You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/22 19:48:30 UTC
[15/16] Remove the unboundid daos classes and lib,
move the apache dao's into rbac package and make its classes and
methods package private.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/UnboundIdDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/UnboundIdDataProvider.java b/src/main/java/org/apache/directory/fortress/core/ldap/UnboundIdDataProvider.java
deleted file mode 100644
index 944dcb0..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/UnboundIdDataProvider.java
+++ /dev/null
@@ -1,1277 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap;
-
-
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Properties;
-import java.util.Set;
-import java.util.TreeSet;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.cfg.Config;
-import org.apache.directory.fortress.core.rbac.FortEntity;
-import org.apache.directory.fortress.core.rbac.Hier;
-import org.apache.directory.fortress.core.rbac.Relationship;
-import org.apache.directory.fortress.core.util.attr.VUtil;
-import org.apache.directory.fortress.core.util.time.CUtil;
-import org.apache.directory.fortress.core.util.time.Constraint;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttribute;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPControl;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPDN;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPReferralException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchConstraints;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
-
-
-/**
- * Abstract class contains methods to perform low-level entity to ldap persistence. These methods are called by the
- * Fortress DAO's, i.e. {@link org.apache.directory.fortress.core.rbac.dao.unboundid.UserDAO}. {@link org.apache.directory.fortress.core.rbac.dao.unboundid.RoleDAO}, {@link org.apache.directory.fortress.core.rbac.dao.unboundid.PermDAO}, ....
- * These are low-level data utilities, very little if any data validations are performed here.
- * <p/>
- * This class is thread safe.
- * <p/>
- *
- * @author Shawn McKinney
- */
-public abstract class UnboundIdDataProvider
-{
- private static final String OPENLDAP_PROXY_CONTROL = "2.16.840.1.113730.3.4.18";
- private static final int MAX_DEPTH = 100;
- private static final String CLS_NM = UnboundIdDataProvider.class.getName();
- private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
- private static final LdapCounters counters = new LdapCounters();
-
-
- /**
- * Given a contextId and a fortress param name return the LDAP dn.
- *
- * @param contextId is to determine what sub-tree to use.
- * @param root contains the fortress parameter name that corresponds with a particular LDAP container.
- * @return String contains the dn to use for operation.
- */
- protected String getRootDn( String contextId, String root )
- {
- String szDn = Config.getProperty( root );
- StringBuilder dn = new StringBuilder();
-
- // The contextId must not be null, or "HOME" or "null"
- if ( VUtil.isNotNullOrEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL )
- && !contextId.equals( GlobalIds.HOME ) )
- {
- int idx = szDn.indexOf( Config.getProperty( GlobalIds.SUFFIX ) );
-
- if ( idx != -1 )
- {
- // Found. The DN is ,ou=<contextId>,
- dn.append( szDn.substring( 0, idx - 1 ) ).append( "," ).append( GlobalIds.OU ).append( "=" )
- .append( contextId ).append( "," ).append( szDn.substring( idx ) );
- }
- }
- else
- {
- dn.append( szDn );
- }
-
- return dn.toString();
- }
-
-
- /**
- * Given a contextId return the LDAP dn that includes the suffix.
- *
- * @param contextId is to determine what sub-tree to use.
- * @return String contains the dn to use for operation.
- */
- protected String getRootDn( String contextId )
- {
- StringBuilder dn = new StringBuilder();
- if ( VUtil.isNotNullOrEmpty( contextId ) && !contextId.equalsIgnoreCase( GlobalIds.NULL )
- && !contextId.equals( GlobalIds.HOME ) )
- {
- dn.append( GlobalIds.OU ).append( "=" ).append( contextId ).append( "," )
- .append( Config.getProperty( GlobalIds.SUFFIX ) );
- }
- else
- {
- dn.append( Config.getProperty( GlobalIds.SUFFIX ) );
- }
- return dn.toString();
- }
-
-
- /**
- * Read the ldap record from specified location.
- *
- * @param ld handle to ldap connection.
- * @param dn contains ldap distinguished name.
- * @param atrs array contains array names to pull back.
- * @return ldap entry.
- * @throws LDAPException in the event system error occurs.
- */
- protected LDAPEntry read( LDAPConnection ld, String dn, String[] atrs )
- throws LDAPException
- {
- counters.incrementRead();
-
- return ld.read( dn, atrs );
- }
-
-
- /**
- * Read the ldap record from specified location with user assertion.
- *
- * @param ld handle to ldap connection.
- * @param dn contains ldap distinguished name.
- * @param atrs array contains array names to pull back. , PoolMgr.ConnType.USER
- * @param userDn string value represents the identity of user on who's behalf the request was initiated. The value will be stored in openldap auditsearch record AuthZID's attribute.
- * @return ldap entry.
- * @throws LDAPException in the event system error occurs.
- * @throws UnsupportedEncodingException for search control errors.
- */
- protected LDAPEntry read( LDAPConnection ld, String dn, String[] atrs, String userDn )
- throws LDAPException, UnsupportedEncodingException
- {
- counters.incrementRead();
- LDAPControl proxyCtl = new LDAPControl( OPENLDAP_PROXY_CONTROL, true,
- ( GlobalIds.DN + ": " + userDn ).getBytes( GlobalIds.UTF8 ) );
- LDAPSearchConstraints opt = new LDAPSearchConstraints();
- opt.setServerControls( proxyCtl );
- return ld.read( dn, atrs, opt );
- }
-
-
- /**
- * Add a new ldap entry to the directory. Do not add audit context.
- *
- * @param ld handle to ldap connection.
- * @param entry contains data to add..
- * @throws LDAPException in the event system error occurs.
- */
- protected void add( LDAPConnection ld, LDAPEntry entry )
- throws LDAPException
- {
- counters.incrementAdd();
- ld.add( entry );
- }
-
-
- /**
- * Add a new ldap entry to the directory. Add audit context.
- *
- * @param ld handle to ldap connection.
- * @param entry contains data to add..
- * @param entity contains audit context.
- * @throws LDAPException in the event system error occurs.
- */
- protected void add( LDAPConnection ld, LDAPEntry entry, FortEntity entity )
- throws LDAPException
- {
- counters.incrementAdd();
-
- if ( GlobalIds.IS_AUDIT && entity != null && entity.getAdminSession() != null )
- {
- LDAPAttributeSet attrs = entry.getAttributeSet();
-
- if ( VUtil.isNotNullOrEmpty( entity.getAdminSession().getInternalUserId() ) )
- {
- attrs.add( new LDAPAttribute( GlobalIds.FT_MODIFIER, entity.getAdminSession().getInternalUserId() ) );
- }
-
- if ( VUtil.isNotNullOrEmpty( entity.getModCode() ) )
- {
- attrs.add( new LDAPAttribute( GlobalIds.FT_MODIFIER_CODE, entity.getModCode() ) );
- }
-
- if ( VUtil.isNotNullOrEmpty( entity.getModId() ) )
- {
- attrs.add( new LDAPAttribute( GlobalIds.FT_MODIFIER_ID, entity.getModId() ) );
- }
- }
-
- ld.add( entry );
- }
-
-
- /**
- * Update exiting ldap entry to the directory. Do not add audit context.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry.
- * @param mods contains data to modify.
- * @throws LDAPException in the event system error occurs.
- */
- protected void modify( LDAPConnection ld, String dn, LDAPModificationSet mods )
- throws LDAPException
- {
- counters.incrementMod();
- ld.modify( dn, mods );
- }
-
-
- /**
- * Update exiting ldap entry to the directory. Add audit context.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry.
- * @param mods contains data to modify.
- * @param entity contains audit context.
- * @throws LDAPException in the event system error occurs.
- */
- protected void modify( LDAPConnection ld, String dn, LDAPModificationSet mods, FortEntity entity )
- throws LDAPException
- {
- counters.incrementMod();
- audit( mods, entity );
- ld.modify( dn, mods );
- }
-
-
- /**
- * Delete exiting ldap entry from the directory. Do not add audit context.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry targeted for removal..
- * @throws LDAPException in the event system error occurs.
- */
- protected void delete( LDAPConnection ld, String dn )
- throws LDAPException
- {
- counters.incrementDelete();
- ld.delete( dn );
- }
-
-
- /**
- * Delete exiting ldap entry from the directory. Add audit context. This method will call modify prior to delete which will
- * force corresponding audit record to be written to slapd access log.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry targeted for removal..
- * @param entity contains audit context.
- * @throws LDAPException in the event system error occurs.
- */
- protected void delete( LDAPConnection ld, String dn, FortEntity entity )
- throws LDAPException
- {
- counters.incrementDelete();
- LDAPModificationSet mods = new LDAPModificationSet();
- audit( mods, entity );
- if ( mods.size() > 0 )
- modify( ld, dn, mods );
- ld.delete( dn );
- }
-
-
- /**
- * Delete exiting ldap entry and all descendants from the directory. Do not add audit context.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry targeted for removal..
- * @throws LDAPException in the event system error occurs.
- */
- protected void deleteRecursive( LDAPConnection ld, String dn )
- throws LDAPException
- {
- int recursiveCount = 0;
- deleteRecursive( dn, ld, recursiveCount );
- }
-
-
- /**
- * Delete exiting ldap entry and all descendants from the directory. Add audit context. This method will call modify prior to delete which will
- * force corresponding audit record to be written to slapd access log.
- *
- * @param ld handle to ldap connection.
- * @param dn contains distinguished node of entry targeted for removal..
- * @param entity contains audit context.
- * @throws LDAPException in the event system error occurs.
- */
- protected void deleteRecursive( LDAPConnection ld, String dn, FortEntity entity )
- throws LDAPException
- {
- LDAPModificationSet mods = new LDAPModificationSet();
- audit( mods, entity );
- if ( mods.size() > 0 )
- modify( ld, dn, mods );
- deleteRecursive( ld, dn );
- }
-
-
- /**
- * Used to recursively remove all nodes up to record pointed to by dn attribute.
- *
- * @param dn contains distinguished node of entry targeted for removal..
- * @param ld handle to ldap connection.
- * @param recursiveCount keeps track of how many iterations have been performed.
- * @throws LDAPException in the event system error occurs.
- */
- private void deleteRecursive( String dn, LDAPConnection ld, int recursiveCount )
- throws LDAPException
- {
- String method = "deleteRecursive";
- // Sanity check - only allow max tree depth of 100
- if ( recursiveCount++ > MAX_DEPTH )
- {
- // too deep inside of a recursive sequence;
- String error = "." + method + " dn [" + dn + "] depth error in recursive";
- throw new LDAPException( error, LDAPException.OPERATION_ERROR );
- }
-
- String theDN;
- // Find child nodes
- LDAPSearchResults res = search( ld, dn, LDAPConnection.SCOPE_ONE, "objectclass=*", GlobalIds.NO_ATRS, false, 0 );
-
- // Iterate over all entries under this entry
- while ( res.hasMoreElements() )
- {
- try
- {
- // Next directory entry
- LDAPEntry entry = res.next();
- theDN = entry.getDN();
- // continue down:
- deleteRecursive( theDN, ld, recursiveCount );
- recursiveCount--;
- }
- catch ( LDAPReferralException lre )
- {
- // cannot continue;
- String error = "." + method + " dn [" + dn + "] caught LDAPReferralException="
- + lre.errorCodeToString() + "=" + lre.getLDAPErrorMessage();
- throw new LDAPException( error, lre.getLDAPResultCode() );
- }
- catch ( LDAPException ldape )
- {
- // cannot continue;
- String error = "." + method + " dn [" + dn + "] caught LDAPException="
- + ldape.errorCodeToString() + "=" + ldape.getLDAPErrorMessage();
- throw new LDAPException( error, ldape.getLDAPResultCode() );
- }
- }
- // delete the node:
- counters.incrementDelete();
- delete( ld, dn );
- }
-
-
- /**
- * Add the audit context variables to the modfication set.
- *
- * @param mods used to update ldap attributes.
- * @param entity contains audit context.
- * @throws LDAPException in the event of error with ldap client.
- */
- private void audit( LDAPModificationSet mods, FortEntity entity )
- {
- if ( GlobalIds.IS_AUDIT && entity != null && entity.getAdminSession() != null )
- {
- if ( VUtil.isNotNullOrEmpty( entity.getAdminSession().getInternalUserId() ) )
- {
- LDAPAttribute modifier = new LDAPAttribute( GlobalIds.FT_MODIFIER, entity.getAdminSession()
- .getInternalUserId() );
- mods.add( LDAPModification.REPLACE, modifier );
- }
- if ( VUtil.isNotNullOrEmpty( entity.getModCode() ) )
- {
- LDAPAttribute modCode = new LDAPAttribute( GlobalIds.FT_MODIFIER_CODE, entity.getModCode() );
- mods.add( LDAPModification.REPLACE, modCode );
- }
- if ( VUtil.isNotNullOrEmpty( entity.getModId() ) )
- {
- LDAPAttribute modId = new LDAPAttribute( GlobalIds.FT_MODIFIER_ID, entity.getModId() );
- mods.add( LDAPModification.REPLACE, modId );
- }
- }
- }
-
-
- /**
- * Perform normal ldap search accepting default batch size.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param baseDn contains address of distinguished name to begin ldap search
- * @param scope indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
- * @param filter contains the search criteria
- * @param atrs is the requested list of attritubutes to return from directory search.
- * @param attrsOnly if true pull back attribute names only.
- * @return result set containing ldap entries returned from directory.
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- */
- protected LDAPSearchResults search( LDAPConnection ld,
- String baseDn,
- int scope,
- String filter,
- String[] atrs,
- boolean attrsOnly )
- throws LDAPException
- {
- counters.incrementSearch();
- LDAPSearchResults result;
- result = ld.search( baseDn, scope, filter, atrs, attrsOnly );
- return result;
- }
-
-
- /**
- * Perform normal ldap search specifying default batch size.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param baseDn contains address of distinguished name to begin ldap search
- * @param scope indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
- * @param filter contains the search criteria
- * @param atrs is the requested list of attritubutes to return from directory search.
- * @param attrsOnly if true pull back attribute names only.
- * @param batchSize Will block until this many entries are ready to return from server. 0 indicates to block until all results are ready.
- * @return result set containing ldap entries returned from directory.
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- */
- protected LDAPSearchResults search( LDAPConnection ld,
- String baseDn,
- int scope,
- String filter,
- String[] atrs,
- boolean attrsOnly,
- int batchSize )
- throws LDAPException
- {
- counters.incrementSearch();
- LDAPSearchResults result;
- LDAPSearchConstraints ldCons = new LDAPSearchConstraints();
- // Returns the maximum number of search results that are to be returned; 0 means there is no limit.
- ldCons.setMaxResults( 0 );
- ldCons.setBatchSize( batchSize );
- result = ld.search( baseDn, scope, filter, atrs, attrsOnly, ldCons );
- return result;
- }
-
-
- /**
- * Perform normal ldap search specifying default batch size and max entries to return.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param baseDn contains address of distinguished name to begin ldap search
- * @param scope indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
- * @param filter contains the search criteria
- * @param atrs is the requested list of attritubutes to return from directory search.
- * @param attrsOnly if true pull back attribute names only.
- * @param batchSize Will block until this many entries are ready to return from server. 0 indicates to block until all results are ready.
- * @param maxEntries specifies the maximum number of entries to return in this search query.
- * @return result set containing ldap entries returned from directory.
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- */
- protected LDAPSearchResults search( LDAPConnection ld,
- String baseDn,
- int scope,
- String filter,
- String[] atrs,
- boolean attrsOnly,
- int batchSize,
- int maxEntries )
- throws LDAPException
- {
- counters.incrementSearch();
- LDAPSearchResults result;
- LDAPSearchConstraints ldCons = new LDAPSearchConstraints();
- // Returns the maximum number of search results that are to be returned;
- ldCons.setMaxResults( maxEntries );
- ldCons.setBatchSize( batchSize );
- result = ld.search( baseDn, scope, filter, atrs, attrsOnly, ldCons );
- return result;
- }
-
-
- /**
- * This method will search the directory and return at most one record. If more than one record is found
- * an ldap exception will be thrown.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param baseDn contains address of distinguished name to begin ldap search
- * @param scope indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
- * @param filter contains the search criteria
- * @param atrs is the requested list of attritubutes to return from directory search.
- * @param attrsOnly if true pull back attribute names only.
- * @return entry containing target ldap node.
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- */
- protected LDAPEntry searchNode( LDAPConnection ld,
- String baseDn,
- int scope, String filter,
- String[] atrs,
- boolean attrsOnly )
- throws LDAPException
- {
- LDAPSearchResults result = ld.search( baseDn, scope,
- filter, atrs, attrsOnly );
- if ( result.getCount() > 1 )
- {
- throw new LDAPException( "searchNode failed to return unique record for LDAP search of base DN ["
- + baseDn + "] filter [" + filter + "]" );
- }
- return result.next();
- }
-
-
- /**
- * This search method uses OpenLDAP Proxy Authorization Control to assert arbitrary user identity onto connection.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param baseDn contains address of distinguished name to begin ldap search
- * @param scope indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
- * @param filter contains the search criteria
- * @param atrs is the requested list of attritubutes to return from directory search.
- * @param attrsOnly if true pull back attribute names only.
- * @param userDn string value represents the identity of user on who's behalf the request was initiated. The value will be stored in openldap auditsearch record AuthZID's attribute.
- * @return entry containing target ldap node.
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- */
- protected LDAPEntry searchNode( LDAPConnection ld,
- String baseDn,
- int scope,
- String filter,
- String[] atrs,
- boolean attrsOnly,
- String userDn )
- throws LDAPException, UnsupportedEncodingException
- {
- counters.incrementSearch();
- LDAPControl proxyCtl = new LDAPControl( OPENLDAP_PROXY_CONTROL, true,
- ( GlobalIds.DN + ": " + userDn ).getBytes( GlobalIds.UTF8 ) );
- LDAPSearchConstraints opt = new LDAPSearchConstraints();
- opt.setServerControls( proxyCtl );
- LDAPSearchResults result = ld.search( baseDn, scope, filter, atrs, attrsOnly, opt );
- if ( result.getCount() > 1 )
- {
- throw new LDAPException( "searchNode failed to return unique record for LDAP search of base DN ["
- + baseDn + "] filter [" + filter + "]" );
- }
- return result.next();
- }
-
-
- /**
- * This method uses the compare ldap func to assert audit record into the directory server's configured audit logger.
- *
- * @param ld is LDAPConnection object used for all communication with host.
- * @param dn contains address of distinguished name to begin ldap search
- * @param userDn dn for user node
- * @param attribute attribute used for compare
- * @return true if compare operation succeeds
- * @throws LDAPException thrown in the event of error in ldap client or server code.
- * @throws UnsupportedEncodingException in the event the server cannot perform the operation.
- */
- protected boolean compareNode( LDAPConnection ld,
- String dn,
- String userDn,
- LDAPAttribute attribute )
- throws LDAPException, UnsupportedEncodingException
- {
- counters.incrementCompare();
- LDAPControl proxyCtl = new LDAPControl( OPENLDAP_PROXY_CONTROL, true,
- ( GlobalIds.DN + ": " + userDn ).getBytes( GlobalIds.UTF8 ) );
- LDAPSearchConstraints opt = new LDAPSearchConstraints();
- opt.setServerControls( proxyCtl );
- return ld.compare( dn, attribute, opt );
- }
-
-
- /**
- * Method wraps ldap client to return multi-occurring attribute values by name within a given entry and returns as a list of strings.
- *
- * @param entry contains the target ldap entry.
- * @param attributeName name of ldap attribute to retrieve.
- * @return List of type string containing attribute values.
- * @throws LDAPException in the event of ldap client error.
- */
- protected List<String> getAttributes( LDAPEntry entry, String attributeName )
- {
- List<String> attrValues = new ArrayList<>();
- LDAPAttribute attr;
- Enumeration values;
- attr = entry.getAttribute( attributeName );
- if ( attr != null )
- {
- values = attr.getStringValues();
- }
- else
- {
- return null;
- }
- if ( values != null )
- {
- while ( values.hasMoreElements() )
- {
- attrValues.add( ( String ) values.nextElement() );
- }
- }
- return attrValues;
- }
-
-
- protected byte[] getPhoto( LDAPEntry entry, String attributeName )
- {
- byte[] photo = null;
- LDAPAttribute attr = entry.getAttribute( attributeName );
- if ( attr != null )
- {
- // Get the values as byte arrays
- Enumeration enumVals =
- attr.getByteValues();
- // Get the first value - if there's more
- // than one
- if ( enumVals.hasMoreElements() )
- {
- photo =
- ( byte[] ) enumVals.nextElement();
- }
- }
- return photo;
- }
-
-
- /**
- * Method wraps ldap client to return multi-occurring attribute values by name within a given entry and returns as a set of strings.
- *
- * @param entry contains the target ldap entry.
- * @param attributeName name of ldap attribute to retrieve.
- * @return List of type string containing attribute values.
- * @throws LDAPException in the event of ldap client error.
- */
- protected Set<String> getAttributeSet( LDAPEntry entry, String attributeName )
- {
- // create Set with case insensitive comparator:
- Set<String> attrValues = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
- LDAPAttribute attr;
- Enumeration values;
- attr = entry.getAttribute( attributeName );
- if ( attr != null )
- {
- values = attr.getStringValues();
- }
- else
- {
- return null;
- }
- if ( values != null )
- {
- while ( values.hasMoreElements() )
- {
- attrValues.add( ( String ) values.nextElement() );
- }
- }
- return attrValues;
- }
-
-
- /**
- * Method wraps ldap client to return multi-occurring attribute values by name within a given entry and return as a list of type {@link org.apache.directory.fortress.core.rbac.Relationship}.
- *
- * @param entry contains the target ldap entry.
- * @param attributeName name of ldap attribute to retrieve.
- * @return List of type {@link org.apache.directory.fortress.core.rbac.Relationship} containing parent-child relationships.
- * @throws LDAPException in the event of ldap client error.
- */
- protected List<Relationship> getRelationshipAttributes( LDAPEntry entry, String attributeName )
- {
- List<Relationship> attrValues = new ArrayList<>();
- LDAPAttribute attr;
- Enumeration values;
-
- attr = entry.getAttribute( attributeName );
- if ( attr != null )
- {
- values = attr.getStringValues();
- }
- else
- {
- return null;
- }
- if ( values != null )
- {
- while ( values.hasMoreElements() )
- {
- String edge = ( String ) values.nextElement();
- int indx = edge.indexOf( GlobalIds.PROP_SEP );
- if ( indx >= 1 )
- {
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- // Separate the parent from the child:
- String child = edge.substring( 0, indx );
- String parent = edge.substring( indx + 1 );
-
- // Load the parent/child relationship values into a helper class:
- Relationship rel = new Relationship( child, parent );
- attrValues.add( rel );
- }
- else
- {
- String warning = "getRelAttributes detected incorrect data in role relationship field: "
- + edge;
- LOG.warn( warning );
- }
- }
- }
- return attrValues;
- }
-
-
- /**
- * Method wraps ldap client to return attribute value by name within a given entry and returns as a string.
- *
- * @param entry contains the target ldap entry.
- * @param attributeName name of ldap attribute to retrieve.
- * @return value contained in a string variable.
- * @throws LDAPException in the event of ldap client error.
- */
- protected String getAttribute( LDAPEntry entry, String attributeName )
- {
- String attrValue = null;
- LDAPAttribute attr;
- Enumeration values;
- attr = entry.getAttribute( attributeName );
- if ( attr != null )
- {
- values = attr.getStringValues();
- }
- else
- {
- return null;
- }
- if ( values != null )
- {
- attrValue = ( String ) values.nextElement();
- }
- return attrValue;
- }
-
-
- /**
- * Method will retrieve the relative distinguished name from a distinguished name variable.
- *
- * @param dn contains ldap distinguished name.
- * @return rDn as string.
- * @throws LDAPException in the event of ldap client error.
- */
- protected String getRdn( String dn )
- {
- String[] dnList;
- dnList = LDAPDN.explodeDN( dn, true );
- return dnList[0];
- }
-
-
- /**
- * Create multi-occurring ldap attribute given array of strings and attribute name.
- *
- * @param name contains attribute name to create.
- * @param values array of string that contains attribute values.
- * @return LDAPAttribute containing multi-occurring attribute set.
- * @throws LDAPException in the event of ldap client error.
- */
- protected LDAPAttribute createAttributes( String name, String values[] )
- throws LDAPException
- {
- LDAPAttribute attr = new LDAPAttribute( name );
- for ( String value : values )
- {
- encodeSafeText( value, value.length() );
- attr.addValue( value );
- }
- return attr;
- }
-
-
- /**
- * Create ldap attribute given an attribute name and value.
- *
- * @param name contains attribute name to create.
- * @param value string contains attribute value.
- * @return LDAPAttribute containing new ldap attribute.
- * @throws LDAPException in the event of ldap client error.
- */
- protected LDAPAttribute createAttribute( String name, String value )
- throws LDAPException
- {
- LDAPAttribute attr = new LDAPAttribute( name );
- encodeSafeText( value, value.length() );
- attr.addValue( value );
- return attr;
- }
-
-
- /**
- * Convert constraint from raw ldap format to application entity.
- *
- * @param le ldap entry containing constraint.
- * @param ftDateTime reference to {@link org.apache.directory.fortress.util.time.Constraint} containing formatted data.
- * @throws LDAPException in the event of ldap client error.
- */
- protected void unloadTemporal( LDAPEntry le, Constraint ftDateTime )
- {
- String szRawData = getAttribute( le, GlobalIds.CONSTRAINT );
-
- if ( szRawData != null && szRawData.length() > 0 )
- {
- CUtil.setConstraint( szRawData, ftDateTime );
- }
- }
-
-
- /**
- * Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory.
- *
- * @param list list of type string containing attribute values to load into attribute set.
- * @param attrs contains ldap attribute set targeted for adding.
- * @param attrName name of ldap attribute being added.
- */
- protected void loadAttrs( List<String> list, LDAPAttributeSet attrs, String attrName )
- {
- if ( list != null && list.size() > 0 )
- {
- LDAPAttribute attr = null;
- for ( String val : list )
- {
- if ( attr == null )
- {
- attr = new LDAPAttribute( attrName, val );
- }
- else
- {
- attr.addValue( val );
- }
- }
- if ( attr != null )
- {
- attrs.add( attr );
- }
- }
- }
-
-
- /**
- * Given a collection of {@link org.apache.directory.fortress.core.rbac.Relationship}, convert to raw data name-value format and load into ldap attribute set in preparation for ldap add.
- *
- * @param list contains List of type {@link org.apache.directory.fortress.core.rbac.Relationship} targeted for adding to ldap.
- * @param attrs collection of ldap attributes containing parent-child relationships in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be added.
- */
- protected void loadRelationshipAttrs( List<Relationship> list, LDAPAttributeSet attrs, String attrName )
- {
- if ( list != null )
- {
- LDAPAttribute attr = null;
- for ( Relationship rel : list )
- {
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- if ( attr == null )
- {
- attr = new LDAPAttribute( attrName, rel.getChild() + GlobalIds.PROP_SEP + rel.getParent() );
- }
- else
- {
- attr.addValue( rel.getChild() + GlobalIds.PROP_SEP + rel.getParent() );
- }
- }
- if ( attr != null )
- {
- attrs.add( attr );
- }
- }
- }
-
-
- /**
- * Given an ldap attribute name and a set of attribute values, construct an ldap attribute set to be added to directory.
- *
- * @param values set of type string containing attribute values to load into attribute set.
- * @param attrs contains ldap attribute set targeted for adding.
- * @param attrName name of ldap attribute being added.
- */
- protected void loadAttrs( Set<String> values, LDAPAttributeSet attrs, String attrName )
- {
- if ( values != null && values.size() > 0 )
- {
- LDAPAttribute attr = null;
- for ( String value : values )
- {
- if ( attr == null )
- {
- attr = new LDAPAttribute( attrName, value );
- }
- else
- {
- attr.addValue( value );
- }
- }
- if ( attr != null )
- {
- attrs.add( attr );
- }
- }
- }
-
-
- /**
- * Given a multi-occurring ldap attribute name and a list of attribute values, construct an ldap modification set to be updated in directory.
- * This function will replace all existing attributes with new values.
- *
- * @param list list of type string containing attribute values to load into modification set.
- * @param mods contains ldap modification set targeted for updating.
- * @param attrName name of ldap attribute being modified.
- */
- protected void loadAttrs( List<String> list, LDAPModificationSet mods, String attrName )
- {
- loadAttrs( list, mods, attrName, true );
- }
-
- /**
- * Given a multi-occurring ldap attribute name and a list of attribute values, construct an ldap modification set to be updated in directory.
- *
- * @param list list of type string containing attribute values to load into modification set.
- * @param mods contains ldap modification set targeted for updating.
- * @param attrName name of ldap attribute being modified.
- * @param replace boolean value if true will replace existing attributes with new..
- */
- protected void loadAttrs( List<String> list, LDAPModificationSet mods, String attrName, boolean replace )
- {
- if ( list != null && list.size() > 0 )
- {
- LDAPAttribute attr = new LDAPAttribute( attrName );
- if(replace)
- {
- mods.add( LDAPModification.REPLACE, attr );
- }
-
- for ( String val : list )
- {
- attr = new LDAPAttribute( attrName, val );
- mods.add( LDAPModification.ADD, attr );
- }
- }
- }
-
- /**
- * Given a collection of {@link org.apache.directory.fortress.core.rbac.Relationship}s, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
- *
- * @param list contains List of type {@link org.apache.directory.fortress.core.rbac.Relationship} targeted for updating in ldap.
- * @param mods ldap modification set containing parent-child relationships in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be updated.
- * @param op specifies type of mod: {@link Hier.Op#ADD}, {@link org.apache.directory.fortress.core.rbac.Hier.Op#MOD}, {@link Hier.Op#REM}
- */
- protected void loadRelationshipAttrs( List<Relationship> list, LDAPModificationSet mods, String attrName, Hier.Op op )
- {
- if ( list != null )
- {
- LDAPAttribute attr;
- for ( Relationship rel : list )
- {
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- attr = new LDAPAttribute( attrName, rel.getChild() + GlobalIds.PROP_SEP + rel.getParent() );
- switch ( op )
- {
- case ADD:
- mods.add( LDAPModification.ADD, attr );
- break;
- case MOD:
- mods.add( LDAPModification.REPLACE, attr );
- break;
- case REM:
- mods.add( LDAPModification.DELETE, attr );
- break;
- }
- }
- }
- }
-
-
- /**
- * Given an ldap attribute name and a set of attribute values, construct an ldap modification set to be updated in directory.
- *
- * @param values set of type string containing attribute values to load into modification set.
- * @param mods contains ldap modification set targeted for updating.
- * @param attrName name of ldap attribute being updated.
- */
- protected void loadAttrs( Set<String> values, LDAPModificationSet mods, String attrName )
- {
- if ( values != null && values.size() > 0 )
- {
- LDAPAttribute attr = new LDAPAttribute( attrName );
- mods.add( LDAPModification.REPLACE, attr );
- for ( String value : values )
- {
- attr = new LDAPAttribute( attrName, value );
- mods.add( LDAPModification.ADD, attr );
- }
- }
- }
-
-
- /**
- * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
- *
- * @param props contains {@link java.util.Properties} targeted for updating in ldap.
- * @param mods ldap modification set containing name-value pairs in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be updated.
- * @param replace boolean variable, if set to true use {@link LDAPModification#REPLACE} else {@link LDAPModification#ADD}.
- */
- protected void loadProperties( Properties props, LDAPModificationSet mods, String attrName, boolean replace )
- {
- loadProperties( props, mods, attrName, GlobalIds.PROP_SEP, replace );
- }
-
-
- /**
- * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
- *
- * @param props contains {@link java.util.Properties} targeted for updating in ldap.
- * @param mods ldap modification set containing name-value pairs in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be updated.
- * @param separator contains the delimiter for the property.
- * @param replace boolean variable, if set to true use {@link LDAPModification#REPLACE} else {@link LDAPModification#ADD}.
- */
- protected void loadProperties( Properties props, LDAPModificationSet mods, String attrName, char separator, boolean replace )
- {
- if ( props != null && props.size() > 0 )
- {
- LDAPAttribute prop = new LDAPAttribute( attrName );
- if ( replace )
- mods.add( LDAPModification.REPLACE, prop );
-
- for ( Enumeration e = props.propertyNames(); e.hasMoreElements(); )
- {
- String key = ( String ) e.nextElement();
- String val = props.getProperty( key );
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- prop = new LDAPAttribute( attrName, key + separator + val );
- mods.add( LDAPModification.ADD, prop );
- }
- }
- }
-
-
- /**
- * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
- *
- * @param props contains {@link java.util.Properties} targeted for removal from ldap.
- * @param mods ldap modification set containing name-value pairs in raw ldap format to be removed.
- * @param attrName contains the name of the ldap attribute to be removed.
- */
- protected void removeProperties( Properties props, LDAPModificationSet mods, String attrName )
- {
- if ( props != null && props.size() > 0 )
- {
- LDAPAttribute prop;
- for ( Enumeration e = props.propertyNames(); e.hasMoreElements(); )
- {
- String key = ( String ) e.nextElement();
- String val = props.getProperty( key );
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- prop = new LDAPAttribute( attrName, key + GlobalIds.PROP_SEP + val );
- mods.add( LDAPModification.DELETE, prop );
- }
- }
- }
-
-
- /**
- * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
- *
- * @param props contains {@link java.util.Properties} targeted for adding to ldap.
- * @param attrs ldap attribute set containing name-value pairs in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be added.
- */
- protected void loadProperties( Properties props, LDAPAttributeSet attrs, String attrName )
- {
- loadProperties( props, attrs, attrName, ':' );
- }
-
-
- /**
- * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
- *
- * @param props contains {@link java.util.Properties} targeted for adding to ldap.
- * @param attrs ldap attribute set containing name-value pairs in raw ldap format.
- * @param attrName contains the name of the ldap attribute to be added.
- */
- protected void loadProperties( Properties props, LDAPAttributeSet attrs, String attrName, char separator )
- {
- if ( props != null && props.size() > 0 )
- {
- LDAPAttribute attr = null;
- for ( Enumeration e = props.propertyNames(); e.hasMoreElements(); )
- {
- // This LDAP attr is stored as a name-value pair separated by a ':'.
- String key = ( String ) e.nextElement();
- String val = props.getProperty( key );
- String prop = key + separator + val;
- if ( attr == null )
- {
- attr = new LDAPAttribute( attrName, prop );
- }
- else
- {
- attr.addValue( prop );
- }
- }
- if ( attr != null )
- {
- attrs.add( attr );
- }
- }
- }
-
-
- /**
- * @param value
- * @param validLen
- * @return String containing encoded data.
- * @throws LDAPException
- */
- protected String encodeSafeText( String value, int validLen )
- throws LDAPException
- {
- if ( VUtil.isNotNullOrEmpty( value ) )
- {
- int length = value.length();
- if ( length > validLen )
- {
- String error = "encodeSafeText value [" + value + "] invalid length [" + length + "]";
- throw new LDAPException( error, LDAPException.PARAM_ERROR );
- }
- if ( GlobalIds.LDAP_FILTER_SIZE_FOUND )
- {
- value = VUtil.escapeLDAPSearchFilter( value );
- }
- }
- return value;
- }
-
-
- /**
- * Calls the PoolMgr to perform an LDAP bind for a user/password combination. This function is valid
- * if and only if the user entity is a member of the USERS data set. The LDAP directory
- * will return the OpenLDAP PW Policy control.
- *
- * @param ld connection to ldap server.
- * @param userId contains the LDAP dn to the user entry.
- * @param password contains the password in clear text.
- * @return boolean value - true if bind successful, false otherwise.
- * @throws LDAPException in the event of LDAP error.
- */
- protected boolean bind( LDAPConnection ld, String userId, char[] password )
- throws LDAPException
- {
- counters.incrementBind();
- return PoolMgr.bind( ld, userId, password );
- }
-
-
- /**
- * Calls the PoolMgr to close the Admin LDAP connection.
- *
- * @param ld handle to ldap connection object.
- */
- protected void closeAdminConnection( LDAPConnection ld )
- {
- PoolMgr.closeConnection( ld, PoolMgr.ConnType.ADMIN );
- }
-
-
- /**
- * Calls the PoolMgr to close the User LDAP connection.
- *
- * @param ld handle to ldap connection object.
- */
- protected void closeUserConnection( LDAPConnection ld )
- {
- PoolMgr.closeConnection( ld, PoolMgr.ConnType.USER );
- }
-
-
- /**
- * Calls the PoolMgr to close the Log LDAP connection.
- *
- * @param ld handle to ldap connection object.
- */
- protected void closeLogConnection( LDAPConnection ld )
- {
- PoolMgr.closeConnection( ld, PoolMgr.ConnType.LOG );
- }
-
-
- /**
- * Calls the PoolMgr to get a User connection to the LDAP server.
- *
- * @return ldap connection.
- * @throws LDAPException
- */
- protected LDAPConnection getUserConnection() throws LDAPException
- {
- return PoolMgr.getConnection( PoolMgr.ConnType.USER );
- }
-
-
- /**
- * Calls the PoolMgr to get an Admin connection to the LDAP server.
- *
- * @return ldap connection.
- * @throws LDAPException
- */
- protected LDAPConnection getAdminConnection() throws LDAPException
- {
- return PoolMgr.getConnection( PoolMgr.ConnType.ADMIN );
- }
-
-
- /**
- * Calls the PoolMgr to get a Log connection to the LDAP server.
- *
- * @return ldap connection.
- * @throws LDAPException
- */
- protected LDAPConnection getLogConnection() throws LDAPException
- {
- return PoolMgr.getConnection( PoolMgr.ConnType.LOG );
- }
-
-
- /**
- * Return to call reference to dao counter object with running totals for ldap operations add, mod, delete, search, etc.
- *
- * @return {@link LdapCounters} contains long values of atomic ldap operations for current running process.
- */
- public static LdapCounters getLdapCounters()
- {
- return counters;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/openldap/OLPWControlImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/openldap/OLPWControlImpl.java b/src/main/java/org/apache/directory/fortress/core/ldap/openldap/OLPWControlImpl.java
deleted file mode 100755
index 853d906..0000000
--- a/src/main/java/org/apache/directory/fortress/core/ldap/openldap/OLPWControlImpl.java
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.directory.fortress.core.ldap.openldap;
-
-
-import java.util.Arrays;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.directory.fortress.core.GlobalIds;
-import org.apache.directory.fortress.core.ObjectFactory;
-import org.apache.directory.fortress.core.rbac.GlobalPwMsgIds;
-import org.apache.directory.fortress.core.rbac.PwMessage;
-import org.apache.directory.fortress.core.rbac.PwPolicyControl;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPControl;
-import org.apache.directory.fortress.core.rbac.Warning;
-
-
-/**
- * This class reads the OpenLDAP password policy control and translates into data entity for Fortress. In order for these checks
- * to be successful the OpenLDAP server must have enabled the pw policy overlay. Read the OpenLDAP man pages for how this overlay works.
- * <p/>
-
- *
- * @author Shawn McKinney
- */
-public class OLPWControlImpl implements PwPolicyControl
-{
- private static final String CLS_NM = OLPWControlImpl.class.getName();
- private final static Logger LOG = LoggerFactory.getLogger( CLS_NM );
-
-
- /**
- * Reads the OpenLDAP password policy control and sets the PwMessage with what it finds.
- *
- * <p/>This function will use the password policy control that is contained within the ldap connection object.
- * Ber encoding:
- * <ul>
- * <li> ------------------------------------------
- * <li> PasswordPolicyResponseValue ::= SEQUENCE {
- * <li> warning [0] CHOICE {
- * <li> timeBeforeExpiration [0] INTEGER (0 .. maxInt),
- * <li> graceLoginsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL
- * <li> error [1] ENUMERATED {
- * <li> passwordExpired (0),
- * <li> accountLocked (1),
- * <li> changeAfterReset (2),
- * <li> passwordModNotAllowed (3),
- * <li> mustSupplyOldPassword (4),
- * <li> invalidPasswordSyntax (5),
- * <li> passwordTooShort (6),
- * <li> passwordTooYoung (7),
- * <li> passwordInHistory (8) } OPTIONAL }
- * <li> ---
- * <li> Old Encoding Scheme:
- * <li> PPOLICY_WARNING 0xa0
- * <li> PPOLICY_ERROR 0xa1
- * <li> PPOLICY_EXPIRE 0xa0
- * <li> PPOLICY_GRACE 0xa1
- * <li> New Encoding Scheme:
- * <li> PPOLICY_WARNING 0xa0
- * <li> PPOLICY_ERROR 0x81
- * <li> PPOLICY_EXPIRE 0x80
- * <li> PPOLICY_GRACE 0x81
- * </ul>
- *
- * @param controls ldap controls object.
- * @param isAuthenticated set to 'true' if password checks pass.
- * @param pwMsg describes the outcome of the policy checks.
- */
- @Override
- public void checkPasswordPolicy( LDAPControl[] controls, boolean isAuthenticated, PwMessage pwMsg )
- {
- String methodName = "checkPasswordPolicy";
- pwMsg.setErrorId( GlobalPwMsgIds.GOOD );
- //pwMsg.setWarningId( GlobalPwMsgIds.PP_NOWARNING );
- pwMsg.setAuthenticated( isAuthenticated );
-
- if ( controls == null )
- {
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.NO_CONTROLS_FOUND, "PW CONTROLS NOT FOUND", Warning.Type.PASSWORD ) );
- }
- else if ( controls.length >= 1 )
- {
- for ( int i = 0; i < controls.length; i++ )
- {
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} controls[{}]={}", methodName, i, controls[i] );
- }
-
- LDAPControl con = controls[i];
- String id = con.getID();
-
- if ( id.compareTo( GlobalIds.OPENLDAP_PW_RESPONSE_CONTROL ) == 0 )
- {
- byte[] rB = con.getValue();
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} control value length={}", methodName, rB.length );
-
- String bytes = "";
-
- for ( byte aRB : rB )
- {
- bytes = bytes + printRawData( aRB );
- }
-
- LOG.debug( "{} printRawData numbytes: {}", methodName, bytes );
- }
-
- if ( rB == null || rB[1] == 0 )
- {
- LOG.debug( methodName + " no password policy for user" );
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.NOT_PW_POLICY_ENABLED, "NO PW POLICY ENABLED FOR USER", Warning.Type.PASSWORD ) );
- }
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} byte[]={}", methodName, Arrays.toString( rB ) );
- LOG.debug( "control.toString()={}", con.toString() );
- }
-
- int indx = 0;
- int lBerObjType = getInt( rB[indx++] );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} BER encoded object type={}", methodName, lBerObjType );
- }
-
- int msgLen = getInt( rB[indx++] );
-
- while ( indx < msgLen )
- {
- switch ( rB[indx++] )
- {
- case ( byte ) 0xa0:
- // BER Encoded byte array:
- //client: 00110000 00000101 10100000
- // ^
- // PPOLICY_WARNING 0xa0
- int policyWarnLen = getInt( rB[indx++] );
-
- switch ( rB[indx++] )
- {
- case ( byte ) 0xa0:
- case ( byte ) 0x80:
- //pwMsg.setWarningId( GlobalPwMsgIds.PASSWORD_EXPIRATION_WARNING );
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.PASSWORD_EXPIRATION_WARNING, "PASSWORD HAS EXPIRED", Warning.Type.PASSWORD ) );
- // BER Encoded byte array:
- // client: 00110000 00000110 10100000 00000100 10100000 00000010 00000010 00100100
- // ^ ^ ^
- // PPOLICY_WARNING 0xa0 PPOLICY_EXPIRE 0xa0 EXP int==(decimal 548) 1000100100
- int expLength = getInt( rB[indx++] );
- int expire = getInt( rB[indx++] );
-
- for ( int k = 1; k < expLength; k++ )
- {
- expire = expire << 8;
- int next = getInt( rB[indx++] );
- expire = expire | next;
- }
-
- pwMsg.setExpirationSeconds( expire );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} User:{}, password expires in: {} seconds.", methodName, pwMsg.getUserId(), expire );
- }
-
- break;
-
- case ( byte ) 0xa1:
- case ( byte ) 0x81:
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.PASSWORD_GRACE_WARNING, "PASSWORD IN GRACE", Warning.Type.PASSWORD ) );
- // BER Encoded byte array:
- //client: 00110000 00000101 10100000 00000011 10100001 00000001 01100100
- // ^ ^ ^
- // PPOLICY_WARNING 0xa0 PPOLICY_GRACE 0xa1 grace integer value
- int graceLen = getInt( rB[indx++] );
- int grace = getInt( rB[indx++] );
-
- for ( int k = 1; k < graceLen; k++ )
- {
- grace = grace << 8;
- int next = getInt( rB[indx++] );
- grace = grace | next;
- }
-
- pwMsg.setGraceLogins( grace );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} UserId:{}, # logins left={}", methodName, pwMsg.getUserId() + grace );
- }
-
- break;
-
- default:
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.INVALID_PASSWORD_MESSAGE, "INVALID PASSWORD", Warning.Type.PASSWORD ) );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} UserId:{}, Invalid PPOlicy Type", methodName, pwMsg.getUserId() );
- }
-
- break;
- }
-
- break;
-
- case ( byte ) 0xa1:
- case ( byte ) 0x81:
- // BER Encoded byte array:
- //client: 00110000 00001011 10100000 00000110 10100000 00000100 00000001 11100001 00110011 01111101 10100001 00000001 00000010
- // ^ ^ ^ ^ ^
- // PPOLICY_WARNING 0xa0 PPOLICY_EXPIRE 0xa0 expire int==(decimal 100) PPOLICY_ERR 0xa1 ERR #==2
- int errLen = getInt( rB[indx++] );
- int err = getInt( rB[indx++] );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} UserId:{}, PPOLICY_ERROR={}", methodName, pwMsg.getUserId(), err);
- }
-
- switch ( err )
- {
- case 0:
- pwMsg.setErrorId( GlobalPwMsgIds.PASSWORD_HAS_EXPIRED );
- break;
-
- case 1:
- pwMsg.setErrorId( GlobalPwMsgIds.ACCOUNT_LOCKED );
- break;
-
- case 2:
- pwMsg.setErrorId( GlobalPwMsgIds.CHANGE_AFTER_RESET );
- break;
-
- case 3:
- pwMsg.setErrorId( GlobalPwMsgIds.NO_MODIFICATIONS );
- break;
-
- case 4:
- pwMsg.setErrorId( GlobalPwMsgIds.MUST_SUPPLY_OLD );
- break;
-
- case 5:
- pwMsg.setErrorId( GlobalPwMsgIds.INSUFFICIENT_QUALITY );
- break;
-
- case 6:
- pwMsg.setErrorId( GlobalPwMsgIds.PASSWORD_TOO_SHORT );
- break;
-
- case 7:
- pwMsg.setErrorId( GlobalPwMsgIds.PASSWORD_TOO_YOUNG );
- break;
-
- case 8:
- pwMsg.setErrorId( GlobalPwMsgIds.HISTORY_VIOLATION );
- break;
-
- case 65535:
- pwMsg.setErrorId( GlobalPwMsgIds.GOOD );
- break;
-
- default:
- pwMsg.setErrorId( GlobalPwMsgIds.INVALID_PASSWORD_MESSAGE );
- break;
- }
-
- break;
-
- default:
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.INVALID_PASSWORD_MESSAGE, "INVALID POLICY MESSAGE TYPE", Warning.Type.PASSWORD ) );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} userId:{}, Invalid PPOlicy Message Type", methodName, pwMsg.getUserId());
- }
-
- break;
- }
- }
- }
- else
- {
- pwMsg.setWarning( new ObjectFactory().createWarning( GlobalPwMsgIds.INVALID_PASSWORD_MESSAGE, "CANNOT PROCESS OPENLDAP POLICY CONTROL", Warning.Type.PASSWORD ) );
-
- if ( LOG.isDebugEnabled() )
- {
- LOG.debug( "{} UserId:{}, Can't process LDAP control.", methodName, pwMsg.getUserId() );
- }
- }
- }
- }
- }
-
-
- /**
- * @param bte
- * @return int
- */
- private static int getInt( byte bte )
- {
- return bte & 0xff;
- }
-
-
- /**
- * Description of the Method
- *
- * @param ch Description of the Parameter
- * @return Description of the Return Value
- */
- private static String printRawData( byte ch )
- {
- int B0 = 0x01;
- int B1 = 0x02;
- int B2 = 0x04;
- int B3 = 0x08;
- int B4 = 0x10;
- int B5 = 0x20;
- int B6 = 0x40;
- int B7 = 0x80;
-
- String byteString;
- if ( ( ch & B7 ) != 0 )
- {
- byteString = "1";
- }
- else
- {
- byteString = "0";
- }
- if ( ( ch & B6 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B5 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B4 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B3 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B2 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B1 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- if ( ( ch & B0 ) != 0 )
- {
- byteString += "1";
- }
- else
- {
- byteString += "0";
- }
- byteString += " ";
- return byteString;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/ldap/package.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/package.html b/src/main/java/org/apache/directory/fortress/core/ldap/package.html
index cffad11..176793a 100755
--- a/src/main/java/org/apache/directory/fortress/core/ldap/package.html
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/package.html
@@ -23,7 +23,7 @@
</head>
<body>
<p>
- This package uses <a href="http://www.unboundid.com/products/ldap-sdk/">UnboundID LDAP SDK for Java</a> to provide ldap data access along with a custom, hybrid connection pooling mechanism to maintain connections with the ldap server.
+ This package uses <a href="http://directory.apache.org/api/">Apache Directory LDAP APIā¢</a> to provide ldap data access.
</p>
<p>
The <b>org.apache.directory.fortress.ldap</b> package provides ldap system functionality for the fortress DAO classes. The apis contained within this package are for fortress use only.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/overview.html b/src/main/java/org/apache/directory/fortress/core/overview.html
index 49ccc8f..c5a0ca0 100755
--- a/src/main/java/org/apache/directory/fortress/core/overview.html
+++ b/src/main/java/org/apache/directory/fortress/core/overview.html
@@ -55,7 +55,6 @@
<ol>
<li><a href="http://www.openldap.org/project/">The OpenLDAP Project</a></li>
<li><a href="http://www.apache.org/">The Apache Software Foundation</a></li>
- <li><a href="http://www.unboundid.com/">UnboundID</a></li>
<li><a href="http://www.eigenbase.org/">The Eigenbase Project</a></li>
<li><a href="http://ehcache.org/">Ehcache</a></li>
</ol>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/49e82a58/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java b/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
index f9e017c..d6c2b85 100644
--- a/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
+++ b/src/main/java/org/apache/directory/fortress/core/rbac/AccelMgrImpl.java
@@ -25,7 +25,6 @@ import java.util.List;
import org.apache.directory.fortress.core.AccelMgr;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.SecurityException;
-import org.apache.directory.fortress.core.rbac.dao.AcceleratorDAO;
import org.apache.directory.fortress.core.util.attr.VUtil;
@@ -70,7 +69,7 @@ import org.apache.directory.fortress.core.util.attr.VUtil;
public class AccelMgrImpl extends Manageable implements AccelMgr
{
private static final String CLS_NM = AccessMgrImpl.class.getName();
- private static final AcceleratorDAO aDao = new org.apache.directory.fortress.core.rbac.dao.apache.AcceleratorDAO();
+ private static final AcceleratorDAO aDao = new org.apache.directory.fortress.core.rbac.AcceleratorDAO();
/**