001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi.impl;
018:
019: import java.util.ArrayList;
020: import java.util.Arrays;
021: import java.util.List;
022:
023: import javax.naming.NamingException;
024:
025: import org.apache.commons.lang.StringUtils;
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028: import org.apache.jetspeed.security.RolePrincipal;
029: import org.apache.jetspeed.security.SecurityException;
030: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
031: import org.apache.jetspeed.security.spi.RoleSecurityHandler;
032: import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl;
033: import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
034:
035: public class LdapRoleSecurityHandler implements RoleSecurityHandler {
036:
037: /** The logger. */
038: private static final Log logger = LogFactory
039: .getLog(LdapRoleSecurityHandler.class);
040:
041: /** The {@link LdapPrincipalDao}. */
042: private LdapPrincipalDao ldap;
043:
044: /**
045: * @param ldap The {@link LdapPrincipalDao}.
046: */
047: public LdapRoleSecurityHandler(LdapPrincipalDao ldap) {
048: this .ldap = ldap;
049: }
050:
051: /**
052: * <p>
053: * Default constructor.
054: * </p>
055: *
056: * @throws NamingException A {@link NamingException}.
057: * @throws SecurityException A {@link SecurityException}.
058: */
059: public LdapRoleSecurityHandler() throws NamingException,
060: SecurityException {
061: this (new LdapRoleDaoImpl());
062: }
063:
064: public RolePrincipal getRolePrincipal(String roleFullPathName) {
065: String roleUidWithoutSlashes = ldap
066: .convertUidToLdapAcceptableName(roleFullPathName);
067: verifyRoleId(roleUidWithoutSlashes);
068: try {
069: String dn = ldap.lookupByUid(roleUidWithoutSlashes);
070:
071: if (!StringUtils.isEmpty(dn)) {
072: return new RolePrincipalImpl(roleFullPathName);
073: }
074: } catch (SecurityException e) {
075: logSecurityException(e, roleFullPathName);
076: }
077: return null;
078: }
079:
080: public void setRolePrincipal(RolePrincipal rolePrincipal)
081: throws SecurityException {
082: verifyRolePrincipal(rolePrincipal);
083:
084: String fullPath = rolePrincipal.getFullPath();
085: String groupUidWithoutSlashes = ldap
086: .convertUidToLdapAcceptableName(fullPath);
087: if (getRolePrincipal(groupUidWithoutSlashes) == null) {
088: ldap.create(groupUidWithoutSlashes);
089: }
090: }
091:
092: public void removeRolePrincipal(RolePrincipal rolePrincipal)
093: throws SecurityException {
094: verifyRolePrincipal(rolePrincipal);
095:
096: String fullPath = rolePrincipal.getFullPath();
097: String roleUidWithoutSlashes = ldap
098: .convertUidToLdapAcceptableName(fullPath);
099:
100: ldap.delete(roleUidWithoutSlashes);
101: }
102:
103: public List getRolePrincipals(String filter) {
104: try {
105: return Arrays.asList(ldap.find(filter,
106: RolePrincipal.PREFS_ROLE_ROOT));
107: } catch (SecurityException e) {
108: logSecurityException(e, filter);
109: }
110: return new ArrayList();
111: }
112:
113: /**
114: * <p>
115: * Verify that the group uid is valid.
116: * </p>
117: *
118: * @param groupPrincipalUid The group uid.
119: */
120: private void verifyRoleId(String rolePrincipalUid) {
121: if (StringUtils.isEmpty(rolePrincipalUid)) {
122: throw new IllegalArgumentException(
123: "The roleId cannot be null or empty.");
124: }
125: }
126:
127: /**
128: * <p>
129: * Log the security exception.
130: * </p>
131: *
132: * @param e The {@link SecurityException}.
133: * @param groupPrincipalUid The group principal uid.
134: */
135: private void logSecurityException(SecurityException e,
136: String groupPrincipalUid) {
137: if (logger.isErrorEnabled()) {
138: logger.error("An LDAP error has occurred for groupId:"
139: + groupPrincipalUid, e);
140: }
141: }
142:
143: /**
144: * <p>
145: * Verify that the group principal is valid.
146: * </p>
147: *
148: * @param groupPrincipal The group principal.
149: */
150: private void verifyRolePrincipal(RolePrincipal rolePrincipal) {
151: if (rolePrincipal == null) {
152: throw new IllegalArgumentException(
153: "The RolePrincipal cannot be null or empty.");
154: }
155: }
156: }
|