001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi.impl.ldap;
018:
019: import java.security.Principal;
020:
021: import javax.naming.NamingException;
022: import javax.naming.directory.Attributes;
023: import javax.naming.directory.BasicAttribute;
024: import javax.naming.directory.BasicAttributes;
025: import javax.naming.directory.DirContext;
026: import javax.naming.directory.SearchControls;
027:
028: import org.apache.commons.lang.StringUtils;
029: import org.apache.jetspeed.security.SecurityException;
030: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
031:
032: /**
033: * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a
034: * href="mailto:dlestrat@apache.org">David Le Strat</a>
035: */
036: public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl
037: implements LdapUserPrincipalDao {
038: private LdapMembershipDao membership;
039:
040: /**
041: * <p>
042: * Default constructor.
043: * </p>
044: *
045: * @throws SecurityException A {@link SecurityException}.
046: */
047: public LdapUserPrincipalDaoImpl() throws SecurityException {
048: super ();
049: membership = new LdapMemberShipDaoImpl();
050: }
051:
052: /**
053: * <p>
054: * Initializes the dao.
055: * </p>
056: *
057: * @param ldapConfig Holds the ldap binding configuration.
058: * @throws SecurityException A {@link SecurityException}.
059: */
060: public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig)
061: throws SecurityException {
062: super (ldapConfig);
063: membership = new LdapMemberShipDaoImpl(ldapConfig);
064: }
065:
066: /**
067: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
068: * java.lang.String)
069: */
070: public void addGroup(String userPrincipalUid,
071: String groupPrincipalUid) throws SecurityException {
072: if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
073: modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid,
074: DirContext.ADD_ATTRIBUTE);
075: else
076: modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid,
077: DirContext.ADD_ATTRIBUTE);
078:
079: }
080:
081: /**
082: * <p>
083: * Replace or delete the user group attribute.
084: * </p>
085: *
086: * @param userPrincipalUid
087: * @param groupPrincipalUid
088: * @param operationType whether to replace or remove the specified user group from the user
089: * @throws SecurityException A {@link SecurityException}.
090: */
091: private void modifyUserGroupByGroup(String userPrincipalUid,
092: String groupPrincipalUid, int operationType)
093: throws SecurityException {
094: validateUid(userPrincipalUid);
095: validateUid(groupPrincipalUid);
096:
097: try {
098:
099: Attributes attrs = new BasicAttributes(false);
100: attrs.put(getGroupMembershipAttribute(),
101: getUserDN(userPrincipalUid));
102:
103: ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false),
104: operationType, attrs);
105: } catch (NamingException e) {
106: throw new SecurityException(e);
107: }
108: }
109:
110: /**
111: * <p>
112: * Replace or delete the user group attribute.
113: * </p>
114: *
115: * @param userPrincipalUid
116: * @param groupPrincipalUid
117: * @param operationType whether to replace or remove the specified user group from the user
118: * @throws SecurityException A {@link SecurityException}.
119: */
120: private void modifyUserGroupByUser(String userPrincipalUid,
121: String groupPrincipalUid, int operationType)
122: throws SecurityException {
123: validateUid(userPrincipalUid);
124: validateUid(groupPrincipalUid);
125:
126: try {
127: Attributes attrs = new BasicAttributes(false);
128: attrs.put(getUserGroupMembershipAttribute(),
129: getGroupDN(groupPrincipalUid));
130:
131: ctx.modifyAttributes(getUserDN(userPrincipalUid, false),
132: operationType, attrs);
133:
134: } catch (NamingException e) {
135: throw new SecurityException(e);
136: }
137: }
138:
139: /**
140: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
141: * java.lang.String)
142: */
143: public void removeGroup(String userPrincipalUid,
144: String groupPrincipalUid) throws SecurityException {
145: if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
146: modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid,
147: DirContext.REMOVE_ATTRIBUTE);
148: else
149: modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid,
150: DirContext.REMOVE_ATTRIBUTE);
151:
152: }
153:
154: /**
155: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
156: * java.lang.String)
157: */
158: public void addRole(String userPrincipalUid, String rolePrincipalUid)
159: throws SecurityException {
160: if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
161: modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid,
162: DirContext.ADD_ATTRIBUTE);
163: else
164: modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid,
165: DirContext.ADD_ATTRIBUTE);
166: }
167:
168: /**
169: * <p>
170: * Replace or delete the role attribute.
171: *
172: * </p>
173: *
174: * @param userPrincipalUid
175: * @param rolePrincipalUid
176: * @param operationType whether to replace or remove the specified user group from the user
177: * @throws SecurityException A {@link SecurityException}.
178: */
179: private void modifyUserRoleByUser(String userPrincipalUid,
180: String rolePrincipalUid, int operationType)
181: throws SecurityException {
182: validateUid(userPrincipalUid);
183: validateUid(rolePrincipalUid);
184:
185: try {
186: Attributes attrs = new BasicAttributes(false);
187: attrs.put(getUserRoleMembershipAttribute(),
188: getRoleDN(rolePrincipalUid));
189:
190: ctx.modifyAttributes(getUserDN(userPrincipalUid, false),
191: operationType, attrs);
192: } catch (NamingException e) {
193: throw new SecurityException(e);
194: }
195: }
196:
197: /**
198: * <p>
199: * Replace or delete the role attribute.
200: *
201: * </p>
202: *
203: * @param userPrincipalUid
204: * @param rolePrincipalUid
205: * @param operationType whether to replace or remove the specified user group from the user
206: * @throws SecurityException A {@link SecurityException}.
207: */
208: private void modifyUserRoleByRole(String userPrincipalUid,
209: String rolePrincipalUid, int operationType)
210: throws SecurityException {
211: validateUid(userPrincipalUid);
212: validateUid(rolePrincipalUid);
213:
214: try {
215: Attributes attrs = new BasicAttributes(false);
216: attrs.put(getRoleMembershipAttribute(),
217: getUserDN(userPrincipalUid));
218:
219: ctx.modifyAttributes(getRoleDN(rolePrincipalUid, false),
220: operationType, attrs);
221: } catch (NamingException e) {
222: throw new SecurityException(e);
223: }
224: }
225:
226: /**
227: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
228: * java.lang.String)
229: */
230: public void removeRole(String userPrincipalUid,
231: String rolePrincipalUid) throws SecurityException {
232: if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
233: modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid,
234: DirContext.REMOVE_ATTRIBUTE);
235: else
236: modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid,
237: DirContext.REMOVE_ATTRIBUTE);
238: }
239:
240: /**
241: * <p>
242: * A template method for defining the attributes for a particular LDAP class.
243: * </p>
244: *
245: * @param principalUid The principal uid.
246: * @return the LDAP attributes object for the particular class.
247: */
248: protected Attributes defineLdapAttributes(final String principalUid) {
249: Attributes attrs = new BasicAttributes(true);
250: BasicAttribute classes = new BasicAttribute("objectclass");
251:
252: for (int i = 0; i < getObjectClasses().length; i++)
253: classes.add(getObjectClasses()[i]);
254: attrs.put(classes);
255:
256: for (int i = 0; i < getAttributes().length; i++)
257: attrs.put(parseAttr(getAttributes()[i], principalUid)[0],
258: parseAttr(getAttributes()[i], principalUid)[1]);
259:
260: attrs.put(getEntryPrefix(), principalUid);
261:
262: return attrs;
263: }
264:
265: /**
266: * <p>
267: * Creates a GroupPrincipal object.
268: * </p>
269: *
270: * @param principalUid The principal uid.
271: * @return A group principal object.
272: */
273: protected Principal makePrincipal(String principalUid) {
274: return new UserPrincipalImpl(principalUid);
275: }
276:
277: /**
278: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
279: * java.lang.String)
280: */
281: public void addRoleToGroup(String groupPrincipalUid,
282: String rolePrincipalUid) throws SecurityException {
283: if (!StringUtils
284: .isEmpty(getRoleGroupMembershipForRoleAttribute()))
285: modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid,
286: DirContext.ADD_ATTRIBUTE);
287: else
288: modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid,
289: DirContext.ADD_ATTRIBUTE);
290:
291: }
292:
293: /**
294: * <p>
295: * Replace or delete the user group attribute.
296: * </p>
297: *
298: * @param userPrincipalUid
299: * @param groupPrincipalUid
300: * @param operationType whether to replace or remove the specified user group from the user
301: * @throws SecurityException A {@link SecurityException}.
302: */
303: private void modifyRoleGroupByRole(String groupPrincipalUid,
304: String rolePrincipalUid, int operationType)
305: throws SecurityException {
306: validateUid(groupPrincipalUid);
307: validateUid(rolePrincipalUid);
308: try {
309:
310: Attributes attrs = new BasicAttributes(false);
311: attrs.put(getRoleGroupMembershipForRoleAttribute(),
312: getGroupDN(groupPrincipalUid));
313:
314: ctx.modifyAttributes(getRoleDN(rolePrincipalUid, false),
315: operationType, attrs);
316: } catch (NamingException e) {
317: throw new SecurityException(e);
318: }
319: }
320:
321: /**
322: * <p>
323: * Replace or delete the user group attribute.
324: * </p>
325: *
326: * @param userPrincipalUid
327: * @param groupPrincipalUid
328: * @param operationType whether to replace or remove the specified user group from the user
329: * @throws SecurityException A {@link SecurityException}.
330: */
331: private void modifyRoleGroupByGroup(String groupPrincipalUid,
332: String rolePrincipalUid, int operationType)
333: throws SecurityException {
334: validateUid(groupPrincipalUid);
335: validateUid(rolePrincipalUid);
336: try {
337: Attributes attrs = new BasicAttributes(false);
338: attrs.put(getGroupMembershipForRoleAttribute(),
339: getRoleDN(rolePrincipalUid));
340:
341: ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false),
342: operationType, attrs);
343: } catch (NamingException e) {
344: throw new SecurityException(e);
345: }
346: }
347:
348: /**
349: * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
350: * java.lang.String)
351: */
352: public void removeRoleFromGroup(String groupPrincipalUid,
353: String rolePrincipalUid) throws SecurityException {
354:
355: if (!StringUtils
356: .isEmpty(getRoleGroupMembershipForRoleAttribute()))
357: modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid,
358: DirContext.REMOVE_ATTRIBUTE);
359: else
360: modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid,
361: DirContext.REMOVE_ATTRIBUTE);
362:
363: }
364:
365: /**
366: *
367: * Return the list of group IDs for a particular user
368: *
369: * @param userPrincipalUid
370: * @return the array of group uids asociated with this user
371: * @throws SecurityException
372: */
373: public String[] getGroupUidsForUser(String userPrincipalUid)
374: throws SecurityException {
375: validateUid(userPrincipalUid);
376: SearchControls cons = setSearchControls();
377: try {
378: if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
379: return membership.searchGroupMemberShipByUser(
380: userPrincipalUid, cons);
381: }
382: return membership.searchGroupMemberShipByGroup(
383: userPrincipalUid, cons);
384:
385: } catch (NamingException e) {
386: throw new SecurityException(e);
387: }
388: }
389:
390: /**
391: * <p>
392: * Return an array of the roles that belong to a group.
393: * </p>
394: *
395: * @param groupPrincipalUid The group principal uid.
396: * @return The array of user uids asociated with this group
397: * @throws SecurityException A {@link SecurityException}.
398: */
399: public String[] getRolesForGroup(String groupPrincipalUid)
400: throws SecurityException {
401: {
402: validateUid(groupPrincipalUid);
403: SearchControls cons = setSearchControls();
404: try {
405: if (!StringUtils
406: .isEmpty(getRoleGroupMembershipForRoleAttribute())) {
407: return membership.searchRolesFromGroupByRole(
408: groupPrincipalUid, cons);
409: }
410: return membership.searchRolesFromGroupByGroup(
411: groupPrincipalUid, cons);
412: } catch (NamingException e) {
413: throw new SecurityException(e);
414: }
415: }
416: }
417:
418: /**
419: *
420: * Returns the role IDs for a particular user
421: *
422: * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
423: *
424: * @param userPrincipalUid
425: * @return the array of group uids asociated with this user
426: * @throws SecurityException
427: */
428: public String[] getRoleUidsForUser(String userPrincipalUid)
429: throws SecurityException {
430: validateUid(userPrincipalUid);
431: SearchControls cons = setSearchControls();
432: try {
433: if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
434: return membership.searchRoleMemberShipByUser(
435: userPrincipalUid, cons);
436: }
437: return membership.searchRoleMemberShipByRole(
438: userPrincipalUid, cons);
439: } catch (NamingException e) {
440: throw new SecurityException(e);
441: }
442: }
443:
444: /**
445: * <p>
446: * Return an array of the user principal UIDS that belong to a group.
447: * </p>
448: *
449: * @param groupPrincipalUid The group principal uid.
450: * @return The array of user uids asociated with this group
451: * @throws SecurityException A {@link SecurityException}.
452: */
453: public String[] getUserUidsForGroup(String groupPrincipalUid)
454: throws SecurityException {
455:
456: validateUid(groupPrincipalUid);
457: SearchControls cons = setSearchControls();
458: try {
459: if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
460: return membership.searchUsersFromGroupByUser(
461: groupPrincipalUid, cons);
462: }
463: return membership.searchUsersFromGroupByGroup(
464: groupPrincipalUid, cons);
465: } catch (NamingException e) {
466: throw new SecurityException(e);
467: }
468: }
469:
470: /**
471: * <p>
472: * Return an array of the user principal UIDS that belong to a group.
473: * </p>
474: *
475: * @param groupPrincipalUid The group principal uid.
476: * @return The array of user uids asociated with this group
477: * @throws SecurityException A {@link SecurityException}.
478: */
479: public String[] getUserUidsForRole(String rolePrincipalUid)
480: throws SecurityException {
481: validateUid(rolePrincipalUid);
482: SearchControls cons = setSearchControls();
483: try {
484: if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
485: return membership.searchUsersFromRoleByUser(
486: rolePrincipalUid, cons);
487: }
488: return membership.searchUsersFromRoleByRole(
489: rolePrincipalUid, cons);
490: } catch (NamingException e) {
491: throw new SecurityException(e);
492: }
493: }
494:
495: protected String[] getObjectClasses() {
496: return this .getUserObjectClasses();
497: }
498:
499: protected String[] getAttributes() {
500: return this .getUserAttributes();
501: }
502:
503: protected String getUidAttributeForPrincipal() {
504: return this .getUserUidAttribute();
505: }
506:
507: protected String getEntryPrefix() {
508: return this .getUserIdAttribute();
509: }
510:
511: protected String getSearchSuffix() {
512: return this .getUserFilter();
513: }
514:
515: protected String getDnSuffix() {
516: return this.getUserFilterBase();
517: }
518:
519: }
|