portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r450369 [1/3] - in /portals/jetspeed-2/trunk: components/security-schema/src/main/schema/ components/security/etc/ components/security/src/java/org/apache/jetspeed/security/spi/impl/ components/security/src/java/org/apache/jetspeed/security...
Date Wed, 27 Sep 2006 07:49:19 GMT
Author: taylor
Date: Wed Sep 27 00:49:17 2006
New Revision: 450369

URL: http://svn.apache.org/viewvc?view=rev&rev=450369
Log:
https://issues.apache.org/jira/browse/JS2-491
Enhance J2 LDAP Security Documentation

Contribution from Davy De Waele
There actually isnt any documentation with this patch , so Im going to leave the issue open

This patch contains a new implementation for the ldap security module.

It allows for the LDAP to be configured through a property file (or spring config file) that has the following properties, allowing for an easy LDAP integration with a variety of different vendors.

# Ldap Configuration.

org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
org.apache.jetspeed.ldap.ldapServerName=localhost
org.apache.jetspeed.ldap.ldapServerPort=10389
org.apache.jetspeed.ldap.rootDn=uid\=admin\,ou\=system
org.apache.jetspeed.ldap.rootPassword=secret
org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
#org.apache.jetspeed.ldap.defaultDnSuffix=
#org.apache.jetspeed.ldap.ou.users=people
#org.apache.jetspeed.ldap.ou.groups=groups
#org.apache.jetspeed.ldap.ou.roles=roles

# define the filters needed to search for roles/groups/users
#org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
org.apache.jetspeed.ldap.RoleFilter=(objectClass=groupOfUniqueNames)
org.apache.jetspeed.ldap.GroupFilter=(objectclass=organization)
org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)


org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))

# define the way role membership occurs for a user
# if RoleMembershipAttributes is used, membership attr will be stored on role
# if UserRoleMembershipAttributes is used, membership attr will be stored on user
org.apache.jetspeed.ldap.RoleMembershipAttributes=member
org.apache.jetspeed.ldap.UserRoleMembershipAttributes=

# define the way group membership occurs for a user
# if GroupMembershipAttributes is used, membership attr will be stored on group
# if UserGroupMembershipAttributes is used, membership attr will be stored on user
org.apache.jetspeed.ldap.GroupMembershipAttributes=
org.apache.jetspeed.ldap.UserGroupMembershipAttributes=uniqueMember

# define the way group membership occurs for a role
# if GroupMembershipAttributes is used, membership attr will be stored on group
# if UserGroupMembershipAttributes is used, membership attr will be stored on user
org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=

# define the default search base. (=rootContext)
org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas

# define the path to roles,groups and users
# needs to be defined without the defaultsearchbase
org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1

org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
org.apache.jetspeed.ldap.GroupObjectClasses=top\,organization
org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson

# define the ID attribute used to search roles/groups/users
org.apache.jetspeed.ldap.RoleIdAttribute=cn
org.apache.jetspeed.ldap.GroupIdAttribute=cn
org.apache.jetspeed.ldap.UserIdAttribute=uid

As you can see, filters and objectClasses can now be configured, and no jetspeed specific object classes or attributes need to be used.

The provided config files in the patch (components/security/src/test/JETSPEED-INF/directory/config
) have been tested on apacheds,openldap and sunds

Added:
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml
    portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml
    portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java
Modified:
    portals/jetspeed-2/trunk/components/security-schema/src/main/schema/jetspeed.schema
    portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
    portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java
    portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapGroupSecurityHandler.java
    portals/jetspeed-2/trunk/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java
    portals/jetspeed-2/trunk/etc/apacheds/apacheds-server.xml
    portals/jetspeed-2/trunk/maven-plugin/plugin.jelly

Modified: portals/jetspeed-2/trunk/components/security-schema/src/main/schema/jetspeed.schema
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security-schema/src/main/schema/jetspeed.schema?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security-schema/src/main/schema/jetspeed.schema (original)
+++ portals/jetspeed-2/trunk/components/security-schema/src/main/schema/jetspeed.schema Wed Sep 27 00:49:17 2006
@@ -1,79 +1,79 @@
-# =============================================================================
-#                                Jetspeed Schema
-# =============================================================================
-#
-# The following attribute type OID have been arbitrarily chosen for now.
-#
-#              +-----------------------------+-----------------+
-#              |  Apache AttributeType OID   |      name       |
-#              +-----------------------------+-----------------+
-#              | 1.3.6.1.4.1.8100.1.2.3.1    | j2-classname    |
-#              | 1.3.6.1.4.1.8100.1.2.3.2    | j2-action       |
-#              | 1.3.6.1.4.1.8100.1.2.3.3    | j2-role         |
-#              | 1.3.6.1.4.1.8100.1.2.3.4    | j2-group        |
-#              | 1.3.6.1.4.1.8100.1.2.3.5    | j2-permission   |
-#              | 1.3.6.1.4.1.8100.1.2.3.6    | creation-date   |
-#              | 1.3.6.1.4.1.8100.1.2.3.7    | modified-date   |
-#              +-----------------------------+-----------------+
-# =============================================================================
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.1 NAME 'j2-classname'
-	DESC 'The java class name of the object.'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.2 NAME 'j2-action'
-	DESC 'An action associated with a permission. This is a multi-valued attribute.'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.3 NAME 'j2-role'
-	DESC 'The UID of an associated Role. This is a multi-valued attribute.'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.4 NAME 'j2-group'
-	DESC 'The UID of an associated Group. This is a multi-valued attribute.'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.5 NAME 'j2-permission'
-	DESC 'The UID of an associated Permission'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.6 NAME 'creation-date'
-	DESC 'create date'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.8100.1.2.3.7 NAME 'modified-date'
-	DESC 'modified date'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.8100.1.2.4.1 NAME 'jetspeed-2-group'
-	DESC 'Jetspeed-2 group'
-	SUP (groupOfUniqueNames)
-	MUST ( uid)
-	MAY ( j2-role $ creation-date $ modified-date $ cn $ ou) )
-
-objectclass ( 1.3.6.1.4.1.8100.1.2.4.2 NAME 'jetspeed-2-permission'
-	DESC 'Jetspeed-2 permission'
-	MUST ( uid)
-	MAY ( j2-action $ creation-date $ modified-date) )
-
-objectclass ( 1.3.6.1.4.1.8100.1.2.4.3 NAME 'jetspeed-2-role'
-	DESC 'Jetspeed-2 role'
-	SUP (groupOfUniqueNames)
-	MUST ( uid)
-	MAY ( creation-date $ modified-date $ cn $ ou) )
-
-objectclass ( 1.3.6.1.4.1.8100.1.2.4.4 NAME 'jetspeed-2-user'
-	DESC 'Jetspeed-2 user'
-	SUP (inetOrgPerson)
-	MUST ( cn $ uid)
+# =============================================================================
+#                                Jetspeed Schema
+# =============================================================================
+#
+# The following attribute type OID have been arbitrarily chosen for now.
+#
+#              +-----------------------------+-----------------+
+#              |  Apache AttributeType OID   |      name       |
+#              +-----------------------------+-----------------+
+#              | 1.3.6.1.4.1.8100.1.2.3.1    | j2-classname    |
+#              | 1.3.6.1.4.1.8100.1.2.3.2    | j2-action       |
+#              | 1.3.6.1.4.1.8100.1.2.3.3    | j2-role         |
+#              | 1.3.6.1.4.1.8100.1.2.3.4    | j2-group        |
+#              | 1.3.6.1.4.1.8100.1.2.3.5    | j2-permission   |
+#              | 1.3.6.1.4.1.8100.1.2.3.6    | creation-date   |
+#              | 1.3.6.1.4.1.8100.1.2.3.7    | modified-date   |
+#              +-----------------------------+-----------------+
+# =============================================================================
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.1 NAME 'j2-classname'
+	DESC 'The java class name of the object.'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.2 NAME 'j2-action'
+	DESC 'An action associated with a permission. This is a multi-valued attribute.'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.3 NAME 'j2-role'
+	DESC 'The UID of an associated Role. This is a multi-valued attribute.'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.4 NAME 'j2-group'
+	DESC 'The UID of an associated Group. This is a multi-valued attribute.'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.5 NAME 'j2-permission'
+	DESC 'The UID of an associated Permission'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.6 NAME 'creation-date'
+	DESC 'create date'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.8100.1.2.3.7 NAME 'modified-date'
+	DESC 'modified date'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.8100.1.2.4.1 NAME 'jetspeed-2-group'
+	DESC 'Jetspeed-2 group'
+	SUP (groupOfUniqueNames)
+	MUST ( j2-classname $ uid)
+	MAY ( j2-role $ creation-date $ modified-date $ cn $ ou) )
+
+objectclass ( 1.3.6.1.4.1.8100.1.2.4.2 NAME 'jetspeed-2-permission'
+	DESC 'Jetspeed-2 permission'
+	MUST ( j2-classname $ uid)
+	MAY ( j2-action $ creation-date $ modified-date) )
+
+objectclass ( 1.3.6.1.4.1.8100.1.2.4.3 NAME 'jetspeed-2-role'
+	DESC 'Jetspeed-2 role'
+	SUP (groupOfUniqueNames)
+	MUST ( j2-classname $ uid)
+	MAY ( creation-date $ modified-date $ cn $ ou) )
+
+objectclass ( 1.3.6.1.4.1.8100.1.2.4.4 NAME 'jetspeed-2-user'
+	DESC 'Jetspeed-2 user'
+	SUP (inetOrgPerson)
+	MUST ( cn $ uid)
 	MAY ( j2-role $ j2-group $ j2-permission $ creation-date $ modified-date))

Modified: portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml (original)
+++ portals/jetspeed-2/trunk/components/security/etc/security-spi-ldap.xml Wed Sep 27 00:49:17 2006
@@ -34,13 +34,45 @@
       <constructor-arg index="5"><value>uid=admin,ou=system</value></constructor-arg>
       <!-- The LDAP server root password. -->
       <constructor-arg index="6"><value>secret</value></constructor-arg>
-      <!-- The users org unit. -->
-      <constructor-arg index="7"><value>users</value></constructor-arg>
-      <!-- The groups org unit. -->
-      <constructor-arg index="8"><value>groups</value></constructor-arg>
-      <!-- The roles org unit. -->
-      <constructor-arg index="9"><value>roles</value></constructor-arg>
-      
+      <!-- The roles filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectClass=organization)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,organization</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
   </bean>
-
 </beans>

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java Wed Sep 27 00:49:17 2006
@@ -215,7 +215,7 @@
      */
     public Set getGroupPrincipals(String userPrincipalUid)
     {
-        Set groupPrincipals = new HashSet();
+    	Set groupPrincipals = new HashSet();
 
         String[] groups;
         try
@@ -276,13 +276,9 @@
     	//TODO: Check that this is correct
     	String[] fullPaths = {groupFullPathName};
 
-//        Preferences preferences = Preferences.userRoot().node(
-//                GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName));
-//        String[] fullPaths = groupHierarchyResolver.resolve(preferences);
-//        
         try
         {
-            getUserPrincipalsInGroup(userPrincipals, fullPaths);
+           getUserPrincipalsInGroup(userPrincipals, fullPaths);
         }
         catch (SecurityException e)
         {

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java Wed Sep 27 00:49:17 2006
@@ -167,7 +167,7 @@
     protected SearchControls setSearchControls()
     {
         SearchControls controls = new SearchControls();
-
+        controls.setReturningAttributes(new String[] {"cn","sn","o","uid","ou","objectClass","nsroledn","userPassword","member","uniqueMember"});
         controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         controls.setReturningObjFlag(true);
 
@@ -261,12 +261,12 @@
         while ((null != searchResults) && searchResults.hasMore())
         {
             SearchResult searchResult = (SearchResult) searchResults.next();
-
-            if (searchResult.getObject() instanceof DirContext)
-            {
-                DirContext userEntry = (DirContext) searchResult.getObject();
-                userDn = userEntry.getNameInNamespace();
-            }
+            userDn = searchResult.getNameInNamespace();
+//            if (searchResult.getObject() instanceof DirContext)
+//            {
+//                DirContext userEntry = (DirContext) searchResult.getObject();
+//                userDn = userEntry.getNameInNamespace();
+//            }
         }
         return userDn;
     }
@@ -299,9 +299,15 @@
      */
     protected NamingEnumeration searchByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + getObjectClass() + "))";
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+    	// usa a template method to use users/groups/roles
+        String searchFilter = "";
+        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
+        	searchFilter = "(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getSearchSuffix() + ")";
+        }
+        
+        NamingEnumeration searchResults = ((DirContext) ctx).search(getSearchDomain(), searchFilter, cons);
 
         return searchResults;
     }
@@ -318,8 +324,14 @@
      */
     protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + "jetspeed-2-group" + "))";
+    	// usa a template method to use users/groups/roles
+        String searchFilter = "";
+        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
+        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getGroupFilter() + ")";
+        }        
+        
         NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
 
         return searchResults;
@@ -337,8 +349,13 @@
      */
     protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + "jetspeed-2-role" + "))";
+        //String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="+ "jetspeed-2-role" + "))";
+        String searchFilter = "";
+        if (getRoleFilter()==null || getRoleFilter().equals("")) {
+        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getRoleFilter() + ")";
+        }      	
         NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
 
         return searchResults;
@@ -346,51 +363,91 @@
 
     /**
      * <p>
-     * Returns the default suffix dn.
+     * Returns the default Group suffix dn.
      * </p>
      * 
      * @return The defaultDnSuffix.
      */
-    protected String getDefaultDnSuffix()
+    protected String getGroupFilterBase()
     {
-        return this.ldapBindingConfig.getDefaultDnSuffix();
+        return this.ldapBindingConfig.getGroupFilterBase();
     }
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String[] getGroupObjectClasses()
+    {
+        return this.ldapBindingConfig.getGroupObjectClasses();
+    }    
+    
 
     /**
      * <p>
-     * Returns the groups organization unit.
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The groupsOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getGroupsOu()
+    protected String getRoleFilterBase()
     {
-        return this.ldapBindingConfig.getGroupsOu();
+        return this.ldapBindingConfig.getRoleFilterBase();
     }
     
     /**
      * <p>
-     * Returns the roles .
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The rolesOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getRolesOu()
+    protected String[] getRoleObjectClasses()
     {
-        return this.ldapBindingConfig.getRolesOu();
+        return this.ldapBindingConfig.getRoleObjectClasses();
     }    
-
+    
     /**
      * <p>
-     * Returns the users organization unit.
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The usersOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getUsersOu()
+    protected String getUserFilterBase()
     {
-        return this.ldapBindingConfig.getUsersOu();
-    }
+        return this.ldapBindingConfig.getUserFilterBase();
+    }    
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String getGroupFilter()
+    {
+        return this.ldapBindingConfig.getGroupFilter();
+    }     
+    
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String getRoleFilter()
+    {
+        return this.ldapBindingConfig.getRoleFilter();
+    }     
+        
+    
 
     /**
      * <p>
@@ -403,16 +460,17 @@
     {
         return this.ldapBindingConfig.getRootContext();
     }
-
+    
     /**
      * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
+     * A template method that returns the LDAP entry prefix of the concrete DAO.
      * </p>
      * 
-     * @return a String containing the LDAP object class name.
-     */
-    protected abstract String getObjectClass();
-    
+     * TODO : this should be in spring config
+     * 
+     * @return a String containing the LDAP entry prefix name.
+     */    
+    protected abstract String getEntryPrefix();
     
     /**
      * <p>
@@ -423,6 +481,82 @@
      * 
      * @return a String containing the LDAP entry prefix name.
      */    
-    protected abstract String getEntryPrefix();
+    protected abstract String getSearchSuffix();
+    
+    /**
+     * <p>
+     * The domain in wich to perform a search
+     * </p>
+     * 
+     * TODO : this should be in spring config
+     * 
+     * @return a String containing the LDAP entry prefix name.
+     */    
+    protected abstract String getSearchDomain();    
+        
+    protected  String getUserFilter()
+    {
+        return this.ldapBindingConfig.getUserFilter();
+    }
     
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String[] getUserObjectClasses()
+    {
+        return this.ldapBindingConfig.getUserObjectClasses();
+    }    
+
+    protected  String getGroupMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getGroupMembershipAttributes();
+    }   
+    
+    protected  String getUserGroupMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getUserGroupMembershipAttributes();
+    }  
+     
+    
+    protected  String getGroupMembershipForRoleAttribute()
+    {
+        return this.ldapBindingConfig.getGroupMembershipForRoleAttributes();
+    }   
+    
+    protected  String getRoleGroupMembershipForRoleAttribute()
+    {
+        return this.ldapBindingConfig.getRoleGroupMembershipForRoleAttributes();
+    }    
+        
+    protected  String getRoleMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getRoleMembershipAttributes();
+    }
+    
+    protected  String getUserRoleMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getUserRoleMembershipAttributes();
+    }
+
+    protected  String getRoleIdAttribute()
+    {
+        return this.ldapBindingConfig.getRoleIdAttribute();
+    }    
+
+    protected  String getGroupIdAttribute()
+    {
+        return this.ldapBindingConfig.getGroupIdAttribute();
+    }    
+
+    protected  String getUserIdAttribute()
+    {
+        return this.ldapBindingConfig.getUserIdAttribute();
+    }    
+
+	protected abstract String[] getObjectClasses();
+	
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java Wed Sep 27 00:49:17 2006
@@ -66,9 +66,13 @@
      */
     public void init() throws SecurityException
     {
-        initOu(getUsersOu());
-        initOu(getGroupsOu());
-        initOu(getRolesOu());
+    	initOu("OrgUnit1");
+    	initOu("People","ou=OrgUnit1");
+    	initOu("Groups","ou=OrgUnit1");
+    	initOu("Roles","ou=OrgUnit1");
+//        initOu(getUsersOu());
+//        initOu(getGroupsOu());
+//        initOu(getRolesOu());
     }
 
     /**
@@ -86,7 +90,7 @@
             Attributes attrs = defineLdapAttributes(ou);
             try
             {
-                String dn = "ou=" + ou;
+                String dn = "ou=" + ou; // + "," + getDefaultSearchBase();
                 ctx.createSubcontext(dn, attrs);
             }
             catch (NamingException e)
@@ -95,6 +99,22 @@
             }
         }
     }
+    
+    public void initOu(String ou,String folder) throws SecurityException
+    {
+        if (!StringUtils.isEmpty(ou))
+        {
+            Attributes attrs = defineLdapAttributes(ou);
+            try
+            {
+                ctx.createSubcontext("ou=" + ou + "," + folder, attrs);
+            }
+            catch (NamingException e)
+            {
+                throw new SecurityException(e);
+            }
+        }
+    }    
 
     /**
      * <p>
@@ -121,5 +141,18 @@
 	{
 		return null;
 	}
+	
+	protected String getSearchSuffix() {
+		return null;
+	}
+
+	protected String getSearchDomain() {
+		return null;
+	}
+
+	protected String[] getObjectClasses() {
+		return null;
+	}
+
 
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java Wed Sep 27 00:49:17 2006
@@ -16,6 +16,7 @@
 
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.SecurityException;
@@ -32,38 +33,48 @@
     /** The logger. */
     private static final Log logger = LogFactory.getLog(LdapBindingConfig.class);
 
-    /** The initial context factory for the LDAP provider. */
     private String initialContextFactory;
-
-    /** The server name. */
     private String ldapServerName;
-
-    /** The server port. */
     private String ldapServerPort;
-
-    /** The root distinguished name. */
     private String rootDn;
-
-    /** The root password. */
     private String rootPassword;
-
-    /** The root context. */
     private String rootContext;
-
-    /** The default suffix. */
+    
     private String defaultDnSuffix;
+    
+    private PropertiesConfiguration props = null;
 
-    /** The users ou. */
-    private String usersOu;
+	private String roleFilter;
+	private String groupFilter;
+	private String userFilter;
 
-    /** The groups ou. */
-    private String groupsOu;
-    
-    /** The roles ou. */
-    private String rolesOu;    
+	private String userAuthenticationFiler;
+	
+	private String roleMembershipAttributes;
+	private String userRoleMembershipAttributes;
 
-    /** The ldap properties. */
-    private PropertiesConfiguration props = null;
+	private String groupMembershipAttributes;
+	private String userGroupMembershipAttributes;
+
+	private String defaultSearchBase;
+
+	private String roleFilterBase;
+	private String groupFilterBase;
+	private String userFilterBase;
+	
+	private String roleIdAttribute;
+	private String groupIdAttribute;
+	private String userIdAttribute;
+
+	private String[] roleObjectClasses;
+
+	private String[] groupObjectClasses;
+
+	private String[] userObjectClasses;
+
+	private String roleGroupMembershipForRoleAttributes;
+
+	private String groupMembershipForRoleAttributes;	
 
     /**
      * @param factory The initial context factory.
@@ -76,8 +87,33 @@
      * @param uou The users organization unit.
      * @param gou The groups organization unit.
      */
-    public LdapBindingConfig(String factory, String name, String port, String suffix, String context, String dn,
-            String password, String uou, String goups,String roles)
+    public LdapBindingConfig(String factory, 
+    		String name, 
+    		String port, 
+    		String suffix, 
+    		String context, 
+    		String dn,
+            String password, 
+            String roleFilter,
+    		String groupFilter,
+    		String userFilter,
+			String userAuthenticationFiler,
+			String roleMembershipAttributes,
+			String userRoleMembershipAttributes,
+			String groupMembershipAttributes,
+			String userGroupMembershipAttributes,
+			String groupMembershipForRoleAttributes,
+			String roleGroupMembershipForRoleAttributes,			
+			String defaultSearchBase,
+			String roleFilterBase,
+			String groupFilterBase,
+			String userFilterBase,
+			String roleObjectClasses,
+			String groupObjectClasses,
+			String userObjectClasses,			
+			String roleIdAttribute,
+			String groupIdAttribute,
+			String userIdAttribute)    
     {
         try
         {
@@ -88,9 +124,35 @@
             rootContext = context;
             rootDn = dn;
             rootPassword = password;
-            usersOu = uou;
-            groupsOu = goups;
-            rolesOu = roles;
+    
+            this.roleFilter=roleFilter;
+    		this.groupFilter=groupFilter;
+    		this.userFilter=userFilter;
+    		this.userAuthenticationFiler=userAuthenticationFiler;
+			
+    		this.roleMembershipAttributes=roleMembershipAttributes;
+			this.userRoleMembershipAttributes=userRoleMembershipAttributes;
+			
+			this.groupMembershipAttributes=groupMembershipAttributes;
+			this.userGroupMembershipAttributes=userGroupMembershipAttributes;
+			
+			this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+			this.roleGroupMembershipForRoleAttributes=roleGroupMembershipForRoleAttributes;
+			this.defaultSearchBase=defaultSearchBase;
+    		
+			this.roleFilterBase=roleFilterBase;
+    		this.groupFilterBase=groupFilterBase;
+    		this.userFilterBase=userFilterBase;
+    		
+    		
+    		this.roleObjectClasses=StringUtils.split(roleObjectClasses,",");
+    		this.groupObjectClasses=StringUtils.split(groupObjectClasses,",");
+    		this.userObjectClasses=StringUtils.split(userObjectClasses,",");
+    		
+    		this.roleIdAttribute=roleIdAttribute;
+    		this.groupIdAttribute=groupIdAttribute;
+    		this.userIdAttribute=userIdAttribute;
+    		
             new InitLdapSchema(this);
         }
         catch (SecurityException se)
@@ -109,11 +171,11 @@
      * JETSPEED-INF/ldap/ldap.properties in the classpath.
      * </p>
      */
-    public LdapBindingConfig()
+    public LdapBindingConfig(String ldapType)
     {
         try
         {
-            props = new PropertiesConfiguration("JETSPEED-INF/ldap/ldap.properties");
+            props = new PropertiesConfiguration("JETSPEED-INF/ldap/" + ldapType + "/ldap.properties");
             initialContextFactory = props.getString("org.apache.jetspeed.ldap.initialContextFactory");
             ldapServerName = props.getString("org.apache.jetspeed.ldap.ldapServerName");
             ldapServerPort = props.getString("org.apache.jetspeed.ldap.ldapServerPort");
@@ -121,9 +183,36 @@
             rootContext = props.getString("org.apache.jetspeed.ldap.rootContext");
             rootDn = props.getString("org.apache.jetspeed.ldap.rootDn");
             rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
-            usersOu = props.getString("org.apache.jetspeed.ldap.ou.users");
-            groupsOu = props.getString("org.apache.jetspeed.ldap.ou.groups");
-            rolesOu = props.getString("org.apache.jetspeed.ldap.ou.roles");
+            
+            roleFilter=props.getString("org.apache.jetspeed.ldap.RoleFilter");
+            groupFilter=props.getString("org.apache.jetspeed.ldap.GroupFilter");
+            userFilter=props.getString("org.apache.jetspeed.ldap.UserFilter");
+
+            userAuthenticationFiler=props.getString("org.apache.jetspeed.ldap.UserAuthenticationFiler");
+
+            roleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.RoleMembershipAttributes");
+            userRoleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.UserRoleMembershipAttributes");
+
+            groupMembershipAttributes=props.getString("org.apache.jetspeed.ldap.GroupMembershipAttributes");
+            userGroupMembershipAttributes=props.getString("org.apache.jetspeed.ldap.UserGroupMembershipAttributes");
+
+            groupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes");
+            roleGroupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes");
+
+            defaultSearchBase=props.getString("org.apache.jetspeed.ldap.DefaultSearchBase");
+            
+            roleFilterBase=props.getString("org.apache.jetspeed.ldap.RoleFilterBase");
+            groupFilterBase=props.getString("org.apache.jetspeed.ldap.GroupFilterBase");
+            userFilterBase=props.getString("org.apache.jetspeed.ldap.UserFilterBase");
+            
+            this.roleObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.RoleObjectClasses"),",");
+    		this.groupObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.GroupObjectClasses"),",");
+    		this.userObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.UserObjectClasses"),",");
+    		
+    		roleIdAttribute=props.getString("org.apache.jetspeed.ldap.RoleIdAttribute");
+            groupIdAttribute=props.getString("org.apache.jetspeed.ldap.GroupIdAttribute");
+            userIdAttribute=props.getString("org.apache.jetspeed.ldap.UserIdAttribute");
+
             new InitLdapSchema(this);
         }
         catch (ConfigurationException ce)
@@ -155,23 +244,6 @@
     {
         this.defaultDnSuffix = defaultDnSuffix;
     }
-
-    /**
-     * @return Returns the groupsOu.
-     */
-    public String getGroupsOu()
-    {
-        return groupsOu;
-    }
-
-    /**
-     * @param groupsOu The groupsOu to set.
-     */
-    public void setGroupsOu(String groupsOu)
-    {
-        this.groupsOu = groupsOu;
-    }
-
     /**
      * @return Returns the initialContextFactory.
      */
@@ -268,27 +340,165 @@
         this.rootPassword = rootPassword;
     }
 
-    /**
-     * @return Returns the usersOu.
-     */
-    public String getUsersOu()
-    {
-        return usersOu;
-    }
+	public String getRoleFilter() {
+		return roleFilter;
+	}
 
-    /**
-     * @param usersOu The usersOu to set.
-     */
-    public void setUsersOu(String usersOu)
-    {
-        this.usersOu = usersOu;
-    }
+	public void setRoleFilter(String roleFilter) {
+		this.roleFilter = roleFilter;
+	}
+
+	public String getRoleFilterBase() {
+		return roleFilterBase;
+	}
+
+	public void setRoleFilterBase(String roleFilterBase) {
+		this.roleFilterBase = roleFilterBase;
+	}
+
+	public String getRoleMembershipAttributes() {
+		return roleMembershipAttributes;
+	}
+
+	public void setRoleMembershipAttributes(String roleMembershipAttributes) {
+		this.roleMembershipAttributes = roleMembershipAttributes;
+	}
 
-	public String getRolesOu() {
-		return rolesOu;
+	public String getUserAuthenticationFiler() {
+		return userAuthenticationFiler;
 	}
 
-	public void setRolesOu(String rolesOu) {
-		this.rolesOu = rolesOu;
+	public void setUserAuthenticationFiler(String userAuthenticationFiler) {
+		this.userAuthenticationFiler = userAuthenticationFiler;
 	}
+
+	public String getUserFilter() {
+		return userFilter;
+	}
+
+	public void setUserFilter(String userFilter) {
+		this.userFilter = userFilter;
+	}
+
+	public String getUserFilterBase() {
+		return userFilterBase;
+	}
+
+	public void setUserFilterBase(String userFilterBase) {
+		this.userFilterBase = userFilterBase;
+	}
+
+	public String getUserGroupMembershipAttributes() {
+		return userGroupMembershipAttributes;
+	}
+
+	public void setUserGroupMembershipAttributes(
+			String userGroupMembershipAttributes) {
+		this.userGroupMembershipAttributes = userGroupMembershipAttributes;
+	}
+
+	public String getUserRoleMembershipAttributes() {
+		return userRoleMembershipAttributes;
+	}
+
+	public void setUserRoleMembershipAttributes(String userRoleMembershipAttributes) {
+		this.userRoleMembershipAttributes = userRoleMembershipAttributes;
+	}
+
+	public String getDefaultSearchBase() {
+		return defaultSearchBase;
+	}
+
+	public void setDefaultSearchBase(String defaultSearchBase) {
+		this.defaultSearchBase = defaultSearchBase;
+	}
+
+	public String getGroupFilter() {
+		return groupFilter;
+	}
+
+	public void setGroupFilter(String groupFilter) {
+		this.groupFilter = groupFilter;
+	}
+
+	public String getGroupFilterBase() {
+		return groupFilterBase;
+	}
+
+	public void setGroupFilterBase(String groupFilterBase) {
+		this.groupFilterBase = groupFilterBase;
+	}
+
+	public String getGroupMembershipAttributes() {
+		return groupMembershipAttributes;
+	}
+
+	public void setGroupMembershipAttributes(String groupMembershipAttributes) {
+		this.groupMembershipAttributes = groupMembershipAttributes;
+	}
+
+	public String getGroupIdAttribute() {
+		return groupIdAttribute;
+	}
+
+	public void setGroupIdAttribute(String groupIdAttribute) {
+		this.groupIdAttribute = groupIdAttribute;
+	}
+
+	public String getRoleIdAttribute() {
+		return roleIdAttribute;
+	}
+
+	public void setRoleIdAttribute(String roleIdAttribute) {
+		this.roleIdAttribute = roleIdAttribute;
+	}
+
+	public String getUserIdAttribute() {
+		return userIdAttribute;
+	}
+
+	public void setUserIdAttribute(String userIdAttribute) {
+		this.userIdAttribute = userIdAttribute;
+	}
+
+	public String[] getGroupObjectClasses() {
+		return groupObjectClasses;
+	}
+
+	public void setGroupObjectClasses(String[] groupObjectClasses) {
+		this.groupObjectClasses = groupObjectClasses;
+	}
+
+	public String[] getRoleObjectClasses() {
+		return roleObjectClasses;
+	}
+
+	public void setRoleObjectClasses(String[] roleObjectClasses) {
+		this.roleObjectClasses = roleObjectClasses;
+	}
+
+	public String[] getUserObjectClasses() {
+		return userObjectClasses;
+	}
+
+	public void setUserObjectClasses(String[] userObjectClasses) {
+		this.userObjectClasses = userObjectClasses;
+	}
+
+	public String getRoleGroupMembershipForRoleAttributes() {
+		return this.roleGroupMembershipForRoleAttributes;
+	}
+
+	public String getGroupMembershipForRoleAttributes() {
+		return this.groupMembershipForRoleAttributes;
+	}
+	
+	public void setRoleGroupMembershipForRoleAttributes(String roleGroupMembershipForRoleAttributes) {
+		this.roleGroupMembershipForRoleAttributes=roleGroupMembershipForRoleAttributes;
+	}
+
+	public void setGroupMembershipForRoleAttributes(String groupMembershipForRoleAttributes) {
+		this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+	}	
+	
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -17,13 +17,10 @@
 
 import java.security.Principal;
 
-import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 
@@ -76,13 +73,10 @@
         Attributes attrs = new BasicAttributes(true);
         BasicAttribute classes = new BasicAttribute("objectclass");
 
-        classes.add("top");
-        classes.add("uidObject");
-        classes.add("jetspeed-2-group");
+        for (int i=0 ; i<getObjectClasses().length ; i++) 
+        	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
-        attrs.put("uid", principalUid);
-        attrs.put("cn", principalUid);
-        attrs.put("ou", getGroupsOu());
+        attrs.put(getEntryPrefix(), principalUid);
         return attrs;
     }
 
@@ -91,16 +85,7 @@
      */
     protected String getDnSuffix()
     {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getGroupsOu()))
-        {
-            suffix += ",ou=" + getGroupsOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
+       return getGroupFilterBase();
     }
 
     /**
@@ -116,20 +101,21 @@
         return new GroupPrincipalImpl(principalUid);
     }
 
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-group";
-    }
 
 	protected String getEntryPrefix() {
-		return "cn";
+		return this.getGroupIdAttribute();
+	}
+	
+	protected String getSearchSuffix() {
+		return this.getGroupFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getGroupFilterBase();
+	}
+
+	protected String[] getObjectClasses() {
+		return this.getGroupObjectClasses();
 	}
 	
  	

Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java (added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -0,0 +1,471 @@
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.naming.Name;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.LdapName;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
+
+
+public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao {
+
+	public LdapMemberShipDaoImpl() throws SecurityException {
+		super();
+	}
+	
+	public LdapMemberShipDaoImpl(LdapBindingConfig config) throws SecurityException {
+		super(config);
+	}	
+
+	/** The logger. */
+    private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
+		String query = "(&(" + getGroupMembershipAttribute() + "=" + subfilter + ")" + getGroupFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    Name name = new LdapName(getGroupFilterBase());
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
+	
+	   List groupPrincipalUids = new ArrayList();
+	    while (searchResults.hasMore())
+	    {
+	        SearchResult result = (SearchResult) searchResults.next();
+	        Attributes answer = result.getAttributes();
+	
+	        groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer)));
+	    }
+	    return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]);
+	
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		NamingEnumeration searchResults = searchByWildcardedUid(userPrincipalUid, cons);
+	    
+	    if (!searchResults.hasMore())
+	    {
+	        throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+	    }
+	
+	    Attributes userAttributes = getFirstUser(searchResults);
+	    List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes));
+	    return (String[]) uids.toArray(new String[uids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
+		String query = "(&(" + getRoleMembershipAttribute() + "=" + subfilter + ")" + getRoleFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    Name name = new LdapName(getRoleFilterBase()) ;
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
+	
+	    List rolePrincipalUids = new ArrayList();
+	     while (searchResults.hasMore())
+	     {
+	    	 
+	         SearchResult result = (SearchResult) searchResults.next();
+	         Attributes answer = result.getAttributes();
+	
+	         rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
+	     }
+	     return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+	
+		NamingEnumeration results = searchByWildcardedUid(userPrincipalUid, cons);
+	
+		if (!results.hasMore())
+		{
+		    throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+		}
+		
+		Attributes userAttributes = getFirstUser(results);
+		List newAttrs = new ArrayList();
+		Attribute attr = getAttribute(getUserRoleMembershipAttribute(), userAttributes);
+		 List attrs = getAttributes(attr);
+		        Iterator it = attrs.iterator();
+		        while(it.hasNext()) {
+		        	String cnfull = (String)it.next();
+		        	String cn = extractCn(cnfull);
+		        	newAttrs.add(cn);
+		        }
+		//List uids = getAttributes(attr);
+		return (String[]) newAttrs.toArray(new String[newAttrs.size()]);
+	}
+
+//	/**
+//	 * <p>
+//	 * Search user by group.
+//	 * </p>
+//	 * 
+//	 * @param groupPrincipalUid
+//	 * @param cons
+//	 * @return
+//	 * @throws NamingException A {@link NamingException}.
+//	 */
+//	private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
+//	        throws NamingException
+//	{
+//	    String query = "(&(cn=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
+//	
+//	    if (logger.isDebugEnabled())
+//	    {
+//	        logger.debug("query[" + query + "]");
+//	    }
+//	    NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
+//	
+//	    return searchResults;
+//	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByGroup(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+	    
+	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        List newAttrs = new ArrayList();
+	        
+	        Attribute userPrincipalUid = getAttribute(getGroupMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	String uid = extractUid(uidfull);
+	        	if (uidfull.indexOf(getUserFilterBase())!=-1)
+	        		newAttrs.add(uid);
+	        }
+	        userPrincipalUids.addAll(newAttrs);
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByUser(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+		
+		String subfilter = getGroupIdAttribute() + "=" 	+  getGroupFilterBase(); 
+	    if (getGroupFilterBase()!=null && !getGroupFilterBase().equals("")) subfilter+="," + getGroupFilterBase();
+	    subfilter+="," + getRootContext();
+		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+	
+	    ArrayList userPrincipalUids = new ArrayList();
+	    
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	
+	        userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+	
+	public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter()
+				+ ")";
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+
+		ArrayList rolePrincipalUids = new ArrayList();
+
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+
+		while (results.hasMore()) {
+			SearchResult result = (SearchResult) results.next();
+			Attributes answer = result.getAttributes();
+
+			List newAttrs = new ArrayList();
+
+			Attribute userPrincipalUid = getAttribute(
+					getGroupMembershipForRoleAttribute(), answer);
+			List attrs = getAttributes(userPrincipalUid);
+			Iterator it = attrs.iterator();
+			while (it.hasNext()) {
+				String uidfull = (String) it.next();
+				String uid = extractUid(uidfull);
+				if (uidfull.indexOf(getRoleFilterBase())!=-1)
+					newAttrs.add(uid);
+			}
+			rolePrincipalUids.addAll(newAttrs);
+		}
+		return (String[]) rolePrincipalUids
+				.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String,
+	 *      javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String subfilter = getGroupIdAttribute() + "=" + groupPrincipalUid;
+		if (getGroupFilterBase() != null && !getGroupFilterBase().equals(""))
+			subfilter += "," + getGroupFilterBase() + "," + getRootContext();
+		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "="
+				+ subfilter + ")" + getUserFilter() + ")";
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+
+		ArrayList userPrincipalUids = new ArrayList();
+
+		while (results.hasMore()) {
+			SearchResult result = (SearchResult) results.next();
+			Attributes answer = result.getAttributes();
+
+			userPrincipalUids
+					.addAll(getAttributes(getAttribute("uid", answer)));
+		}
+		return (String[]) userPrincipalUids
+				.toArray(new String[userPrincipalUids.size()]);
+	}	
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByRole(final String rolePrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getRoleIdAttribute() + "=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+	    
+	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        //List cUserPrincipalUid = getAttributes(getAttribute(getRoleMembershipAttribute(), answer));
+	        //TODO: better implementtion
+	        List newAttrs = new ArrayList();
+	        
+	        Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	String uid = extractUid(uidfull);
+	        	newAttrs.add(uid);
+	        }
+	        userPrincipalUids.addAll(newAttrs);
+
+	        
+	        //userPrincipalUids.addAll(cUserPrincipalUid);
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
+	throws NamingException
+	{
+	
+		//TODO: rename params / vars !!!
+		String subfilter = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+		if (getRoleFilterBase()!=null && !getRoleFilterBase().equals("")) subfilter+="," + getRoleFilterBase();
+		subfilter+="," + getRootContext();
+		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+		if (logger.isDebugEnabled())
+		{
+		    logger.debug("query[" + query + "]");
+		}
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+		
+		ArrayList userPrincipalUids = new ArrayList();
+		
+		while (results.hasMore())
+		{
+		    SearchResult result = (SearchResult) results.next();
+		    Attributes answer = result.getAttributes();
+		
+		    userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+		}
+		return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+	
+
+    /**
+     * @param attr
+     * @return
+     * @throws NamingException
+     */
+    protected List getAttributes(Attribute attr) throws NamingException
+    {
+        List uids = new ArrayList();
+        if (attr != null)
+        {
+            Enumeration groupUidEnum = attr.getAll();
+            while (groupUidEnum.hasMoreElements())
+            {
+                uids.add(groupUidEnum.nextElement());
+            }
+        }
+        return uids;
+    }	
+
+    /**
+     * @param results
+     * @return
+     * @throws NamingException
+     */
+    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
+    {
+        SearchResult result = (SearchResult) results.next();
+        Attributes answer = result.getAttributes();
+
+        return answer;
+    }
+    
+	protected String getEntryPrefix() {
+		return "uid";
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	/**
+	 * <p>
+	 * A template method for defining the attributes for a particular LDAP class.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return the LDAP attributes object for the particular class.
+	 */
+	protected Attributes defineLdapAttributes(final String principalUid)
+	{
+	    Attributes attrs = new BasicAttributes(true);
+	    BasicAttribute classes = new BasicAttribute("objectclass");
+	
+	    classes.add("top");
+	    classes.add("person");
+	    classes.add("organizationalPerson");
+	    classes.add("inetorgperson");
+	    attrs.put(classes);
+	    attrs.put("cn", principalUid);
+	    attrs.put("sn", principalUid);
+	
+	    return attrs;
+	}
+
+	/**
+	     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+	     */
+	    protected String getDnSuffix()
+	    {
+	        return this.getUserFilterBase();
+	    }
+
+	/**
+	 * <p>
+	 * Creates a GroupPrincipal object.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return A group principal object.
+	 */
+	protected Principal makePrincipal(String principalUid)
+	{
+	    return new UserPrincipalImpl(principalUid);
+	}    
+	
+	private String extractUid(String ldapName) {
+		if (ldapName.indexOf(",")!=-1)
+			return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.indexOf(","));
+		return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.length());
+	}
+	
+	private String extractCn(String ldapName) {
+		if (ldapName.indexOf(",")!=-1)
+			return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.indexOf(","));
+		return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.length());
+	}
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}
+	
+	
+}

Added: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java (added)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java Wed Sep 27 00:49:17 2006
@@ -0,0 +1,86 @@
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
+public interface LdapMembershipDao {
+
+	public abstract String[] searchGroupMemberShipByGroup(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchGroupMemberShipByUser(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchRoleMemberShipByRole(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchRoleMemberShipByUser(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by group using the GroupMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromGroupByGroup(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by group using the UserGroupMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromGroupByUser(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by role using the RoleMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromRoleByRole(
+			final String rolePrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by role using the UserRoleMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromRoleByUser(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+	
+	public abstract String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException;
+
+	public abstract String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException;
+
+}

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -46,9 +46,7 @@
     /** The logger. */
     private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class);
 
-    /** The uid attribute name. */
-    protected String UID_ATTR_NAME = "uid";
-
+    
     /**
      * <p>
      * Default constructor.
@@ -102,7 +100,9 @@
         Attributes attrs = defineLdapAttributes(principalUid);
         try
         {
-            String userDn = getEntryPrefix() + "=" + principalUid + getDnSuffix();
+            String userDn = getEntryPrefix() + "=" + principalUid;
+            if (getDnSuffix()!=null && !getDnSuffix().equals("")) userDn+="," + getDnSuffix();// + ',' + getDefaultSearchBase();
+            
             ctx.createSubcontext(userDn, attrs);
             if (logger.isDebugEnabled())
             {
@@ -261,7 +261,7 @@
         {
             Attributes atts = searchResult.getAttributes();
 
-            String uid = (String) getAttribute(UID_ATTR_NAME, atts).getAll().next();
+            String uid = (String) getAttribute(getEntryPrefix(), atts).getAll().next();
             Principal principal = makePrincipal(uid);
 
             principals.add(principal);
@@ -288,5 +288,9 @@
         }
         return null;
     }
+    
+	protected String getSearchDomain() {
+		return this.getUserFilterBase();
+	}    
 
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -21,7 +21,6 @@
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
 
@@ -35,8 +34,6 @@
 public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
 {
 
-	protected String UID_ATTR_NAME = "cn";
-	
     /**
      * <p>
      * Default constructor.
@@ -75,13 +72,10 @@
         Attributes attrs = new BasicAttributes(true);
         BasicAttribute classes = new BasicAttribute("objectclass");
 
-        classes.add("top");
-        classes.add("uidObject");
-        classes.add("jetspeed-2-role");
+        for (int i=0;i<getObjectClasses().length;i++)
+        	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
-        attrs.put("uid", principalUid);
-        attrs.put("cn", principalUid);
-        attrs.put("ou", getRolesOu());
+        attrs.put(getEntryPrefix(), principalUid);
         return attrs;
     }
 
@@ -90,16 +84,7 @@
      */
     protected String getDnSuffix()
     {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getRolesOu()))
-        {
-            suffix += ",ou=" + getRolesOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
+        return this.getRoleFilterBase();
     }
 
     /**
@@ -115,19 +100,21 @@
         return new RolePrincipalImpl(principalUid);
     }
 
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-role";
-    }
-
 	protected String getEntryPrefix() {
-		return "cn";
+		return this.getRoleIdAttribute();
+	}
+	
+	protected String getSearchSuffix() {
+		return this.getRoleFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getRoleFilterBase();
+	}	
+
+	protected String[] getObjectClasses() {
+		return this.getRoleObjectClasses();
 	}
+	
+	
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -113,7 +113,7 @@
 			String savedPassword = String.valueOf(getPassword(uid));
 			String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
 			String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
-			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + ",ou=" + getUsersOu() + "," +  getRootContext());
+			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + "," + getUserFilterBase() + "," + getRootContext());
 			env.put(Context.SECURITY_CREDENTIALS,password);
 			InitialContext ctx = new InitialContext(env);
 			env.put(Context.SECURITY_PRINCIPAL,oldUsername);
@@ -279,4 +279,17 @@
 	protected String getEntryPrefix() {
 		return "uid";
 	}
+	
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getUserFilterBase();
+	}	
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}
+	
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message