1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.util.HashSet; |
21 |
|
import java.util.Set; |
22 |
|
import java.util.prefs.Preferences; |
23 |
|
|
24 |
|
import javax.naming.NamingException; |
25 |
|
|
26 |
|
import org.apache.commons.logging.Log; |
27 |
|
import org.apache.commons.logging.LogFactory; |
28 |
|
import org.apache.jetspeed.security.GroupPrincipal; |
29 |
|
import org.apache.jetspeed.security.HierarchyResolver; |
30 |
|
import org.apache.jetspeed.security.RolePrincipal; |
31 |
|
import org.apache.jetspeed.security.SecurityException; |
32 |
|
import org.apache.jetspeed.security.UserPrincipal; |
33 |
|
import org.apache.jetspeed.security.impl.GeneralizationHierarchyResolver; |
34 |
|
import org.apache.jetspeed.security.impl.GroupPrincipalImpl; |
35 |
|
import org.apache.jetspeed.security.impl.RolePrincipalImpl; |
36 |
|
import org.apache.jetspeed.security.impl.UserPrincipalImpl; |
37 |
|
import org.apache.jetspeed.security.spi.SecurityMappingHandler; |
38 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl; |
39 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao; |
40 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl; |
41 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao; |
42 |
|
import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl; |
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
public class LdapSecurityMappingHandler implements SecurityMappingHandler |
50 |
|
{ |
51 |
|
|
52 |
|
private LdapUserPrincipalDao userDao; |
53 |
|
|
54 |
|
private LdapPrincipalDao groupDao; |
55 |
|
|
56 |
|
private LdapPrincipalDao roleDao; |
57 |
|
|
58 |
|
|
59 |
0 |
private static final Log LOG = LogFactory.getLog(LdapSecurityMappingHandler.class); |
60 |
|
|
61 |
|
|
62 |
0 |
private HierarchyResolver roleHierarchyResolver = new GeneralizationHierarchyResolver(); |
63 |
|
|
64 |
|
|
65 |
0 |
private HierarchyResolver groupHierarchyResolver = new GeneralizationHierarchyResolver(); |
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
public LdapSecurityMappingHandler(LdapUserPrincipalDao userDao, LdapPrincipalDao groupDao,LdapPrincipalDao roleDao) |
72 |
0 |
{ |
73 |
0 |
this.userDao = userDao; |
74 |
0 |
this.groupDao = groupDao; |
75 |
0 |
this.roleDao = roleDao; |
76 |
0 |
} |
77 |
|
|
78 |
|
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
public LdapSecurityMappingHandler() throws SecurityException, NamingException |
83 |
0 |
{ |
84 |
0 |
this.userDao = new LdapUserPrincipalDaoImpl(); |
85 |
0 |
this.groupDao = new LdapGroupDaoImpl(); |
86 |
0 |
this.roleDao = new LdapRoleDaoImpl(); |
87 |
0 |
} |
88 |
|
|
89 |
|
|
90 |
|
|
91 |
|
|
92 |
|
public HierarchyResolver getRoleHierarchyResolver() |
93 |
|
{ |
94 |
0 |
return roleHierarchyResolver; |
95 |
|
} |
96 |
|
|
97 |
|
|
98 |
|
|
99 |
|
|
100 |
|
public void setRoleHierarchyResolver(HierarchyResolver roleHierarchyResolver) |
101 |
|
{ |
102 |
0 |
this.roleHierarchyResolver = roleHierarchyResolver; |
103 |
0 |
} |
104 |
|
|
105 |
|
|
106 |
|
|
107 |
|
|
108 |
|
public HierarchyResolver getGroupHierarchyResolver() |
109 |
|
{ |
110 |
0 |
return groupHierarchyResolver; |
111 |
|
} |
112 |
|
|
113 |
|
|
114 |
|
|
115 |
|
|
116 |
|
public void setGroupHierarchyResolver(HierarchyResolver groupHierarchyResolver) |
117 |
|
{ |
118 |
0 |
this.groupHierarchyResolver = groupHierarchyResolver; |
119 |
0 |
} |
120 |
|
|
121 |
|
|
122 |
|
|
123 |
|
|
124 |
|
public Set getRolePrincipals(String username) |
125 |
|
{ |
126 |
0 |
Set rolePrincipals = new HashSet(); |
127 |
|
String[] roles; |
128 |
|
try |
129 |
|
{ |
130 |
0 |
roles = userDao.getRoleUidsForUser(username); |
131 |
0 |
for (int i = 0; i < roles.length; i++) |
132 |
|
{ |
133 |
0 |
createResolvedRolePrincipalSet(username, rolePrincipals, roles, i); |
134 |
|
} |
135 |
|
} |
136 |
0 |
catch (SecurityException e) |
137 |
|
{ |
138 |
0 |
LOG.error(e); |
139 |
0 |
} |
140 |
0 |
return rolePrincipals; |
141 |
|
|
142 |
|
} |
143 |
|
|
144 |
|
|
145 |
|
|
146 |
|
|
147 |
|
|
148 |
|
public void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException |
149 |
|
{ |
150 |
0 |
verifyUserAndRoleExist(username, roleFullPathName); |
151 |
0 |
addRoleToUser(username, roleFullPathName); |
152 |
0 |
} |
153 |
|
|
154 |
|
|
155 |
|
|
156 |
|
|
157 |
|
|
158 |
|
public void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException |
159 |
|
{ |
160 |
0 |
verifyUserAndRoleExist(username, roleFullPathName); |
161 |
0 |
removeUserFromRole(username, roleFullPathName); |
162 |
0 |
} |
163 |
|
|
164 |
|
|
165 |
|
|
166 |
|
|
167 |
|
public Set getRolePrincipalsInGroup(String groupFullPathName) |
168 |
|
{ |
169 |
0 |
Set rolePrincipalsInGroup = new HashSet(); |
170 |
|
String[] roles; |
171 |
|
try |
172 |
|
{ |
173 |
|
|
174 |
0 |
roles = userDao.getRolesForGroup(groupFullPathName); |
175 |
0 |
for (int i = 0; i < roles.length; i++) |
176 |
|
{ |
177 |
0 |
createResolvedRolePrincipalSet(groupFullPathName, rolePrincipalsInGroup, roles, i); |
178 |
|
} |
179 |
|
} |
180 |
0 |
catch (SecurityException e) |
181 |
|
{ |
182 |
0 |
LOG.error(e); |
183 |
0 |
} |
184 |
0 |
return rolePrincipalsInGroup; |
185 |
|
} |
186 |
|
|
187 |
|
|
188 |
|
|
189 |
|
|
190 |
|
|
191 |
|
public void setRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException |
192 |
|
{ |
193 |
0 |
verifyGroupAndRoleExist(groupFullPathName, roleFullPathName); |
194 |
0 |
addRoleToGroup(groupFullPathName, roleFullPathName); |
195 |
0 |
} |
196 |
|
|
197 |
|
|
198 |
|
|
199 |
|
|
200 |
|
|
201 |
|
public void removeRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException |
202 |
|
{ |
203 |
0 |
verifyGroupAndRoleExist(groupFullPathName, roleFullPathName); |
204 |
0 |
removeRoleFromGroup(groupFullPathName, roleFullPathName); |
205 |
0 |
} |
206 |
|
|
207 |
|
|
208 |
|
|
209 |
|
|
210 |
|
|
211 |
|
|
212 |
|
|
213 |
|
public Set getGroupPrincipals(String userPrincipalUid) |
214 |
|
{ |
215 |
0 |
Set groupPrincipals = new HashSet(); |
216 |
|
|
217 |
|
String[] groups; |
218 |
|
try |
219 |
|
{ |
220 |
0 |
groups = userDao.getGroupUidsForUser(userPrincipalUid); |
221 |
0 |
for (int i = 0; i < groups.length; i++) |
222 |
|
{ |
223 |
0 |
createResolvedGroupPrincipalSet(userPrincipalUid, groupPrincipals, groups, i); |
224 |
|
} |
225 |
|
} |
226 |
0 |
catch (SecurityException e) |
227 |
|
{ |
228 |
0 |
LOG.error(e); |
229 |
0 |
} |
230 |
0 |
return groupPrincipals; |
231 |
|
} |
232 |
|
|
233 |
|
|
234 |
|
|
235 |
|
|
236 |
|
public Set getGroupPrincipalsInRole(String roleFullPathName) |
237 |
|
{ |
238 |
0 |
Set groupPrincipals = new HashSet(); |
239 |
0 |
return groupPrincipals; |
240 |
|
} |
241 |
|
|
242 |
|
|
243 |
|
|
244 |
|
|
245 |
|
public Set getUserPrincipalsInRole(String roleFullPathName) |
246 |
|
{ |
247 |
|
|
248 |
0 |
Set userPrincipals = new HashSet(); |
249 |
0 |
String[] fullPaths = {roleFullPathName}; |
250 |
|
try |
251 |
|
{ |
252 |
0 |
getUserPrincipalsInRole(userPrincipals, fullPaths); |
253 |
|
} |
254 |
0 |
catch (SecurityException e) |
255 |
|
{ |
256 |
0 |
LOG.error(e); |
257 |
0 |
} |
258 |
0 |
return userPrincipals; |
259 |
|
} |
260 |
|
|
261 |
|
|
262 |
|
|
263 |
|
|
264 |
|
|
265 |
|
|
266 |
|
|
267 |
|
|
268 |
|
|
269 |
|
public Set getUserPrincipalsInGroup(String groupFullPathName) |
270 |
|
{ |
271 |
0 |
Set userPrincipals = new HashSet(); |
272 |
|
|
273 |
|
|
274 |
0 |
String[] fullPaths = {groupFullPathName}; |
275 |
|
|
276 |
|
try |
277 |
|
{ |
278 |
0 |
getUserPrincipalsInGroup(userPrincipals, fullPaths); |
279 |
|
} |
280 |
0 |
catch (SecurityException e) |
281 |
|
{ |
282 |
0 |
LOG.error(e); |
283 |
0 |
} |
284 |
0 |
return userPrincipals; |
285 |
|
} |
286 |
|
|
287 |
|
|
288 |
|
|
289 |
|
|
290 |
|
|
291 |
|
|
292 |
|
|
293 |
|
|
294 |
|
|
295 |
|
|
296 |
|
private void getUserPrincipalsInGroup(Set userPrincipals, String[] fullPaths) throws SecurityException |
297 |
|
{ |
298 |
0 |
for (int i = 0; i < fullPaths.length; i++) |
299 |
|
{ |
300 |
0 |
String[] usersInGroup = userDao.getUserUidsForGroup(fullPaths[i]); |
301 |
0 |
for (int y = 0; y < usersInGroup.length; y++) |
302 |
|
{ |
303 |
0 |
Principal userPrincipal = new UserPrincipalImpl(usersInGroup[y]); |
304 |
0 |
userPrincipals.add(userPrincipal); |
305 |
|
} |
306 |
|
} |
307 |
0 |
} |
308 |
|
|
309 |
|
|
310 |
|
|
311 |
|
|
312 |
|
|
313 |
|
|
314 |
|
|
315 |
|
|
316 |
|
|
317 |
|
|
318 |
|
private void getUserPrincipalsInRole(Set userPrincipals, String[] fullPaths) throws SecurityException |
319 |
|
{ |
320 |
0 |
for (int i = 0; i < fullPaths.length; i++) |
321 |
|
{ |
322 |
0 |
String[] usersInRole = userDao.getUserUidsForRole(fullPaths[i]); |
323 |
0 |
for (int y = 0; y < usersInRole.length; y++) |
324 |
|
{ |
325 |
0 |
Principal userPrincipal = new UserPrincipalImpl(usersInRole[y]); |
326 |
0 |
userPrincipals.add(userPrincipal); |
327 |
|
} |
328 |
|
} |
329 |
0 |
} |
330 |
|
|
331 |
|
|
332 |
|
|
333 |
|
|
334 |
|
|
335 |
|
public void setUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException |
336 |
|
{ |
337 |
0 |
verifyUserAndGroupExist(username, groupFullPathName); |
338 |
0 |
addGroupToUser(username, groupFullPathName); |
339 |
0 |
} |
340 |
|
|
341 |
|
|
342 |
|
|
343 |
|
|
344 |
|
|
345 |
|
public void removeUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException |
346 |
|
{ |
347 |
0 |
verifyUserAndGroupExist(username, groupFullPathName); |
348 |
0 |
removeUserFromGroup(username, groupFullPathName); |
349 |
0 |
} |
350 |
|
|
351 |
|
|
352 |
|
|
353 |
|
|
354 |
|
|
355 |
|
private void verifyGroupAndRoleExist(String groupFullPathName, String roleFullPathName) throws SecurityException |
356 |
|
{ |
357 |
0 |
GroupPrincipal group = getGroup(groupFullPathName); |
358 |
0 |
RolePrincipal role = getRole(roleFullPathName); |
359 |
0 |
if ((null == group) && (class="keyword">null == role)) |
360 |
|
{ |
361 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST); |
362 |
|
} |
363 |
0 |
} |
364 |
|
|
365 |
|
|
366 |
|
|
367 |
|
|
368 |
|
|
369 |
|
|
370 |
|
private void verifyUserAndGroupExist(String username, String groupFullPathName) throws SecurityException |
371 |
|
{ |
372 |
0 |
UserPrincipal user = getUser(username); |
373 |
0 |
GroupPrincipal group = getGroup(groupFullPathName); |
374 |
0 |
if ((null == user) && (class="keyword">null == group)) |
375 |
|
{ |
376 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST); |
377 |
|
} |
378 |
0 |
} |
379 |
|
|
380 |
|
|
381 |
|
|
382 |
|
|
383 |
|
|
384 |
|
|
385 |
|
private void verifyUserAndRoleExist(String username, String roleFullPathName) throws SecurityException |
386 |
|
{ |
387 |
0 |
UserPrincipal user = getUser(username); |
388 |
0 |
RolePrincipal role = getRole(roleFullPathName); |
389 |
0 |
if ((null == user) && (class="keyword">null == role)) |
390 |
|
{ |
391 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST); |
392 |
|
} |
393 |
0 |
} |
394 |
|
|
395 |
|
|
396 |
|
|
397 |
|
|
398 |
|
|
399 |
|
|
400 |
|
|
401 |
|
private void createResolvedGroupPrincipalSet(String username, Set groupPrincipals, String[] groups, int i) |
402 |
|
{ |
403 |
0 |
LOG.debug("Group [" + i + "] for user[" + username + "] is [" + groups[i] + "]"); |
404 |
|
|
405 |
0 |
GroupPrincipal group = new GroupPrincipalImpl(groups[i]); |
406 |
0 |
Preferences preferences = Preferences.userRoot().node(group.getFullPath()); |
407 |
0 |
LOG.debug("Group name:" + group.getName()); |
408 |
0 |
String[] fullPaths = groupHierarchyResolver.resolve(preferences); |
409 |
0 |
for (int n = 0; n < fullPaths.length; n++) |
410 |
|
{ |
411 |
0 |
LOG.debug("Group [" + i + "] for user[" + username + "] is [" |
412 |
|
+ GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]) + "]"); |
413 |
0 |
groupPrincipals.add(new GroupPrincipalImpl(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]))); |
414 |
|
} |
415 |
0 |
} |
416 |
|
|
417 |
|
|
418 |
|
|
419 |
|
|
420 |
|
|
421 |
|
|
422 |
|
|
423 |
|
private void createResolvedRolePrincipalSet(String username, Set rolePrincipals, String[] roles, int i) |
424 |
|
{ |
425 |
0 |
LOG.debug("Group [" + i + "] for user[" + username + "] is [" + roles[i] + "]"); |
426 |
|
|
427 |
0 |
RolePrincipal role = new RolePrincipalImpl(roles[i]); |
428 |
0 |
Preferences preferences = Preferences.userRoot().node(role.getFullPath()); |
429 |
0 |
LOG.debug("Group name:" + role.getName()); |
430 |
0 |
String[] fullPaths = roleHierarchyResolver.resolve(preferences); |
431 |
0 |
for (int n = 0; n < fullPaths.length; n++) |
432 |
|
{ |
433 |
0 |
LOG.debug("Group [" + i + "] for user[" + username + "] is [" |
434 |
|
+ RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]) + "]"); |
435 |
0 |
rolePrincipals.add(new RolePrincipalImpl(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]))); |
436 |
|
} |
437 |
0 |
} |
438 |
|
|
439 |
|
|
440 |
|
|
441 |
|
|
442 |
|
|
443 |
|
|
444 |
|
|
445 |
|
private void removeUserFromGroup(String username, String groupFullPathName) throws SecurityException |
446 |
|
{ |
447 |
0 |
userDao.removeGroup(username, groupFullPathName); |
448 |
0 |
} |
449 |
|
|
450 |
|
|
451 |
|
|
452 |
|
|
453 |
|
|
454 |
|
|
455 |
|
private void removeUserFromRole(String username, String roleFullPathName) throws SecurityException |
456 |
|
{ |
457 |
0 |
userDao.removeRole(username, roleFullPathName); |
458 |
0 |
} |
459 |
|
|
460 |
|
private void removeRoleFromGroup(String groupFullPathName, String roleFullPathName)throws SecurityException |
461 |
|
{ |
462 |
0 |
userDao.removeRoleFromGroup(groupFullPathName,roleFullPathName); |
463 |
0 |
} |
464 |
|
|
465 |
|
|
466 |
|
|
467 |
|
|
468 |
|
|
469 |
|
|
470 |
|
|
471 |
|
private UserPrincipal getUser(String uid) throws SecurityException |
472 |
|
{ |
473 |
0 |
Principal[] user = userDao.find(uid, UserPrincipal.PREFS_USER_ROOT); |
474 |
0 |
if (user.length == 1) |
475 |
|
{ |
476 |
0 |
return (UserPrincipal) user[0]; |
477 |
|
} |
478 |
|
else |
479 |
|
{ |
480 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(uid)); |
481 |
|
} |
482 |
|
} |
483 |
|
|
484 |
|
|
485 |
|
|
486 |
|
|
487 |
|
|
488 |
|
|
489 |
|
private GroupPrincipal getGroup(String uid) throws SecurityException |
490 |
|
{ |
491 |
0 |
Principal[] group = groupDao.find(uid, GroupPrincipal.PREFS_GROUP_ROOT); |
492 |
0 |
if (group.length == 1) |
493 |
|
{ |
494 |
0 |
return (GroupPrincipal) group[0]; |
495 |
|
} |
496 |
|
else |
497 |
|
{ |
498 |
0 |
throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(uid)); |
499 |
|
} |
500 |
|
} |
501 |
|
|
502 |
|
|
503 |
|
|
504 |
|
|
505 |
|
|
506 |
|
|
507 |
|
private RolePrincipal getRole(String uid) throws SecurityException |
508 |
|
{ |
509 |
0 |
Principal[] role = roleDao.find(uid, RolePrincipal.PREFS_ROLE_ROOT); |
510 |
|
|
511 |
0 |
if (role.length == 1) |
512 |
|
|
513 |
|
{ |
514 |
0 |
return (RolePrincipal) role[0]; |
515 |
|
} |
516 |
|
else |
517 |
|
{ |
518 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(uid)); |
519 |
|
} |
520 |
|
} |
521 |
|
|
522 |
|
|
523 |
|
|
524 |
|
|
525 |
|
|
526 |
|
|
527 |
|
private void addGroupToUser(String username, String groupFullPathName) throws SecurityException |
528 |
|
{ |
529 |
0 |
userDao.addGroup(username, groupFullPathName); |
530 |
0 |
} |
531 |
|
|
532 |
|
|
533 |
|
|
534 |
|
|
535 |
|
|
536 |
|
|
537 |
|
private void addRoleToUser(String username, String roleFullPathName) throws SecurityException |
538 |
|
{ |
539 |
0 |
userDao.addRole(username, roleFullPathName); |
540 |
0 |
} |
541 |
|
|
542 |
|
|
543 |
|
|
544 |
|
|
545 |
|
|
546 |
|
|
547 |
|
private void addRoleToGroup(String groupFullPathName, String roleFullPathName) throws SecurityException |
548 |
|
{ |
549 |
0 |
userDao.addRoleToGroup(groupFullPathName, roleFullPathName); |
550 |
0 |
} |
551 |
|
|
552 |
|
|
553 |
|
} |