1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl.ldap; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.Collection; |
22 |
|
|
23 |
|
import javax.naming.NamingEnumeration; |
24 |
|
import javax.naming.NamingException; |
25 |
|
import javax.naming.directory.Attribute; |
26 |
|
import javax.naming.directory.Attributes; |
27 |
|
import javax.naming.directory.DirContext; |
28 |
|
import javax.naming.directory.SearchControls; |
29 |
|
import javax.naming.directory.SearchResult; |
30 |
|
|
31 |
|
import org.apache.commons.lang.StringUtils; |
32 |
|
import org.apache.commons.logging.Log; |
33 |
|
import org.apache.commons.logging.LogFactory; |
34 |
|
import org.apache.jetspeed.security.GroupPrincipal; |
35 |
|
import org.apache.jetspeed.security.SecurityException; |
36 |
|
import org.apache.jetspeed.security.UserPrincipal; |
37 |
|
import org.apache.jetspeed.security.impl.GroupPrincipalImpl; |
38 |
|
import org.apache.jetspeed.security.impl.RolePrincipalImpl; |
39 |
|
import org.apache.jetspeed.security.impl.UserPrincipalImpl; |
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
public abstract class LdapPrincipalDaoImpl extends AbstractLdapDao implements LdapPrincipalDao |
47 |
|
{ |
48 |
|
|
49 |
0 |
private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class); |
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
public LdapPrincipalDaoImpl() throws SecurityException |
60 |
|
{ |
61 |
0 |
super(); |
62 |
0 |
} |
63 |
|
|
64 |
|
|
65 |
|
|
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
|
72 |
|
public LdapPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException |
73 |
|
{ |
74 |
0 |
super(ldapConfig); |
75 |
0 |
} |
76 |
|
|
77 |
|
|
78 |
|
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
|
|
84 |
|
|
85 |
|
protected abstract Principal makePrincipal(String principalUid); |
86 |
|
|
87 |
|
|
88 |
|
|
89 |
|
|
90 |
|
|
91 |
|
|
92 |
|
|
93 |
|
|
94 |
|
|
95 |
|
protected abstract Attributes defineLdapAttributes(final String principalUid); |
96 |
|
|
97 |
|
|
98 |
|
|
99 |
|
|
100 |
|
public void create(final String principalUid) throws SecurityException |
101 |
|
{ |
102 |
0 |
Attributes attrs = defineLdapAttributes(principalUid); |
103 |
0 |
logger.debug("creating principal with " + attrs); |
104 |
|
try |
105 |
|
{ |
106 |
0 |
String userDn = getEntryPrefix() + "=" + principalUid; |
107 |
0 |
if (!StringUtils.isEmpty(getDnSuffix())) |
108 |
0 |
userDn+="," + getDnSuffix(); |
109 |
|
|
110 |
0 |
logger.debug("userDn = " + userDn); |
111 |
|
|
112 |
0 |
ctx.createSubcontext(userDn, attrs); |
113 |
0 |
if (logger.isDebugEnabled()) |
114 |
|
{ |
115 |
0 |
logger.debug("Creating user dn: " + userDn); |
116 |
|
} |
117 |
|
} |
118 |
0 |
catch (NamingException e) |
119 |
|
{ |
120 |
0 |
throw new SecurityException(e); |
121 |
0 |
} |
122 |
0 |
} |
123 |
|
|
124 |
|
|
125 |
|
|
126 |
|
|
127 |
|
|
128 |
|
|
129 |
|
|
130 |
|
|
131 |
|
protected abstract String getDnSuffix(); |
132 |
|
|
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
|
137 |
|
|
138 |
|
|
139 |
|
|
140 |
|
protected abstract String getUidAttributeForPrincipal(); |
141 |
|
|
142 |
|
|
143 |
|
|
144 |
|
|
145 |
|
|
146 |
|
public void delete(final String principalUid) throws SecurityException |
147 |
|
{ |
148 |
0 |
String dn = lookupByUid(principalUid); |
149 |
|
|
150 |
0 |
if (dn == null) |
151 |
|
{ |
152 |
0 |
return; |
153 |
|
} |
154 |
|
|
155 |
|
String rdn; |
156 |
|
try |
157 |
|
{ |
158 |
0 |
rdn = getSubcontextName(dn); |
159 |
|
|
160 |
|
|
161 |
0 |
ctx.destroySubcontext(rdn); |
162 |
|
} |
163 |
0 |
catch (NamingException e) |
164 |
|
{ |
165 |
0 |
throw new SecurityException(e); |
166 |
0 |
} |
167 |
0 |
} |
168 |
|
|
169 |
|
|
170 |
|
|
171 |
|
|
172 |
|
public String convertUidToLdapAcceptableName(String fullPath) |
173 |
|
{ |
174 |
0 |
if (logger.isErrorEnabled()) |
175 |
|
{ |
176 |
0 |
logger.debug("Principal fullPath:" + fullPath); |
177 |
|
} |
178 |
0 |
String ldapAcceptableName = fullPath; |
179 |
0 |
if (null == fullPath) |
180 |
|
{ |
181 |
0 |
return ldapAcceptableName; |
182 |
|
} |
183 |
0 |
else if (fullPath.indexOf(UserPrincipal.PREFS_USER_ROOT) >= 0) |
184 |
|
{ |
185 |
0 |
ldapAcceptableName = convertUidWithoutSlashes(UserPrincipalImpl.getPrincipalNameFromFullPath(fullPath)); |
186 |
|
} |
187 |
0 |
else if (fullPath.indexOf(GroupPrincipal.PREFS_GROUP_ROOT) >= 0) |
188 |
|
{ |
189 |
0 |
ldapAcceptableName = convertUidWithoutSlashes(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPath)); |
190 |
|
} |
191 |
0 |
else if (fullPath.indexOf(GroupPrincipal.PREFS_ROLE_ROOT) >= 0) |
192 |
|
{ |
193 |
0 |
ldapAcceptableName = convertUidWithoutSlashes(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPath)); |
194 |
|
} |
195 |
0 |
if (logger.isErrorEnabled()) |
196 |
|
{ |
197 |
0 |
logger.debug("Ldap acceptable name:" + ldapAcceptableName); |
198 |
|
} |
199 |
|
|
200 |
0 |
return ldapAcceptableName; |
201 |
|
} |
202 |
|
|
203 |
|
|
204 |
|
|
205 |
|
|
206 |
|
|
207 |
|
|
208 |
|
|
209 |
|
|
210 |
|
|
211 |
|
private String convertUidWithoutSlashes(String uid) |
212 |
|
{ |
213 |
0 |
String uidWithSlashed = uid.replaceAll("/", "&"); |
214 |
0 |
return uidWithSlashed; |
215 |
|
} |
216 |
|
|
217 |
|
|
218 |
|
|
219 |
|
|
220 |
|
|
221 |
|
public Principal[] find(final String principalUid, String principalType) throws SecurityException |
222 |
|
{ |
223 |
|
try |
224 |
|
{ |
225 |
0 |
SearchControls cons = setSearchControls(); |
226 |
0 |
NamingEnumeration searchResults = searchByWildcardedUid(convertUidToLdapAcceptableName(principalUid), cons); |
227 |
0 |
Collection principals = new ArrayList(); |
228 |
|
|
229 |
0 |
enumerateOverSearchResults(searchResults, principals); |
230 |
|
|
231 |
0 |
return convertPrincipalListToArray(principals); |
232 |
|
} |
233 |
0 |
catch (NamingException e) |
234 |
|
{ |
235 |
0 |
throw new SecurityException(e); |
236 |
|
} |
237 |
|
} |
238 |
|
|
239 |
|
|
240 |
|
|
241 |
|
|
242 |
|
|
243 |
|
|
244 |
|
|
245 |
|
|
246 |
|
|
247 |
|
private Principal[] convertPrincipalListToArray(Collection principals) |
248 |
|
{ |
249 |
0 |
return (Principal[]) principals.toArray(new Principal[principals.size()]); |
250 |
|
} |
251 |
|
|
252 |
|
|
253 |
|
|
254 |
|
|
255 |
|
|
256 |
|
|
257 |
|
|
258 |
|
|
259 |
|
|
260 |
|
|
261 |
|
private void enumerateOverSearchResults(NamingEnumeration searchResults, Collection principals) |
262 |
|
throws NamingException |
263 |
|
{ |
264 |
0 |
while (searchResults.hasMore()) |
265 |
|
{ |
266 |
0 |
SearchResult searchResult = (SearchResult) searchResults.next(); |
267 |
0 |
buildPrincipal(principals, searchResult); |
268 |
0 |
} |
269 |
0 |
} |
270 |
|
|
271 |
|
|
272 |
|
|
273 |
|
|
274 |
|
|
275 |
|
|
276 |
|
private void buildPrincipal(Collection principals, SearchResult searchResult) throws NamingException |
277 |
|
{ |
278 |
0 |
if (searchResult.getObject() instanceof DirContext) |
279 |
|
{ |
280 |
0 |
Attributes atts = searchResult.getAttributes(); |
281 |
|
|
282 |
0 |
String uid = (String) getAttribute(getUidAttributeForPrincipal(), atts).getAll().next(); |
283 |
0 |
Principal principal = makePrincipal(uid); |
284 |
|
|
285 |
0 |
principals.add(principal); |
286 |
|
|
287 |
|
} |
288 |
0 |
} |
289 |
|
|
290 |
|
|
291 |
|
|
292 |
|
|
293 |
|
|
294 |
|
|
295 |
|
|
296 |
|
protected Attribute getAttribute(String attributeName, Attributes userAttributes) throws NamingException |
297 |
|
{ |
298 |
0 |
for (NamingEnumeration ae = userAttributes.getAll(); ae.hasMore();) |
299 |
|
{ |
300 |
0 |
Attribute attr = (Attribute) ae.next(); |
301 |
|
|
302 |
0 |
if (attr.getID().equalsIgnoreCase(attributeName)) |
303 |
|
{ |
304 |
0 |
return attr; |
305 |
|
} |
306 |
0 |
} |
307 |
0 |
return null; |
308 |
|
} |
309 |
|
|
310 |
|
protected String getSearchDomain() { |
311 |
0 |
return this.getUserFilterBase(); |
312 |
|
} |
313 |
|
|
314 |
|
protected String[] parseAttr(String attr, String replace) { |
315 |
0 |
attr = StringUtils.replace(attr, "{u}", replace); |
316 |
0 |
int index = attr.indexOf('='); |
317 |
|
|
318 |
0 |
if (index != -1){ |
319 |
0 |
return new String[]{ |
320 |
|
attr.substring(0,index), |
321 |
|
index < attr.length() -1 ? attr.substring(index + 1) : null}; |
322 |
|
} else { |
323 |
0 |
return new String[]{ attr, null }; |
324 |
|
} |
325 |
|
} |
326 |
|
|
327 |
|
protected String getGroupDN(String groupPrincipalUid) { |
328 |
0 |
return getGroupDN(groupPrincipalUid,true); |
329 |
|
} |
330 |
|
|
331 |
|
protected String getGroupDN(String groupPrincipalUid, boolean includeBaseDN) { |
332 |
0 |
String groupDN = getGroupIdAttribute() + "=" + groupPrincipalUid; |
333 |
0 |
if (!StringUtils.isEmpty(getGroupFilterBase())) |
334 |
0 |
groupDN += "," + getGroupFilterBase(); |
335 |
0 |
if (includeBaseDN && !StringUtils.isEmpty(getRootContext())) |
336 |
0 |
groupDN += "," + getRootContext(); |
337 |
0 |
return groupDN; |
338 |
|
} |
339 |
|
|
340 |
|
protected String getRoleDN(String rolePrincipalUid) { |
341 |
0 |
return getRoleDN(rolePrincipalUid,true); |
342 |
|
} |
343 |
|
|
344 |
|
protected String getRoleDN(String rolePrincipalUid, boolean includeBaseDN) { |
345 |
0 |
String roleDN = getRoleIdAttribute() + "=" + rolePrincipalUid; |
346 |
0 |
if (!StringUtils.isEmpty(getRoleFilterBase())) |
347 |
0 |
roleDN+="," + getRoleFilterBase(); |
348 |
0 |
if (includeBaseDN && !StringUtils.isEmpty(getRootContext())) |
349 |
0 |
roleDN+="," + getRootContext(); |
350 |
0 |
return roleDN; |
351 |
|
} |
352 |
|
|
353 |
|
protected String getUserDN(String userPrincipalUid) { |
354 |
0 |
return getUserDN(userPrincipalUid,true); |
355 |
|
} |
356 |
|
|
357 |
|
protected String getUserDN(String userPrincipalUid, boolean includeBaseDN) { |
358 |
0 |
String userDN = getUserIdAttribute() + "=" + userPrincipalUid; |
359 |
0 |
if (!StringUtils.isEmpty(getUserFilterBase())) |
360 |
0 |
userDN += "," + getUserFilterBase(); |
361 |
0 |
if (includeBaseDN && !StringUtils.isEmpty(getRootContext())) |
362 |
0 |
userDN += "," + getRootContext(); |
363 |
0 |
return userDN; |
364 |
|
} |
365 |
|
|
366 |
|
|
367 |
|
|
368 |
|
|
369 |
|
} |