private String[] updateUserRoles(Role role, List<String> selectedUsers, Realm realm)
      throws Exception {
    UserDatabase userDatabase = UserDatabaseManager.getInstance().getUserDatabase(realm);
    User[] usersInRole = userDatabase.getUsersInRole(role);

    Collection<String> usersNotRemoved = new TreeSet<String>();
    for (User user : usersInRole) {
      String principalName = user.getPrincipalName();
      if (selectedUsers.contains(principalName)) {
        // role is already assigned so make sure this don't happen again
        selectedUsers.remove(principalName);
      } else {
        Role[] updatedRoles = removeRole(role, user.getRoles());
        try {
          userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles);
        } catch (GroupsRequiredForUserException e) {
          usersNotRemoved.add(principalName);
        }
      }
    }

    for (String principalName : selectedUsers) {
      User user = userDatabase.getAccount(principalName);
      Role[] updatedRoles = addRole(role, user.getRoles());
      userDatabase.updateAccount(user, user.getEmail(), user.getFullname(), updatedRoles);
    }
    return usersNotRemoved.toArray(new String[usersNotRemoved.size()]);
  }
  /**
   * Edit an existing role. The role to edit must be placed in the request attribute
   *
   * @param mapping mapping
   * @param form form
   * @param request request
   * @param response response
   * @return forward
   * @throws Exception on any error
   */
  public ActionForward edit(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {
    Role role = (Role) request.getAttribute(Constants.EDITING_ITEM);
    if (role == null) {
      throw new Exception("No role configured for editing.");
    }
    PolicyUtil.checkPermission(
        PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
        PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
        request);
    SessionInfo sessionInfo = getSessionInfo(request);
    UserDatabase userDatabase =
        UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
    List<User> users = Arrays.asList(userDatabase.getUsersInRole(role));

    RoleForm roleForm = (RoleForm) form;
    roleForm.initialize(users);
    roleForm.setRolename(role.getPrincipalName());
    roleForm.setReferer(CoreUtil.getReferer(request));
    roleForm.setEditing();
    CoreUtil.addRequiredFieldMessage(this, request);
    return mapping.findForward("display");
  }
 /* (non-Javadoc)
  * @see com.adito.extensions.types.Plugin#startPlugin(com.adito.extensions.types.PluginDefinition, com.adito.extensions.ExtensionDescriptor, org.jdom.Element)
  */
 public void startPlugin(
     PluginDefinition definition, ExtensionDescriptor descriptor, Element element)
     throws ExtensionException {
   super.startPlugin(definition, descriptor, element);
   UserDatabaseDefinition databaseDefinition =
       new UserDatabaseDefinition(
           ActiveDirectoryUserDatabase.class, "activeDirectory", "activeDirectory", 80);
   UserDatabaseManager.getInstance().registerDatabase(databaseDefinition);
 }
 private void createRole(RoleForm roleForm, SessionInfo sessionInfo) throws Exception {
   UserDatabase userDatabase =
       UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
   try {
     Role role = userDatabase.createRole(roleForm.getRolename());
     List<String> selectedUsers = roleForm.getUserList();
     updateUserRoles(role, selectedUsers, userDatabase.getRealm());
     fireSuccessfulEvent(sessionInfo, CoreEventConstants.GROUP_CREATED, role, selectedUsers);
   } catch (Exception expt) {
     fireUnsuccessfulEvent(roleForm, sessionInfo, CoreEventConstants.GROUP_CREATED, expt);
     throw expt;
   }
 }
 /**
  * Create a new role.
  *
  * @param mapping mapping
  * @param form form
  * @param request request
  * @param response response
  * @return forward
  * @throws Exception on any error
  */
 public ActionForward create(
     ActionMapping mapping,
     ActionForm form,
     HttpServletRequest request,
     HttpServletResponse response)
     throws Exception {
   SessionInfo sessionInfo = getSessionInfo(request);
   UserDatabase userDatabase =
       UserDatabaseManager.getInstance().getUserDatabase(sessionInfo.getUser().getRealm());
   if (!userDatabase.supportsAccountCreation()) {
     throw new Exception("The underlying user database does not support role creation.");
   }
   PolicyUtil.checkPermission(
       PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE,
       PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN,
       request);
   RoleForm roleForm = (RoleForm) form;
   roleForm.initialize(Collections.<User>emptyList());
   roleForm.setReferer(CoreUtil.getReferer(request));
   CoreUtil.addRequiredFieldMessage(this, request);
   return mapping.findForward("display");
 }