0001: package org.apache.turbine.services.security.ldap;
0002:
0003: /*
0004: * Licensed to the Apache Software Foundation (ASF) under one
0005: * or more contributor license agreements. See the NOTICE file
0006: * distributed with this work for additional information
0007: * regarding copyright ownership. The ASF licenses this file
0008: * to you under the Apache License, Version 2.0 (the
0009: * "License"); you may not use this file except in compliance
0010: * with the License. You may obtain a copy of the License at
0011: *
0012: * http://www.apache.org/licenses/LICENSE-2.0
0013: *
0014: * Unless required by applicable law or agreed to in writing,
0015: * software distributed under the License is distributed on an
0016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
0017: * KIND, either express or implied. See the License for the
0018: * specific language governing permissions and limitations
0019: * under the License.
0020: */
0021:
0022: import java.util.Hashtable;
0023: import java.util.Iterator;
0024: import java.util.Vector;
0025:
0026: import javax.naming.NameAlreadyBoundException;
0027: import javax.naming.NamingEnumeration;
0028: import javax.naming.NamingException;
0029: import javax.naming.directory.Attribute;
0030: import javax.naming.directory.Attributes;
0031: import javax.naming.directory.BasicAttribute;
0032: import javax.naming.directory.BasicAttributes;
0033: import javax.naming.directory.DirContext;
0034: import javax.naming.directory.SearchControls;
0035: import javax.naming.directory.SearchResult;
0036:
0037: import org.apache.commons.logging.Log;
0038: import org.apache.commons.logging.LogFactory;
0039: import org.apache.torque.util.Criteria;
0040: import org.apache.turbine.om.security.Group;
0041: import org.apache.turbine.om.security.Permission;
0042: import org.apache.turbine.om.security.Role;
0043: import org.apache.turbine.om.security.User;
0044: import org.apache.turbine.services.security.BaseSecurityService;
0045: import org.apache.turbine.services.security.TurbineSecurity;
0046: import org.apache.turbine.util.security.AccessControlList;
0047: import org.apache.turbine.util.security.DataBackendException;
0048: import org.apache.turbine.util.security.EntityExistsException;
0049: import org.apache.turbine.util.security.GroupSet;
0050: import org.apache.turbine.util.security.PermissionSet;
0051: import org.apache.turbine.util.security.RoleSet;
0052: import org.apache.turbine.util.security.UnknownEntityException;
0053:
0054: /**
0055: * An implementation of SecurityService that uses LDAP as a backend.
0056: *
0057: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0058: * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi </a>
0059: * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
0060: * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
0061: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
0062: * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
0063: * @version $Id: LDAPSecurityService.java 571795 2007-09-01 13:09:35Z tv $
0064: */
0065: public class LDAPSecurityService extends BaseSecurityService {
0066:
0067: /** Logging */
0068: private static Log log = LogFactory
0069: .getLog(LDAPSecurityService.class);
0070:
0071: /*
0072: * -----------------------------------------------------------------------
0073: * C R E A T I O N O F A C C E S S C O N T R O L L I S T
0074: * -----------------------------------------------------------------------
0075: */
0076:
0077: /**
0078: * Constructs an AccessControlList for a specific user.
0079: *
0080: * This method creates a snapshot of the state of security information
0081: * concerning this user, at the moment of invocation and stores it
0082: * into an AccessControlList object.
0083: *
0084: * @param user the user for whom the AccessControlList are to be retrieved
0085: * @throws DataBackendException if there was an error accessing the backend.
0086: * @throws UnknownEntityException if user account is not present.
0087: * @return an AccessControlList for a specific user.
0088: */
0089: public AccessControlList getACL(User user)
0090: throws DataBackendException, UnknownEntityException {
0091: if (!TurbineSecurity.accountExists(user)) {
0092: throw new UnknownEntityException("The account '"
0093: + user.getName() + "' does not exist");
0094: }
0095: try {
0096: Hashtable roles = new Hashtable();
0097: Hashtable permissions = new Hashtable();
0098:
0099: // notify the state modifiers (writers) that we want to create
0100: // the snapshot.
0101: lockShared();
0102:
0103: // construct the snapshot:
0104: // foreach group in the system
0105: Iterator groupsIterator = getAllGroups().iterator();
0106:
0107: while (groupsIterator.hasNext()) {
0108: Group group = (Group) groupsIterator.next();
0109:
0110: // get roles of user in the group
0111: RoleSet groupRoles = getRoles(user, group);
0112:
0113: // put the Set into roles(group)
0114: roles.put(group, groupRoles);
0115: // collect all permissoins in this group
0116: PermissionSet groupPermissions = new PermissionSet();
0117: // foreach role in Set
0118: Iterator rolesIterator = groupRoles.iterator();
0119:
0120: while (rolesIterator.hasNext()) {
0121: Role role = (Role) rolesIterator.next();
0122: // get permissions of the role
0123: PermissionSet rolePermissions = getPermissions(role);
0124:
0125: groupPermissions.add(rolePermissions);
0126: }
0127: // put the Set into permissions(group)
0128: permissions.put(group, groupPermissions);
0129: }
0130: return getAclInstance(roles, permissions);
0131: } catch (Exception e) {
0132: throw new DataBackendException(
0133: "Failed to build ACL for user '" + user.getName()
0134: + "'", e);
0135: } finally {
0136: // notify the state modifiers that we are done creating
0137: // the snapshot.
0138: unlockShared();
0139: }
0140: }
0141:
0142: /*
0143: * -----------------------------------------------------------------------
0144: * S E C U R I T Y M A N A G E M E N T
0145: * -----------------------------------------------------------------------
0146: */
0147:
0148: /**
0149: * Grant an User a Role in a Group.
0150: *
0151: * @param user the user.
0152: * @param group the group.
0153: * @param role the role.
0154: * @throws DataBackendException if there was an error accessing the backend.
0155: * @throws UnknownEntityException if user account, group or role
0156: * is not present.
0157: */
0158: public synchronized void grant(User user, Group group, Role role)
0159: throws DataBackendException, UnknownEntityException {
0160: try {
0161: lockExclusive();
0162:
0163: String userName = user.getName();
0164: String roleName = role.getName();
0165: String groupName = group.getName();
0166:
0167: if (!accountExists(user)) {
0168: throw new UnknownEntityException("User '" + userName
0169: + "' does not exist");
0170: }
0171:
0172: if (!checkExists(role)) {
0173: throw new UnknownEntityException("Role '" + roleName
0174: + "' does not exist");
0175: }
0176:
0177: if (!checkExists(group)) {
0178: throw new UnknownEntityException("Group '" + groupName
0179: + "' does not exist");
0180: }
0181:
0182: // Make the distinguished name.
0183: String dn = "turbineGroupName=" + groupName + ","
0184: + LDAPSecurityConstants.getNameAttribute() + "="
0185: + userName + ","
0186: + LDAPSecurityConstants.getBaseSearch();
0187:
0188: // Connect to LDAP.
0189: DirContext ctx = LDAPUserManager.bindAsAdmin();
0190:
0191: // Make the attributes.
0192: Attributes attrs = new BasicAttributes();
0193:
0194: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0195: attrs.put(new BasicAttribute("objectClass",
0196: "turbineUserGroup"));
0197: attrs.put(new BasicAttribute("turbineUserUniqueId",
0198: userName));
0199: try {
0200: // Add the turbineUserGroup.
0201: ctx.bind(dn, null, attrs);
0202: } catch (NameAlreadyBoundException ex) {
0203: // Since turbineUserGroup had already been created
0204: // then just add the role name attribute.
0205: attrs = new BasicAttributes();
0206: attrs.put(new BasicAttribute("turbineRoleName",
0207: roleName));
0208: ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE,
0209: attrs);
0210: }
0211:
0212: } catch (NamingException ex) {
0213: throw new DataBackendException("NamingException caught", ex);
0214: } finally {
0215: unlockExclusive();
0216: }
0217: }
0218:
0219: /**
0220: * Revoke a Role in a Group from an User.
0221: *
0222: * @param user the user.
0223: * @param group the group.
0224: * @param role the role.
0225: * @throws DataBackendException if there was an error accessing the backend.
0226: * @throws UnknownEntityException if user account, group or role is
0227: * not present.
0228: */
0229: public synchronized void revoke(User user, Group group, Role role)
0230: throws DataBackendException, UnknownEntityException {
0231: try {
0232: lockExclusive();
0233:
0234: String userName = user.getName();
0235: String roleName = role.getName();
0236: String groupName = group.getName();
0237:
0238: if (!accountExists(user)) {
0239: throw new UnknownEntityException("User '" + userName
0240: + "' does not exist");
0241: }
0242:
0243: if (!checkExists(role)) {
0244: throw new UnknownEntityException("Role '" + roleName
0245: + "' does not exist");
0246: }
0247:
0248: if (!checkExists(group)) {
0249: throw new UnknownEntityException("Group '" + groupName
0250: + "' does not exist");
0251: }
0252:
0253: // Make the distinguished name.
0254: String dn = "turbineGroupName=" + groupName + ","
0255: + LDAPSecurityConstants.getNameAttribute() + "="
0256: + userName + ","
0257: + LDAPSecurityConstants.getBaseSearch();
0258:
0259: // Make the attributes.
0260: Attributes attrs = new BasicAttributes();
0261:
0262: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0263:
0264: // Connect to LDAP.
0265: DirContext ctx = LDAPUserManager.bindAsAdmin();
0266:
0267: // Remove the role.
0268: ctx
0269: .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0270: attrs);
0271:
0272: } catch (NamingException ex) {
0273: throw new DataBackendException("NamingException caught", ex);
0274: } finally {
0275: unlockExclusive();
0276: }
0277: }
0278:
0279: /**
0280: * Grants a Role a Permission
0281: *
0282: * @param role the Role.
0283: * @param permission the Permission.
0284: * @throws DataBackendException if there was an error accessing the backend.
0285: * @throws UnknownEntityException if role or permission is not present.
0286: */
0287: public synchronized void grant(Role role, Permission permission)
0288: throws DataBackendException, UnknownEntityException {
0289: try {
0290: lockExclusive();
0291:
0292: String roleName = role.getName();
0293: String permName = permission.getName();
0294:
0295: if (!checkExists(role)) {
0296: throw new UnknownEntityException("Role '" + roleName
0297: + "' does not exist");
0298: }
0299:
0300: if (!checkExists(permission)) {
0301: throw new UnknownEntityException("Permission '"
0302: + permName + "' does not exist");
0303: }
0304:
0305: // Make the distinguished name.
0306: String dn = "turbineRoleName=" + roleName + ","
0307: + LDAPSecurityConstants.getBaseSearch();
0308:
0309: // Make the attributes.
0310: Attributes attrs = new BasicAttributes();
0311:
0312: attrs.put(new BasicAttribute("turbinePermissionName",
0313: permName));
0314:
0315: // Connect to LDAP.
0316: DirContext ctx = LDAPUserManager.bindAsAdmin();
0317:
0318: // Add the permission.
0319: ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
0320:
0321: } catch (NamingException ex) {
0322: throw new DataBackendException("NamingException caught", ex);
0323: } finally {
0324: unlockExclusive();
0325: }
0326: }
0327:
0328: /**
0329: * Revokes a Permission from a Role.
0330: *
0331: * @param role the Role.
0332: * @param permission the Permission.
0333: * @throws DataBackendException if there was an error accessing the backend.
0334: * @throws UnknownEntityException if role or permission is not present.
0335: */
0336: public synchronized void revoke(Role role, Permission permission)
0337: throws DataBackendException, UnknownEntityException {
0338: try {
0339: lockExclusive();
0340:
0341: String roleName = role.getName();
0342: String permName = permission.getName();
0343:
0344: if (!checkExists(role)) {
0345: throw new UnknownEntityException("Role '" + roleName
0346: + "' does not exist");
0347: }
0348:
0349: if (!checkExists(permission)) {
0350: throw new UnknownEntityException("Permission '"
0351: + permName + "' does not exist");
0352: }
0353:
0354: // Make the distinguished name.
0355: String dn = "turbineRoleName=" + roleName + ","
0356: + LDAPSecurityConstants.getBaseSearch();
0357:
0358: // Make the attributes.
0359: Attributes attrs = new BasicAttributes();
0360:
0361: attrs.put(new BasicAttribute("turbinePermissionName",
0362: permName));
0363:
0364: // Connect to LDAP.
0365: DirContext ctx = LDAPUserManager.bindAsAdmin();
0366:
0367: // Remove the permission.
0368: ctx
0369: .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0370: attrs);
0371:
0372: } catch (NamingException ex) {
0373: throw new DataBackendException("NamingException caught", ex);
0374: } finally {
0375: unlockExclusive();
0376: }
0377: }
0378:
0379: /*
0380: * -----------------------------------------------------------------------
0381: * G R O U P / R O L E / P E R M I S S I O N M A N A G E M E N T
0382: * -----------------------------------------------------------------------
0383: */
0384:
0385: /**
0386: * Retrieve a set of Groups that meet the specified Criteria.
0387: *
0388: * @param criteria Criteria of Group selection.
0389: * @return a set of Groups that meet the specified Criteria.
0390: * @throws DataBackendException if there is problem with the Backend.
0391: */
0392: public GroupSet getGroups(Criteria criteria)
0393: throws DataBackendException {
0394: Vector groups = new Vector();
0395:
0396: try {
0397: DirContext ctx = LDAPUserManager.bindAsAdmin();
0398:
0399: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0400: String filter = "(objectclass=turbineGroup)";
0401:
0402: /*
0403: * Create the default search controls.
0404: */
0405: SearchControls ctls = new SearchControls();
0406:
0407: NamingEnumeration answer = ctx.search(baseSearch, filter,
0408: ctls);
0409:
0410: while (answer.hasMore()) {
0411: SearchResult sr = (SearchResult) answer.next();
0412: Attributes attribs = sr.getAttributes();
0413: Attribute attr = attribs.get("turbineGroupName");
0414:
0415: if (attr != null && attr.get() != null) {
0416: Group group = getGroupInstance(attr.get()
0417: .toString());
0418:
0419: groups.add(group);
0420: }
0421: }
0422: } catch (NamingException ex) {
0423: throw new DataBackendException("NamingException caught", ex);
0424: } catch (UnknownEntityException ex) {
0425: throw new DataBackendException(
0426: "Group instance could not be created.", ex);
0427: }
0428:
0429: return new GroupSet(groups);
0430: }
0431:
0432: /** Get the Roles that a user belongs in a specific group.
0433: * @param user The user.
0434: * @param group The group
0435: * @throws DataBackendException if there is a problem with
0436: * the LDAP service.
0437: * @return a RoleSet.
0438: */
0439: private RoleSet getRoles(User user, Group group)
0440: throws DataBackendException {
0441: Vector roles = new Vector(0);
0442:
0443: try {
0444: DirContext ctx = LDAPUserManager.bindAsAdmin();
0445:
0446: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0447: String filter = "(& ";
0448:
0449: filter += "(objectclass=turbineUserGroup)";
0450: filter += "(turbineUserUniqueId=" + user.getName() + ")";
0451: filter += "(turbineGroupName=" + group.getName() + ")";
0452: filter += ")";
0453:
0454: /*
0455: * Create the default search controls.
0456: */
0457: SearchControls ctls = new SearchControls();
0458:
0459: ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
0460:
0461: NamingEnumeration answer = ctx.search(baseSearch, filter,
0462: ctls);
0463:
0464: while (answer.hasMore()) {
0465: SearchResult sr = (SearchResult) answer.next();
0466: Attributes attribs = sr.getAttributes();
0467: Attribute attr = attribs.get("turbineRoleName");
0468:
0469: if (attr != null) {
0470: NamingEnumeration values = attr.getAll();
0471:
0472: while (values.hasMore()) {
0473: Role role = getRoleInstance(values.next()
0474: .toString());
0475:
0476: roles.add(role);
0477: }
0478: } else {
0479: log.error("Role doesn't have a name");
0480: }
0481: }
0482: } catch (NamingException ex) {
0483: throw new DataBackendException("NamingException caught:",
0484: ex);
0485: } catch (UnknownEntityException ex) {
0486: throw new DataBackendException(
0487: "Role instance could not be created.", ex);
0488: }
0489:
0490: return new RoleSet(roles);
0491: }
0492:
0493: /**
0494: * Retrieve a set of Roles that meet the specified Criteria.
0495: *
0496: * @param criteria Criteria of Roles selection.
0497: * @return a set of Roles that meet the specified Criteria.
0498: * @throws DataBackendException if there is a problem with the Backend.
0499: */
0500: public RoleSet getRoles(Criteria criteria)
0501: throws DataBackendException {
0502: Vector roles = new Vector(0);
0503:
0504: try {
0505: DirContext ctx = LDAPUserManager.bindAsAdmin();
0506:
0507: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0508: String filter = "(objectclass=turbineRole)";
0509:
0510: /*
0511: * Create the default search controls.
0512: */
0513: SearchControls ctls = new SearchControls();
0514:
0515: NamingEnumeration answer = ctx.search(baseSearch, filter,
0516: ctls);
0517:
0518: while (answer.hasMore()) {
0519: SearchResult sr = (SearchResult) answer.next();
0520: Attributes attribs = sr.getAttributes();
0521: Attribute attr = attribs.get("turbineRoleName");
0522:
0523: if (attr != null && attr.get() != null) {
0524: Role role = getRoleInstance(attr.get().toString());
0525:
0526: roles.add(role);
0527: } else {
0528: log.error("Role doesn't have a name");
0529: }
0530: }
0531: } catch (NamingException ex) {
0532: throw new DataBackendException("NamingException caught", ex);
0533: } catch (UnknownEntityException ex) {
0534: throw new DataBackendException(
0535: "Role instance could not be created.", ex);
0536: }
0537:
0538: return new RoleSet(roles);
0539: }
0540:
0541: /**
0542: * Retrieve a set of Permissions that meet the specified Criteria.
0543: *
0544: * @param criteria Criteria of Permissions selection.
0545: * @return a set of Permissions that meet the specified Criteria.
0546: * @throws DataBackendException if there is a problem with the Backend.
0547: */
0548: public PermissionSet getPermissions(Criteria criteria)
0549: throws DataBackendException {
0550: Vector permissions = new Vector();
0551:
0552: try {
0553: DirContext ctx = LDAPUserManager.bindAsAdmin();
0554:
0555: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0556: String filter = "(objectClass=turbinePermission)";
0557:
0558: /*
0559: * Create the default search controls.
0560: */
0561: SearchControls ctls = new SearchControls();
0562:
0563: NamingEnumeration answer = ctx.search(baseSearch, filter,
0564: ctls);
0565:
0566: while (answer.hasMore()) {
0567: SearchResult sr = (SearchResult) answer.next();
0568: Attributes attribs = sr.getAttributes();
0569: Attribute attr = attribs.get("turbinePermissionName");
0570:
0571: if (attr != null && attr.get() != null) {
0572: Permission perm = getPermissionInstance(attr.get()
0573: .toString());
0574:
0575: permissions.add(perm);
0576: } else {
0577: log.error("Permission doesn't have a name");
0578: }
0579: }
0580: } catch (NamingException ex) {
0581: throw new DataBackendException(
0582: "The LDAP server specified is unavailable", ex);
0583: } catch (UnknownEntityException ex) {
0584: throw new DataBackendException(
0585: "Permission instance could not be created.", ex);
0586: }
0587:
0588: return new PermissionSet(permissions);
0589: }
0590:
0591: /**
0592: * Retrieves all permissions associated with a role.
0593: *
0594: * @param role the role name, for which the permissions are to be retrieved.
0595: * @throws DataBackendException if there was an error accessing the backend.
0596: * @throws UnknownEntityException if the role is not present.
0597: * @return a PermissionSet.
0598: */
0599: public PermissionSet getPermissions(Role role)
0600: throws DataBackendException, UnknownEntityException {
0601: Hashtable permissions = new Hashtable();
0602:
0603: try {
0604: DirContext ctx = LDAPUserManager.bindAsAdmin();
0605:
0606: String baseSearch = LDAPSecurityConstants.getBaseSearch();
0607: String filter = "(& ";
0608:
0609: filter += "(objectClass=turbineRole)";
0610: filter += "(turbineRoleName=" + role.getName() + ")";
0611: filter += ")";
0612:
0613: /*
0614: * Create the default search controls.
0615: */
0616: SearchControls ctls = new SearchControls();
0617:
0618: NamingEnumeration answer = ctx.search(baseSearch, filter,
0619: ctls);
0620:
0621: while (answer.hasMore()) {
0622: SearchResult sr = (SearchResult) answer.next();
0623: Attributes attribs = sr.getAttributes();
0624: Attribute attr = attribs.get("turbinePermissionName");
0625:
0626: if (attr != null) {
0627: NamingEnumeration values = attr.getAll();
0628:
0629: while (values.hasMore()) {
0630: String permName = values.next().toString();
0631: Permission perm = getPermissionInstance(permName);
0632:
0633: permissions.put(perm.getName(), perm);
0634: }
0635: }
0636: }
0637: } catch (NamingException ex) {
0638: throw new DataBackendException(
0639: "The LDAP server specified is unavailable", ex);
0640: } catch (UnknownEntityException ex) {
0641: throw new DataBackendException(
0642: "Permission instance could not be created.", ex);
0643: }
0644:
0645: return new PermissionSet(permissions.values());
0646: }
0647:
0648: /**
0649: * Stores Group's attributes. The Groups is required to exist in the system.
0650: *
0651: * @param group The Group to be stored.
0652: * @throws DataBackendException if there was an error accessing the backend.
0653: * @throws UnknownEntityException if the group does not exist.
0654: */
0655: public void saveGroup(Group group) throws DataBackendException,
0656: UnknownEntityException {
0657: // Not implemented yet.
0658: }
0659:
0660: /**
0661: * Stores Role's attributes. The Roles is required to exist in the system.
0662: *
0663: * @param role The Role to be stored.
0664: * @throws DataBackendException if there was an error accessing the backend.
0665: * @throws UnknownEntityException if the role does not exist.
0666: */
0667: public void saveRole(Role role) throws DataBackendException,
0668: UnknownEntityException {
0669: // Not implemented yet.
0670: }
0671:
0672: /**
0673: * Stores Permission's attributes. The Permissions is required to exist in
0674: * the system.
0675: *
0676: * @param permission The Permission to be stored.
0677: * @throws DataBackendException if there was an error accessing the backend.
0678: * @throws UnknownEntityException if the permission does not exist.
0679: */
0680: public void savePermission(Permission permission)
0681: throws DataBackendException, UnknownEntityException {
0682: // Not implemented yet.
0683: }
0684:
0685: /**
0686: * Creates a new group with specified attributes.
0687: * <strong>Not implemented</strong>
0688: *
0689: * @param group the object describing the group to be created.
0690: * @return a new Group object that has id set up properly.
0691: * @throws DataBackendException if there was an error accessing the backend.
0692: * @throws EntityExistsException if the group already exists.
0693: */
0694: public synchronized Group addGroup(Group group)
0695: throws DataBackendException, EntityExistsException {
0696: try {
0697: lockExclusive();
0698:
0699: String groupName = group.getName();
0700:
0701: if (checkExists(group)) {
0702: throw new EntityExistsException("Group '" + groupName
0703: + "' already exists");
0704: }
0705:
0706: // Make the distinguished name.
0707: String dn = "turbineGroupName=" + groupName + ","
0708: + LDAPSecurityConstants.getBaseSearch();
0709:
0710: // Make the attributes.
0711: Attributes attrs = new BasicAttributes();
0712:
0713: attrs
0714: .put(new BasicAttribute("objectClass",
0715: "turbineGroup"));
0716: attrs
0717: .put(new BasicAttribute("turbineGroupName",
0718: groupName));
0719:
0720: // Connect to LDAP.
0721: DirContext ctx = LDAPUserManager.bindAsAdmin();
0722:
0723: // Add the group in LDAP.
0724: ctx.bind(dn, null, attrs);
0725:
0726: // Add the group to system-wide cache.
0727: getAllGroups().add(group);
0728:
0729: return group;
0730: } catch (NamingException ex) {
0731: throw new DataBackendException("NamingException caught", ex);
0732: } finally {
0733: unlockExclusive();
0734: }
0735: }
0736:
0737: /**
0738: * Creates a new role with specified attributes.
0739: *
0740: * @param role the object describing the role to be created.
0741: * @return a new Role object that has id set up properly.
0742: * @throws DataBackendException if there was an error accessing the backend.
0743: * @throws EntityExistsException if the role already exists.
0744: */
0745: public synchronized Role addRole(Role role)
0746: throws DataBackendException, EntityExistsException {
0747: try {
0748: lockExclusive();
0749:
0750: String roleName = role.getName();
0751:
0752: if (checkExists(role)) {
0753: throw new EntityExistsException("Role '" + roleName
0754: + "' already exists");
0755: }
0756:
0757: // Make the distinguished name.
0758: String dn = "turbineRoleName=" + roleName + ","
0759: + LDAPSecurityConstants.getBaseSearch();
0760:
0761: // Make the attributes.
0762: Attributes attrs = new BasicAttributes();
0763:
0764: attrs.put(new BasicAttribute("objectClass", "turbineRole"));
0765: attrs.put(new BasicAttribute("turbineRoleName", roleName));
0766:
0767: // Connect to LDAP.
0768: DirContext ctx = LDAPUserManager.bindAsAdmin();
0769:
0770: // Add the role in LDAP.
0771: ctx.bind(dn, null, attrs);
0772:
0773: // Add the role to system-wide cache.
0774: getAllRoles().add(role);
0775:
0776: return role;
0777: } catch (NamingException ex) {
0778: throw new DataBackendException("NamingException caught", ex);
0779: } finally {
0780: unlockExclusive();
0781: }
0782: }
0783:
0784: /**
0785: * Creates a new permission with specified attributes.
0786: * <strong>Not implemented</strong>
0787: *
0788: * @param permission the object describing the permission to be created.
0789: * @return a new Permission object that has id set up properly.
0790: * @throws DataBackendException if there was an error accessing the backend.
0791: * @throws EntityExistsException if the permission already exists.
0792: */
0793: public synchronized Permission addPermission(Permission permission)
0794: throws DataBackendException, EntityExistsException {
0795: try {
0796: lockExclusive();
0797:
0798: String permName = permission.getName();
0799:
0800: if (checkExists(permission)) {
0801: throw new EntityExistsException("Permission '"
0802: + permName + "' already exists");
0803: }
0804:
0805: // Make the distinguished name.
0806: String dn = "turbinePermissionName=" + permName + ","
0807: + LDAPSecurityConstants.getBaseSearch();
0808:
0809: // Make the attributes.
0810: Attributes attrs = new BasicAttributes();
0811:
0812: attrs.put(new BasicAttribute("objectClass",
0813: "turbinePermission"));
0814: attrs.put(new BasicAttribute("turbinePermissionName",
0815: permName));
0816:
0817: DirContext ctx = LDAPUserManager.bindAsAdmin();
0818:
0819: // Add the permission in LDAP.
0820: ctx.bind(dn, null, attrs);
0821:
0822: // add the permission to system-wide cache
0823: getAllPermissions().add(permission);
0824:
0825: return permission;
0826: } catch (NamingException ex) {
0827: throw new DataBackendException("NamingException caught", ex);
0828: } finally {
0829: unlockExclusive();
0830: }
0831: }
0832:
0833: /**
0834: * Removes a Group from the system.
0835: *
0836: * @param group object describing group to be removed.
0837: * @throws DataBackendException if there was an error accessing the backend.
0838: * @throws UnknownEntityException if the group does not exist.
0839: */
0840: public synchronized void removeGroup(Group group)
0841: throws DataBackendException, UnknownEntityException {
0842: try {
0843: lockExclusive();
0844:
0845: String groupName = group.getName();
0846:
0847: if (!checkExists(group)) {
0848: throw new UnknownEntityException("Group '" + groupName
0849: + "' does not exist");
0850: }
0851:
0852: // Make the distinguished name.
0853: String dn = "turbineGroupName=" + groupName + ","
0854: + LDAPSecurityConstants.getBaseSearch();
0855:
0856: DirContext ctx = LDAPUserManager.bindAsAdmin();
0857:
0858: // Remove the group from LDAP.
0859: ctx.unbind(dn);
0860:
0861: // Remove the group from system-wide cache.
0862: getAllGroups().remove(group);
0863: } catch (NamingException ex) {
0864: throw new DataBackendException("NamingException caught", ex);
0865: } finally {
0866: unlockExclusive();
0867: }
0868: }
0869:
0870: /**
0871: * Removes a Role from the system.
0872: *
0873: * @param role object describing role to be removed.
0874: * @throws DataBackendException if there was an error accessing the backend.
0875: * @throws UnknownEntityException if the role does not exist.
0876: */
0877: public synchronized void removeRole(Role role)
0878: throws DataBackendException, UnknownEntityException {
0879: try {
0880: lockExclusive();
0881:
0882: String roleName = role.getName();
0883:
0884: if (!checkExists(role)) {
0885: throw new UnknownEntityException("Role '" + roleName
0886: + "' does not exist");
0887: }
0888:
0889: // Make the distinguished name.
0890: String dn = "turbineRoleName=" + roleName + ","
0891: + LDAPSecurityConstants.getBaseSearch();
0892:
0893: DirContext ctx = LDAPUserManager.bindAsAdmin();
0894:
0895: // Remove the role from LDAP.
0896: ctx.unbind(dn);
0897:
0898: // Remove the role from system-wide cache.
0899: getAllRoles().remove(role);
0900: } catch (NamingException ex) {
0901: throw new DataBackendException("NamingException caught", ex);
0902: } finally {
0903: unlockExclusive();
0904: }
0905: }
0906:
0907: /**
0908: * Removes a Permission from the system.
0909: *
0910: * @param permission object describing permission to be removed.
0911: * @throws DataBackendException if there was an error accessing the backend.
0912: * @throws UnknownEntityException if the permission does not exist.
0913: */
0914: public synchronized void removePermission(Permission permission)
0915: throws DataBackendException, UnknownEntityException {
0916: try {
0917: lockExclusive();
0918:
0919: String permName = permission.getName();
0920:
0921: if (!checkExists(permission)) {
0922: throw new UnknownEntityException("Permission '"
0923: + permName + "' does not exist");
0924: }
0925:
0926: // Make the distinguished name.
0927: String dn = "turbinePermissionName=" + permName + ","
0928: + LDAPSecurityConstants.getBaseSearch();
0929:
0930: DirContext ctx = LDAPUserManager.bindAsAdmin();
0931:
0932: // Remove the permission in LDAP.
0933: ctx.unbind(dn);
0934:
0935: // Remove the permission from system-wide cache.
0936: getAllPermissions().remove(permission);
0937: } catch (NamingException ex) {
0938: throw new DataBackendException("NamingException caught", ex);
0939: } finally {
0940: unlockExclusive();
0941: }
0942: }
0943:
0944: /**
0945: * Renames an existing Group.
0946: *
0947: * @param group object describing the group to be renamed.
0948: * @param name the new name for the group.
0949: * @throws DataBackendException if there was an error accessing the backend.
0950: * @throws UnknownEntityException if the group does not exist.
0951: */
0952: public synchronized void renameGroup(Group group, String name)
0953: throws DataBackendException, UnknownEntityException {
0954: // Not implemented yet.
0955: }
0956:
0957: /**
0958: * Renames an existing Role.
0959: *
0960: * @param role object describing the role to be renamed.
0961: * @param name the new name for the role.
0962: * @throws DataBackendException if there was an error accessing the backend.
0963: * @throws UnknownEntityException if the role does not exist.
0964: */
0965: public synchronized void renameRole(Role role, String name)
0966: throws DataBackendException, UnknownEntityException {
0967: // Not implemented yet.
0968: }
0969:
0970: /**
0971: * Renames an existing Permission.
0972: *
0973: * @param permission object describing the permission to be renamed.
0974: * @param name the new name for the permission.
0975: * @throws DataBackendException if there was an error accessing the backend.
0976: * @throws UnknownEntityException if the permission does not exist.
0977: */
0978: public synchronized void renamePermission(Permission permission,
0979: String name) throws DataBackendException,
0980: UnknownEntityException {
0981: // Not implemented yet.
0982: }
0983:
0984: /**
0985: * Revoke all the roles to a user
0986: * @param user the user.
0987: * @throws DataBackendException if there is an error with the data backend.
0988: * @throws UnkownEntityException if the role or a permission is not found.
0989: */
0990: public void revokeAll(User user) throws DataBackendException,
0991: UnknownEntityException {
0992: Iterator groupsIterator = getAllGroups().iterator();
0993: while (groupsIterator.hasNext()) {
0994: Group group = (Group) groupsIterator.next();
0995: Iterator rolesIterator = getRoles(user, group).iterator();
0996: while (rolesIterator.hasNext()) {
0997: Role role = (Role) rolesIterator.next();
0998: revoke(user, group, role);
0999: }
1000: }
1001: }
1002:
1003: /**
1004: * Revoke all the permissions to a role.
1005: * @param role the role.
1006: * @throws DataBackendException if there is an error with the data backend.
1007: * @throws UnkownEntityException if the role or a permission is not found.
1008: */
1009: public void revokeAll(Role role) throws DataBackendException,
1010: UnknownEntityException {
1011: PermissionSet permissions = getPermissions(role);
1012: Iterator permIterator = permissions.iterator();
1013: while (permIterator.hasNext()) {
1014: Permission perm = (Permission) permIterator.next();
1015: revoke(role, perm);
1016: }
1017: }
1018:
1019: /**
1020: * Revoke all the roles to a group.
1021: * @param group the group.
1022: * @throws DataBackendException if there is an error with the data backend.
1023: * @throws UnkownEntityException if the role or a permission is not found.
1024: */
1025: public void revokeAll(Group group) throws DataBackendException,
1026: UnknownEntityException {
1027: for (Iterator it = getUserList(new Criteria()).iterator(); it
1028: .hasNext();) {
1029: User user = (User) it.next();
1030: for (Iterator rolesIterator = getRoles(user, group)
1031: .iterator(); rolesIterator.hasNext();) {
1032: Role role = (Role) rolesIterator.next();
1033: revoke(user, group, role);
1034: }
1035: }
1036: }
1037:
1038: /**
1039: * Determines if the <code>Role</code> exists in the security system.
1040: *
1041: * @param role a <code>Role</code> value
1042: * @return true if the role exists in the system, false otherwise
1043: * @throws DataBackendException if there is an error with LDAP
1044: */
1045: public boolean checkExists(Role role) throws DataBackendException {
1046: RoleSet roleSet = getRoles(new Criteria());
1047:
1048: return roleSet.contains(role);
1049: }
1050:
1051: /**
1052: * Determines if the <code>Group</code> exists in the security system.
1053: *
1054: * @param group a <code>Group</code> value
1055: * @return true if the group exists in the system, false otherwise
1056: * @throws DataBackendException if there is an error with LDAP
1057: */
1058: public boolean checkExists(Group group) throws DataBackendException {
1059: GroupSet groupSet = getGroups(new Criteria());
1060:
1061: return groupSet.contains(group);
1062: }
1063:
1064: /**
1065: * Determines if the <code>Permission</code> exists in the security system.
1066: *
1067: * @param permission a <code>Permission</code> value
1068: * @return true if the permission exists in the system, false otherwise
1069: * @throws DataBackendException if there is an error with LDAP
1070: */
1071: public boolean checkExists(Permission permission)
1072: throws DataBackendException {
1073: PermissionSet permissionSet = getPermissions(new Criteria());
1074:
1075: return permissionSet.contains(permission);
1076: }
1077: }
|