You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by dl...@apache.org on 2006/01/18 01:39:44 UTC
svn commit: r369984 -
/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/
Author: dlestrat
Date: Tue Jan 17 16:39:39 2006
New Revision: 369984
URL: http://svn.apache.org/viewcvs?rev=369984&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-470
Contributions from Davy De Waele.
Added:
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
Modified:
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java Tue Jan 17 16:39:39 2006
@@ -197,6 +197,54 @@
throw new SecurityException(e);
}
}
+
+ /**
+ * <p>
+ * Searches the LDAP server for the group with the specified uid attribute.
+ * </p>
+ *
+ * @return the user's DN
+ */
+ public String lookupGroupByUid(final String uid) throws SecurityException
+ {
+ validateUid(uid);
+
+ try
+ {
+ SearchControls cons = setSearchControls();
+ NamingEnumeration searchResults = searchGroupByWildcardedUid(uid, cons);
+
+ return getFirstDnForUid(searchResults);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
+
+ /**
+ * <p>
+ * Searches the LDAP server for the role with the specified uid attribute.
+ * </p>
+ *
+ * @return the user's DN
+ */
+ public String lookupRoleByUid(final String uid) throws SecurityException
+ {
+ validateUid(uid);
+
+ try
+ {
+ SearchControls cons = setSearchControls();
+ NamingEnumeration searchResults = searchRoleByWildcardedUid(uid, cons);
+
+ return getFirstDnForUid(searchResults);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
/**
* <p>
@@ -257,6 +305,44 @@
return searchResults;
}
+
+ /**
+ * <p>
+ * Search uid by wild card.
+ * </p>
+ *
+ * @param filter The filter.
+ * @param cons The {@link SearchControls}
+ * @return The {@link NamingEnumeration}
+ * @throws NamingException Throws a {@link NamingEnumeration}.
+ */
+ protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException
+ {
+ String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
+ + "jetspeed-2-group" + "))";
+ NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+
+ return searchResults;
+ }
+
+ /**
+ * <p>
+ * Search uid by wild card.
+ * </p>
+ *
+ * @param filter The filter.
+ * @param cons The {@link SearchControls}
+ * @return The {@link NamingEnumeration}
+ * @throws NamingException Throws a {@link NamingEnumeration}.
+ */
+ protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException
+ {
+ String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
+ + "jetspeed-2-role" + "))";
+ NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+
+ return searchResults;
+ }
/**
* <p>
@@ -281,6 +367,18 @@
{
return this.ldapBindingConfig.getGroupsOu();
}
+
+ /**
+ * <p>
+ * Returns the roles .
+ * </p>
+ *
+ * @return The rolesOu.
+ */
+ protected String getRolesOu()
+ {
+ return this.ldapBindingConfig.getRolesOu();
+ }
/**
* <p>
@@ -314,4 +412,17 @@
* @return a String containing the LDAP object class name.
*/
protected abstract String getObjectClass();
+
+
+ /**
+ * <p>
+ * A template method that returns the LDAP entry prefix of the concrete DAO.
+ * </p>
+ *
+ * TODO : this should be in spring config
+ *
+ * @return a String containing the LDAP entry prefix name.
+ */
+ protected abstract String getEntryPrefix();
+
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java Tue Jan 17 16:39:39 2006
@@ -68,6 +68,7 @@
{
initOu(getUsersOu());
initOu(getGroupsOu());
+ initOu(getRolesOu());
}
/**
@@ -115,5 +116,10 @@
return attrs;
}
+
+ protected String getEntryPrefix()
+ {
+ return null;
+ }
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java Tue Jan 17 16:39:39 2006
@@ -58,6 +58,9 @@
/** The groups ou. */
private String groupsOu;
+
+ /** The roles ou. */
+ private String rolesOu;
/** The ldap properties. */
private PropertiesConfiguration props = null;
@@ -74,7 +77,7 @@
* @param gou The groups organization unit.
*/
public LdapBindingConfig(String factory, String name, String port, String suffix, String context, String dn,
- String password, String uou, String gou)
+ String password, String uou, String goups,String roles)
{
try
{
@@ -86,7 +89,8 @@
rootDn = dn;
rootPassword = password;
usersOu = uou;
- groupsOu = gou;
+ groupsOu = goups;
+ rolesOu = roles;
new InitLdapSchema(this);
}
catch (SecurityException se)
@@ -119,6 +123,7 @@
rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
usersOu = props.getString("org.apache.jetspeed.ldap.ou.users");
groupsOu = props.getString("org.apache.jetspeed.ldap.ou.groups");
+ rolesOu = props.getString("org.apache.jetspeed.ldap.ou.roles");
new InitLdapSchema(this);
}
catch (ConfigurationException ce)
@@ -278,4 +283,12 @@
{
this.usersOu = usersOu;
}
+
+ public String getRolesOu() {
+ return rolesOu;
+ }
+
+ public void setRolesOu(String rolesOu) {
+ this.rolesOu = rolesOu;
+ }
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java Tue Jan 17 16:39:39 2006
@@ -17,9 +17,11 @@
import java.security.Principal;
+import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
import org.apache.commons.lang.StringUtils;
import org.apache.jetspeed.security.SecurityException;
@@ -36,7 +38,7 @@
public class LdapGroupDaoImpl extends LdapPrincipalDaoImpl
{
- /**
+ /**
* <p>
* Default constructor.
* </p>
@@ -79,6 +81,7 @@
classes.add("jetspeed-2-group");
attrs.put(classes);
attrs.put("uid", principalUid);
+ attrs.put("cn", principalUid);
attrs.put("ou", getGroupsOu());
return attrs;
}
@@ -124,4 +127,10 @@
{
return "jetspeed-2-group";
}
+
+ protected String getEntryPrefix() {
+ return "cn";
+ }
+
+
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java Tue Jan 17 16:39:39 2006
@@ -33,6 +33,7 @@
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.UserPrincipal;
import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
/**
@@ -46,7 +47,7 @@
private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class);
/** The uid attribute name. */
- protected static final String UID_ATTR_NAME = "uid";
+ protected String UID_ATTR_NAME = "uid";
/**
* <p>
@@ -101,7 +102,7 @@
Attributes attrs = defineLdapAttributes(principalUid);
try
{
- String userDn = "uid=" + principalUid + getDnSuffix();
+ String userDn = getEntryPrefix() + "=" + principalUid + getDnSuffix();
ctx.createSubcontext(userDn, attrs);
if (logger.isDebugEnabled())
{
@@ -169,6 +170,10 @@
{
ldapAcceptableName = convertUidWithoutSlashes(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPath));
}
+ else if (fullPath.indexOf(GroupPrincipal.PREFS_ROLE_ROOT) >= 0)
+ {
+ ldapAcceptableName = convertUidWithoutSlashes(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPath));
+ }
if (logger.isErrorEnabled())
{
logger.debug("Ldap acceptable name:" + ldapAcceptableName);
@@ -260,6 +265,7 @@
Principal principal = makePrincipal(uid);
principals.add(principal);
+
}
}
Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java?rev=369984&view=auto
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java (added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java Tue Jan 17 16:39:39 2006
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * <p>
+ * DAO for handling group objects.
+ * </p>
+ *
+ * @author Davy De Waele
+ */
+public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
+{
+
+ protected String UID_ATTR_NAME = "cn";
+
+ /**
+ * <p>
+ * Default constructor.
+ * </p>
+ *
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ public LdapRoleDaoImpl() throws SecurityException
+ {
+ super();
+ }
+
+ /**
+ * <p>
+ * Initializes the dao.
+ * </p>
+ *
+ * @param ldapConfig Holds the ldap binding configuration.
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
+ {
+ super(ldapConfig);
+ }
+
+ /**
+ * <p>
+ * A template method for defining the attributes for a particular LDAP class.
+ * </p>
+ *
+ * @param principalUid The principal uid.
+ * @return The LDAP attributes object for the particular class.
+ */
+ protected Attributes defineLdapAttributes(final String principalUid)
+ {
+ Attributes attrs = new BasicAttributes(true);
+ BasicAttribute classes = new BasicAttribute("objectclass");
+
+ classes.add("top");
+ classes.add("uidObject");
+ classes.add("jetspeed-2-role");
+ attrs.put(classes);
+ attrs.put("uid", principalUid);
+ attrs.put("cn", principalUid);
+ attrs.put("ou", getRolesOu());
+ return attrs;
+ }
+
+ /**
+ * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+ */
+ protected String getDnSuffix()
+ {
+ String suffix = "";
+ if (!StringUtils.isEmpty(getRolesOu()))
+ {
+ suffix += ",ou=" + getRolesOu();
+ }
+ if (!StringUtils.isEmpty(getDefaultDnSuffix()))
+ {
+ suffix += getDefaultDnSuffix();
+ }
+ return suffix;
+ }
+
+ /**
+ * <p>
+ * Creates a GroupPrincipal object.
+ * </p>
+ *
+ * @param principalUid The principal uid.
+ * @return A group principal object.
+ */
+ protected Principal makePrincipal(String principalUid)
+ {
+ return new RolePrincipalImpl(principalUid);
+ }
+
+ /**
+ * <p>
+ * A template method that returns the LDAP object class of the concrete DAO.
+ * </p>
+ *
+ * @return A String containing the LDAP object class name.
+ */
+ protected String getObjectClass()
+ {
+ return "jetspeed-2-role";
+ }
+
+ protected String getEntryPrefix() {
+ return "cn";
+ }
+}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java Tue Jan 17 16:39:39 2006
@@ -15,6 +15,11 @@
*/
package org.apache.jetspeed.security.spi.impl.ldap;
+import java.util.Hashtable;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
@@ -39,7 +44,7 @@
/** The password attribute. */
private static final String PASSWORD_ATTR_NAME = "userPassword";
-
+
/**
* <p>
* Default constructor.
@@ -64,7 +69,7 @@
public LdapUserCredentialDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
{
super(ldapConfig);
- }
+ }
/**
* <p>
@@ -97,13 +102,32 @@
* @param uid The uid.
* @param password The password.
* @throws SecurityException Throws a {@link SecurityException}.
- */
+ */
public boolean authenticate(final String uid, final String password) throws SecurityException
{
validateUid(uid);
validatePassword(password);
- String savedPassword = String.valueOf(getPassword(uid));
- return (savedPassword.equals(password));
+ try
+ {
+ Hashtable env = this.ctx.getEnvironment();
+ String savedPassword = String.valueOf(getPassword(uid));
+ String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
+ String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
+ env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + ",ou=" + getUsersOu() + "," + getRootContext());
+ env.put(Context.SECURITY_CREDENTIALS,password);
+ InitialContext ctx = new InitialContext(env);
+ env.put(Context.SECURITY_PRINCIPAL,oldUsername);
+ env.put(Context.SECURITY_CREDENTIALS,oldCredential);
+ return true;
+ }
+ catch (AuthenticationException e)
+ {
+ return false;
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
}
/**
@@ -162,7 +186,8 @@
Attributes userAttributes = getFirstUser(results);
- return convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+ char[] rawPassword = convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+ return rawPassword;
}
/**
@@ -250,4 +275,8 @@
{
return "jetspeed-2-user";
}
+
+ protected String getEntryPrefix() {
+ return "uid";
+ }
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java Tue Jan 17 16:39:39 2006
@@ -51,6 +51,29 @@
/**
* <p>
+ * Add a user to a group.
+ * </p>
+ *
+ * @param userPrincipalUid The user principal.
+ * @param rolePrincipalUid The role principal.
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Remove a user from a group.
+ * </p>
+ *
+ * @param userPrincipalUid The user principal.
+ * @param rolePrincipalUid The role principal.
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException;
+
+
+ /**
+ * <p>
* Return an array of the group principal UIDS that belong to a specific user.
* </p>
*
@@ -59,6 +82,17 @@
* @throws SecurityException A {@link SecurityException}.
*/
String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Return an array of the role principal UIDS that belong to a specific user.
+ * </p>
+ *
+ * @param userPrincipalUid The user principal uid.
+ * @return The array of group uids asociated with this user
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException;
/**
* <p>
@@ -70,4 +104,50 @@
* @throws SecurityException A {@link SecurityException}.
*/
String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Return an array of the user principal uids that belong to a role.
+ * </p>
+ *
+ * @param rolePrincipalUid The role uid.
+ * @return The array of user uids asociated with this group
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Return an array of the role principal UIDS that belong to a specific group.
+ * </p>
+ *
+ * @param groupPrincipalUid The group principal uid.
+ * @return The array of role uids asociated with this user
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Add a role to a group.
+ * </p>
+ *
+ * @param groupPrincipalUid The group principal.
+ * @param rolePrincipalUid The role principal.
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException;
+
+ /**
+ * <p>
+ * Remove a role from a group.
+ * </p>
+ *
+ * @param groupPrincipalUid The group principal.
+ * @param rolePrincipalUid The role principal.
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException;
+
+
}
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java Tue Jan 17 16:39:39 2006
@@ -33,7 +33,9 @@
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.GroupPrincipal;
import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
/**
@@ -48,6 +50,9 @@
/** The group attribute name. */
private static final String GROUP_ATTR_NAME = "j2-group";
+ /** The role attribute name. */
+ private static final String ROLE_ATTR_NAME = "j2-role";
+
/**
* <p>
* Default constructor.
@@ -120,6 +125,55 @@
{
modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
}
+
+ /**
+ * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
+ * java.lang.String)
+ */
+ public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
+ {
+ modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+ }
+
+ /**
+ * <p>
+ * Replace or delete the role attribute.
+ * </p>
+ *
+ * @param userPrincipalUid
+ * @param rolePrincipalUid
+ * @param operationType whether to replace or remove the specified user group from the user
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ private void modifyUserRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+ throws SecurityException
+ {
+ validateUid(userPrincipalUid);
+ validateUid(rolePrincipalUid);
+ String userDn = lookupByUid(userPrincipalUid);
+
+ try
+ {
+ String rdn = getSubcontextName(userDn);
+ Attributes attrs = new BasicAttributes(false);
+
+ attrs.put("j2-role", rolePrincipalUid);
+ ctx.modifyAttributes(rdn, operationType, attrs);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
+
+ /**
+ * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+ * java.lang.String)
+ */
+ public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
+ {
+ modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+ }
/**
* <p>
@@ -223,6 +277,88 @@
throw new SecurityException(e);
}
}
+
+ /**
+ * <p>
+ * Return an array of the roles that belong to a group.
+ * </p>
+ *
+ * @param groupPrincipalUid The group principal uid.
+ * @return The array of user uids asociated with this group
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
+ {
+ validateUid(groupPrincipalUid);
+ SearchControls cons = setSearchControls();
+ NamingEnumeration results;
+ try
+ {
+ List userPrincipalUids = new ArrayList();
+ results = searchRolesByGroup(groupPrincipalUid, cons);
+ while (results.hasMore())
+ {
+ SearchResult result = (SearchResult) results.next();
+ Attributes answer = result.getAttributes();
+
+ userPrincipalUids.addAll(getAttributes(getAttribute(ROLE_ATTR_NAME, answer)));
+ }
+ return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
+
+ /**
+ * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
+ * java.lang.String)
+ */
+ public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
+ {
+ modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+ }
+
+ /**
+ * <p>
+ * Replace or delete the user group attribute.
+ * </p>
+ *
+ * @param userPrincipalUid
+ * @param groupPrincipalUid
+ * @param operationType whether to replace or remove the specified user group from the user
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ private void modifyGroupRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+ throws SecurityException
+ {
+ validateUid(groupPrincipalUid);
+ validateUid(rolePrincipalUid);
+ String userDn = lookupGroupByUid(groupPrincipalUid);
+ try
+ {
+ String rdn = getSubcontextName(userDn);
+ Attributes attrs = new BasicAttributes(false);
+
+ attrs.put("j2-role", rolePrincipalUid);
+ ctx.modifyAttributes(rdn, operationType, attrs);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
+
+ /**
+ * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+ * java.lang.String)
+ */
+ public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
+ {
+ modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+ }
+
/**
* <p>
@@ -237,19 +373,102 @@
private NamingEnumeration searchUserByGroup(final String groupPrincipalUid, SearchControls cons)
throws NamingException
{
- String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass()
- + "))";
+ String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))";
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("query[" + query + "]");
+ }
+ NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
+
+ return searchResults;
+ }
+
+ /**
+ * <p>
+ * Search user by group.
+ * </p>
+ *
+ * @param groupPrincipalUid
+ * @param cons
+ * @return
+ * @throws NamingException A {@link NamingException}.
+ */
+ private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
+ throws NamingException
+ {
+ String query = "(&(" + UID_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + "jetspeed-2-group" + "))";
if (logger.isDebugEnabled())
{
logger.debug("query[" + query + "]");
}
- NamingEnumeration searchResults = ((DirContext) ctx).search("", "(&(" + GROUP_ATTR_NAME + "="
- + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))", cons);
+ NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
return searchResults;
}
+
+
+
+
+ /**
+ * <p>
+ * Return an array of the user principal UIDS that belong to a group.
+ * </p>
+ *
+ * @param groupPrincipalUid The group principal uid.
+ * @return The array of user uids asociated with this group
+ * @throws SecurityException A {@link SecurityException}.
+ */
+ public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+ {
+ validateUid(rolePrincipalUid);
+ SearchControls cons = setSearchControls();
+ NamingEnumeration results;
+ try
+ {
+ List userPrincipalUids = new ArrayList();
+ results = searchUserByRole(rolePrincipalUid, cons);
+ while (results.hasMore())
+ {
+ SearchResult result = (SearchResult) results.next();
+ Attributes answer = result.getAttributes();
+
+ userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
+ }
+ return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
/**
+ * <p>
+ * Search user by group.
+ * </p>
+ *
+ * @param groupPrincipalUid
+ * @param cons
+ * @return
+ * @throws NamingException A {@link NamingException}.
+ */
+ private NamingEnumeration searchUserByRole(final String rolePrincipalUid, SearchControls cons)
+ throws NamingException
+ {
+
+ String query = "(&(" + ROLE_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + getObjectClass()
+ + "))";
+ if (logger.isDebugEnabled())
+ {
+ logger.debug("query[" + query + "]");
+ }
+ NamingEnumeration searchResults = ((DirContext) ctx).search("", query, cons);
+
+ return searchResults;
+ }
+
+
+ /**
* @param userPrincipalUid
* @return the array of group uids asociated with this user
* @throws SecurityException
@@ -293,6 +512,51 @@
return (String[]) uids.toArray(new String[uids.size()]);
}
+
+ /**
+ * @param userPrincipalUid
+ * @return the array of group uids asociated with this user
+ * @throws SecurityException
+ */
+ public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+ {
+ validateUid(userPrincipalUid);
+ SearchControls cons = setSearchControls();
+ NamingEnumeration results;
+ try
+ {
+ results = searchByWildcardedUid(userPrincipalUid, cons);
+ return getRoles(results, userPrincipalUid);
+ }
+ catch (NamingException e)
+ {
+ throw new SecurityException(e);
+ }
+ }
+
+ /**
+ * <p>
+ * Get the groups.
+ * </p>
+ *
+ * @param results
+ * @param uid
+ * @return
+ * @throws NamingException
+ */
+ private String[] getRoles(final NamingEnumeration results, final String uid) throws NamingException
+ {
+ if (!results.hasMore())
+ {
+ throw new NamingException("Could not find any user with uid[" + uid + "]");
+ }
+
+ Attributes userAttributes = getFirstUser(results);
+
+ List uids = getAttributes(getAttribute(ROLE_ATTR_NAME, userAttributes));
+ return (String[]) uids.toArray(new String[uids.size()]);
+ }
+
/**
* @param results
* @return
@@ -324,4 +588,8 @@
}
return uids;
}
+
+ protected String getEntryPrefix() {
+ return "uid";
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org