You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 19:48:31 UTC
[16/16] git commit: Remove the unboundid daos classes and lib,
move the apache dao's into rbac package and make its classes and
methods package private.
Remove the unboundid daos classes and lib, move the apache dao's into rbac package and make its classes and methods package private.
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/49e82a58
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/49e82a58
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/49e82a58
Branch: refs/heads/master
Commit: 49e82a58b817e65b8a9098b9ad8fd4a45faf7464
Parents: 687ee1a
Author: Shawn <sm...@apache.org>
Authored: Wed Oct 22 12:47:59 2014 -0500
Committer: Shawn <sm...@apache.org>
Committed: Wed Oct 22 12:47:59 2014 -0500
----------------------------------------------------------------------
NOTICE.txt | 11 +-
build.properties | 2 -
build.xml | 4 -
ivy.xml | 1 -
ldap/setup/HierarchicalAdminRoleExample.xml | 20 +-
ldap/setup/HierarchicalRoleExample.xml | 19 +-
ldap/setup/OrgUnitExample.xml | 20 +-
lib/LICENSE-UnboundID-LDAPSDK.txt | 91 -
lib/LICENSE-unboundid-ldapsdk-2.1.0-se.txt | 17 -
pom.xml | 6 -
.../core/ldap/ApacheDsDataProvider.java | 4 +-
.../fortress/core/ldap/ConnectionPool.java | 664 -----
.../directory/fortress/core/ldap/PoolMgr.java | 619 -----
.../core/ldap/UnboundIdDataProvider.java | 1277 ----------
.../core/ldap/openldap/OLPWControlImpl.java | 417 ---
.../directory/fortress/core/ldap/package.html | 2 +-
.../directory/fortress/core/overview.html | 1 -
.../fortress/core/rbac/AccelMgrImpl.java | 3 +-
.../fortress/core/rbac/AcceleratorDAO.java | 373 +++
.../directory/fortress/core/rbac/AdminRole.java | 2 -
.../fortress/core/rbac/AdminRoleDAO.java | 694 +++++
.../fortress/core/rbac/AdminRoleP.java | 4 +-
.../directory/fortress/core/rbac/AuditDAO.java | 780 ++++++
.../directory/fortress/core/rbac/AuditP.java | 1 -
.../directory/fortress/core/rbac/OrgUnit.java | 4 -
.../fortress/core/rbac/OrgUnitDAO.java | 702 ++++++
.../directory/fortress/core/rbac/OrgUnitP.java | 4 +-
.../directory/fortress/core/rbac/PermDAO.java | 1504 +++++++++++
.../directory/fortress/core/rbac/PermObj.java | 6 +-
.../directory/fortress/core/rbac/PermP.java | 4 +-
.../fortress/core/rbac/Permission.java | 5 +-
.../directory/fortress/core/rbac/PolicyDAO.java | 685 +++++
.../directory/fortress/core/rbac/PolicyP.java | 1 -
.../fortress/core/rbac/PwPolicyControl.java | 4 +-
.../directory/fortress/core/rbac/Role.java | 4 +-
.../directory/fortress/core/rbac/RoleDAO.java | 657 +++++
.../directory/fortress/core/rbac/RoleP.java | 4 +-
.../directory/fortress/core/rbac/SdDAO.java | 633 +++++
.../directory/fortress/core/rbac/SdP.java | 3 +-
.../directory/fortress/core/rbac/User.java | 1 -
.../directory/fortress/core/rbac/UserAudit.java | 2 -
.../directory/fortress/core/rbac/UserDAO.java | 2375 +++++++++++++++++
.../directory/fortress/core/rbac/UserP.java | 4 +-
.../fortress/core/rbac/dao/AcceleratorDAO.java | 39 -
.../fortress/core/rbac/dao/AdminRoleDAO.java | 200 --
.../fortress/core/rbac/dao/AuditDAO.java | 193 --
.../fortress/core/rbac/dao/DAOType.java | 27 -
.../fortress/core/rbac/dao/DaoFactory.java | 272 --
.../fortress/core/rbac/dao/OrgUnitDAO.java | 152 --
.../fortress/core/rbac/dao/PermDAO.java | 317 ---
.../fortress/core/rbac/dao/PolicyDAO.java | 127 -
.../fortress/core/rbac/dao/RoleDAO.java | 177 --
.../directory/fortress/core/rbac/dao/SdDAO.java | 154 --
.../fortress/core/rbac/dao/UserDAO.java | 200 --
.../core/rbac/dao/apache/AcceleratorDAO.java | 379 ---
.../core/rbac/dao/apache/AdminRoleDAO.java | 694 -----
.../fortress/core/rbac/dao/apache/AuditDAO.java | 784 ------
.../core/rbac/dao/apache/OrgUnitDAO.java | 706 ------
.../fortress/core/rbac/dao/apache/PermDAO.java | 1513 -----------
.../core/rbac/dao/apache/PolicyDAO.java | 685 -----
.../fortress/core/rbac/dao/apache/RoleDAO.java | 657 -----
.../fortress/core/rbac/dao/apache/SdDAO.java | 633 -----
.../fortress/core/rbac/dao/apache/UserDAO.java | 2383 ------------------
.../core/rbac/dao/unboundid/AdminRoleDAO.java | 656 -----
.../core/rbac/dao/unboundid/AuditDAO.java | 835 ------
.../core/rbac/dao/unboundid/OrgUnitDAO.java | 621 -----
.../core/rbac/dao/unboundid/PermDAO.java | 1405 -----------
.../core/rbac/dao/unboundid/PolicyDAO.java | 623 -----
.../core/rbac/dao/unboundid/RoleDAO.java | 593 -----
.../fortress/core/rbac/dao/unboundid/SdDAO.java | 557 ----
.../core/rbac/dao/unboundid/UserDAO.java | 2365 -----------------
.../fortress/core/util/attr/AttrHelper.java | 10 +-
src/test/build.xml | 2 -
.../fortress/core/ant/TestAddUsers.xml | 16 +-
.../fortress/core/example/ExampleDAO.java | 138 +-
.../fortress/core/rbac/FortressJUnitTest.java | 4 +-
.../core/rbac/accelerator/TestAccelerator.java | 2 +-
.../apacheds/FortressJUnitApachedsTest.java | 18 +-
.../fortress/core/samples/overview.html | 1 -
79 files changed, 8509 insertions(+), 21263 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
index a6372e8..924547b 100755
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -22,9 +22,8 @@ The purpose of this NOTICE.txt file is to include notices that are required by t
This product includes software developed by:
1. The Apache Software Foundation (http://www.apache.org/)
-2. UnBoundID Corp (http://www.unboundid.com/)
-3. The Eigenbase Project (http://www.eigenbase.org/)
-4. JUnit.org (http://www.junit.org/)
-5. The Java Community Process (http://www.jcp.org/)
-6. SLF4J (http://www.slf4j.org/)
-7. Terracotta (http://www.terracotta.org/TPL)
+2. The Eigenbase Project (http://www.eigenbase.org/)
+3. JUnit.org (http://www.junit.org/)
+4. The Java Community Process (http://www.jcp.org/)
+5. SLF4J (http://www.slf4j.org/)
+6. Terracotta (http://www.terracotta.org/TPL)
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index c7a3583..cae71aa 100644
--- a/build.properties
+++ b/build.properties
@@ -66,8 +66,6 @@ http.protocol=http
#ldap.server.type=openldap
#ldap.server.type=apacheds
# This is the default:
-#ldap.client.type=unboundid
-# To override and use apache ldap API uncomment this:
ldap.client.type=apache
# These parameters point fortress to LDAP host:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 3a26e68..4160b27 100644
--- a/build.xml
+++ b/build.xml
@@ -154,7 +154,6 @@
<property name="commons-io.jar" value="${lib.dir}/commons-io-2.4.jar"/>
<property name="cxf-common-utilities.jar" value="${lib.dir}/cxf-common-utilities-2.5.0.jar"/>
<property name="commons-codec.jar" value="${lib.dir}/commons-codec-1.2.jar"/>
- <property name="unboundsdk.jar" value="${lib.dir}/unboundid-ldapsdk-2.1.0.jar"/>
<property name="jgraph.jar" value="${lib.dir}/jgrapht-jdk1.5-0.7.3.jar"/>
<property name="log4j.jar" value="${lib.dir}/log4j-1.2.17.jar"/>
<property name="junit.jar" value="${lib.dir}/junit-4.11.jar"/>
@@ -180,7 +179,6 @@
<path id="build.class.path">
<pathelement location="${build.classes.dir}"/>
<pathelement location="${jgraph.jar}"/>
- <pathelement location="${unboundsdk.jar}"/>
<pathelement location="${junit.jar}"/>
<pathelement location="${commons-config.jar}"/>
<pathelement location="${commons-lang.jar}"/>
@@ -213,7 +211,6 @@
<pathelement location="${build.test-classes.dir}"/>
<pathelement location="${dist.jar}"/>
<pathelement location="${jgraph.jar}"/>
- <pathelement location="${unboundsdk.jar}"/>
<pathelement location="${junit.jar}"/>
<pathelement location="${log4j.jar}"/>
<pathelement location="${commons-config.jar}"/>
@@ -251,7 +248,6 @@
<path location="${config.bootstrap.dir}"/>
<pathelement location="${build.classes.dir}"/>
<pathelement location="${jgraph.jar}"/>
- <pathelement location="${unboundsdk.jar}"/>
<pathelement location="${junit.jar}"/>
<pathelement location="${log4j.jar}"/>
<pathelement location="${commons-config.jar}"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index f4a37b3..465f3ba 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -32,7 +32,6 @@
<dependency org="commons-logging" name="commons-logging" rev="1.1.1" conf="default->master"/>
<dependency org="commons-codec" name="commons-codec" rev="1.2" conf="default->master"/>
<dependency org="commons-io" name="commons-io" rev="2.4" conf="default->master"/>
- <dependency org="com.unboundid" name="unboundid-ldapsdk" rev="2.1.0" conf="default->master"/>
<dependency org="junit" name="junit" rev="4.11" conf="default->master"/>
<dependency org="log4j" name="log4j" rev="1.2.17" conf="default->master"/>
<dependency org="org.jasypt" name="jasypt" rev="1.8" conf="default->master"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/ldap/setup/HierarchicalAdminRoleExample.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/HierarchicalAdminRoleExample.xml b/ldap/setup/HierarchicalAdminRoleExample.xml
index 25989ce..60291c8 100755
--- a/ldap/setup/HierarchicalAdminRoleExample.xml
+++ b/ldap/setup/HierarchicalAdminRoleExample.xml
@@ -18,26 +18,8 @@
under the License.
-->
<project basedir="." default="all" name="Fortress Sample Data">
- <!--property name="version" value="${version}"/-->
- <property name="version" value="1.0-RC24"/>
- <property name="home.dir" value = "../../" />
- <property name="lib.dir" value = "${home.dir}/lib" />
- <property name="dist.dir" value = "${home.dir}/dist" />
- <property name="config" value="${home.dir}/config"/>
- <property name="Fortress.jar" value="${dist.dir}/fortress-${version}.jar"/>
- <property name="log4j.jar" value="${lib.dir}/log4j-1.2.17.jar"/>
- <property name="ldapjdk.jar" value="${lib.dir}/unboundid-ldapsdk-2.1.0.jar"/>
- <property name="jgrapht.jar" value="${lib.dir}/jgrapht-jdk1.5-0.7.3.jar"/>
- <property name="jasypt.jar" value="${lib.dir}/jasypt-1.8.jar"/>
- <property name="commons-configuration.jar" value="${lib.dir}/commons-configuration-1.6.jar"/>
- <property name="commons-lang.jar" value="${lib.dir}/commons-lang-2.4.jar"/>
- <property name="commons-collections.jar" value="${lib.dir}/commons-collections-3.2.1.jar"/>
- <property name="commons-logging.jar" value="${lib.dir}/commons-logging-1.1.1.jar"/>
- <property name="ehcache-core.jar" value="${lib.dir}/ehcache-core-2.6.5.jar"/>
- <property name="slf4j-api.jar" value="${lib.dir}/slf4j-api-1.7.5.jar"/>
- <property name="slf4j-log4j.jar" value="${lib.dir}/slf4j-log4j12-1.7.5.jar"/>
<taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
- <classpath path="${config}:${Fortress.jar}:${log4j.jar}:${ldapjdk.jar}:${jgrapht.jar}:${jasypt.jar}:${commons-configuration.jar}:${commons-lang.jar}:${commons-collections.jar}:${commons-logging.jar}:${ehcache-core.jar}:${slf4j-api.jar}:${slf4j-log4j.jar}"/>
+ <classpath path="${java.class.path}"/>
</taskdef>
<target name="all">
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/ldap/setup/HierarchicalRoleExample.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/HierarchicalRoleExample.xml b/ldap/setup/HierarchicalRoleExample.xml
index 55022f4..5212cd0 100755
--- a/ldap/setup/HierarchicalRoleExample.xml
+++ b/ldap/setup/HierarchicalRoleExample.xml
@@ -18,25 +18,8 @@
under the License.
-->
<project basedir="." default="all" name="Fortress Sample Data">
- <!--<property name="version" value="1.0.0-rc11"/>-->
- <property name="home.dir" value = "../../" />
- <property name="lib.dir" value = "${home.dir}/lib" />
- <property name="dist.dir" value = "${home.dir}/dist" />
- <property name="config" value="${home.dir}/config"/>
- <property name="Fortress.jar" value="${dist.dir}/fortress-${version}.jar"/>
- <property name="log4j.jar" value="${lib.dir}/log4j-1.2.17.jar"/>
- <property name="ldapjdk.jar" value="${lib.dir}/unboundid-ldapsdk-2.1.0.jar"/>
- <property name="jgrapht.jar" value="${lib.dir}/jgrapht-jdk1.5-0.7.3.jar"/>
- <property name="jasypt.jar" value="${lib.dir}/jasypt-1.8.jar"/>
- <property name="commons-configuration.jar" value="${lib.dir}/commons-configuration-1.6.jar"/>
- <property name="commons-lang.jar" value="${lib.dir}/commons-lang-2.4.jar"/>
- <property name="commons-collections.jar" value="${lib.dir}/commons-collections-3.2.1.jar"/>
- <property name="commons-logging.jar" value="${lib.dir}/commons-logging-1.1.1.jar"/>
- <property name="ehcache-core.jar" value="${lib.dir}/ehcache-core-2.6.5.jar"/>
- <property name="slf4j-api.jar" value="${lib.dir}/slf4j-api-1.7.5.jar"/>
- <property name="slf4j-log4j.jar" value="${lib.dir}/slf4j-log4j12-1.7.5.jar"/>
<taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
- <classpath path="${config}:${Fortress.jar}:${log4j.jar}:${ldapjdk.jar}:${jgrapht.jar}:${jasypt.jar}:${commons-configuration.jar}:${commons-lang.jar}:${commons-collections.jar}:${commons-logging.jar}:${ehcache-core.jar}:${slf4j-api.jar}:${slf4j-log4j.jar}"/>
+ <classpath path="${java.class.path}"/>
</taskdef>
<target name="all">
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/ldap/setup/OrgUnitExample.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/OrgUnitExample.xml b/ldap/setup/OrgUnitExample.xml
index 09d94c1..25f3031 100755
--- a/ldap/setup/OrgUnitExample.xml
+++ b/ldap/setup/OrgUnitExample.xml
@@ -18,26 +18,8 @@
under the License.
-->
<project basedir="." default="all" name="Fortress Sample Data">
- <!--<property name="version" value="1.0.0-rc11"/>-->
- <property name="version" value="${version}"/>
- <property name="home.dir" value = "../../" />
- <property name="lib.dir" value = "${home.dir}/lib" />
- <property name="dist.dir" value = "${home.dir}/dist" />
- <property name="config" value="${home.dir}/config"/>
- <property name="Fortress.jar" value="${dist.dir}/fortress-${version}.jar"/>
- <property name="log4j.jar" value="${lib.dir}/log4j-1.2.17.jar"/>
- <property name="ldapjdk.jar" value="${lib.dir}/unboundid-ldapsdk-2.1.0.jar"/>
- <property name="jgrapht.jar" value="${lib.dir}/jgrapht-jdk1.5-0.7.3.jar"/>
- <property name="jasypt.jar" value="${lib.dir}/jasypt-1.8.jar"/>
- <property name="commons-configuration.jar" value="${lib.dir}/commons-configuration-1.6.jar"/>
- <property name="commons-lang.jar" value="${lib.dir}/commons-lang-2.4.jar"/>
- <property name="commons-collections.jar" value="${lib.dir}/commons-collections-3.2.1.jar"/>
- <property name="commons-logging.jar" value="${lib.dir}/commons-logging-1.1.1.jar"/>
- <property name="ehcache-core.jar" value="${lib.dir}/ehcache-core-2.6.5.jar"/>
- <property name="slf4j-api.jar" value="${lib.dir}/slf4j-api-1.7.5.jar"/>
- <property name="slf4j-log4j.jar" value="${lib.dir}/slf4j-log4j12-1.7.5.jar"/>
<taskdef classname="org.apache.directory.fortress.core.ant.FortressAntTask" name="FortressAdmin" >
- <classpath path="${config}:${Fortress.jar}:${log4j.jar}:${ldapjdk.jar}:${jgrapht.jar}:${jasypt.jar}:${commons-configuration.jar}:${commons-lang.jar}:${commons-collections.jar}:${commons-logging.jar}:${ehcache-core.jar}:${slf4j-api.jar}:${slf4j-log4j.jar}"/>
+ <classpath path="${java.class.path}"/>
</taskdef>
<target name="all">
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/lib/LICENSE-UnboundID-LDAPSDK.txt
----------------------------------------------------------------------
diff --git a/lib/LICENSE-UnboundID-LDAPSDK.txt b/lib/LICENSE-UnboundID-LDAPSDK.txt
deleted file mode 100755
index e57554e..0000000
--- a/lib/LICENSE-UnboundID-LDAPSDK.txt
+++ /dev/null
@@ -1,91 +0,0 @@
- UnboundID LDAP SDK Free Use License
-
-THIS IS AN AGREEMENT BETWEEN YOU ("YOU") AND UNBOUNDID CORP. ("UNBOUNDID")
-REGARDING YOUR USE OF UNBOUNDID LDAP SDK FOR JAVA AND ANY ASSOCIATED
-DOCUMENTATION, OBJECT CODE, COMPILED LIBRARIES, SOURCE CODE AND SOURCE FILES OR
-OTHER MATERIALS MADE AVAILABLE BY UNBOUNDID (COLLECTIVELY REFERRED TO IN THIS
-AGREEMENT AS THE ("SDK").
-
-BY INSTALLING, ACCESSING OR OTHERWISE USING THE SDK, YOU ACCEPT THE TERMS OF
-THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT
-INSTALL, ACCESS OR USE THE SDK.
-
-USE OF THE SDK. Subject to your compliance with this Agreement, UnboundID
-grants to You a non-exclusive, royalty-free license, under UnboundID's
-intellectual property rights in the SDK, to use, reproduce, modify and
-distribute this release of the SDK; provided that no license is granted herein
-under any patents that may be infringed by your modifications, derivative works
-or by other works in which the SDK may be incorporated (collectively, your
-"Applications"). You may reproduce and redistribute the SDK with your
-Applications provided that you (i) include this license file and an
-unmodified copy of the unboundid-ldapsdk-se.jar file; and (ii) such
-redistribution is subject to a license whose terms do not conflict with or
-contradict the terms of this Agreement. You may also reproduce and redistribute
-the SDK without your Applications provided that you redistribute the SDK
-complete and unmodified (i.e., with all "read me" files, copyright notices, and
-other legal notices and terms that UnboundID has included in the SDK).
-
-SCOPE OF LICENSES. This Agreement does not grant You the right to use any
-UnboundID intellectual property which is not included as part of the SDK. The
-SDK is licensed, not sold. This Agreement only gives You some rights to use
-the SDK. UnboundID reserves all other rights. Unless applicable law gives You
-more rights despite this limitation, You may use the SDK only as expressly
-permitted in this Agreement.
-
-SUPPORT. UnboundID is not obligated to provide any technical or other support
-("Support Services") for the SDK to You under this Agreement. However, if
-UnboundID chooses to provide any Support Services to You, Your use of such
-Support Services will be governed by then-current UnboundID support policies.
-
-TERMINATION. UnboundID reserves the right to discontinue offering the SDK and
-to modify the SDK at any time in its sole discretion. Notwithstanding anything
-contained in this Agreement to the contrary, UnboundID may also, in its sole
-discretion, terminate or suspend access to the SDK to You or any end user at
-any time. In addition, if you fail to comply with the terms of this Agreement,
-then any rights granted herein will be automatically terminated if such failure
-is not corrected within 30 days of the initial notification of such failure.
-You acknowledge that termination and/or monetary damages may not be a
-sufficient remedy if You breach this Agreement and that UnboundID will be
-entitled, without waiving any other rights or remedies, to injunctive or
-equitable relief as may be deemed proper by a court of competent jurisdiction
-in the event of a breach. UnboundID may also terminate this Agreement if the
-SDK becomes, or in UnboundID?s reasonable opinion is likely to become, the
-subject of a claim of intellectual property infringement or trade secret
-misappropriation. All rights and licenses granted herein will simultaneously
-and automatically terminate upon termination of this Agreement for any reason.
-
-DISCLAIMER OF WARRANTY. THE SDK IS PROVIDED "AS IS" AND UNBOUNDID DOES NOT
-WARRANT THAT THE SDK WILL BE ERROR-FREE, VIRUS-FREE, WILL PERFORM IN AN
-UNINTERRUPTED, SECURE OR TIMELY MANNER, OR WILL INTEROPERATE WITH OTHER
-HARDWARE, SOFTWARE, SYSTEMS OR DATA. TO THE MAXIMUM EXTENT ALLOWED BY LAW, ALL
-CONDITIONS, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY
-OR OTHERWISE INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE (EVEN IF UNBOUNDID HAD BEEN
-INFORMED OF SUCH PURPOSE), OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS ARE HEREBY
-DISCLAIMED.
-
-LIMITATION OF LIABILITY. IN NO EVENT WILL UNBOUNDID OR ITS SUPPLIERS BE LIABLE
-FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS,
-REVENUE, DATA OR DATA USE, BUSINESS INTERRUPTION, COST OF COVER, DIRECT,
-INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND)
-ARISING OUT OF THE USE OF OR INABILITY TO USE THE SDK OR IN ANY WAY RELATED TO
-THIS AGREEMENT, EVEN IF UNBOUNDID HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
-ADDITIONAL RIGHTS. Certain states do not allow the exclusion of implied
-warranties or limitation of liability for certain kinds of damages, so the
-exclusion of limited warranties and limitation of liability set forth above may
-not apply to You.
-
-EXPORT RESTRICTIONS. The SDK is subject to United States export control laws.
-You acknowledge and agree that You are responsible for compliance with all
-domestic and international export laws and regulations that apply to the SDK.
-
-MISCELLANEOUS. This Agreement constitutes the entire agreement with respect to
-the SDK. If any provision of this Agreement shall be held to be invalid,
-illegal or unenforceable, the validity, legality and enforceability of the
-remaining provisions shall in no way be affected or impaired thereby. This
-Agreement and performance hereunder shall be governed by and construed in
-accordance with the laws of the State of Texas without regard to its conflict
-of laws rules. Any disputes related to this Agreement shall be exclusively
-litigated in the state or federal courts located in Travis County, Texas.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/lib/LICENSE-unboundid-ldapsdk-2.1.0-se.txt
----------------------------------------------------------------------
diff --git a/lib/LICENSE-unboundid-ldapsdk-2.1.0-se.txt b/lib/LICENSE-unboundid-ldapsdk-2.1.0-se.txt
deleted file mode 100755
index 4da9120..0000000
--- a/lib/LICENSE-unboundid-ldapsdk-2.1.0-se.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-UnboundID LDAP SDK for Java (Standard Edition)
-Copyright 2007-2011 UnboundID Corp.
-
-
-The Standard Edition of the UnboundID LDAP SDK for Java is available under
-three licenses: the GNU General Public License version 2 (GPLv2), the GNU
-Lesser General Public License version 2.1 (LGPLv2.1) and a free-right-to-use
-use license created by UnboundID Corp.
-
-See the LICENSE-GPLv2.txt file for the GNU General Public License version 2.
-
-See the LICENSE-LGPLv2.1.txt file for the GNU Lesser General Public License
-version 2.1.
-
-See the LICENSE-UnboundID-LDAPSDK.txt file for the UnboundID LDAP SDK Free Use
-License.
-
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index eabaff0..60e1424 100644
--- a/pom.xml
+++ b/pom.xml
@@ -100,12 +100,6 @@
<version>3.1</version>
</dependency>
- <dependency>
- <groupId>com.unboundid</groupId>
- <artifactId>unboundid-ldapsdk</artifactId>
- <version>2.3.3</version>
- </dependency>
-
<!-- Logging dependencies -->
<dependency>
<groupId>org.slf4j</groupId>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
index 8a499be..d38f573 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
@@ -78,8 +78,8 @@ import org.slf4j.LoggerFactory;
/**
* Abstract class contains methods to perform low-level entity to ldap persistence. These methods are called by the
- * Fortress DAO's, i.e. {@link org.apache.directory.fortress.core.rbac.dao.apache.UserDAO}. {@link org.apache.directory.fortress.core.rbac.dao.apache
- * .RoleDAO}, {@link org.apache.directory.fortress.core.rbac.dao.apache.PermDAO}, ....
+ * Fortress DAO's, i.e. {@link org.apache.directory.fortress.core.rbac.UserDAO}. {@link org.apache.directory.fortress.core.rbac.dao.apache
+ * .RoleDAO}, {@link org.apache.directory.fortress.core.rbac.PermDAO}, ....
* These are low-level data utilities, very little if any data validations are performed here.
* <p/>
* This class is thread safe.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/ConnectionPool.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/ConnectionPool.java b/src/main/java/org/apache/directory/fortress/core/ldap/ConnectionPool.java
deleted file mode 100755
index c6dc457..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/ConnectionPool.java
+++ /dev/null
@@ -1,664 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap;
-
-
-import java.security.GeneralSecurityException;
-import java.util.Date;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.JavaToLDAPSocketFactory;
-import com.unboundid.util.ssl.SSLUtil;
-import com.unboundid.util.ssl.TrustStoreTrustManager;
-import org.apache.directory.fortress.core.cfg.Config;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-
-import javax.net.ssl.SSLSocketFactory;
-
-
-/**
- * This connection pool class is used by Fortress {@link PoolMgr}.
- * PoolMgr operations utilize multiple instances of this class to connections for different purposes.
- * For example the 'admin' pool contains connections that have privileges to make modifications to the directory data during administrative operations {@link org.apache.directory.fortress.core.AdminMgr}.
- * The 'user' pool contain unprivileged connections used for authentication processing only, {@link org.apache.directory.fortress.core.AccessMgr}.
- * A 3rd pool, may be used to interrogate data stored by OpenLDAP's slapo access log info, This is used interrogating the fortress audit log events, {@link org.apache.directory.fortress.core.AuditMgr}.
- * The contents of this file have been derived from the original, Mozilla Java LDAP SDK, and are subject to the Netscape Public License Version 1.1 (the "License")
- * as described at the top of this file;
- * The code mods include additional functionality to enable SSL connections in pool. There have been other updates to the original functions to integrate with UnboundID's Java LDAP SDK.
- * </p>
- * Original Mozilla javadoc:
- * Class to maintain a pool of individual connections to the
- * same server. Specify the initial size and the max size
- * when constructing a pool. Call getConnection() to obtain
- * a connection from the pool and close() to return it. If
- * the pool is fully extended and there are no free connections,
- * getConnection() blocks until a connection has been returned
- * to the pool.<BR>
- * Call destroy() to release all connections.
- * <BR><BR>Example:<BR>
- * <PRE>
- * ConnectionPool pool = null;
- * try {
- * pool = new ConnectionPool( 10, 30,
- * "foo.acme.com",389,
- * "uid=me, o=acme.com",
- * "password" );
- * } catch ( LDAPException e ) {
- * System.err.println( "Unable to create connection pool" );
- * System.exit( 1 );
- * }
- * while ( clientsKnocking ) {
- * String filter = getSearchFilter();
- * LDAPConnection ld = pool.getConnection();
- * try {
- * LDAPSearchResults res = ld.search( BASE, ld.SCOPE_SUB,
- * filter, attrs,
- * false );
- * pool.close( ld );
- * while( res.hasMoreElements() ) {
- * ...
- * </PRE>
- */
-class ConnectionPool
-{
- // Logging
- private static final String CLS_NM = ConnectionPool.class.getName();
- private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
-
- /**
- * Create a new instance of connection pool with specified parameters. These connections will be used by the Fortress DAO
- * methods for processing ldap server operations.
- *
- * @param min initial number of connections
- * @param max maximum number of connections
- * @param host hostname of LDAP server
- * @param port port number of LDAP server
- * @param authdn DN to authenticate as
- * @param authpw password for authentication
- * @throws LDAPException on failure to create connections
- */
- ConnectionPool( int min, int max,
- String host, int port,
- String authdn, String authpw )
- throws LDAPException
- {
- this( min, max, host, port, authdn, authpw, null );
- }
-
-
- /*
- * Constructor for using an existing connection to clone
- * from
- *
- * @param min initial number of connections
- * @param max maximum number of connections
- * @param host hostname of LDAP server
- * @param port port number of LDAP server
- * @param authdn DN to authenticate as
- * @param authpw password for authentication
- * @param ldc connection to clone
- * @exception LDAPException on failure to create connections
- */
- private ConnectionPool( int min, int max,
- String host, int port,
- String authdn, String authpw,
- LDAPConnection ldc )
- throws LDAPException
- {
- this.poolSize = min;
- this.poolMax = max;
- this.host = host;
- this.port = port;
- this.authdn = authdn;
- this.authpw = authpw;
- this.ldc = ldc;
- this.debugMode = false;
- createPool();
- }
-
-
- /**
- * Destroy the whole pool - called during a shutdown
- */
- void destroy()
- {
- for ( int i = 0; i < pool.size(); i++ )
- {
- disconnect( ( LDAPConnectionObject ) pool.elementAt( i ) );
- }
- pool.removeAllElements();
- }
-
-
- /**
- * Gets a connection from the pool
- * <p/>
- * If no connections are available, the pool will be
- * extended if the number of connections is less than
- * the maximum; if the pool cannot be extended, the method
- * blocks until a free connection becomes available.
- *
- * @return an active connection.
- */
- LDAPConnection getConnection()
- {
- LDAPConnection con;
-
- while ( ( con = getConnFromPool() ) == null )
- {
- synchronized ( pool )
- {
- try
- {
- pool.wait();
- }
- catch ( InterruptedException e )
- {
- LOG.warn( "getConnection caught InterruptedException" );
- }
- }
- }
- return con;
- }
-
-
- /**
- * Gets a connection from the pool within a time limit.
- * <p/>
- * If no connections are available, the pool will be
- * extended if the number of connections is less than
- * the maximum; if the pool cannot be extended, the method
- * blocks until a free connection becomes available or the
- * time limit is exceeded.
- *
- * @param timeout timeout in milliseconds
- * @return an active connection or <CODE>null</CODE> if timed out.
- */
- LDAPConnection getConnection( int timeout )
- {
- LDAPConnection con;
-
- while ( ( con = getConnFromPool() ) == null )
- {
- long t1, t0 = System.currentTimeMillis();
-
- if ( timeout <= 0 )
- {
- return con;
- }
-
- synchronized ( pool )
- {
- try
- {
- pool.wait( timeout );
- }
- catch ( InterruptedException e )
- {
- LOG.warn( "getConnection caught InterruptedException for timeout: " + timeout );
- return null;
- }
- }
-
- t1 = System.currentTimeMillis();
- timeout -= ( t1 - t0 );
- }
- return con;
- }
-
-
- /**
- * Gets a connection from the pool
- * <p/>
- * If no connections are available, the pool will be
- * extended if the number of connections is less than
- * the maximum; if the pool cannot be extended, the method
- * returns null.
- *
- * @return an active connection or null.
- */
- synchronized LDAPConnection getConnFromPool()
- {
- LDAPConnection con = null;
- LDAPConnectionObject ldapconnobj = null;
-
- int pSize = pool.size();
-
- // Get an available connection
- for ( int i = 0; i < pSize; i++ )
- {
-
- // Get the ConnectionObject from the pool
- LDAPConnectionObject co =
- ( LDAPConnectionObject ) pool.elementAt( i );
-
- if ( co.isAvailable() )
- { // Conn available?
- ldapconnobj = co;
- break;
- }
- }
-
- if ( ldapconnobj == null )
- {
- // If there there were no conns in pool, can we grow
- // the pool?
- if ( ( poolMax < 0 ) ||
- ( ( poolMax > 0 ) &&
- ( pSize < poolMax ) ) )
- {
-
- // Yes we can grow it
- int i = addConnection();
-
- // If a new connection was created, use it
- if ( i >= 0 )
- {
- ldapconnobj =
- ( LDAPConnectionObject ) pool.elementAt( i );
- }
- }
- else
- {
- debug( "All pool connections in use" );
- }
- }
-
- if ( ldapconnobj != null )
- {
- ldapconnobj.setInUse( true ); // Mark as in use
- con = ldapconnobj.getLDAPConn();
- }
- return con;
- }
-
-
- /**
- * This is our soft close - all we do is mark
- * the connection as available for others to use.
- * We also reset the auth credentials in case
- * they were changed by the caller.
- *
- * @param ld a connection to return to the pool
- */
- synchronized void close( LDAPConnection ld )
- {
-
- int index = find( ld );
- if ( index != -1 )
- {
- LDAPConnectionObject co =
- ( LDAPConnectionObject ) pool.elementAt( index );
- // Reset the auth if necessary
- if ( ldc == null )
- {
- boolean reauth = false;
- //if user bound anon then getAuthenticationDN is null
- if ( ld.getAuthenticationDN() == null )
- {
- reauth = ( authdn != null );
- }
- else if ( !ld.getAuthenticationDN().equalsIgnoreCase( authdn ) )
- {
- reauth = true;
- }
- }
- co.setInUse( false ); // Mark as available
- synchronized ( pool )
- {
- pool.notifyAll();
- }
- }
- }
-
-
- /**
- * Debug method to print the contents of the pool
- */
- public void printPool()
- {
- System.out.println( "--ConnectionPool--" );
- for ( int i = 0; i < pool.size(); i++ )
- {
- LDAPConnectionObject co =
- ( LDAPConnectionObject ) pool.elementAt( i );
- String msg = "" + i + "=" + co;
- LOG.info( "printPool: " + msg );
- }
- }
-
-
- private void disconnect(
- LDAPConnectionObject ldapconnObject )
- {
- if ( ldapconnObject != null )
- {
- if ( ldapconnObject.isAvailable() )
- {
- LDAPConnection ld = ldapconnObject.getLDAPConn();
- if ( ( ld != null ) && ( ld.isConnected() ) )
- {
- try
- {
- ld.disconnect();
- }
- catch ( LDAPException e )
- {
- debug( "disconnect: " + e.toString() );
- LOG.warn( "disconnect caught LDAPException: " + e.getMessage() );
- }
- }
- ldapconnObject.setLDAPConn( null ); // Clear conn
- }
- }
- }
-
-
- private void createPool() throws LDAPException
- {
- // Called by the constructors
- if ( poolSize <= 0 )
- {
- throw new LDAPException( "ConnectionPoolSize invalid" );
- }
- if ( poolMax < poolSize )
- {
- debug( "ConnectionPoolMax is invalid, set to " +
- poolSize );
- poolMax = poolSize;
- }
-
- debug( "****Initializing LDAP Pool****" );
- debug( "LDAP host = " + host + " on port " + port );
- debug( "Number of connections=" + poolSize );
- debug( "Maximum number of connections=" + poolMax );
- debug( "******" );
-
- pool = new java.util.Vector(); // Create pool vector
- setUpPool( poolSize ); // Initialize it
- }
-
-
- private int addConnection()
- {
- int index = -1;
-
- debug( "adding a connection to pool..." );
- try
- {
- int size = pool.size() + 1; // Add one connection
- setUpPool( size );
-
- if ( size == pool.size() )
- {
- // New size is size requested?
- index = size - 1;
- }
- }
- catch ( Exception ex )
- {
- debug( "Adding a connection: " + ex.toString() );
- LOG.warn( "addConnection caught Exception: " + ex.getMessage() );
- }
- return index;
- }
-
-
- /**
- * *** FORTRESS MOD ****
- *
- * Create pool of LDAP connections to server. Add SSL capability using unboundId's compatibility utility.
- *
- * @param size number of connections to generate and store in pool
- * @throws LDAPException in the event of system error.
- */
- private synchronized void setUpPool( int size )
- throws LDAPException
- {
- // Loop on creating connections
- while ( pool.size() < size )
- {
- LDAPConnectionObject co =
- new LDAPConnectionObject();
-
- LDAPConnection newConn = createConnection( );
- newConn.connect( host, port, authdn, authpw );
- co.setLDAPConn( newConn );
- co.setInUse( false ); // Mark not in use
- pool.addElement( co );
- }
- }
-
- /**
- * Used to manage trust store properties. If enabled, create SSL connection.
- *
- */
- private static final String ENABLE_LDAP_SSL = "enable.ldap.ssl";
- private static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
- private static final String TRUST_STORE = Config.getProperty( "trust.store" );
- private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
- private static final boolean IS_SSL = (
- Config.getProperty( ENABLE_LDAP_SSL ) != null &&
- Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
- TRUST_STORE != null &&
- TRUST_STORE_PW != null );
-
- private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
- private static final boolean IS_SET_TRUST_STORE_PROP = (
- IS_SSL &&
- Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
- Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
-
- private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
- .getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
-
- static
- {
- if(IS_SET_TRUST_STORE_PROP)
- {
- LOG.info( "Set JSSE truststore properties:");
- LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
- LOG.info( "javax.net.debug: " + new Boolean( IS_SSL_DEBUG ).toString());
- System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
- System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
- System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString() );
- }
- }
-
- /**
- * *** FORTRESS MOD ****
- *
- * If enabled, use Unbound compatibility lib to create SSL connection.
- *
- * @return handle to LDAPConnection
- * @throws LDAPException wrap GeneralSecurityException or throws ldapexcep.
- */
- private LDAPConnection createConnection() throws LDAPException
- {
- LDAPConnection newConn = null;
- if( IS_SSL)
- {
- // Generate SSL Connection using Unbound compatibility lib utils:
- // http://stackoverflow.com/questions/22672477/unboundid-ldap-jdk-migration
- SSLSocketFactory sslSocketFactory;
- //SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
- // These config values set in fortress.properties
- SSLUtil sslUtil = new SSLUtil(
- new TrustStoreTrustManager(
- TRUST_STORE,
- TRUST_STORE_PW.toCharArray() , null, true ) );
- try
- {
- sslSocketFactory = sslUtil.createSSLSocketFactory();
- }
- catch(GeneralSecurityException e)
- {
- String error = "GeneralSecurityException while creating SSL socket factory=" + e;
- throw new LDAPException( error, LDAPException.CONNECT_ERROR );
- }
- JavaToLDAPSocketFactory ldapSocketFactory =
- new JavaToLDAPSocketFactory(sslSocketFactory);
- newConn = new LDAPConnection(ldapSocketFactory);
- }
- else
- {
- // Make LDAP connection, using template if available
- newConn = new LDAPConnection();
- }
- return newConn;
- }
-
- private int find( LDAPConnection con )
- {
- // Find the matching Connection in the pool
- if ( con != null )
- {
- for ( int i = 0; i < pool.size(); i++ )
- {
- LDAPConnectionObject co =
- ( LDAPConnectionObject ) pool.elementAt( i );
- if ( co.getLDAPConn() == con )
- {
- return i;
- }
- }
- }
- return -1;
- }
-
-
- /**
- * Sets the debug printout mode.
- *
- * @param mode debug mode to use
- */
- public synchronized void setDebug( boolean mode )
- {
- debugMode = mode;
- }
-
-
- /**
- * Reports the debug printout mode.
- *
- * @return debug mode in use.
- */
- public boolean getDebug()
- {
- return debugMode;
- }
-
-
- private void debug( String s )
- {
- if ( debugMode )
- System.out.println( "ConnectionPool (" +
- new Date() + ") : " + s );
- }
-
-
- private void debug( String s, boolean severe )
- {
- if ( debugMode || severe )
- {
- System.out.println( "ConnectionPool (" +
- new Date() + ") : " + s );
- }
- }
-
- /**
- * Wrapper for LDAPConnection object in pool
- */
- class LDAPConnectionObject
- {
-
- /**
- * Returns the associated LDAPConnection.
- *
- * @return the LDAPConnection.
- */
- LDAPConnection getLDAPConn()
- {
- return this.ld;
- }
-
-
- /**
- * Sets the associated LDAPConnection
- *
- * @param ld the LDAPConnection
- */
- void setLDAPConn( LDAPConnection ld )
- {
- this.ld = ld;
- }
-
-
- /**
- * Marks a connection in use or available
- *
- * @param inUse <code>true</code> to mark in use, <code>false</code> if available
- */
- void setInUse( boolean inUse )
- {
- this.inUse = inUse;
- }
-
-
- /**
- * Returns whether the connection is available
- * for use by another user.
- *
- * @return <code>true</code> if available.
- */
- boolean isAvailable()
- {
- return !inUse;
- }
-
-
- /**
- * Debug method
- *
- * @return s user-friendly rendering of the object.
- */
- public String toString()
- {
- return "LDAPConnection=" + ld + ",inUse=" + inUse;
- }
-
- private LDAPConnection ld; // LDAP Connection
- private boolean inUse; // In use? (true = yes)
- }
-
- private final int poolSize; // Min pool size
- private int poolMax; // Max pool size
- private final String host; // LDAP host
- private final int port; // Port to connect at
- private final String authdn; // Identity of connections
- private final String authpw; // Password for authdn
- private LDAPConnection ldc = null; // Connection to clone
- private java.util.Vector pool; // the actual pool
- private boolean debugMode;
-}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/PoolMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/PoolMgr.java b/src/main/java/org/apache/directory/fortress/core/ldap/PoolMgr.java
deleted file mode 100755
index e960ad3..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/PoolMgr.java
+++ /dev/null
@@ -1,619 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap;
-
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.cfg.Config;
-import org.apache.directory.fortress.core.util.crypto.EncryptUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPControl;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConstraints;
-
-/**
- * This class uses {@link ConnectionPool} to manage pools of {@code com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection}
- * to supply resource connections to Fortress DAO utilities. The methods in the class are used by internal Fortress functions
- * and are not intended for used by external clients. This class maintains 3 pools of connections.
- * <ol>
- * <li>Connections of type, {@link PoolMgr.ConnType#USER}, use {@link #connPoolUser} for user authentication and password change operations.</li>
- * <li>Connections of type, {@link PoolMgr.ConnType#ADMIN}, use {@link #connPoolAdmin} and are used for maintenance and interrogation of ldap server objects.</li>
- * <li>Connections of type, {@link PoolMgr.ConnType#LOG}, use {@link #connPoolLog} and used for pulling slapd log data from the server, </li>
- * </ol>
- * <p/>
- * This class uses <a href="http://www.unboundid.com/products/ldap-sdk/">UnboundID LDAP SDK for Java</a> as client to
- * process LDAP operations. The UnboundID SDK is distributed under 3 open source licenses and is free to use and distribute in
- * other open source or proprietary software packages. For more info see, <a href="http://www.unboundid.com/products/ldap-sdk/docs/">LDAP SDK for Java</a>
- * <p/>
- * The {@link ConnectionPool} class derives source code from the Mozilla Java LDAP SDK. For more
- * info on the license this derived code adheres, see: <a href="http://www.mozilla.org/MPL/MPL-1.1.html/">Mozilla Public License Version 1.1</a>
- * <p/>
- * This class is thread safe.
- * <p/>
- *
- * @author Shawn McKinney
- */
-class PoolMgr
-{
- // Property names for ldap connection pools:
- private static final String LDAP_ADMIN_POOL_UID = "admin.user";
- private static final String LDAP_ADMIN_POOL_PW = "admin.pw";
- private static final String LDAP_LOG_POOL_UID = "log.admin.user";
- private static final String LDAP_LOG_POOL_PW = "log.admin.pw";
- private static final String LDAP_ADMIN_POOL_MIN = "min.admin.conn";
- private static final String LDAP_ADMIN_POOL_MAX = "max.admin.conn";
- private static final String LDAP_USER_POOL_MIN = "min.user.conn";
- private static final String LDAP_USER_POOL_MAX = "max.user.conn";
- private static final String LDAP_LOG_POOL_MIN = "min.log.conn";
- private static final String LDAP_LOG_POOL_MAX = "max.log.conn";
- private static final String LDAP_VERSION = "ldapVersion";
- private static final String LDAP_CONNECTION_TIMEOUT = "connTimeout";
- private static final String LDAP_DEBUG_FLAG = "debug.ldap.pool";
- private static final String LDAP_HOST = "host";
- private static final String LDAP_PORT = "port";
-
- // 3 types of connection pools are managed by ths class:
- static enum ConnType
- {
- /**
- * Admin connections used for most of the Fortress internal operations. Internal bind on connection
- * will be performed using config param found {@link #LDAP_ADMIN_POOL_UID}
- */
- ADMIN,
-
- /**
- * User connections for non-admin binds and password mods. Connections will not be bound
- * to user prior to returning to caller.
- */
- USER,
-
- /**
- * All slapd log operations use this connection pool. Internal bind on connection
- * will be performed using config param found {@link #LDAP_LOG_POOL_UID}
- */
- LOG
- }
-
- // Used to synch the getConnection method:
- private static final Object adminSynchLock = new Object();
- private static final Object userSynchLock = new Object();
- private static final Object logSynchLock = new Object();
-
- // Canaries in the coal mine:
- private static LDAPConnection testAdminConn;
- private static LDAPConnection testUConn;
- private static LDAPConnection testLConn;
-
- // Logging
- private static final String CLS_NM = PoolMgr.class.getName();
- private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
- // Declare the index for connection pool array:
- private static final int ADMIN = 0;
- private static final int USER = 1;
- private static final int AUDIT = 2;
-
- // Contains the adminUserId LDAP connections:
- private static final ConnectionPool connPoolAdmin = null;
- private static final ConnectionPool connPoolUser = null;
- private static final ConnectionPool connPoolLog = null;
- private static final ConnectionPool[] connPool = {connPoolAdmin, connPoolUser, connPoolLog};
-
- // this modules uses openldap pw policies
- private static final LDAPControl pwPolicyControl = new LDAPControl(GlobalIds.OPENLDAP_PW_RESPONSE_CONTROL, false, null);
- private static String adminPw;
- private static String adminUserId = null;
- private static final boolean isDebugEnabled = Config.getBoolean(LDAP_DEBUG_FLAG, false);
- private static int connectionTimeout ;
- private static int ldapRevision;
-
- // Load all of the static member variables of this class & initialize the admin connection pools:
- static
- {
- try
- {
- adminUserId = Config.getProperty(LDAP_ADMIN_POOL_UID);
- if(EncryptUtil.isEnabled())
- {
- adminPw = EncryptUtil.decrypt(Config.getProperty(LDAP_ADMIN_POOL_PW));
- }
- else
- {
- adminPw = Config.getProperty(LDAP_ADMIN_POOL_PW);
- }
-
- // Default ldap version to v3:
- ldapRevision = Config.getInt(LDAP_VERSION, 3);
- // Default 10 seconds for client wait on new connection requests from pool:
- connectionTimeout = Config.getInt(LDAP_CONNECTION_TIMEOUT, 10000);
- createAdminPool();
- }
-
- // If we can't initialize the connection pools we're dead in the water.
- catch (com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException le)
- {
- String error = " Static Initializer Block caught com.unboundid.ldap.sdk.migrate.ldapjdk.LdapException=" + le;
- LOG.error( error );
- }
- catch (Exception e)
- {
- String error = " Static Initializer Block caught java.lang.Exception=" + e;
- LOG.error( error );
- }
- }
-
-
- /**
- * Method performs an LDAP bind for a user/password combination. This function is valid
- * if and only if the user entity is a member of the USERS data set. The LDAP directory
- * will return the OpenLDAP PW Policy control.
- *
- * @param ld connection to ldap server.
- * @param userId contains the LDAP dn to the user entry.
- * @param password contains the password in clear text.
- * @return boolean value - true if bind successful, false otherwise.
- * @throws LDAPException in the event of LDAP error.
- */
- static boolean bind(LDAPConnection ld, String userId, char[] password)
- throws LDAPException
- {
- return bindUser(userId, password, ld);
- }
-
- /**
- * Close the LDAP connection.
- *
- * @param ld handle to ldap connection object.
- * @param type specifies the type of connection - ADMIN, USER Or LOG.
- */
- static void closeConnection(LDAPConnection ld, ConnType type)
- {
- switch (type)
- {
- case ADMIN:
- if (ld != null)
- {
- connPool[ADMIN].close(ld);
- }
- break;
-
- case USER:
- if (ld != null)
- {
- connPool[USER].close(ld);
- }
- break;
-
- case LOG:
- if (ld != null)
- {
- connPool[AUDIT].close( ld );
- }
- break;
- }
- }
-
- /**
- * Get a connection to the LDAP server.
- *
- * @param type type specifies the type of connection - ADMIN, USER Or LOG.
- * @return ldap connection.
- * @throws LDAPException
- */
- static LDAPConnection getConnection(ConnType type)
- throws LDAPException
- {
- LDAPConnection ld = null;
- ConnectionPool cp = null;
- Object lockObj = null;
- String szType = null;
- switch (type)
- {
- case ADMIN:
- cp = connPool[ADMIN];
- lockObj = adminSynchLock;
- szType = "ADMIN";
- break;
-
- case USER:
- cp = connPool[USER];
- lockObj = userSynchLock;
- szType = "USER";
- break;
-
- case LOG:
- cp = connPool[AUDIT];
- lockObj = logSynchLock;
- szType = "LOG";
- break;
- }
- try
- {
- synchronized (lockObj)
- {
- // check the connection pool reference
- if (cp == null)
- {
- String info = "getConnection " + szType + " initializing pool";
- LOG.info( info );
- cp = recoverPool(type);
- }
- if (connectionTimeout > 0)
- {
- ld = cp.getConnection(connectionTimeout);
- }
- else
- {
- ld = cp.getConnection();
- }
- // Did the pool object return a null value?
- if (ld == null)
- {
- String MSG_HDR = "getConnection " + szType;
- String warning = MSG_HDR + " detected null connection";
- LOG.warn( warning );
- // Is the canary is still alive?
- // todo: recheck this sequence, make sure still good.
- if (!checkConnection(type))
- {
- warning += szType + " attempt to recover pool";
- LOG.warn( warning );
- cp = recoverPool(type);
- ld = cp.getConnection();
- if (ld == null || !ld.isConnected())
- {
- // Give up:
- String error = MSG_HDR + " could not recover";
- LOG.error( error );
- throw new LDAPException(error, LDAPException.LDAP_TIMEOUT);
- }
- }
- // todo: think about this scenario some more. should it attempt recovery of pool here?
- else
- {
- // Cannot establish a good connection, give up:
- String error = MSG_HDR + " could not retrieve connection";
- LOG.error( error );
- throw new LDAPException(error, LDAPException.CONNECT_ERROR);
- }
- }
- // Did the pool object return a bad connection?
- else if (!ld.isConnected())
- {
- String MSG_HDR = "getConnection " + szType;
- String warning = MSG_HDR + " detected bad connection, retry";
- LOG.warn( warning );
- // attempt to reconnect:
- ld.connect(Config.getProperty(LDAP_HOST, "localhost"), Config.getInt(LDAP_PORT, 389));
- // if admin connection type must bind here using stored creds:
- if(type.equals(ConnType.ADMIN))
- {
- ld.bind(ldapRevision, adminUserId, adminPw);
- }
- // Did the reconnect succeed?
- if (!ld.isConnected())
- {
- warning += szType + " cannot reconnect, attempt pool recovery";
- LOG.warn( warning );
- // Try one last ditch effort to recover entire pool.
- cp = recoverPool(type);
- ld = cp.getConnection();
- // Still bad?
- if (ld == null || !ld.isConnected())
- {
- // Give up:
- String error = MSG_HDR + " recovery failed";
- LOG.error( error );
- throw new LDAPException(error, LDAPException.SERVER_DOWN);
- }
- }
- }
- }
- }
- catch (LDAPException e)
- {
- String MSG_HDR = "getConnection " + szType;
- String warning = MSG_HDR + " detected bad connection, retry caught LDAPException=" + e;
- LOG.warn( warning );
- // Todo: Test these scenarios:
- // Did the pool object return a null value or bad conn?
- if (ld != null && !ld.isConnected()
- // Make sure this ldap exception wasn't thrown directly above:
- && e.getLDAPResultCode() != LDAPException.SERVER_DOWN
- && e.getLDAPResultCode() != LDAPException.CONNECT_ERROR
- && e.getLDAPResultCode() != LDAPException.LDAP_TIMEOUT)
- {
- warning += " attempt to reconnect";
- LOG.warn( warning );
- // attempt reconnect:
- ld.connect(Config.getProperty(LDAP_HOST, "localhost"), Config.getInt(LDAP_PORT, 389));
- // if admin connection type must bind here using stored creds:
- if(type.equals(ConnType.ADMIN))
- {
- ld.bind(ldapRevision, adminUserId, adminPw);
- }
- // Did it work?
- if (!ld.isConnected())
- {
- // Give up:
- warning = MSG_HDR + " failed to reconnect";
- LOG.error( warning );
- throw e;
- }
- }
- else
- {
- // Give up
- warning = MSG_HDR + " failed";
- LOG.error( warning );
- throw e;
- }
- }
- return ld;
- }
-
-
- /**
- * Internal function is used to create a new pool of admin connections to ldap server.
- *
- * @throws LDAPException
- */
- private static void createAdminPool()
- throws LDAPException
- {
- String adminUserId = Config.getProperty(LDAP_ADMIN_POOL_UID);
- String adminPw;
- if(EncryptUtil.isEnabled())
- {
- adminPw = EncryptUtil.decrypt(Config.getProperty(LDAP_ADMIN_POOL_PW));
- }
- else
- {
- adminPw = Config.getProperty(LDAP_ADMIN_POOL_PW);
- }
-
- String host = Config.getProperty(LDAP_HOST, "localhost");
- int port = Config.getInt(LDAP_PORT, 389);
- int min = Config.getInt(LDAP_ADMIN_POOL_MIN, 1);
- int max = Config.getInt(LDAP_ADMIN_POOL_MAX, 10);
- LOG.info( "createAdminPool min [" + min + "] max [" + max + "] host [" + host + "] port [" + port
- + "]" );
- testAdminConn = new LDAPConnection();
- connPool[ADMIN] = new ConnectionPool(min, max, host, port, adminUserId, adminPw);
- if (isDebugEnabled)
- {
- connPool[ADMIN].setDebug(true);
- }
- }
-
-
- /**
- * Internal function is used to create a new pool of user connections to ldap server.
- *
- * @throws LDAPException
- */
- private static void createUserPool()
- throws LDAPException
- {
- String host = Config.getProperty(LDAP_HOST, "localhost");
- int port = Config.getInt(LDAP_PORT, 389);
- int min = Config.getInt(LDAP_USER_POOL_MIN, 1);
- int max = Config.getInt(LDAP_USER_POOL_MAX, 5);
- String adminUserId = Config.getProperty(LDAP_ADMIN_POOL_UID);
- String adminPw;
- if(EncryptUtil.isEnabled())
- {
- adminPw = EncryptUtil.decrypt(Config.getProperty(LDAP_ADMIN_POOL_PW));
- }
- else
- {
- adminPw = Config.getProperty(LDAP_ADMIN_POOL_PW);
- }
-
- LOG.info( "createUserPool min [" + min + "] max [" + max + "] host [" + host + "] port [" + port + "]" );
- connPool[USER] = new ConnectionPool(min, max, host, port, adminUserId, adminPw);
- if (isDebugEnabled)
- {
- connPool[USER].setDebug(true);
- }
- }
-
- /**
- * Internal function is used to create a new pool of slapd log connections to ldap server.
- *
- * @throws LDAPException
- */
- private static void createLogPool()
- throws LDAPException
- {
- String logUserId = Config.getProperty(LDAP_LOG_POOL_UID);
- String logUserPw;
- if(EncryptUtil.isEnabled())
- {
- logUserPw = EncryptUtil.decrypt(Config.getProperty(LDAP_LOG_POOL_PW));
- }
- else
- {
- logUserPw = Config.getProperty(LDAP_LOG_POOL_PW);
- }
-
- String host = Config.getProperty(LDAP_HOST, "localhost");
- int port = Config.getInt(LDAP_PORT, 389);
- int min = Config.getInt(LDAP_LOG_POOL_MIN, 1);
- int max = Config.getInt(LDAP_LOG_POOL_MAX, 5);
- LOG.info( "createLogPool min [" + min + "] max [" + max + "] host [" + host + "] port [" + port + "]" );
- connPool[AUDIT] = new ConnectionPool(min, max, host, port, logUserId, logUserPw);
- if (isDebugEnabled)
- {
- connPool[AUDIT].setDebug( true );
- }
- }
-
- /**
- * Method is used to perform a bind operation on the given connection object. Connection will contain the
- * password policy control.
- *
- * @param userId contains the LDAP dn to the user entry.
- * @param password contains the password in clear text.
- * @param ld contains a valid ldap connection.
- * @return boolean value - true if bind successful, false otherwise.
- * @throws LDAPException in the event of LDAP error.
- */
- private static boolean bindUser(String userId, char[] password, LDAPConnection ld)
- throws LDAPException
- {
- boolean result;
- if (ld == null)
- {
- String error = "bindUser detected null ldap connection";
- LOG.error( error );
- throw new LDAPException(error, LDAPException.CONNECT_ERROR);
- }
- if (GlobalIds.IS_OPENLDAP)
- {
- LDAPConstraints lCon = new LDAPConstraints();
- lCon.setServerControls(pwPolicyControl);
- ld.authenticate(ldapRevision, userId, new String(password), lCon);
- result = true;
- }
- else
- {
- ld.authenticate(ldapRevision, userId, new String(password));
- result = true;
- }
- return result;
- }
-
- /**
- * This method will recover a connection pool in the event the connections become stale due to some network
- * or system issue.
- *
- * @param type contains connection type of request.
- * @return ConnectionPool reference to newly created connection pool.
- * @throws LDAPException in the event of ldap system error or the routine fails to reestablish the pool successfully.
- */
- private static ConnectionPool recoverPool(ConnType type) throws LDAPException
- {
- ConnectionPool cp = null;
- switch (type)
- {
- case ADMIN:
- if (connPool[ADMIN] != null)
- {
- connPool[ADMIN].destroy();
- }
- createAdminPool();
- if (connPool[ADMIN] == null)
- {
- String error = "recoverPool LDAP_ADMIN_POOL_UID failed";
- LOG.error(error);
- throw new LDAPException(error, LDAPException.CONNECT_ERROR);
- }
- cp = connPool[ADMIN];
- break;
-
- case USER:
- if (connPool[USER] != null)
- {
- connPool[USER].destroy();
- }
- createUserPool();
- if (connPool[USER] == null)
- {
- String error = "recoverPool USER failed";
- LOG.error(error);
- throw new LDAPException(error, LDAPException.CONNECT_ERROR);
- }
- cp = connPool[USER];
- break;
- case LOG:
- if (connPool[AUDIT] != null)
- {
- connPool[AUDIT].destroy();
- }
- createLogPool();
- if (connPool[AUDIT] == null)
- {
- String error = "recoverPool LOG failed";
- LOG.error(error);
- throw new LDAPException(error, LDAPException.CONNECT_ERROR);
- }
- cp = connPool[AUDIT];
- break;
- }
- return cp;
- }
-
- /**
- * System health method will determine the integrity of a given connection associated with a specified pool is good.
- *
- * @param type specifies the type of connection - ADMIN, USER Or LOG.
- * @return true if connection is good, false otherwise.
- * @throws LDAPException in the event of ldap error.
- */
- private static boolean checkConnection(ConnType type)
- throws LDAPException
- {
- boolean rc = false;
- LDAPConnection conn = null;
- String szType = null;
- switch (type)
- {
- case ADMIN:
- conn = testAdminConn;
- szType = "LDAP_ADMIN_POOL_UID";
- break;
- case USER:
- conn = testUConn;
- szType = "USER";
- break;
- case LOG:
- conn = testLConn;
- szType = "LOG";
- break;
- }
- String info = "checkConnection is checking " + szType + " Connection";
- LOG.info( info );
- if (conn != null)
- {
- if (conn.isConnected())
- {
- LOG.debug( "checkConnection for type: {}, is good", szType );
- rc = true;
- }
- else
- {
- info = "checkConnection - " + szType + " connection bad";
- LOG.info( info );
- conn.reconnect();
- if (conn.isConnected())
- {
- info = "checkConnection - " + szType + " connection reestablished";
- LOG.info( info );
- rc = true;
- }
- }
- }
- info = "checkConnetion status code=" + rc;
- LOG.info( info );
- return rc;
- }
-}
\ No newline at end of file