You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2005/10/29 02:53:55 UTC
svn commit: r329334 - in /directory/shared/protocol/trunk/common: ./
src/main/java/org/apache/protocol/common/store/
Author: akarasulu
Date: Fri Oct 28 17:53:50 2005
New Revision: 329334
URL: http://svn.apache.org/viewcvs?rev=329334&view=rev
Log:
changes ...
o added the concept of filtering attributes of ldif entries before loading
o separated kerberos specific filter that creates keys for principles into
its own filter: Krb5KdcEntryFilter
o modified LdifFileLoader to apply a list of filters in order
o cleaned up the class a bit
Added:
directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java (with props)
directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java (with props)
Modified:
directory/shared/protocol/trunk/common/ (props changed)
directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifFileLoader.java
Propchange: directory/shared/protocol/trunk/common/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Fri Oct 28 17:53:50 2005
@@ -4,3 +4,4 @@
classes
.classpath
.project
+*.iml
Added: directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java
URL: http://svn.apache.org/viewcvs/directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java?rev=329334&view=auto
==============================================================================
--- directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java (added)
+++ directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java Fri Oct 28 17:53:50 2005
@@ -0,0 +1,63 @@
+package org.apache.protocol.common.store;
+
+
+import org.apache.kerberos.store.KerberosAttribute;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.NamingException;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import java.io.File;
+
+
+/**
+ * Filter which generates kerberos keys from userPassword attributes of kerberos users being
+ * loaded into the server from an LDIF file.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class Krb5KdcEntryFilter implements LdifLoadFilter
+{
+ private static final Logger log = LoggerFactory.getLogger( Krb5KdcEntryFilter.class );
+ private static final String KEY_TYPE = "DES";
+ private static final String OBJECTCLASS_ATTR = "objectClass";
+ private static final String KRB5KDCENTRY_OC = "krb5KDCEntry";
+ private static final String PASSWORD_ATTR = "userPassword";
+
+
+ /**
+ * Always accepts entries whether or not it can sucessfully generate a key for the entry.
+ *
+ * @see LdifLoadFilter#filter(File, String, Attributes, DirContext)
+ */
+ public boolean filter( File file, String dn, Attributes entry, DirContext ctx ) throws NamingException
+ {
+ if ( entry.get( OBJECTCLASS_ATTR ).contains( KRB5KDCENTRY_OC ) )
+ {
+ String krbPrincipal = null;
+ try
+ {
+ String pw = ( String ) entry.get( PASSWORD_ATTR ).get();
+ krbPrincipal = ( String ) entry.get( KerberosAttribute.PRINCIPAL ).get();
+ KerberosPrincipal principal = new KerberosPrincipal( krbPrincipal );
+ KerberosKey key = new KerberosKey( principal, pw.toCharArray(), KEY_TYPE );
+
+ byte[] encodedKey = key.getEncoded();
+ entry.put( KerberosAttribute.KEY, encodedKey );
+ entry.put( KerberosAttribute.VERSION, Integer.toString( key.getVersionNumber() ) );
+ entry.put( KerberosAttribute.TYPE, Integer.toString( key.getKeyType() ) );
+ }
+ catch ( Exception e )
+ {
+ log.warn( "failed to generate kerberos key\n\tkrbPrincipal=" + krbPrincipal + "\n\tdn=" + dn
+ + "\n\tentry=\n" + entry );
+ }
+ }
+
+ return true;
+ }
+}
Propchange: directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/Krb5KdcEntryFilter.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifFileLoader.java
URL: http://svn.apache.org/viewcvs/directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifFileLoader.java?rev=329334&r1=329333&r2=329334&view=diff
==============================================================================
--- directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifFileLoader.java (original)
+++ directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifFileLoader.java Fri Oct 28 17:53:50 2005
@@ -14,25 +14,23 @@
* limitations under the License.
*
*/
-
package org.apache.protocol.common.store;
+
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
-import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
+import java.util.List;
+import java.util.Collections;
import javax.naming.CompoundName;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
-import javax.security.auth.kerberos.KerberosKey;
-import javax.security.auth.kerberos.KerberosPrincipal;
-import org.apache.kerberos.store.KerberosAttribute;
import org.apache.ldap.common.ldif.LdifIterator;
import org.apache.ldap.common.ldif.LdifParser;
import org.apache.ldap.common.ldif.LdifParserImpl;
@@ -40,8 +38,9 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
/**
- * Support for commands to load an LDIF file that contains Kerberos principals into a DirContext.
+ * Support for commands to load an LDIF file into a DirContext.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
* @version $Rev$, $Date$
@@ -53,75 +52,100 @@
/** a handle on the top initial context: get new context from this */
protected DirContext ctx;
+ /** the LDIF file or directory containing LDIFs to load */
+ protected File ldif;
+ /** the filters to use while loading entries into the server */
+ protected final List filters;
+ /** the total count of entries loaded */
+ private int count;
- protected String ldifPath;
/**
* Creates the LDIF file loader command.
*
* @param ctx the context to load the entries into.
- * @param ldifPath the path to the file of LDIF entries.
+ * @param ldif the file of LDIF entries to load.
*/
- public LdifFileLoader( DirContext ctx, String ldifPath )
+ public LdifFileLoader( DirContext ctx, File ldif, List filters )
{
this.ctx = ctx;
- this.ldifPath = ldifPath;
+ this.ldif = ldif;
+
+ if ( filters == null )
+ {
+ this.filters = Collections.EMPTY_LIST;
+ }
+ else
+ {
+ this.filters = Collections.unmodifiableList( filters );
+ }
}
+
+ /**
+ * Applies filters making sure failures in one filter do not effect another.
+ *
+ * @param dn the DN of the entry
+ * @param entry the attributes of the entry
+ * @return true if all filters passed the entry, false otherwise
+ */
+ private boolean applyFilters ( String dn, Attributes entry )
+ {
+ boolean accept = true;
+ final int limit = filters.size();
+ if ( limit == 0 ) { return true; } // don't waste time with loop
+ for ( int ii = 0; ii < limit; ii++ )
+ {
+ try
+ {
+ accept &= ( ( LdifLoadFilter ) filters.get( ii ) ).filter( ldif, dn, entry, ctx );
+ }
+ catch ( NamingException e )
+ {
+ log.warn( "filter " + filters.get( ii ) + " was bypassed due to failures", e );
+ }
+
+ // early bypass if entry is rejected
+ if ( ! accept ) { return false; }
+ }
+ return true;
+ }
+
+
/**
* Opens the LDIF file and loads the entries into the context.
*/
- public void execute()
+ public int execute()
{
- Name rdn = null;
+ Name rdn;
+ InputStream in = null;
try
{
- InputStream in = getLdifStream();
-
+ in = getLdifStream();
LdifIterator iterator = new LdifIterator( in );
-
LdifParser ldifParser = new LdifParserImpl();
while ( iterator.hasNext() )
{
- String ldif = (String) iterator.next();
-
+ String ldif = ( String) iterator.next();
Attributes attributes = new LockableAttributesImpl();
-
ldifParser.parse( attributes, ldif );
+ String dn = ( String ) attributes.remove( "dn" ).get();
- String dn = (String) attributes.remove( "dn" ).get();
-
- if ( attributes.get( "objectClass" ).contains( "krb5KDCEntry" ) )
- {
- String pw = (String) attributes.get( "userpassword" ).get();
-
- String krbPrincipal = (String) attributes.get( KerberosAttribute.PRINCIPAL ).get();
-
- KerberosPrincipal principal = new KerberosPrincipal( krbPrincipal );
-
- KerberosKey key = new KerberosKey( principal, pw.toCharArray(), "DES" );
-
- byte[] encodedKey = key.getEncoded();
-
- attributes.put( KerberosAttribute.KEY, encodedKey );
- attributes.put( KerberosAttribute.VERSION, Integer.toString( key.getVersionNumber() ) );
- attributes.put( KerberosAttribute.TYPE, Integer.toString( key.getKeyType() ) );
- }
-
+ boolean filterAccepted = applyFilters( dn, attributes );
+ if ( ! filterAccepted ) { continue; }
rdn = getRelativeName( ctx, dn );
try
{
ctx.lookup( rdn );
-
log.info( "Found " + rdn + ", will not create." );
}
catch ( Exception e )
{
ctx.createSubcontext( rdn, attributes );
-
+ count++;
log.info( "Created " + rdn + "." );
}
}
@@ -129,68 +153,20 @@
catch ( FileNotFoundException fnfe )
{
log.error( "LDIF file does not exist." );
- return;
}
- catch ( IOException ioe )
+ catch ( Exception ioe )
{
log.error( "Failed to import LDIF into backing store.", ioe );
- return;
- }
- catch ( NamingException ne )
- {
- log.error( "Failed to import LDIF into backing store.", ne );
- return;
}
-
- try
+ finally
{
- InputStream in = getLdifStream();
-
- LdifIterator iterator = new LdifIterator( in );
-
- LdifParser ldifParser = new LdifParserImpl();
-
- while ( iterator.hasNext() )
- {
- String ldif = (String) iterator.next();
-
- Attributes attributes = new LockableAttributesImpl();
-
- ldifParser.parse( attributes, ldif );
-
- String dn = (String) attributes.remove( "dn" ).get();
-
- rdn = getRelativeName( ctx, dn );
-
- Object stored = ctx.lookup( rdn );
-
- log.debug( "Lookup for " + rdn + " returned " + stored + "." );
-
- if ( stored == null )
- {
- log.error( rdn + " was null." );
-
- throw new IllegalStateException( "LDIF entries not being pushed to disk." );
- }
- }
+ if ( in != null ) { try { in.close(); } catch( Exception e ) { log.error( "failed to close stream", e );} }
}
- catch ( Exception e )
- {
- log.error( "Failed to find " + rdn );
- if ( log.isDebugEnabled() )
- {
- log.error( "Failed to import LDIF into backing store.", e );
- }
- else
- {
- log.error( "Failed to import LDIF into backing store." );
- }
-
- return;
- }
+ return count;
}
+
private Name getRelativeName( DirContext ctx, String baseDn ) throws NamingException
{
Properties props = new Properties();
@@ -199,7 +175,7 @@
props.setProperty( "jndi.syntax.ignorecase", "true" );
props.setProperty( "jndi.syntax.trimblanks", "true" );
- Name searchBaseDn = null;
+ Name searchBaseDn;
try
{
@@ -224,6 +200,7 @@
return searchBaseDn;
}
+
/**
* Tries to find an LDIF file either on the file system or packaged within a jar.
*
@@ -232,19 +209,16 @@
*/
private InputStream getLdifStream() throws FileNotFoundException
{
- File file = new File( ldifPath );
-
- InputStream in = null;
+ InputStream in;
- if ( file.exists() )
+ if ( ldif.exists() )
{
- in = new FileInputStream( file );
+ in = new FileInputStream( ldif );
}
else
{
// if file not on system see if something is bundled with the jar ...
- in = getClass().getResourceAsStream( ldifPath );
-
+ in = getClass().getResourceAsStream( ldif.getName() );
if ( in == null )
{
throw new FileNotFoundException( "LDIF file does not exist." );
Added: directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java
URL: http://svn.apache.org/viewcvs/directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java?rev=329334&view=auto
==============================================================================
--- directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java (added)
+++ directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java Fri Oct 28 17:53:50 2005
@@ -0,0 +1,29 @@
+package org.apache.protocol.common.store;
+
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.NamingException;
+import java.io.File;
+
+
+/**
+ * A filter interface for the LDIF loader.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public interface LdifLoadFilter
+{
+ /**
+ * Filters entries loaded from LDIF files by a LdifFileLoader.
+ *
+ * @param file the file being loaded
+ * @param dn the distinguished name of the entry being loaded
+ * @param entry the entry attributes within the LDIF file
+ * @param ctx context to be used for loading the entry into the DIT
+ * @return true if the entry will be created in the DIT, false if it is to be skipped
+ * @throws NamingException
+ */
+ boolean filter( File file, String dn, Attributes entry, DirContext ctx ) throws NamingException;
+}
Propchange: directory/shared/protocol/trunk/common/src/main/java/org/apache/protocol/common/store/LdifLoadFilter.java
------------------------------------------------------------------------------
svn:eol-style = native