--- /dev/null
+package org.argeo.api.cms.directory;
+
+import org.osgi.service.useradmin.Authorization;
+
+/** An authorisation to a CMS system. */
+public interface CmsAuthorization extends Authorization {
+ /** The role which did imply this role, <code>null</code> if a direct role. */
+ default String getImplyingRole(String role) {
+ return null;
+ }
+}
--- /dev/null
+package org.argeo.api.cms.directory;
+
+import java.util.Optional;
+
+import org.argeo.api.cms.transaction.WorkControl;
+
+/** An information directory (typically LDAP). */
+public interface CmsDirectory extends HierarchyUnit {
+ String getName();
+
+ /** Whether this directory is read only. */
+ boolean isReadOnly();
+
+ /** Whether this directory is disabled. */
+ boolean isDisabled();
+
+ /** The realm (typically Kerberos) of this directory. */
+ Optional<String> getRealm();
+
+ /** Sets the transaction control used by this directory when editing. */
+ void setTransactionControl(WorkControl transactionControl);
+
+ /*
+ * HIERARCHY
+ */
+
+ /** The hierarchy unit at this path. */
+ HierarchyUnit getHierarchyUnit(String path);
+
+ /** Create a new hierarchy unit. */
+ HierarchyUnit createHierarchyUnit(String path);
+}
--- /dev/null
+package org.argeo.api.cms.directory;
+
+import org.osgi.service.useradmin.Group;
+
+/** A group in a user directroy. */
+public interface CmsGroup extends Group, CmsUser {
+// List<LdapName> getMemberNames();
+}
--- /dev/null
+package org.argeo.api.cms.directory;
+
+import org.osgi.service.useradmin.User;
+
+/**
+ * An entity with credentials which can log in to a system. Can be a real person
+ * or not.
+ */
+public interface CmsUser extends User {
+}
+++ /dev/null
-package org.argeo.api.cms.directory;
-
-import java.util.Optional;
-
-import org.argeo.api.cms.transaction.WorkControl;
-
-/** An information directory (typicylly LDAP). */
-public interface Directory extends HierarchyUnit {
- String getName();
-
- /** Whether this directory is read only. */
- boolean isReadOnly();
-
- /** Whether this directory is disabled. */
- boolean isDisabled();
-
- /** The realm (typically Kerberos) of this directory. */
- Optional<String> getRealm();
-
- /** Sets the transaction control used by this directory when editing. */
- void setTransactionControl(WorkControl transactionControl);
-
- /*
- * HIERARCHY
- */
-
- /** The hierarchy unit at this path. */
- HierarchyUnit getHierarchyUnit(String path);
-
- /** Create a new hierarchy unit. */
- HierarchyUnit createHierarchyUnit(String path);
-}
/**
* The parent {@link HierarchyUnit}, or <code>null</code> if a
- * {@link Directory}.
+ * {@link CmsDirectory}.
*/
HierarchyUnit getParent();
*/
String getBase();
- /** The related {@link Directory}. */
- Directory getDirectory();
+ /** The related {@link CmsDirectory}. */
+ CmsDirectory getDirectory();
/** Its metadata (typically LDAP attributes). */
Dictionary<String, Object> getProperties();
--- /dev/null
+package org.argeo.api.cms.directory;
+
+import org.osgi.service.useradmin.Role;
+
+/** Information about a user directory. */
+public interface UserDirectory extends CmsDirectory {
+
+ HierarchyUnit getHierarchyUnit(Role role);
+
+ Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep);
+
+ String getRolePath(Role role);
+
+ String getRoleSimpleName(Role role);
+
+ Role getRoleByPath(String path);
+}
import javax.security.auth.Subject;
+import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.auth.SystemRole;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
import org.osgi.framework.InvalidSyntaxException;
-import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
// Other users
/** Returns a {@link User} given a username */
- User getUser(String username);
+ CmsUser getUser(String username);
/** Can be a group or a user */
String getUserDisplayName(String dn);
Role[] getRoles(String filter) throws InvalidSyntaxException;
/** Recursively lists users in a given group. */
- Set<User> listUsersInGroup(String groupDn, String filter);
+ Set<CmsUser> listUsersInGroup(String groupDn, String filter);
/** Search among groups including system roles and users if needed */
- List<User> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles);
+ List<CmsUser> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles);
// /**
// * Lists functional accounts, that is users with regular access to the system
* EDITION
*/
/** Creates a new user. */
- User createUser(String username, Map<String, Object> properties, Map<String, Object> credentials);
+ CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials);
/** Creates a group. */
- Group getOrCreateGroup(HierarchyUnit groups, String commonName);
+ CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName);
/** Creates a new system role. */
- Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole);
+ CmsGroup getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole);
/** Add additional object classes to this role. */
void addObjectClasses(Role role, Set<String> objectClasses, Map<String, Object> additionalProperties);
Map<String, Object> additionalProperties);
/** Add a member to this group. */
- void addMember(Group group, Role role);
-
+ void addMember(CmsGroup group, Role role);
+
void edit(Runnable action);
/* MISCELLANEOUS */
* to localId within the various user repositories defined in the current
* context.
*/
- User getUserFromLocalId(String localId);
+ CmsUser getUserFromLocalId(String localId);
void changeOwnPassword(char[] oldPassword, char[] newPassword);
import org.argeo.api.acr.ContentSession;
import org.argeo.api.acr.DName;
import org.argeo.api.cms.CmsAuth;
-import org.argeo.api.cms.directory.Directory;
+import org.argeo.api.cms.directory.CmsDirectory;
import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.CmsUserManager;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
import org.argeo.cms.util.CurrentSubject;
import org.osgi.service.useradmin.Role;
}
public static Content hierarchyUnitToContent(ContentSession contentSession, HierarchyUnit hierarchyUnit) {
- Directory directory = hierarchyUnit.getDirectory();
+ CmsDirectory directory = hierarchyUnit.getDirectory();
StringJoiner relativePath = new StringJoiner(SLASH_STRING);
buildHierarchyUnitPath(hierarchyUnit, relativePath);
String path = directoryPath(directory) + relativePath.toString();
return content;
}
- /** The path to this {@link Directory}. Ends with a /. */
- private static String directoryPath(Directory directory) {
+ /** The path to this {@link CmsDirectory}. Ends with a /. */
+ private static String directoryPath(CmsDirectory directory) {
return CmsContentRepository.DIRECTORY_BASE + SLASH + directory.getName() + SLASH;
}
import org.argeo.api.acr.Content;
import org.argeo.api.acr.ContentName;
import org.argeo.api.acr.spi.ProvidedSession;
-import org.argeo.api.cms.directory.Directory;
+import org.argeo.api.cms.directory.CmsDirectory;
import org.argeo.api.cms.directory.HierarchyUnit;
class DirectoryContent extends AbstractDirectoryContent {
- private Directory directory;
+ private CmsDirectory directory;
- public DirectoryContent(ProvidedSession session, DirectoryContentProvider provider, Directory directory) {
+ public DirectoryContent(ProvidedSession session, DirectoryContentProvider provider, CmsDirectory directory) {
super(session, provider);
this.directory = directory;
}
import org.argeo.api.acr.spi.ProvidedContent;
import org.argeo.api.acr.spi.ProvidedSession;
import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.acr.AbstractContent;
import org.argeo.cms.acr.ContentUtils;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
import org.osgi.service.useradmin.User;
public class DirectoryContentProvider implements ContentProvider {
import org.argeo.api.acr.CrName;
import org.argeo.api.acr.DName;
import org.argeo.api.acr.spi.ProvidedSession;
-import org.argeo.api.cms.directory.Directory;
+import org.argeo.api.cms.directory.CmsDirectory;
import org.argeo.api.cms.directory.HierarchyUnit;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
+import org.argeo.api.cms.directory.UserDirectory;
import org.osgi.service.useradmin.Role;
class HierarchyUnitContent extends AbstractDirectoryContent {
@Override
public Content getParent() {
HierarchyUnit parentHu = hierarchyUnit.getParent();
- if (parentHu instanceof Directory) {
+ if (parentHu instanceof CmsDirectory) {
return new DirectoryContent(getSession(), provider, hierarchyUnit.getDirectory());
}
return new HierarchyUnitContent(getSession(), provider, parentHu);
import org.argeo.api.acr.Content;
import org.argeo.api.acr.ContentName;
import org.argeo.api.acr.spi.ProvidedSession;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
+import org.argeo.api.cms.directory.UserDirectory;
import org.osgi.service.useradmin.Group;
import org.osgi.service.useradmin.Role;
import org.osgi.service.useradmin.User;
import org.argeo.api.acr.ldap.LdapAttrs;
import org.argeo.api.acr.ldap.LdapObjs;
-import org.argeo.api.cms.directory.Directory;
+import org.argeo.api.cms.directory.CmsDirectory;
import org.argeo.api.cms.directory.HierarchyUnit;
import org.argeo.api.cms.transaction.WorkControl;
import org.argeo.api.cms.transaction.WorkingCopyXaResource;
import org.argeo.cms.osgi.useradmin.OsUserDirectory;
import org.argeo.cms.runtime.DirectoryConf;
-/** A {@link Directory} based either on LDAP or LDIF. */
-public abstract class AbstractLdapDirectory implements Directory, XAResourceProvider {
+/** A {@link CmsDirectory} based either on LDAP or LDIF. */
+public abstract class AbstractLdapDirectory implements CmsDirectory, XAResourceProvider {
protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name";
protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password";
}
@Override
- public Directory getDirectory() {
+ public CmsDirectory getDirectory() {
return this;
}
import org.argeo.api.acr.ldap.NamingUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
+import org.argeo.api.cms.directory.CmsGroup;
+import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.api.cms.transaction.WorkTransaction;
import org.argeo.cms.CmsUserManager;
import org.argeo.cms.auth.CurrentUser;
import org.argeo.cms.directory.ldap.SharedSecret;
import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.cms.osgi.useradmin.TokenUtils;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
import org.argeo.cms.runtime.DirectoryConf;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
// ALL USER: WARNING access to this will be later reduced
/** Retrieve a user given his dn, or <code>null</code> if it doesn't exist. */
- public User getUser(String dn) {
- return (User) getUserAdmin().getRole(dn);
+ public CmsUser getUser(String dn) {
+ return (CmsUser) getUserAdmin().getRole(dn);
}
/** Can be a group or a user */
return false;
}
- public Set<User> listUsersInGroup(String groupDn, String filter) {
+ public Set<CmsUser> listUsersInGroup(String groupDn, String filter) {
Group group = (Group) userAdmin.getRole(groupDn);
if (group == null)
throw new IllegalArgumentException("Group " + groupDn + " not found");
- Set<User> users = new HashSet<User>();
+ Set<CmsUser> users = new HashSet<>();
addUsers(users, group, filter);
return users;
}
// }
/** Recursively add users to list */
- private void addUsers(Set<User> users, Group group, String filter) {
+ private void addUsers(Set<CmsUser> users, Group group, String filter) {
Role[] roles = group.getMembers();
for (Role role : roles) {
if (role.getType() == Role.GROUP) {
- addUsers(users, (Group) role, filter);
+ addUsers(users, (CmsGroup) role, filter);
} else if (role.getType() == Role.USER) {
if (match(role, filter))
- users.add((User) role);
+ users.add((CmsUser) role);
} else {
// ignore
}
}
}
- public List<User> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
+ public List<CmsUser> listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) {
Role[] roles = null;
try {
roles = getUserAdmin().getRoles(filter);
throw new IllegalArgumentException("Unable to get roles with filter: " + filter, e);
}
- List<User> users = new ArrayList<User>();
+ List<CmsUser> users = new ArrayList<>();
for (Role role : roles) {
if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role)
&& (includeSystemRoles
|| !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) {
if (match(role, filter))
- users.add((User) role);
+ users.add((CmsUser) role);
}
}
return users;
}
@Override
- public User getUserFromLocalId(String localId) {
- User user = getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
+ public CmsUser getUserFromLocalId(String localId) {
+ CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId);
if (user == null)
- user = getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
+ user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId);
return user;
}
* EDITION
*/
@Override
- public User createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
+ public CmsUser createUser(String username, Map<String, Object> properties, Map<String, Object> credentials) {
try {
userTransaction.begin();
- User user = (User) userAdmin.createRole(username, Role.USER);
+ CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER);
if (properties != null) {
for (String key : properties.keySet())
user.getProperties().put(key, properties.get(key));
}
@Override
- public Group getOrCreateGroup(HierarchyUnit groups, String commonName) {
+ public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) {
try {
String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase();
- Group group = (Group) getUserAdmin().getRole(dn);
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
userTransaction.begin();
- group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
return group;
} catch (Exception e) {
}
@Override
- public Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) {
+ public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) {
try {
String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole.getName()) + ","
+ roles.getBase();
- Group group = (Group) getUserAdmin().getRole(dn);
+ CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn);
if (group != null)
return group;
userTransaction.begin();
- group = (Group) userAdmin.createRole(dn, Role.GROUP);
+ group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP);
userTransaction.commit();
return group;
} catch (Exception e) {
}
@Override
- public void addMember(Group group, Role role) {
+ public void addMember(CmsGroup group, Role role) {
try {
userTransaction.begin();
group.addMember(role);
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.CmsState;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.api.cms.transaction.WorkControl;
import org.argeo.api.cms.transaction.WorkTransaction;
import org.argeo.cms.CmsDeployProperty;
import org.argeo.cms.dns.DnsBrowser;
import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin;
import org.argeo.cms.osgi.useradmin.DirectoryUserAdmin;
-import org.argeo.cms.osgi.useradmin.UserDirectory;
import org.argeo.cms.runtime.DirectoryConf;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import javax.security.auth.x500.X500Principal;
+import org.argeo.api.cms.directory.CmsAuthorization;
import org.osgi.service.useradmin.Authorization;
/** An {@link Authorization} which combines roles form various auth sources. */
-class AggregatingAuthorization implements Authorization {
+class AggregatingAuthorization implements CmsAuthorization {
private final String name;
private final String displayName;
private final Set<String> systemRoles;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
+import org.argeo.api.cms.directory.CmsUser;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.runtime.DirectoryConf;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.useradmin.Authorization;
private DirectoryUserAdmin userAdminToUse(User user, DirectoryUserAdmin userAdmin) {
if (userAdmin.isAuthenticated())
return userAdmin;
- if (user instanceof DirectoryUser) {
+ if (user instanceof CmsUser) {
return userAdmin;
} else if (user instanceof AuthenticatingUser) {
return userAdmin.scope(user).orElse(null);
+++ /dev/null
-package org.argeo.cms.osgi.useradmin;
-
-import org.osgi.service.useradmin.Group;
-
-/** A group in a user directroy. */
-interface DirectoryGroup extends Group, DirectoryUser {
-// List<LdapName> getMemberNames();
-}
+++ /dev/null
-package org.argeo.cms.osgi.useradmin;
-
-import org.osgi.service.useradmin.User;
-
-/** A user in a user directory. */
-interface DirectoryUser extends User {
-}
import javax.security.auth.kerberos.KerberosTicket;
import org.argeo.api.cms.directory.DirectoryDigestUtils;
+import org.argeo.api.cms.directory.CmsUser;
import org.argeo.api.cms.directory.HierarchyUnit;
+import org.argeo.api.cms.directory.UserDirectory;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.argeo.cms.directory.ldap.LdapDao;
import org.argeo.cms.directory.ldap.LdapEntry;
}
}
- protected List<Role> getAllRoles(DirectoryUser user) {
+ protected List<Role> getAllRoles(CmsUser user) {
List<Role> allRoles = new ArrayList<Role>();
if (user != null) {
collectRoles((LdapEntry) user, allRoles);
return res.toArray(new Role[res.size()]);
}
- List<DirectoryUser> getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException {
+ List<CmsUser> getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException {
LdapEntryWorkingCopy wc = getWorkingCopy();
// Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
List<LdapEntry> searchRes = getDirectoryDao().doGetEntries(searchBase, filter, deep);
- List<DirectoryUser> res = new ArrayList<>();
+ List<CmsUser> res = new ArrayList<>();
for (LdapEntry entry : searchRes)
- res.add((DirectoryUser) entry);
+ res.add((CmsUser) entry);
if (wc != null) {
- for (Iterator<DirectoryUser> it = res.iterator(); it.hasNext();) {
- DirectoryUser user = (DirectoryUser) it.next();
+ for (Iterator<CmsUser> it = res.iterator(); it.hasNext();) {
+ CmsUser user = (CmsUser) it.next();
LdapName dn = LdapNameUtils.toLdapName(user.getName());
if (wc.getDeletedData().containsKey(dn))
it.remove();
}
Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null;
for (LdapEntry ldapEntry : wc.getNewData().values()) {
- DirectoryUser user = (DirectoryUser) ldapEntry;
+ CmsUser user = (CmsUser) ldapEntry;
if (f == null || f.match(user.getProperties()))
res.add(user);
}
@Override
public User getUser(String key, String value) {
// TODO check value null or empty
- List<DirectoryUser> collectedUsers = new ArrayList<DirectoryUser>();
+ List<CmsUser> collectedUsers = new ArrayList<CmsUser>();
if (key != null) {
doGetUser(key, value, collectedUsers);
} else {
return null;
}
- protected void doGetUser(String key, String value, List<DirectoryUser> collectedUsers) {
+ protected void doGetUser(String key, String value, List<CmsUser> collectedUsers) {
String f = "(" + key + "=" + value + ")";
List<LdapEntry> users = getDirectoryDao().doGetEntries(getBaseDn(), f, true);
for (LdapEntry entry : users)
- collectedUsers.add((DirectoryUser) entry);
+ collectedUsers.add((CmsUser) entry);
}
@Override
return getAuthorizationFromScoped(scopedUserAdmin, user);
}
- if (user instanceof DirectoryUser) {
- return new LdifAuthorization(user, getAllRoles((DirectoryUser) user));
+ if (user instanceof CmsUser) {
+ return new LdifAuthorization(user, getAllRoles((CmsUser) user));
} else {
// bind with authenticating user
DirectoryUserAdmin scopedUserAdmin = scope(user).orElseThrow();
private Authorization getAuthorizationFromScoped(DirectoryUserAdmin scopedUserAdmin, User user) {
try {
- DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName());
+ CmsUser directoryUser = (CmsUser) scopedUserAdmin.getRole(user.getName());
if (directoryUser == null)
throw new IllegalStateException("No scoped user found for " + user);
LdifAuthorization authorization = new LdifAuthorization(directoryUser,
import javax.naming.directory.Attribute;
import javax.naming.ldap.LdapName;
+import org.argeo.api.cms.directory.CmsGroup;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.osgi.service.useradmin.Role;
/** Directory group implementation */
-class LdifGroup extends LdifUser implements DirectoryGroup {
+class LdifGroup extends LdifUser implements CmsGroup {
private final String memberAttributeId;
LdifGroup(AbstractLdapDirectory userAdmin, LdapName dn) {
import javax.naming.ldap.LdapName;
+import org.argeo.api.cms.directory.CmsUser;
import org.argeo.cms.directory.ldap.AbstractLdapDirectory;
import org.argeo.cms.directory.ldap.DefaultLdapEntry;
/** Directory user implementation */
-class LdifUser extends DefaultLdapEntry implements DirectoryUser {
+class LdifUser extends DefaultLdapEntry implements CmsUser {
LdifUser(AbstractLdapDirectory userAdmin, LdapName dn) {
super(userAdmin, dn);
}
+++ /dev/null
-package org.argeo.cms.osgi.useradmin;
-
-import org.argeo.api.cms.directory.Directory;
-import org.argeo.api.cms.directory.HierarchyUnit;
-import org.osgi.service.useradmin.Role;
-
-/** Information about a user directory. */
-public interface UserDirectory extends Directory {
-
- HierarchyUnit getHierarchyUnit(Role role);
-
- Iterable<? extends Role> getHierarchyUnitRoles(HierarchyUnit hierarchyUnit, String filter, boolean deep);
-
- String getRolePath(Role role);
-
- String getRoleSimpleName(Role role);
-
- Role getRoleByPath(String path);
-}