portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlest...@apache.org
Subject svn commit: r369984 - /portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/
Date Wed, 18 Jan 2006 00:39:44 GMT
Author: dlestrat
Date: Tue Jan 17 16:39:39 2006
New Revision: 369984

URL: http://svn.apache.org/viewcvs?rev=369984&view=rev
Log:
http://issues.apache.org/jira/browse/JS2-470

Contributions from Davy De Waele.

Added:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
Modified:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
Tue Jan 17 16:39:39 2006
@@ -197,6 +197,54 @@
             throw new SecurityException(e);
         }
     }
+    
+    /**
+     * <p>
+     * Searches the LDAP server for the group with the specified uid attribute.
+     * </p>
+     * 
+     * @return the user's DN
+     */
+    public String lookupGroupByUid(final String uid) throws SecurityException
+    {
+        validateUid(uid);
+
+        try
+        {
+            SearchControls cons = setSearchControls();
+            NamingEnumeration searchResults = searchGroupByWildcardedUid(uid, cons);
+
+            return getFirstDnForUid(searchResults);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }    
+    
+    /**
+     * <p>
+     * Searches the LDAP server for the role with the specified uid attribute.
+     * </p>
+     * 
+     * @return the user's DN
+     */
+    public String lookupRoleByUid(final String uid) throws SecurityException
+    {
+        validateUid(uid);
+
+        try
+        {
+            SearchControls cons = setSearchControls();
+            NamingEnumeration searchResults = searchRoleByWildcardedUid(uid, cons);
+
+            return getFirstDnForUid(searchResults);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }        
 
     /**
      * <p>
@@ -257,6 +305,44 @@
 
         return searchResults;
     }
+    
+    /**
+     * <p>
+     * Search uid by wild card.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @param cons The {@link SearchControls}
+     * @return The {@link NamingEnumeration}
+     * @throws NamingException Throws a {@link NamingEnumeration}.
+     */
+    protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls
cons) throws NamingException
+    {
+        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter)
+ ") (objectclass="
+                + "jetspeed-2-group" + "))";
+        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+
+        return searchResults;
+    }   
+    
+    /**
+     * <p>
+     * Search uid by wild card.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @param cons The {@link SearchControls}
+     * @return The {@link NamingEnumeration}
+     * @throws NamingException Throws a {@link NamingEnumeration}.
+     */
+    protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls
cons) throws NamingException
+    {
+        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter)
+ ") (objectclass="
+                + "jetspeed-2-role" + "))";
+        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+
+        return searchResults;
+    }      
 
     /**
      * <p>
@@ -281,6 +367,18 @@
     {
         return this.ldapBindingConfig.getGroupsOu();
     }
+    
+    /**
+     * <p>
+     * Returns the roles .
+     * </p>
+     * 
+     * @return The rolesOu.
+     */
+    protected String getRolesOu()
+    {
+        return this.ldapBindingConfig.getRolesOu();
+    }    
 
     /**
      * <p>
@@ -314,4 +412,17 @@
      * @return a String containing the LDAP object class name.
      */
     protected abstract String getObjectClass();
+    
+    
+    /**
+     * <p>
+     * A template method that returns the LDAP entry prefix of the concrete DAO.
+     * </p>
+     * 
+     * TODO : this should be in spring config
+     * 
+     * @return a String containing the LDAP entry prefix name.
+     */    
+    protected abstract String getEntryPrefix();
+    
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
Tue Jan 17 16:39:39 2006
@@ -68,6 +68,7 @@
     {
         initOu(getUsersOu());
         initOu(getGroupsOu());
+        initOu(getRolesOu());
     }
 
     /**
@@ -115,5 +116,10 @@
 
         return attrs;
     }
+
+	protected String getEntryPrefix()
+	{
+		return null;
+	}
 
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
Tue Jan 17 16:39:39 2006
@@ -58,6 +58,9 @@
 
     /** The groups ou. */
     private String groupsOu;
+    
+    /** The roles ou. */
+    private String rolesOu;    
 
     /** The ldap properties. */
     private PropertiesConfiguration props = null;
@@ -74,7 +77,7 @@
      * @param gou The groups organization unit.
      */
     public LdapBindingConfig(String factory, String name, String port, String suffix, String
context, String dn,
-            String password, String uou, String gou)
+            String password, String uou, String goups,String roles)
     {
         try
         {
@@ -86,7 +89,8 @@
             rootDn = dn;
             rootPassword = password;
             usersOu = uou;
-            groupsOu = gou;
+            groupsOu = goups;
+            rolesOu = roles;
             new InitLdapSchema(this);
         }
         catch (SecurityException se)
@@ -119,6 +123,7 @@
             rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
             usersOu = props.getString("org.apache.jetspeed.ldap.ou.users");
             groupsOu = props.getString("org.apache.jetspeed.ldap.ou.groups");
+            rolesOu = props.getString("org.apache.jetspeed.ldap.ou.roles");
             new InitLdapSchema(this);
         }
         catch (ConfigurationException ce)
@@ -278,4 +283,12 @@
     {
         this.usersOu = usersOu;
     }
+
+	public String getRolesOu() {
+		return rolesOu;
+	}
+
+	public void setRolesOu(String rolesOu) {
+		this.rolesOu = rolesOu;
+	}
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
Tue Jan 17 16:39:39 2006
@@ -17,9 +17,11 @@
 
 import java.security.Principal;
 
+import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
@@ -36,7 +38,7 @@
 public class LdapGroupDaoImpl extends LdapPrincipalDaoImpl
 {
 
-    /**
+	 /**
      * <p>
      * Default constructor.
      * </p>
@@ -79,6 +81,7 @@
         classes.add("jetspeed-2-group");
         attrs.put(classes);
         attrs.put("uid", principalUid);
+        attrs.put("cn", principalUid);
         attrs.put("ou", getGroupsOu());
         return attrs;
     }
@@ -124,4 +127,10 @@
     {
         return "jetspeed-2-group";
     }
+
+	protected String getEntryPrefix() {
+		return "cn";
+	}
+	
+ 	
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
Tue Jan 17 16:39:39 2006
@@ -33,6 +33,7 @@
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.UserPrincipal;
 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
 /**
@@ -46,7 +47,7 @@
     private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class);
 
     /** The uid attribute name. */
-    protected static final String UID_ATTR_NAME = "uid";
+    protected String UID_ATTR_NAME = "uid";
 
     /**
      * <p>
@@ -101,7 +102,7 @@
         Attributes attrs = defineLdapAttributes(principalUid);
         try
         {
-            String userDn = "uid=" + principalUid + getDnSuffix();
+            String userDn = getEntryPrefix() + "=" + principalUid + getDnSuffix();
             ctx.createSubcontext(userDn, attrs);
             if (logger.isDebugEnabled())
             {
@@ -169,6 +170,10 @@
         {
             ldapAcceptableName = convertUidWithoutSlashes(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPath));
         }
+        else if (fullPath.indexOf(GroupPrincipal.PREFS_ROLE_ROOT) >= 0)
+        {
+            ldapAcceptableName = convertUidWithoutSlashes(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPath));
+        }        
         if (logger.isErrorEnabled())
         {
             logger.debug("Ldap acceptable name:" + ldapAcceptableName);
@@ -260,6 +265,7 @@
             Principal principal = makePrincipal(uid);
 
             principals.add(principal);
+            
         }
     }
 

Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java?rev=369984&view=auto
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
(added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
Tue Jan 17 16:39:39 2006
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * <p>
+ * DAO for handling group objects.
+ * </p>
+ * 
+ * @author Davy De Waele
+ */
+public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
+{
+
+	protected String UID_ATTR_NAME = "cn";
+	
+    /**
+     * <p>
+     * Default constructor.
+     * </p>
+     * 
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl() throws SecurityException
+    {
+        super();
+    }
+
+    /**
+     * <p>
+     * Initializes the dao.
+     * </p>
+     * 
+     * @param ldapConfig Holds the ldap binding configuration.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
+    {
+        super(ldapConfig);
+    }
+
+    /**
+     * <p>
+     * A template method for defining the attributes for a particular LDAP class.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return The LDAP attributes object for the particular class.
+     */
+    protected Attributes defineLdapAttributes(final String principalUid)
+    {
+        Attributes attrs = new BasicAttributes(true);
+        BasicAttribute classes = new BasicAttribute("objectclass");
+
+        classes.add("top");
+        classes.add("uidObject");
+        classes.add("jetspeed-2-role");
+        attrs.put(classes);
+        attrs.put("uid", principalUid);
+        attrs.put("cn", principalUid);
+        attrs.put("ou", getRolesOu());
+        return attrs;
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+     */
+    protected String getDnSuffix()
+    {
+        String suffix = "";
+        if (!StringUtils.isEmpty(getRolesOu()))
+        {
+            suffix += ",ou=" + getRolesOu();
+        }
+        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
+        {
+            suffix += getDefaultDnSuffix();
+        }
+        return suffix;
+    }
+
+    /**
+     * <p>
+     * Creates a GroupPrincipal object.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return A group principal object.
+     */
+    protected Principal makePrincipal(String principalUid)
+    {
+        return new RolePrincipalImpl(principalUid);
+    }
+
+    /**
+     * <p>
+     * A template method that returns the LDAP object class of the concrete DAO.
+     * </p>
+     * 
+     * @return A String containing the LDAP object class name.
+     */
+    protected String getObjectClass()
+    {
+        return "jetspeed-2-role";
+    }
+
+	protected String getEntryPrefix() {
+		return "cn";
+	}
+}

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
Tue Jan 17 16:39:39 2006
@@ -15,6 +15,11 @@
  */
 package org.apache.jetspeed.security.spi.impl.ldap;
 
+import java.util.Hashtable;
+
+import javax.naming.AuthenticationException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -39,7 +44,7 @@
 
     /** The password attribute. */ 
     private static final String PASSWORD_ATTR_NAME = "userPassword";
-
+    
     /**
      * <p>
      * Default constructor.
@@ -64,7 +69,7 @@
     public LdapUserCredentialDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
     {
         super(ldapConfig);
-    }
+    }    
     
     /**
      * <p>
@@ -97,13 +102,32 @@
      * @param uid The uid.
      * @param password The password.
      * @throws SecurityException Throws a {@link SecurityException}.
-     */
+     */	
     public boolean authenticate(final String uid, final String password) throws SecurityException
     {
         validateUid(uid);
         validatePassword(password);
-        String savedPassword = String.valueOf(getPassword(uid));
-        return (savedPassword.equals(password));
+        try
+        {
+			Hashtable env = this.ctx.getEnvironment();
+			String savedPassword = String.valueOf(getPassword(uid));
+			String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
+			String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
+			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + ",ou=" + getUsersOu() + "," +  getRootContext());
+			env.put(Context.SECURITY_CREDENTIALS,password);
+			InitialContext ctx = new InitialContext(env);
+			env.put(Context.SECURITY_PRINCIPAL,oldUsername);
+			env.put(Context.SECURITY_CREDENTIALS,oldCredential);
+			return true;
+		}
+		catch (AuthenticationException e)
+		{
+			return false;
+		}
+		catch (NamingException e)
+		{
+			throw new SecurityException(e);
+		}
     }
 
     /**
@@ -162,7 +186,8 @@
 
         Attributes userAttributes = getFirstUser(results);
 
-        return convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+        char[] rawPassword = convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+        return rawPassword;
     }
 
     /**
@@ -250,4 +275,8 @@
     {
         return "jetspeed-2-user";
     }
+
+	protected String getEntryPrefix() {
+		return "uid";
+	}
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java
Tue Jan 17 16:39:39 2006
@@ -51,6 +51,29 @@
 
     /**
      * <p>
+     * Add a user to a group.
+     * </p>
+     * 
+     * @param userPrincipalUid The user principal.
+     * @param rolePrincipalUid The role principal.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException;
+
+    /**
+     * <p>
+     * Remove a user from a group.
+     * </p>
+     * 
+     * @param userPrincipalUid The user principal.
+     * @param rolePrincipalUid The role principal.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException;
+    
+    
+    /**
+     * <p>
      * Return an array of the group principal UIDS that belong to a specific user.
      * </p>
      * 
@@ -59,6 +82,17 @@
      * @throws SecurityException A {@link SecurityException}.
      */
     String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException;
+    
+    /**
+     * <p>
+     * Return an array of the role principal UIDS that belong to a specific user.
+     * </p>
+     * 
+     * @param userPrincipalUid The user principal uid.
+     * @return The array of group uids asociated with this user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException;    
 
     /**
      * <p>
@@ -70,4 +104,50 @@
      * @throws SecurityException A {@link SecurityException}.
      */
     String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException;
+
+    /**
+     * <p>
+     * Return an array of the user principal uids that belong to a role.
+     * </p>
+     * 
+     * @param rolePrincipalUid The role uid.
+     * @return The array of user uids asociated with this group
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException;
+
+    /**
+     * <p>
+     * Return an array of the role principal UIDS that belong to a specific group.
+     * </p>
+     * 
+     * @param groupPrincipalUid The group principal uid.
+     * @return The array of role uids asociated with this user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException;   
+    
+    /**
+     * <p>
+     * Add a role to a group.
+     * </p>
+     * 
+     * @param groupPrincipalUid The group principal.
+     * @param rolePrincipalUid The role principal.
+     * @throws SecurityException A {@link SecurityException}.
+     */        
+    void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException;
+    
+    /**
+     * <p>
+     * Remove a role from a group.
+     * </p>
+     * 
+     * @param groupPrincipalUid The group principal.
+     * @param rolePrincipalUid The role principal.
+     * @throws SecurityException A {@link SecurityException}.
+     */        
+    void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException;
+    
+    
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java?rev=369984&r1=369983&r2=369984&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
(original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
Tue Jan 17 16:39:39 2006
@@ -33,7 +33,9 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.GroupPrincipal;
 import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
 /**
@@ -48,6 +50,9 @@
     /** The group attribute name. */
     private static final String GROUP_ATTR_NAME = "j2-group";
 
+    /** The role attribute name. */    
+    private static final String ROLE_ATTR_NAME = "j2-role";
+
     /**
      * <p>
      * Default constructor.
@@ -120,6 +125,55 @@
     {
         modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     }
+    
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
+     *      java.lang.String)
+     */
+    public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
+    {
+        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    }
+
+    /**
+     * <p>
+     * Replace or delete the role attribute.
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param rolePrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the
user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyUserRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        validateUid(rolePrincipalUid);
+        String userDn = lookupByUid(userPrincipalUid);
+        
+        try
+        {
+            String rdn = getSubcontextName(userDn);
+            Attributes attrs = new BasicAttributes(false);
+
+            attrs.put("j2-role", rolePrincipalUid);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+     *      java.lang.String)
+     */
+    public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
+    {
+        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    }    
 
     /**
      * <p>
@@ -223,6 +277,88 @@
             throw new SecurityException(e);
         }
     }
+    
+    /**
+     * <p>
+     * Return an array of the roles that belong to a group.
+     * </p>
+     * 
+     * @param groupPrincipalUid The group principal uid.
+     * @return The array of user uids asociated with this group
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
+    {
+        validateUid(groupPrincipalUid);
+        SearchControls cons = setSearchControls();
+        NamingEnumeration results;
+        try
+        {
+            List userPrincipalUids = new ArrayList();
+            results = searchRolesByGroup(groupPrincipalUid, cons);
+            while (results.hasMore())
+            {
+                SearchResult result = (SearchResult) results.next();
+                Attributes answer = result.getAttributes();
+
+                userPrincipalUids.addAll(getAttributes(getAttribute(ROLE_ATTR_NAME, answer)));
+            }
+            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+    
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
+     *      java.lang.String)
+     */
+    public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws
SecurityException
+    {
+        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    }
+
+    /**
+     * <p>
+     * Replace or delete the user group attribute.
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param groupPrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the
user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyGroupRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(groupPrincipalUid);
+        validateUid(rolePrincipalUid);
+        String userDn = lookupGroupByUid(groupPrincipalUid);
+        try
+        {
+            String rdn = getSubcontextName(userDn);
+            Attributes attrs = new BasicAttributes(false);
+
+            attrs.put("j2-role", rolePrincipalUid);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+     *      java.lang.String)
+     */
+    public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws
SecurityException
+    {
+        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    }        
+    
 
     /**
      * <p>
@@ -237,19 +373,102 @@
     private NamingEnumeration searchUserByGroup(final String groupPrincipalUid, SearchControls
cons)
             throws NamingException
     {
-        String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass="
+ getObjectClass()
-                + "))";
+        String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass="
+ getObjectClass() + "))";
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("query[" + query + "]");
+        }
+        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
+
+        return searchResults;
+    }
+
+    /**
+     * <p>
+     * Search user by group.
+     * </p>
+     * 
+     * @param groupPrincipalUid
+     * @param cons
+     * @return
+     * @throws NamingException A {@link NamingException}.
+     */
+    private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls
cons)
+            throws NamingException
+    {
+        String query = "(&(" + UID_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass="
+ "jetspeed-2-group" + "))";
         if (logger.isDebugEnabled())
         {
             logger.debug("query[" + query + "]");
         }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", "(&(" + GROUP_ATTR_NAME
+ "="
-                + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))", cons);
+        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
 
         return searchResults;
     }
+    
+
+    
+    
+    /**
+     * <p>
+     * Return an array of the user principal UIDS that belong to a group.
+     * </p>
+     * 
+     * @param groupPrincipalUid The group principal uid.
+     * @return The array of user uids asociated with this group
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+    {
+        validateUid(rolePrincipalUid);
+        SearchControls cons = setSearchControls();
+        NamingEnumeration results;
+        try
+        {
+            List userPrincipalUids = new ArrayList();
+            results = searchUserByRole(rolePrincipalUid, cons);
+            while (results.hasMore())
+            {
+                SearchResult result = (SearchResult) results.next();
+                Attributes answer = result.getAttributes();
+
+                userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
+            }
+            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
 
     /**
+     * <p>
+     * Search user by group.
+     * </p>
+     * 
+     * @param groupPrincipalUid
+     * @param cons
+     * @return
+     * @throws NamingException A {@link NamingException}.
+     */
+    private NamingEnumeration searchUserByRole(final String rolePrincipalUid, SearchControls
cons)
+            throws NamingException
+    {
+
+        String query = "(&(" + ROLE_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass="
+ getObjectClass()
+                + "))";
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("query[" + query + "]");
+        }
+        NamingEnumeration searchResults = ((DirContext) ctx).search("", query, cons);
+
+        return searchResults;
+    }
+    
+    
+    /**
      * @param userPrincipalUid
      * @return the array of group uids asociated with this user
      * @throws SecurityException
@@ -293,6 +512,51 @@
         return (String[]) uids.toArray(new String[uids.size()]);
     }
 
+    
+    /**
+     * @param userPrincipalUid
+     * @return the array of group uids asociated with this user
+     * @throws SecurityException
+     */
+    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        SearchControls cons = setSearchControls();
+        NamingEnumeration results;
+        try
+        {
+            results = searchByWildcardedUid(userPrincipalUid, cons);
+            return getRoles(results, userPrincipalUid);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+
+    /**
+     * <p>
+     * Get the groups.
+     * </p>
+     * 
+     * @param results
+     * @param uid
+     * @return
+     * @throws NamingException
+     */
+    private String[] getRoles(final NamingEnumeration results, final String uid) throws NamingException
+    {
+        if (!results.hasMore())
+        {
+            throw new NamingException("Could not find any user with uid[" + uid + "]");
+        }
+
+        Attributes userAttributes = getFirstUser(results);
+
+        List uids = getAttributes(getAttribute(ROLE_ATTR_NAME, userAttributes));
+        return (String[]) uids.toArray(new String[uids.size()]);
+    }    
+    
     /**
      * @param results
      * @return
@@ -324,4 +588,8 @@
         }
         return uids;
     }
+    
+	protected String getEntryPrefix() {
+		return "uid";
+	}
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message