From feddb4be70a8304dd4a533efee6e14c22691b500 Mon Sep 17 00:00:00 2001 From: Mathieu Date: Sat, 12 Nov 2022 07:52:01 +0100 Subject: [PATCH] Introduce CMS-specific user APIs, based at this stage on OSGi UserAdmin API --- .../api/cms/directory/CmsAuthorization.java | 11 +++++ .../{Directory.java => CmsDirectory.java} | 4 +- .../org/argeo/api/cms/directory/CmsGroup.java | 4 +- .../org/argeo/api/cms/directory/CmsUser.java | 10 ++++ .../api/cms/directory/HierarchyUnit.java | 6 +-- .../api/cms/directory}/UserDirectory.java | 6 +-- .../src/org/argeo/cms/CmsUserManager.java | 23 ++++----- .../src/org/argeo/cms/acr/ContentUtils.java | 10 ++-- .../cms/acr/directory/DirectoryContent.java | 6 +-- .../directory/DirectoryContentProvider.java | 2 +- .../acr/directory/HierarchyUnitContent.java | 6 +-- .../argeo/cms/acr/directory/RoleContent.java | 2 +- .../directory/ldap/AbstractLdapDirectory.java | 8 ++-- .../cms/internal/auth/CmsUserManagerImpl.java | 48 ++++++++++--------- .../cms/internal/runtime/CmsUserAdmin.java | 2 +- .../useradmin/AggregatingAuthorization.java | 3 +- .../osgi/useradmin/AggregatingUserAdmin.java | 4 +- .../cms/osgi/useradmin/DirectoryUser.java | 7 --- .../osgi/useradmin/DirectoryUserAdmin.java | 28 ++++++----- .../argeo/cms/osgi/useradmin/LdifGroup.java | 3 +- .../argeo/cms/osgi/useradmin/LdifUser.java | 3 +- 21 files changed, 109 insertions(+), 87 deletions(-) create mode 100644 org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsAuthorization.java rename org.argeo.api.cms/src/org/argeo/api/cms/directory/{Directory.java => CmsDirectory.java} (87%) rename org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryGroup.java => org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsGroup.java (55%) create mode 100644 org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUser.java rename {org.argeo.cms/src/org/argeo/cms/osgi/useradmin => org.argeo.api.cms/src/org/argeo/api/cms/directory}/UserDirectory.java (65%) delete mode 100644 org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUser.java diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsAuthorization.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsAuthorization.java new file mode 100644 index 000000000..5d3a69575 --- /dev/null +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsAuthorization.java @@ -0,0 +1,11 @@ +package org.argeo.api.cms.directory; + +import org.osgi.service.useradmin.Authorization; + +/** An authorisation to a CMS system. */ +public interface CmsAuthorization extends Authorization { + /** The role which did imply this role, null if a direct role. */ + default String getImplyingRole(String role) { + return null; + } +} diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/directory/Directory.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsDirectory.java similarity index 87% rename from org.argeo.api.cms/src/org/argeo/api/cms/directory/Directory.java rename to org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsDirectory.java index 7ed61ebc6..f5b78ac45 100644 --- a/org.argeo.api.cms/src/org/argeo/api/cms/directory/Directory.java +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsDirectory.java @@ -4,8 +4,8 @@ import java.util.Optional; import org.argeo.api.cms.transaction.WorkControl; -/** An information directory (typicylly LDAP). */ -public interface Directory extends HierarchyUnit { +/** An information directory (typically LDAP). */ +public interface CmsDirectory extends HierarchyUnit { String getName(); /** Whether this directory is read only. */ diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryGroup.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsGroup.java similarity index 55% rename from org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryGroup.java rename to org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsGroup.java index d372c0507..410d391ba 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryGroup.java +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsGroup.java @@ -1,8 +1,8 @@ -package org.argeo.cms.osgi.useradmin; +package org.argeo.api.cms.directory; import org.osgi.service.useradmin.Group; /** A group in a user directroy. */ -interface DirectoryGroup extends Group, DirectoryUser { +public interface CmsGroup extends Group, CmsUser { // List getMemberNames(); } diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUser.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUser.java new file mode 100644 index 000000000..f8f40a1a6 --- /dev/null +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/CmsUser.java @@ -0,0 +1,10 @@ +package org.argeo.api.cms.directory; + +import org.osgi.service.useradmin.User; + +/** + * An entity with credentials which can log in to a system. Can be a real person + * or not. + */ +public interface CmsUser extends User { +} diff --git a/org.argeo.api.cms/src/org/argeo/api/cms/directory/HierarchyUnit.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/HierarchyUnit.java index f04dc4648..6c67736eb 100644 --- a/org.argeo.api.cms/src/org/argeo/api/cms/directory/HierarchyUnit.java +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/HierarchyUnit.java @@ -13,7 +13,7 @@ public interface HierarchyUnit { /** * The parent {@link HierarchyUnit}, or null if a - * {@link Directory}. + * {@link CmsDirectory}. */ HierarchyUnit getParent(); @@ -38,8 +38,8 @@ public interface HierarchyUnit { */ String getBase(); - /** The related {@link Directory}. */ - Directory getDirectory(); + /** The related {@link CmsDirectory}. */ + CmsDirectory getDirectory(); /** Its metadata (typically LDAP attributes). */ Dictionary getProperties(); diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/UserDirectory.java b/org.argeo.api.cms/src/org/argeo/api/cms/directory/UserDirectory.java similarity index 65% rename from org.argeo.cms/src/org/argeo/cms/osgi/useradmin/UserDirectory.java rename to org.argeo.api.cms/src/org/argeo/api/cms/directory/UserDirectory.java index 463316ba1..1f0ecdf75 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/UserDirectory.java +++ b/org.argeo.api.cms/src/org/argeo/api/cms/directory/UserDirectory.java @@ -1,11 +1,9 @@ -package org.argeo.cms.osgi.useradmin; +package org.argeo.api.cms.directory; -import org.argeo.api.cms.directory.Directory; -import org.argeo.api.cms.directory.HierarchyUnit; import org.osgi.service.useradmin.Role; /** Information about a user directory. */ -public interface UserDirectory extends Directory { +public interface UserDirectory extends CmsDirectory { HierarchyUnit getHierarchyUnit(Role role); diff --git a/org.argeo.cms/src/org/argeo/cms/CmsUserManager.java b/org.argeo.cms/src/org/argeo/cms/CmsUserManager.java index 3e7d31e3e..2d64d9db0 100644 --- a/org.argeo.cms/src/org/argeo/cms/CmsUserManager.java +++ b/org.argeo.cms/src/org/argeo/cms/CmsUserManager.java @@ -7,11 +7,12 @@ import java.util.Set; import javax.security.auth.Subject; +import org.argeo.api.cms.directory.CmsGroup; +import org.argeo.api.cms.directory.CmsUser; import org.argeo.api.cms.directory.HierarchyUnit; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.cms.auth.SystemRole; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.osgi.framework.InvalidSyntaxException; -import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; @@ -30,7 +31,7 @@ public interface CmsUserManager { // Other users /** Returns a {@link User} given a username */ - User getUser(String username); + CmsUser getUser(String username); /** Can be a group or a user */ String getUserDisplayName(String dn); @@ -49,10 +50,10 @@ public interface CmsUserManager { Role[] getRoles(String filter) throws InvalidSyntaxException; /** Recursively lists users in a given group. */ - Set listUsersInGroup(String groupDn, String filter); + Set listUsersInGroup(String groupDn, String filter); /** Search among groups including system roles and users if needed */ - List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles); + List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles); // /** // * Lists functional accounts, that is users with regular access to the system @@ -65,13 +66,13 @@ public interface CmsUserManager { * EDITION */ /** Creates a new user. */ - User createUser(String username, Map properties, Map credentials); + CmsUser createUser(String username, Map properties, Map credentials); /** Creates a group. */ - Group getOrCreateGroup(HierarchyUnit groups, String commonName); + CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName); /** Creates a new system role. */ - Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole); + CmsGroup getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole); /** Add additional object classes to this role. */ void addObjectClasses(Role role, Set objectClasses, Map additionalProperties); @@ -81,8 +82,8 @@ public interface CmsUserManager { Map additionalProperties); /** Add a member to this group. */ - void addMember(Group group, Role role); - + void addMember(CmsGroup group, Role role); + void edit(Runnable action); /* MISCELLANEOUS */ @@ -97,7 +98,7 @@ public interface CmsUserManager { * to localId within the various user repositories defined in the current * context. */ - User getUserFromLocalId(String localId); + CmsUser getUserFromLocalId(String localId); void changeOwnPassword(char[] oldPassword, char[] newPassword); diff --git a/org.argeo.cms/src/org/argeo/cms/acr/ContentUtils.java b/org.argeo.cms/src/org/argeo/cms/acr/ContentUtils.java index a6acb8a34..ed27ce8e8 100644 --- a/org.argeo.cms/src/org/argeo/cms/acr/ContentUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/acr/ContentUtils.java @@ -15,10 +15,10 @@ import org.argeo.api.acr.ContentRepository; import org.argeo.api.acr.ContentSession; import org.argeo.api.acr.DName; import org.argeo.api.cms.CmsAuth; -import org.argeo.api.cms.directory.Directory; +import org.argeo.api.cms.directory.CmsDirectory; import org.argeo.api.cms.directory.HierarchyUnit; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.cms.CmsUserManager; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.argeo.cms.util.CurrentSubject; import org.osgi.service.useradmin.Role; @@ -135,7 +135,7 @@ public class ContentUtils { } public static Content hierarchyUnitToContent(ContentSession contentSession, HierarchyUnit hierarchyUnit) { - Directory directory = hierarchyUnit.getDirectory(); + CmsDirectory directory = hierarchyUnit.getDirectory(); StringJoiner relativePath = new StringJoiner(SLASH_STRING); buildHierarchyUnitPath(hierarchyUnit, relativePath); String path = directoryPath(directory) + relativePath.toString(); @@ -143,8 +143,8 @@ public class ContentUtils { return content; } - /** The path to this {@link Directory}. Ends with a /. */ - private static String directoryPath(Directory directory) { + /** The path to this {@link CmsDirectory}. Ends with a /. */ + private static String directoryPath(CmsDirectory directory) { return CmsContentRepository.DIRECTORY_BASE + SLASH + directory.getName() + SLASH; } diff --git a/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContent.java b/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContent.java index 992f0b41b..50eea156d 100644 --- a/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContent.java +++ b/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContent.java @@ -10,13 +10,13 @@ import javax.xml.namespace.QName; import org.argeo.api.acr.Content; import org.argeo.api.acr.ContentName; import org.argeo.api.acr.spi.ProvidedSession; -import org.argeo.api.cms.directory.Directory; +import org.argeo.api.cms.directory.CmsDirectory; import org.argeo.api.cms.directory.HierarchyUnit; class DirectoryContent extends AbstractDirectoryContent { - private Directory directory; + private CmsDirectory directory; - public DirectoryContent(ProvidedSession session, DirectoryContentProvider provider, Directory directory) { + public DirectoryContent(ProvidedSession session, DirectoryContentProvider provider, CmsDirectory directory) { super(session, provider); this.directory = directory; } diff --git a/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContentProvider.java b/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContentProvider.java index 08171435c..9af83a330 100644 --- a/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContentProvider.java +++ b/org.argeo.cms/src/org/argeo/cms/acr/directory/DirectoryContentProvider.java @@ -15,10 +15,10 @@ import org.argeo.api.acr.spi.ContentProvider; import org.argeo.api.acr.spi.ProvidedContent; import org.argeo.api.acr.spi.ProvidedSession; import org.argeo.api.cms.directory.HierarchyUnit; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.cms.CmsUserManager; import org.argeo.cms.acr.AbstractContent; import org.argeo.cms.acr.ContentUtils; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.osgi.service.useradmin.User; public class DirectoryContentProvider implements ContentProvider { diff --git a/org.argeo.cms/src/org/argeo/cms/acr/directory/HierarchyUnitContent.java b/org.argeo.cms/src/org/argeo/cms/acr/directory/HierarchyUnitContent.java index feae4b517..5acf8ab63 100644 --- a/org.argeo.cms/src/org/argeo/cms/acr/directory/HierarchyUnitContent.java +++ b/org.argeo.cms/src/org/argeo/cms/acr/directory/HierarchyUnitContent.java @@ -13,9 +13,9 @@ import org.argeo.api.acr.ContentName; import org.argeo.api.acr.CrName; import org.argeo.api.acr.DName; import org.argeo.api.acr.spi.ProvidedSession; -import org.argeo.api.cms.directory.Directory; +import org.argeo.api.cms.directory.CmsDirectory; import org.argeo.api.cms.directory.HierarchyUnit; -import org.argeo.cms.osgi.useradmin.UserDirectory; +import org.argeo.api.cms.directory.UserDirectory; import org.osgi.service.useradmin.Role; class HierarchyUnitContent extends AbstractDirectoryContent { @@ -46,7 +46,7 @@ class HierarchyUnitContent extends AbstractDirectoryContent { @Override public Content getParent() { HierarchyUnit parentHu = hierarchyUnit.getParent(); - if (parentHu instanceof Directory) { + if (parentHu instanceof CmsDirectory) { return new DirectoryContent(getSession(), provider, hierarchyUnit.getDirectory()); } return new HierarchyUnitContent(getSession(), provider, parentHu); diff --git a/org.argeo.cms/src/org/argeo/cms/acr/directory/RoleContent.java b/org.argeo.cms/src/org/argeo/cms/acr/directory/RoleContent.java index 3b1ae46b2..356e272c9 100644 --- a/org.argeo.cms/src/org/argeo/cms/acr/directory/RoleContent.java +++ b/org.argeo.cms/src/org/argeo/cms/acr/directory/RoleContent.java @@ -7,7 +7,7 @@ import javax.xml.namespace.QName; import org.argeo.api.acr.Content; import org.argeo.api.acr.ContentName; import org.argeo.api.acr.spi.ProvidedSession; -import org.argeo.cms.osgi.useradmin.UserDirectory; +import org.argeo.api.cms.directory.UserDirectory; import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; import org.osgi.service.useradmin.User; diff --git a/org.argeo.cms/src/org/argeo/cms/directory/ldap/AbstractLdapDirectory.java b/org.argeo.cms/src/org/argeo/cms/directory/ldap/AbstractLdapDirectory.java index 9bc13ef00..9c7b047dc 100644 --- a/org.argeo.cms/src/org/argeo/cms/directory/ldap/AbstractLdapDirectory.java +++ b/org.argeo.cms/src/org/argeo/cms/directory/ldap/AbstractLdapDirectory.java @@ -28,7 +28,7 @@ import javax.transaction.xa.XAResource; import org.argeo.api.acr.ldap.LdapAttrs; import org.argeo.api.acr.ldap.LdapObjs; -import org.argeo.api.cms.directory.Directory; +import org.argeo.api.cms.directory.CmsDirectory; import org.argeo.api.cms.directory.HierarchyUnit; import org.argeo.api.cms.transaction.WorkControl; import org.argeo.api.cms.transaction.WorkingCopyXaResource; @@ -36,8 +36,8 @@ import org.argeo.api.cms.transaction.XAResourceProvider; import org.argeo.cms.osgi.useradmin.OsUserDirectory; import org.argeo.cms.runtime.DirectoryConf; -/** A {@link Directory} based either on LDAP or LDIF. */ -public abstract class AbstractLdapDirectory implements Directory, XAResourceProvider { +/** A {@link CmsDirectory} based either on LDAP or LDIF. */ +public abstract class AbstractLdapDirectory implements CmsDirectory, XAResourceProvider { protected static final String SHARED_STATE_USERNAME = "javax.security.auth.login.name"; protected static final String SHARED_STATE_PASSWORD = "javax.security.auth.login.password"; @@ -325,7 +325,7 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv } @Override - public Directory getDirectory() { + public CmsDirectory getDirectory() { return this; } diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java index a4c482663..b5ee9b306 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java @@ -29,7 +29,10 @@ import org.argeo.api.acr.ldap.LdapAttrs; import org.argeo.api.acr.ldap.NamingUtils; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; +import org.argeo.api.cms.directory.CmsGroup; +import org.argeo.api.cms.directory.CmsUser; import org.argeo.api.cms.directory.HierarchyUnit; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.api.cms.transaction.WorkTransaction; import org.argeo.cms.CmsUserManager; import org.argeo.cms.auth.CurrentUser; @@ -39,7 +42,6 @@ import org.argeo.cms.directory.ldap.LdapEntry; import org.argeo.cms.directory.ldap.SharedSecret; import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin; import org.argeo.cms.osgi.useradmin.TokenUtils; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.argeo.cms.runtime.DirectoryConf; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; @@ -96,8 +98,8 @@ public class CmsUserManagerImpl implements CmsUserManager { // ALL USER: WARNING access to this will be later reduced /** Retrieve a user given his dn, or null if it doesn't exist. */ - public User getUser(String dn) { - return (User) getUserAdmin().getRole(dn); + public CmsUser getUser(String dn) { + return (CmsUser) getUserAdmin().getRole(dn); } /** Can be a group or a user */ @@ -132,11 +134,11 @@ public class CmsUserManagerImpl implements CmsUserManager { return false; } - public Set listUsersInGroup(String groupDn, String filter) { + public Set listUsersInGroup(String groupDn, String filter) { Group group = (Group) userAdmin.getRole(groupDn); if (group == null) throw new IllegalArgumentException("Group " + groupDn + " not found"); - Set users = new HashSet(); + Set users = new HashSet<>(); addUsers(users, group, filter); return users; } @@ -158,21 +160,21 @@ public class CmsUserManagerImpl implements CmsUserManager { // } /** Recursively add users to list */ - private void addUsers(Set users, Group group, String filter) { + private void addUsers(Set users, Group group, String filter) { Role[] roles = group.getMembers(); for (Role role : roles) { if (role.getType() == Role.GROUP) { - addUsers(users, (Group) role, filter); + addUsers(users, (CmsGroup) role, filter); } else if (role.getType() == Role.USER) { if (match(role, filter)) - users.add((User) role); + users.add((CmsUser) role); } else { // ignore } } } - public List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) { + public List listGroups(String filter, boolean includeUsers, boolean includeSystemRoles) { Role[] roles = null; try { roles = getUserAdmin().getRoles(filter); @@ -180,13 +182,13 @@ public class CmsUserManagerImpl implements CmsUserManager { throw new IllegalArgumentException("Unable to get roles with filter: " + filter, e); } - List users = new ArrayList(); + List users = new ArrayList<>(); for (Role role : roles) { if ((includeUsers && role.getType() == Role.USER || role.getType() == Role.GROUP) && !users.contains(role) && (includeSystemRoles || !role.getName().toLowerCase().endsWith(CmsConstants.SYSTEM_ROLES_BASEDN))) { if (match(role, filter)) - users.add((User) role); + users.add((CmsUser) role); } } return users; @@ -215,10 +217,10 @@ public class CmsUserManagerImpl implements CmsUserManager { } @Override - public User getUserFromLocalId(String localId) { - User user = getUserAdmin().getUser(LdapAttrs.uid.name(), localId); + public CmsUser getUserFromLocalId(String localId) { + CmsUser user = (CmsUser) getUserAdmin().getUser(LdapAttrs.uid.name(), localId); if (user == null) - user = getUserAdmin().getUser(LdapAttrs.cn.name(), localId); + user = (CmsUser) getUserAdmin().getUser(LdapAttrs.cn.name(), localId); return user; } @@ -231,10 +233,10 @@ public class CmsUserManagerImpl implements CmsUserManager { * EDITION */ @Override - public User createUser(String username, Map properties, Map credentials) { + public CmsUser createUser(String username, Map properties, Map credentials) { try { userTransaction.begin(); - User user = (User) userAdmin.createRole(username, Role.USER); + CmsUser user = (CmsUser) userAdmin.createRole(username, Role.USER); if (properties != null) { for (String key : properties.keySet()) user.getProperties().put(key, properties.get(key)); @@ -259,14 +261,14 @@ public class CmsUserManagerImpl implements CmsUserManager { } @Override - public Group getOrCreateGroup(HierarchyUnit groups, String commonName) { + public CmsGroup getOrCreateGroup(HierarchyUnit groups, String commonName) { try { String dn = LdapAttrs.cn.name() + "=" + commonName + "," + groups.getBase(); - Group group = (Group) getUserAdmin().getRole(dn); + CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn); if (group != null) return group; userTransaction.begin(); - group = (Group) userAdmin.createRole(dn, Role.GROUP); + group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP); userTransaction.commit(); return group; } catch (Exception e) { @@ -283,15 +285,15 @@ public class CmsUserManagerImpl implements CmsUserManager { } @Override - public Group getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) { + public CmsGroup getOrCreateSystemRole(HierarchyUnit roles, SystemRole systemRole) { try { String dn = LdapAttrs.cn.name() + "=" + NamespaceUtils.toPrefixedName(systemRole.getName()) + "," + roles.getBase(); - Group group = (Group) getUserAdmin().getRole(dn); + CmsGroup group = (CmsGroup) getUserAdmin().getRole(dn); if (group != null) return group; userTransaction.begin(); - group = (Group) userAdmin.createRole(dn, Role.GROUP); + group = (CmsGroup) userAdmin.createRole(dn, Role.GROUP); userTransaction.commit(); return group; } catch (Exception e) { @@ -392,7 +394,7 @@ public class CmsUserManagerImpl implements CmsUserManager { } @Override - public void addMember(Group group, Role role) { + public void addMember(CmsGroup group, Role role) { try { userTransaction.begin(); group.addMember(role); diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java index 6aa490a69..e6f903d39 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsUserAdmin.java @@ -29,13 +29,13 @@ import org.argeo.api.cms.CmsAuth; import org.argeo.api.cms.CmsConstants; import org.argeo.api.cms.CmsLog; import org.argeo.api.cms.CmsState; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.api.cms.transaction.WorkControl; import org.argeo.api.cms.transaction.WorkTransaction; import org.argeo.cms.CmsDeployProperty; import org.argeo.cms.dns.DnsBrowser; import org.argeo.cms.osgi.useradmin.AggregatingUserAdmin; import org.argeo.cms.osgi.useradmin.DirectoryUserAdmin; -import org.argeo.cms.osgi.useradmin.UserDirectory; import org.argeo.cms.runtime.DirectoryConf; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSException; diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingAuthorization.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingAuthorization.java index 50131758d..72c4336e3 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingAuthorization.java +++ b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingAuthorization.java @@ -8,10 +8,11 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; +import org.argeo.api.cms.directory.CmsAuthorization; import org.osgi.service.useradmin.Authorization; /** An {@link Authorization} which combines roles form various auth sources. */ -class AggregatingAuthorization implements Authorization { +class AggregatingAuthorization implements CmsAuthorization { private final String name; private final String displayName; private final Set systemRoles; diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingUserAdmin.java index 2d438cbf0..8ebb98e3a 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/AggregatingUserAdmin.java @@ -16,6 +16,8 @@ import java.util.TreeSet; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; +import org.argeo.api.cms.directory.CmsUser; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.cms.runtime.DirectoryConf; import org.osgi.framework.InvalidSyntaxException; import org.osgi.service.useradmin.Authorization; @@ -165,7 +167,7 @@ public class AggregatingUserAdmin implements UserAdmin { private DirectoryUserAdmin userAdminToUse(User user, DirectoryUserAdmin userAdmin) { if (userAdmin.isAuthenticated()) return userAdmin; - if (user instanceof DirectoryUser) { + if (user instanceof CmsUser) { return userAdmin; } else if (user instanceof AuthenticatingUser) { return userAdmin.scope(user).orElse(null); diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUser.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUser.java deleted file mode 100644 index 8fe0af654..000000000 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUser.java +++ /dev/null @@ -1,7 +0,0 @@ -package org.argeo.cms.osgi.useradmin; - -import org.osgi.service.useradmin.User; - -/** A user in a user directory. */ -interface DirectoryUser extends User { -} diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUserAdmin.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUserAdmin.java index 59fb05dc3..0115d57ca 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUserAdmin.java +++ b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/DirectoryUserAdmin.java @@ -26,7 +26,9 @@ import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosTicket; import org.argeo.api.cms.directory.DirectoryDigestUtils; +import org.argeo.api.cms.directory.CmsUser; import org.argeo.api.cms.directory.HierarchyUnit; +import org.argeo.api.cms.directory.UserDirectory; import org.argeo.cms.directory.ldap.AbstractLdapDirectory; import org.argeo.cms.directory.ldap.LdapDao; import org.argeo.cms.directory.ldap.LdapEntry; @@ -146,7 +148,7 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm } } - protected List getAllRoles(DirectoryUser user) { + protected List getAllRoles(CmsUser user) { List allRoles = new ArrayList(); if (user != null) { collectRoles((LdapEntry) user, allRoles); @@ -182,23 +184,23 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm return res.toArray(new Role[res.size()]); } - List getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException { + List getRoles(LdapName searchBase, String filter, boolean deep) throws InvalidSyntaxException { LdapEntryWorkingCopy wc = getWorkingCopy(); // Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null; List searchRes = getDirectoryDao().doGetEntries(searchBase, filter, deep); - List res = new ArrayList<>(); + List res = new ArrayList<>(); for (LdapEntry entry : searchRes) - res.add((DirectoryUser) entry); + res.add((CmsUser) entry); if (wc != null) { - for (Iterator it = res.iterator(); it.hasNext();) { - DirectoryUser user = (DirectoryUser) it.next(); + for (Iterator it = res.iterator(); it.hasNext();) { + CmsUser user = (CmsUser) it.next(); LdapName dn = LdapNameUtils.toLdapName(user.getName()); if (wc.getDeletedData().containsKey(dn)) it.remove(); } Filter f = filter != null ? FrameworkUtil.createFilter(filter) : null; for (LdapEntry ldapEntry : wc.getNewData().values()) { - DirectoryUser user = (DirectoryUser) ldapEntry; + CmsUser user = (CmsUser) ldapEntry; if (f == null || f.match(user.getProperties())) res.add(user); } @@ -211,7 +213,7 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm @Override public User getUser(String key, String value) { // TODO check value null or empty - List collectedUsers = new ArrayList(); + List collectedUsers = new ArrayList(); if (key != null) { doGetUser(key, value, collectedUsers); } else { @@ -227,11 +229,11 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm return null; } - protected void doGetUser(String key, String value, List collectedUsers) { + protected void doGetUser(String key, String value, List collectedUsers) { String f = "(" + key + "=" + value + ")"; List users = getDirectoryDao().doGetEntries(getBaseDn(), f, true); for (LdapEntry entry : users) - collectedUsers.add((DirectoryUser) entry); + collectedUsers.add((CmsUser) entry); } @Override @@ -261,8 +263,8 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm return getAuthorizationFromScoped(scopedUserAdmin, user); } - if (user instanceof DirectoryUser) { - return new LdifAuthorization(user, getAllRoles((DirectoryUser) user)); + if (user instanceof CmsUser) { + return new LdifAuthorization(user, getAllRoles((CmsUser) user)); } else { // bind with authenticating user DirectoryUserAdmin scopedUserAdmin = scope(user).orElseThrow(); @@ -273,7 +275,7 @@ public class DirectoryUserAdmin extends AbstractLdapDirectory implements UserAdm private Authorization getAuthorizationFromScoped(DirectoryUserAdmin scopedUserAdmin, User user) { try { - DirectoryUser directoryUser = (DirectoryUser) scopedUserAdmin.getRole(user.getName()); + CmsUser directoryUser = (CmsUser) scopedUserAdmin.getRole(user.getName()); if (directoryUser == null) throw new IllegalStateException("No scoped user found for " + user); LdifAuthorization authorization = new LdifAuthorization(directoryUser, diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifGroup.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifGroup.java index 882f34a17..99aca1f2f 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifGroup.java +++ b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifGroup.java @@ -7,11 +7,12 @@ import javax.naming.InvalidNameException; import javax.naming.directory.Attribute; import javax.naming.ldap.LdapName; +import org.argeo.api.cms.directory.CmsGroup; import org.argeo.cms.directory.ldap.AbstractLdapDirectory; import org.osgi.service.useradmin.Role; /** Directory group implementation */ -class LdifGroup extends LdifUser implements DirectoryGroup { +class LdifGroup extends LdifUser implements CmsGroup { private final String memberAttributeId; LdifGroup(AbstractLdapDirectory userAdmin, LdapName dn) { diff --git a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifUser.java b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifUser.java index 2341ec430..e48869a01 100644 --- a/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifUser.java +++ b/org.argeo.cms/src/org/argeo/cms/osgi/useradmin/LdifUser.java @@ -2,11 +2,12 @@ package org.argeo.cms.osgi.useradmin; import javax.naming.ldap.LdapName; +import org.argeo.api.cms.directory.CmsUser; import org.argeo.cms.directory.ldap.AbstractLdapDirectory; import org.argeo.cms.directory.ldap.DefaultLdapEntry; /** Directory user implementation */ -class LdifUser extends DefaultLdapEntry implements DirectoryUser { +class LdifUser extends DefaultLdapEntry implements CmsUser { LdifUser(AbstractLdapDirectory userAdmin, LdapName dn) { super(userAdmin, dn); } -- 2.30.2