jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1436818 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/authentication/ldap/ spi/security/authentication/external/
Date Tue, 22 Jan 2013 09:35:28 GMT
Author: angela
Date: Tue Jan 22 09:35:27 2013
New Revision: 1436818

URL: http://svn.apache.org/viewvc?rev=1436818&view=rev
Log:
OAK-516 : Create LdapLoginModule based on ExternalLoginModule (Patch provided by Manfred Baedke)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapGroup.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSearch.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSettings.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapUser.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.java

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/JndiLdapSearch.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,235 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.security.auth.login.LoginException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class JndiLdapSearch implements LdapSearch {
+
+    private static final Logger log = LoggerFactory.getLogger(JndiLdapSearch.class);
+
+    private final LdapSettings settings;
+    private final Hashtable ldapEnvironment;
+
+    public JndiLdapSearch(LdapSettings settings) {
+        this.settings = settings;
+        this.ldapEnvironment = createEnvironment(settings);
+    }
+
+    private static Hashtable createEnvironment(LdapSettings settings) {
+        Hashtable env = new Hashtable();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        StringBuilder url = new StringBuilder();
+        url.append("ldap://").append(settings.getHost()).append(':').append(settings.getPort());
+        env.put(Context.PROVIDER_URL, url);
+        if (settings.isSecure()) {
+            env.put(Context.SECURITY_PROTOCOL, "ssl");
+        }
+        String authDn = settings.getAuthDn();
+        String authPw = settings.getAuthPw();
+        if (authDn == null || authDn.length() == 0) {
+            env.put(Context.SECURITY_AUTHENTICATION, "none");
+        }
+        else {
+            env.put(Context.SECURITY_AUTHENTICATION, "simple");
+            env.put(Context.SECURITY_PRINCIPAL, authDn);
+            env.put(Context.SECURITY_CREDENTIALS,authPw);
+        }
+        return env;
+    }
+
+    private Object parseAttributeValue(Attribute attribute) throws NamingException {
+        int size = attribute.size();
+        if (size > 1) {
+            ArrayList<String> values = new ArrayList<String>();
+            for (int k = 0; k < size; k++) {
+                values.add(String.valueOf(attribute.get(k)));
+            }
+            return values;
+        }
+        else {
+            return String.valueOf(attribute.get());
+        }
+    }
+
+    private void initProperties(LdapUser user, Attributes attributes)
+            throws NamingException {
+        NamingEnumeration<? extends Attribute> namingEnumeration = attributes.getAll();
+        Map<String, Object> properties = new HashMap<String, Object>();
+        Map<String, String> syncMap = user instanceof LdapGroup ?
+                this.settings.getGroupAttributes() : this.settings.getUserAttributes();
+        while ( namingEnumeration.hasMore() ) {
+            Attribute attribute = namingEnumeration.next();
+            String key = attribute.getID();
+            if (syncMap.containsKey(key)) {
+                properties.put(syncMap.get(key), parseAttributeValue(attribute));
+            }
+        }
+        user.setProperties(properties);
+    }
+
+    private List<SearchResult> search(String baseDN, String filter, int scope, String[]
attributes)
+            throws NamingException {
+        // TODO: include scope param into query
+
+        SearchControls constraints = new SearchControls();
+        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+        constraints.setCountLimit(0);
+        constraints.setDerefLinkFlag(true);
+        constraints.setTimeLimit(settings.getSearchTimeout());
+        List<SearchResult> tmp = new ArrayList<SearchResult>();
+        InitialDirContext context = null;
+        try {
+            context = new InitialDirContext(this.ldapEnvironment);
+            NamingEnumeration<SearchResult> namingEnumeration = context.search(baseDN,
filter, attributes, constraints);
+            while (namingEnumeration.hasMore()) {
+                tmp.add(namingEnumeration.next());
+            }
+        } catch (NamingException e) {
+            log.error("LDAP search failed", e);
+        } finally {
+            if (context != null) {
+                context.close();
+            }
+        }
+        return tmp;
+    }
+
+    private String compileSearchFilter(String baseFilter, String searchExpression) {
+        StringBuilder searchFilter = new StringBuilder("(&");
+
+        // Add search expression first, it's typically fairly specific
+        // so a server that evaluates clauses in order will perform well.
+        // See https://bugs.day.com/bugzilla/show_bug.cgi?id=36917
+        if (!(searchExpression == null || "".equals(searchExpression))) {
+            if (!searchExpression.startsWith("(")) {
+                searchFilter.append('(');
+            }
+            searchFilter.append(searchExpression);
+            if (!searchExpression.endsWith(")")) {
+                searchFilter.append(')');
+            }
+        }
+
+        if (!(baseFilter == null || "".equals(baseFilter))) {
+            if (!baseFilter.startsWith("(")) {
+                searchFilter.append('(');
+            }
+            searchFilter.append(baseFilter);
+            if (!baseFilter.endsWith(")")) {
+                searchFilter.append(')');
+            }
+        }
+
+        searchFilter.append(')');
+        return searchFilter.toString();
+    }
+
+    private List<SearchResult> searchUser(String id)
+            throws NamingException {
+        Set<String> attributeSet = new HashSet<String>(this.settings.getUserAttributes().keySet());
+        attributeSet.add(this.settings.getUserIdAttribute());
+        String[] attributes = new String[attributeSet.size()];
+        attributeSet.toArray(attributes);
+        return this.search(this.settings.getUserRoot(),
+                this.compileSearchFilter(this.settings.getUserFilter(), this.settings.getUserIdAttribute()
+ '=' + id),
+                SearchControls.SUBTREE_SCOPE,
+                attributes);
+    }
+
+    private List<SearchResult> searchGroups(String dn)
+            throws NamingException {
+        Set<String> attributeSet = new HashSet<String>(this.settings.getGroupAttributes().keySet());
+        String[] attributes = new String[attributeSet.size()];
+        attributeSet.toArray(attributes);
+        return search(this.settings.getGroupRoot(),
+                this.compileSearchFilter(this.settings.getGroupFilter(), this.settings.getGroupMembershipAttribute()
+ '=' + dn),
+                SearchControls.SUBTREE_SCOPE,
+                attributes);
+    }
+
+    private boolean findUser(LdapUser user, String id) {
+        try {
+            List<SearchResult> entries = this.searchUser(id);
+            if (!entries.isEmpty()) {
+                SearchResult entry = entries.get(0);
+                user.setDN(entry.getNameInNamespace());
+                this.initProperties(user, entry.getAttributes());
+                return true;
+            } else  if (id.contains("\\")) {
+                return this.findUser(user, id.substring(id.indexOf('\\') + 1));
+            }
+        } catch (NamingException e) {
+            //TODO
+        }
+        return false;
+    }
+
+    @Override
+    public boolean findUser(LdapUser user) {
+        return this.findUser(user, user.getId());
+    }
+
+    @Override
+    public Set<LdapGroup> findGroups(LdapUser user) {
+        final HashSet<LdapGroup> groups = new HashSet<LdapGroup>();
+        List<SearchResult> ldapEntries;
+        try {
+            ldapEntries = this.searchGroups(user.getDN());
+            for (SearchResult entry : ldapEntries) {
+                LdapGroup group = new LdapGroup(entry.getNameInNamespace(), this);
+                groups.add(group);
+                this.initProperties(group, entry.getAttributes());
+            }
+        } catch (NamingException e) {
+            //TODO
+        }
+        return groups;
+    }
+
+    @Override
+    public void authenticate(LdapUser user) throws LoginException {
+        try {
+            Hashtable env = new Hashtable(this.ldapEnvironment);
+            env.put(Context.SECURITY_PRINCIPAL, user.getDN());
+            env.put(Context.SECURITY_CREDENTIALS, user.getPassword());
+            //TODO
+            env.put(Context.SECURITY_AUTHENTICATION, "simple");
+            new InitialDirContext(env).close();
+        } catch (NamingException e) {
+            throw new LoginException("Could not create initial LDAP context for user " +
user.getDN() + ": " + e.getMessage());
+        }
+    }
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapGroup.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapGroup.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapGroup.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapGroup.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
+
+public class LdapGroup extends LdapUser implements ExternalGroup {
+
+    public LdapGroup(String dn, LdapSearch search) {
+        super(dn, null, search);
+        this.setDN(dn);
+    }
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginModule.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModule;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+public final class LdapLoginModule extends ExternalLoginModule {
+
+    private static final Logger log = LoggerFactory.getLogger(ExternalLoginModule.class);
+
+    private Credentials credentials;
+    private LdapUser ldapUser;
+    private boolean success;
+
+    private LdapSearch search;
+
+    @Override
+    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,
?> sharedState, Map<String, ?> options) {
+        super.initialize(subject, callbackHandler, sharedState, options);
+        //TODO
+        this.search = new JndiLdapSearch(new LdapSettings(options));
+    }
+
+    @Override
+    protected boolean loginSucceeded() {
+        return this.success;
+    }
+
+    @Override
+    protected ExternalUser getExternalUser() {
+        if (this.ldapUser == null) {
+            Credentials creds = getCredentials();
+            if (creds instanceof SimpleCredentials) {
+                String uid = ((SimpleCredentials) creds).getUserID();
+                char[] pwd = ((SimpleCredentials) creds).getPassword();
+                this.ldapUser = new LdapUser(uid, new String(pwd), this.search);
+            }
+        }
+        return this.ldapUser;
+    }
+
+    @Override
+    public boolean login() throws LoginException {
+        getExternalUser();
+        if (this.ldapUser != null && this.search.findUser(this.ldapUser)) {
+            this.search.authenticate(this.ldapUser);
+            this.success = true;
+        }
+        return this.success;
+    }
+
+    @Override
+    protected Credentials getCredentials() {
+        if (this.credentials == null) {
+            this.credentials = super.getCredentials();
+        }
+        return this.credentials;
+    }
+
+    @Override
+    protected void clearState() {
+        super.clearState();
+        this.success = false;
+        this.credentials = null;
+        this.ldapUser = null;
+        this.search = null;
+    }
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSearch.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSearch.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSearch.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSearch.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import java.util.Set;
+import javax.security.auth.login.LoginException;
+
+public interface LdapSearch {
+
+    boolean findUser(LdapUser user);
+
+    Set<LdapGroup> findGroups(LdapUser user);
+
+    void authenticate(LdapUser user) throws LoginException;
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSettings.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSettings.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSettings.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapSettings.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,191 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public final class LdapSettings {
+
+    //TODO support autocreate.user.membership
+    //TODO support autocreate.path
+
+    public final static String KEY_HOST = "host";
+    public final static String KEY_PORT = "port";
+    public final static String KEY_SECURE = "secure";
+    public final static String KEY_AUTHDN = "authDn";
+    public final static String KEY_AUTHPW = "authPw";
+    public final static String KEY_SEARCHTIMEOUT = "searchTimeout";
+    public final static String KEY_USERROOT = "userRoot";
+    public final static String KEY_USERFILTER = "userFilter";
+    public final static String KEY_USERIDATTRIBUTE = "userIdAttribute";
+    public final static String KEY_GROUPROOT = "groupRoot";
+    public final static String KEY_GROUPFILTER = "groupFilter";
+    public final static String KEY_GROUPMEMBERSHIPATTRIBUTE = "groupMembershipAttribute";
+    public final static String KEY_GROUPNAMEATTRIBUTE = "groupNameAttribute";
+    public final static String KEY_AUTOCREATEPATH = "autocreate.path";
+    public final static String KEY_AUTOCREATEUSER = "autocreate.user.";
+    public final static String KEY_AUTOCREATEGROUP = "autocreate.group.";
+
+    //Connection settings
+    private String host;
+    private int port = 389;
+    private boolean secure = false;
+    private String authDn = "";
+    private String authPw = "";
+    private int searchTimeout = 60000;
+
+    //authentication settings
+    private String userRoot = "";
+    private String userFilter = "(objectclass=person)";
+    private String userIdAttribute = "uid";
+    private String groupRoot = "";
+    private String groupFilter = "(objectclass=groupOfUniqueNames)";
+    private String groupMembershipAttribute = "uniquemember";
+    private String groupNameAttribute = "cn";
+
+    //synchronization
+    private boolean splitPath = false;
+    private final Map<String, String> userAttributes = new HashMap<String, String>();
+    private final Map<String, String> groupAttributes = new HashMap<String, String>();
+
+    public LdapSettings(Map<String, ?> options) {
+        if (options.containsKey(KEY_HOST)) {
+            this.host = (String) options.get(KEY_HOST);
+        }
+        if (options.containsKey(KEY_PORT)) {
+            String s = (String) options.get(KEY_PORT);
+            if (s != null && s.length() > 0) {
+                this.port = Integer.parseInt(s);
+            }
+        }
+        if (options.containsKey(KEY_SECURE)) {
+            String s = (String) options.get(KEY_SECURE);
+            if (s != null && s.length() > 0) {
+                this.secure = Boolean.parseBoolean(s);
+            }
+        }
+        if (options.containsKey(KEY_AUTHDN)) {
+            this.authDn = (String) options.get(KEY_AUTHDN);
+        }
+        if (options.containsKey(KEY_AUTHPW)) {
+            this.authPw = (String) options.get(KEY_AUTHPW);
+        }
+        if (options.containsKey(KEY_SEARCHTIMEOUT)) {
+            String s = (String) options.get(KEY_SEARCHTIMEOUT);
+            if (s != null && s.length() > 0) {
+                this.searchTimeout = Integer.parseInt(s);
+            }
+        }
+        if (options.containsKey(KEY_USERROOT)) {
+            this.userRoot = (String) options.get(KEY_USERROOT);
+        }
+        if (options.containsKey(KEY_USERFILTER)) {
+            this.userFilter = (String) options.get(KEY_USERFILTER);
+        }
+        if (options.containsKey(KEY_USERIDATTRIBUTE)) {
+            this.userIdAttribute = (String) options.get(KEY_USERIDATTRIBUTE);
+        }
+        if (options.containsKey(KEY_GROUPROOT)) {
+            this.groupRoot = (String) options.get(KEY_GROUPROOT);
+        }
+        if (options.containsKey(KEY_GROUPFILTER)) {
+            this.groupFilter = (String) options.get(KEY_GROUPFILTER);
+        }
+        if (options.containsKey(KEY_GROUPMEMBERSHIPATTRIBUTE)) {
+            this.groupMembershipAttribute = (String) options.get(KEY_GROUPMEMBERSHIPATTRIBUTE);
+        }
+        if (options.containsKey(KEY_GROUPNAMEATTRIBUTE)) {
+            this.groupNameAttribute = (String) options.get(KEY_GROUPNAMEATTRIBUTE);
+        }
+        if (options.containsKey(KEY_AUTOCREATEPATH)) {
+            this.splitPath = "splitdn".equals(options.get(KEY_AUTOCREATEPATH));
+        }
+        for (String key : options.keySet()) {
+            if (key.startsWith(KEY_AUTOCREATEUSER)) {
+                this.userAttributes.put(key.substring(KEY_AUTOCREATEUSER.length()), (String)
options.get(key));
+            }
+            if (key.startsWith(KEY_AUTOCREATEGROUP)) {
+                this.groupAttributes.put(key.substring(KEY_AUTOCREATEGROUP.length()), (String)
options.get(key));
+            }
+        }
+    }
+
+    public String getHost() {
+        return this.host;
+    }
+
+    public int getPort() {
+        return this.port;
+    }
+
+    public boolean isSecure() {
+        return this.secure;
+    }
+
+    public String getAuthDn() {
+        return this.authDn;
+    }
+
+    public String getAuthPw() {
+        return this.authPw;
+    }
+
+    public int getSearchTimeout() {
+        return this.searchTimeout;
+    }
+
+    public String getUserRoot() {
+        return this.userRoot;
+    }
+
+    public String getUserFilter() {
+        return this.userFilter;
+    }
+
+    public String getUserIdAttribute() {
+        return this.userIdAttribute;
+    }
+
+    public String getGroupRoot() {
+        return this.groupRoot;
+    }
+
+    public String getGroupFilter() {
+        return this.groupFilter;
+    }
+
+    public String getGroupMembershipAttribute() {
+        return this.groupMembershipAttribute;
+    }
+
+    public String getGroupNameAttribute() {
+        return this.groupNameAttribute;
+    }
+
+    public boolean isSplitPath() {
+        return this.splitPath;
+    }
+
+    public Map<String, String> getUserAttributes() {
+        return this.userAttributes;
+    }
+
+    public Map<String, String> getGroupAttributes() {
+        return this.groupAttributes;
+    }
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapUser.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapUser.java?rev=1436818&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapUser.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapUser.java
Tue Jan 22 09:35:27 2013
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authentication.ldap;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+
+public class LdapUser implements ExternalUser {
+
+    private final String uid;
+    private final String pwd;
+    private final LdapSearch search;
+
+    private String path;
+    private String dn;
+    private Principal principal;
+    private Set<LdapGroup> groups;
+    private Map<String, ?> properties = new HashMap<String, Object>();
+
+    public LdapUser(String uid, String pwd, LdapSearch search) {
+        this.uid = uid;
+        this.pwd = pwd;
+        this.search = search;
+    }
+
+    @Override
+    public String getId() {
+        return this.uid;
+    }
+
+    @Override
+    public String getPassword() {
+        return this.pwd;
+    }
+
+    @Override
+    public Principal getPrincipal() {
+        if (this.principal == null) {
+            this.principal = new PrincipalImpl(this.uid);
+        }
+        return this.principal;
+    }
+
+    @Override
+    public String getPath() {
+        //TODO also support splitdn mode
+        if (this.path == null) {
+            this.path = this.getDN();
+        }
+        return this.path;
+    }
+
+    @Override
+    public Set<LdapGroup> getGroups() {
+        if (this.groups == null) {
+            this.groups = this.search.findGroups(this);
+        }
+        return this.groups;
+    }
+
+    @Override
+    public Map<String, ?> getProperties() {
+        return this.properties;
+    }
+
+    public void setProperties(Map<String, ?> properties) {
+        this.properties = properties;
+    }
+
+    public String getDN() {
+        return this.dn;
+    }
+
+    public void setDN(String dn) {
+        this.dn = dn;
+    }
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.java?rev=1436818&r1=1436817&r2=1436818&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.java
Tue Jan 22 09:35:27 2013
@@ -33,7 +33,7 @@ public interface ExternalUser {
 
     String getPath();
 
-    Set<ExternalGroup> getGroups();
+    Set<? extends ExternalGroup> getGroups();
 
     Map<String, ?> getProperties();
 }
\ No newline at end of file



Mime
View raw message