[JM-1278] Admins are now handled via a manager/provider structure, allowing...

[JM-1278] Admins are now handled via a manager/provider structure, allowing for custom admin sources. ClearspaceAdminProvider is a stub (not complete at this time). Reviewer: Gabriel git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10171 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-1278] Admins are now handled via a manager/provider structure, allowing...
[JM-1278] Admins are now handled via a manager/provider structure, allowing for custom admin sources. ClearspaceAdminProvider is a stub (not complete at this time). Reviewer: Gabriel git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10171 b35dd754-fafc-0310-a699-88a17e54d16e
c2d2a7a0 · Daniel Henninger · dhenninger · 8dcd9d32 · c2d2a7a0 · c2d2a7a0
Commit c2d2a7a0 authored Apr 04, 2008 by Daniel Henninger Committed by dhenninger Apr 04, 2008
28 changed files
--- a/src/i18n/openfire_i18n_cs_CZ.properties
+++ b/src/i18n/openfire_i18n_cs_CZ.properties
@@ -2349,3 +2349,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_de.properties
+++ b/src/i18n/openfire_i18n_de.properties
@@ -2335,3 +2335,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -401,6 +401,9 @@
 ##      Updated key: 'muc.room.summary.info'
 ##      Added key: 'muc.room.summary.info2'
 ##      Added key: 'muc.room.edit.form.service'
+##      Added key: 'user.create.isadmin'
+##      Added key: 'user.create.admin_info'
+##      Added key: 'user.properties.isadmin'


 # Openfire
@@ -2152,6 +2155,8 @@ user.create.confirm_pwd=Confirm Password
 user.create.requied=Required fields
 user.create.create=Create User
 user.create.create_another=Create &amp; Create Another
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire

 # User delete Page

@@ -2216,6 +2221,7 @@ user.properties.locked=This account is currently locked out.
 user.properties.locked_set=This account has a lockout scheduled.
 user.properties.locksuccess=User locked out successfully.
 user.properties.unlocksuccess=User unlocked successfully.
+user.properties.isadmin=User has administrative privileges.

 # User roster Page


--- a/src/i18n/openfire_i18n_es.properties
+++ b/src/i18n/openfire_i18n_es.properties
@@ -2386,3 +2386,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_fr.properties
+++ b/src/i18n/openfire_i18n_fr.properties
@@ -1956,3 +1956,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_ja_JP.properties
+++ b/src/i18n/openfire_i18n_ja_JP.properties
@@ -2482,3 +2482,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_nl.properties
+++ b/src/i18n/openfire_i18n_nl.properties
@@ -2346,3 +2346,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_pl_PL.properties
+++ b/src/i18n/openfire_i18n_pl_PL.properties
@@ -2315,3 +2315,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_pt_BR.properties
+++ b/src/i18n/openfire_i18n_pt_BR.properties
@@ -2349,3 +2349,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/i18n/openfire_i18n_zh_CN.properties
+++ b/src/i18n/openfire_i18n_zh_CN.properties
@@ -2127,3 +2127,6 @@ muc.room.edit.form.service=Service
 muc.room.summary.info=Below is an overview of the Group Chat Rooms in the service
 muc.room.edit.form.create.title=Create New Room
 muc.room.edit.form.edit.title=Room Settings
+user.create.isadmin=Is Administrator?
+user.create.admin_info=Grants admin access to Openfire
+user.properties.isadmin=User has administrative privileges.
--- a/src/java/org/jivesoftware/openfire/XMPPServer.java
+++ b/src/java/org/jivesoftware/openfire/XMPPServer.java
@@ -45,6 +45,7 @@ import org.jivesoftware.openfire.transport.TransportHandler;
 import org.jivesoftware.openfire.update.UpdateManager;
 import org.jivesoftware.openfire.user.UserManager;
 import org.jivesoftware.openfire.vcard.VCardManager;
+import org.jivesoftware.openfire.admin.AdminManager;
 import org.jivesoftware.util.*;
 import org.jivesoftware.util.cache.CacheFactory;
 import org.xmpp.packet.JID;
@@ -267,42 +268,7 @@ public class XMPPServer {
     * @return a collection with the JIDs of the server's admins.
     */
    public Collection<JID> getAdmins() {
-        Collection<JID> admins = new ArrayList<JID>();
-        // Add the JIDs of the local users that are admins
-        String usernames = JiveGlobals.getXMLProperty("admin.authorizedUsernames");
-        if (usernames == null) {
-            // Fall back to old method for defining admins (i.e. using adminConsole prefix
-            usernames = JiveGlobals.getXMLProperty("adminConsole.authorizedUsernames");
-        }
-        usernames = (usernames == null || usernames.trim().length() == 0) ? "admin" : usernames;
-        StringTokenizer tokenizer = new StringTokenizer(usernames, ",");
-        while (tokenizer.hasMoreTokens()) {
-            String username = tokenizer.nextToken();
-            try {
-                admins.add(createJID(username.toLowerCase().trim(), null));
-            }
-            catch (IllegalArgumentException e) {
-                // Ignore usernames that when appended @server.com result in an invalid JID
-                Log.warn("Invalid username found in authorizedUsernames at openfire.xml: " +
-                        username, e);
-            }
-        }
-
-        // Add bare JIDs of users that are admins (may include remote users)
-        String jids = JiveGlobals.getXMLProperty("admin.authorizedJIDs");
-        jids = (jids == null || jids.trim().length() == 0) ? "" : jids;
-        tokenizer = new StringTokenizer(jids, ",");
-        while (tokenizer.hasMoreTokens()) {
-            String jid = tokenizer.nextToken().toLowerCase().trim();
-            try {
-                admins.add(new JID(jid));
-            }
-            catch (IllegalArgumentException e) {
-                Log.warn("Invalid JID found in authorizedJIDs at openfire.xml: " + jid, e);
-            }
-        }
-
-        return admins;
+        return AdminManager.getInstance().getAdminAccounts();
    }

    /**

--- a/src/java/org/jivesoftware/openfire/admin/AdminManager.java
+++ b/src/java/org/jivesoftware/openfire/admin/AdminManager.java
+/**
+ * $Revision$
+ * $Date$
+ *
+ * Copyright (C) 2008 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+package org.jivesoftware.openfire.admin;
+
+import org.jivesoftware.util.*;
+import org.jivesoftware.openfire.XMPPServer;
+import org.xmpp.packet.JID;
+
+import java.util.*;
+
+/**
+ * The AdminManager manages the AdminProvider configured for this server, caches knowledge of
+ * accounts with admin permissions, and provides a single point of entry for handling
+ * getting and setting administrative accounts.
+ *
+ * The provider can be specified in <tt>openfire.xml</tt> by adding:
+ *  ...
+ *    <provider>
+ *       <admin>
+ *          <className>my.admin.provider</className>
+ *       </admin>
+ *    </provider>
+ *  ...
+ *
+ * @author Daniel Henninger
+ */
+public class AdminManager {
+
+    // Wrap this guy up so we can mock out the AdminManager class.
+    private static class AdminManagerContainer {
+        private static AdminManager instance = new AdminManager();
+    }
+
+    /**
+     * Returns the currently-installed AdminProvider. <b>Warning:</b> in virtually all
+     * cases the admin provider should not be used directly. Instead, the appropriate
+     * methods in AdminManager should be called. Direct access to the admin provider is
+     * only provided for special-case logic.
+     *
+     * @return the current AdminProvider.
+     */
+    public static AdminProvider getAdminProvider() {
+        return AdminManagerContainer.instance.provider;
+    }
+
+    /**
+     * Returns a singleton instance of AdminManager.
+     *
+     * @return a AdminManager instance.
+     */
+    public static AdminManager getInstance() {
+        return AdminManagerContainer.instance;
+    }
+
+    /* Cache of admin accounts */
+    private List<JID> adminList;
+    private AdminProvider provider;
+
+    /**
+     * Constructs a AdminManager, propery listener, and setting up the provider.
+     */
+    private AdminManager() {
+        // Load an admin provider.
+        initProvider();
+
+        // Detect when a new admin provider class is set
+        PropertyEventListener propListener = new PropertyEventListener() {
+            public void propertySet(String property, Map params) {
+                //Ignore
+            }
+
+            public void propertyDeleted(String property, Map params) {
+                //Ignore
+            }
+
+            public void xmlPropertySet(String property, Map params) {
+                if ("provider.admin.className".equals(property)) {
+                    initProvider();
+                }
+            }
+
+            public void xmlPropertyDeleted(String property, Map params) {
+                //Ignore
+            }
+        };
+        PropertyEventDispatcher.addListener(propListener);
+
+        // Loads up the initial admin list.
+        loadAdminList();
+    }
+
+    /**
+     * Initializes the server's admin provider, based on configuration and defaults to
+     * DefaultAdminProvider if the specified provider is not valid or not specified.
+     */
+    private void initProvider() {
+        String className = JiveGlobals.getXMLProperty("provider.admin.className",
+                "org.jivesoftware.openfire.admin.DefaultAdminProvider");
+        // Check if we need to reset the provider class
+        if (provider == null || !className.equals(provider.getClass().getName())) {
+            try {
+                Class c = ClassUtils.forName(className);
+                provider = (AdminProvider) c.newInstance();
+            }
+            catch (Exception e) {
+                Log.error("Error loading admin provider: " + className, e);
+                provider = new DefaultAdminProvider();
+            }
+        }
+    }
+
+    /**
+     * Reads the admin list from the provider and sets up the cache.
+     */
+    private void loadAdminList() {
+        adminList = provider.getAdmins();
+    }
+
+    /**
+     * Refreshs the list of admin users from the provider.
+     */
+    public void refreshAdminAccounts() {
+        loadAdminList();
+    }
+
+    /**
+     * Returns the list of admin users from the provider.
+     *
+     * @return The list of users with admin status.
+     */
+    public List<JID> getAdminAccounts() {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        return adminList;
+    }
+
+    /**
+     * Adds a new account to the list of Admin accounts, based off a username, which will be converted
+     * into a JID.
+     *
+     * @param username Username of account to add to list of admins.
+     */
+    public void addAdminAccount(String username) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        JID userJID = XMPPServer.getInstance().createJID(username, null);
+        if (adminList.contains(userJID)) {
+            // Already have them.
+            return;
+        }
+        // Add new admin to cache.
+        adminList.add(userJID);
+        // Store updated list of admins with provider.
+        provider.setAdmins(adminList);
+    }
+
+    /**
+     * Adds a new account to the list of Admin accounts, based off a JID.
+     *
+     * @param jid JID of account to add to list of admins.
+     */
+    public void addAdminAccount(JID jid) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        if (adminList.contains(jid)) {
+            // Already have them.
+            return;
+        }
+        // Add new admin to cache.
+        adminList.add(jid);
+        // Store updated list of admins with provider.
+        provider.setAdmins(adminList);
+    }
+
+    /**
+     * Removes an account from the list of Admin accounts, based off username, which will be converted
+     * to a JID.
+     *
+     * @param username Username of user to remove from admin list.
+     */
+    public void removeAdminAccount(String username) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        JID userJID = XMPPServer.getInstance().createJID(username, null);
+        if (!adminList.contains(userJID)) {
+            return;
+        }
+        // Remove user from admin list cache.
+        adminList.remove(userJID);
+        // Store updated list of admins with provider.
+        provider.setAdmins(adminList);
+    }
+
+    /**
+     * Removes an account from the list of Admin accounts, based off JID.
+     *
+     * @param jid JID of user to remove from admin list.
+     */
+    public void removeAdminAccount(JID jid) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        if (!adminList.contains(jid)) {
+            return;
+        }
+        // Remove user from admin list cache.
+        adminList.remove(jid);
+        // Store updated list of admins with provider.
+        provider.setAdmins(adminList);
+    }
+
+    /**
+     * Returns true if the user is an admin.
+     *
+     * @param username Username of user to check whether they are an admin or not.
+     * @param allowAdminIfEmpty Allows the "admin" user to log in if the adminList is empty.
+     * @return True or false if user is an admin.
+     */
+    public boolean isUserAdmin(String username, boolean allowAdminIfEmpty) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        if (allowAdminIfEmpty && adminList.isEmpty()) {
+            return "admin".equals(username);
+        }
+        JID userJID = XMPPServer.getInstance().createJID(username, null);
+        return adminList.contains(userJID);
+    }
+
+    /**
+     * Returns true if the user is an admin.
+     *
+     * @param jid JID of user to check whether they are an admin or not.
+     * @param allowAdminIfEmpty Allows the "admin" user to log in if the adminList is empty.
+     * @return True or false if user is an admin.
+     */
+    public boolean isUserAdmin(JID jid, boolean allowAdminIfEmpty) {
+        if (adminList == null) {
+            loadAdminList();
+        }
+        if (allowAdminIfEmpty && adminList.isEmpty()) {
+            return "admin".equals(jid.getNode());
+        }
+        return adminList.contains(jid);
+    }
+
+    /**
+     * Clears the list of admin users.
+     */
+    public void clearAdminUsers() {
+        // Clear the admin list cache.
+        if (adminList == null) {
+            adminList = new ArrayList<JID>();
+        }
+        else {
+            adminList.clear();
+        }
+        // Store empty list of admins with provider.
+        provider.setAdmins(adminList);
+    }
+
+    /**
+     * Sets the list of admin users based off of a list of usernames.  Clears list first.
+     *
+     * @param usernames List of usernames to set as admins.
+     */
+    public void setAdminUsers(List<String> usernames) {
+        if (adminList == null) {
+            adminList = new ArrayList<JID>();
+        }
+        else {
+            adminList.clear();
+        }
+        List<JID> admins = new ArrayList<JID>();
+        for (String username : usernames) {
+            admins.add(XMPPServer.getInstance().createJID(username, null));
+        }
+        adminList.addAll(admins);
+        provider.setAdmins(admins);
+    }
+
+    /**
+     * Sets the list of admin users based off of a list of jids.  Clears list first.
+     *
+     * @param jids List of jids to set as admins.
+     */
+    public void setAdminJIDs(List<JID> jids) {
+        if (adminList == null) {
+            adminList = new ArrayList<JID>();
+        }
+        else {
+            adminList.clear();
+        }
+        adminList.addAll(jids);
+        provider.setAdmins(jids);
+    }
+
+}
--- a/src/java/org/jivesoftware/openfire/admin/AdminProvider.java
+++ b/src/java/org/jivesoftware/openfire/admin/AdminProvider.java
+/**
+ * $Revision$
+ * $Date$
+ *
+ * Copyright (C) 2008 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+package org.jivesoftware.openfire.admin;
+
+import org.xmpp.packet.JID;
+
+import java.util.List;
+
+/**
+ * An AdminProvider handles storage of information about admin accounts, and requests to
+ * set the list of admin users.
+ *
+ * @author Daniel Henninger
+ */
+public interface AdminProvider {
+
+    /**
+     * Returns a list of JIDs of accounts with administrative privileges.
+     *
+     * @return The list of admin users.
+     */
+    public List<JID> getAdmins();
+
+    /**
+     * Sets the list of admin accounts, by JID.
+     *
+     * @param admins List of JIDs of accounts to grant admin access to.
+     */
+    public void setAdmins(List<JID> admins);
+
+    /**
+     * Indicates whether the admin list is read-only or not.  In other words, whether an admin can
+     * change who is an admin from the Openfire admin interface.
+     *
+     * @return True or false if the admin list can be edited.
+     */
+    public boolean isReadOnly();
+
+}
--- a/src/java/org/jivesoftware/openfire/admin/DefaultAdminProvider.java
+++ b/src/java/org/jivesoftware/openfire/admin/DefaultAdminProvider.java
+/**
+ * $Revision$
+ * $Date$
+ *
+ * Copyright (C) 2008 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+package org.jivesoftware.openfire.admin;
+
+import org.xmpp.packet.JID;
+import org.jivesoftware.util.*;
+import org.jivesoftware.openfire.XMPPServer;
+
+import java.util.*;
+
+/**
+ * Handles default management of admin users, which stores the list if accounts as a system property.
+ *
+ * @author Daniel Henninger
+ */
+public class DefaultAdminProvider implements AdminProvider {
+
+    /**
+     * Constructs a new DefaultAdminProvider
+     */
+    public DefaultAdminProvider() {
+
+        // Convert old openfire.xml style to new provider style, if necessary.
+        Log.debug("DefaultAdminProvider: Convert XML to provider.");
+        convertXMLToProvider();
+
+        // Detect when a new admin provider class is set
+        Log.debug("DefaultAdminProvider: Setting up prop listener.");
+        PropertyEventListener propListener = new PropertyEventListener() {
+            public void propertySet(String property, Map params) {
+                Log.debug("DefaultAdminProvider: Property was set: "+property);
+                if ("admin.authorizedJIDs".equals(property)) {
+                    AdminManager.getInstance().refreshAdminAccounts();
+                }
+            }
+
+            public void propertyDeleted(String property, Map params) {
+                Log.debug("DefaultAdminProvider: Property was deleted: "+property);
+                if ("admin.authorizedJIDs".equals(property)) {
+                    AdminManager.getInstance().refreshAdminAccounts();
+                }
+            }
+
+            public void xmlPropertySet(String property, Map params) {
+                Log.debug("DefaultAdminProvider: XML Property was set: "+property);
+                //Ignore
+            }
+
+            public void xmlPropertyDeleted(String property, Map params) {
+                Log.debug("DefaultAdminProvider: XML Property was deleted: "+property);
+                //Ignore
+            }
+        };
+        PropertyEventDispatcher.addListener(propListener);
+
+    }
+
+    /**
+     * The default provider retrieves the comma separated list from the system property
+     * <tt>admin.authorizedJIDs</tt>
+     * @see org.jivesoftware.openfire.admin.AdminProvider#getAdmins()
+     */
+    public List<JID> getAdmins() {
+        List<JID> adminList = new ArrayList<JID>();
+
+        // Add bare JIDs of users that are admins (may include remote users), primarily used to override/add to list of admin users
+        String jids = JiveGlobals.getProperty("admin.authorizedJIDs");
+        jids = (jids == null || jids.trim().length() == 0) ? "" : jids;
+        StringTokenizer tokenizer = new StringTokenizer(jids, ",");
+        while (tokenizer.hasMoreTokens()) {
+            String jid = tokenizer.nextToken().toLowerCase().trim();
+            try {
+                adminList.add(new JID(jid));
+            }
+            catch (IllegalArgumentException e) {
+                Log.warn("Invalid JID found in admin.authorizedJIDs system property: " + jid, e);
+            }
+        }
+
+        return adminList;
+    }
+
+    /**
+     * The default provider sets a comma separated list as the system property
+     * <tt>admin.authorizedJIDs</tt>
+     * @see org.jivesoftware.openfire.admin.AdminProvider#setAdmins(java.util.List)
+     */
+    public void setAdmins(List<JID> admins) {
+        Collection<String> adminList = new ArrayList<String>();
+        for (JID admin : admins) {
+            adminList.add(admin.toBareJID());
+        }
+        JiveGlobals.setProperty("admin.authorizedJIDs", StringUtils.collectionToString(adminList));
+    }
+
+    /**
+     * The default provider is not read only
+     * @see org.jivesoftware.openfire.admin.AdminProvider#isReadOnly()
+     */
+    public boolean isReadOnly() {
+        return false;
+    }
+
+    /**
+     * Converts the old openfire.xml style admin list to use the new provider mechanism.
+     */
+    private void convertXMLToProvider() {
+        if (JiveGlobals.getXMLProperty("admin.authorizedJIDs") == null &&
+                JiveGlobals.getXMLProperty("admin.authorizedUsernames") == null &&
+                JiveGlobals.getXMLProperty("adminConsole.authorizedUsernames") == null) {
+            // No settings in openfire.xml.
+            return;
+        }
+
+        List<JID> adminList = new ArrayList<JID>();
+
+        // Add bare JIDs of users that are admins (may include remote users), primarily used to override/add to list of admin users
+        String jids = JiveGlobals.getXMLProperty("admin.authorizedJIDs");
+        jids = (jids == null || jids.trim().length() == 0) ? "" : jids;
+        StringTokenizer tokenizer = new StringTokenizer(jids, ",");
+        while (tokenizer.hasMoreTokens()) {
+            String jid = tokenizer.nextToken().toLowerCase().trim();
+            try {
+                adminList.add(new JID(jid));
+            }
+            catch (IllegalArgumentException e) {
+                Log.warn("Invalid JID found in authorizedJIDs at openfire.xml: " + jid, e);
+            }
+        }
+
+        // Add the JIDs of the local users that are admins, primarily used to override/add to list of admin users
+        String usernames = JiveGlobals.getXMLProperty("admin.authorizedUsernames");
+        if (usernames == null) {
+            // Fall back to old method for defining admins (i.e. using adminConsole prefix
+            usernames = JiveGlobals.getXMLProperty("adminConsole.authorizedUsernames");
+        }
+        // Add default of admin user if no other users were listed as admins.
+        usernames = (usernames == null || usernames.trim().length() == 0) ? (adminList.size() == 0 ? "admin" : "") : usernames;
+        tokenizer = new StringTokenizer(usernames, ",");
+        while (tokenizer.hasMoreTokens()) {
+            String username = tokenizer.nextToken();
+            try {
+                adminList.add(XMPPServer.getInstance().createJID(username.toLowerCase().trim(), null));
+            }
+            catch (IllegalArgumentException e) {
+                // Ignore usernames that when appended @server.com result in an invalid JID
+                Log.warn("Invalid username found in authorizedUsernames at openfire.xml: " +
+                        username, e);
+            }
+        }
+        setAdmins(adminList);
+
+        // Clear out old XML property settings
+        JiveGlobals.deleteXMLProperty("admin.authorizedJIDs");
+        JiveGlobals.deleteXMLProperty("admin.authorizedUsernames");
+        JiveGlobals.deleteXMLProperty("adminConsole.authorizedUsernames");
+    }
+
+}
--- a/src/java/org/jivesoftware/openfire/clearspace/ClearspaceAdminProvider.java
+++ b/src/java/org/jivesoftware/openfire/clearspace/ClearspaceAdminProvider.java
+/**
+ * $Revision$
+ * $Date$
+ *
+ * Copyright (C) 2008 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+package org.jivesoftware.openfire.clearspace;
+
+import org.jivesoftware.openfire.admin.AdminProvider;
+import static org.jivesoftware.openfire.clearspace.ClearspaceManager.HttpType.GET;
+import static org.jivesoftware.openfire.clearspace.WSUtils.parseStringArray;
+import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.openfire.user.UserNotFoundException;
+import org.jivesoftware.util.Log;
+import org.xmpp.packet.JID;
+import org.dom4j.Element;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * Handles retrieving list of admins from Clearspace.
+ *
+ * @author Daniel Henninger
+ */
+public class ClearspaceAdminProvider implements AdminProvider {
+
+    // The UserService webservice url prefix
+    protected static final String PERMISSION_URL_PREFIX = "permissionService/";
+
+    long SYSTEM_ADMIN_PERM = 0x800000000000000L;
+
+    public ClearspaceAdminProvider() {
+
+    }
+
+    /**
+     * The clearspace provider pulls the admin list from the userPermissions web service
+     * @see org.jivesoftware.openfire.admin.AdminProvider#getAdmins()
+     */
+    public List<JID> getAdmins() {
+        // This is a stub for now while we work out issues in Clearspace's permissions web service
+        // For now, we will return an empty list, indicating that "admin" is ok for admin console login.
+        return new ArrayList<JID>();
+
+//        try {
+//            String path = PERMISSION_URL_PREFIX + "userPermissions/"+SYSTEM_ADMIN_PERM+"/true";
+//            Log.debug("ClearspaceAdminProvider: permissions query url is: "+path);
+//            Element element = ClearspaceManager.getInstance().executeRequest(GET, path);
+//
+//            List<JID> admins = new ArrayList<JID>();
+//            for (String idStr : parseStringArray(element)) {
+//                Log.debug("Admin provider got ID number "+idStr);
+//                Long id = Long.valueOf(idStr);
+//                try {
+//                    String username = ClearspaceManager.getInstance().getUsernameByID(id);
+//                    Log.debug("Admin provider mapped to username "+username);
+//                    admins.add(XMPPServer.getInstance().createJID(username, null));
+//                }
+//                catch (UserNotFoundException e) {
+//                    // Hrm.  Got a response back that turned out not to exist?  This is "broken".
+//                }
+//            }
+//            return admins;
+//        } catch (Exception e) {
+//            // It is not supported exception, wrap it into an UnsupportedOperationException
+//            throw new UnsupportedOperationException("Unexpected error", e);
+//        }
+    }
+
+    /**
+     * The clearspace provider does not allow setting admin lists from this interface
+     * @see org.jivesoftware.openfire.admin.AdminProvider#setAdmins(java.util.List)  
+     */
+    public void setAdmins(List<JID> admins) {
+        // Silently do nothing.  This shouldn't come up, but more inportantly, we don't want to bother Clearspace.
+    }
+
+    /**
+     * The clearspace provider is read only
+     * @see org.jivesoftware.openfire.admin.AdminProvider#isReadOnly()
+     */
+    public boolean isReadOnly() {
+        return false;
+    }
+
+}
--- a/src/java/org/jivesoftware/openfire/clearspace/ClearspaceManager.java
+++ b/src/java/org/jivesoftware/openfire/clearspace/ClearspaceManager.java
@@ -111,6 +111,7 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
    private int port;
    private String sharedSecret;
    private Map<String, Long> userIDCache;
+    private Map<Long, String> usernameCache;
    private Map<String, Long> groupIDCache;
    /**
     * Records transcripts for group chat rooms in Clearspace.
@@ -227,6 +228,7 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
        // Creates the cache maps
        userIDCache = new DefaultCache<String, Long>("clearspace.userid", 1000, JiveConstants.DAY);
        groupIDCache = new DefaultCache<String, Long>("clearspace.groupid", 1000, JiveConstants.DAY);
+        usernameCache = new DefaultCache<Long, String>("clearspace.username", 1000, JiveConstants.DAY);


        if (Log.isDebugEnabled()) {
@@ -815,6 +817,39 @@ public class ClearspaceManager extends BasicModule implements ExternalComponentM
        return getUserID(username);
    }

+    /**
+     * Returns the Clearspace username of the user by id.
+     *
+     * @param id ID to retrieve Username of.
+     * @return The username of the user in Clearspace.
+     * @throws org.jivesoftware.openfire.user.UserNotFoundException
+     *          If the user was not found.
+     */
+    protected String getUsernameByID(Long id) throws UserNotFoundException {
+        // Checks if it is in the cache
+        if (usernameCache.containsKey(id)) {
+            return usernameCache.get(id);
+        }
+
+        // Gets the user's ID from Clearspace
+        try {
+            String path = ClearspaceUserProvider.USER_URL_PREFIX + "usersByID/" + id;
+            Element element = executeRequest(org.jivesoftware.openfire.clearspace.ClearspaceManager.HttpType.GET, path);
+
+            String username = WSUtils.getElementText(element.selectSingleNode("return"), "username"); // TODO: is this right?
+
+            usernameCache.put(id, username);
+
+            return username;
+        } catch (UserNotFoundException unfe) {
+            // It is a supported exception, throw it again
+            throw unfe;
+        } catch (Exception e) {
+            // It is not a supported exception, wrap it into a UserNotFoundException
+            throw new UserNotFoundException("Unexpected error", e);
+        }
+    }
+
    /**
     * Returns the Clearspace group id of the group.
     *

--- a/src/java/org/jivesoftware/openfire/commands/AdHocCommand.java
+++ b/src/java/org/jivesoftware/openfire/commands/AdHocCommand.java
@@ -12,6 +12,7 @@ package org.jivesoftware.openfire.commands;

 import org.dom4j.Element;
 import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.openfire.admin.AdminManager;
 import org.xmpp.packet.JID;

 import java.util.List;
@@ -65,13 +66,7 @@ public abstract class AdHocCommand {
     * @return true if the requester is allowed to execute this command.
     */
    public boolean hasPermission(JID requester) {
-        String requesterBareJID = requester.toBareJID();
-        for (JID adminJID : XMPPServer.getInstance().getAdmins()) {
-            if (adminJID.toBareJID().equals(requesterBareJID)) {
-                return true;
-            }
-        }
-        return false;
+        return AdminManager.getInstance().isUserAdmin(requester, false);
    }

    /**

--- a/src/java/org/jivesoftware/openfire/pubsub/PubSubModule.java
+++ b/src/java/org/jivesoftware/openfire/pubsub/PubSubModule.java
@@ -437,7 +437,8 @@ public class PubSubModule extends BasicModule implements ServerItemsProvider, Di
        if (nodes.isEmpty()) {
            // Create root collection node
            String creator = JiveGlobals.getProperty("xmpp.pubsub.root.creator");
-            JID creatorJID = creator != null ? new JID(creator) : server.getAdmins().iterator().next();
+//            JID creatorJID = creator != null ? new JID(creator) : server.getAdmins().iterator().next();
+            JID creatorJID = creator != null ? new JID(creator) : new JID(server.getServerInfo().getXMPPDomain());
            rootCollectionNode = new CollectionNode(this, null, rootNodeID, creatorJID);
            // Add the creator as the node owner
            rootCollectionNode.addOwner(creatorJID);

--- a/src/web/images/star-16x16.gif
+++ b/src/web/images/star-16x16.gif
--- a/src/web/login.jsp
+++ b/src/web/login.jsp
@@ -4,18 +4,17 @@
  -	$Date$
 --%>

-<%@ page import="java.util.*,
-                 org.jivesoftware.openfire.auth.AuthToken,
+<%@ page import="org.jivesoftware.openfire.auth.AuthToken,
                 org.jivesoftware.openfire.auth.AuthFactory,
                 org.jivesoftware.openfire.auth.UnauthorizedException,
                 org.jivesoftware.admin.AdminConsole"
    errorPage="error.jsp"
 %>
 <%@ page import="org.jivesoftware.util.*"%>
-<%@ page import="org.jivesoftware.openfire.XMPPServer"%>
 <%@ page import="org.xmpp.packet.JID"%>
 <%@ page import="org.jivesoftware.openfire.container.AdminConsolePlugin" %>
 <%@ page import="org.jivesoftware.openfire.cluster.ClusterManager" %>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -24,16 +23,7 @@
 <jsp:useBean id="admin" class="org.jivesoftware.util.WebManager"  />
 <% admin.init(request, response, session, application, out ); %>

-<%! // List of allowed usernames:
-    static Map<String, String> authorizedUsernames = new HashMap<String, String>();
-    static {
-        for (JID jid : XMPPServer.getInstance().getAdmins()) {
-            // Only allow local users to log into the admin console
-            if (XMPPServer.getInstance().isLocal(jid)) {
-                authorizedUsernames.put(jid.getNode(), jid.getNode());
-            }
-        }
-    }
+<%!
    static String go(String url) {
        if (url == null) {
            return "index.jsp";
@@ -77,15 +67,8 @@

    if (ParamUtils.getBooleanParameter(request, "login")) {
        try {
-            if (authorizedUsernames != null && !authorizedUsernames.isEmpty()) {
-                if (!authorizedUsernames.containsKey(username)) {
-                    throw new UnauthorizedException("User '" + username + "' no allowed to login.");
-                }
-            }
-            else {
-                if (!"admin".equals(username)) {
-                    throw new UnauthorizedException("Only user 'admin' may login.");
-                }
+            if (!AdminManager.getInstance().isUserAdmin(username, true)) {
+                throw new UnauthorizedException("User '" + username + "' not allowed to login.");
            }
            if (secret != null && nodeID != null) {
                if (StringUtils.hash(AdminConsolePlugin.secret).equals(secret) && ClusterManager.isClusterMember(Base64.decode(nodeID, Base64.URL_SAFE))) {

--- a/src/web/setup/clearspace-integration.jspf
+++ b/src/web/setup/clearspace-integration.jspf
@@ -59,6 +59,8 @@
                        "org.jivesoftware.openfire.clearspace.ClearspaceLockOutProvider");
                JiveGlobals.setXMLProperty("provider.securityAudit.className",
                        "org.jivesoftware.openfire.clearspace.ClearspaceSecurityAuditProvider");
+                JiveGlobals.setXMLProperty("provider.admin.className",
+                        "org.jivesoftware.openfire.clearspace.ClearspaceAdminProvider");

                // Redirect to next step.
                response.sendRedirect(nextPage);

--- a/src/web/setup/setup-admin-settings.jsp
+++ b/src/web/setup/setup-admin-settings.jsp
--- a/src/web/setup/setup-clearspace-integration.jsp
+++ b/src/web/setup/setup-clearspace-integration.jsp
@@ -11,8 +11,9 @@
    boolean initialSetup = true;
    String currentPage = "setup-clearspace-integration.jsp";
    String testPage = "setup-clearspace-integration_test.jsp";
-    String nextPage = "setup-admin-settings.jsp?clearspace=true";
+    String nextPage = "setup-finished.jsp";
    Map<String, String> meta = new HashMap<String, String>();
    meta.put("currentStep", "3");
+    JiveGlobals.setXMLProperty("setup","true");
 %>
 <%@ include file="clearspace-integration.jspf" %>
--- a/src/web/setup/setup-finished.jsp
+++ b/src/web/setup/setup-finished.jsp
@@ -11,6 +11,9 @@
                 org.jivesoftware.openfire.XMPPServer"
 %>
 <%@ page import="org.jivesoftware.util.LocaleUtils"%>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>
+<%@ page import="org.xmpp.packet.JID" %>
+<%@ page import="java.util.List" %>

 <%
 	// Redirect if we've already run setup:
@@ -70,10 +73,14 @@
 	</p>

 <%
-    String authorizedUsernames = JiveGlobals.getXMLProperty("admin.authorizedUsernames");
-    String authorizedJIDS = JiveGlobals.getXMLProperty("admin.authorizedJIDs");
-
-    boolean useAdmin = authorizedJIDS == null  && authorizedUsernames == null;
+    boolean useAdmin = false;
+    try {
+        List<JID> authorizedJIDS = AdminManager.getInstance().getAdminAccounts();
+        useAdmin = authorizedJIDS == null || authorizedJIDS.isEmpty();
+    }
+    catch (Exception e) {
+        // We were not able to load the list of admins right now, so move on.
+    }
    String parameters = useAdmin ? "?username=admin" : "";

    // Figure out the URL that the user can use to login to the admin console.

--- a/src/web/user-create.jsp
+++ b/src/web/user-create.jsp
@@ -18,6 +18,7 @@
 <%@ page import="java.util.Map"%>
 <%@ page import="java.util.HashMap"%><%@ page import="org.xmpp.packet.JID"%>
 <%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -34,6 +35,7 @@
    String email = ParamUtils.getParameter(request,"email");
    String password = ParamUtils.getParameter(request,"password");
    String passwordConfirm = ParamUtils.getParameter(request,"passwordConfirm");
+    boolean isAdmin = ParamUtils.getBooleanParameter(request,"isadmin");

    Map<String, String> errors = new HashMap<String, String>();
    // Handle a cancel
@@ -88,9 +90,20 @@
        if (errors.size() == 0) {
            try {
                User newUser = webManager.getUserManager().createUser(username, password, name, email);
+
+                if (!AdminManager.getAdminProvider().isReadOnly()) {
+                    boolean isCurrentAdmin = AdminManager.getInstance().isUserAdmin(newUser.getUsername(), false);
+                    if (isCurrentAdmin && !isAdmin) {
+                        AdminManager.getInstance().removeAdminAccount(newUser.getUsername());
+                    }
+                    else if (!isCurrentAdmin && isAdmin) {
+                        AdminManager.getInstance().addAdminAccount(newUser.getUsername());
+                    }
+                }
+
                if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
                    // Log the event
-                    webManager.logEvent("created new user "+username, "name = "+name+", email = "+email);
+                    webManager.logEvent("created new user "+username, "name = "+name+", email = "+email+", admin = "+isAdmin);
                }

                // Successful, so redirect
@@ -229,7 +242,18 @@
 				 id="confpasstf">
 			</td>
 		</tr>
-		<tr>
+        <% if (!AdminManager.getAdminProvider().isReadOnly()) { %>
+        <tr>
+            <td class="c1">
+                <fmt:message key="user.create.isadmin" />
+            </td>
+            <td>
+                <input type="checkbox" name="isadmin">
+                (<fmt:message key="user.create.admin_info"/>)
+            </td>
+        </tr>
+        <% } %>
+        <tr>

 			<td colspan="2" style="padding-top: 10px;">
 				<input type="submit" name="create" value="<fmt:message key="user.create.create" />">

--- a/src/web/user-edit-form.jsp
+++ b/src/web/user-edit-form.jsp
@@ -17,6 +17,7 @@
 <%@ page import="org.jivesoftware.util.StringUtils" %>
 <%@ page import="java.util.Map" %>
 <%@ page import="java.util.HashMap" %>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -29,6 +30,7 @@
    String username = ParamUtils.getParameter(request,"username");
    String name = ParamUtils.getParameter(request,"name");
    String email = ParamUtils.getParameter(request,"email");
+    boolean isAdmin = ParamUtils.getBooleanParameter(request,"isadmin");
    Map<String, String> errors = new HashMap<String, String>();

    // Handle a cancel
@@ -58,9 +60,19 @@
        user.setEmail(email);
        user.setName(name);

+        if (!AdminManager.getAdminProvider().isReadOnly()) {
+            boolean isCurrentAdmin = AdminManager.getInstance().isUserAdmin(user.getUsername(), false);
+            if (isCurrentAdmin && !isAdmin) {
+                AdminManager.getInstance().removeAdminAccount(user.getUsername());
+            }
+            else if (!isCurrentAdmin && isAdmin) {
+                AdminManager.getInstance().addAdminAccount(user.getUsername());
+            }
+        }
+
        if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) {
            // Log the event
-            webManager.logEvent("edited user "+username, "set name = "+name+", email = "+email);
+            webManager.logEvent("edited user "+username, "set name = "+name+", email = "+email+", admin = "+isAdmin);
        }

        // Changes good, so redirect
@@ -152,6 +164,17 @@
                 value="<%= ((user.getEmail()!=null) ? user.getEmail() : "") %>">
            </td>
        </tr>
+        <% if (!AdminManager.getAdminProvider().isReadOnly()) { %>
+        <tr>
+            <td class="c1">
+                <fmt:message key="user.create.isadmin" />
+            </td>
+            <td>
+                <input type="checkbox" name="isadmin"<%= AdminManager.getInstance().isUserAdmin(user.getUsername(), false) ? " checked='checked'" : "" %>>
+                (<fmt:message key="user.create.admin_info"/>)
+            </td>
+        </tr>
+        <% } %>
    </tbody>
    </table>
    </div>

--- a/src/web/user-properties.jsp
+++ b/src/web/user-properties.jsp
@@ -21,6 +21,8 @@
 <%@ page import="java.util.Collection"%>
 <%@ page import="org.jivesoftware.openfire.user.UserManager"%><%@ page import="org.xmpp.packet.JID"%>
 <%@ page import="org.jivesoftware.openfire.lockout.NotLockedOutException" %>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>
+<%@ page import="org.jivesoftware.util.LocaleUtils" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -214,6 +216,14 @@
            <%  } %>
        </td>
    </tr>
+    <tr>
+        <td class="c1">
+            <fmt:message key="user.create.isadmin" />:
+        </td>
+        <td>
+            <%= AdminManager.getInstance().isUserAdmin(user.getUsername(), true) ? LocaleUtils.getLocalizedString("global.yes") : LocaleUtils.getLocalizedString("global.no") %>
+        </td>
+    </tr>
    <tr>
        <td class="c1">
            <fmt:message key="user.create.name" />:

--- a/src/web/user-summary.jsp
+++ b/src/web/user-summary.jsp
@@ -21,6 +21,7 @@
 <%@ page import="java.net.URLEncoder" %>
 <%@ page import="java.util.Collection" %>
 <%@ page import="org.jivesoftware.openfire.lockout.NotLockedOutException" %>
+<%@ page import="org.jivesoftware.openfire.admin.AdminManager" %>

 <%@ taglib uri="http://java.sun.com/jstl/core_rt" prefix="c" %>
 <%@ taglib uri="http://java.sun.com/jstl/fmt_rt" prefix="fmt" %>
@@ -191,6 +192,7 @@
        catch (NotLockedOutException e) {
            // Nothing, we're good.
        }
+        Boolean isAdmin = AdminManager.getInstance().isUserAdmin(user.getUsername(), false);
 %>
    <tr class="jive-<%= (((i%2)==0) ? "even" : "odd") %>">
        <td width="1%">
@@ -223,7 +225,8 @@
            <%  } %>
        </td>
        <td width="23%">
-            <a href="user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"><%= JID.unescapeNode(user.getUsername()) %></a>
+            <a href="user-properties.jsp?username=<%= URLEncoder.encode(user.getUsername(), "UTF-8") %>"<%= lockedOut ? " style='text-decoration: line-through underline;'" : "" %>><%= JID.unescapeNode(user.getUsername()) %></a>
+            <% if (isAdmin) { %><img src="/images/star-16x16.gif" height="16" width="16" align="top" alt="<fmt:message key='user.properties.isadmin'/>" title="<fmt:message key='user.properties.isadmin'/>"/><% } %>
            <% if (lockedOut) { %><img src="/images/forbidden-16x16.gif" height="16" width="16" align="top" alt="<fmt:message key='user.properties.locked'/>" title="<fmt:message key='user.properties.locked'/>"/><% } %>
            <% if (pendingLockOut) { %><img src="/images/warning-16x16.gif" height="16" width="16" align="top" alt="<fmt:message key='user.properties.locked_set'/>" title="<fmt:message key='user.properties.locked_set'/>"/><% } %>
        </td>