You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 19:48:20 UTC
[05/16] Remove the unboundid daos classes and lib,
move the apache dao's into rbac package and make its classes and
methods package private.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AdminRoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AdminRoleDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AdminRoleDAO.java
deleted file mode 100755
index db33695..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AdminRoleDAO.java
+++ /dev/null
@@ -1,656 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac.dao.unboundid;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.directory.fortress.core.CreateException;
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.ObjectFactory;
-import org.apache.directory.fortress.core.RemoveException;
-import org.apache.directory.fortress.core.UpdateException;
-import org.apache.directory.fortress.core.ldap.UnboundIdDataProvider;
-import org.apache.directory.fortress.core.rbac.AdminRole;
-import org.apache.directory.fortress.core.rbac.AdminRoleP;
-import org.apache.directory.fortress.core.rbac.AdminRoleUtil;
-import org.apache.directory.fortress.core.rbac.Graphable;
-import org.apache.directory.fortress.core.rbac.Role;
-import org.apache.directory.fortress.core.util.attr.VUtil;
-import org.apache.directory.fortress.core.util.time.CUtil;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttribute;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
-
-
-/**
- * The AdminRoleDAO is called by {@link AdminRoleP} and processes data via its entity {@link AdminRole}.
- * <p/>
- * The Fortress AdminRoleDAO uses the following other Fortress structural and aux object classes:
- * <h4>1. ftRls Structural objectclass is used to store the AdminRole information like name, and temporal constraints</h4>
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.2.1</code>
- * <li> <code>NAME 'ftRls'</code>
- * <li> <code>DESC 'Fortress Role Object Class'</code>
- * <li> <code>SUP organizationalrole</code>
- * <li> <code>STRUCTURAL</code>
- * <li> <code>MUST ( ftId $ ftRoleName )</code>
- * <li> <code>MAY ( description $ ftCstr ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <h4>2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity</h4>
- * <code># This aux object class can be used to store custom attributes.</code><br />
- * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br />
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.2</code>
- * <li> <code>NAME 'ftProperties'</code>
- * <li> <code>DESC 'Fortress Properties AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY ( ftProps ) ) </code>
- * <li> ------------------------------------------
- * </ul>
- * <h4>3. ftPools Auxiliary object class store the ARBAC Perm and User OU assignments on AdminRole entity</h4>
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.3</code>
- * <li> <code>NAME 'ftPools'</code>
- * <li> <code>DESC 'Fortress Pools AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY ( ftOSU $ ftOSP ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <h4>4. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity</h4>
- * <ul>
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.4</code>
- * <li> <code>NAME 'ftMods'</code>
- * <li> <code>DESC 'Fortress Modifiers AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY (</code>
- * <li> <code>ftModifier $</code>
- * <li> <code>ftModCode $</code>
- * <li> <code>ftModId ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <p/>
- * This class is thread safe.
- *
- * @author Shawn McKinney
- */
-public final class AdminRoleDAO extends UnboundIdDataProvider implements org.apache.directory.fortress.core.rbac.dao.AdminRoleDAO
-{
- private static final String ROLE_OCCUPANT = "roleOccupant";
- private static final String ROLE_OSP = "ftOSP";
- private static final String ROLE_OSU = "ftOSU";
- private static final String ROLE_RANGE = "ftRange";
- private static final String POOLS_AUX_OBJECT_CLASS_NAME = "ftPools";
- private static final String ADMIN_ROLE_OBJ_CLASS[] =
- {
- GlobalIds.TOP,
- GlobalIds.ROLE_OBJECT_CLASS_NM,
- GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME,
- POOLS_AUX_OBJECT_CLASS_NAME,
- GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
- };
- private static final String ROLE_NM = "ftRoleName";
- private static final String[] ROLE_NM_ATR =
- {
- ROLE_NM
- };
-
- private static final String[] ROLE_ATRS =
- {
- GlobalIds.FT_IID,
- ROLE_NM,
- GlobalIds.DESC,
- GlobalIds.CONSTRAINT,
- ROLE_OCCUPANT,
- ROLE_OSP,
- ROLE_OSU,
- ROLE_RANGE,
- GlobalIds.PARENT_NODES
- };
-
-
- /**
- * Create a new AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}.
- * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
- *
- * @param entity record contains AdminRole data. Null attributes will be ignored.
- * @return input record back to client.
- * @throws org.apache.directory.fortress.core.CreateException in the event LDAP errors occur.
- */
- public final AdminRole create( AdminRole entity )
- throws CreateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS, ADMIN_ROLE_OBJ_CLASS ) );
- entity.setId();
- attrs.add( createAttribute( GlobalIds.FT_IID, entity.getId() ) );
- attrs.add( createAttribute( ROLE_NM, entity.getName() ) );
- // description field is optional on this object class:
- if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
- {
- attrs.add( createAttribute( GlobalIds.DESC, entity.getDescription() ) );
- }
- // CN attribute is required for this object class:
- attrs.add( createAttribute( GlobalIds.CN, entity.getName() ) );
- attrs.add( createAttribute( GlobalIds.CONSTRAINT, CUtil.setConstraint( entity ) ) );
- loadAttrs( entity.getOsP(), attrs, ROLE_OSP );
- loadAttrs( entity.getOsU(), attrs, ROLE_OSU );
- String szRaw = entity.getRoleRangeRaw();
- if ( VUtil.isNotNullOrEmpty( szRaw ) )
- {
- attrs.add( createAttribute( ROLE_RANGE, szRaw ) );
- }
- // These multi-valued attributes are optional. The utility function will return quietly if no items are loaded into collection:
- loadAttrs( entity.getParents(), attrs, GlobalIds.PARENT_NODES );
-
- LDAPEntry myEntry = new LDAPEntry( dn, attrs );
- ld = getAdminConnection();
- add( ld, myEntry, entity );
- }
- catch ( LDAPException e )
- {
- String error = "create role [" + entity.getName() + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new CreateException( GlobalErrIds.ARLE_ADD_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * Update existing AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}.
- * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
- *
- * @param entity record contains AdminRole data. Null attributes will be ignored.
- * @return input record back to client.
- * @throws UpdateException in the event LDAP errors occur.
- */
- public final AdminRole update( AdminRole entity )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
- {
- LDAPAttribute desc = new LDAPAttribute( GlobalIds.DESC, entity.getDescription() );
- mods.add( LDAPModification.REPLACE, desc );
- }
- if ( VUtil.isNotNullOrEmpty( entity.getOccupants() ) )
- {
- for ( String name : entity.getOccupants() )
- {
- LDAPAttribute occupant = new LDAPAttribute( ROLE_OCCUPANT, name );
- mods.add( LDAPModification.REPLACE, occupant );
- }
- }
- if ( entity.isTemporalSet() )
- {
- String szRawData = CUtil.setConstraint( entity );
- if ( VUtil.isNotNullOrEmpty( szRawData ) )
- {
- LDAPAttribute constraint = new LDAPAttribute( GlobalIds.CONSTRAINT, szRawData );
- mods.add( LDAPModification.REPLACE, constraint );
- }
- }
- loadAttrs( entity.getOsU(), mods, ROLE_OSU );
- loadAttrs( entity.getOsP(), mods, ROLE_OSP );
- String szRaw = entity.getRoleRangeRaw();
- if ( VUtil.isNotNullOrEmpty( szRaw ) )
- {
- LDAPAttribute raw = new LDAPAttribute( ROLE_RANGE, szRaw );
- mods.add( LDAPModification.REPLACE, raw );
- }
- loadAttrs( entity.getParents(), mods, GlobalIds.PARENT_NODES );
- if ( mods.size() > 0 )
- {
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- }
- catch ( LDAPException e )
- {
- String error = "update name [" + entity.getName() + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new UpdateException( GlobalErrIds.ARLE_UPDATE_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- *
- * @param entity
- * @throws UpdateException
- */
- public final void deleteParent( AdminRole entity )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute occupant = new LDAPAttribute( GlobalIds.PARENT_NODES );
- mods.add( LDAPModification.DELETE, occupant );
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- catch ( LDAPException e )
- {
- String error = "deleteParent name [" + entity.getName() + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new UpdateException( GlobalErrIds.ARLE_REMOVE_PARENT_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- }
-
-
- /**
- * This method will add the supplied DN as a role occupant to the target record.
- * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
- *
- * @param entity record contains {@link AdminRole#name}. Null attributes will be ignored.
- * @param userDn contains the DN for userId who is being assigned.
- * @return input record back to client.
- * @throws UpdateException in the event LDAP errors occur.
- */
- public final AdminRole assign( AdminRole entity, String userDn )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute occupant = new LDAPAttribute( ROLE_OCCUPANT, userDn );
- mods.add( LDAPModification.ADD, occupant );
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- catch ( LDAPException e )
- {
- String error = "assign role name [" + entity.getName() + "] user dn [" + userDn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
- throw new UpdateException( GlobalErrIds.ARLE_USER_ASSIGN_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * This method will remove the supplied DN as a role occupant to the target record.
- * This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
- *
- * @param entity record contains {@link AdminRole#name}. Null attributes will be ignored.
- * @param userDn contains the DN for userId who is being deassigned.
- * @return input record back to client.
- * @throws UpdateException in the event LDAP errors occur.
- */
- public final AdminRole deassign( AdminRole entity, String userDn )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute occupant = new LDAPAttribute( ROLE_OCCUPANT, userDn );
- mods.add( LDAPModification.DELETE, occupant );
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- catch ( LDAPException e )
- {
- String error = "deassign role name [" + entity.getName() + "] user dn [" + userDn
- + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage();
- throw new UpdateException( GlobalErrIds.ARLE_USER_DEASSIGN_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * This method will completely remove the AdminRole from the directory. It will use {@link AdminRole#name} as key.
- * This operation is performed on the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
- *
- * @param role record contains {@link AdminRole#name}.
- * @throws RemoveException in the event LDAP errors occur.
- */
- public final void remove( AdminRole role )
- throws RemoveException
- {
- LDAPConnection ld = null;
- String dn = getDn( role );
- try
- {
- ld = getAdminConnection();
- delete( ld, dn, role );
- }
- catch ( LDAPException e )
- {
- String error = "remove role name=" + role.getName() + " LDAPException=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new RemoveException( GlobalErrIds.ARLE_DELETE_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- }
-
-
- /**
- * This method will retrieve the AdminRole from {@link GlobalIds#ADMIN_ROLE_ROOT} container by name.
- *
- * @param adminRole maps to {@link AdminRole#name}.
- * @return AdminRole back to client.
- * @throws FinderException in the event LDAP errors occur.
- */
- public final AdminRole getRole( AdminRole adminRole )
- throws FinderException
- {
- AdminRole entity = null;
- LDAPConnection ld = null;
- String dn = getDn( adminRole );
- try
- {
- ld = getAdminConnection();
- LDAPEntry findEntry = read( ld, dn, ROLE_ATRS );
- entity = unloadLdapEntry( findEntry, 0, adminRole.getContextId() );
- if ( entity == null )
- {
- String warning = "getRole name [" + adminRole.getName() + "] no entry found dn [" + dn + "]";
- throw new FinderException( GlobalErrIds.ARLE_NOT_FOUND, warning );
- }
- }
- catch ( LDAPException e )
- {
- if ( e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT )
- {
- String warning = "getRole name [" + adminRole.getName() + "] Obj COULD NOT FIND ENTRY for dn [" + dn
- + "]";
- throw new FinderException( GlobalErrIds.ARLE_NOT_FOUND, warning );
- }
- String error = "getRole dn [" + dn + "] LEXCD=" + e.getLDAPResultCode() + " LEXMSG=" + e;
- throw new FinderException( GlobalErrIds.ARLE_READ_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * @param adminRole
- * @return
- * @throws FinderException
- *
- */
- public final List<AdminRole> findRoles( AdminRole adminRole )
- throws FinderException
- {
- List<AdminRole> roleList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String roleRoot = getRootDn( adminRole.getContextId(), GlobalIds.ADMIN_ROLE_ROOT );
- String filter;
- try
- {
- String searchVal = encodeSafeText( adminRole.getName(), GlobalIds.ROLE_LEN );
- filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")("
- + ROLE_NM + "=" + searchVal + "*))";
- ld = getAdminConnection();
- searchResults = search( ld, roleRoot,
- LDAPConnection.SCOPE_ONE, filter, ROLE_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- roleList.add( unloadLdapEntry( searchResults.next(), sequence++, adminRole.getContextId() ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "findRoles name [" + adminRole.getName() + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return roleList;
- }
-
-
- /**
- * @param adminRole
- * @param limit
- * @return
- * @throws FinderException
- *
- */
- public final List<String> findRoles( AdminRole adminRole, int limit )
- throws FinderException
- {
- List<String> roleList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String roleRoot = getRootDn( adminRole.getContextId(), GlobalIds.ADMIN_ROLE_ROOT );
- String filter;
- String searchVal = null;
- try
- {
- searchVal = encodeSafeText( adminRole.getName(), GlobalIds.ROLE_LEN );
- filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")("
- + ROLE_NM + "=" + searchVal + "*))";
- ld = getAdminConnection();
- searchResults = search( ld, roleRoot,
- LDAPConnection.SCOPE_ONE, filter, ROLE_NM_ATR, false, GlobalIds.BATCH_SIZE, limit );
- while ( searchResults.hasMoreElements() )
- {
- LDAPEntry entry = searchResults.next();
- roleList.add( getAttribute( entry, ROLE_NM ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "findRoles name [" + searchVal + "] caught LDAPException=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return roleList;
- }
-
-
- /**
- * @param userDn
- * @return
- * @throws FinderException
- */
- public final List<String> findAssignedRoles( String userDn, String contextId )
- throws FinderException
- {
- List<String> roleNameList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String roleRoot = getRootDn( contextId, GlobalIds.ADMIN_ROLE_ROOT );
- try
- {
- String filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")";
- filter += "(" + ROLE_OCCUPANT + "=" + userDn + "))";
- ld = getAdminConnection();
- searchResults = search( ld, roleRoot,
- LDAPConnection.SCOPE_ONE, filter, ROLE_NM_ATR, false, GlobalIds.BATCH_SIZE );
- while ( searchResults.hasMoreElements() )
- {
- roleNameList.add( getAttribute( searchResults.next(), ROLE_NM ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "findAssignedRoles userDn [" + userDn + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new FinderException( GlobalErrIds.ARLE_OCCUPANT_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return roleNameList;
- }
-
-
- /**
- *
- * @param contextId
- * @return
- * @throws FinderException
- */
- public final List<Graphable> getAllDescendants( String contextId )
- throws FinderException
- {
- String[] DESC_ATRS =
- { ROLE_NM, GlobalIds.PARENT_NODES };
- List<Graphable> descendants = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String roleRoot = getRootDn( contextId, GlobalIds.ADMIN_ROLE_ROOT );
- String filter = null;
- try
- {
- filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")("
- + GlobalIds.PARENT_NODES + "=*))";
- ld = getAdminConnection();
- searchResults = search( ld, roleRoot,
- LDAPConnection.SCOPE_ONE, filter, DESC_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- descendants.add( unloadDescendants( searchResults.next(), sequence++, contextId ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "getAllDescendants filter [" + filter + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return descendants;
- }
-
-
- /**
- *
- * @param le
- * @param sequence
- * @param contextId
- * @return
- * @throws LDAPException
- */
- private Graphable unloadDescendants( LDAPEntry le, long sequence, String contextId )
- {
- Role entity = new ObjectFactory().createRole();
- entity.setSequenceId( sequence );
- entity.setName( getAttribute( le, ROLE_NM ) );
- entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
- return entity;
- }
-
-
- /**
- * @param le
- * @return
- * @throws LDAPException
- */
- private AdminRole unloadLdapEntry( LDAPEntry le, long sequence, String contextId )
- {
- AdminRole entity = new ObjectFactory().createAdminRole();
- entity.setSequenceId( sequence );
- entity.setId( getAttribute( le, GlobalIds.FT_IID ) );
- entity.setName( getAttribute( le, ROLE_NM ) );
- entity.setDescription( getAttribute( le, GlobalIds.DESC ) );
- entity.setOccupants( getAttributes( le, ROLE_OCCUPANT ) );
- entity.setOsP( getAttributeSet( le, ROLE_OSP ) );
- entity.setOsU( getAttributeSet( le, ROLE_OSU ) );
- unloadTemporal( le, entity );
- entity.setRoleRangeRaw( getAttribute( le, ROLE_RANGE ) );
- //entity.setParents(AdminRoleUtil.getParents(entity.getName().toUpperCase(), contextId));
- entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
- entity.setChildren( AdminRoleUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
- return entity;
- }
-
-
- private String getDn( AdminRole adminRole )
- {
- return GlobalIds.CN + "=" + adminRole.getName() + ","
- + getRootDn( adminRole.getContextId(), GlobalIds.ADMIN_ROLE_ROOT );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AuditDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AuditDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AuditDAO.java
deleted file mode 100755
index ea7e16c..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/AuditDAO.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac.dao.unboundid;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.ObjectFactory;
-import org.apache.directory.fortress.core.cfg.Config;
-import org.apache.directory.fortress.core.ldap.UnboundIdDataProvider;
-import org.apache.directory.fortress.core.rbac.AuthZ;
-import org.apache.directory.fortress.core.rbac.Bind;
-import org.apache.directory.fortress.core.rbac.Mod;
-import org.apache.directory.fortress.core.rbac.UserAudit;
-import org.apache.directory.fortress.core.util.attr.AttrHelper;
-import org.apache.directory.fortress.core.util.attr.VUtil;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
-
-
-/**
- * This class performs data access for OpenLDAP synch repl log data
- * <p/>
- * <h3>1. Binds</h3>
- * <p/>
- * The auditBind Structural object class is used to store authentication events that can later be queried via ldap API.<br />
- * <code># The Bind class includes the reqVersion attribute which contains the LDAP</code>
- * <code># protocol version specified in the Bind as well as the reqMethod attribute</code>
- * <code># which contains the Bind Method used in the Bind. This will be the string</code>
- * <code># SIMPLE for LDAP Simple Binds or SASL(mech) for SASL Binds. Note that unless</code>
- * <code># configured as a global overlay, only Simple Binds using DNs that reside in</code>
- * <code># the current database will be logged:</code>
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind'</code>
- * <li> <code>DESC 'Bind operation'</code>
- * <li> <code>SUP auditObject STRUCTURAL</code>
- * <li> <code>MUST ( reqVersion $ reqMethod ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <h3>2. Authorizations</h3>
- * <code>For the Search class the reqScope attribute contains the scope of the</code><br />
- * <code>original search request, using the values specified for the LDAP URL</code><br />
- * <code>format. I.e. base, one, sub, or subord. The reqDerefAliases attribute</code><br />
- * <code>is one of never, finding, searching, or always, denoting how aliases</code><br />
- * <code>will be processed during the search. The reqAttrsOnly attribute is a</code><br />
- * <code>Boolean value showing TRUE if only attribute names were requested, or</code><br />
- * <code>FALSE if attributes and their values were requested. The reqFilter</code><br />
- * <code>attribute carries the filter used in the search request. The reqAttr</code><br />
- * <code>attribute lists the requested attributes if specific attributes were</code><br />
- * <code>requested. The reqEntries attribute is the integer count of how many</code><br />
- * <code>entries were returned by this search request. The reqSizeLimit and</code><br />
- * <code>reqTimeLimit attributes indicate what limits were requested on the</code><br />
- * <code>search operation.</code><br />
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.11</code>
- * <li> <code>NAME 'auditSearch'</code>
- * <li> <code>DESC 'Search operation'</code>
- * <li> <code>SUP auditReadObject STRUCTURAL</code>
- * <li> <code>MUST ( reqScope $ reqDerefAliases $ reqAttrsOnly )</code>
- * <li> <code>MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $</code>
- * <li> <code>reqTimeLimit ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <p/>
- * <p/>
- * <h3>3. Modifications</h3>
- * The auditModify Structural object class is used to store Fortress update and delete events that can later be queried via ldap API.<br />
- * The deletions can be recorded in this manner and associated with Fortress context because deletions will perform a modification first
- * if audit is enabled.
- * <p/>
- * <code>The Modify operation contains a description of modifications in the</code><br />
- * <code>reqMod attribute, which was already described above in the Add</code><br />
- * <code>operation. It may optionally contain the previous contents of any</code><br />
- * <code>modified attributes in the reqOld attribute, using the same format as</code><br />
- * <code>described above for the Delete operation. The reqOld attribute is only</code><br />
- * <code>populated if the entry being modified matches the configured logold</code><br />
- * <code>filter.</code><br />
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 1.3.6.1.4.1.4203.666.11.5.2.9</code>
- * <li> <code>NAME 'auditModify'</code>
- * <li> <code>DESC 'Modify operation'</code>
- * <li> <code>SUP auditWriteObject STRUCTURAL</code>
- * <li> <code>MAY reqOld MUST reqMod )</code>
- * <li> ------------------------------------------
- * </ul>
- * <p/>
- * Note this class used descriptions pulled from man pages on slapd access log.
- * <p/>
- * This class is thread safe.
- *
- * @author Shawn McKinney
- */
-public final class AuditDAO extends UnboundIdDataProvider implements org.apache.directory.fortress.core.rbac.dao.AuditDAO
-{
- private static final String CREATETIMESTAMP = "createTimestamp";
- private static final String CREATORSNAME = "creatorsName";
- private static final String ENTRYCSN = "entryCSN";
- private static final String ENTRYDN = "entryDN";
- private static final String ENTRYUUID = "entryUUID";
- private static final String HASSUBORDINATES = "hasSubordinates";
- private static final String MODIFIERSNAME = "modifiersName";
- private static final String MODIFYTIMESTAMP = "modifyTimestamp";
- private static final String OBJECTCLASS = "objectClass";
- private static final String REQUAUTHZID = "reqAuthzID";
- private static final String REQCONTROLS = "reqControls";
- private static final String REQDN = "reqDN";
- private static final String REQEND = "reqEnd";
- private static final String REQMETHOD = "reqMethod";
- private static final String REQRESULT = "reqResult";
- private static final String REQSESSION = "reqSession";
- private static final String REQSTART = "reqStart";
- private static final String REQTYPE = "reqType";
- private static final String REQVERSION = "reqVersion";
- private static final String REQMOD = "reqMod";
- private static final String STRUCTURALOBJECTCLASS = "structuralObjectClass";
- private static final String SUBSCHEMAENTRY = "subschemaSubentry";
- private static final String REQATTR = "reqAttr";
- private static final String REQATTRSONLY = "reqAttrsOnly";
- private static final String REQDREFALIASES = "reqDerefAliases";
- private static final String REQENTRIES = "reqEntries";
- private static final String REQFILTER = "reqFilter";
- private static final String REQSCOPE = "reqScope";
- private static final String REQSIZELIMIT = "reqSizeLimit";
- private static final String REQTIMELIMIT = "reqTimeLimit";
- private static final String REQASSERTION = "reqAssertion";
- private static final String ACCESS_BIND_CLASS_NM = "auditBind";
- //private static final String ACCESS_AUTHZ_CLASS_NM = "auditSearch";
- private static final String ACCESS_AUTHZ_CLASS_NM = "auditCompare";
- private static final String ACCESS_MOD_CLASS_NM = "auditModify";
- private static final String ACCESS_ADD_CLASS_NM = "auditAdd";
- private static final String AUDIT_ROOT = "audit.root";
-
- private static final String[] AUDIT_AUTHZ_ATRS =
- {
- CREATETIMESTAMP, CREATORSNAME, ENTRYCSN, ENTRYDN, ENTRYUUID, HASSUBORDINATES, MODIFIERSNAME,
- MODIFYTIMESTAMP, OBJECTCLASS, REQATTR, REQATTRSONLY, REQUAUTHZID, REQCONTROLS, REQDN, REQDREFALIASES,
- REQEND, REQENTRIES, REQFILTER, REQRESULT, REQSCOPE, REQSESSION, REQSIZELIMIT, REQSTART, REQTIMELIMIT,
- REQTYPE, REQASSERTION, STRUCTURALOBJECTCLASS, SUBSCHEMAENTRY
- };
-
- private static final String[] AUDIT_BIND_ATRS =
- {
- CREATETIMESTAMP, CREATORSNAME, ENTRYCSN, ENTRYDN, ENTRYUUID, HASSUBORDINATES, MODIFIERSNAME,
- MODIFYTIMESTAMP, OBJECTCLASS, REQUAUTHZID, REQCONTROLS, REQDN, REQEND, REQMETHOD, REQRESULT,
- REQSESSION, REQSTART, REQTYPE, REQVERSION, STRUCTURALOBJECTCLASS, SUBSCHEMAENTRY
- };
-
- private static final String[] AUDIT_MOD_ATRS =
- {
- OBJECTCLASS, REQUAUTHZID, REQDN, REQEND, REQRESULT, REQSESSION, REQSTART, REQTYPE, REQMOD
- };
-
-
- /**
- * This method returns failed authentications where the userid is not present in the directory. This
- * is possible because Fortress performs read on user before the bind.
- * User:
- * dn: reqStart=20101014235402.000000Z, cn=log
- * reqStart: 20101014235402.000000Z
- * reqEnd: 20101014235402.000001Z
- * reqAuthzID: cn=Manager,dc=jts,dc=com
- * reqDerefAliases: never
- * reqSession: 84
- * reqAttrsOnly: FALSE
- * reqSizeLimit: -1
- * objectClass: auditSearch
- * reqResult: 32
- * reqAttr: ftId
- * reqAttr: uid
- * reqAttr: userpassword
- * reqAttr: description
- * reqAttr: ou
- * reqAttr: cn
- * reqAttr: sn
- * reqAttr: ftRoleCstr
- * reqAttr: ftCstr
- * reqAttr: ftRoleAsgn
- * reqAttr: pwdReset
- * reqAttr: pwdAccountLockedTime
- * reqAttr: ftProps
- * reqEntries: 0
- * reqFilter: (|(objectClass=*)(?objectClass=ldapSubentry))
- * reqType: search
- * reqDN: uid=foo,ou=People,dc=jts,dc=com /cal/cal2.jsp
- * reqTimeLimit: -1
- * reqScope: base
- *
- * @param audit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<AuthZ> searchInvalidAuthNs( UserAudit audit )
- throws FinderException
- {
- List<AuthZ> auditList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
- String userRoot = Config.getProperty( GlobalIds.USER_ROOT );
- try
- {
- // use wildcard for user if not passed in:
- //reqDN: uid=foo,ou=People,dc=jts,dc=com
- //(&
- // (objectclass=auditSearch)
- // (reqDN=uid=*,ou=People,dc=jts,dc=com)
- // (reqAuthzID=cn=Manager,dc=jts,dc=com)
- // (reqEntries=0)
- // )
-
- String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
- String userId;
- if ( VUtil.isNotNullOrEmpty( audit.getUserId() ) )
- {
- userId = audit.getUserId();
- filter += REQDN + "=" + GlobalIds.UID + "=" + userId + "," + userRoot + ")(" +
- REQUAUTHZID + "=" + "cn=Manager," + Config.getProperty( GlobalIds.SUFFIX ) + ")";
- }
- else
- {
- // pull back all failed authN attempts for all users:
- filter += REQATTR + "=" + GlobalIds.UID + ")(" +
- REQUAUTHZID + "=" + "cn=Manager," + Config.getProperty( GlobalIds.SUFFIX ) + ")";
- }
-
- if ( audit.isFailedOnly() )
- {
- filter += "(" + REQENTRIES + "=" + 0 + ")";
- }
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- filter += ")";
-
- //log.warn("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- AuthZ authZ = getAuthzEntityFromLdapEntry( searchResults.next(), sequence++ );
- // todo: fix this workaround. This search will return failed role assign searches as well.
- // Work around is to remove the ou=People failed searches from user failed searches on authN.
- if ( !AttrHelper.getAuthZId( authZ.getReqDN() ).equalsIgnoreCase( "People" ) )
- auditList.add( authZ );
- }
- }
- catch ( LDAPException e )
- {
- String error = "LDAPException in AuditDAO.searchAuthZs id=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return auditList;
- }
-
-
- /**
- * @param audit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<AuthZ> searchAuthZs( UserAudit audit )
- throws FinderException
- {
- List<AuthZ> auditList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
- String permRoot = getRootDn( audit.isAdmin(), audit.getContextId() );
- String userRoot = getRootDn( audit.getContextId(), GlobalIds.USER_ROOT );
- try
- {
- String reqDn = PermDAO.getOpRdn( audit.getOpName(), audit.getObjId() ) + "," + GlobalIds.POBJ_NAME + "="
- + audit.getObjName() + "," + permRoot;
- String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(" + REQDN + "=" +
- reqDn + ")(" + REQUAUTHZID + "=" + GlobalIds.UID + "=" + audit.getUserId() + "," + userRoot + ")";
-/*
- todo: fixme (can't search on reqAssertion attribute):
- if ( audit.isFailedOnly() )
- {
- //filter += "(!(" + REQRESULT + "=" + 6 + "))";
- filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
- }
-*/
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- filter += ")";
-
- //System.out.println("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- auditList.add( getAuthzEntityFromLdapEntry( searchResults.next(), sequence++ ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "LDAPException in AuditDAO.searchAuthZs id=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return auditList;
- }
-
-
- private String getRootDn( boolean isAdmin, String contextId )
- {
- String dn;
- if ( isAdmin )
- {
- dn = getRootDn( contextId, GlobalIds.ADMIN_PERM_ROOT );
- }
- else
- {
- dn = getRootDn( contextId, GlobalIds.PERM_ROOT );
- }
- return dn;
- }
-
-
- /**
- * @param audit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<AuthZ> getAllAuthZs( UserAudit audit )
- throws FinderException
- {
- List<AuthZ> auditList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
- String userRoot = getRootDn( audit.getContextId(), GlobalIds.USER_ROOT );
-
- try
- {
- String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
- if (VUtil.isNotNullOrEmpty( audit.getUserId() ) )
- {
- filter += REQUAUTHZID + "=" + GlobalIds.UID + "=" + audit.getUserId() + "," + userRoot + ")";
- }
- else
- {
- // have to limit the query to only authorization entries.
- // TODO: determine why the cn=Manager user is showing up in this search:
- filter += REQUAUTHZID + "=*)(!(" + REQUAUTHZID + "=cn=Manager," + Config.getProperty(GlobalIds.SUFFIX) + "))";
- }
- //if( VUtil.isNotNullOrEmpty( audit.getObjName() ) && VUtil.isNotNullOrEmpty( audit.getOpName() ) )
- if( VUtil.isNotNullOrEmpty( audit.getDn() ) )
- {
- //filter += "(" + REQDN + "=" + GlobalIds.POP_NAME + "=" + audit.getOpName() + "," + GlobalIds.POBJ_NAME + "=" + audit.getObjName() + ",*)";
- filter += "(" + REQDN + "=" + audit.getDn() + ")";
- }
-/*
- todo: fixme (can't search on reqAssertion attribute):
- if (audit.isFailedOnly())
- {
- //filter += "(!(" + REQRESULT + "=" + 6 + "))";
- filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
- }
-*/
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- if (audit.getEndDate() != null)
- {
- String szTime = AttrHelper.encodeGeneralizedTime(audit.getEndDate());
- filter += "(" + REQEND + "<=" + szTime + ")";
- }
- filter += ")";
-
- //log.warn("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_AUTHZ_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- auditList.add( getAuthzEntityFromLdapEntry( searchResults.next(), sequence++ ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "LDAPException in AuditDAO.getAllAuthZs id=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_AUTHZ_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return auditList;
- }
-
-
- /**
- * @param audit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<Bind> searchBinds( UserAudit audit )
- throws FinderException
- {
- List<Bind> auditList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
- String userRoot = getRootDn( audit.getContextId(), GlobalIds.USER_ROOT );
-
- try
- {
- String filter;
- if ( audit.getUserId() != null && audit.getUserId().length() > 0 )
- {
- filter = GlobalIds.FILTER_PREFIX + ACCESS_BIND_CLASS_NM + ")(" +
- REQDN + "=" + GlobalIds.UID + "=" + audit.getUserId() + "," + userRoot + ")";
- if ( audit.isFailedOnly() )
- {
- filter += "(" + REQRESULT + ">=" + 1 + ")";
- }
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- filter += ")";
- }
- else
- {
- filter = GlobalIds.FILTER_PREFIX + ACCESS_BIND_CLASS_NM + ")";
- if ( audit.isFailedOnly() )
- {
- filter += "(" + REQRESULT + ">=" + 1 + ")";
- }
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- filter += ")";
- }
- //log.warn("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_BIND_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- auditList.add( getBindEntityFromLdapEntry( searchResults.next(), sequence++ ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "LDAPException in AuditDAO.searchBinds id=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_BIND_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return auditList;
- }
-
-
- /**
- * @param audit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<Mod> searchUserMods( UserAudit audit )
- throws FinderException
- {
- List<Mod> modList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
-
- String userRoot = getRootDn( audit.getContextId(), GlobalIds.USER_ROOT );
- try
- {
- String filter = GlobalIds.FILTER_PREFIX + ACCESS_MOD_CLASS_NM + ")(" +
- REQDN + "=" + GlobalIds.UID + "=" + audit.getUserId() + "," + userRoot + ")";
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- filter += ")";
- //log.warn("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- modList.add( getModEntityFromLdapEntry( searchResults.next(), sequence++ ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "searchUserMods caught LDAPException id=" + e.getLDAPResultCode() + " msg=" + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_MOD_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return modList;
- }
-
-
- /**
- * @param audit
- * @return
- * @throws FinderException
- */
- public final List<Mod> searchAdminMods( UserAudit audit )
- throws FinderException
- {
- List<Mod> modList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String auditRoot = Config.getProperty( AUDIT_ROOT );
-
- try
- {
- /*
- # 20110117075053.000006Z, log
- dn: reqStart=20110117075053.000006Z,cn=log
- objectClass: auditModify
- reqStart: 20110117075053.000006Z
- reqEnd: 20110117075053.000007Z
- reqType: modify
- reqSession: 12
- reqAuthzID: cn=Manager,dc=jts,dc=com
- reqDN: ftObjId=004+ftOpNm=TOP2_4,ftObjNm=TOB2_3,ou=Permissions,ou=RBAC,dc=m
- ims,dc=com
- reqResult: 0
- reqMod: ftRoles:- ftT2ROLE5
- reqMod: ftModifier:= -42f31b5d:12d92f18440:-7eb8
- reqMod: ftModCode:= AdminMgrImpl.revokePermission
- reqMod: ftModId:= -42f31b5d:12d92f18440:-6674
- reqMod: entryCSN:= 20110117075053.093893Z#000000#000#000000
- reqMod: modifiersName:= cn=Manager,dc=jts,dc=com
- reqMod: modifyTimestamp:= 20110117075053Z
-
- ldapsearch -x -D "cn=Manager,cn=log" -w secret -b 'cn=log' -s SUB -h localhost -p 389 '(&(objectclass=auditModify)(reqMod=ftModCode:= AdminMgrImpl.addDescendant)(reqMod=ftModifier:= -6a20c261:12d92e15581:-7eb8))'
-
- # limit search by dn works:
- ldapsearch -x -D "cn=Manager,cn=log" -w secret -b 'cn=log' -s SUB -h localhost -p 389 '(&(objectclass=auditModify)(reqDN=cn=Hierarchies,ou=Roles,ou=RBAC,dc=jts,dc=com))'
-
- # wild card works on reqMod:
- ldapsearch -x -D "cn=Manager,cn=log" -w secret -b 'cn=log' -s SUB -h localhost -p 389 '(&(objectclass=auditModify)(reqMod=ftModCode:= AdminMgrImpl.add*)(reqMod=ftModifier:= -6a20c261:12d92e15581:-7eb8))'
-
- */
- String filter = "(&(|(objectclass=" + ACCESS_MOD_CLASS_NM + ")";
- filter += "(objectclass=" + ACCESS_ADD_CLASS_NM + "))";
- if ( VUtil.isNotNullOrEmpty( audit.getDn() ) )
- {
- filter += "(" + REQDN + "=" + audit.getDn() + ")";
- }
- if ( VUtil.isNotNullOrEmpty( audit.getObjName() ) )
- {
- filter += "(|(" + REQMOD + "=" + GlobalIds.FT_MODIFIER_CODE + ":= " + audit.getObjName() + ".";
- if ( VUtil.isNotNullOrEmpty( audit.getOpName() ) )
- {
- filter += audit.getOpName();
- }
- filter += "*)";
- filter += "(" + REQMOD + "=" + GlobalIds.FT_MODIFIER_CODE + ":+ " + audit.getObjName() + ".";
- if ( VUtil.isNotNullOrEmpty( audit.getOpName() ) )
- {
- filter += audit.getOpName();
- }
- filter += "*))";
- }
- if ( VUtil.isNotNullOrEmpty( audit.getInternalUserId() ) )
- {
- filter += "(|(" + REQMOD + "=" + GlobalIds.FT_MODIFIER + ":= " + audit.getInternalUserId() + ")";
- filter += "(" + REQMOD + "=" + GlobalIds.FT_MODIFIER + ":+ " + audit.getInternalUserId() + "))";
- }
- if ( audit.getBeginDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
- filter += "(" + REQEND + ">=" + szTime + ")";
- }
- if ( audit.getEndDate() != null )
- {
- String szTime = AttrHelper.encodeGeneralizedTime( audit.getEndDate() );
- filter += "(" + REQEND + "<=" + szTime + ")";
- }
-
- filter += ")";
- //log.warn("filter=" + filter);
- ld = getLogConnection();
- searchResults = search( ld, auditRoot,
- LDAPConnection.SCOPE_ONE, filter, AUDIT_MOD_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- modList.add( getModEntityFromLdapEntry( searchResults.next(), sequence++ ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "searchAdminMods caught LDAPException id=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
- throw new FinderException( GlobalErrIds.AUDT_MOD_ADMIN_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeLogConnection( ld );
- }
- return modList;
- }
-
-
- /**
- * @param le
- * @return
- * @throws LDAPException
- */
- private Bind getBindEntityFromLdapEntry( LDAPEntry le, long sequence )
- {
-
- /*
- public class Bind
- private String createTimestamp;
- private String creatorsName;
- private String entryCSN;
- private String entryDN;
- private String entryUUID;
- private String hasSubordinates;
- private String modifiersName;
- private String modifyTimestamp;
- private String objectClass;
- private String reqAuthzID;
- private String reqControls;
- private String reqDN;
- private String reqEnd;
- private String reqMethod;
- private String reqResult;
- private String reqSession;
- private String reqStart;
- private String reqType;
- private String reqVersion;
- private String structuralObjectClass;
- */
-
- Bind auditBind = new ObjectFactory().createBind();
- auditBind.setSequenceId( sequence );
- auditBind.setCreateTimestamp( getAttribute( le, CREATETIMESTAMP ) );
- auditBind.setCreatorsName( getAttribute( le, CREATORSNAME ) );
- auditBind.setEntryCSN( getAttribute( le, ENTRYCSN ) );
- auditBind.setEntryDN( getAttribute( le, ENTRYDN ) );
- auditBind.setEntryUUID( getAttribute( le, ENTRYUUID ) );
- auditBind.setHasSubordinates( getAttribute( le, HASSUBORDINATES ) );
- auditBind.setModifiersName( getAttribute( le, MODIFIERSNAME ) );
- auditBind.setModifyTimestamp( getAttribute( le, MODIFYTIMESTAMP ) );
- auditBind.setObjectClass( getAttribute( le, OBJECTCLASS ) );
- auditBind.setReqAuthzID( getAttribute( le, REQUAUTHZID ) );
- auditBind.setReqControls( getAttribute( le, REQCONTROLS ) );
- auditBind.setReqDN( getAttribute( le, REQDN ) );
- auditBind.setReqEnd( getAttribute( le, REQEND ) );
- auditBind.setReqMethod( getAttribute( le, REQMETHOD ) );
- auditBind.setReqResult( getAttribute( le, REQRESULT ) );
- auditBind.setReqSession( getAttribute( le, REQSESSION ) );
- auditBind.setReqStart( getAttribute( le, REQSTART ) );
- auditBind.setReqType( getAttribute( le, REQTYPE ) );
- auditBind.setReqVersion( getAttribute( le, REQVERSION ) );
- auditBind.setStructuralObjectClass( getAttribute( le, STRUCTURALOBJECTCLASS ) );
- return auditBind;
- }
-
-
- /**
- * @param le
- * @return
- * @throws LDAPException
- */
- private AuthZ getAuthzEntityFromLdapEntry( LDAPEntry le, long sequence )
- {
-
- /*
- public class AuthZ
- {
- private String createTimestamp;
- private String creatorsName;
- private String entryCSN;
- private String entryDN;
- private String entryUUID;
- private String hasSubordinates;
- private String modifiersName;
- private String modifyTimestamp;
- private String objectClass;
- private String reqAttr;
- private String reqAttrsOnly;
- private String reqAuthzID;
- private String reqControls;
- private String reqDN;
- private String reqDerefAliases;
- private String reqEnd;
- private String reqEntries;
- private String reqFilter;
- private String reqResult;
- private String reqScope;
- private String reqSession;
- private String reqSizeLimit;
- private String reqStart;
- private String reqTimeLimit;
- private String reqType;
- private String reqAssertion;
- private String structuralObjectClass;
- private String subschemaSubentry;
- }*/
- // these attrs also on audit bind OC:
- AuthZ authZ = new ObjectFactory().createAuthZ();
- authZ.setSequenceId( sequence );
- authZ.setCreateTimestamp( getAttribute( le, CREATETIMESTAMP ) );
- authZ.setCreatorsName( getAttribute( le, CREATORSNAME ) );
- authZ.setEntryCSN( getAttribute( le, ENTRYCSN ) );
- authZ.setEntryDN( getAttribute( le, ENTRYDN ) );
- authZ.setEntryUUID( getAttribute( le, ENTRYUUID ) );
- authZ.setHasSubordinates( getAttribute( le, HASSUBORDINATES ) );
- authZ.setModifiersName( getAttribute( le, MODIFIERSNAME ) );
- authZ.setModifyTimestamp( getAttribute( le, MODIFYTIMESTAMP ) );
- authZ.setObjectClass( getAttribute( le, OBJECTCLASS ) );
- authZ.setReqAuthzID( getAttribute( le, REQUAUTHZID ) );
- authZ.setReqControls( getAttribute( le, REQCONTROLS ) );
- authZ.setReqDN( getAttribute( le, REQDN ) );
- authZ.setReqEnd( getAttribute( le, REQEND ) );
- authZ.setReqResult( getAttribute( le, REQRESULT ) );
- authZ.setReqSession( getAttribute( le, REQSESSION ) );
- authZ.setReqStart( getAttribute( le, REQSTART ) );
- authZ.setReqType( getAttribute( le, REQTYPE ) );
- authZ.setStructuralObjectClass( getAttribute( le, STRUCTURALOBJECTCLASS ) );
-
- // these attrs only on audit search OC:
- authZ.setReqAttr( getAttribute( le, REQATTR ) );
- authZ.setReqAttrsOnly( getAttribute( le, REQATTRSONLY ) );
- authZ.setReqDerefAliases( getAttribute( le, REQDREFALIASES ) );
- authZ.setReqEntries( getAttribute( le, REQENTRIES ) );
- authZ.setReqFilter( getAttribute( le, REQFILTER ) );
- authZ.setReqScope( getAttribute( le, REQSCOPE ) );
- authZ.setReqSizeLimit( getAttribute( le, REQSIZELIMIT ) );
- authZ.setReqTimeLimit( getAttribute( le, REQTIMELIMIT ) );
- authZ.setReqAssertion( getAttribute( le, REQASSERTION ) );
- return authZ;
- }
-
-
- private Mod getModEntityFromLdapEntry( LDAPEntry le, long sequence )
- {
- /*
- public class Mod
- {
- private String reqSession;
- private String objectClass;
- private String reqAuthzID;
- private String reqDN;
- private String reqResult;
- private String reqStart;
- private String reqEnd;
- private String reqType;
- private String[] reqMod;
- }
- */
-
- Mod mod = new ObjectFactory().createMod();
- mod.setSequenceId( sequence );
- mod.setObjectClass( getAttribute( le, OBJECTCLASS ) );
- mod.setReqAuthzID( getAttribute( le, REQUAUTHZID ) );
- mod.setReqDN( getAttribute( le, REQDN ) );
- mod.setReqEnd( getAttribute( le, REQEND ) );
- mod.setReqResult( getAttribute( le, REQRESULT ) );
- mod.setReqSession( getAttribute( le, REQSESSION ) );
- mod.setReqStart( getAttribute( le, REQSTART ) );
- mod.setReqType( getAttribute( le, REQTYPE ) );
- mod.setReqMod( getAttributes( le, REQMOD ) );
- return mod;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/OrgUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/OrgUnitDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/OrgUnitDAO.java
deleted file mode 100755
index b0d66fc..0000000
--- a/src/main/java/org/apache/directory/fortress/core/rbac/dao/unboundid/OrgUnitDAO.java
+++ /dev/null
@@ -1,621 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.rbac.dao.unboundid;
-
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.directory.fortress.core.CreateException;
-import org.apache.directory.fortress.core.FinderException;
-import org.apache.directory.fortress.core.GlobalErrIds;
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.ObjectFactory;
-import org.apache.directory.fortress.core.RemoveException;
-import org.apache.directory.fortress.core.UpdateException;
-import org.apache.directory.fortress.core.ldap.UnboundIdDataProvider;
-import org.apache.directory.fortress.core.rbac.Graphable;
-import org.apache.directory.fortress.core.rbac.OrgUnit;
-import org.apache.directory.fortress.core.rbac.PsoUtil;
-import org.apache.directory.fortress.core.rbac.UsoUtil;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttribute;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
-
-
-/**
- * This class provides dataaccess to the OrgUnit datasets in LDAP.
- * <p/>
- * The OrgUnitDAO maintains the following structural and aux object classes:
- * <h4>1. organizationalUnit Structural Object Class is used to store basic attributes like ou and description</h4>
- * <ul>
- * <li> ------------------------------------------
- * <li> <code>objectclass ( 2.5.6.5 NAME 'organizationalUnit'</code>
- * <li> <code>DESC 'RFC2256: an organizational unit'</code>
- * <li> <code>SUP top STRUCTURAL</code>
- * <li> <code>MUST ou</code>
- * <li> <code>MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $</code>
- * <li> <code>x121Address $ registeredAddress $ destinationIndicator $</code>
- * <li> <code>preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $</code>
- * <li> <code>telephoneNumber $ internationaliSDNNumber $</code>
- * <li> <code>facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $</code>
- * <li> <code>postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <h4>2. ftOrgUnit Structural objectclass is used to store the OrgUnit internal id</h4>
- * <ul> org.apache.directory.fortress.arbac.
- * <li> ------------------------------------------
- * <li> <code> objectclass ( 1.3.6.1.4.1.38088.2.6</code>
- * <li> <code>NAME 'ftOrgUnit'</code>
- * <li> <code>DESC 'Fortress OrgUnit Class'</code>
- * <li> <code>SUP organizationalunit</code>
- * <li> <code>STRUCTURAL</code>
- * <li> <code>MUST ( ftId ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <h4>3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity</h4>
- * <ul>
- * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.4</code>
- * <li> <code>NAME 'ftMods'</code>
- * <li> <code>DESC 'Fortress Modifiers AUX Object Class'</code>
- * <li> <code>AUXILIARY</code>
- * <li> <code>MAY (</code>
- * <li> <code>ftModifier $</code>
- * <li> <code>ftModCode $</code>
- * <li> <code>ftModId ) )</code>
- * <li> ------------------------------------------
- * </ul>
- * <p/>
- * This class is thread safe.
- *
- * @author Shawn McKinney
- * @created September 18, 2010
- */
-public final class OrgUnitDAO extends UnboundIdDataProvider implements org.apache.directory.fortress.core.rbac.dao.OrgUnitDAO
-{
- private static final String CLS_NM = OrgUnitDAO.class.getName();
- private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
- private static final String ORGUNIT_OBJECT_CLASS_NM = "ftOrgUnit";
-
- private static final String ORGUNIT_OBJ_CLASS[] =
- {
- GlobalIds.TOP, ORGUNIT_OBJECT_CLASS_NM, GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME
- };
- private static final String[] ORGUNIT_ATRS =
- {
- GlobalIds.FT_IID, GlobalIds.OU, GlobalIds.DESC, GlobalIds.PARENT_NODES
- };
-
- private static final String[] ORGUNIT_ATR =
- {
- GlobalIds.OU
- };
-
-
- /**
- * @param entity
- * @return
- * @throws org.apache.directory.fortress.core.CreateException
- *
- */
- public final OrgUnit create( OrgUnit entity )
- throws CreateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS, ORGUNIT_OBJ_CLASS ) );
- entity.setId();
- attrs.add( createAttribute( GlobalIds.FT_IID, entity.getId() ) );
- if ( entity.getDescription() != null && entity.getDescription().length() > 0 )
- attrs.add( createAttribute( GlobalIds.DESC, entity.getDescription() ) );
- // organizational name requires OU attribute:
- attrs.add( createAttribute( GlobalIds.OU, entity.getName() ) );
-
- // These multi-valued attributes are optional. The utility function will return quietly if no items are loaded into collection:
- loadAttrs( entity.getParents(), attrs, GlobalIds.PARENT_NODES );
-
- LDAPEntry myEntry = new LDAPEntry( dn, attrs );
- ld = getAdminConnection();
- add( ld, myEntry, entity );
- }
- catch ( LDAPException e )
- {
- String error = "create orgUnit name [" + entity.getName() + "] type [" + entity.getType()
- + "] root [" + dn + "] caught LDAPException=" + e;
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_ADD_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_ADD_FAILED_USER;
-
- }
- throw new CreateException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * @param entity
- * @return
- * @throws org.apache.directory.fortress.core.UpdateException
- *
- */
- public final OrgUnit update( OrgUnit entity )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- if ( entity.getDescription() != null && entity.getDescription().length() > 0 )
- {
- LDAPAttribute desc = new LDAPAttribute( GlobalIds.DESC, entity.getDescription() );
- mods.add( LDAPModification.REPLACE, desc );
- }
- loadAttrs( entity.getParents(), mods, GlobalIds.PARENT_NODES );
- if ( mods.size() > 0 )
- {
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- }
- catch ( LDAPException e )
- {
- String error = "update orgUnit name [" + entity.getName() + "] type [" + entity.getType()
- + "] root [" + dn + "] caught LDAPException=" + e;
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_UPDATE_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_UPDATE_FAILED_USER;
- }
-
- throw new UpdateException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * @param entity
- * @throws org.apache.directory.fortress.core.UpdateException
- *
- */
- public final void deleteParent( OrgUnit entity )
- throws UpdateException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute occupant = new LDAPAttribute( GlobalIds.PARENT_NODES );
- mods.add( LDAPModification.DELETE, occupant );
- ld = getAdminConnection();
- modify( ld, dn, mods, entity );
- }
- catch ( LDAPException e )
- {
- String error = "deleteParent orgUnit name [" + entity.getName() + "] type [" + entity.getType()
- + "] root [" + dn + "] caught LDAPException=" + e;
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_REMOVE_PARENT_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_REMOVE_PARENT_FAILED_USER;
- }
-
- throw new UpdateException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- }
-
-
- /**
- * @param entity
- * @return
- * @throws org.apache.directory.fortress.core.RemoveException
- *
- */
- public final OrgUnit remove( OrgUnit entity )
- throws RemoveException
- {
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- ld = getAdminConnection();
- delete( ld, dn, entity );
- }
- catch ( LDAPException e )
- {
- String error = "remove orgUnit name [" + entity.getName() + "] type [" + entity.getType()
- + "] root [" + dn + "] caught LDAPException=" + e;
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_DELETE_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_DELETE_FAILED_USER;
- }
-
- throw new RemoveException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return entity;
- }
-
-
- /**
- * @param entity
- * @return
- * @throws FinderException
- *
- */
- public final OrgUnit findByKey( OrgUnit entity )
- throws FinderException
- {
- OrgUnit oe = null;
- LDAPConnection ld = null;
- String dn = getDn( entity );
- try
- {
- ld = getAdminConnection();
- LDAPEntry findEntry = read( ld, dn, ORGUNIT_ATRS );
- if ( findEntry == null )
- {
- String warning = "findByKey orgUnit name [" + entity.getName() + "] type ["
- + entity.getType() + "] COULD NOT FIND ENTRY for dn [" + dn + "]";
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_NOT_FOUND_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_NOT_FOUND_USER;
- }
- throw new FinderException( errCode, warning );
- }
- oe = getEntityFromLdapEntry( findEntry, 0, entity.getContextId() );
- }
- catch ( LDAPException e )
- {
- if ( e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT )
- {
- String warning = "findByKey orgUnit name [" + entity.getName() + "] type ["
- + entity.getType() + "] COULD NOT FIND ENTRY for dn [" + dn + "]";
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_NOT_FOUND_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_NOT_FOUND_USER;
- }
- throw new FinderException( errCode, warning );
- }
- else
- {
- String error = "findByKey orgUnitName [" + entity.getName() + "] type [" + entity.getType()
- + "] dn [" + dn + "] caught LDAPException=" + e;
- int errCode;
- if ( entity.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_READ_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_READ_FAILED_USER;
- }
- throw new FinderException( errCode, error, e );
- }
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return oe;
- }
-
-
- /**
- * @param orgUnit
- * @return
- * @throws org.apache.directory.fortress.core.FinderException
- *
- */
- public final List<OrgUnit> findOrgs( OrgUnit orgUnit )
- throws FinderException
- {
- List<OrgUnit> orgUnitList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String orgUnitRoot = getOrgRoot( orgUnit );
- try
- {
- String searchVal = encodeSafeText( orgUnit.getName(), GlobalIds.ROLE_LEN );
- String filter = GlobalIds.FILTER_PREFIX + ORGUNIT_OBJECT_CLASS_NM + ")("
- + GlobalIds.OU + "=" + searchVal + "*))";
- ld = getAdminConnection();
- searchResults = search( ld, orgUnitRoot,
- LDAPConnection.SCOPE_ONE, filter, ORGUNIT_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- orgUnitList.add( getEntityFromLdapEntry( searchResults.next(), sequence++, orgUnit.getContextId() ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "findOrgs search val [" + orgUnit.getName() + "] type [" + orgUnit.getType()
- + "] root [" + orgUnitRoot + "] caught LDAPException=" + e;
- int errCode;
- if ( orgUnit.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_SEARCH_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_SEARCH_FAILED_USER;
- }
-
- throw new FinderException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return orgUnitList;
- }
-
-
- /**
- *
- * @param orgUnit
- * @return
- * @throws FinderException
- */
- public final Set<String> getOrgs( OrgUnit orgUnit )
- throws FinderException
- {
- Set<String> ouSet = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
- LDAPConnection ld = null;
- String orgUnitRoot = getOrgRoot( orgUnit );
- try
- {
- String filter = "(objectclass=" + ORGUNIT_OBJECT_CLASS_NM + ")";
- ld = getAdminConnection();
- LDAPSearchResults searchResults = search( ld, orgUnitRoot,
- LDAPConnection.SCOPE_ONE, filter, ORGUNIT_ATR, false, GlobalIds.BATCH_SIZE );
- while ( searchResults.hasMoreElements() )
- {
- ouSet.add( getAttribute( searchResults.next(), GlobalIds.OU ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "getOrgs type [" + orgUnit.getType() + "] root [" + orgUnitRoot
- + "] caught LDAPException=" + e;
- int errCode;
- if ( orgUnit.getType() == OrgUnit.Type.PERM )
- {
- errCode = GlobalErrIds.ORG_GET_FAILED_PERM;
- }
- else
- {
- errCode = GlobalErrIds.ORG_GET_FAILED_USER;
- }
- throw new FinderException( errCode, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return ouSet;
- }
-
-
- /**
- *
- * @param orgUnit
- * @return
- * @throws FinderException
- */
- public final List<Graphable> getAllDescendants( OrgUnit orgUnit )
- throws FinderException
- {
- String orgUnitRoot = getOrgRoot( orgUnit );
- String[] DESC_ATRS =
- { GlobalIds.OU, GlobalIds.PARENT_NODES };
- List<Graphable> descendants = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
- String filter = null;
- try
- {
- filter = GlobalIds.FILTER_PREFIX + ORGUNIT_OBJECT_CLASS_NM + ")("
- + GlobalIds.PARENT_NODES + "=*))";
- ld = getAdminConnection();
- searchResults = search( ld, orgUnitRoot,
- LDAPConnection.SCOPE_ONE, filter, DESC_ATRS, false, GlobalIds.BATCH_SIZE );
- long sequence = 0;
- while ( searchResults.hasMoreElements() )
- {
- descendants.add( unloadDescendants( searchResults.next(), sequence++, orgUnit.getContextId() ) );
- }
- }
- catch ( LDAPException e )
- {
- String error = "getAllDescendants filter [" + filter + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
- throw new FinderException( GlobalErrIds.ARLE_SEARCH_FAILED, error, e );
- }
- finally
- {
- closeAdminConnection( ld );
- }
- return descendants;
- }
-
-
- /**
- * @param orgUnit
- * @return
- */
- private String getDn( OrgUnit orgUnit )
- {
- String dn = null;
- switch ( orgUnit.type )
- {
- case USER:
- dn = GlobalIds.OU + "=" + orgUnit.getName() + ","
- + getRootDn( orgUnit.getContextId(), GlobalIds.OSU_ROOT );
- break;
- case PERM:
- dn = GlobalIds.OU + "=" + orgUnit.getName() + ","
- + getRootDn( orgUnit.getContextId(), GlobalIds.PSU_ROOT );
- break;
- default:
- String warning = "getDn invalid type";
- LOG.warn( warning );
- break;
- }
- return dn;
- }
-
-
- /**
- *
- * @param orgUnit
- * @return
- */
- private String getOrgRoot( OrgUnit orgUnit )
- {
- String dn = null;
- switch ( orgUnit.type )
- {
- case USER:
- dn = getRootDn( orgUnit.getContextId(), GlobalIds.OSU_ROOT );
- break;
- case PERM:
- dn = getRootDn( orgUnit.getContextId(), GlobalIds.PSU_ROOT );
- break;
- default:
- String warning = "getOrgRootDn invalid type";
- LOG.warn( warning );
- break;
- }
- return dn;
- }
-
-
- /**
- *
- * @param le
- * @param sequence
- * @param contextId
- * @return
- * @throws LDAPException
- */
- private Graphable unloadDescendants( LDAPEntry le, long sequence, String contextId )
- {
- OrgUnit entity = new ObjectFactory().createOrgUnit();
- entity.setSequenceId( sequence );
- entity.setName( getAttribute( le, GlobalIds.OU ) );
- entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
- return entity;
- }
-
-
- /**
- *
- * @param le
- * @param sequence
- * @param contextId
- * @return
- * @throws LDAPException
- */
- private OrgUnit getEntityFromLdapEntry( LDAPEntry le, long sequence, String contextId )
- {
- OrgUnit entity = new ObjectFactory().createOrgUnit();
- entity.setSequenceId( sequence );
- entity.setId( getAttribute( le, GlobalIds.FT_IID ) );
- entity.setName( getAttribute( le, GlobalIds.OU ) );
- entity.setDescription( getAttribute( le, GlobalIds.DESC ) );
- String dn = le.getDN();
- if ( dn.contains( getRootDn( contextId, GlobalIds.PSU_ROOT ) ) )
- {
- entity.setType( OrgUnit.Type.PERM );
- //entity.setParents(PsoUtil.getParents(entity.getName().toUpperCase(), contextId));
- entity.setChildren( PsoUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
- }
- else if ( dn.contains( getRootDn( contextId, GlobalIds.OSU_ROOT ) ) )
- {
- entity.setType( OrgUnit.Type.USER );
- //entity.setParents(UsoUtil.getParents(entity.getName().toUpperCase(), contextId));
- entity.setChildren( UsoUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
- }
- entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
- return entity;
- }
-}
\ No newline at end of file