Source Code Cross Referenced for LdapGroupSecurityHandler.java in  » Portal » jetspeed-2.1.3 » org » apache » jetspeed » security » spi » impl » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* 
002:         * Licensed to the Apache Software Foundation (ASF) under one or more
003:         * contributor license agreements.  See the NOTICE file distributed with
004:         * this work for additional information regarding copyright ownership.
005:         * The ASF licenses this file to You under the Apache License, Version 2.0
006:         * (the "License"); you may not use this file except in compliance with
007:         * the License.  You may obtain a copy of the License at
008:         *
009:         *     http://www.apache.org/licenses/LICENSE-2.0
010:         *
011:         * Unless required by applicable law or agreed to in writing, software
012:         * distributed under the License is distributed on an "AS IS" BASIS,
013:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014:         * See the License for the specific language governing permissions and
015:         * limitations under the License.
016:         */
017:        package org.apache.jetspeed.security.spi.impl;
018:
019:        import java.util.ArrayList;
020:        import java.util.Arrays;
021:        import java.util.List;
022:
023:        import javax.naming.NamingException;
024:
025:        import org.apache.commons.lang.StringUtils;
026:        import org.apache.commons.logging.Log;
027:        import org.apache.commons.logging.LogFactory;
028:        import org.apache.jetspeed.security.GroupPrincipal;
029:        import org.apache.jetspeed.security.SecurityException;
030:        import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
031:        import org.apache.jetspeed.security.spi.GroupSecurityHandler;
032:        import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
033:        import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;
034:
035:        /**
036:         * @see org.apache.jetspeed.security.spi.GroupSecurityHandler
037:         * @author <a href="mailto:mike.long@dataline.com">Mike Long </a><br/> <a
038:         *         href="mailto:dlestrat@apache.org">David Le Strat </a>
039:         */
040:        public class LdapGroupSecurityHandler implements  GroupSecurityHandler {
041:            /** The logger. */
042:            private static final Log logger = LogFactory
043:                    .getLog(LdapGroupSecurityHandler.class);
044:
045:            /** The {@link LdapPrincipalDao}. */
046:            private LdapPrincipalDao ldap;
047:
048:            /**
049:             * @param ldap The {@link LdapPrincipalDao}.
050:             */
051:            public LdapGroupSecurityHandler(LdapPrincipalDao ldap) {
052:                this .ldap = ldap;
053:            }
054:
055:            /**
056:             * <p>
057:             * Default constructor.
058:             * </p>
059:             * 
060:             * @throws NamingException A {@link NamingException}.
061:             * @throws SecurityException A {@link SecurityException}.
062:             */
063:            public LdapGroupSecurityHandler() throws NamingException,
064:                    SecurityException {
065:                this (new LdapGroupDaoImpl());
066:            }
067:
068:            /**
069:             * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipal(java.lang.String)
070:             */
071:            public GroupPrincipal getGroupPrincipal(String groupPrincipalUid) {
072:                String groupUidWithoutSlashes = ldap
073:                        .convertUidToLdapAcceptableName(groupPrincipalUid);
074:                verifyGroupId(groupUidWithoutSlashes);
075:                try {
076:                    String dn = ldap.lookupByUid(groupUidWithoutSlashes);
077:
078:                    if (!StringUtils.isEmpty(dn)) {
079:                        return new GroupPrincipalImpl(groupPrincipalUid);
080:                    }
081:                } catch (SecurityException e) {
082:                    logSecurityException(e, groupPrincipalUid);
083:                }
084:                return null;
085:            }
086:
087:            /**
088:             * <p>
089:             * Verify that the group uid is valid.
090:             * </p>
091:             * 
092:             * @param groupPrincipalUid The group uid.
093:             */
094:            private void verifyGroupId(String groupPrincipalUid) {
095:                if (StringUtils.isEmpty(groupPrincipalUid)) {
096:                    throw new IllegalArgumentException(
097:                            "The groupId cannot be null or empty.");
098:                }
099:            }
100:
101:            /**
102:             * <p>
103:             * Log the security exception.
104:             * </p>
105:             * 
106:             * @param e The {@link SecurityException}.
107:             * @param groupPrincipalUid The group principal uid.
108:             */
109:            private void logSecurityException(SecurityException e,
110:                    String groupPrincipalUid) {
111:                if (logger.isErrorEnabled()) {
112:                    logger.error("An LDAP error has occurred for groupId:"
113:                            + groupPrincipalUid, e);
114:                }
115:            }
116:
117:            /**
118:             * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#setGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
119:             */
120:            public void setGroupPrincipal(GroupPrincipal groupPrincipal)
121:                    throws SecurityException {
122:                verifyGroupPrincipal(groupPrincipal);
123:
124:                String fullPath = groupPrincipal.getFullPath();
125:                String groupUidWithoutSlashes = ldap
126:                        .convertUidToLdapAcceptableName(fullPath);
127:                if (getGroupPrincipal(groupUidWithoutSlashes) == null) {
128:                    ldap.create(groupUidWithoutSlashes);
129:                }
130:
131:            }
132:
133:            /**
134:             * <p>
135:             * Verify that the group principal is valid.
136:             * </p>
137:             * 
138:             * @param groupPrincipal The group principal.
139:             */
140:            private void verifyGroupPrincipal(GroupPrincipal groupPrincipal) {
141:                if (groupPrincipal == null) {
142:                    throw new IllegalArgumentException(
143:                            "The GroupPrincipal cannot be null or empty.");
144:                }
145:            }
146:
147:            /**
148:             * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#removeGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
149:             */
150:            public void removeGroupPrincipal(GroupPrincipal groupPrincipal)
151:                    throws SecurityException {
152:                verifyGroupPrincipal(groupPrincipal);
153:
154:                String fullPath = groupPrincipal.getFullPath();
155:                String groupUidWithoutSlashes = ldap
156:                        .convertUidToLdapAcceptableName(fullPath);
157:
158:                ldap.delete(groupUidWithoutSlashes);
159:            }
160:
161:            /**
162:             * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipals(java.lang.String)
163:             */
164:            public List getGroupPrincipals(String filter) {
165:                try {
166:                    return Arrays.asList(ldap.find(filter,
167:                            GroupPrincipal.PREFS_GROUP_ROOT));
168:                } catch (SecurityException e) {
169:                    logSecurityException(e, filter);
170:                }
171:                return new ArrayList();
172:            }
173:        }