directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbenn...@apache.org
Subject svn commit: r486187 [6/49] - in /directory/trunks/triplesec: ./ admin-api/ admin-api/src/ admin-api/src/main/ admin-api/src/main/java/ admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/ admin-api/src/main/java/org/safehaus/triplesec/ ad...
Date Tue, 12 Dec 2006 15:24:14 GMT
Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapProfileDao.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,466 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin.dao.ldap;
+
+
+import java.io.UnsupportedEncodingException;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NameAlreadyBoundException;
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+import javax.naming.directory.SearchControls;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.safehaus.triplesec.admin.Constants;
+import org.safehaus.triplesec.admin.ConstraintViolationException;
+import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
+import org.safehaus.triplesec.admin.NoSuchEntryException;
+import org.safehaus.triplesec.admin.Profile;
+import org.safehaus.triplesec.admin.dao.ProfileDao;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class LdapProfileDao implements ProfileDao, LdapDao, Constants
+{
+    private static final Logger log = LoggerFactory.getLogger( LdapProfileDao.class );
+    private static final String[] ATTRIBUTES = new String[] {
+        PROFILEID_ID, DESCRIPTION_ID, USER_ID, GRANTS_ID, DENIALS_ID, ROLES_ID, PASSWORD_ID,
+        CREATORS_NAME_ID, CREATE_TIMESTAMP_ID, MODIFIERS_NAME_ID, MODIFY_TIMESTAMP_ID
+    };
+    private final DirContext ctx;
+    private final String baseUrl;
+    private final String principalName;
+    
+    
+    public LdapProfileDao( DirContext ctx ) throws DataAccessException
+    {
+        this.ctx = ctx;
+        String name = null;
+        String principal = null;
+        try
+        {
+            name = ctx.getNameInNamespace();
+            String principalDn = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
+            if ( principalDn.equalsIgnoreCase( "uid=admin,ou=system" ) )
+            {
+                principal = "admin";
+            }
+            else
+            {
+                principal = ( String ) new LdapDN( principalDn ).getRdn().getValue();
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to get name in namespace for base context.";
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+        finally
+        {
+            baseUrl = name;
+            principalName = principal;
+        }
+    }
+
+
+    public Iterator profileIterator( String applicationName, String user ) throws DataAccessException
+    {
+        String base = getRelativeDn( applicationName );
+        SearchControls controls = new SearchControls();
+        controls.setReturningAttributes( ATTRIBUTES );
+        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        try
+        {
+            return new JndiIterator( this, ctx.search( base, 
+                "(& (profileId=*) (user=" + user + ") (objectClass=policyProfile) )", controls ), applicationName );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to search " + base + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+    
+    public Iterator profileIterator( String appName ) throws DataAccessException
+    {
+        String base = getRelativeDn( appName );
+        SearchControls controls = new SearchControls();
+        controls.setReturningAttributes( ATTRIBUTES );
+        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        try
+        {
+            return new JndiIterator( this, ctx.search( base, 
+                "(& (profileId=*) (objectClass=policyProfile) )", controls ), appName );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to search " + base + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+    
+    public Profile load( String appName, String profileId ) throws DataAccessException
+    {
+        String description;
+        String user;
+        Set roles;
+        Set grants;
+        Set denials;
+        String rdn = getRelativeDn( appName, profileId );
+        Attributes attrs = null;
+        
+        String creatorsName;
+        String modifiersName;
+        Date createTimestamp;
+        Date modifyTimestamp;
+        boolean disabled = false;
+        
+        try
+        {
+            attrs = ctx.getAttributes( rdn, ATTRIBUTES );
+            user = LdapUtils.getSingleValued( USER_ID, attrs );
+            description = LdapUtils.getSingleValued( DESCRIPTION_ID, attrs );
+            roles = getMultiValued( ROLES_ID, attrs );
+            grants = getMultiValued( GRANTS_ID, attrs );
+            denials = getMultiValued( DENIALS_ID, attrs );
+            disabled = LdapUtils.getBoolean( SAFEHAUS_DISABLED_ID, attrs, false );
+            
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Could not find " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+        
+        return new Profile( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, 
+            appName, profileId, user, description, grants, denials, roles, disabled );
+    }
+
+
+    public Profile add( String appName, String profileId, String user, String description, Set grants, Set denials,
+        Set roles ) throws DataAccessException
+    {
+        BasicAttributes attrs = new BasicAttributes( OBJECT_CLASS_ID, POLICY_PROFILE_OC, true );
+        attrs.put( PROFILEID_ID, profileId );
+        attrs.put( USER_ID, user );
+        if ( description != null )
+        {
+            attrs.put( DESCRIPTION_ID, description );
+        }
+        addMultiValued( ROLES_ID, attrs, roles );
+        addMultiValued( GRANTS_ID, attrs, grants );
+        addMultiValued( DENIALS_ID, attrs, denials );
+
+        String rdn = getRelativeDn( appName, profileId );
+        try
+        {
+            ctx.createSubcontext( rdn, attrs );
+            return new Profile( principalName, new Date( System.currentTimeMillis() ), this, appName, 
+                profileId, user, description, grants, denials, roles );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            log.error( "Cannot create role " + rdn, e );
+            EntryAlreadyExistsException eaee = new EntryAlreadyExistsException();
+            eaee.initCause( e );
+            throw eaee;
+        }
+        catch ( NamingException e )
+        {
+            log.error( "Unexpected failure", e );
+            throw new DataAccessException( e.getMessage() );
+        }
+    }
+
+
+    public Profile rename( String newProfileId, Profile profile ) throws DataAccessException
+    {
+        String oldRdn = getRelativeDn( profile.getApplicationName(), profile.getId() );
+        String newRdn = getRelativeDn( profile.getApplicationName(), newProfileId );
+        
+        try
+        {
+            ctx.rename( oldRdn, newRdn );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Rename failed. Could not find " + oldRdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            String msg = "Rename failed. Another profile already exists at " + newRdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new EntryAlreadyExistsException( msg );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " is required by other entities";
+            log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " could not be renamed to " + newRdn;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+        
+        return new Profile( profile.getCreatorsName(), profile.getCreateTimestamp(), principalName, 
+            new Date( System.currentTimeMillis() ), this, profile.getApplicationName(), newProfileId, 
+            profile.getUser(), profile.getDescription(), profile.getGrants(), 
+            profile.getDenials(), profile.getRoles(), profile.isDisabled() );
+    }
+
+
+    public Profile modify( String creatorsName, Date createTimestamp, String appName, String profileId, 
+        String user, String description, Set grants, Set denials,
+        Set roles, boolean disabled, ModificationItem[] mods ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( appName, profileId );
+        
+        try
+        {
+            ctx.modifyAttributes( rdn, mods );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Could not modify " + rdn + " under " + baseUrl;
+            msg += " The modification violates constraints.";
+            log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Entry " + rdn + " under " + baseUrl + " does not exist";
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Could not modify " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        
+        return new Profile( creatorsName, createTimestamp, principalName, new Date( System.currentTimeMillis() ), 
+            this, appName, profileId, user, description, grants, denials, roles, disabled );
+    }
+
+
+    public void delete( String appName, String profileId ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( appName, profileId );
+
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            msg += ".  Other entities depend on " + profileId;
+            log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+
+    // -----------------------------------------------------------------------
+    // Private utility methods
+    // -----------------------------------------------------------------------
+
+    
+    private String getRelativeDn( String appName, String profileId )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append( "profileId=" ).append( profileId );
+        buf.append( ",ou=Profiles,appName=" ).append( appName );
+        buf.append( ",ou=Applications" );
+        return buf.toString();
+    }
+    
+    
+    private String getRelativeDn( String appName )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append( "ou=Profiles,appName=" ).append( appName );
+        buf.append( ",ou=Applications" );
+        return buf.toString();
+    }
+    
+    
+    private Set getMultiValued( String id, Attributes attrs ) throws NamingException 
+    {
+        Set values = Collections.EMPTY_SET;
+        if ( attrs.get( id ) != null )
+        {
+            values = new HashSet();
+            for ( NamingEnumeration ii = attrs.get( id ).getAll(); ii.hasMore(); /**/ )
+            {
+                values.add( ii.next() );
+            }
+            return Collections.unmodifiableSet( values );
+        }
+        return values;
+    }
+    
+    
+    private String getSingleValued( String id, Attributes attrs ) throws NamingException
+    {
+        String value = null;
+        if ( attrs.get( id ) != null )
+        {
+            Object obj = attrs.get( id ).get();
+            if ( obj instanceof String )
+            {
+                value = ( String ) attrs.get( id ).get();
+            }
+            else
+            {
+                try
+                {
+                    value = new String( ( byte[] ) attrs.get( id ).get(), "UTF-8" );
+                }
+                catch ( UnsupportedEncodingException e )
+                {
+                    log.error( "Failed to encode string", e );
+                }
+            }
+        }
+        return value;
+    }
+    
+
+    private void addMultiValued( String id, Attributes attrs, Set values )
+    {
+        if ( values == null )
+        {
+            return;
+        }
+        if ( ! values.isEmpty() )
+        {
+            BasicAttribute attr = new BasicAttribute( id );
+            for ( Iterator ii = values.iterator(); ii.hasNext(); /**/ )
+            {
+                attr.add( ii.next() );
+            }
+            attrs.put( attr );
+        }
+    }
+
+    
+    // -----------------------------------------------------------------------
+    // LdapDao method implementations
+    // -----------------------------------------------------------------------
+
+    
+    public Object getEntryObject( Object extra, Attributes attrs )
+    {
+        String profileId = null;
+        String user = null;
+        String description = null;
+        Set roles = Collections.EMPTY_SET;
+        Set grants = Collections.EMPTY_SET;
+        Set denials = Collections.EMPTY_SET;
+        
+        String creatorsName = null;
+        String modifiersName = null;
+        Date createTimestamp = null;
+        Date modifyTimestamp = null;
+        boolean disabled = false;
+        
+        try
+        {
+            profileId = ( String ) attrs.get( PROFILEID_ID ).get();
+            user =  ( String ) attrs.get( USER_ID ).get();
+            description = getSingleValued( DESCRIPTION_ID, attrs );
+            roles = getMultiValued( ROLES_ID, attrs );
+            grants = getMultiValued( GRANTS_ID, attrs );
+            denials = getMultiValued( DENIALS_ID, attrs );
+            disabled = LdapUtils.getBoolean( SAFEHAUS_DISABLED_ID, attrs, false );
+            
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to produce object for attributes: " + attrs;
+            log.error( msg, e );
+        }
+        
+        return new Profile( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, 
+            ( String ) extra, profileId, user, description, grants, denials, roles, disabled );
+    }
+
+
+    public void deleteEntry( String rdn )
+    {
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( NamingException e )
+        {
+            log.error( "Failed to delete " + rdn + " under " + baseUrl, e );
+        }
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapRoleDao.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,388 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin.dao.ldap;
+
+
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.Context;
+import javax.naming.NameAlreadyBoundException;
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SchemaViolationException;
+import javax.naming.directory.SearchControls;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.safehaus.triplesec.admin.Constants;
+import org.safehaus.triplesec.admin.ConstraintViolationException;
+import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.EntryAlreadyExistsException;
+import org.safehaus.triplesec.admin.NoSuchEntryException;
+import org.safehaus.triplesec.admin.Role;
+import org.safehaus.triplesec.admin.dao.RoleDao;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class LdapRoleDao implements RoleDao, LdapDao, Constants
+{
+    private static final Logger log = LoggerFactory.getLogger( LdapRoleDao.class );
+    private static final String[] ATTRIBUTES = new String[] {
+        ROLE_NAME_ID, DESCRIPTION_ID, GRANTS_ID, CREATORS_NAME_ID, CREATE_TIMESTAMP_ID, 
+        MODIFIERS_NAME_ID, MODIFY_TIMESTAMP_ID
+    };
+    private final DirContext ctx;
+    private final String baseUrl;
+    private final String principalName;
+    
+    
+    public LdapRoleDao( DirContext ctx ) throws DataAccessException
+    {
+        this.ctx = ctx;
+
+        String name = null;
+        String principal = null;
+        try
+        {
+            name = ctx.getNameInNamespace();
+            String principalDn = ( String ) ctx.getEnvironment().get( Context.SECURITY_PRINCIPAL );
+            if ( principalDn.equalsIgnoreCase( "uid=admin,ou=system" ) )
+            {
+                principal = "admin";
+            }
+            else 
+            {
+                principal = ( String ) new LdapDN( principalDn ).getRdn().getValue();
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to get name in namespace for base context.";
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+            
+        }
+        finally
+        {
+            baseUrl = name;
+            principalName = principal;
+        }
+    }
+
+    
+    public Iterator roleIterator( String appName ) throws DataAccessException
+    {
+        String base = getRelativeDn( appName );
+        SearchControls controls = new SearchControls();
+        controls.setReturningAttributes( ATTRIBUTES );
+        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        try
+        {
+            return new JndiIterator( this, ctx.search( base, 
+                "(& (roleName=*) (objectClass=policyRole) )", controls ), appName );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to search " + base + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+
+    public Role load( String appName, String roleName ) throws DataAccessException
+    {
+        String description = null;
+        Set grants = Collections.EMPTY_SET;
+        String rdn = getRelativeDn( appName, roleName );
+        Attributes attrs = null;
+        
+        String creatorsName = null;
+        String modifiersName = null;
+        Date createTimestamp = null;
+        Date modifyTimestamp = null;
+        
+        try
+        {
+            attrs = ctx.getAttributes( rdn, ATTRIBUTES );
+            description = LdapUtils.getSingleValued( DESCRIPTION_ID, attrs );
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+            
+            if ( attrs.get( GRANTS_ID ) != null )
+            {
+                grants = new HashSet();
+                for ( NamingEnumeration ii = attrs.get( GRANTS_ID ).getAll(); ii.hasMore(); /**/ )
+                {
+                    grants.add( ii.next() );
+                }
+            }
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Could not find " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+        
+        return new Role( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, appName, roleName, 
+            description, Collections.unmodifiableSet( grants ) );
+    }
+
+
+    public Role add( String appName, String roleName, String description, Set grants )
+        throws DataAccessException
+    {
+        BasicAttributes attrs = new BasicAttributes( OBJECT_CLASS_ID, POLICY_ROLE_OC, true );
+        attrs.put( ROLE_NAME_ID, roleName );
+        if ( description != null )
+        {
+            attrs.put( DESCRIPTION_ID, description );
+        }
+        if ( ! grants.isEmpty() )
+        {
+            BasicAttribute attr = new BasicAttribute( GRANTS_ID );
+            for ( Iterator ii = grants.iterator(); ii.hasNext(); /**/ )
+            {
+                attr.add( ii.next() );
+            }
+            attrs.put( attr );
+        }
+        
+        String rdn = getRelativeDn( appName, roleName );
+        try
+        {
+            ctx.createSubcontext( rdn, attrs );
+            return new Role( principalName, new Date( System.currentTimeMillis() ), this, 
+                appName, roleName, description, grants );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            log.error( "Cannot create role " + rdn, e );
+            EntryAlreadyExistsException eaee = new EntryAlreadyExistsException();
+            eaee.initCause( e );
+            throw eaee;
+        }
+        catch ( NamingException e )
+        {
+            log.error( "Unexpected failure", e );
+            throw new DataAccessException( e.getMessage() );
+        }
+    }
+
+
+    public Role rename( String newRoleName, Role role ) throws DataAccessException
+    {
+        String oldRdn = getRelativeDn( role.getApplicationName(), role.getName() );
+        String newRdn = getRelativeDn( role.getApplicationName(), newRoleName );
+        
+        try
+        {
+            ctx.rename( oldRdn, newRdn );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Rename failed. Could not find " + oldRdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NameAlreadyBoundException e )
+        {
+            String msg = "Rename failed. Another role already exists at " + newRdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new EntryAlreadyExistsException( msg );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " is required by other entities";
+            log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Rename failed. " + oldRdn + " under " + baseUrl + " could not be renamed to " + newRdn;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+        
+        return new Role( role.getCreatorsName(), role.getCreateTimestamp(), principalName, 
+            new Date( System.currentTimeMillis() ), this, role.getApplicationName(), newRoleName, 
+            role.getDescription(), role.getGrants() );
+    }
+
+
+    public Role modify( String creatorsName, Date createTimestamp, String appName, String roleName, 
+        String description, Set grants, ModificationItem[] mods )
+        throws DataAccessException
+    {
+            String rdn = getRelativeDn( appName, roleName );
+            
+            try
+            {
+                ctx.modifyAttributes( rdn, mods );
+            }
+            catch ( SchemaViolationException e )
+            {
+                String msg = "Could not modify " + rdn + " under " + baseUrl;
+                msg += " The modification violates constraints.";
+                log.error( msg, e );
+                throw new ConstraintViolationException( msg );
+            }
+            catch ( NameNotFoundException e )
+            {
+                String msg = "Entry " + rdn + " under " + baseUrl + " does not exist";
+                log.error( msg, e );
+                throw new NoSuchEntryException( msg );
+            }
+            catch ( NamingException e )
+            {
+                String msg = "Could not modify " + rdn + " under " + baseUrl;
+                log.error( msg, e );
+                throw new NoSuchEntryException( msg );
+            }
+            
+            return new Role( creatorsName, createTimestamp, principalName, new Date( System.currentTimeMillis() ), 
+                this, appName, roleName, description, grants );
+    }
+
+
+    public void delete( String appName, String roleName ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( appName, roleName );
+
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( SchemaViolationException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            msg += ".  Other entities depend on " + roleName;
+            log.error( msg, e );
+            throw new ConstraintViolationException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Could not delete " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+
+
+    // -----------------------------------------------------------------------
+    // Private utility methods
+    // -----------------------------------------------------------------------
+
+    
+    private String getRelativeDn( String appName, String roleName )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append( "roleName=" ).append( roleName );
+        buf.append( ",ou=Roles,appName=" ).append( appName );
+        buf.append( ",ou=Applications" );
+        return buf.toString();
+    }
+    
+    
+    private String getRelativeDn( String appName )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append( "ou=Roles,appName=" ).append( appName );
+        buf.append( ",ou=Applications" );
+        return buf.toString();
+    }
+    
+    
+    // -----------------------------------------------------------------------
+    // LdapDao method implementations
+    // -----------------------------------------------------------------------
+
+    
+    public Object getEntryObject( Object extra, Attributes attrs )
+    {
+        String roleName = null;
+        String description = null;
+        Set grants = Collections.EMPTY_SET;
+        
+        String creatorsName = null;
+        String modifiersName = null;
+        Date createTimestamp = null;
+        Date modifyTimestamp = null;
+        
+        try
+        {
+            roleName = ( String ) attrs.get( ROLE_NAME_ID ).get();
+            description = LdapUtils.getSingleValued( DESCRIPTION_ID, attrs );
+            creatorsName = LdapUtils.getPrincipal( CREATORS_NAME_ID, attrs );
+            modifiersName = LdapUtils.getPrincipal( MODIFIERS_NAME_ID, attrs );
+            createTimestamp = LdapUtils.getDate( CREATE_TIMESTAMP_ID, attrs );
+            modifyTimestamp = LdapUtils.getDate( MODIFY_TIMESTAMP_ID, attrs );
+            if ( attrs.get( GRANTS_ID ) != null )
+            {
+                grants = new HashSet();
+                for ( NamingEnumeration ii = attrs.get( GRANTS_ID ).getAll(); ii.hasMore(); /**/ )
+                {
+                    grants.add( ii.next() );
+                }
+            }
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to produce object for attributes: " + attrs;
+            log.error( msg, e );
+        }
+        
+        return new Role( creatorsName, createTimestamp, modifiersName, modifyTimestamp, this, 
+            ( String ) extra, roleName, description, Collections.unmodifiableSet( grants ) );
+    }
+
+
+    public void deleteEntry( String rdn )
+    {
+        try
+        {
+            ctx.destroySubcontext( rdn );
+        }
+        catch ( NamingException e )
+        {
+            log.error( "Failed to delete " + rdn + " under " + baseUrl, e );
+        }
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUserDao.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,261 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin.dao.ldap;
+
+
+import java.util.Iterator;
+
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.NoPermissionException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+
+import org.apache.commons.lang.RandomStringUtils;
+import org.apache.commons.lang.math.RandomUtils;
+import org.safehaus.triplesec.admin.Constants;
+import org.safehaus.triplesec.admin.DataAccessException;
+import org.safehaus.triplesec.admin.NoSuchEntryException;
+import org.safehaus.triplesec.admin.PermissionDeniedException;
+import org.safehaus.triplesec.admin.User;
+import org.safehaus.triplesec.admin.dao.UserDao;
+
+
+public class LdapUserDao extends AbstractLdapDao implements UserDao, Constants
+{
+    private static final String[] ATTRIBUTES = 
+        {
+            "*", "+"
+        };
+
+    private final LdapExternalUserDao externalUserDao;
+    private final LdapLocalUserDao localUserDao;
+    private final LdapHauskeysUserDao hauskeysUserDao;
+    
+    
+    public LdapUserDao( DirContext ctx, LdapExternalUserDao externalUserDao, LdapLocalUserDao localUserDao, 
+        LdapHauskeysUserDao hauskeysUserDao ) throws DataAccessException
+    {
+        super( ctx );
+        this.externalUserDao = externalUserDao;
+        this.localUserDao = localUserDao;
+        this.hauskeysUserDao = hauskeysUserDao;
+    }
+
+
+    public User load( String id ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( id );
+        Attributes attrs = null;
+
+        try
+        {
+            attrs = ctx.getAttributes( rdn, ATTRIBUTES );
+        }
+        catch ( NameNotFoundException e )
+        {
+            String msg = "Could not find " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new NoSuchEntryException( msg );
+        }
+        catch ( NoPermissionException e )
+        {
+            String msg = "User load failed. Permission denied.";
+            log.error( msg, e );
+            throw new PermissionDeniedException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+
+        return ( User ) getEntryObject( null, attrs );
+    }
+
+
+    public boolean hasUser( String id ) throws DataAccessException
+    {
+        String rdn = getRelativeDn( id );
+        Attributes attrs = null;
+
+        try
+        {
+            attrs = ctx.getAttributes( rdn, ATTRIBUTES );
+        }
+        catch ( NameNotFoundException e )
+        {
+            return false;
+        }
+        catch ( NoPermissionException e )
+        {
+            String msg = "User lookup failed. Permission denied.";
+            log.error( msg, e );
+            throw new PermissionDeniedException( msg );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to lookup " + rdn + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+
+        return attrs != null;
+    }
+
+
+    public Object getEntryObject( Object extra, Attributes attrs )
+    {
+        try
+        {
+            if ( isExternalUser( attrs ) ) 
+            {
+                return externalUserDao.getEntryObject( extra, attrs );
+            }
+            else if ( isHauskeysUser( attrs ) )
+            {
+                return hauskeysUserDao.getEntryObject( extra, attrs );
+            }
+        }
+        catch ( NamingException e )
+        {
+            log.error( "Failed to determine type of user", e );
+        }
+        
+        return localUserDao.getEntryObject( extra, attrs );
+    }
+
+
+    public Iterator iterator() throws DataAccessException
+    {
+        String base = "ou=Users";
+        SearchControls controls = new SearchControls();
+        controls.setReturningAttributes( ATTRIBUTES );
+        controls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        try
+        {
+            return new JndiIterator( this, ctx.search( base, 
+                "(| (objectClass=referral) (objectClass=person) )", controls ), null );
+        }
+        catch ( NamingException e )
+        {
+            String msg = "Failed to search " + base + " under " + baseUrl;
+            log.error( msg, e );
+            throw new DataAccessException( msg );
+        }
+    }
+    
+    
+    public String getRandomUniqueActivationKey() throws DataAccessException
+    {
+        String key = null;
+        int count = 0;
+        boolean isNotUnique = true;
+        while( isNotUnique && count < 10 )
+        {
+            // max length 16, min length 8 bytes
+            int length = 8 + RandomUtils.nextInt() % 8;
+            key = RandomStringUtils.randomNumeric( length );
+
+            NamingEnumeration list = null;
+            try
+            {
+                list = ctx.search( "ou=users", new BasicAttributes( "safehausActivationKey", key, true ) );
+                isNotUnique = list.hasMore();
+            }
+            catch ( NamingException e )
+            {
+                throw new DataAccessException( "Encountered failure while searching for activation keys." );
+            }
+            finally
+            {
+                if ( list != null ) { try { list.close(); }catch (Exception e){ log.error( "can't close naming enum" ); } };
+                count++;
+            }
+        }
+
+        return key;
+    }
+
+    
+    // -----------------------------------------------------------------------
+    // Private Utility Methods
+    // -----------------------------------------------------------------------
+
+    
+    private boolean isExternalUser( Attributes attrs ) throws NamingException
+    {
+        Attribute oc = attrs.get( OBJECT_CLASS_ID );
+        
+        if ( oc == null )
+        {
+            return false;
+        }
+        
+        if ( oc.contains( REFERRAL_OC ) )
+        {
+            return true;
+        }
+        
+        for ( NamingEnumeration ii = oc.getAll(); ii.hasMore(); /**/ )
+        {
+            String val = ( String ) ii.next();
+            if ( val.equalsIgnoreCase( REFERRAL_OC ) )
+            {
+                return true;
+            }
+        }
+        
+        return false;
+    }
+    
+    
+    private boolean isHauskeysUser( Attributes attrs ) throws NamingException
+    {
+        String samType = LdapUtils.getSingleValued( APACHE_SAM_TYPE_ID, attrs );
+        
+        if ( samType == null )
+        {
+            return false;
+        }
+        else if ( Integer.parseInt( samType ) == 7 )
+        {
+            return true;
+        }
+        else
+        {
+            throw new IllegalStateException( "Unrecognized sam type value: " + samType );
+        }
+    }
+
+    
+    private String getRelativeDn( String uid )
+    {
+        StringBuffer buf = new StringBuffer();
+        buf.append( "uid=" ).append( uid );
+        buf.append( ",ou=Users" );
+        return buf.toString();
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUtils.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUtils.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUtils.java (added)
+++ directory/trunks/triplesec/admin-api/src/main/java/org/safehaus/triplesec/admin/dao/ldap/LdapUtils.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,103 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin.dao.ldap;
+
+
+import java.io.UnsupportedEncodingException;
+import java.util.Date;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.util.DateUtils;
+
+
+public class LdapUtils
+{
+    public static String getSingleValued( String id, Attributes attrs ) throws NamingException
+    {
+        if ( attrs.get( id ) == null )
+        {
+            return null;
+        }
+        
+        Object obj = attrs.get( id ).get();
+        if ( obj instanceof String )
+        {
+            return ( String ) obj;
+        }
+        
+        try
+        {
+            return new String( ( byte[] ) obj, "UTF-8" );
+        }
+        catch ( UnsupportedEncodingException e )
+        {
+            IllegalStateException ise = new IllegalStateException( "Encoding not supported" );
+            ise.initCause( e );
+            throw ise;
+        }
+    }
+    
+    
+    public static String getPrincipal( String id, Attributes attrs ) throws NamingException
+    {
+        if ( attrs.get( id ) == null )
+        {
+            return null;
+        }
+        
+        return ( String ) new LdapDN( getSingleValued( id, attrs ) ).getRdn().getValue();
+    }
+
+
+    public static Date getDate( String id, Attributes attrs ) throws NamingException
+    {
+        if ( attrs.get( id ) == null )
+        {
+            return null;
+        }
+        
+        return DateUtils.getDate( getSingleValued( id, attrs ) );
+    }
+    
+    
+    public static boolean getBoolean( String id, Attributes attrs, boolean defaultValue ) throws NamingException
+    {
+        if ( attrs.get( id ) == null )
+        {
+            return defaultValue;
+        }
+        
+        return parseBoolean ( ( ( String ) attrs.get( id ).get() ).toLowerCase() );
+    }
+
+    
+    private static boolean parseBoolean( String bool )
+    {
+        if ( bool.equals( "true" ) )
+        {
+            return true;
+        }
+        
+        return false;
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java (added)
+++ directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/EntryModifierTest.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,221 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin;
+
+
+import java.util.HashSet;
+import java.util.Set;
+
+import junit.framework.TestCase;
+
+
+public class EntryModifierTest extends TestCase
+{
+    public void testPermissionModifier0()
+    {
+        PermissionModifier modifier = new PermissionModifier( null, "testApp", "testPerm" );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertFalse( modifier.isUpdatableEntry() ); 
+        assertTrue( modifier.isNewEntry() );
+
+        modifier.setDescription( "description test" );
+        assertTrue( modifier.isUpdateNeeded() );
+    }
+
+    
+    public void testPermissionModifier1()
+    {
+        Permission archetype = new Permission( null, null, null, "", "archetypePerm", "first description" );
+        PermissionModifier modifier = new PermissionModifier( null, archetype );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertTrue( modifier.isUpdatableEntry() );
+        assertFalse( modifier.isNewEntry() );
+        
+        modifier.setDescription( "description test" );
+        assertTrue( modifier.isUpdateNeeded() );
+    }
+
+    
+    public void testRoleModifier0()
+    {
+        RoleModifier modifier = new RoleModifier( null, "testApp", "testRole" );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertFalse( modifier.isUpdatableEntry() );
+        assertTrue( modifier.isNewEntry() );
+        
+        // change the description
+        modifier.setDescription( "description test" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.setDescription( null );
+        assertFalse( modifier.isUpdateNeeded() );
+        
+        // add some grants
+        modifier.addGrant( "testPerm0" );
+        modifier.removeGrant( "testPerm0" );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+    
+    
+    public void testRoleModifier1()
+    {
+        Set grants = new HashSet();
+        grants.add( "bend" );
+        grants.add( "fold" );
+        grants.add( "spindle" );
+        Role archetype = new Role( null, null, null, "testApp", "testRole", null, grants );
+        
+        RoleModifier modifier = new RoleModifier( null, archetype );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertTrue( modifier.isUpdatableEntry() );
+        assertFalse( modifier.isNewEntry() );
+        
+        modifier.addGrant( "mutilate" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.setDescription( null );
+        modifier.removeGrant( "mutilate" );
+        assertFalse( modifier.isUpdateNeeded() );
+        
+        // add some grants
+        modifier.addGrant( "testPerm0" );
+        modifier.removeGrant( "testPerm0" );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+
+    
+    public void testRoleModifier2()
+    {
+        Set grants = new HashSet();
+        grants.add( "bend" );
+        grants.add( "fold" );
+        grants.add( "spindle" );
+        Role archetype = new Role( null, null, null, "testApp", "testRole", null, grants );
+        
+        RoleModifier modifier = new RoleModifier( null, archetype );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertTrue( modifier.isUpdatableEntry() );
+        assertFalse( modifier.isNewEntry() );
+        
+        modifier.addGrant( "mutilate" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeGrant( "fold" );
+        
+        modifier.setDescription( null );
+        modifier.removeGrant( "mutilate" );
+        modifier.addGrant( "fold" );
+        assertFalse( modifier.isUpdateNeeded() );
+        
+        // add some grants
+        modifier.addGrant( "testPerm0" );
+        modifier.removeGrant( "testPerm0" );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+    
+    
+    public void testProfileModifier0()
+    {
+        ProfileModifier modifier = new ProfileModifier( null, "testApp", "testProfile", "testUser" );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertFalse( modifier.isUpdatableEntry() );
+        assertTrue( modifier.isNewEntry() );
+
+        modifier.addDenial( "fold" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeDenial( "fold" );
+        assertFalse( modifier.isUpdateNeeded() );
+
+        modifier.addGrant( "twist" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeGrant( "twist" );
+        assertFalse( modifier.isUpdateNeeded() );
+    
+        modifier.addRole( "admin" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeRole( "admin" );
+        assertFalse( modifier.isUpdateNeeded() );
+        
+        modifier.setDescription( "test description" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.setDescription( null );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+
+    
+    public void testProfileModifier2()
+    {
+        Set grants = new HashSet();
+        grants.add( "spindle" );
+        grants.add( "mutilate" );
+        grants.add( "twist" );
+        Set denials = new HashSet();
+        denials.add( "fold" );
+        Set roles = new HashSet();
+        roles.add( "trusted" );
+        Profile archetype = new Profile( null, null, null, "testApp", "archetype", "akarasulu", 
+            "archetype profile", grants, denials, roles );
+        
+        ProfileModifier modifier = new ProfileModifier( null, archetype );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertTrue( modifier.isUpdatableEntry() );
+        assertFalse( modifier.isNewEntry() );
+
+        modifier.addDenial( "fold" );
+        assertFalse( modifier.isUpdateNeeded() );
+        modifier.removeDenial( "fold" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.addDenial( "fold" );
+
+        modifier.addGrant( "twist" );
+        assertFalse( modifier.isUpdateNeeded() );
+        modifier.removeGrant( "twist" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.addGrant( "twist" );
+    
+        modifier.addRole( "admin" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeRole( "admin" );
+        assertFalse( modifier.isUpdateNeeded() );
+        
+        modifier.setDescription( "test description" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.setDescription( "archetype profile" );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+    
+    
+    public void testGroupModifier()
+    {
+        Set members = new HashSet();
+        Group group = new Group( null, null, null, "testGroup", members );
+        assertEquals( "testGroup", group.getName() );
+        assertEquals( 0, group.getMembers().size() );
+        members.add( "testUser0" );
+        assertEquals( 0, group.getMembers().size() );
+        
+        GroupModifier modifier = new GroupModifier( null, group );
+        assertTrue( modifier.isUpdatableEntry() );
+        assertFalse( modifier.isNewEntry() );
+        assertFalse( modifier.isUpdateNeeded() );
+        assertTrue( modifier.isValid() );
+        modifier.addMember( "testUser0" );
+        assertTrue( modifier.isUpdateNeeded() );
+        modifier.removeMember( "testUser0" );
+        assertFalse( modifier.isUpdateNeeded() );
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java (added)
+++ directory/trunks/triplesec/admin-api/src/test/java/org/safehaus/triplesec/admin/IntegrationTest.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,689 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.admin;
+
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.security.auth.kerberos.KerberosKey;
+import javax.security.auth.kerberos.KerberosPrincipal;
+
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.safehaus.triplesec.admin.dao.DaoFactory;
+import org.safehaus.triplesec.admin.dao.PermissionDao;
+import org.safehaus.triplesec.admin.dao.ldap.LdapDaoFactory;
+import org.safehaus.triplesec.admin.dao.ldap.LdapPermissionDao;
+import org.safehaus.triplesec.integration.TriplesecIntegration;
+
+
+
+/**
+ * Test cases for JNDI data access object and state factories.
+ *
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ * @version $Rev$
+ */
+public class IntegrationTest extends TriplesecIntegration
+{
+    private Properties props;
+    private DaoFactory factory;
+    private DirContext ctx;
+    private TriplesecAdmin admin;
+
+    
+    public IntegrationTest() throws Exception
+    {
+        super();
+    }
+
+    
+    public void setUp() throws Exception
+    {
+        super.setUp();
+        
+        props = new Properties();
+        props.setProperty( DaoFactory.IMPLEMENTATION_CLASS, LdapDaoFactory.class.getName() );
+        props.setProperty( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
+        props.setProperty( "java.naming.provider.url", "ldap://localhost:" + getLdapPort() + "/dc=example,dc=com" );
+        props.setProperty( "java.naming.security.principal", "uid=admin,ou=system" );
+        props.setProperty( "java.naming.security.credentials", "secret" );
+        props.setProperty( "java.naming.security.authentication", "simple" );
+
+        factory = DaoFactory.createInstance( props );
+        ctx = new InitialDirContext( props );
+        admin = new TriplesecAdmin( props );
+        
+        assertNotNull( factory );
+    }
+
+    
+    /**
+     * Tests the following {@link LdapPermissionDao} methods:
+     * 
+     * <ul>
+     *   <li>{@link PermissionDao#add(String, String, String)}</li>
+     *   <li>{@link PermissionDao#delete(String, String)}</li>
+     *   <li>{@link PermissionDao#load(String, String)}</li>
+     *   <li>{@link PermissionDao#modify(String, String, String, ModificationItem[])}</li>
+     *   <li>{@link PermissionDao#rename(String, Permission)}</li>
+     *   <li>{@link PermissionDao#permissionIterator(String)}</li>
+     *   <li>{@link PermissionDao#permissionNameIterator(String)}</li>
+     * </ul>
+     */
+    public void testPermissionDao() throws Exception
+    {
+        PermissionDao dao = factory.getPermissionDao();
+        
+        // add a permission via add( String, String )
+        dao.add( "mockApplication", getName() + "0", null );
+        Attributes attrs = ctx.getAttributes( "permName=" + getName() 
+            + "0, ou=permissions, appName=mockApplication, ou=applications" );
+        assertEquals( getName() + "0", ( String ) attrs.get( "permName" ).get() );
+        assertNull( attrs.get( "description" ) );
+        
+        // add a permission via add( String, Permission )
+        PermissionModifier modifier = new PermissionModifier( dao, "mockApplication", getName() + "1" ); 
+        modifier.setDescription( "a non-null description" ).add();
+        attrs = ctx.getAttributes( "permName=" + getName() 
+            + "1, ou=permissions, appName=mockApplication, ou=applications" );
+        assertEquals( getName() + "1", ( String ) attrs.get( "permName" ).get() );
+        assertNotNull( attrs.get( "description" ) );
+        assertEquals( "a non-null description", ( String ) attrs.get( "description" ).get() );
+        dao.delete( "mockApplication", getName() + "1" );
+
+        // test the lookup of the newly added permission
+        Permission permission = dao.load( "mockApplication", getName() + "0" );
+        assertNotNull( permission );
+        assertEquals( getName() + "0", permission.getName() );
+        assertEquals( null, permission.getDescription() );
+        
+        // test the modification of the newly added permission
+        modifier = permission.modifier().setDescription( "updated description" );
+        modifier.modify();
+        permission = dao.load( "mockApplication", getName() + "0" );
+        assertNotNull( permission );
+        assertEquals( getName() + "0", permission.getName() );
+        assertEquals( "updated description", permission.getDescription() );
+        
+        // test the rename of the updated permission 
+        permission = dao.rename( getName()+ "0renamed", permission );
+        assertNotNull( permission );
+        assertEquals( getName() + "0renamed", permission.getName() );
+        assertEquals( "updated description", permission.getDescription() );
+        permission = dao.load( "mockApplication", getName()+ "0renamed" );
+        assertNotNull( permission );
+        assertEquals( getName() + "0renamed", permission.getName() );
+        assertEquals( "updated description", permission.getDescription() );
+        
+        // test the delete of the newly added permission
+        dao.delete( "mockApplication", getName() + "0renamed" );
+        try
+        {
+            permission = dao.load( "mockApplication", getName() + "0renamed" );
+            fail( "should never get here" );
+        }
+        catch ( NoSuchEntryException e )
+        {
+        }
+        
+        // test the permissionNameIterator() method 
+        Iterator iterator = dao.permissionNameIterator( "mockApplication" );
+        Set permNames = new HashSet();
+        while( iterator.hasNext() )
+        {
+            permNames.add( iterator.next() );
+        }
+        assertEquals( 10, permNames.size() );
+        assertFalse( permNames.contains( "bogus" ) );
+        assertTrue( permNames.contains( "mockPerm0" ) );
+        assertTrue( permNames.contains( "mockPerm1" ) );
+        assertTrue( permNames.contains( "mockPerm2" ) );
+        assertTrue( permNames.contains( "mockPerm3" ) );
+        assertTrue( permNames.contains( "mockPerm4" ) );
+        assertTrue( permNames.contains( "mockPerm5" ) );
+        assertTrue( permNames.contains( "mockPerm6" ) );
+        assertTrue( permNames.contains( "mockPerm7" ) );
+        assertTrue( permNames.contains( "mockPerm8" ) );
+        assertTrue( permNames.contains( "mockPerm9" ) );
+        
+        // test the permissionIterator() method
+        iterator = dao.permissionIterator( "mockApplication" );
+        Set perms = new HashSet();
+        while( iterator.hasNext() )
+        {
+            permission = ( Permission ) iterator.next();
+            perms.add( permission );
+            assertTrue( permNames.contains( permission.getName() ) );
+        }
+        assertEquals( 10, perms.size() );
+    }
+    
+    
+    public void testApplicationDao() throws Exception
+    {
+        // get and modify the application
+        Application app = admin.getApplication( "mockApplication" );
+        assertNotNull( app );
+        assertEquals( "mockApplication", app.getName() );
+        assertEquals( null, app.getDescription() );
+        assertEquals( "testing", app.getPassword() );
+        app = app.modifier().setDescription( "test" ).modify();
+        assertEquals( "test", app.getDescription() );
+        
+        // create a new application
+        app = admin.newApplication( "test" ).add();
+        app = app.modifier().setDescription( "test" ).setPassword( "secret" ).modify();
+        assertNotNull( app );
+        assertEquals( "test", app.getName() );
+        assertEquals( "test", app.getDescription() );
+        assertEquals( "secret", app.getPassword() );
+        app = admin.getApplication( "test" );
+        assertNotNull( app );
+        assertEquals( "test", app.getName() );
+        assertEquals( "test", app.getDescription() );
+        assertEquals( "secret", app.getPassword() );
+        
+        // rename the new application
+        app = app.modifier().rename( "newName" );
+        app = admin.getApplication( "newName" );
+        assertNotNull( app );
+        assertEquals( "newName", app.getName() );
+        assertEquals( "test", app.getDescription() );
+        assertEquals( "secret", app.getPassword() );
+        
+        // create a permission for the new application
+        Permission perm = app.modifier().newPermission( "testPerm" ).
+            setDescription( "test description" ).add();
+        assertEquals( "newName", perm.getApplicationName() );
+        assertEquals( "testPerm", perm.getName() );
+        assertEquals( "test description", perm.getDescription() );    
+        perm = app.getPermission( perm.getName() );
+        assertEquals( "newName", perm.getApplicationName() );
+        assertEquals( "testPerm", perm.getName() );
+        assertEquals( "test description", perm.getDescription() );    
+        
+        // delete the permission and make sure it's not there
+        perm.modifier().delete();
+        try
+        {
+            app.getPermission( perm.getName() );
+            fail( "should never get here" );
+        }
+        catch( DataAccessException e )
+        {
+        }
+        
+        // delete the application and make sure it's not there
+        app.modifier().delete();
+        try
+        {
+            admin.getApplication( "test" );
+        }
+        catch( DataAccessException e )
+        {
+        }
+    }
+    
+    
+    public void testProfileIteration() throws Exception
+    {
+        Application app = admin.getApplication( "mockApplication" );
+        app.modifier().newProfile( "extra", "lockedout" ).add();
+        for ( Iterator ii = app.profileIterator( "akarasulu" ); ii.hasNext(); /**/ )
+        {
+            Profile profile = ( Profile ) ii.next(); 
+            assertEquals( "akarasulu", profile.getUser() );
+        }
+        for ( Iterator ii = app.profileIterator( "extra" ); ii.hasNext(); /**/ )
+        {
+            Profile profile = ( Profile ) ii.next();
+            assertEquals( "extra", profile.getUser() );
+        }
+    }
+    
+    
+    public void testRoleDao() throws Exception
+    {
+        Application app = admin.getApplication( "mockApplication" );
+        
+        // create a new role after changing modifier's description and grants
+        Role role = app.modifier().newRole( "testRole" ).setDescription( "test role" )
+            .addGrant( "mockPerm0" ).addGrant( "mockPerm1" ).add();
+        assertNotNull( role );
+        assertEquals( "mockApplication", role.getApplicationName() );
+        assertEquals( "testRole", role.getName() );
+        assertEquals( "test role", role.getDescription() );
+        assertEquals( 2, role.getGrants().size() );
+        assertTrue( role.getGrants().contains( "mockPerm0" ) );
+        assertTrue( role.getGrants().contains( "mockPerm1" ) );
+        assertFalse( role.getGrants().contains( "bogus" ) );
+        
+        // lookup and confirm values again
+        role = app.getRole( "testRole" );
+        assertNotNull( role );
+        assertEquals( "mockApplication", role.getApplicationName() );
+        assertEquals( "testRole", role.getName() );
+        assertEquals( "test role", role.getDescription() );
+        assertEquals( 2, role.getGrants().size() );
+        assertTrue( role.getGrants().contains( "mockPerm0" ) );
+        assertTrue( role.getGrants().contains( "mockPerm1" ) );
+        assertFalse( role.getGrants().contains( "bogus" ) );
+        
+        // remove existing grant, add two new ones, and modify
+        role = role.modifier().removeGrant( "mockPerm1" ).addGrant( "mockPerm2" )
+            .addGrant( "mockPerm3" ).setDescription( "changed description" ).modify();
+        assertNotNull( role );
+        assertEquals( "changed description", role.getDescription() );
+        assertEquals( 3, role.getGrants().size() );
+        assertTrue( role.getGrants().contains( "mockPerm0" ) );
+        assertTrue( role.getGrants().contains( "mockPerm2" ) );
+        assertTrue( role.getGrants().contains( "mockPerm3" ) );
+        assertFalse( role.getGrants().contains( "bogus" ) );
+        
+        // rename the role, test values, look it up again and test values again
+        role = role.modifier().rename( "renamedRole" );
+        assertNotNull( role );
+        assertEquals( "mockApplication", role.getApplicationName() );
+        assertEquals( "renamedRole", role.getName() );
+        assertEquals( "changed description", role.getDescription() );
+        assertEquals( 3, role.getGrants().size() );
+        assertTrue( role.getGrants().contains( "mockPerm0" ) );
+        assertTrue( role.getGrants().contains( "mockPerm2" ) );
+        assertTrue( role.getGrants().contains( "mockPerm3" ) );
+        assertFalse( role.getGrants().contains( "bogus" ) );
+
+        role = app.getRole( "renamedRole" );
+        assertNotNull( role );
+        assertEquals( "mockApplication", role.getApplicationName() );
+        assertEquals( "renamedRole", role.getName() );
+        assertEquals( "changed description", role.getDescription() );
+        assertEquals( 3, role.getGrants().size() );
+        assertTrue( role.getGrants().contains( "mockPerm0" ) );
+        assertTrue( role.getGrants().contains( "mockPerm2" ) );
+        assertTrue( role.getGrants().contains( "mockPerm3" ) );
+        assertFalse( role.getGrants().contains( "bogus" ) );
+        
+        // delete the role
+        role.modifier().delete();
+        try
+        {
+            app.getRole( "renamedRole" );
+            fail( "should never get here" );
+        }
+        catch( NoSuchEntryException e )
+        {
+        }
+    }
+
+
+    public void testProfileDao() throws Exception
+    {
+        Application app = admin.getApplication( "mockApplication" );
+        
+        // create a new profile after changing modifier's description with permission and roles
+        Profile profile = app.modifier().newProfile( "testProfile", "testUser" ).setDescription( "test profile" )
+            .addGrant( "mockPerm0" ).addGrant( "mockPerm1" ).addDenial( "mockPerm4" ).addRole( "mockRole2" ).add();
+        assertNotNull( profile );
+        assertEquals( "mockApplication", profile.getApplicationName() );
+        assertEquals( "testProfile", profile.getId() );
+        assertEquals( "testUser", profile.getUser() );
+        assertEquals( "test profile", profile.getDescription() );
+        assertEquals( 2, profile.getGrants().size() );
+        assertTrue( profile.getGrants().contains( "mockPerm0" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm1" ) );
+        assertFalse( profile.getGrants().contains( "bogus" ) );
+        assertEquals( 1, profile.getDenials().size() );
+        assertTrue( profile.getDenials().contains( "mockPerm4" ) );
+        assertFalse( profile.getDenials().contains( "bogus" ) );
+        assertEquals( 1, profile.getRoles().size() );
+        assertTrue( profile.getRoles().contains( "mockRole2" ) );
+        assertFalse( profile.getRoles().contains( "bogus" ) );
+        
+        
+        // lookup and confirm values again
+        profile = app.getProfile( "testProfile" );
+        assertNotNull( profile );
+        assertEquals( "mockApplication", profile.getApplicationName() );
+        assertEquals( "testProfile", profile.getId() );
+        assertEquals( "testUser", profile.getUser() );
+        assertEquals( "test profile", profile.getDescription() );
+        assertEquals( 2, profile.getGrants().size() );
+        assertTrue( profile.getGrants().contains( "mockPerm0" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm1" ) );
+        assertFalse( profile.getGrants().contains( "bogus" ) );
+        assertEquals( 1, profile.getDenials().size() );
+        assertTrue( profile.getDenials().contains( "mockPerm4" ) );
+        assertFalse( profile.getDenials().contains( "bogus" ) );
+        assertEquals( 1, profile.getRoles().size() );
+        assertTrue( profile.getRoles().contains( "mockRole2" ) );
+        assertFalse( profile.getRoles().contains( "bogus" ) );
+        
+        // remove existing grant, add two new ones, remove existing grant, add a role and modify
+        profile = profile.modifier().removeGrant( "mockPerm1" ).addGrant( "mockPerm2" )
+            .addGrant( "mockPerm3" ).removeDenial( "mockPerm4" ).addRole( "mockRole3" )
+            .setDescription( "changed description" ).modify();
+        assertNotNull( profile );
+        assertEquals( "changed description", profile.getDescription() );
+        assertEquals( 0, profile.getDenials().size() );
+        assertEquals( 3, profile.getGrants().size() );
+        assertTrue( profile.getGrants().contains( "mockPerm0" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm2" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm3" ) );
+        assertFalse( profile.getGrants().contains( "bogus" ) );
+        assertEquals( 2, profile.getRoles().size() );
+        assertTrue( profile.getRoles().contains( "mockRole2" ) );
+        assertTrue( profile.getRoles().contains( "mockRole3" ) );
+        assertFalse( profile.getRoles().contains( "bogus" ) );
+        
+        // rename the profile, test values, look it up again and test values again
+        profile = profile.modifier().rename( "renamedProfile" );
+        assertNotNull( profile );
+        assertEquals( "mockApplication", profile.getApplicationName() );
+        assertEquals( "renamedProfile", profile.getId() );
+        assertEquals( "testUser", profile.getUser() );
+        assertEquals( "changed description", profile.getDescription() );
+        assertEquals( 0, profile.getDenials().size() );
+        assertEquals( 3, profile.getGrants().size() );
+        assertTrue( profile.getGrants().contains( "mockPerm0" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm2" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm3" ) );
+        assertFalse( profile.getGrants().contains( "bogus" ) );
+        assertEquals( 2, profile.getRoles().size() );
+        assertTrue( profile.getRoles().contains( "mockRole2" ) );
+        assertTrue( profile.getRoles().contains( "mockRole3" ) );
+        assertFalse( profile.getRoles().contains( "bogus" ) );
+
+        profile = app.getProfile( "renamedProfile" );
+        assertNotNull( profile );
+        assertEquals( "mockApplication", profile.getApplicationName() );
+        assertEquals( "renamedProfile", profile.getId() );
+        assertEquals( "testUser", profile.getUser() );
+        assertEquals( "changed description", profile.getDescription() );
+        assertEquals( 0, profile.getDenials().size() );
+        assertEquals( 3, profile.getGrants().size() );
+        assertTrue( profile.getGrants().contains( "mockPerm0" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm2" ) );
+        assertTrue( profile.getGrants().contains( "mockPerm3" ) );
+        assertFalse( profile.getGrants().contains( "bogus" ) );
+        assertEquals( 2, profile.getRoles().size() );
+        assertTrue( profile.getRoles().contains( "mockRole2" ) );
+        assertTrue( profile.getRoles().contains( "mockRole3" ) );
+        assertFalse( profile.getRoles().contains( "bogus" ) );
+        
+        // delete the profile
+        profile.modifier().delete();
+        try
+        {
+            app.getProfile( "renamedProfile" );
+            fail( "should never get here" );
+        }
+        catch( NoSuchEntryException e )
+        {
+        }
+    }
+    
+    
+    private String getKerberosKeyAsString( String id, String realm, String password ) throws Exception
+    {
+        StringBuffer buf = new StringBuffer();
+        String krb5PrincipalName = buf.append( id ).append( "@" ).append( realm.toUpperCase() ).toString();
+        buf.setLength( 0 );
+        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal( krb5PrincipalName );
+        KerberosKey key = new KerberosKey( kerberosPrincipal, password.toCharArray(), "DES" );
+        return StringTools.utf8ToString( key.getEncoded() );
+    }
+    
+    
+    public void testLocalUserDao() throws Exception
+    {
+        assertFalse( admin.hasUser( "testLocalUser" ) );
+        LocalUserModifier modifier = admin.newLocalUser( "testLocalUser", "joe", "smith", "secret" );
+        modifier.setAddress1( "address1" ).setAddress2( "address2" ).setCity( "city" ).
+            setCompany( "company" ).setCountry( "country" ).setStateProvRegion( "stateProvRegion" )
+            .setZipPostalCode( "zipPostalCode" ).setEmail( "email" ).add();
+        assertTrue( admin.hasUser( "testLocalUser" ) );
+        
+        LocalUser user = ( LocalUser ) admin.getUser( "testLocalUser" );
+        assertNotNull( user );
+        assertEquals( "testLocalUser", user.getId() );
+        assertEquals( "joe", user.getFirstName() );
+        assertEquals( "smith", user.getLastName() );
+        assertEquals( "secret", user.getPassword() );
+        assertEquals( "address1", user.getAddress1() );
+        assertEquals( "address2", user.getAddress2() );
+        assertEquals( "city", user.getCity() );
+        assertEquals( "stateProvRegion", user.getStateProvRegion() );
+        assertEquals( "company", user.getCompany() );
+        assertEquals( "country", user.getCountry() );
+        assertEquals( "zipPostalCode", user.getZipPostalCode() );
+        assertEquals( "email", user.getEmail() );
+        assertFalse( user.isDisabled() );
+        
+        // now let's check and make sure the kerberos key is properly set
+        Attributes attrs = this.ctx.getAttributes( "uid=testLocalUser,ou=Users" );
+        assertEquals( getKerberosKeyAsString( "testLocalUser", "EXAMPLE.COM", "secret" ), 
+            attrs.get( "krb5Key" ).get() );
+        
+        user = user.modifier().setDescription( "test description" )
+            .setDisabled( true ).modify();
+        assertEquals( "test description", user.getDescription() );
+        assertEquals( "secret", user.getPassword() );
+        assertTrue( user.isDisabled() ); 
+        
+        user = user.modifier().setPassword( "reset" )
+            .setAddress1( "address1-" ).setAddress2( "address2-" ).setCity( "city-" )
+            .setCompany( "company-" ).setCountry( "country-" ).setStateProvRegion( "stateProvRegion-" )
+            .setZipPostalCode( "zipPostalCode-" ).setEmail( "email-" ).modify();
+        assertEquals( "reset", user.getPassword() );
+        user = ( LocalUser ) admin.getUser( "testLocalUser" );
+        assertNotNull( user );
+        assertEquals( "reset", user.getPassword() );
+        assertEquals( "address1-", user.getAddress1() );
+        assertEquals( "address2-", user.getAddress2() );
+        assertEquals( "city-", user.getCity() );
+        assertEquals( "stateProvRegion-", user.getStateProvRegion() );
+        assertEquals( "company-", user.getCompany() );
+        assertEquals( "country-", user.getCountry() );
+        assertEquals( "zipPostalCode-", user.getZipPostalCode() );
+        assertEquals( "email-", user.getEmail() );
+
+        // now let's check and make sure the kerberos key is properly set for the new password
+        attrs = this.ctx.getAttributes( "uid=testLocalUser,ou=Users" );
+        assertEquals( getKerberosKeyAsString( "testLocalUser", "EXAMPLE.COM", "reset" ), 
+            attrs.get( "krb5Key" ).get() );
+        assertEquals( "TRUE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+
+        user = user.modifier().setDisabled( false ).modify();
+        attrs = this.ctx.getAttributes( "uid=testLocalUser,ou=Users" );
+        assertEquals( "FALSE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+
+        user.modifier().delete();
+        assertFalse( admin.hasUser( "testLocalUser" ) );
+    }
+    
+    
+    public void testHauskeysUserDao() throws Exception
+    {
+        assertFalse( admin.hasUser( "testHauskeysUser" ) );
+        HauskeysUserModifier modifier = admin.newHauskeysUser( "testHauskeysUser", "joe", "smith", "secret" );
+        modifier.setAddress1( "address1" ).setAddress2( "address2" ).setCity( "city" ).
+        setCompany( "company" ).setCountry( "country" ).setStateProvRegion( "stateProvRegion" )
+        .setZipPostalCode( "zipPostalCode" ).setLabel( "testHauskeysUser" ).setNotifyBy( "sms" ).add();
+        assertTrue( admin.hasUser( "testHauskeysUser" ) );
+        
+        HauskeysUser user = ( HauskeysUser ) admin.getUser( "testHauskeysUser" );
+        assertNotNull( user );
+        assertEquals( "testHauskeysUser", user.getId() );
+        assertEquals( "joe", user.getFirstName() );
+        assertEquals( "smith", user.getLastName() );
+        assertEquals( "secret", user.getPassword() );
+        assertEquals( "secret", user.getPassword() );
+        assertEquals( "address1", user.getAddress1() );
+        assertEquals( "address2", user.getAddress2() );
+        assertEquals( "city", user.getCity() );
+        assertEquals( "stateProvRegion", user.getStateProvRegion() );
+        assertEquals( "company", user.getCompany() );
+        assertEquals( "country", user.getCountry() );
+        assertEquals( "zipPostalCode", user.getZipPostalCode() );
+        assertFalse( user.isDisabled() );
+        
+        // now let's check and make sure the kerberos key is properly set
+        Attributes attrs = this.ctx.getAttributes( "uid=testHauskeysUser,ou=Users" );
+        assertEquals( getKerberosKeyAsString( "testHauskeysUser", "EXAMPLE.COM", "secret" ), 
+            attrs.get( "krb5Key" ).get() );
+        
+        user = user.modifier().setDescription( "test description" )
+            .setDisabled( true ).modify();
+        assertEquals( "test description", user.getDescription() );
+        assertEquals( "secret", user.getPassword() );
+        assertTrue( user.isDisabled() ); 
+        
+        user = user.modifier().setPassword( "reset" )
+            .setAddress1( "address1-" ).setAddress2( "address2-" ).setCity( "city-" )
+            .setCompany( "company-" ).setCountry( "country-" ).setStateProvRegion( "stateProvRegion-" )
+            .setZipPostalCode( "zipPostalCode-" ).modify();
+        assertEquals( "reset", user.getPassword() );
+        user = ( HauskeysUser ) admin.getUser( "testHauskeysUser" );
+        assertNotNull( user );
+        assertEquals( "reset", user.getPassword() );
+        assertEquals( "address1-", user.getAddress1() );
+        assertEquals( "address2-", user.getAddress2() );
+        assertEquals( "city-", user.getCity() );
+        assertEquals( "stateProvRegion-", user.getStateProvRegion() );
+        assertEquals( "company-", user.getCompany() );
+        assertEquals( "country-", user.getCountry() );
+        assertEquals( "zipPostalCode-", user.getZipPostalCode() );
+
+        // now let's check and make sure the kerberos key is properly set for the new password
+        attrs = this.ctx.getAttributes( "uid=testHauskeysUser,ou=Users" );
+        assertEquals( getKerberosKeyAsString( "testHauskeysUser", "EXAMPLE.COM", "reset" ), 
+            attrs.get( "krb5Key" ).get() );
+        assertEquals( "TRUE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+
+        user = user.modifier().setDisabled( false ).modify();
+        attrs = this.ctx.getAttributes( "uid=testHauskeysUser,ou=Users" );
+        assertEquals( "FALSE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+
+        user.modifier().delete();
+        assertFalse( admin.hasUser( "testHauskeysUser" ) );
+    }
+    
+    
+    public void testExternalUserDao() throws Exception
+    {
+        final String uid = "testExternalUser";
+        final String referral = "ldap://localhost:10389/uid=someExternalUser,ou=Users,dc=example,dc=com";
+        assertFalse( admin.hasUser( uid ) );
+        ExternalUserModifier modifier = admin.newExternalUser( uid, referral );
+        modifier.add();
+        assertTrue( admin.hasUser( uid ) );
+        
+        ExternalUser user = ( ExternalUser ) admin.getUser( uid );
+        assertNotNull( user );
+        assertEquals( uid, user.getId() );
+        assertEquals( referral, user.getReferral() );
+        assertFalse( user.isDisabled() );
+        
+        user = user.modifier().setDescription( "test description" )
+            .setDisabled( true ).modify();
+        assertEquals( "test description", user.getDescription() );
+        assertTrue( user.isDisabled() ); 
+        
+        // now let's check and make sure the kerberos key is properly set for the new password
+        Attributes attrs = this.ctx.getAttributes( "uid=" + uid + ",ou=Users" );
+        assertEquals( "TRUE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+
+        user = user.modifier().setDisabled( false ).modify();
+        attrs = this.ctx.getAttributes( "uid=" + uid + ",ou=Users" );
+        assertEquals( "FALSE", attrs.get( Constants.KRB5_DISABLED_ID ).get() );
+        
+        user.modifier().delete();
+        assertFalse( admin.hasUser( uid ) );
+    }
+    
+    
+    public void testGroupDao() throws Exception
+    {
+        GroupModifier modifier = admin.newGroup( "testGroup", "firstMember" );
+        modifier.add();
+        
+        Group group = admin.getGroup( "testGroup" );
+        assertEquals( "testGroup", group.getName() );
+        assertEquals( 1, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        
+        group = group.modifier().addMember( "secondMember" ).addMember( "thirdMember" ).modify();
+        assertEquals( "testGroup", group.getName() );
+        assertEquals( 3, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        assertTrue( group.getMembers().contains( "secondMember" ) );
+        assertTrue( group.getMembers().contains( "thirdMember" ) );
+        
+        group = group.modifier().removeMember( "secondMember" ).modify();
+        assertEquals( "testGroup", group.getName() );
+        assertEquals( 2, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        assertTrue( group.getMembers().contains( "thirdMember" ) );
+        
+        group = group.modifier().addMember( "secondMember" ).removeMember( "thirdMember" ).modify();
+        assertEquals( 2, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        assertTrue( group.getMembers().contains( "secondMember" ) );
+        
+        group = group.modifier().rename( "renamedGroup" );
+        assertEquals( "renamedGroup", group.getName() );
+        assertEquals( 2, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        assertTrue( group.getMembers().contains( "secondMember" ) );
+        group = admin.getGroup( "renamedGroup" );
+        assertEquals( "renamedGroup", group.getName() );
+        assertEquals( 2, group.getMembers().size() );
+        assertTrue( group.getMembers().contains( "firstMember" ) );
+        assertTrue( group.getMembers().contains( "secondMember" ) );
+        try
+        {
+            group = admin.getGroup( "testGroup" );
+            fail();
+        }
+        catch ( NoSuchEntryException e )
+        {
+            assertEquals( "renamedGroup", group.getName() );
+            assertEquals( 2, group.getMembers().size() );
+            assertTrue( group.getMembers().contains( "firstMember" ) );
+            assertTrue( group.getMembers().contains( "secondMember" ) );
+        }
+        
+        group.modifier().delete();
+        try
+        {
+            group = admin.getGroup( "renamedGroup" );
+            fail();
+        }
+        catch ( NoSuchEntryException e )
+        {
+        }        
+    }
+}

Added: directory/trunks/triplesec/admin-api/src/test/resources/log4j.properties
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/test/resources/log4j.properties?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/test/resources/log4j.properties (added)
+++ directory/trunks/triplesec/admin-api/src/test/resources/log4j.properties Tue Dec 12 07:23:31 2006
@@ -0,0 +1,18 @@
+log4j.rootCategory=OFF, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n
+
+# with these we'll not get innundated when switching to DEBUG
+log4j.logger.org.apache.directory.shared.ldap.name=WARN
+log4j.logger.org.apache.directory.server.core.schema=ERROR
+log4j.logger.org.springframework=WARN
+log4j.logger.org.apache.directory.shared.codec=WARN
+log4j.logger.org.apache.directory.shared.asn1=WARN
+log4j.logger.org.apache.commons.digester.Digester=WARN
+log4j.logger.org.mortbay=WARN
+log4j.logger.org.apache.jasper=WARN
+log4j.logger.wicket=WARN
+log4j.logger.org.apache.commons=WARN
+log4j.logger.org.apache.myfaces=WARN



Mime
View raw message