incubator-connectors-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r1325386 - in /incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory: ActiveDirectoryAuthority.java ActiveDirectoryConfig.java
Date Thu, 12 Apr 2012 17:02:12 GMT
Author: kwright
Date: Thu Apr 12 17:02:12 2012
New Revision: 1325386

URL: http://svn.apache.org/viewvc?rev=1325386&view=rev
Log:
Revamp authority to allow for multiple domain controllers

Modified:
    incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
    incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java

Modified: incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: http://svn.apache.org/viewvc/incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=1325386&r1=1325385&r2=1325386&view=diff
==============================================================================
--- incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
(original)
+++ incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
Thu Apr 12 17:02:12 2012
@@ -41,24 +41,23 @@ public class ActiveDirectoryAuthority ex
   public static final String _rcsid = "@(#)$Id: ActiveDirectoryAuthority.java 988245 2010-08-23
18:39:35Z kwright $";
 
   // Data from the parameters
-  private String domainControllerName = null;
-  private String userName = null;
-  private String password = null;
-  private String authentication = null;
-  private String userACLsUsername = null;
+  
+  /** The list of suffixes and the associated domain controllers */
+  private List<DCRule> dCRules = null;
+  /** How to create a connection for a DC, keyed by DC name */
+  private Map<String,DCConnectionParameters> dCConnectionParameters = null;
+  
   private String cacheLifetime = null;
   private String cacheLRUsize = null;
   private long responseLifetime = 60000L;
   private int LRUsize = 1000;
 
-
+  /** Session information for all DC's we talk with. */
+  private Map<String,DCSessionInfo> sessionInfo = null;
+  
   /** Cache manager. */
   private ICacheManager cacheManager = null;
   
-  /** The initialized LDAP context (which functions as a session) */
-  private LdapContext ctx = null;
-  /** The time of last access to this ctx object */
-  private long expiration = -1L;
   
   /** The length of time in milliseconds that the connection remains idle before expiring.
 Currently 5 minutes. */
   private static final long expirationInterval = 300000L;
@@ -103,15 +102,48 @@ public class ActiveDirectoryAuthority ex
   public void connect(ConfigParams configParams)
   {
     super.connect(configParams);
-
-    // First, create server object (llServer)
-    domainControllerName = configParams.getParameter(ActiveDirectoryConfig.PARAM_DOMAINCONTROLLER);
-    userName = configParams.getParameter(ActiveDirectoryConfig.PARAM_USERNAME);
-    password = configParams.getObfuscatedParameter(ActiveDirectoryConfig.PARAM_PASSWORD);
-    authentication = configParams.getParameter(ActiveDirectoryConfig.PARAM_AUTHENTICATION);
-    userACLsUsername = configParams.getParameter(ActiveDirectoryConfig.PARAM_USERACLsUSERNAME);
-    if (userACLsUsername == null)
-      userACLsUsername = "sAMAccountName";
+    
+    // Allocate the session data, currently empty
+    sessionInfo = new HashMap<String,DCSessionInfo>();
+    
+    // Set up the DC param set, and the rules
+    dCRules = new ArrayList<DCRule>();
+    dCConnectionParameters = new HashMap<String,DCConnectionParameters>();
+    // For backwards compatibility, look at old-style parameters
+    String domainControllerName = configParams.getParameter(ActiveDirectoryConfig.PARAM_DOMAINCONTROLLER);
+    String userName = configParams.getParameter(ActiveDirectoryConfig.PARAM_USERNAME);
+    String password = configParams.getObfuscatedParameter(ActiveDirectoryConfig.PARAM_PASSWORD);
+    String authentication = configParams.getParameter(ActiveDirectoryConfig.PARAM_AUTHENTICATION);
+    String userACLsUsername = configParams.getParameter(ActiveDirectoryConfig.PARAM_USERACLsUSERNAME);
+    if (domainControllerName != null)
+    {
+      // Map the old-style parameters into the new-style structures.
+      dCConnectionParameters.put(domainControllerName,new DCConnectionParameters(userName,password,authentication,userACLsUsername));
+      // Create a single rule, too
+      dCRules.add(new DCRule("",domainControllerName));
+    }
+    else
+    {
+      // New-style parameters.  Read from the config info.
+      int i = 0;
+      while (i < configParams.getChildCount())
+      {
+        ConfigurationNode cn = configParams.getChild(i++);
+        if (cn.getType().equals(ActiveDirectoryConfig.NODE_DOMAINCONTROLLER))
+        {
+          // Domain controller name is the actual key...
+          String dcName = cn.getAttributeValue(ActiveDirectoryConfig.ATTR_DOMAINCONTROLLER);
+          // Set up the parameters for the domain controller
+          dCConnectionParameters.put(dcName,new DCConnectionParameters(cn.getAttributeValue(ActiveDirectoryConfig.ATTR_USERNAME),
+            cn.getAttributeValue(ActiveDirectoryConfig.ATTR_PASSWORD),
+            cn.getAttributeValue(ActiveDirectoryConfig.ATTR_AUTHENTICATION),
+            cn.getAttributeValue(ActiveDirectoryConfig.ATTR_USERACLsUSERNAME)));
+          // Order-based rule, as well
+          dCRules.add(new DCRule(cn.getAttributeValue(ActiveDirectoryConfig.ATTR_SUFFIX),dcName));
+        }
+      }
+    }
+    
     cacheLifetime = configParams.getParameter(ActiveDirectoryConfig.PARAM_CACHELIFETIME);
     if (cacheLifetime == null)
       cacheLifetime = "1";
@@ -129,51 +161,66 @@ public class ActiveDirectoryAuthority ex
   public String check()
     throws ManifoldCFException
   {
+    // Set up the basic session...
     getSession();
+    // Clear the DC session info, so we're forced to redo it
+    for (Map.Entry<String,DCSessionInfo> sessionEntry : sessionInfo.entrySet())
+    {
+      sessionEntry.getValue().closeConnection();
+    }
+    // Loop through all domain controllers and attempt to establish a session with each one.
+    for (String domainController : dCConnectionParameters.keySet())
+    {
+      createDCSession(domainController);
+    }
     return super.check();
   }
 
-  /** Poll.  The connection should be closed if it has been idle for too long.
+  /** Create or lookup a session for a domain controller.
   */
-  @Override
-  public void poll()
+  protected LdapContext createDCSession(String domainController)
     throws ManifoldCFException
   {
-    if (expiration != -1L && System.currentTimeMillis() > expiration)
-      closeConnection();
-    super.poll();
+    getSession();
+    DCConnectionParameters parms = dCConnectionParameters.get(domainController);
+    // Find the session in the hash, if it exists
+    DCSessionInfo session = sessionInfo.get(domainController);
+    if (session == null)
+    {
+      session = new DCSessionInfo();
+      sessionInfo.put(domainController,session);
+    }
+    return session.getSession(domainController,parms);
   }
   
-  /** Close the connection handle, but leave the info around if we open it again. */
-  protected void closeConnection()
+  /** Poll.  The connection should be closed if it has been idle for too long.
+  */
+  @Override
+  public void poll()
+    throws ManifoldCFException
   {
-    if (ctx != null)
+    long currentTime = System.currentTimeMillis();
+    for (Map.Entry<String,DCSessionInfo> sessionEntry : sessionInfo.entrySet())
     {
-      try
-      {
-        ctx.close();
-      }
-      catch (NamingException e)
-      {
-        // Eat this error
-      }
-      ctx = null;
-      expiration = -1L;
+      sessionEntry.getValue().closeIfExpired(currentTime);
     }
+    super.poll();
   }
   
+  
   /** Close the connection.  Call this before discarding the repository connector.
   */
   @Override
   public void disconnect()
     throws ManifoldCFException
   {
-    closeConnection();
-    domainControllerName = null;
-    userName = null;
-    password = null;
-    authentication = null;
-    userACLsUsername = null;
+    // Close all connections
+    for (Map.Entry<String,DCSessionInfo> sessionEntry : sessionInfo.entrySet())
+    {
+      sessionEntry.getValue().closeConnection();
+    }
+    sessionInfo = null;
+    
     cacheLifetime = null;
     cacheLRUsize = null;
     super.disconnect();
@@ -189,8 +236,8 @@ public class ActiveDirectoryAuthority ex
     throws ManifoldCFException
   {
     // Construct a cache description object
-    ICacheDescription objectDescription = new AuthorizationResponseDescription(userName,domainControllerName,
-      this.userName,this.password,this.responseLifetime,this.LRUsize);
+    ICacheDescription objectDescription = new AuthorizationResponseDescription(userName,
+      dCConnectionParameters,dCRules,this.responseLifetime,this.LRUsize);
     
     // Enter the cache
     ICacheHandle ch = cacheManager.enterCache(new ICacheDescription[]{objectDescription},null,null);
@@ -229,28 +276,87 @@ public class ActiveDirectoryAuthority ex
   protected AuthorizationResponse getAuthorizationResponseUncached(String userName)
     throws ManifoldCFException
   {
-    //Specify the Base for the search
-    String searchBase = parseUser(userName);
-    if (searchBase == null)
+    //String searchBase = "CN=Administrator,CN=Users,DC=qa-ad-76,DC=metacarta,DC=com";
+    int index = userName.indexOf("@");
+    if (index == -1)
+      throw new ManifoldCFException("Username is in unexpected form (no @): '"+userName+"'");
+    String userPart = userName.substring(0,index);
+    String domainPart = userName.substring(index+1);
+    
+    // Now, look through the rules for the matching domain controller
+    String domainController = null;
+    for (DCRule rule : dCRules)
+    {
+      String suffix = rule.getSuffix();
+      if (domainPart.toLowerCase().endsWith(suffix.toLowerCase()) &&
+        (suffix.length() == domainPart.length() || domainPart.charAt(domainPart.length()-suffix.length())
== '.'))
+      {
+        domainController = rule.getDomainControllerName();
+        break;
+      }
+    }
+    if (domainController == null)
+    {
+      // No domain controller found for the user, so return "user not found".
       return userNotFoundResponse;
+    }
+    
+    // Look up connection parameters
+    DCConnectionParameters dcParams = dCConnectionParameters.get(domainController);
+    if (dcParams == null)
+    {
+      // No domain controller, even though it's mentioned in a rule
+      return userNotFoundResponse;
+    }
+    
+    // Use the complete fqn if the field is the "userPrincipalName"
+    String userACLsUsername = dcParams.getUserACLsUsername();
+    if (userACLsUsername != null && userACLsUsername.equals("userPrincipalName")){
+    	userPart = userName;
+    }
+    
+    //Build the DN searchBase from domain part
+    StringBuilder domainsb = new StringBuilder();
+    int j = 0;
+    while (true)
+    {
+      if (j > 0)
+        domainsb.append(",");
 
-    //specify the LDAP search filter
-    String searchFilter = "(objectClass=user)";
-
-    //Create the search controls for finding the access tokens	
-    SearchControls searchCtls = new SearchControls();
-
-    //Specify the search scope, must be base level search for tokenGroups
-    searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
- 
-    //Specify the attributes to return
-    String returnedAtts[]={"tokenGroups","objectSid"};
-    searchCtls.setReturningAttributes(returnedAtts);
+      int k = domainPart.indexOf(".",j);
+      if (k == -1)
+      {
+        domainsb.append("DC=").append(ldapEscape(domainPart.substring(j)));
+        break;
+      }
+      domainsb.append("DC=").append(ldapEscape(domainPart.substring(j,k)));
+      j = k+1;
+    }
 
     try
     {
-      getSession();  
-      //Search for tokens.  Since every user *must* have a SID, the no user detection should
be safe.
+      // Establish a session with the selected domain controller
+      LdapContext ctx = createDCSession(domainController);  
+    
+      //Get DistinguishedName (for this method we are using DomainPart as a searchBase ie:
DC=qa-ad-76,DC=metacarta,DC=com")
+      String searchBase = getDistinguishedName(ctx, userPart, domainsb.toString(), userACLsUsername);
+      if (searchBase == null)
+        return userNotFoundResponse;
+
+      //specify the LDAP search filter
+      String searchFilter = "(objectClass=user)";
+
+      //Create the search controls for finding the access tokens	
+      SearchControls searchCtls = new SearchControls();
+
+      //Specify the search scope, must be base level search for tokenGroups
+      searchCtls.setSearchScope(SearchControls.OBJECT_SCOPE);
+   
+      //Specify the attributes to return
+      String returnedAtts[]={"tokenGroups","objectSid"};
+      searchCtls.setReturningAttributes(returnedAtts);
+
+      //Search for tokens.  Since every user *must* have a SID, the "no user" detection should
be safe.
       NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
 
       ArrayList theGroups = new ArrayList();
@@ -514,83 +620,12 @@ public class ActiveDirectoryAuthority ex
 
   // Protected methods
 
+  /** Basic "session" setup.  This does not set up sessions with any DC's, but only validates
the incoming scalar
+  * parameters.  Setting up sessions with specific DC's requires other method calls in addition
to this one.
+  */
   protected void getSession()
     throws ManifoldCFException
   {
-    while (true)
-    {
-      if (ctx == null)
-      {
-        // Calculate the ldap url first
-        String ldapURL = "ldap://" + domainControllerName + ":389";
-        
-        Hashtable env = new Hashtable();
-        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
-        env.put(Context.SECURITY_AUTHENTICATION,authentication);      
-        env.put(Context.SECURITY_PRINCIPAL,userName);
-        env.put(Context.SECURITY_CREDENTIALS,password);
-                                  
-        //connect to my domain controller
-        env.put(Context.PROVIDER_URL,ldapURL);
-                  
-        //specify attributes to be returned in binary format
-        env.put("java.naming.ldap.attributes.binary","tokenGroups objectSid");
-   
-        // Now, try the connection...
-        try
-        {
-          ctx = new InitialLdapContext(env,null);
-          // If successful, break
-          break;
-        }
-        catch (AuthenticationException e)
-        {
-          // This means we couldn't authenticate!
-          throw new ManifoldCFException("Authentication problem authenticating admin user
'"+userName+"': "+e.getMessage(),e);
-        }
-        catch (CommunicationException e)
-        {
-          // This means we couldn't connect, most likely
-          throw new ManifoldCFException("Couldn't communicate with domain controller '"+domainControllerName+"':
"+e.getMessage(),e);
-        }
-        catch (NamingException e)
-        {
-          throw new ManifoldCFException(e.getMessage(),e);
-        }
-      }
-      else
-      {
-        // Attempt to reconnect.  I *hope* this is efficient and doesn't do unnecessary work.
-        try
-        {
-          ctx.reconnect(null);
-          // Break on apparent success
-          break;
-        }
-        catch (AuthenticationException e)
-        {
-          // This means we couldn't authenticate!  Log it and retry creating a whole new
context.
-          Logging.authorityConnectors.warn("Reconnect: Authentication problem authenticating
admin user '"+userName+"': "+e.getMessage(),e);
-        }
-        catch (CommunicationException e)
-        {
-          // This means we couldn't connect, most likely.  Log it and retry creating a whole
new context.
-          Logging.authorityConnectors.warn("Reconnect: Couldn't communicate with domain controller
'"+domainControllerName+"': "+e.getMessage(),e);
-        }
-        catch (NamingException e)
-        {
-          Logging.authorityConnectors.warn("Reconnect: Naming exception: "+e.getMessage(),e);
-        }
-        
-        // So we have no chance of leaking resources, attempt to close the context.
-        closeConnection();
-        // Loop back around to try our luck with a fresh connection.
-
-      }
-    }
-    
-    expiration = System.currentTimeMillis() + expirationInterval;
-    
     try
     {
       responseLifetime = Long.parseLong(this.cacheLifetime) * 60L * 1000L;
@@ -603,54 +638,17 @@ public class ActiveDirectoryAuthority ex
     
   }
   
-  /** Parse a user name into an ldap search base. */
-  protected String parseUser(String userName)
-    throws ManifoldCFException
-  {
-    //String searchBase = "CN=Administrator,CN=Users,DC=qa-ad-76,DC=metacarta,DC=com";
-    int index = userName.indexOf("@");
-    if (index == -1)
-      throw new ManifoldCFException("Username is in unexpected form (no @): '"+userName+"'");
-    String userPart = userName.substring(0,index);
-    String domainPart = userName.substring(index+1);
-    if (userACLsUsername.equals("userPrincipalName")){
-    	userPart = userName;
-    }
-    
-    //Build the DN searchBase from domain part
-    StringBuilder domainsb = new StringBuilder();
-    int j = 0;
-    while (true)
-    {
-      if (j > 0)
-        domainsb.append(",");
-
-      int k = domainPart.indexOf(".",j);
-      if (k == -1)
-      {
-        domainsb.append("DC=").append(ldapEscape(domainPart.substring(j)));
-        break;
-      }
-      domainsb.append("DC=").append(ldapEscape(domainPart.substring(j,k)));
-      j = k+1;
-    }
-
-    //Get DistinguishedName (for this method we are using DomainPart as a searchBase ie:
DC=qa-ad-76,DC=metacarta,DC=com")
-    String userDN = getDistinguishedName(userPart, domainsb.toString());
-
-    return userDN;
-  }
   
-  /** Obtain the DistinguishedNamefor a given user logon name.
+  /** Obtain the DistinguishedName for a given user logon name.
+  *@param ctx is the ldap context to use.
   *@param userName (Domain Logon Name) is the user name or identifier.
   *@param searchBase (Full Domain Name for the search ie: DC=qa-ad-76,DC=metacarta,DC=com)
   *@return DistinguishedName for given domain user logon name. 
   * (Should throws an exception if user is not found.)
   */
-  protected String getDistinguishedName(String userName, String searchBase)
+  protected String getDistinguishedName(LdapContext ctx, String userName, String searchBase,
String userACLsUsername)
     throws ManifoldCFException
   {
-    getSession();  
     String returnedAtts[] = {"distinguishedName"};
     String searchFilter = "(&(objectClass=user)(" + userACLsUsername + "=" + userName
+ "))";
     SearchControls searchCtls = new SearchControls();
@@ -731,6 +729,194 @@ public class ActiveDirectoryAuthority ex
     return strSID.toString();
   }
 
+  /** Class representing the session information for a specific domain controller
+  * connection.
+  */
+  protected static class DCSessionInfo
+  {
+    /** The initialized LDAP context (which functions as a session) */
+    private LdapContext ctx = null;
+    /** The time of last access to this ctx object */
+    private long expiration = -1L;
+    
+    public DCSessionInfo()
+    {
+    }
+
+    /** Initialize the session. */
+    public LdapContext getSession(String domainControllerName, DCConnectionParameters params)
+      throws ManifoldCFException
+    {
+      String authentication = params.getAuthentication();
+      String userName = params.getUserName();
+      String password = params.getPassword();
+      
+      while (true)
+      {
+        if (ctx == null)
+        {
+          // Calculate the ldap url first
+          String ldapURL = "ldap://" + domainControllerName + ":389";
+          
+          Hashtable env = new Hashtable();
+          env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
+          env.put(Context.SECURITY_AUTHENTICATION,authentication);      
+          env.put(Context.SECURITY_PRINCIPAL,userName);
+          env.put(Context.SECURITY_CREDENTIALS,password);
+                                    
+          //connect to my domain controller
+          env.put(Context.PROVIDER_URL,ldapURL);
+                    
+          //specify attributes to be returned in binary format
+          env.put("java.naming.ldap.attributes.binary","tokenGroups objectSid");
+     
+          // Now, try the connection...
+          try
+          {
+            ctx = new InitialLdapContext(env,null);
+            // If successful, break
+            break;
+          }
+          catch (AuthenticationException e)
+          {
+            // This means we couldn't authenticate!
+            throw new ManifoldCFException("Authentication problem authenticating admin user
'"+userName+"': "+e.getMessage(),e);
+          }
+          catch (CommunicationException e)
+          {
+            // This means we couldn't connect, most likely
+            throw new ManifoldCFException("Couldn't communicate with domain controller '"+domainControllerName+"':
"+e.getMessage(),e);
+          }
+          catch (NamingException e)
+          {
+            throw new ManifoldCFException(e.getMessage(),e);
+          }
+        }
+        else
+        {
+          // Attempt to reconnect.  I *hope* this is efficient and doesn't do unnecessary
work.
+          try
+          {
+            ctx.reconnect(null);
+            // Break on apparent success
+            break;
+          }
+          catch (AuthenticationException e)
+          {
+            // This means we couldn't authenticate!  Log it and retry creating a whole new
context.
+            Logging.authorityConnectors.warn("Reconnect: Authentication problem authenticating
admin user '"+userName+"': "+e.getMessage(),e);
+          }
+          catch (CommunicationException e)
+          {
+            // This means we couldn't connect, most likely.  Log it and retry creating a
whole new context.
+            Logging.authorityConnectors.warn("Reconnect: Couldn't communicate with domain
controller '"+domainControllerName+"': "+e.getMessage(),e);
+          }
+          catch (NamingException e)
+          {
+            Logging.authorityConnectors.warn("Reconnect: Naming exception: "+e.getMessage(),e);
+          }
+          
+          // So we have no chance of leaking resources, attempt to close the context.
+          closeConnection();
+          // Loop back around to try our luck with a fresh connection.
+
+        }
+      }
+      
+      // Set the expiration time anew
+      expiration = System.currentTimeMillis() + expirationInterval;
+      return ctx;
+    }
+    
+    /** Close the connection handle. */
+    protected void closeConnection()
+    {
+      if (ctx != null)
+      {
+        try
+        {
+          ctx.close();
+        }
+        catch (NamingException e)
+        {
+          // Eat this error
+        }
+        ctx = null;
+        expiration = -1L;
+      }
+    }
+
+    /** Close connection if it has expired. */
+    protected void closeIfExpired(long currentTime)
+    {
+      if (expiration != -1L && currentTime > expiration)
+        closeConnection();
+    }
+
+  }
+
+  /** Class describing a domain suffix and corresponding domain controller name rule.
+  */
+  protected static class DCRule
+  {
+    private String suffix;
+    private String domainControllerName;
+    
+    public DCRule(String suffix, String domainControllerName)
+    {
+      this.suffix = suffix;
+      this.domainControllerName = domainControllerName;
+    }
+    
+    public String getSuffix()
+    {
+      return suffix;
+    }
+    
+    public String getDomainControllerName()
+    {
+      return domainControllerName;
+    }
+  }
+  
+  /** Class describing the connection parameters to a domain controller.
+  */
+  protected static class DCConnectionParameters
+  {
+    private String userName;
+    private String password;
+    private String authentication;
+    private String userACLsUsername;
+
+    public DCConnectionParameters(String userName, String password, String authentication,
String userACLsUsername)
+    {
+      this.userName = userName;
+      this.password = password;
+      this.authentication = authentication;
+      this.userACLsUsername = userACLsUsername;
+    }
+    
+    public String getUserName()
+    {
+      return userName;
+    }
+    
+    public String getPassword()
+    {
+      return password;
+    }
+    
+    public String getAuthentication()
+    {
+      return authentication;
+    }
+    
+    public String getUserACLsUsername()
+    {
+      return userACLsUsername;
+    }
+  }
+  
   protected static StringSet emptyStringSet = new StringSet();
   
   /** This is the cache object descriptor for cached access tokens from
@@ -738,28 +924,25 @@ public class ActiveDirectoryAuthority ex
   */
   protected static class AuthorizationResponseDescription extends org.apache.manifoldcf.core.cachemanager.BaseDescription
   {
-    /** The user name associated with the access tokens */
+    /** The user name */
     protected String userName;
-    /** The domain controller associated with the access tokens */
-    protected String domainControllerName;
-    /** The admin user name */
-    protected String adminUserName;
-    /** The admin password */
-    protected String adminPassword;
+    /** Connection parameters */
+    protected Map<String,DCConnectionParameters> dcConnectionParams;
+    /** Rules */
+    protected List<DCRule> dcRules;
     /** The response lifetime */
     protected long responseLifetime;
     /** The expiration time */
     protected long expirationTime = -1;
     
     /** Constructor. */
-    public AuthorizationResponseDescription(String userName, String domainControllerName,
-      String adminUserName, String adminPassword, long responseLifetime, int LRUsize)
+    public AuthorizationResponseDescription(String userName, Map<String,DCConnectionParameters>
dcConnectionParams,
+      List<DCRule> rules, long responseLifetime, int LRUsize)
     {
       super("ActiveDirectoryAuthority",LRUsize);
       this.userName = userName;
-      this.domainControllerName = domainControllerName;
-      this.adminUserName = adminUserName;
-      this.adminPassword = adminPassword;
+      this.dcConnectionParams = dcConnectionParams;
+      this.dcRules = dcRules;
       this.responseLifetime = responseLifetime;
     }
 
@@ -772,8 +955,16 @@ public class ActiveDirectoryAuthority ex
     /** Get the critical section name, used for synchronizing the creation of the object
*/
     public String getCriticalSectionName()
     {
-      return getClass().getName() + "-" + userName + "-" + domainControllerName +
-        "-" + adminUserName + "-" + adminPassword;
+      StringBuilder sb = new StringBuilder(getClass().getName());
+      sb.append("-").append(userName);
+      for (DCRule rule : dcRules)
+      {
+        sb.append("-").append(rule.getSuffix());
+        String domainController = rule.getDomainControllerName();
+        DCConnectionParameters params = dcConnectionParams.get(domainController);
+        sb.append("-").append(domainController).append("-").append(params.getUserName()).append("-").append(params.getPassword());
+      }
+      return sb.toString();
     }
 
     /** Return the object expiration interval */
@@ -786,8 +977,14 @@ public class ActiveDirectoryAuthority ex
 
     public int hashCode()
     {
-      return userName.hashCode() + domainControllerName.hashCode() + adminUserName.hashCode()
+
-        adminPassword.hashCode();
+      int rval = userName.hashCode();
+      for (DCRule rule : dcRules)
+      {
+        String domainController = rule.getDomainControllerName();
+        DCConnectionParameters params = dcConnectionParams.get(domainController);
+        rval += rule.getSuffix().hashCode() + domainController.hashCode() + params.getUserName().hashCode()
+ params.getPassword().hashCode();
+      }
+      return rval;
     }
     
     public boolean equals(Object o)
@@ -795,8 +992,23 @@ public class ActiveDirectoryAuthority ex
       if (!(o instanceof AuthorizationResponseDescription))
         return false;
       AuthorizationResponseDescription ard = (AuthorizationResponseDescription)o;
-      return ard.userName.equals(userName) && ard.domainControllerName.equals(domainControllerName)
&&
-        ard.adminUserName.equals(adminUserName) && ard.adminPassword.equals(adminPassword);
+      if (!ard.userName.equals(userName))
+        return false;
+      if (ard.dcRules.size() != dcRules.size())
+        return false;
+      for (int i = 0 ; i < dcRules.size() ; i++)
+      {
+        DCRule rule = dcRules.get(i);
+        DCRule ardRule = ard.dcRules.get(i);
+        if (!rule.getSuffix().equals(ardRule.getSuffix()) || !rule.getDomainControllerName().equals(ardRule.getDomainControllerName()))
+          return false;
+        String domainController = rule.getDomainControllerName();
+        DCConnectionParameters params = dcConnectionParams.get(domainController);
+        DCConnectionParameters ardParams = ard.dcConnectionParams.get(domainController);
+        if (!params.getUserName().equals(ardParams.getUserName()) || !params.getPassword().equals(ardParams.getPassword()))
+          return false;
+      }
+      return true;
     }
     
   }

Modified: incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
URL: http://svn.apache.org/viewvc/incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java?rev=1325386&r1=1325385&r2=1325386&view=diff
==============================================================================
--- incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
(original)
+++ incubator/lcf/branches/CONNECTORS-460/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryConfig.java
Thu Apr 12 17:02:12 2012
@@ -45,7 +45,7 @@ public class ActiveDirectoryConfig
   /** Domain controller node */
   public static final String NODE_DOMAINCONTROLLER = "domaincontroller";
   
-  // Domain controller node attributes
+  // Attributes
   
   /** Domain suffix */
   public static final String ATTR_SUFFIX = "suffix";



Mime
View raw message