1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security.spi.impl.ldap;
18
19 import java.security.Principal;
20
21 import javax.naming.NamingException;
22 import javax.naming.directory.Attributes;
23 import javax.naming.directory.BasicAttribute;
24 import javax.naming.directory.BasicAttributes;
25 import javax.naming.directory.DirContext;
26 import javax.naming.directory.SearchControls;
27
28 import org.apache.commons.lang.StringUtils;
29 import org.apache.jetspeed.security.SecurityException;
30 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
31
32 /***
33 * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a
34 * href="mailto:dlestrat@apache.org">David Le Strat</a>
35 */
36 public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao
37 {
38 private LdapMembershipDao membership;
39
40 /***
41 * <p>
42 * Default constructor.
43 * </p>
44 *
45 * @throws SecurityException A {@link SecurityException}.
46 */
47 public LdapUserPrincipalDaoImpl() throws SecurityException
48 {
49 super();
50 membership=new LdapMemberShipDaoImpl();
51 }
52
53 /***
54 * <p>
55 * Initializes the dao.
56 * </p>
57 *
58 * @param ldapConfig Holds the ldap binding configuration.
59 * @throws SecurityException A {@link SecurityException}.
60 */
61 public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
62 {
63 super(ldapConfig);
64 membership=new LdapMemberShipDaoImpl(ldapConfig);
65 }
66
67 /***
68 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
69 * java.lang.String)
70 */
71 public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
72 {
73 if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
74 modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
75 else
76 modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
77
78 }
79
80 /***
81 * <p>
82 * Replace or delete the user group attribute.
83 * </p>
84 *
85 * @param userPrincipalUid
86 * @param groupPrincipalUid
87 * @param operationType whether to replace or remove the specified user group from the user
88 * @throws SecurityException A {@link SecurityException}.
89 */
90 private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
91 throws SecurityException
92 {
93 validateUid(userPrincipalUid);
94 validateUid(groupPrincipalUid);
95
96 try
97 {
98
99 Attributes attrs = new BasicAttributes(false);
100 attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid));
101
102 ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs);
103 }
104 catch (NamingException e)
105 {
106 throw new SecurityException(e);
107 }
108 }
109
110
111
112 /***
113 * <p>
114 * Replace or delete the user group attribute.
115 * </p>
116 *
117 * @param userPrincipalUid
118 * @param groupPrincipalUid
119 * @param operationType whether to replace or remove the specified user group from the user
120 * @throws SecurityException A {@link SecurityException}.
121 */
122 private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType)
123 throws SecurityException
124 {
125 validateUid(userPrincipalUid);
126 validateUid(groupPrincipalUid);
127
128 try
129 {
130 Attributes attrs = new BasicAttributes(false);
131 attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid));
132
133 ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
134
135 }
136 catch (NamingException e)
137 {
138 throw new SecurityException(e);
139 }
140 }
141
142 /***
143 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
144 * java.lang.String)
145 */
146 public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
147 {
148 if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
149 modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
150 else
151 modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
152
153 }
154
155 /***
156 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
157 * java.lang.String)
158 */
159 public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
160 {
161 if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
162 modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
163 else
164 modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
165 }
166
167 /***
168 * <p>
169 * Replace or delete the role attribute.
170 *
171 * </p>
172 *
173 * @param userPrincipalUid
174 * @param rolePrincipalUid
175 * @param operationType whether to replace or remove the specified user group from the user
176 * @throws SecurityException A {@link SecurityException}.
177 */
178 private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType)
179 throws SecurityException
180 {
181 validateUid(userPrincipalUid);
182 validateUid(rolePrincipalUid);
183
184 try
185 {
186 Attributes attrs = new BasicAttributes(false);
187 attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid));
188
189 ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
190 }
191 catch (NamingException e)
192 {
193 throw new SecurityException(e);
194 }
195 }
196
197 /***
198 * <p>
199 * Replace or delete the role attribute.
200 *
201 * </p>
202 *
203 * @param userPrincipalUid
204 * @param rolePrincipalUid
205 * @param operationType whether to replace or remove the specified user group from the user
206 * @throws SecurityException A {@link SecurityException}.
207 */
208 private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
209 throws SecurityException
210 {
211 validateUid(userPrincipalUid);
212 validateUid(rolePrincipalUid);
213
214 try
215 {
216 Attributes attrs = new BasicAttributes(false);
217 attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid));
218
219 ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
220 }
221 catch (NamingException e)
222 {
223 throw new SecurityException(e);
224 }
225 }
226
227
228 /***
229 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
230 * java.lang.String)
231 */
232 public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
233 {
234 if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
235 modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
236 else
237 modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
238 }
239
240 /***
241 * <p>
242 * A template method for defining the attributes for a particular LDAP class.
243 * </p>
244 *
245 * @param principalUid The principal uid.
246 * @return the LDAP attributes object for the particular class.
247 */
248 protected Attributes defineLdapAttributes(final String principalUid)
249 {
250 Attributes attrs = new BasicAttributes(true);
251 BasicAttribute classes = new BasicAttribute("objectclass");
252
253 for (int i=0;i<getObjectClasses().length;i++)
254 classes.add(getObjectClasses()[i]);
255 attrs.put(classes);
256
257 for (int i=0;i<getAttributes().length;i++)
258 attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
259
260 attrs.put(getEntryPrefix(), principalUid);
261
262 return attrs;
263 }
264
265
266
267 /***
268 * <p>
269 * Creates a GroupPrincipal object.
270 * </p>
271 *
272 * @param principalUid The principal uid.
273 * @return A group principal object.
274 */
275 protected Principal makePrincipal(String principalUid)
276 {
277 return new UserPrincipalImpl(principalUid);
278 }
279
280 /***
281 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
282 * java.lang.String)
283 */
284 public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
285 {
286 if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
287 modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
288 else
289 modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
290
291 }
292
293 /***
294 * <p>
295 * Replace or delete the user group attribute.
296 * </p>
297 *
298 * @param userPrincipalUid
299 * @param groupPrincipalUid
300 * @param operationType whether to replace or remove the specified user group from the user
301 * @throws SecurityException A {@link SecurityException}.
302 */
303 private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
304 throws SecurityException
305 {
306 validateUid(groupPrincipalUid);
307 validateUid(rolePrincipalUid);
308 try
309 {
310
311 Attributes attrs = new BasicAttributes(false);
312 attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid));
313
314 ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
315 }
316 catch (NamingException e)
317 {
318 throw new SecurityException(e);
319 }
320 }
321
322 /***
323 * <p>
324 * Replace or delete the user group attribute.
325 * </p>
326 *
327 * @param userPrincipalUid
328 * @param groupPrincipalUid
329 * @param operationType whether to replace or remove the specified user group from the user
330 * @throws SecurityException A {@link SecurityException}.
331 */
332 private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType)
333 throws SecurityException
334 {
335 validateUid(groupPrincipalUid);
336 validateUid(rolePrincipalUid);
337 try
338 {
339 Attributes attrs = new BasicAttributes(false);
340 attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid));
341
342 ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs);
343 }
344 catch (NamingException e)
345 {
346 throw new SecurityException(e);
347 }
348 }
349
350 /***
351 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
352 * java.lang.String)
353 */
354 public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
355 {
356
357 if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
358 modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
359 else
360 modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
361
362 }
363
364 /***
365 *
366 * Return the list of group IDs for a particular user
367 *
368 * @param userPrincipalUid
369 * @return the array of group uids asociated with this user
370 * @throws SecurityException
371 */
372 public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
373 {
374 validateUid(userPrincipalUid);
375 SearchControls cons = setSearchControls();
376 try
377 {
378 if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
379 return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
380 }
381 return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
382
383
384 }
385 catch (NamingException e)
386 {
387 throw new SecurityException(e);
388 }
389 }
390
391 /***
392 * <p>
393 * Return an array of the roles that belong to a group.
394 * </p>
395 *
396 * @param groupPrincipalUid The group principal uid.
397 * @return The array of user uids asociated with this group
398 * @throws SecurityException A {@link SecurityException}.
399 */
400 public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
401 {
402 {
403 validateUid(groupPrincipalUid);
404 SearchControls cons = setSearchControls();
405 try
406 {
407 if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) {
408 return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
409 }
410 return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
411 }
412 catch (NamingException e)
413 {
414 throw new SecurityException(e);
415 }
416 }
417 }
418
419
420 /***
421 *
422 * Returns the role IDs for a particular user
423 *
424 * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
425 *
426 * @param userPrincipalUid
427 * @return the array of group uids asociated with this user
428 * @throws SecurityException
429 */
430 public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
431 {
432 validateUid(userPrincipalUid);
433 SearchControls cons = setSearchControls();
434 try
435 {
436 if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
437 return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
438 }
439 return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
440 }
441 catch (NamingException e)
442 {
443 throw new SecurityException(e);
444 }
445 }
446
447 /***
448 * <p>
449 * Return an array of the user principal UIDS that belong to a group.
450 * </p>
451 *
452 * @param groupPrincipalUid The group principal uid.
453 * @return The array of user uids asociated with this group
454 * @throws SecurityException A {@link SecurityException}.
455 */
456 public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
457 {
458
459 validateUid(groupPrincipalUid);
460 SearchControls cons = setSearchControls();
461 try
462 {
463 if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) {
464 return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
465 }
466 return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
467 }
468 catch (NamingException e)
469 {
470 throw new SecurityException(e);
471 }
472 }
473
474 /***
475 * <p>
476 * Return an array of the user principal UIDS that belong to a group.
477 * </p>
478 *
479 * @param groupPrincipalUid The group principal uid.
480 * @return The array of user uids asociated with this group
481 * @throws SecurityException A {@link SecurityException}.
482 */
483 public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
484 {
485 validateUid(rolePrincipalUid);
486 SearchControls cons = setSearchControls();
487 try
488 {
489 if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) {
490 return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
491 }
492 return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
493 }
494 catch (NamingException e)
495 {
496 throw new SecurityException(e);
497 }
498 }
499
500 protected String[] getObjectClasses() {
501 return this.getUserObjectClasses();
502 }
503
504 protected String[] getAttributes() {
505 return this.getUserAttributes();
506 }
507
508 protected String getUidAttributeForPrincipal() {
509 return this.getUserUidAttribute();
510 }
511
512 protected String getEntryPrefix() {
513 return this.getUserIdAttribute();
514 }
515
516 protected String getSearchSuffix() {
517 return this.getUserFilter();
518 }
519
520 protected String getDnSuffix() {
521 return this.getUserFilterBase();
522 }
523
524 }