups.containsKey(dn);