001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi.impl;
018:
019: import java.security.Principal;
020: import java.util.HashSet;
021: import java.util.Set;
022: import java.util.prefs.Preferences;
023:
024: import javax.naming.NamingException;
025:
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028: import org.apache.jetspeed.security.GroupPrincipal;
029: import org.apache.jetspeed.security.HierarchyResolver;
030: import org.apache.jetspeed.security.RolePrincipal;
031: import org.apache.jetspeed.security.SecurityException;
032: import org.apache.jetspeed.security.UserPrincipal;
033: import org.apache.jetspeed.security.impl.GeneralizationHierarchyResolver;
034: import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
035: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
036: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
037: import org.apache.jetspeed.security.spi.SecurityMappingHandler;
038: import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;
039: import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
040: import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl;
041: import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao;
042: import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl;
043:
044: /**
045: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler
046: * @author <a href="mailto:mike.long@dataline.com">Mike Long </a><br/>
047: * <a href="mailto:dlestrat@apache.org">David Le Strat </a>
048: */
049: public class LdapSecurityMappingHandler implements
050: SecurityMappingHandler {
051:
052: private LdapUserPrincipalDao userDao;
053:
054: private LdapPrincipalDao groupDao;
055:
056: private LdapPrincipalDao roleDao;
057:
058: /** The logger. */
059: private static final Log LOG = LogFactory
060: .getLog(LdapSecurityMappingHandler.class);
061:
062: /** The role hierarchy resolver. */
063: private HierarchyResolver roleHierarchyResolver = new GeneralizationHierarchyResolver();
064:
065: /** The group hierarchy resolver. */
066: private HierarchyResolver groupHierarchyResolver = new GeneralizationHierarchyResolver();
067:
068: /**
069: * @param userDao
070: * @param groupDao
071: */
072: public LdapSecurityMappingHandler(LdapUserPrincipalDao userDao,
073: LdapPrincipalDao groupDao, LdapPrincipalDao roleDao) {
074: this .userDao = userDao;
075: this .groupDao = groupDao;
076: this .roleDao = roleDao;
077: }
078:
079: /**
080: * @throws NamingException A {@link NamingException}.
081: * @throws SecurityException A {@link SecurityException}.
082: */
083: public LdapSecurityMappingHandler() throws SecurityException,
084: NamingException {
085: this .userDao = new LdapUserPrincipalDaoImpl();
086: this .groupDao = new LdapGroupDaoImpl();
087: this .roleDao = new LdapRoleDaoImpl();
088: }
089:
090: /**
091: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRoleHierarchyResolver()
092: */
093: public HierarchyResolver getRoleHierarchyResolver() {
094: return roleHierarchyResolver;
095: }
096:
097: /**
098: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRoleHierarchyResolver(org.apache.jetspeed.security.HierarchyResolver)
099: */
100: public void setRoleHierarchyResolver(
101: HierarchyResolver roleHierarchyResolver) {
102: this .roleHierarchyResolver = roleHierarchyResolver;
103: }
104:
105: /**
106: * @return Returns the groupHierarchyResolver.
107: */
108: public HierarchyResolver getGroupHierarchyResolver() {
109: return groupHierarchyResolver;
110: }
111:
112: /**
113: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setGroupHierarchyResolver(org.apache.jetspeed.security.HierarchyResolver)
114: */
115: public void setGroupHierarchyResolver(
116: HierarchyResolver groupHierarchyResolver) {
117: this .groupHierarchyResolver = groupHierarchyResolver;
118: }
119:
120: /**
121: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRolePrincipals(java.lang.String)
122: */
123: public Set getRolePrincipals(String username) {
124: Set rolePrincipals = new HashSet();
125: String[] roles;
126: try {
127: roles = userDao.getRoleUidsForUser(username);
128: for (int i = 0; i < roles.length; i++) {
129: createResolvedRolePrincipalSet(username,
130: rolePrincipals, roles, i);
131: }
132: } catch (SecurityException e) {
133: LOG.error(e);
134: }
135: return rolePrincipals;
136:
137: }
138:
139: /**
140: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInRole(java.lang.String,
141: * java.lang.String)
142: */
143: public void setUserPrincipalInRole(String username,
144: String roleFullPathName) throws SecurityException {
145: verifyUserAndRoleExist(username, roleFullPathName);
146: addRoleToUser(username, roleFullPathName);
147: }
148:
149: /**
150: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInRole(java.lang.String,
151: * java.lang.String)
152: */
153: public void removeUserPrincipalInRole(String username,
154: String roleFullPathName) throws SecurityException {
155: verifyUserAndRoleExist(username, roleFullPathName);
156: removeUserFromRole(username, roleFullPathName);
157: }
158:
159: /**
160: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRolePrincipalsInGroup(java.lang.String)
161: */
162: public Set getRolePrincipalsInGroup(String groupFullPathName) {
163: Set rolePrincipalsInGroup = new HashSet();
164: String[] roles;
165: try {
166: //TODO: see if we can't use the groupDao here
167: roles = userDao.getRolesForGroup(groupFullPathName);
168: for (int i = 0; i < roles.length; i++) {
169: createResolvedRolePrincipalSet(groupFullPathName,
170: rolePrincipalsInGroup, roles, i);
171: }
172: } catch (SecurityException e) {
173: LOG.error(e);
174: }
175: return rolePrincipalsInGroup;
176: }
177:
178: /**
179: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRolePrincipalInGroup(java.lang.String,
180: * java.lang.String)
181: */
182: public void setRolePrincipalInGroup(String groupFullPathName,
183: String roleFullPathName) throws SecurityException {
184: verifyGroupAndRoleExist(groupFullPathName, roleFullPathName);
185: addRoleToGroup(groupFullPathName, roleFullPathName);
186: }
187:
188: /**
189: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeRolePrincipalInGroup(java.lang.String,
190: * java.lang.String)
191: */
192: public void removeRolePrincipalInGroup(String groupFullPathName,
193: String roleFullPathName) throws SecurityException {
194: verifyGroupAndRoleExist(groupFullPathName, roleFullPathName);
195: removeRoleFromGroup(groupFullPathName, roleFullPathName);
196: }
197:
198: /**
199: * This method returns the set of group principals associated with a user.
200: *
201: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getGroupPrincipals(java.lang.String)
202: */
203: public Set getGroupPrincipals(String userPrincipalUid) {
204: Set groupPrincipals = new HashSet();
205:
206: String[] groups;
207: try {
208: groups = userDao.getGroupUidsForUser(userPrincipalUid);
209: for (int i = 0; i < groups.length; i++) {
210: createResolvedGroupPrincipalSet(userPrincipalUid,
211: groupPrincipals, groups, i);
212: }
213: } catch (SecurityException e) {
214: LOG.error(e);
215: }
216: return groupPrincipals;
217: }
218:
219: /**
220: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getGroupPrincipalsInRole(java.lang.String)
221: */
222: public Set getGroupPrincipalsInRole(String roleFullPathName) {
223: Set groupPrincipals = new HashSet();
224: return groupPrincipals;
225: }
226:
227: /**
228: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getUserPrincipalsInRole(java.lang.String)
229: */
230: public Set getUserPrincipalsInRole(String roleFullPathName) {
231: //TODO: Check that this is correct
232: Set userPrincipals = new HashSet();
233: String[] fullPaths = { roleFullPathName };
234: try {
235: getUserPrincipalsInRole(userPrincipals, fullPaths);
236: } catch (SecurityException e) {
237: LOG.error(e);
238: }
239: return userPrincipals;
240: }
241:
242: /**
243: * <p>
244: * This method is the analog of the getGroupPrincipals except it returns the
245: * set of user principals in a group.
246: * </p>
247: *
248: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getUserPrincipalsInGroup(java.lang.String)
249: */
250: public Set getUserPrincipalsInGroup(String groupFullPathName) {
251: Set userPrincipals = new HashSet();
252:
253: //TODO: Check that this is correct
254: String[] fullPaths = { groupFullPathName };
255:
256: try {
257: getUserPrincipalsInGroup(userPrincipals, fullPaths);
258: } catch (SecurityException e) {
259: LOG.error(e);
260: }
261: return userPrincipals;
262: }
263:
264: /**
265: * <p>
266: * Gets the user principals in groups.
267: * </p>
268: *
269: * @param userPrincipals
270: * @param fullPaths
271: * @throws SecurityException A {@link SecurityException}.
272: */
273: private void getUserPrincipalsInGroup(Set userPrincipals,
274: String[] fullPaths) throws SecurityException {
275: for (int i = 0; i < fullPaths.length; i++) {
276: String[] usersInGroup = userDao
277: .getUserUidsForGroup(fullPaths[i]);
278: for (int y = 0; y < usersInGroup.length; y++) {
279: Principal userPrincipal = new UserPrincipalImpl(
280: usersInGroup[y]);
281: userPrincipals.add(userPrincipal);
282: }
283: }
284: }
285:
286: /**
287: * <p>
288: * Gets the user principals in groups.
289: * </p>
290: *
291: * @param userPrincipals
292: * @param fullPaths
293: * @throws SecurityException A {@link SecurityException}.
294: */
295: private void getUserPrincipalsInRole(Set userPrincipals,
296: String[] fullPaths) throws SecurityException {
297: for (int i = 0; i < fullPaths.length; i++) {
298: String[] usersInRole = userDao
299: .getUserUidsForRole(fullPaths[i]);
300: for (int y = 0; y < usersInRole.length; y++) {
301: Principal userPrincipal = new UserPrincipalImpl(
302: usersInRole[y]);
303: userPrincipals.add(userPrincipal);
304: }
305: }
306: }
307:
308: /**
309: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInGroup(java.lang.String,
310: * java.lang.String)
311: */
312: public void setUserPrincipalInGroup(String username,
313: String groupFullPathName) throws SecurityException {
314: verifyUserAndGroupExist(username, groupFullPathName);
315: addGroupToUser(username, groupFullPathName);
316: }
317:
318: /**
319: * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInGroup(java.lang.String,
320: * java.lang.String)
321: */
322: public void removeUserPrincipalInGroup(String username,
323: String groupFullPathName) throws SecurityException {
324: verifyUserAndGroupExist(username, groupFullPathName);
325: removeUserFromGroup(username, groupFullPathName);
326: }
327:
328: /**
329: * @param username
330: * @param groupFullPathName
331: * @throws SecurityException
332: */
333: private void verifyGroupAndRoleExist(String groupFullPathName,
334: String roleFullPathName) throws SecurityException {
335: GroupPrincipal group = getGroup(groupFullPathName);
336: RolePrincipal role = getRole(roleFullPathName);
337: if ((null == group) && (null == role)) {
338: throw new SecurityException(
339: SecurityException.ROLE_DOES_NOT_EXIST);
340: }
341: }
342:
343: /**
344: * @param username
345: * @param groupFullPathName
346: * @throws SecurityException
347: */
348: private void verifyUserAndGroupExist(String username,
349: String groupFullPathName) throws SecurityException {
350: UserPrincipal user = getUser(username);
351: GroupPrincipal group = getGroup(groupFullPathName);
352: if ((null == user) && (null == group)) {
353: throw new SecurityException(
354: SecurityException.USER_DOES_NOT_EXIST);
355: }
356: }
357:
358: /**
359: * @param username
360: * @param groupFullPathName
361: * @throws SecurityException
362: */
363: private void verifyUserAndRoleExist(String username,
364: String roleFullPathName) throws SecurityException {
365: UserPrincipal user = getUser(username);
366: RolePrincipal role = getRole(roleFullPathName);
367: if ((null == user) && (null == role)) {
368: throw new SecurityException(
369: SecurityException.USER_DOES_NOT_EXIST);
370: }
371: }
372:
373: /**
374: * @param username
375: * @param groupPrincipals
376: * @param groups
377: * @param i
378: */
379: private void createResolvedGroupPrincipalSet(String username,
380: Set groupPrincipals, String[] groups, int i) {
381: LOG.debug("Group [" + i + "] for user[" + username + "] is ["
382: + groups[i] + "]");
383:
384: GroupPrincipal group = new GroupPrincipalImpl(groups[i]);
385: Preferences preferences = Preferences.userRoot().node(
386: group.getFullPath());
387: LOG.debug("Group name:" + group.getName());
388: String[] fullPaths = groupHierarchyResolver
389: .resolve(preferences);
390: for (int n = 0; n < fullPaths.length; n++) {
391: LOG.debug("Group ["
392: + i
393: + "] for user["
394: + username
395: + "] is ["
396: + GroupPrincipalImpl
397: .getPrincipalNameFromFullPath(fullPaths[n])
398: + "]");
399: groupPrincipals
400: .add(new GroupPrincipalImpl(GroupPrincipalImpl
401: .getPrincipalNameFromFullPath(fullPaths[n])));
402: }
403: }
404:
405: /**
406: * @param username
407: * @param groupPrincipals
408: * @param groups
409: * @param i
410: */
411: private void createResolvedRolePrincipalSet(String username,
412: Set rolePrincipals, String[] roles, int i) {
413: LOG.debug("Group [" + i + "] for user[" + username + "] is ["
414: + roles[i] + "]");
415:
416: RolePrincipal role = new RolePrincipalImpl(roles[i]);
417: Preferences preferences = Preferences.userRoot().node(
418: role.getFullPath());
419: LOG.debug("Group name:" + role.getName());
420: String[] fullPaths = roleHierarchyResolver.resolve(preferences);
421: for (int n = 0; n < fullPaths.length; n++) {
422: LOG.debug("Group ["
423: + i
424: + "] for user["
425: + username
426: + "] is ["
427: + RolePrincipalImpl
428: .getPrincipalNameFromFullPath(fullPaths[n])
429: + "]");
430: rolePrincipals.add(new RolePrincipalImpl(RolePrincipalImpl
431: .getPrincipalNameFromFullPath(fullPaths[n])));
432: }
433: }
434:
435: /**
436: * @param username
437: * @param groupFullPathName
438: * @throws SecurityException
439: */
440: private void removeUserFromGroup(String username,
441: String groupFullPathName) throws SecurityException {
442: userDao.removeGroup(username, groupFullPathName);
443: }
444:
445: /**
446: * @param username
447: * @param groupFullPathName
448: * @throws SecurityException
449: */
450: private void removeUserFromRole(String username,
451: String roleFullPathName) throws SecurityException {
452: userDao.removeRole(username, roleFullPathName);
453: }
454:
455: private void removeRoleFromGroup(String groupFullPathName,
456: String roleFullPathName) throws SecurityException {
457: userDao
458: .removeRoleFromGroup(groupFullPathName,
459: roleFullPathName);
460: }
461:
462: /**
463: * @param uid
464: * @return
465: * @throws SecurityException A {@link SecurityException}.
466: */
467: private UserPrincipal getUser(String uid) throws SecurityException {
468: Principal[] user = userDao.find(uid,
469: UserPrincipal.PREFS_USER_ROOT);
470: if (user.length == 1) {
471: return (UserPrincipal) user[0];
472: } else {
473: throw new SecurityException(
474: SecurityException.USER_DOES_NOT_EXIST.create(uid));
475: }
476: }
477:
478: /**
479: * @param uid
480: * @return
481: * @throws SecurityException A {@link SecurityException}.
482: */
483: private GroupPrincipal getGroup(String uid)
484: throws SecurityException {
485: Principal[] group = groupDao.find(uid,
486: GroupPrincipal.PREFS_GROUP_ROOT);
487: if (group.length == 1) {
488: return (GroupPrincipal) group[0];
489: } else {
490: throw new SecurityException(
491: SecurityException.GROUP_DOES_NOT_EXIST.create(uid));
492: }
493: }
494:
495: /**
496: * @param uid
497: * @return
498: * @throws SecurityException A {@link SecurityException}.
499: */
500: private RolePrincipal getRole(String uid) throws SecurityException {
501: Principal[] role = roleDao.find(uid,
502: RolePrincipal.PREFS_ROLE_ROOT);
503:
504: if (role.length == 1)
505:
506: {
507: return (RolePrincipal) role[0];
508: } else {
509: throw new SecurityException(
510: SecurityException.ROLE_DOES_NOT_EXIST.create(uid));
511: }
512: }
513:
514: /**
515: * @param username
516: * @param groupFullPathName
517: * @throws SecurityException A {@link SecurityException}.
518: */
519: private void addGroupToUser(String username,
520: String groupFullPathName) throws SecurityException {
521: userDao.addGroup(username, groupFullPathName);
522: }
523:
524: /**
525: * @param username
526: * @param groupFullPathName
527: * @throws SecurityException A {@link SecurityException}.
528: */
529: private void addRoleToUser(String username, String roleFullPathName)
530: throws SecurityException {
531: userDao.addRole(username, roleFullPathName);
532: }
533:
534: /**
535: * @param username
536: * @param groupFullPathName
537: * @throws SecurityException A {@link SecurityException}.
538: */
539: private void addRoleToGroup(String groupFullPathName,
540: String roleFullPathName) throws SecurityException {
541: userDao.addRoleToGroup(groupFullPathName, roleFullPathName);
542: }
543:
544: }
|