0001: package org.apache.turbine.services.security.ldap;
0002:
0003: /*
0004: * Copyright 2001-2005 The Apache Software Foundation.
0005: *
0006: * Licensed under the Apache License, Version 2.0 (the "License")
0007: * you may not use this file except in compliance with the License.
0008: * You may obtain a copy of the License at
0009: *
0010: * http://www.apache.org/licenses/LICENSE-2.0
0011: *
0012: * Unless required by applicable law or agreed to in writing, software
0013: * distributed under the License is distributed on an "AS IS" BASIS,
0014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015: * See the License for the specific language governing permissions and
0016: * limitations under the License.
0017: */
0018:
0019: import java.util.Hashtable;
0020: import java.util.Iterator;
0021: import java.util.Vector;
0022: import javax.naming.NameAlreadyBoundException;
0023: import javax.naming.NamingEnumeration;
0024: import javax.naming.NamingException;
0025: import javax.naming.directory.Attribute;
0026: import javax.naming.directory.Attributes;
0027: import javax.naming.directory.BasicAttribute;
0028: import javax.naming.directory.BasicAttributes;
0029: import javax.naming.directory.DirContext;
0030: import javax.naming.directory.SearchControls;
0031: import javax.naming.directory.SearchResult;
0032:
0033: import org.apache.commons.logging.Log;
0034: import org.apache.commons.logging.LogFactory;
0035: import org.apache.torque.util.Criteria;
0036: import org.apache.turbine.om.security.Group;
0037: import org.apache.turbine.om.security.Permission;
0038: import org.apache.turbine.om.security.Role;
0039: import org.apache.turbine.om.security.TurbineGroup;
0040: import org.apache.turbine.om.security.TurbinePermission;
0041: import org.apache.turbine.om.security.TurbineRole;
0042: import org.apache.turbine.om.security.User;
0043: import org.apache.turbine.services.security.BaseSecurityService;
0044: import org.apache.turbine.services.security.TurbineSecurity;
0045: import org.apache.turbine.util.security.AccessControlList;
0046: import org.apache.turbine.util.security.DataBackendException;
0047: import org.apache.turbine.util.security.EntityExistsException;
0048: import org.apache.turbine.util.security.GroupSet;
0049: import org.apache.turbine.util.security.PermissionSet;
0050: import org.apache.turbine.util.security.RoleSet;
0051: import org.apache.turbine.util.security.UnknownEntityException;
0052:
0053: /**
0054: * An implementation of SecurityService that uses LDAP as a backend.
0055: *
0056: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0057: * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi </a>
0058: * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
0059: * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
0060: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
0061: * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
0062: * @version $Id: LDAPSecurityService.java 264148 2005-08-29 14:21:04Z henning $
0063: */
0064: public class LDAPSecurityService extends BaseSecurityService {
0065:
0066: /** Logging */
0067: private static Log log = LogFactory
0068: .getLog(LDAPSecurityService.class);
0069:
0070: /*
0071: * -----------------------------------------------------------------------
0072: * C R E A T I O N O F A C C E S S C O N T R O L L I S T
0073: * -----------------------------------------------------------------------
0074: */
0075:
0076: /**
0077: * Constructs an AccessControlList for a specific user.
0078: *
0079: * This method creates a snapshot of the state of security information
0080: * concerning this user, at the moment of invocation and stores it
0081: * into an AccessControlList object.
0082: *
0083: * @param user the user for whom the AccessControlList are to be retrieved
0084: * @throws DataBackendException if there was an error accessing the backend.
0085: * @throws UnknownEntityException if user account is not present.
0086: * @return an AccessControlList for a specific user.
0087: */
0088: public AccessControlList getACL(User user)
0089: throws DataBackendException, UnknownEntityException {
0090: if (!TurbineSecurity.accountExists(user)) {
0091: throw new UnknownEntityException("The account '"
0092: + user.getName() + "' does not exist");
0093: }
0094: try {
0095: Hashtable roles = new Hashtable();
0096: Hashtable permissions = new Hashtable();
0097:
0098: // notify the state modifiers (writers) that we want to create
0099: // the snapshot.
0100: lockShared();
0101:
0102: // construct the snapshot:
0103: // foreach group in the system
0104: Iterator groupsIterator = getAllGroups().iterator();
0105:
0106: while (groupsIterator.hasNext()) {
0107: Group group = (Group) groupsIterator.next();
0108:
0109: // get roles of user in the group
0110: RoleSet groupRoles = getRoles(user, group);
0111:
0112: // put the Set into roles(group)
0113: roles.put(group, groupRoles);
0114: // collect all permissoins in this group
0115: PermissionSet groupPermissions = new PermissionSet();
0116: // foreach role in Set
0117: Iterator rolesIterator = groupRoles.iterator();
0118:
0119: while (rolesIterator.hasNext()) {
0120: Role role = (Role) rolesIterator.next();
0121: // get permissions of the role
0122: PermissionSet rolePermissions = getPermissions(role);
0123:
0124: groupPermissions.add(rolePermissions);
0125: }
0126: // put the Set into permissions(group)
0127: permissions.put(group, groupPermissions);
0128: }
0129: return getAclInstance(roles, permissions);
0130: } catch (Exception e) {
0131: throw new DataBackendException(
0132: "Failed to build ACL for user '" + user.getName()
0133: + "'", e);
0134: } finally {
0135: // notify the state modifiers that we are done creating
0136: // the snapshot.
0137: unlockShared();
0138: }
0139: }
0140:
0141: /*
0142: * -----------------------------------------------------------------------
0143: * S E C U R I T Y M A N A G E M E N T
0144: * -----------------------------------------------------------------------
0145: */
0146:
0147: /**
0148: * Grant an User a Role in a Group.
0149: *
0150: * @param user the user.
0151: * @param group the group.
0152: * @param role the role.
0153: * @throws DataBackendException if there was an error accessing the backend.
0154: * @throws UnknownEntityException if user account, group or role
0155: * is not present.
0156: */
0157: public synchronized void grant(User user, Group group, Role role)
0158: throws DataBackendException, UnknownEntityException {
0159: try {
0160: lockExclusive();
0161:
0162: String userName = user.getName();
0163: String roleName = role.getName();
0164: String groupName = group.getName();
0165:
0166: if (!accountExists(user)) {
0167: throw new UnknownEntityException("User '" + userName
0168: + "' does not exist");
0169: }
0170:
0171: if (!checkExists(role)) {
0172: throw new UnknownEntityException("Role '" + roleName
0173: + "' does not exist");
0174: }
0175:
0176: if (!checkExists(group)) {
0177: throw new UnknownEntityException("Group '" + groupName
0178: + "' does not exist");
0179: }
0180:
0181: // Make the distinguished name.
0182: String dn = "turbineGroupName=" + groupName + ","
0183: + LDAPSecurityConstants.getNameAttribute() + "="
0184: + userName + ","
0185: + LDAPSecurityConstants.getBaseSearch();
0186:
0187: // Connect to LDAP.
0188: DirContext ctx = LDAPUserManager.bindAsAdmin();
0189:
0190: // Make the attributes.
0191: Attributes attrs = new BasicAttributes();
0192:
0193: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0194: attrs.put(new BasicAttribute("objectClass",
0195: "turbineUserGroup"));
0196: attrs.put(new BasicAttribute("turbineUserUniqueId",
0197: userName));
0198: try {
0199: // Add the turbineUserGroup.
0200: ctx.bind(dn, null, attrs);
0201: } catch (NameAlreadyBoundException ex) {
0202: // Since turbineUserGroup had already been created
0203: // then just add the role name attribute.
0204: attrs = new BasicAttributes();
0205: attrs.put(new BasicAttribute("turbineRoleName",
0206: roleName));
0207: ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE,
0208: attrs);
0209: }
0210:
0211: } catch (NamingException ex) {
0212: throw new DataBackendException("NamingException caught", ex);
0213: } finally {
0214: unlockExclusive();
0215: }
0216: }
0217:
0218: /**
0219: * Revoke a Role in a Group from an User.
0220: *
0221: * @param user the user.
0222: * @param group the group.
0223: * @param role the role.
0224: * @throws DataBackendException if there was an error accessing the backend.
0225: * @throws UnknownEntityException if user account, group or role is
0226: * not present.
0227: */
0228: public synchronized void revoke(User user, Group group, Role role)
0229: throws DataBackendException, UnknownEntityException {
0230: try {
0231: lockExclusive();
0232:
0233: String userName = user.getName();
0234: String roleName = role.getName();
0235: String groupName = group.getName();
0236:
0237: if (!accountExists(user)) {
0238: throw new UnknownEntityException("User '" + userName
0239: + "' does not exist");
0240: }
0241:
0242: if (!checkExists(role)) {
0243: throw new UnknownEntityException("Role '" + roleName
0244: + "' does not exist");
0245: }
0246:
0247: if (!checkExists(group)) {
0248: throw new UnknownEntityException("Group '" + groupName
0249: + "' does not exist");
0250: }
0251:
0252: // Make the distinguished name.
0253: String dn = "turbineGroupName=" + groupName + ","
0254: + LDAPSecurityConstants.getNameAttribute() + "="
0255: + userName + ","
0256: + LDAPSecurityConstants.getBaseSearch();
0257:
0258: // Make the attributes.
0259: Attributes attrs = new BasicAttributes();
0260:
0261: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0262:
0263: // Connect to LDAP.
0264: DirContext ctx = LDAPUserManager.bindAsAdmin();
0265:
0266: // Remove the role.
0267: ctx
0268: .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0269: attrs);
0270:
0271: } catch (NamingException ex) {
0272: throw new DataBackendException("NamingException caught", ex);
0273: } finally {
0274: unlockExclusive();
0275: }
0276: }
0277:
0278: /**
0279: * Grants a Role a Permission
0280: *
0281: * @param role the Role.
0282: * @param permission the Permission.
0283: * @throws DataBackendException if there was an error accessing the backend.
0284: * @throws UnknownEntityException if role or permission is not present.
0285: */
0286: public synchronized void grant(Role role, Permission permission)
0287: throws DataBackendException, UnknownEntityException {
0288: try {
0289: lockExclusive();
0290:
0291: String roleName = role.getName();
0292: String permName = permission.getName();
0293:
0294: if (!checkExists(role)) {
0295: throw new UnknownEntityException("Role '" + roleName
0296: + "' does not exist");
0297: }
0298:
0299: if (!checkExists(permission)) {
0300: throw new UnknownEntityException("Permission '"
0301: + permName + "' does not exist");
0302: }
0303:
0304: // Make the distinguished name.
0305: String dn = "turbineRoleName=" + roleName + ","
0306: + LDAPSecurityConstants.getBaseSearch();
0307:
0308: // Make the attributes.
0309: Attributes attrs = new BasicAttributes();
0310:
0311: attrs.put(new BasicAttribute("turbinePermissionName",
0312: permName));
0313:
0314: // Connect to LDAP.
0315: DirContext ctx = LDAPUserManager.bindAsAdmin();
0316:
0317: // Add the permission.
0318: ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
0319:
0320: } catch (NamingException ex) {
0321: throw new DataBackendException("NamingException caught", ex);
0322: } finally {
0323: unlockExclusive();
0324: }
0325: }
0326:
0327: /**
0328: * Revokes a Permission from a Role.
0329: *
0330: * @param role the Role.
0331: * @param permission the Permission.
0332: * @throws DataBackendException if there was an error accessing the backend.
0333: * @throws UnknownEntityException if role or permission is not present.
0334: */
0335: public synchronized void revoke(Role role, Permission permission)
0336: throws DataBackendException, UnknownEntityException {
0337: try {
0338: lockExclusive();
0339:
0340: String roleName = role.getName();
0341: String permName = permission.getName();
0342:
0343: if (!checkExists(role)) {
0344: throw new UnknownEntityException("Role '" + roleName
0345: + "' does not exist");
0346: }
0347:
0348: if (!checkExists(permission)) {
0349: throw new UnknownEntityException("Permission '"
0350: + permName + "' does not exist");
0351: }
0352:
0353: // Make the distinguished name.
0354: String dn = "turbineRoleName=" + roleName + ","
0355: + LDAPSecurityConstants.getBaseSearch();
0356:
0357: // Make the attributes.
0358: Attributes attrs = new BasicAttributes();
0359:
0360: attrs.put(new BasicAttribute("turbinePermissionName",
0361: permName));
0362:
0363: // Connect to LDAP.
0364: DirContext ctx = LDAPUserManager.bindAsAdmin();
0365:
0366: // Remove the permission.
0367: ctx
0368: .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0369: attrs);
0370:
0371: } catch (NamingException ex) {
0372: throw new DataBackendException("NamingException caught", ex);
0373: } finally {
0374: unlockExclusive();
0375: }
0376: }
0377:
0378: /*
0379: * -----------------------------------------------------------------------
0380: * G R O U P / R O L E / P E R M I S S I O N M A N A G E M E N T
0381: * -----------------------------------------------------------------------
0382: */
0383:
0384: /**
0385: * Retrieves a new Group. It creates
0386: * a new Group based on the Services Group implementation. It does not
0387: * create a new Group in the system though. Use addGroup for that.
0388: * <strong>Not implemented</strong>
0389: *
0390: * @param groupName The name of the Group to be retrieved.
0391: * @return a Group.
0392: */
0393: public Group getNewGroup(String groupName) {
0394: return (Group) new TurbineGroup(groupName);
0395: }
0396:
0397: /**
0398: * Retrieves a new Role. It creates
0399: * a new Role based on the Services Role implementation. It does not
0400: * create a new Role in the system though. Use addRole for that.
0401: * <strong>Not implemented</strong>
0402: *
0403: * @param roleName The name of the Group to be retrieved.
0404: * @return a Role.
0405: */
0406: public Role getNewRole(String roleName) {
0407: return (Role) new TurbineRole(roleName);
0408: }
0409:
0410: /**
0411: * Retrieves a new Permission. It creates
0412: * a new Permission based on the Services Permission implementation. It
0413: * does not create a new Permission in the system though. Use create for
0414: * that.
0415: * <strong>Not implemented</strong>
0416: *
0417: * @param permissionName The name of the Permission to be retrieved.
0418: * @return a Permission
0419: */
0420: public Permission getNewPermission(String permissionName) {
0421: return (Permission) new TurbinePermission(permissionName);
0422: }
0423:
0424: /**
0425: * Retrieve a set of Groups that meet the specified Criteria.
0426: *
0427: * @param criteria Criteria of Group selection.
0428: * @return a set of Groups that meet the specified Criteria.
0429: * @throws DataBackendException if there is problem with the Backend.
0430: */
0431: public GroupSet getGroups(Criteria criteria)
0432: throws DataBackendException {
0433: Vector groups = new Vector();
0434:
0435: try {
0436: DirContext ctx = LDAPUserManager.bindAsAdmin();
0437:
0438: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0439: String filter = "(objectclass=turbineGroup)";
0440:
0441: /*
0442: * Create the default search controls.
0443: */
0444: SearchControls ctls = new SearchControls();
0445:
0446: NamingEnumeration answer = ctx.search(baseSearch, filter,
0447: ctls);
0448:
0449: while (answer.hasMore()) {
0450: SearchResult sr = (SearchResult) answer.next();
0451: Attributes attribs = sr.getAttributes();
0452: Attribute attr = attribs.get("turbineGroupName");
0453:
0454: if (attr != null && attr.get() != null) {
0455: Group group = getNewGroup(attr.get().toString());
0456:
0457: groups.add(group);
0458: }
0459: }
0460: } catch (NamingException ex) {
0461: throw new DataBackendException("NamingException caught", ex);
0462: }
0463: return new GroupSet(groups);
0464: }
0465:
0466: /** Get the Roles that a user belongs in a specific group.
0467: * @param user The user.
0468: * @param group The group
0469: * @throws DataBackendException if there is a problem with
0470: * the LDAP service.
0471: * @return a RoleSet.
0472: */
0473: private RoleSet getRoles(User user, Group group)
0474: throws DataBackendException {
0475: Vector roles = new Vector(0);
0476:
0477: try {
0478: DirContext ctx = LDAPUserManager.bindAsAdmin();
0479:
0480: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0481: String filter = "(& ";
0482:
0483: filter += "(objectclass=turbineUserGroup)";
0484: filter += "(turbineUserUniqueId=" + user.getName() + ")";
0485: filter += "(turbineGroupName=" + group.getName() + ")";
0486: filter += ")";
0487:
0488: /*
0489: * Create the default search controls.
0490: */
0491: SearchControls ctls = new SearchControls();
0492:
0493: ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
0494:
0495: NamingEnumeration answer = ctx.search(baseSearch, filter,
0496: ctls);
0497:
0498: while (answer.hasMore()) {
0499: SearchResult sr = (SearchResult) answer.next();
0500: Attributes attribs = sr.getAttributes();
0501: Attribute attr = attribs.get("turbineRoleName");
0502:
0503: if (attr != null) {
0504: NamingEnumeration values = attr.getAll();
0505:
0506: while (values.hasMore()) {
0507: Role role = getNewRole(values.next().toString());
0508:
0509: roles.add(role);
0510: }
0511: } else {
0512: log.error("Role doesn't have a name");
0513: }
0514: }
0515: } catch (NamingException ex) {
0516: throw new DataBackendException("NamingException caught:",
0517: ex);
0518: }
0519:
0520: return new RoleSet(roles);
0521: }
0522:
0523: /**
0524: * Retrieve a set of Roles that meet the specified Criteria.
0525: *
0526: * @param criteria Criteria of Roles selection.
0527: * @return a set of Roles that meet the specified Criteria.
0528: * @throws DataBackendException if there is a problem with the Backend.
0529: */
0530: public RoleSet getRoles(Criteria criteria)
0531: throws DataBackendException {
0532: Vector roles = new Vector(0);
0533:
0534: try {
0535: DirContext ctx = LDAPUserManager.bindAsAdmin();
0536:
0537: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0538: String filter = "(objectclass=turbineRole)";
0539:
0540: /*
0541: * Create the default search controls.
0542: */
0543: SearchControls ctls = new SearchControls();
0544:
0545: NamingEnumeration answer = ctx.search(baseSearch, filter,
0546: ctls);
0547:
0548: while (answer.hasMore()) {
0549: SearchResult sr = (SearchResult) answer.next();
0550: Attributes attribs = sr.getAttributes();
0551: Attribute attr = attribs.get("turbineRoleName");
0552:
0553: if (attr != null && attr.get() != null) {
0554: Role role = getNewRole(attr.get().toString());
0555:
0556: roles.add(role);
0557: } else {
0558: log.error("Role doesn't have a name");
0559: }
0560: }
0561: } catch (NamingException ex) {
0562: throw new DataBackendException("NamingException caught", ex);
0563: }
0564:
0565: return new RoleSet(roles);
0566: }
0567:
0568: /**
0569: * Retrieve a set of Permissions that meet the specified Criteria.
0570: *
0571: * @param criteria Criteria of Permissions selection.
0572: * @return a set of Permissions that meet the specified Criteria.
0573: * @throws DataBackendException if there is a problem with the Backend.
0574: */
0575: public PermissionSet getPermissions(Criteria criteria)
0576: throws DataBackendException {
0577: Vector permissions = new Vector();
0578:
0579: try {
0580: DirContext ctx = LDAPUserManager.bindAsAdmin();
0581:
0582: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0583: String filter = "(objectClass=turbinePermission)";
0584:
0585: /*
0586: * Create the default search controls.
0587: */
0588: SearchControls ctls = new SearchControls();
0589:
0590: NamingEnumeration answer = ctx.search(baseSearch, filter,
0591: ctls);
0592:
0593: while (answer.hasMore()) {
0594: SearchResult sr = (SearchResult) answer.next();
0595: Attributes attribs = sr.getAttributes();
0596: Attribute attr = attribs.get("turbinePermissionName");
0597:
0598: if (attr != null && attr.get() != null) {
0599: Permission perm = getNewPermission(attr.get()
0600: .toString());
0601:
0602: permissions.add(perm);
0603: } else {
0604: log.error("Permission doesn't have a name");
0605: }
0606: }
0607: } catch (NamingException ex) {
0608: throw new DataBackendException(
0609: "The LDAP server specified is unavailable", ex);
0610: }
0611: return new PermissionSet(permissions);
0612: }
0613:
0614: /**
0615: * Retrieves all permissions associated with a role.
0616: *
0617: * @param role the role name, for which the permissions are to be retrieved.
0618: * @throws DataBackendException if there was an error accessing the backend.
0619: * @throws UnknownEntityException if the role is not present.
0620: * @return a PermissionSet.
0621: */
0622: public PermissionSet getPermissions(Role role)
0623: throws DataBackendException, UnknownEntityException {
0624: Hashtable permissions = new Hashtable();
0625:
0626: try {
0627: DirContext ctx = LDAPUserManager.bindAsAdmin();
0628:
0629: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0630: String filter = "(& ";
0631:
0632: filter += "(objectClass=turbineRole)";
0633: filter += "(turbineRoleName=" + role.getName() + ")";
0634: filter += ")";
0635:
0636: /*
0637: * Create the default search controls.
0638: */
0639: SearchControls ctls = new SearchControls();
0640:
0641: NamingEnumeration answer = ctx.search(baseSearch, filter,
0642: ctls);
0643:
0644: while (answer.hasMore()) {
0645: SearchResult sr = (SearchResult) answer.next();
0646: Attributes attribs = sr.getAttributes();
0647: Attribute attr = attribs.get("turbinePermissionName");
0648:
0649: if (attr != null) {
0650: NamingEnumeration values = attr.getAll();
0651:
0652: while (values.hasMore()) {
0653: String permName = values.next().toString();
0654: Permission perm = getNewPermission(permName);
0655:
0656: permissions.put(perm.getName(), perm);
0657: }
0658: }
0659: }
0660: } catch (NamingException ex) {
0661: throw new DataBackendException(
0662: "The LDAP server specified is unavailable", ex);
0663: }
0664: return new PermissionSet(permissions.values());
0665: }
0666:
0667: /**
0668: * Stores Group's attributes. The Groups is required to exist in the system.
0669: *
0670: * @param group The Group to be stored.
0671: * @throws DataBackendException if there was an error accessing the backend.
0672: * @throws UnknownEntityException if the group does not exist.
0673: */
0674: public void saveGroup(Group group) throws DataBackendException,
0675: UnknownEntityException {
0676: // Not implemented yet.
0677: }
0678:
0679: /**
0680: * Stores Role's attributes. The Roles is required to exist in the system.
0681: *
0682: * @param role The Role to be stored.
0683: * @throws DataBackendException if there was an error accessing the backend.
0684: * @throws UnknownEntityException if the role does not exist.
0685: */
0686: public void saveRole(Role role) throws DataBackendException,
0687: UnknownEntityException {
0688: // Not implemented yet.
0689: }
0690:
0691: /**
0692: * Stores Permission's attributes. The Permissions is required to exist in
0693: * the system.
0694: *
0695: * @param permission The Permission to be stored.
0696: * @throws DataBackendException if there was an error accessing the backend.
0697: * @throws UnknownEntityException if the permission does not exist.
0698: */
0699: public void savePermission(Permission permission)
0700: throws DataBackendException, UnknownEntityException {
0701: // Not implemented yet.
0702: }
0703:
0704: /**
0705: * Creates a new group with specified attributes.
0706: * <strong>Not implemented</strong>
0707: *
0708: * @param group the object describing the group to be created.
0709: * @return a new Group object that has id set up properly.
0710: * @throws DataBackendException if there was an error accessing the backend.
0711: * @throws EntityExistsException if the group already exists.
0712: */
0713: public synchronized Group addGroup(Group group)
0714: throws DataBackendException, EntityExistsException {
0715: try {
0716: lockExclusive();
0717:
0718: String groupName = group.getName();
0719:
0720: if (checkExists(group)) {
0721: throw new EntityExistsException("Group '" + groupName
0722: + "' already exists");
0723: }
0724:
0725: // Make the distinguished name.
0726: String dn = "turbineGroupName=" + groupName + ","
0727: + LDAPSecurityConstants.getBaseSearch();
0728:
0729: // Make the attributes.
0730: Attributes attrs = new BasicAttributes();
0731:
0732: attrs
0733: .put(new BasicAttribute("objectClass",
0734: "turbineGroup"));
0735: attrs
0736: .put(new BasicAttribute("turbineGroupName",
0737: groupName));
0738:
0739: // Connect to LDAP.
0740: DirContext ctx = LDAPUserManager.bindAsAdmin();
0741:
0742: // Add the group in LDAP.
0743: ctx.bind(dn, null, attrs);
0744:
0745: // Add the group to system-wide cache.
0746: getAllGroups().add(group);
0747:
0748: return group;
0749: } catch (NamingException ex) {
0750: throw new DataBackendException("NamingException caught", ex);
0751: } finally {
0752: unlockExclusive();
0753: }
0754: }
0755:
0756: /**
0757: * Creates a new role with specified attributes.
0758: *
0759: * @param role the object describing the role to be created.
0760: * @return a new Role object that has id set up properly.
0761: * @throws DataBackendException if there was an error accessing the backend.
0762: * @throws EntityExistsException if the role already exists.
0763: */
0764: public synchronized Role addRole(Role role)
0765: throws DataBackendException, EntityExistsException {
0766: try {
0767: lockExclusive();
0768:
0769: String roleName = role.getName();
0770:
0771: if (checkExists(role)) {
0772: throw new EntityExistsException("Role '" + roleName
0773: + "' already exists");
0774: }
0775:
0776: // Make the distinguished name.
0777: String dn = "turbineRoleName=" + roleName + ","
0778: + LDAPSecurityConstants.getBaseSearch();
0779:
0780: // Make the attributes.
0781: Attributes attrs = new BasicAttributes();
0782:
0783: attrs.put(new BasicAttribute("objectClass", "turbineRole"));
0784: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0785:
0786: // Connect to LDAP.
0787: DirContext ctx = LDAPUserManager.bindAsAdmin();
0788:
0789: // Add the role in LDAP.
0790: ctx.bind(dn, null, attrs);
0791:
0792: // Add the role to system-wide cache.
0793: getAllRoles().add(role);
0794:
0795: return role;
0796: } catch (NamingException ex) {
0797: throw new DataBackendException("NamingException caught", ex);
0798: } finally {
0799: unlockExclusive();
0800: }
0801: }
0802:
0803: /**
0804: * Creates a new permission with specified attributes.
0805: * <strong>Not implemented</strong>
0806: *
0807: * @param permission the object describing the permission to be created.
0808: * @return a new Permission object that has id set up properly.
0809: * @throws DataBackendException if there was an error accessing the backend.
0810: * @throws EntityExistsException if the permission already exists.
0811: */
0812: public synchronized Permission addPermission(Permission permission)
0813: throws DataBackendException, EntityExistsException {
0814: try {
0815: lockExclusive();
0816:
0817: String permName = permission.getName();
0818:
0819: if (checkExists(permission)) {
0820: throw new EntityExistsException("Permission '"
0821: + permName + "' already exists");
0822: }
0823:
0824: // Make the distinguished name.
0825: String dn = "turbinePermissionName=" + permName + ","
0826: + LDAPSecurityConstants.getBaseSearch();
0827:
0828: // Make the attributes.
0829: Attributes attrs = new BasicAttributes();
0830:
0831: attrs.put(new BasicAttribute("objectClass",
0832: "turbinePermission"));
0833: attrs.put(new BasicAttribute("turbinePermissionName",
0834: permName));
0835:
0836: DirContext ctx = LDAPUserManager.bindAsAdmin();
0837:
0838: // Add the permission in LDAP.
0839: ctx.bind(dn, null, attrs);
0840:
0841: // add the permission to system-wide cache
0842: getAllPermissions().add(permission);
0843:
0844: return permission;
0845: } catch (NamingException ex) {
0846: throw new DataBackendException("NamingException caught", ex);
0847: } finally {
0848: unlockExclusive();
0849: }
0850: }
0851:
0852: /**
0853: * Removes a Group from the system.
0854: *
0855: * @param group object describing group to be removed.
0856: * @throws DataBackendException if there was an error accessing the backend.
0857: * @throws UnknownEntityException if the group does not exist.
0858: */
0859: public synchronized void removeGroup(Group group)
0860: throws DataBackendException, UnknownEntityException {
0861: try {
0862: lockExclusive();
0863:
0864: String groupName = group.getName();
0865:
0866: if (!checkExists(group)) {
0867: throw new UnknownEntityException("Group '" + groupName
0868: + "' does not exist");
0869: }
0870:
0871: // Make the distinguished name.
0872: String dn = "turbineGroupName=" + groupName + ","
0873: + LDAPSecurityConstants.getBaseSearch();
0874:
0875: DirContext ctx = LDAPUserManager.bindAsAdmin();
0876:
0877: // Remove the group from LDAP.
0878: ctx.unbind(dn);
0879:
0880: // Remove the group from system-wide cache.
0881: getAllGroups().remove(group);
0882: } catch (NamingException ex) {
0883: throw new DataBackendException("NamingException caught", ex);
0884: } finally {
0885: unlockExclusive();
0886: }
0887: }
0888:
0889: /**
0890: * Removes a Role from the system.
0891: *
0892: * @param role object describing role to be removed.
0893: * @throws DataBackendException if there was an error accessing the backend.
0894: * @throws UnknownEntityException if the role does not exist.
0895: */
0896: public synchronized void removeRole(Role role)
0897: throws DataBackendException, UnknownEntityException {
0898: try {
0899: lockExclusive();
0900:
0901: String roleName = role.getName();
0902:
0903: if (!checkExists(role)) {
0904: throw new UnknownEntityException("Role '" + roleName
0905: + "' does not exist");
0906: }
0907:
0908: // Make the distinguished name.
0909: String dn = "turbineRoleName=" + roleName + ","
0910: + LDAPSecurityConstants.getBaseSearch();
0911:
0912: DirContext ctx = LDAPUserManager.bindAsAdmin();
0913:
0914: // Remove the role from LDAP.
0915: ctx.unbind(dn);
0916:
0917: // Remove the role from system-wide cache.
0918: getAllRoles().remove(role);
0919: } catch (NamingException ex) {
0920: throw new DataBackendException("NamingException caught", ex);
0921: } finally {
0922: unlockExclusive();
0923: }
0924: }
0925:
0926: /**
0927: * Removes a Permission from the system.
0928: *
0929: * @param permission object describing permission to be removed.
0930: * @throws DataBackendException if there was an error accessing the backend.
0931: * @throws UnknownEntityException if the permission does not exist.
0932: */
0933: public synchronized void removePermission(Permission permission)
0934: throws DataBackendException, UnknownEntityException {
0935: try {
0936: lockExclusive();
0937:
0938: String permName = permission.getName();
0939:
0940: if (!checkExists(permission)) {
0941: throw new UnknownEntityException("Permission '"
0942: + permName + "' does not exist");
0943: }
0944:
0945: // Make the distinguished name.
0946: String dn = "turbinePermissionName=" + permName + ","
0947: + LDAPSecurityConstants.getBaseSearch();
0948:
0949: DirContext ctx = LDAPUserManager.bindAsAdmin();
0950:
0951: // Remove the permission in LDAP.
0952: ctx.unbind(dn);
0953:
0954: // Remove the permission from system-wide cache.
0955: getAllPermissions().remove(permission);
0956: } catch (NamingException ex) {
0957: throw new DataBackendException("NamingException caught", ex);
0958: } finally {
0959: unlockExclusive();
0960: }
0961: }
0962:
0963: /**
0964: * Renames an existing Group.
0965: *
0966: * @param group object describing the group to be renamed.
0967: * @param name the new name for the group.
0968: * @throws DataBackendException if there was an error accessing the backend.
0969: * @throws UnknownEntityException if the group does not exist.
0970: */
0971: public synchronized void renameGroup(Group group, String name)
0972: throws DataBackendException, UnknownEntityException {
0973: // Not implemented yet.
0974: }
0975:
0976: /**
0977: * Renames an existing Role.
0978: *
0979: * @param role object describing the role to be renamed.
0980: * @param name the new name for the role.
0981: * @throws DataBackendException if there was an error accessing the backend.
0982: * @throws UnknownEntityException if the role does not exist.
0983: */
0984: public synchronized void renameRole(Role role, String name)
0985: throws DataBackendException, UnknownEntityException {
0986: // Not implemented yet.
0987: }
0988:
0989: /**
0990: * Renames an existing Permission.
0991: *
0992: * @param permission object describing the permission to be renamed.
0993: * @param name the new name for the permission.
0994: * @throws DataBackendException if there was an error accessing the backend.
0995: * @throws UnknownEntityException if the permission does not exist.
0996: */
0997: public synchronized void renamePermission(Permission permission,
0998: String name) throws DataBackendException,
0999: UnknownEntityException {
1000: // Not implemented yet.
1001: }
1002:
1003: /**
1004: * Revoke all the roles to a user
1005: * @param user the user.
1006: * @throws DataBackendException if there is an error with the data backend.
1007: * @throws UnkownEntityException if the role or a permission is not found.
1008: */
1009: public void revokeAll(User user) throws DataBackendException,
1010: UnknownEntityException {
1011: Iterator groupsIterator = getAllGroups().iterator();
1012: while (groupsIterator.hasNext()) {
1013: Group group = (Group) groupsIterator.next();
1014: Iterator rolesIterator = getRoles(user, group).iterator();
1015: while (rolesIterator.hasNext()) {
1016: Role role = (Role) rolesIterator.next();
1017: revoke(user, group, role);
1018: }
1019: }
1020: }
1021:
1022: /**
1023: * Revoke all the permissions to a role.
1024: * @param role the role.
1025: * @throws DataBackendException if there is an error with the data backend.
1026: * @throws UnkownEntityException if the role or a permission is not found.
1027: */
1028: public void revokeAll(Role role) throws DataBackendException,
1029: UnknownEntityException {
1030: PermissionSet permissions = getPermissions(role);
1031: Iterator permIterator = permissions.iterator();
1032: while (permIterator.hasNext()) {
1033: Permission perm = (Permission) permIterator.next();
1034: revoke(role, perm);
1035: }
1036: }
1037:
1038: /**
1039: * Revoke all the roles to a group.
1040: * @param group the group.
1041: * @throws DataBackendException if there is an error with the data backend.
1042: * @throws UnkownEntityException if the role or a permission is not found.
1043: */
1044: public void revokeAll(Group group) throws DataBackendException,
1045: UnknownEntityException {
1046: for (Iterator it = getUserList(new Criteria()).iterator(); it
1047: .hasNext();) {
1048: User user = (User) it.next();
1049: for (Iterator rolesIterator = getRoles(user, group)
1050: .iterator(); rolesIterator.hasNext();) {
1051: Role role = (Role) rolesIterator.next();
1052: revoke(user, group, role);
1053: }
1054: }
1055: }
1056:
1057: /**
1058: * Determines if the <code>Role</code> exists in the security system.
1059: *
1060: * @param role a <code>Role</code> value
1061: * @return true if the role exists in the system, false otherwise
1062: * @throws DataBackendException if there is an error with LDAP
1063: */
1064: public boolean checkExists(Role role) throws DataBackendException {
1065: RoleSet roleSet = getRoles(new Criteria());
1066:
1067: return roleSet.contains(role);
1068: }
1069:
1070: /**
1071: * Determines if the <code>Group</code> exists in the security system.
1072: *
1073: * @param group a <code>Group</code> value
1074: * @return true if the group exists in the system, false otherwise
1075: * @throws DataBackendException if there is an error with LDAP
1076: */
1077: public boolean checkExists(Group group) throws DataBackendException {
1078: GroupSet groupSet = getGroups(new Criteria());
1079:
1080: return groupSet.contains(group);
1081: }
1082:
1083: /**
1084: * Determines if the <code>Permission</code> exists in the security system.
1085: *
1086: * @param permission a <code>Permission</code> value
1087: * @return true if the permission exists in the system, false otherwise
1088: * @throws DataBackendException if there is an error with LDAP
1089: */
1090: public boolean checkExists(Permission permission)
1091: throws DataBackendException {
1092: PermissionSet permissionSet = getPermissions(new Criteria());
1093:
1094: return permissionSet.contains(permission);
1095: }
1096: }
|