You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@turbine.apache.org by qu...@apache.org on 2003/01/17 17:10:41 UTC
cvs commit: jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap LDAPSecurityService.java LDAPUser.java
quintonm 2003/01/17 08:10:41
Modified: src/java/org/apache/turbine/services/security/ldap
LDAPSecurityService.java LDAPUser.java
Log:
Patch supplied by hhernandez@itweb.com.mx for Issue #TTWS36
Revision Changes Path
1.10 +551 -114 jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityService.java
Index: LDAPSecurityService.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityService.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- LDAPSecurityService.java 13 Jan 2003 20:09:45 -0000 1.9
+++ LDAPSecurityService.java 17 Jan 2003 16:10:41 -0000 1.10
@@ -59,8 +59,11 @@
import java.util.Iterator;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.NameAlreadyBoundException;
import javax.naming.directory.Attributes;
import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
@@ -116,10 +119,9 @@
* into an AccessControlList object.
*
* @param user the user for whom the AccessControlList are to be retrieved
- * @return the AccessControlList for the user
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if user account is not present.
+ * @return an AccessControlList for a specific user.
*/
public AccessControlList getACL(User user)
throws DataBackendException, UnknownEntityException
@@ -134,8 +136,8 @@
Hashtable roles = new Hashtable();
Hashtable permissions = new Hashtable();
- // notify the state modifiers (writers) that we want to create the
- // snapshot.
+ // notify the state modifiers (writers) that we want to create
+ // the snapshot.
lockShared();
// construct the snapshot:
@@ -176,20 +178,19 @@
}
finally
{
- // notify the state modifiers that we are done creating the snapshot
+ // notify the state modifiers that we are done creating
+ // the snapshot.
unlockShared();
}
}
- /**
- * Get the roles for an user in within a group
- *
- * @param user the user
- * @param group the group
- * @return the roles
- * @throws DataBackendException if there was an error accessing the
- * data backend.
- */
+ /** Get the Roles that a user belongs in a specific group.
+ * @param user The user.
+ * @param group The group
+ * @throws DataBackendException if there is a problem with
+ * the LDAP service.
+ * @return a RoleSet.
+ */
private RoleSet getRoles(User user, Group group)
throws DataBackendException
{
@@ -204,7 +205,7 @@
filter += "(objectclass=turbineUserGroup)";
filter += "(turbineUserUniqueId=" + user.getUserName() + ")";
- filter += "(turbineGroup=" + group.getName() + ")";
+ filter += "(turbineGroupName=" + group.getName() + ")";
filter += ")";
/*
@@ -241,9 +242,8 @@
}
catch (NamingException ex)
{
- log.error("NamingException caught", ex);
throw new DataBackendException(
- "The LDAP server specified is unavailable", ex);
+ "NamingException caught:", ex);
}
return new RoleSet(roles);
@@ -261,14 +261,78 @@
* @param user the user.
* @param group the group.
* @param role the role.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
- * @throws UnknownEntityException if user account, group or role is
- * not present.
+ * @throws DataBackendException if there was an error accessing the backend.
+ * @throws UnknownEntityException if user account, group or role
+ * is not present.
*/
public synchronized void grant(User user, Group group, Role role)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String userName = user.getUserName();
+ String roleName = role.getName();
+ String groupName = group.getName();
+
+ if (!accountExists(user))
+ {
+ throw new UnknownEntityException(
+ "User '" + userName + "' does not exist");
+ }
+
+ if (!checkExists(role))
+ {
+ throw new UnknownEntityException(
+ "Role '" + roleName + "' does not exist");
+ }
+
+ if (!checkExists(group))
+ {
+ throw new UnknownEntityException(
+ "Group '" + groupName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineGroupName=" + groupName + ","
+ + LDAPSecurityConstants.getUserNameAttribute()
+ + "=" + userName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("turbineRoleName", roleName));
+ attrs.put(new BasicAttribute("objectClass", "turbineUserGroup"));
+ attrs.put(new BasicAttribute("turbineUserUniqueId", userName));
+ try
+ {
+ // Add the turbineUserGroup.
+ ctx.bind(dn, null, attrs);
+ }
+ catch (NameAlreadyBoundException ex)
+ {
+ // Since turbineUserGroup had already been created
+ // then just add the role name attribute.
+ attrs = new BasicAttributes();
+ attrs.put(new BasicAttribute("turbineRoleName", roleName));
+ ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
+ }
+
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -277,14 +341,65 @@
* @param user the user.
* @param group the group.
* @param role the role.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if user account, group or role is
* not present.
*/
public synchronized void revoke(User user, Group group, Role role)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String userName = user.getUserName();
+ String roleName = role.getName();
+ String groupName = group.getName();
+
+ if (!accountExists(user))
+ {
+ throw new UnknownEntityException(
+ "User '" + userName + "' does not exist");
+ }
+
+ if (!checkExists(role))
+ {
+ throw new UnknownEntityException(
+ "Role '" + roleName + "' does not exist");
+ }
+
+ if (!checkExists(group))
+ {
+ throw new UnknownEntityException(
+ "Group '" + groupName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineGroupName=" + groupName + ","
+ + LDAPSecurityConstants.getUserNameAttribute()
+ + "=" + userName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("turbineRoleName", roleName));
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Remove the role.
+ ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs);
+
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -292,13 +407,55 @@
*
* @param role the Role.
* @param permission the Permission.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if role or permission is not present.
*/
public synchronized void grant(Role role, Permission permission)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String roleName = role.getName();
+ String permName = permission.getName();
+
+ if (!checkExists(role))
+ {
+ throw new UnknownEntityException(
+ "Role '" + roleName + "' does not exist");
+ }
+
+ if (!checkExists(permission))
+ {
+ throw new UnknownEntityException(
+ "Permission '" + permName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineRoleName=" + roleName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("turbinePermissionName", permName));
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Add the permission.
+ ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
+
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -306,13 +463,55 @@
*
* @param role the Role.
* @param permission the Permission.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if role or permission is not present.
*/
public synchronized void revoke(Role role, Permission permission)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String roleName = role.getName();
+ String permName = permission.getName();
+
+ if (!checkExists(role))
+ {
+ throw new UnknownEntityException(
+ "Role '" + roleName + "' does not exist");
+ }
+
+ if (!checkExists(permission))
+ {
+ throw new UnknownEntityException(
+ "Permission '" + permName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineRoleName=" + roleName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("turbinePermissionName", permName));
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Remove the permission.
+ ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs);
+
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/*
@@ -328,7 +527,7 @@
* <strong>Not implemented</strong>
*
* @param groupName The name of the Group to be retrieved.
- * @return the group
+ * @return a Group.
*/
public Group getNewGroup(String groupName)
{
@@ -342,7 +541,7 @@
* <strong>Not implemented</strong>
*
* @param roleName The name of the Group to be retrieved.
- * @return the role
+ * @return a Role.
*/
public Role getNewRole(String roleName)
{
@@ -350,13 +549,14 @@
}
/**
- * Retrieves a new Permission. It creates a new Permission based on the
- * Services Permission implementation. It does not create a new Permission
- * in the system though. Use create for that.
+ * Retrieves a new Permission. It creates
+ * a new Permission based on the Services Permission implementation. It
+ * does not create a new Permission in the system though. Use create for
+ * that.
* <strong>Not implemented</strong>
*
* @param permissionName The name of the Permission to be retrieved.
- * @return the permission
+ * @return a Permission
*/
public Permission getNewPermission(String permissionName)
{
@@ -368,51 +568,46 @@
*
* @param criteria Criteria of Group selection.
* @return a set of Groups that meet the specified Criteria.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there is problem with the Backend.
*/
public GroupSet getGroups(Criteria criteria)
throws DataBackendException
{
- Hashtable groups = new Hashtable();
+ Vector groups = new Vector();
try
{
DirContext ctx = LDAPUserManager.bindAsAdmin();
String baseSearch = LDAPSecurityConstants.getBaseSearch();
- String filter = "(objectclass=turbineUserGroup)";
+ String filter = "(objectclass=turbineGroup)";
/*
* Create the default search controls.
*/
SearchControls ctls = new SearchControls();
- ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
-
NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
while (answer.hasMore())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attribs = sr.getAttributes();
- Attribute attr = attribs.get("turbineGroup");
+ Attribute attr = attribs.get("turbineGroupName");
if (attr != null && attr.get() != null)
{
Group group = getNewGroup(attr.get().toString());
- groups.put(group.getName(), group);
+ groups.add(group);
}
}
}
catch (NamingException ex)
{
- log.error("NamingException caught", ex);
- throw new DataBackendException(
- "The LDAP server specified is unavailable", ex);
+ throw new DataBackendException("NamingException caught", ex);
}
- return new GroupSet(groups.values());
+ return new GroupSet(groups);
}
/**
@@ -420,8 +615,7 @@
*
* @param criteria Criteria of Roles selection.
* @return a set of Roles that meet the specified Criteria.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there is a problem with the Backend.
*/
public RoleSet getRoles(Criteria criteria) throws DataBackendException
{
@@ -461,9 +655,7 @@
}
catch (NamingException ex)
{
- log.error("NamingException caught", ex);
- throw new DataBackendException(
- "The LDAP server specified is unavailable", ex);
+ throw new DataBackendException("NamingException caught", ex);
}
return new RoleSet(roles);
@@ -474,20 +666,19 @@
*
* @param criteria Criteria of Permissions selection.
* @return a set of Permissions that meet the specified Criteria.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there is a problem with the Backend.
*/
public PermissionSet getPermissions(Criteria criteria)
throws DataBackendException
{
- Hashtable permissions = new Hashtable();
+ Vector permissions = new Vector();
try
{
DirContext ctx = LDAPUserManager.bindAsAdmin();
String baseSearch = LDAPSecurityConstants.getBaseSearch();
- String filter = "(objectClass=turbineRole)";
+ String filter = "(objectClass=turbinePermission)";
/*
* Create the default search controls.
@@ -500,39 +691,35 @@
{
SearchResult sr = (SearchResult) answer.next();
Attributes attribs = sr.getAttributes();
- Attribute attr = attribs.get("turbinePermission");
+ Attribute attr = attribs.get("turbinePermissionName");
- if (attr != null)
+ if (attr != null && attr.get() != null)
{
- NamingEnumeration values = attr.getAll();
-
- while (values.hasMore())
- {
- Permission perm = getNewPermission(
- values.next().toString());
+ Permission perm = getNewPermission(attr.get().toString());
- permissions.put(perm.getName(), perm);
- }
+ permissions.add(perm);
+ }
+ else
+ {
+ log.error("Permission doesn't have a name");
}
}
}
catch (NamingException ex)
{
- log.error("NamingException caught", ex);
throw new DataBackendException(
"The LDAP server specified is unavailable", ex);
}
- return new PermissionSet(permissions.values());
+ return new PermissionSet(permissions);
}
/**
* Retrieves all permissions associated with a role.
*
* @param role the role name, for which the permissions are to be retrieved.
- * @return the permissions
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the role is not present.
+ * @return a PermissionSet.
*/
public PermissionSet getPermissions(Role role)
throws DataBackendException, UnknownEntityException
@@ -561,7 +748,7 @@
{
SearchResult sr = (SearchResult) answer.next();
Attributes attribs = sr.getAttributes();
- Attribute attr = attribs.get("turbinePermission");
+ Attribute attr = attribs.get("turbinePermissionName");
if (attr != null)
{
@@ -569,8 +756,8 @@
while (values.hasMore())
{
- Permission perm = getNewPermission(
- values.next().toString());
+ String permName = values.next().toString();
+ Permission perm = getNewPermission(permName);
permissions.put(perm.getName(), perm);
}
@@ -579,7 +766,6 @@
}
catch (NamingException ex)
{
- log.error("NamingException caught", ex);
throw new DataBackendException(
"The LDAP server specified is unavailable", ex);
}
@@ -590,26 +776,26 @@
* Stores Group's attributes. The Groups is required to exist in the system.
*
* @param group The Group to be stored.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the group does not exist.
*/
public void saveGroup(Group group) throws DataBackendException,
UnknownEntityException
{
+ // Not implemented yet.
}
/**
* Stores Role's attributes. The Roles is required to exist in the system.
*
* @param role The Role to be stored.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the role does not exist.
*/
public void saveRole(Role role) throws DataBackendException,
UnknownEntityException
{
+ // Not implemented yet.
}
/**
@@ -617,13 +803,13 @@
* the system.
*
* @param permission The Permission to be stored.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the permission does not exist.
*/
public void savePermission(Permission permission)
throws DataBackendException, UnknownEntityException
{
+ // Not implemented yet.
}
/**
@@ -632,15 +818,53 @@
*
* @param group the object describing the group to be created.
* @return a new Group object that has id set up properly.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws EntityExistsException if the group already exists.
*/
public synchronized Group addGroup(Group group)
throws DataBackendException, EntityExistsException
{
- // Not implemented
- return null;
+ try
+ {
+ lockExclusive();
+
+ String groupName = group.getName();
+
+ if (checkExists(group))
+ {
+ throw new EntityExistsException(
+ "Group '" + groupName + "' already exists");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineGroupName=" + groupName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("objectClass", "turbineGroup"));
+ attrs.put(new BasicAttribute("turbineGroupName", groupName));
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Add the group in LDAP.
+ ctx.bind(dn, null, attrs);
+
+ // Add the group to system-wide cache.
+ getAllGroups().add(group);
+
+ return group;
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -648,15 +872,53 @@
*
* @param role the object describing the role to be created.
* @return a new Role object that has id set up properly.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws EntityExistsException if the role already exists.
*/
public synchronized Role addRole(Role role)
throws DataBackendException, EntityExistsException
{
- return null;
- // return new Role();
+ try
+ {
+ lockExclusive();
+
+ String roleName = role.getName();
+
+ if (checkExists(role))
+ {
+ throw new EntityExistsException(
+ "Role '" + roleName + "' already exists");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineRoleName=" + roleName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("objectClass", "turbineRole"));
+ attrs.put(new BasicAttribute("turbineRoleName", roleName));
+
+ // Connect to LDAP.
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Add the role in LDAP.
+ ctx.bind(dn, null, attrs);
+
+ // Add the role to system-wide cache.
+ getAllRoles().add(role);
+
+ return role;
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -665,54 +927,184 @@
*
* @param permission the object describing the permission to be created.
* @return a new Permission object that has id set up properly.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws EntityExistsException if the permission already exists.
*/
public synchronized Permission addPermission(Permission permission)
throws DataBackendException, EntityExistsException
{
- // Not implemented
- return null;
+ try
+ {
+ lockExclusive();
+
+ String permName = permission.getName();
+
+ if (checkExists(permission))
+ {
+ throw new EntityExistsException(
+ "Permission '" + permName + "' already exists");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbinePermissionName=" + permName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ // Make the attributes.
+ Attributes attrs = new BasicAttributes();
+
+ attrs.put(new BasicAttribute("objectClass", "turbinePermission"));
+ attrs.put(new BasicAttribute("turbinePermissionName", permName));
+
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Add the permission in LDAP.
+ ctx.bind(dn, null, attrs);
+
+ // add the permission to system-wide cache
+ getAllPermissions().add(permission);
+
+ return permission;
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
* Removes a Group from the system.
*
* @param group object describing group to be removed.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the group does not exist.
*/
public synchronized void removeGroup(Group group)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String groupName = group.getName();
+
+ if (!checkExists(group))
+ {
+ throw new UnknownEntityException(
+ "Group '" + groupName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineGroupName=" + groupName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Remove the group from LDAP.
+ ctx.unbind(dn);
+
+ // Remove the group from system-wide cache.
+ getAllGroups().remove(group);
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
* Removes a Role from the system.
*
* @param role object describing role to be removed.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the role does not exist.
*/
public synchronized void removeRole(Role role)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String roleName = role.getName();
+
+ if (!checkExists(role))
+ {
+ throw new UnknownEntityException(
+ "Role '" + roleName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbineRoleName=" + roleName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Remove the role from LDAP.
+ ctx.unbind(dn);
+
+ // Remove the role from system-wide cache.
+ getAllRoles().remove(role);
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
* Removes a Permission from the system.
*
* @param permission object describing permission to be removed.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the permission does not exist.
*/
public synchronized void removePermission(Permission permission)
throws DataBackendException, UnknownEntityException
{
+ try
+ {
+ lockExclusive();
+
+ String permName = permission.getName();
+
+ if (!checkExists(permission))
+ {
+ throw new UnknownEntityException(
+ "Permission '" + permName + "' does not exist");
+ }
+
+ // Make the distinguished name.
+ String dn = "turbinePermissionName=" + permName + ","
+ + LDAPSecurityConstants.getBaseSearch();
+
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ // Remove the permission in LDAP.
+ ctx.unbind(dn);
+
+ // Remove the permission from system-wide cache.
+ getAllPermissions().remove(permission);
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException("NamingException caught", ex);
+ }
+ finally
+ {
+ unlockExclusive();
+ }
}
/**
@@ -720,13 +1112,13 @@
*
* @param group object describing the group to be renamed.
* @param name the new name for the group.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the group does not exist.
*/
public synchronized void renameGroup(Group group, String name)
throws DataBackendException, UnknownEntityException
{
+ // Not implemented yet.
}
/**
@@ -734,13 +1126,13 @@
*
* @param role object describing the role to be renamed.
* @param name the new name for the role.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the role does not exist.
*/
public synchronized void renameRole(Role role, String name)
throws DataBackendException, UnknownEntityException
{
+ // Not implemented yet.
}
/**
@@ -748,40 +1140,85 @@
*
* @param permission object describing the permission to be renamed.
* @param name the new name for the permission.
- * @throws DataBackendException if there was an error accessing the
- * data backend.
+ * @throws DataBackendException if there was an error accessing the backend.
* @throws UnknownEntityException if the permission does not exist.
*/
public synchronized void renamePermission(Permission permission,
String name)
throws DataBackendException, UnknownEntityException
{
+ // Not implemented yet.
}
/**
- * just to satisify the interface requirements
- *
- * @param user the user
+ * Revoke all the roles to a user
+ * @param user the user.
*/
public void revokeAll(User user)
{
+ // Not implemented yet.
}
/**
- * just to satisify the interface requirements
- *
- * @param role the role
+ * Revoke all the permissions to a role.
+ * @param role the role.
*/
public void revokeAll(Role role)
{
+ // Not implemented yet.
}
/**
- * just to satisify the interface requirements
- *
- * @param group the group
+ * Revoke all the roles to a group.
+ * @param group the group.
*/
public void revokeAll(Group group)
{
+ // Not implemented yet.
+ }
+
+ /**
+ * Determines if the <code>Role</code> exists in the security system.
+ *
+ * @param role a <code>Role</code> value
+ * @return true if the role exists in the system, false otherwise
+ * @throws DataBackendException if there is an error with LDAP
+ */
+ public boolean checkExists(Role role)
+ throws DataBackendException
+ {
+ RoleSet roleSet = getRoles(new Criteria());
+
+ return roleSet.contains(role);
+ }
+
+ /**
+ * Determines if the <code>Group</code> exists in the security system.
+ *
+ * @param group a <code>Group</code> value
+ * @return true if the group exists in the system, false otherwise
+ * @throws DataBackendException if there is an error with LDAP
+ */
+ public boolean checkExists(Group group)
+ throws DataBackendException
+ {
+ GroupSet groupSet = getGroups(new Criteria());
+
+ return groupSet.contains(group);
+ }
+
+ /**
+ * Determines if the <code>Permission</code> exists in the security system.
+ *
+ * @param permission a <code>Permission</code> value
+ * @return true if the permission exists in the system, false otherwise
+ * @throws DataBackendException if there is an error with LDAP
+ */
+ public boolean checkExists(Permission permission)
+ throws DataBackendException
+ {
+ PermissionSet permissionSet = getPermissions(new Criteria());
+
+ return permissionSet.contains(permission);
}
}
1.7 +5 -6 jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUser.java
Index: LDAPUser.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUser.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- LDAPUser.java 13 Jan 2003 20:09:45 -0000 1.6
+++ LDAPUser.java 17 Jan 2003 16:10:41 -0000 1.7
@@ -367,7 +367,7 @@
String tmp = null;
tmp = (String) getPerm(User.CONFIRM_VALUE);
- if (tmp.length() == 0)
+ if (tmp != null && tmp.length() == 0)
{
tmp = null;
}
@@ -385,7 +385,7 @@
String tmp = null;
tmp = (String) getPerm(User.EMAIL);
- if (tmp.length() == 0)
+ if (tmp != null && tmp.length() == 0)
{
tmp = null;
}
@@ -539,7 +539,7 @@
String tmp = null;
tmp = (String) getPerm(User.USERNAME);
- if (tmp.length() == 0)
+ if (tmp != null && tmp.length() == 0)
{
tmp = null;
}
@@ -557,7 +557,7 @@
String tmp = null;
tmp = (String) getPerm(User.FIRST_NAME);
- if (tmp.length() == 0)
+ if (tmp != null && tmp.length() == 0)
{
tmp = null;
}
@@ -575,7 +575,7 @@
String tmp = null;
tmp = (String) getPerm(User.LAST_NAME);
- if (tmp.length() == 0)
+ if (tmp != null && tmp.length() == 0)
{
tmp = null;
}
@@ -698,7 +698,6 @@
*/
public void setEmail(String email)
{
- log.debug("setEmail(" + email + ")");
setPerm(User.EMAIL, email);
}
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>