1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl.ldap; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
|
21 |
|
import javax.naming.NamingException; |
22 |
|
import javax.naming.directory.Attributes; |
23 |
|
import javax.naming.directory.BasicAttribute; |
24 |
|
import javax.naming.directory.BasicAttributes; |
25 |
|
import javax.naming.directory.DirContext; |
26 |
|
import javax.naming.directory.SearchControls; |
27 |
|
|
28 |
|
import org.apache.commons.lang.StringUtils; |
29 |
|
import org.apache.jetspeed.security.SecurityException; |
30 |
|
import org.apache.jetspeed.security.impl.UserPrincipalImpl; |
31 |
|
|
32 |
|
|
33 |
|
|
34 |
|
|
35 |
|
|
36 |
|
public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao |
37 |
|
{ |
38 |
|
private LdapMembershipDao membership; |
39 |
|
|
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
public LdapUserPrincipalDaoImpl() throws SecurityException |
48 |
|
{ |
49 |
0 |
super(); |
50 |
0 |
membership=new LdapMemberShipDaoImpl(); |
51 |
0 |
} |
52 |
|
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
|
61 |
|
public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException |
62 |
|
{ |
63 |
0 |
super(ldapConfig); |
64 |
0 |
membership=new LdapMemberShipDaoImpl(ldapConfig); |
65 |
0 |
} |
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException |
72 |
|
{ |
73 |
0 |
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) |
74 |
0 |
modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE); |
75 |
|
else |
76 |
0 |
modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE); |
77 |
|
|
78 |
0 |
} |
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
|
|
84 |
|
|
85 |
|
|
86 |
|
|
87 |
|
|
88 |
|
|
89 |
|
|
90 |
|
private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType) |
91 |
|
throws SecurityException |
92 |
|
{ |
93 |
0 |
validateUid(userPrincipalUid); |
94 |
0 |
validateUid(groupPrincipalUid); |
95 |
|
|
96 |
|
try |
97 |
|
{ |
98 |
|
|
99 |
0 |
Attributes attrs = new BasicAttributes(false); |
100 |
0 |
attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid)); |
101 |
|
|
102 |
0 |
ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs); |
103 |
|
} |
104 |
0 |
catch (NamingException e) |
105 |
|
{ |
106 |
0 |
throw new SecurityException(e); |
107 |
0 |
} |
108 |
0 |
} |
109 |
|
|
110 |
|
|
111 |
|
|
112 |
|
|
113 |
|
|
114 |
|
|
115 |
|
|
116 |
|
|
117 |
|
|
118 |
|
|
119 |
|
|
120 |
|
|
121 |
|
|
122 |
|
private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType) |
123 |
|
throws SecurityException |
124 |
|
{ |
125 |
0 |
validateUid(userPrincipalUid); |
126 |
0 |
validateUid(groupPrincipalUid); |
127 |
|
|
128 |
|
try |
129 |
|
{ |
130 |
0 |
Attributes attrs = new BasicAttributes(false); |
131 |
0 |
attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid)); |
132 |
|
|
133 |
0 |
ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs); |
134 |
|
|
135 |
|
} |
136 |
0 |
catch (NamingException e) |
137 |
|
{ |
138 |
0 |
throw new SecurityException(e); |
139 |
0 |
} |
140 |
0 |
} |
141 |
|
|
142 |
|
|
143 |
|
|
144 |
|
|
145 |
|
|
146 |
|
public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException |
147 |
|
{ |
148 |
0 |
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) |
149 |
0 |
modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
150 |
|
else |
151 |
0 |
modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
152 |
|
|
153 |
0 |
} |
154 |
|
|
155 |
|
|
156 |
|
|
157 |
|
|
158 |
|
|
159 |
|
public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException |
160 |
|
{ |
161 |
0 |
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) |
162 |
0 |
modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); |
163 |
|
else |
164 |
0 |
modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); |
165 |
0 |
} |
166 |
|
|
167 |
|
|
168 |
|
|
169 |
|
|
170 |
|
|
171 |
|
|
172 |
|
|
173 |
|
|
174 |
|
|
175 |
|
|
176 |
|
|
177 |
|
|
178 |
|
private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType) |
179 |
|
throws SecurityException |
180 |
|
{ |
181 |
0 |
validateUid(userPrincipalUid); |
182 |
0 |
validateUid(rolePrincipalUid); |
183 |
|
|
184 |
|
try |
185 |
|
{ |
186 |
0 |
Attributes attrs = new BasicAttributes(false); |
187 |
0 |
attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid)); |
188 |
|
|
189 |
0 |
ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs); |
190 |
|
} |
191 |
0 |
catch (NamingException e) |
192 |
|
{ |
193 |
0 |
throw new SecurityException(e); |
194 |
0 |
} |
195 |
0 |
} |
196 |
|
|
197 |
|
|
198 |
|
|
199 |
|
|
200 |
|
|
201 |
|
|
202 |
|
|
203 |
|
|
204 |
|
|
205 |
|
|
206 |
|
|
207 |
|
|
208 |
|
private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType) |
209 |
|
throws SecurityException |
210 |
|
{ |
211 |
0 |
validateUid(userPrincipalUid); |
212 |
0 |
validateUid(rolePrincipalUid); |
213 |
|
|
214 |
|
try |
215 |
|
{ |
216 |
0 |
Attributes attrs = new BasicAttributes(false); |
217 |
0 |
attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid)); |
218 |
|
|
219 |
0 |
ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs); |
220 |
|
} |
221 |
0 |
catch (NamingException e) |
222 |
|
{ |
223 |
0 |
throw new SecurityException(e); |
224 |
0 |
} |
225 |
0 |
} |
226 |
|
|
227 |
|
|
228 |
|
|
229 |
|
|
230 |
|
|
231 |
|
|
232 |
|
public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException |
233 |
|
{ |
234 |
0 |
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) |
235 |
0 |
modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
236 |
|
else |
237 |
0 |
modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
238 |
0 |
} |
239 |
|
|
240 |
|
|
241 |
|
|
242 |
|
|
243 |
|
|
244 |
|
|
245 |
|
|
246 |
|
|
247 |
|
|
248 |
|
protected Attributes defineLdapAttributes(final String principalUid) |
249 |
|
{ |
250 |
0 |
Attributes attrs = new BasicAttributes(true); |
251 |
0 |
BasicAttribute classes = new BasicAttribute("objectclass"); |
252 |
|
|
253 |
0 |
for (int i=0;i<getObjectClasses().length;i++) |
254 |
0 |
classes.add(getObjectClasses()[i]); |
255 |
0 |
attrs.put(classes); |
256 |
|
|
257 |
0 |
for (int i=0;i<getAttributes().length;i++) |
258 |
0 |
attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]); |
259 |
|
|
260 |
0 |
attrs.put(getEntryPrefix(), principalUid); |
261 |
|
|
262 |
0 |
return attrs; |
263 |
|
} |
264 |
|
|
265 |
|
|
266 |
|
|
267 |
|
|
268 |
|
|
269 |
|
|
270 |
|
|
271 |
|
|
272 |
|
|
273 |
|
|
274 |
|
|
275 |
|
protected Principal makePrincipal(String principalUid) |
276 |
|
{ |
277 |
0 |
return new UserPrincipalImpl(principalUid); |
278 |
|
} |
279 |
|
|
280 |
|
|
281 |
|
|
282 |
|
|
283 |
|
|
284 |
|
public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException |
285 |
|
{ |
286 |
0 |
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) |
287 |
0 |
modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); |
288 |
|
else |
289 |
0 |
modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); |
290 |
|
|
291 |
0 |
} |
292 |
|
|
293 |
|
|
294 |
|
|
295 |
|
|
296 |
|
|
297 |
|
|
298 |
|
|
299 |
|
|
300 |
|
|
301 |
|
|
302 |
|
|
303 |
|
private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType) |
304 |
|
throws SecurityException |
305 |
|
{ |
306 |
0 |
validateUid(groupPrincipalUid); |
307 |
0 |
validateUid(rolePrincipalUid); |
308 |
|
try |
309 |
|
{ |
310 |
|
|
311 |
0 |
Attributes attrs = new BasicAttributes(false); |
312 |
0 |
attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid)); |
313 |
|
|
314 |
0 |
ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs); |
315 |
|
} |
316 |
0 |
catch (NamingException e) |
317 |
|
{ |
318 |
0 |
throw new SecurityException(e); |
319 |
0 |
} |
320 |
0 |
} |
321 |
|
|
322 |
|
|
323 |
|
|
324 |
|
|
325 |
|
|
326 |
|
|
327 |
|
|
328 |
|
|
329 |
|
|
330 |
|
|
331 |
|
|
332 |
|
private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType) |
333 |
|
throws SecurityException |
334 |
|
{ |
335 |
0 |
validateUid(groupPrincipalUid); |
336 |
0 |
validateUid(rolePrincipalUid); |
337 |
|
try |
338 |
|
{ |
339 |
0 |
Attributes attrs = new BasicAttributes(false); |
340 |
0 |
attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid)); |
341 |
|
|
342 |
0 |
ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs); |
343 |
|
} |
344 |
0 |
catch (NamingException e) |
345 |
|
{ |
346 |
0 |
throw new SecurityException(e); |
347 |
0 |
} |
348 |
0 |
} |
349 |
|
|
350 |
|
|
351 |
|
|
352 |
|
|
353 |
|
|
354 |
|
public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException |
355 |
|
{ |
356 |
|
|
357 |
0 |
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) |
358 |
0 |
modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
359 |
|
else |
360 |
0 |
modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); |
361 |
|
|
362 |
0 |
} |
363 |
|
|
364 |
|
|
365 |
|
|
366 |
|
|
367 |
|
|
368 |
|
|
369 |
|
|
370 |
|
|
371 |
|
|
372 |
|
public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException |
373 |
|
{ |
374 |
0 |
validateUid(userPrincipalUid); |
375 |
0 |
SearchControls cons = setSearchControls(); |
376 |
|
try |
377 |
|
{ |
378 |
0 |
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { |
379 |
0 |
return membership.searchGroupMemberShipByUser(userPrincipalUid,cons); |
380 |
|
} |
381 |
0 |
return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons); |
382 |
|
|
383 |
|
|
384 |
|
} |
385 |
0 |
catch (NamingException e) |
386 |
|
{ |
387 |
0 |
throw new SecurityException(e); |
388 |
|
} |
389 |
|
} |
390 |
|
|
391 |
|
|
392 |
|
|
393 |
|
|
394 |
|
|
395 |
|
|
396 |
|
|
397 |
|
|
398 |
|
|
399 |
|
|
400 |
|
public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException |
401 |
|
{ |
402 |
|
{ |
403 |
0 |
validateUid(groupPrincipalUid); |
404 |
0 |
SearchControls cons = setSearchControls(); |
405 |
|
try |
406 |
|
{ |
407 |
0 |
if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) { |
408 |
0 |
return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons); |
409 |
|
} |
410 |
0 |
return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons); |
411 |
|
} |
412 |
0 |
catch (NamingException e) |
413 |
|
{ |
414 |
0 |
throw new SecurityException(e); |
415 |
|
} |
416 |
|
} |
417 |
|
} |
418 |
|
|
419 |
|
|
420 |
|
|
421 |
|
|
422 |
|
|
423 |
|
|
424 |
|
|
425 |
|
|
426 |
|
|
427 |
|
|
428 |
|
|
429 |
|
|
430 |
|
public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException |
431 |
|
{ |
432 |
0 |
validateUid(userPrincipalUid); |
433 |
0 |
SearchControls cons = setSearchControls(); |
434 |
|
try |
435 |
|
{ |
436 |
0 |
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { |
437 |
0 |
return membership.searchRoleMemberShipByUser(userPrincipalUid,cons); |
438 |
|
} |
439 |
0 |
return membership.searchRoleMemberShipByRole(userPrincipalUid,cons); |
440 |
|
} |
441 |
0 |
catch (NamingException e) |
442 |
|
{ |
443 |
0 |
throw new SecurityException(e); |
444 |
|
} |
445 |
|
} |
446 |
|
|
447 |
|
|
448 |
|
|
449 |
|
|
450 |
|
|
451 |
|
|
452 |
|
|
453 |
|
|
454 |
|
|
455 |
|
|
456 |
|
public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException |
457 |
|
{ |
458 |
|
|
459 |
0 |
validateUid(groupPrincipalUid); |
460 |
0 |
SearchControls cons = setSearchControls(); |
461 |
|
try |
462 |
|
{ |
463 |
0 |
if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { |
464 |
0 |
return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons); |
465 |
|
} |
466 |
0 |
return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons); |
467 |
|
} |
468 |
0 |
catch (NamingException e) |
469 |
|
{ |
470 |
0 |
throw new SecurityException(e); |
471 |
|
} |
472 |
|
} |
473 |
|
|
474 |
|
|
475 |
|
|
476 |
|
|
477 |
|
|
478 |
|
|
479 |
|
|
480 |
|
|
481 |
|
|
482 |
|
|
483 |
|
public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException |
484 |
|
{ |
485 |
0 |
validateUid(rolePrincipalUid); |
486 |
0 |
SearchControls cons = setSearchControls(); |
487 |
|
try |
488 |
|
{ |
489 |
0 |
if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { |
490 |
0 |
return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons); |
491 |
|
} |
492 |
0 |
return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons); |
493 |
|
} |
494 |
0 |
catch (NamingException e) |
495 |
|
{ |
496 |
0 |
throw new SecurityException(e); |
497 |
|
} |
498 |
|
} |
499 |
|
|
500 |
|
protected String[] getObjectClasses() { |
501 |
0 |
return this.getUserObjectClasses(); |
502 |
|
} |
503 |
|
|
504 |
|
protected String[] getAttributes() { |
505 |
0 |
return this.getUserAttributes(); |
506 |
|
} |
507 |
|
|
508 |
|
protected String getUidAttributeForPrincipal() { |
509 |
0 |
return this.getUserUidAttribute(); |
510 |
|
} |
511 |
|
|
512 |
|
protected String getEntryPrefix() { |
513 |
0 |
return this.getUserIdAttribute(); |
514 |
|
} |
515 |
|
|
516 |
|
protected String getSearchSuffix() { |
517 |
0 |
return this.getUserFilter(); |
518 |
|
} |
519 |
|
|
520 |
|
protected String getDnSuffix() { |
521 |
0 |
return this.getUserFilterBase(); |
522 |
|
} |
523 |
|
|
524 |
|
} |