unit tests coverage

Coverage report

%line %branch

org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl
0%

0%

1
/*

2
* Licensed to the Apache Software Foundation (ASF) under one or more

3
* contributor license agreements. See the NOTICE file distributed with

4
* this work for additional information regarding copyright ownership.

5
* The ASF licenses this file to You under the Apache License, Version 2.0

6
* (the "License"); you may not use this file except in compliance with

7
* the License. You may obtain a copy of the License at

8
*

9
* http://www.apache.org/licenses/LICENSE-2.0

10
*

11
* Unless required by applicable law or agreed to in writing, software

12
* distributed under the License is distributed on an "AS IS" BASIS,

13
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

14
* See the License for the specific language governing permissions and

15
* limitations under the License.

16
*/

17
package org.apache.jetspeed.security.spi.impl.ldap;

18

19
import java.security.Principal;

20

21
import javax.naming.NamingException;

22
import javax.naming.directory.Attributes;

23
import javax.naming.directory.BasicAttribute;

24
import javax.naming.directory.BasicAttributes;

25
import javax.naming.directory.DirContext;

26
import javax.naming.directory.SearchControls;

27

28
import org.apache.commons.lang.StringUtils;

29
import org.apache.jetspeed.security.SecurityException;

30
import org.apache.jetspeed.security.impl.UserPrincipalImpl;

31

32
/**

33
* @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a

34
* href="mailto:dlestrat@apache.org">David Le Strat</a>

35
*/

36
public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao

37
{

38
private LdapMembershipDao membership;

39

40
/**

41
* 

42
* Default constructor.

43
* 

44
*

45
* @throws SecurityException A {@link SecurityException}.

46
*/

47
public LdapUserPrincipalDaoImpl() throws SecurityException

48
{

49 0
super();

50 0
membership=new LdapMemberShipDaoImpl();

51 0
}

52

53
/**

54
* 

55
* Initializes the dao.

56
* 

57
*

58
* @param ldapConfig Holds the ldap binding configuration.

59
* @throws SecurityException A {@link SecurityException}.

60
*/

61
public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException

62
{

63 0
super(ldapConfig);

64 0
membership=new LdapMemberShipDaoImpl(ldapConfig);

65 0
}

66

67
/**

68
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,

69
* java.lang.String)

70
*/

71
public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException

72
{

73 0
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))

74 0
modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);

75
else

76 0
modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);

77

78 0
}

79

80
/**

81
* 

82
* Replace or delete the user group attribute.

83
* 

84
*

85
* @param userPrincipalUid

86
* @param groupPrincipalUid

87
* @param operationType whether to replace or remove the specified user group from the user

88
* @throws SecurityException A {@link SecurityException}.

89
*/

90
private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)

91
throws SecurityException

92
{

93 0
validateUid(userPrincipalUid);

94 0
validateUid(groupPrincipalUid);

95

96
try

97
{

98

99 0
Attributes attrs = new BasicAttributes(false);

100 0
attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid));

101

102 0
ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs);

103
}

104 0
catch (NamingException e)

105
{

106 0
throw new SecurityException(e);

107 0
}

108 0
}

109

110

111

112
/**

113
* 

114
* Replace or delete the user group attribute.

115
* 

116
*

117
* @param userPrincipalUid

118
* @param groupPrincipalUid

119
* @param operationType whether to replace or remove the specified user group from the user

120
* @throws SecurityException A {@link SecurityException}.

121
*/

122
private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType)

123
throws SecurityException

124
{

125 0
validateUid(userPrincipalUid);

126 0
validateUid(groupPrincipalUid);

127

128
try

129
{

130 0
Attributes attrs = new BasicAttributes(false);

131 0
attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid));

132

133 0
ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);

134

135
}

136 0
catch (NamingException e)

137
{

138 0
throw new SecurityException(e);

139 0
}

140 0
}

141

142
/**

143
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,

144
* java.lang.String)

145
*/

146
public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException

147
{

148 0
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))

149 0
modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);

150
else

151 0
modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);

152

153 0
}

154

155
/**

156
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,

157
* java.lang.String)

158
*/

159
public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException

160
{

161 0
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))

162 0
modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);

163
else

164 0
modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);

165 0
}

166

167
/**

168
* 

169
* Replace or delete the role attribute.

170
*

171
* 

172
*

173
* @param userPrincipalUid

174
* @param rolePrincipalUid

175
* @param operationType whether to replace or remove the specified user group from the user

176
* @throws SecurityException A {@link SecurityException}.

177
*/

178
private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType)

179
throws SecurityException

180
{

181 0
validateUid(userPrincipalUid);

182 0
validateUid(rolePrincipalUid);

183

184
try

185
{

186 0
Attributes attrs = new BasicAttributes(false);

187 0
attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid));

188

189 0
ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);

190
}

191 0
catch (NamingException e)

192
{

193 0
throw new SecurityException(e);

194 0
}

195 0
}

196

197
/**

198
* 

199
* Replace or delete the role attribute.

200
*

201
* 

202
*

203
* @param userPrincipalUid

204
* @param rolePrincipalUid

205
* @param operationType whether to replace or remove the specified user group from the user

206
* @throws SecurityException A {@link SecurityException}.

207
*/

208
private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType)

209
throws SecurityException

210
{

211 0
validateUid(userPrincipalUid);

212 0
validateUid(rolePrincipalUid);

213

214
try

215
{

216 0
Attributes attrs = new BasicAttributes(false);

217 0
attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid));

218

219 0
ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);

220
}

221 0
catch (NamingException e)

222
{

223 0
throw new SecurityException(e);

224 0
}

225 0
}

226

227

228
/**

229
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,

230
* java.lang.String)

231
*/

232
public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException

233
{

234 0
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))

235 0
modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);

236
else

237 0
modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);

238 0
}

239

240
/**

241
* 

242
* A template method for defining the attributes for a particular LDAP class.

243
* 

244
*

245
* @param principalUid The principal uid.

246
* @return the LDAP attributes object for the particular class.

247
*/

248
protected Attributes defineLdapAttributes(final String principalUid)

249
{

250 0
Attributes attrs = new BasicAttributes(true);

251 0
BasicAttribute classes = new BasicAttribute("objectclass");

252

253 0
for (int i=0;i<getObjectClasses().length;i++)

254 0
classes.add(getObjectClasses()[i]);

255 0
attrs.put(classes);

256

257 0
for (int i=0;i<getAttributes().length;i++)

258 0
attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);

259

260 0
attrs.put(getEntryPrefix(), principalUid);

261

262 0
return attrs;

263
}

264

265

266

267
/**

268
* 

269
* Creates a GroupPrincipal object.

270
* 

271
*

272
* @param principalUid The principal uid.

273
* @return A group principal object.

274
*/

275
protected Principal makePrincipal(String principalUid)

276
{

277 0
return new UserPrincipalImpl(principalUid);

278
}

279

280
/**

281
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,

282
* java.lang.String)

283
*/

284
public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException

285
{

286 0
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))

287 0
modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);

288
else

289 0
modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);

290

291 0
}

292

293
/**

294
* 

295
* Replace or delete the user group attribute.

296
* 

297
*

298
* @param userPrincipalUid

299
* @param groupPrincipalUid

300
* @param operationType whether to replace or remove the specified user group from the user

301
* @throws SecurityException A {@link SecurityException}.

302
*/

303
private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)

304
throws SecurityException

305
{

306 0
validateUid(groupPrincipalUid);

307 0
validateUid(rolePrincipalUid);

308
try

309
{

310

311 0
Attributes attrs = new BasicAttributes(false);

312 0
attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid));

313

314 0
ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);

315
}

316 0
catch (NamingException e)

317
{

318 0
throw new SecurityException(e);

319 0
}

320 0
}

321

322
/**

323
* 

324
* Replace or delete the user group attribute.

325
* 

326
*

327
* @param userPrincipalUid

328
* @param groupPrincipalUid

329
* @param operationType whether to replace or remove the specified user group from the user

330
* @throws SecurityException A {@link SecurityException}.

331
*/

332
private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType)

333
throws SecurityException

334
{

335 0
validateUid(groupPrincipalUid);

336 0
validateUid(rolePrincipalUid);

337
try

338
{

339 0
Attributes attrs = new BasicAttributes(false);

340 0
attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid));

341

342 0
ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs);

343
}

344 0
catch (NamingException e)

345
{

346 0
throw new SecurityException(e);

347 0
}

348 0
}

349

350
/**

351
* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,

352
* java.lang.String)

353
*/

354
public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException

355
{

356

357 0
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))

358 0
modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);

359
else

360 0
modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);

361

362 0
}

363

364
/**

365
*

366
* Return the list of group IDs for a particular user

367
*

368
* @param userPrincipalUid

369
* @return the array of group uids asociated with this user

370
* @throws SecurityException

371
*/

372
public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException

373
{

374 0
validateUid(userPrincipalUid);

375 0
SearchControls cons = setSearchControls();

376
try

377
{

378 0
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {

379 0
return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);

380
}

381 0
return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);

382

383

384
}

385 0
catch (NamingException e)

386
{

387 0
throw new SecurityException(e);

388
}

389
}

390

391
/**

392
* 

393
* Return an array of the roles that belong to a group.

394
* 

395
*

396
* @param groupPrincipalUid The group principal uid.

397
* @return The array of user uids asociated with this group

398
* @throws SecurityException A {@link SecurityException}.

399
*/

400
public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException

401
{

402
{

403 0
validateUid(groupPrincipalUid);

404 0
SearchControls cons = setSearchControls();

405
try

406
{

407 0
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) {

408 0
return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);

409
}

410 0
return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);

411
}

412 0
catch (NamingException e)

413
{

414 0
throw new SecurityException(e);

415
}

416
}

417
}

418

419

420
/**

421
*

422
* Returns the role IDs for a particular user

423
*

424
* Looks up the user, and extracts the rolemembership attr (ex : uniquemember)

425
*

426
* @param userPrincipalUid

427
* @return the array of group uids asociated with this user

428
* @throws SecurityException

429
*/

430
public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException

431
{

432 0
validateUid(userPrincipalUid);

433 0
SearchControls cons = setSearchControls();

434
try

435
{

436 0
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {

437 0
return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);

438
}

439 0
return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);

440
}

441 0
catch (NamingException e)

442
{

443 0
throw new SecurityException(e);

444
}

445
}

446

447
/**

448
* 

449
* Return an array of the user principal UIDS that belong to a group.

450
* 

451
*

452
* @param groupPrincipalUid The group principal uid.

453
* @return The array of user uids asociated with this group

454
* @throws SecurityException A {@link SecurityException}.

455
*/

456
public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException

457
{

458

459 0
validateUid(groupPrincipalUid);

460 0
SearchControls cons = setSearchControls();

461
try

462
{

463 0
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {

464 0
return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);

465
}

466 0
return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);

467
}

468 0
catch (NamingException e)

469
{

470 0
throw new SecurityException(e);

471
}

472
}

473

474
/**

475
* 

476
* Return an array of the user principal UIDS that belong to a group.

477
* 

478
*

479
* @param groupPrincipalUid The group principal uid.

480
* @return The array of user uids asociated with this group

481
* @throws SecurityException A {@link SecurityException}.

482
*/

483
public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException

484
{

485 0
validateUid(rolePrincipalUid);

486 0
SearchControls cons = setSearchControls();

487
try

488
{

489 0
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {

490 0
return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);

491
}

492 0
return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);

493
}

494 0
catch (NamingException e)

495
{

496 0
throw new SecurityException(e);

497
}

498
}

499

500
protected String[] getObjectClasses() {

501 0
return this.getUserObjectClasses();

502
}

503

504
protected String[] getAttributes() {

505 0
return this.getUserAttributes();

506
}

507

508
protected String getUidAttributeForPrincipal() {

509 0
return this.getUserUidAttribute();

510
}

511

512
protected String getEntryPrefix() {

513 0
return this.getUserIdAttribute();

514
}

515

516
protected String getSearchSuffix() {

517 0
return this.getUserFilter();

518
}

519

520
protected String getDnSuffix() {

521 0
return this.getUserFilterBase();

522
}

523

524
}

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one or more
3		* contributor license agreements. See the NOTICE file distributed with
4		* this work for additional information regarding copyright ownership.
5		* The ASF licenses this file to You under the Apache License, Version 2.0
6		* (the "License"); you may not use this file except in compliance with
7		* the License. You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.apache.jetspeed.security.spi.impl.ldap;
18
19		import java.security.Principal;
20
21		import javax.naming.NamingException;
22		import javax.naming.directory.Attributes;
23		import javax.naming.directory.BasicAttribute;
24		import javax.naming.directory.BasicAttributes;
25		import javax.naming.directory.DirContext;
26		import javax.naming.directory.SearchControls;
27
28		import org.apache.commons.lang.StringUtils;
29		import org.apache.jetspeed.security.SecurityException;
30		import org.apache.jetspeed.security.impl.UserPrincipalImpl;
31
32		/**
33		* @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a
34		* href="mailto:dlestrat@apache.org">David Le Strat</a>
35		*/
36		public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao
37		{
38		private LdapMembershipDao membership;
39
40		/**
41		* <p>
42		* Default constructor.
43		* </p>
44		*
45		* @throws SecurityException A {@link SecurityException}.
46		*/
47		public LdapUserPrincipalDaoImpl() throws SecurityException
48		{
49	0	super();
50	0	membership=new LdapMemberShipDaoImpl();
51	0	}
52
53		/**
54		* <p>
55		* Initializes the dao.
56		* </p>
57		*
58		* @param ldapConfig Holds the ldap binding configuration.
59		* @throws SecurityException A {@link SecurityException}.
60		*/
61		public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
62		{
63	0	super(ldapConfig);
64	0	membership=new LdapMemberShipDaoImpl(ldapConfig);
65	0	}
66
67		/**
68		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
69		* java.lang.String)
70		*/
71		public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
72		{
73	0	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
74	0	modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
75		else
76	0	modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
77
78	0	}
79
80		/**
81		* <p>
82		* Replace or delete the user group attribute.
83		* </p>
84		*
85		* @param userPrincipalUid
86		* @param groupPrincipalUid
87		* @param operationType whether to replace or remove the specified user group from the user
88		* @throws SecurityException A {@link SecurityException}.
89		*/
90		private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
91		throws SecurityException
92		{
93	0	validateUid(userPrincipalUid);
94	0	validateUid(groupPrincipalUid);
95
96		try
97		{
98
99	0	Attributes attrs = new BasicAttributes(false);
100	0	attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid));
101
102	0	ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs);
103		}
104	0	catch (NamingException e)
105		{
106	0	throw new SecurityException(e);
107	0	}
108	0	}
109
110
111
112		/**
113		* <p>
114		* Replace or delete the user group attribute.
115		* </p>
116		*
117		* @param userPrincipalUid
118		* @param groupPrincipalUid
119		* @param operationType whether to replace or remove the specified user group from the user
120		* @throws SecurityException A {@link SecurityException}.
121		*/
122		private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType)
123		throws SecurityException
124		{
125	0	validateUid(userPrincipalUid);
126	0	validateUid(groupPrincipalUid);
127
128		try
129		{
130	0	Attributes attrs = new BasicAttributes(false);
131	0	attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid));
132
133	0	ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
134
135		}
136	0	catch (NamingException e)
137		{
138	0	throw new SecurityException(e);
139	0	}
140	0	}
141
142		/**
143		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
144		* java.lang.String)
145		*/
146		public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
147		{
148	0	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
149	0	modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
150		else
151	0	modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
152
153	0	}
154
155		/**
156		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
157		* java.lang.String)
158		*/
159		public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
160		{
161	0	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
162	0	modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
163		else
164	0	modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
165	0	}
166
167		/**
168		* <p>
169		* Replace or delete the role attribute.
170		*
171		* </p>
172		*
173		* @param userPrincipalUid
174		* @param rolePrincipalUid
175		* @param operationType whether to replace or remove the specified user group from the user
176		* @throws SecurityException A {@link SecurityException}.
177		*/
178		private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType)
179		throws SecurityException
180		{
181	0	validateUid(userPrincipalUid);
182	0	validateUid(rolePrincipalUid);
183
184		try
185		{
186	0	Attributes attrs = new BasicAttributes(false);
187	0	attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid));
188
189	0	ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
190		}
191	0	catch (NamingException e)
192		{
193	0	throw new SecurityException(e);
194	0	}
195	0	}
196
197		/**
198		* <p>
199		* Replace or delete the role attribute.
200		*
201		* </p>
202		*
203		* @param userPrincipalUid
204		* @param rolePrincipalUid
205		* @param operationType whether to replace or remove the specified user group from the user
206		* @throws SecurityException A {@link SecurityException}.
207		*/
208		private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
209		throws SecurityException
210		{
211	0	validateUid(userPrincipalUid);
212	0	validateUid(rolePrincipalUid);
213
214		try
215		{
216	0	Attributes attrs = new BasicAttributes(false);
217	0	attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid));
218
219	0	ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
220		}
221	0	catch (NamingException e)
222		{
223	0	throw new SecurityException(e);
224	0	}
225	0	}
226
227
228		/**
229		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
230		* java.lang.String)
231		*/
232		public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
233		{
234	0	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
235	0	modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
236		else
237	0	modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
238	0	}
239
240		/**
241		* <p>
242		* A template method for defining the attributes for a particular LDAP class.
243		* </p>
244		*
245		* @param principalUid The principal uid.
246		* @return the LDAP attributes object for the particular class.
247		*/
248		protected Attributes defineLdapAttributes(final String principalUid)
249		{
250	0	Attributes attrs = new BasicAttributes(true);
251	0	BasicAttribute classes = new BasicAttribute("objectclass");
252
253	0	for (int i=0;i<getObjectClasses().length;i++)
254	0	classes.add(getObjectClasses()[i]);
255	0	attrs.put(classes);
256
257	0	for (int i=0;i<getAttributes().length;i++)
258	0	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
259
260	0	attrs.put(getEntryPrefix(), principalUid);
261
262	0	return attrs;
263		}
264
265
266
267		/**
268		* <p>
269		* Creates a GroupPrincipal object.
270		* </p>
271		*
272		* @param principalUid The principal uid.
273		* @return A group principal object.
274		*/
275		protected Principal makePrincipal(String principalUid)
276		{
277	0	return new UserPrincipalImpl(principalUid);
278		}
279
280		/**
281		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
282		* java.lang.String)
283		*/
284		public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
285		{
286	0	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
287	0	modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
288		else
289	0	modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
290
291	0	}
292
293		/**
294		* <p>
295		* Replace or delete the user group attribute.
296		* </p>
297		*
298		* @param userPrincipalUid
299		* @param groupPrincipalUid
300		* @param operationType whether to replace or remove the specified user group from the user
301		* @throws SecurityException A {@link SecurityException}.
302		*/
303		private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
304		throws SecurityException
305		{
306	0	validateUid(groupPrincipalUid);
307	0	validateUid(rolePrincipalUid);
308		try
309		{
310
311	0	Attributes attrs = new BasicAttributes(false);
312	0	attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid));
313
314	0	ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
315		}
316	0	catch (NamingException e)
317		{
318	0	throw new SecurityException(e);
319	0	}
320	0	}
321
322		/**
323		* <p>
324		* Replace or delete the user group attribute.
325		* </p>
326		*
327		* @param userPrincipalUid
328		* @param groupPrincipalUid
329		* @param operationType whether to replace or remove the specified user group from the user
330		* @throws SecurityException A {@link SecurityException}.
331		*/
332		private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType)
333		throws SecurityException
334		{
335	0	validateUid(groupPrincipalUid);
336	0	validateUid(rolePrincipalUid);
337		try
338		{
339	0	Attributes attrs = new BasicAttributes(false);
340	0	attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid));
341
342	0	ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs);
343		}
344	0	catch (NamingException e)
345		{
346	0	throw new SecurityException(e);
347	0	}
348	0	}
349
350		/**
351		* @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
352		* java.lang.String)
353		*/
354		public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
355		{
356
357	0	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
358	0	modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
359		else
360	0	modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
361
362	0	}
363
364		/**
365		*
366		* Return the list of group IDs for a particular user
367		*
368		* @param userPrincipalUid
369		* @return the array of group uids asociated with this user
370		* @throws SecurityException
371		*/
372		public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
373		{
374	0	validateUid(userPrincipalUid);
375	0	SearchControls cons = setSearchControls();
376		try
377		{
378	0	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
379	0	return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
380		}
381	0	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
382
383
384		}
385	0	catch (NamingException e)
386		{
387	0	throw new SecurityException(e);
388		}
389		}
390
391		/**
392		* <p>
393		* Return an array of the roles that belong to a group.
394		* </p>
395		*
396		* @param groupPrincipalUid The group principal uid.
397		* @return The array of user uids asociated with this group
398		* @throws SecurityException A {@link SecurityException}.
399		*/
400		public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
401		{
402		{
403	0	validateUid(groupPrincipalUid);
404	0	SearchControls cons = setSearchControls();
405		try
406		{
407	0	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) {
408	0	return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
409		}
410	0	return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
411		}
412	0	catch (NamingException e)
413		{
414	0	throw new SecurityException(e);
415		}
416		}
417		}
418
419
420		/**
421		*
422		* Returns the role IDs for a particular user
423		*
424		* Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
425		*
426		* @param userPrincipalUid
427		* @return the array of group uids asociated with this user
428		* @throws SecurityException
429		*/
430		public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
431		{
432	0	validateUid(userPrincipalUid);
433	0	SearchControls cons = setSearchControls();
434		try
435		{
436	0	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
437	0	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
438		}
439	0	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
440		}
441	0	catch (NamingException e)
442		{
443	0	throw new SecurityException(e);
444		}
445		}
446
447		/**
448		* <p>
449		* Return an array of the user principal UIDS that belong to a group.
450		* </p>
451		*
452		* @param groupPrincipalUid The group principal uid.
453		* @return The array of user uids asociated with this group
454		* @throws SecurityException A {@link SecurityException}.
455		*/
456		public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
457		{
458
459	0	validateUid(groupPrincipalUid);
460	0	SearchControls cons = setSearchControls();
461		try
462		{
463	0	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
464	0	return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
465		}
466	0	return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
467		}
468	0	catch (NamingException e)
469		{
470	0	throw new SecurityException(e);
471		}
472		}
473
474		/**
475		* <p>
476		* Return an array of the user principal UIDS that belong to a group.
477		* </p>
478		*
479		* @param groupPrincipalUid The group principal uid.
480		* @return The array of user uids asociated with this group
481		* @throws SecurityException A {@link SecurityException}.
482		*/
483		public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
484		{
485	0	validateUid(rolePrincipalUid);
486	0	SearchControls cons = setSearchControls();
487		try
488		{
489	0	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
490	0	return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
491		}
492	0	return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
493		}
494	0	catch (NamingException e)
495		{
496	0	throw new SecurityException(e);
497		}
498		}
499
500		protected String[] getObjectClasses() {
501	0	return this.getUserObjectClasses();
502		}
503
504		protected String[] getAttributes() {
505	0	return this.getUserAttributes();
506		}
507
508		protected String getUidAttributeForPrincipal() {
509	0	return this.getUserUidAttribute();
510		}
511
512		protected String getEntryPrefix() {
513	0	return this.getUserIdAttribute();
514		}
515
516		protected String getSearchSuffix() {
517	0	return this.getUserFilter();
518		}
519
520		protected String getDnSuffix() {
521	0	return this.getUserFilterBase();
522		}
523
524		}