1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl; |
18 |
|
|
19 |
|
import java.util.ArrayList; |
20 |
|
import java.util.Arrays; |
21 |
|
import java.util.List; |
22 |
|
|
23 |
|
import javax.naming.NamingException; |
24 |
|
|
25 |
|
import org.apache.commons.lang.StringUtils; |
26 |
|
import org.apache.commons.logging.Log; |
27 |
|
import org.apache.commons.logging.LogFactory; |
28 |
|
import org.apache.jetspeed.security.RolePrincipal; |
29 |
|
import org.apache.jetspeed.security.SecurityException; |
30 |
|
import org.apache.jetspeed.security.impl.RolePrincipalImpl; |
31 |
|
import org.apache.jetspeed.security.spi.RoleSecurityHandler; |
32 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl; |
33 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao; |
34 |
|
|
35 |
|
public class LdapRoleSecurityHandler implements RoleSecurityHandler { |
36 |
|
|
37 |
|
|
38 |
0 |
private static final Log logger = LogFactory.getLog(LdapRoleSecurityHandler.class); |
39 |
|
|
40 |
|
|
41 |
|
private LdapPrincipalDao ldap; |
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
public LdapRoleSecurityHandler(LdapPrincipalDao ldap) |
47 |
0 |
{ |
48 |
0 |
this.ldap = ldap; |
49 |
0 |
} |
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
public LdapRoleSecurityHandler() throws NamingException, SecurityException |
60 |
|
{ |
61 |
0 |
this(new LdapRoleDaoImpl()); |
62 |
0 |
} |
63 |
|
|
64 |
|
public RolePrincipal getRolePrincipal(String roleFullPathName) { |
65 |
0 |
String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(roleFullPathName); |
66 |
0 |
verifyRoleId(roleUidWithoutSlashes); |
67 |
|
try |
68 |
|
{ |
69 |
0 |
String dn = ldap.lookupByUid(roleUidWithoutSlashes); |
70 |
|
|
71 |
0 |
if (!StringUtils.isEmpty(dn)) |
72 |
|
{ |
73 |
0 |
return new RolePrincipalImpl(roleFullPathName); |
74 |
|
} |
75 |
|
} |
76 |
0 |
catch (SecurityException e) |
77 |
|
{ |
78 |
0 |
logSecurityException(e, roleFullPathName); |
79 |
0 |
} |
80 |
0 |
return null; |
81 |
|
} |
82 |
|
|
83 |
|
public void setRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException { |
84 |
0 |
verifyRolePrincipal(rolePrincipal); |
85 |
|
|
86 |
0 |
String fullPath = rolePrincipal.getFullPath(); |
87 |
0 |
String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath); |
88 |
0 |
if (getRolePrincipal(groupUidWithoutSlashes) == null) |
89 |
|
{ |
90 |
0 |
ldap.create(groupUidWithoutSlashes); |
91 |
|
} |
92 |
0 |
} |
93 |
|
|
94 |
|
public void removeRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException { |
95 |
0 |
verifyRolePrincipal(rolePrincipal); |
96 |
|
|
97 |
0 |
String fullPath = rolePrincipal.getFullPath(); |
98 |
0 |
String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath); |
99 |
|
|
100 |
0 |
ldap.delete(roleUidWithoutSlashes); |
101 |
0 |
} |
102 |
|
|
103 |
|
public List getRolePrincipals(String filter) { |
104 |
|
try |
105 |
|
{ |
106 |
0 |
return Arrays.asList(ldap.find(filter, RolePrincipal.PREFS_ROLE_ROOT)); |
107 |
|
} |
108 |
0 |
catch (SecurityException e) |
109 |
|
{ |
110 |
0 |
logSecurityException(e, filter); |
111 |
|
} |
112 |
0 |
return new ArrayList(); |
113 |
|
} |
114 |
|
|
115 |
|
|
116 |
|
|
117 |
|
|
118 |
|
|
119 |
|
|
120 |
|
|
121 |
|
|
122 |
|
private void verifyRoleId(String rolePrincipalUid) |
123 |
|
{ |
124 |
0 |
if (StringUtils.isEmpty(rolePrincipalUid)) |
125 |
|
{ |
126 |
0 |
throw new IllegalArgumentException("The roleId cannot be null or empty."); |
127 |
|
} |
128 |
0 |
} |
129 |
|
|
130 |
|
|
131 |
|
|
132 |
|
|
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
|
137 |
|
|
138 |
|
private void logSecurityException(SecurityException e, String groupPrincipalUid) |
139 |
|
{ |
140 |
0 |
if (logger.isErrorEnabled()) |
141 |
|
{ |
142 |
0 |
logger.error("An LDAP error has occurred for groupId:" + groupPrincipalUid, e); |
143 |
|
} |
144 |
0 |
} |
145 |
|
|
146 |
|
|
147 |
|
|
148 |
|
|
149 |
|
|
150 |
|
|
151 |
|
|
152 |
|
|
153 |
|
private void verifyRolePrincipal(RolePrincipal rolePrincipal) |
154 |
|
{ |
155 |
0 |
if (rolePrincipal == null) |
156 |
|
{ |
157 |
0 |
throw new IllegalArgumentException("The RolePrincipal cannot be null or empty."); |
158 |
|
} |
159 |
0 |
} |
160 |
|
} |