Source Code Cross Referenced for LDAPSecurityService.java in  » Web-Framework » TURBINE » org » apache » turbine » services » security » ldap » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » Web Framework » TURBINE » org.apache.turbine.services.security.ldap 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


0001:        package org.apache.turbine.services.security.ldap;
0002:
0003:        /*
0004:         * Licensed to the Apache Software Foundation (ASF) under one
0005:         * or more contributor license agreements.  See the NOTICE file
0006:         * distributed with this work for additional information
0007:         * regarding copyright ownership.  The ASF licenses this file
0008:         * to you under the Apache License, Version 2.0 (the
0009:         * "License"); you may not use this file except in compliance
0010:         * with the License.  You may obtain a copy of the License at
0011:         *
0012:         *   http://www.apache.org/licenses/LICENSE-2.0
0013:         *
0014:         * Unless required by applicable law or agreed to in writing,
0015:         * software distributed under the License is distributed on an
0016:         * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
0017:         * KIND, either express or implied.  See the License for the
0018:         * specific language governing permissions and limitations
0019:         * under the License.
0020:         */
0021:
0022:        import java.util.Hashtable;
0023:        import java.util.Iterator;
0024:        import java.util.Vector;
0025:
0026:        import javax.naming.NameAlreadyBoundException;
0027:        import javax.naming.NamingEnumeration;
0028:        import javax.naming.NamingException;
0029:        import javax.naming.directory.Attribute;
0030:        import javax.naming.directory.Attributes;
0031:        import javax.naming.directory.BasicAttribute;
0032:        import javax.naming.directory.BasicAttributes;
0033:        import javax.naming.directory.DirContext;
0034:        import javax.naming.directory.SearchControls;
0035:        import javax.naming.directory.SearchResult;
0036:
0037:        import org.apache.commons.logging.Log;
0038:        import org.apache.commons.logging.LogFactory;
0039:        import org.apache.torque.util.Criteria;
0040:        import org.apache.turbine.om.security.Group;
0041:        import org.apache.turbine.om.security.Permission;
0042:        import org.apache.turbine.om.security.Role;
0043:        import org.apache.turbine.om.security.User;
0044:        import org.apache.turbine.services.security.BaseSecurityService;
0045:        import org.apache.turbine.services.security.TurbineSecurity;
0046:        import org.apache.turbine.util.security.AccessControlList;
0047:        import org.apache.turbine.util.security.DataBackendException;
0048:        import org.apache.turbine.util.security.EntityExistsException;
0049:        import org.apache.turbine.util.security.GroupSet;
0050:        import org.apache.turbine.util.security.PermissionSet;
0051:        import org.apache.turbine.util.security.RoleSet;
0052:        import org.apache.turbine.util.security.UnknownEntityException;
0053:
0054:        /**
0055:         * An implementation of SecurityService that uses LDAP as a backend.
0056:         *
0057:         * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0058:         * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi </a>
0059:         * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
0060:         * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
0061:         * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
0062:         * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
0063:         * @version $Id: LDAPSecurityService.java 571795 2007-09-01 13:09:35Z tv $
0064:         */
0065:        public class LDAPSecurityService extends BaseSecurityService {
0066:
0067:            /** Logging */
0068:            private static Log log = LogFactory
0069:                    .getLog(LDAPSecurityService.class);
0070:
0071:            /*
0072:             * -----------------------------------------------------------------------
0073:             *  C R E A T I O N  O F  A C C E S S  C O N T R O L  L I S T
0074:             * -----------------------------------------------------------------------
0075:             */
0076:
0077:            /**
0078:             * Constructs an AccessControlList for a specific user.
0079:             *
0080:             * This method creates a snapshot of the state of security information
0081:             * concerning this user, at the moment of invocation and stores it
0082:             * into an AccessControlList object.
0083:             *
0084:             * @param user the user for whom the AccessControlList are to be retrieved
0085:             * @throws DataBackendException if there was an error accessing the backend.
0086:             * @throws UnknownEntityException if user account is not present.
0087:             * @return an AccessControlList for a specific user.
0088:             */
0089:            public AccessControlList getACL(User user)
0090:                    throws DataBackendException, UnknownEntityException {
0091:                if (!TurbineSecurity.accountExists(user)) {
0092:                    throw new UnknownEntityException("The account '"
0093:                            + user.getName() + "' does not exist");
0094:                }
0095:                try {
0096:                    Hashtable roles = new Hashtable();
0097:                    Hashtable permissions = new Hashtable();
0098:
0099:                    // notify the state modifiers (writers) that we want to create
0100:                    // the snapshot.
0101:                    lockShared();
0102:
0103:                    // construct the snapshot:
0104:                    // foreach group in the system
0105:                    Iterator groupsIterator = getAllGroups().iterator();
0106:
0107:                    while (groupsIterator.hasNext()) {
0108:                        Group group = (Group) groupsIterator.next();
0109:
0110:                        // get roles of user in the group
0111:                        RoleSet groupRoles = getRoles(user, group);
0112:
0113:                        // put the Set into roles(group)
0114:                        roles.put(group, groupRoles);
0115:                        // collect all permissoins in this group
0116:                        PermissionSet groupPermissions = new PermissionSet();
0117:                        // foreach role in Set
0118:                        Iterator rolesIterator = groupRoles.iterator();
0119:
0120:                        while (rolesIterator.hasNext()) {
0121:                            Role role = (Role) rolesIterator.next();
0122:                            // get permissions of the role
0123:                            PermissionSet rolePermissions = getPermissions(role);
0124:
0125:                            groupPermissions.add(rolePermissions);
0126:                        }
0127:                        // put the Set into permissions(group)
0128:                        permissions.put(group, groupPermissions);
0129:                    }
0130:                    return getAclInstance(roles, permissions);
0131:                } catch (Exception e) {
0132:                    throw new DataBackendException(
0133:                            "Failed to build ACL for user '" + user.getName()
0134:                                    + "'", e);
0135:                } finally {
0136:                    // notify the state modifiers that we are done creating
0137:                    // the snapshot.
0138:                    unlockShared();
0139:                }
0140:            }
0141:
0142:            /*
0143:             * -----------------------------------------------------------------------
0144:             * S E C U R I T Y  M A N A G E M E N T
0145:             * -----------------------------------------------------------------------
0146:             */
0147:
0148:            /**
0149:             * Grant an User a Role in a Group.
0150:             *
0151:             * @param user the user.
0152:             * @param group the group.
0153:             * @param role the role.
0154:             * @throws DataBackendException if there was an error accessing the backend.
0155:             * @throws UnknownEntityException if user account, group or role
0156:             *         is not present.
0157:             */
0158:            public synchronized void grant(User user, Group group, Role role)
0159:                    throws DataBackendException, UnknownEntityException {
0160:                try {
0161:                    lockExclusive();
0162:
0163:                    String userName = user.getName();
0164:                    String roleName = role.getName();
0165:                    String groupName = group.getName();
0166:
0167:                    if (!accountExists(user)) {
0168:                        throw new UnknownEntityException("User '" + userName
0169:                                + "' does not exist");
0170:                    }
0171:
0172:                    if (!checkExists(role)) {
0173:                        throw new UnknownEntityException("Role '" + roleName
0174:                                + "' does not exist");
0175:                    }
0176:
0177:                    if (!checkExists(group)) {
0178:                        throw new UnknownEntityException("Group '" + groupName
0179:                                + "' does not exist");
0180:                    }
0181:
0182:                    // Make the distinguished name.
0183:                    String dn = "turbineGroupName=" + groupName + ","
0184:                            + LDAPSecurityConstants.getNameAttribute() + "="
0185:                            + userName + ","
0186:                            + LDAPSecurityConstants.getBaseSearch();
0187:
0188:                    // Connect to LDAP.
0189:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0190:
0191:                    // Make the attributes.
0192:                    Attributes attrs = new BasicAttributes();
0193:
0194:                    attrs.put(new BasicAttribute("turbineRoleName", roleName));
0195:                    attrs.put(new BasicAttribute("objectClass",
0196:                            "turbineUserGroup"));
0197:                    attrs.put(new BasicAttribute("turbineUserUniqueId",
0198:                            userName));
0199:                    try {
0200:                        // Add the turbineUserGroup.
0201:                        ctx.bind(dn, null, attrs);
0202:                    } catch (NameAlreadyBoundException ex) {
0203:                        // Since turbineUserGroup had already been created
0204:                        // then just add the role name attribute.
0205:                        attrs = new BasicAttributes();
0206:                        attrs.put(new BasicAttribute("turbineRoleName",
0207:                                roleName));
0208:                        ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE,
0209:                                attrs);
0210:                    }
0211:
0212:                } catch (NamingException ex) {
0213:                    throw new DataBackendException("NamingException caught", ex);
0214:                } finally {
0215:                    unlockExclusive();
0216:                }
0217:            }
0218:
0219:            /**
0220:             * Revoke a Role in a Group from an User.
0221:             *
0222:             * @param user the user.
0223:             * @param group the group.
0224:             * @param role the role.
0225:             * @throws DataBackendException if there was an error accessing the backend.
0226:             * @throws UnknownEntityException if user account, group or role is
0227:             *         not present.
0228:             */
0229:            public synchronized void revoke(User user, Group group, Role role)
0230:                    throws DataBackendException, UnknownEntityException {
0231:                try {
0232:                    lockExclusive();
0233:
0234:                    String userName = user.getName();
0235:                    String roleName = role.getName();
0236:                    String groupName = group.getName();
0237:
0238:                    if (!accountExists(user)) {
0239:                        throw new UnknownEntityException("User '" + userName
0240:                                + "' does not exist");
0241:                    }
0242:
0243:                    if (!checkExists(role)) {
0244:                        throw new UnknownEntityException("Role '" + roleName
0245:                                + "' does not exist");
0246:                    }
0247:
0248:                    if (!checkExists(group)) {
0249:                        throw new UnknownEntityException("Group '" + groupName
0250:                                + "' does not exist");
0251:                    }
0252:
0253:                    // Make the distinguished name.
0254:                    String dn = "turbineGroupName=" + groupName + ","
0255:                            + LDAPSecurityConstants.getNameAttribute() + "="
0256:                            + userName + ","
0257:                            + LDAPSecurityConstants.getBaseSearch();
0258:
0259:                    // Make the attributes.
0260:                    Attributes attrs = new BasicAttributes();
0261:
0262:                    attrs.put(new BasicAttribute("turbineRoleName", roleName));
0263:
0264:                    // Connect to LDAP.
0265:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0266:
0267:                    // Remove the role.
0268:                    ctx
0269:                            .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0270:                                    attrs);
0271:
0272:                } catch (NamingException ex) {
0273:                    throw new DataBackendException("NamingException caught", ex);
0274:                } finally {
0275:                    unlockExclusive();
0276:                }
0277:            }
0278:
0279:            /**
0280:             * Grants a Role a Permission
0281:             *
0282:             * @param role the Role.
0283:             * @param permission the Permission.
0284:             * @throws DataBackendException if there was an error accessing the backend.
0285:             * @throws UnknownEntityException if role or permission is not present.
0286:             */
0287:            public synchronized void grant(Role role, Permission permission)
0288:                    throws DataBackendException, UnknownEntityException {
0289:                try {
0290:                    lockExclusive();
0291:
0292:                    String roleName = role.getName();
0293:                    String permName = permission.getName();
0294:
0295:                    if (!checkExists(role)) {
0296:                        throw new UnknownEntityException("Role '" + roleName
0297:                                + "' does not exist");
0298:                    }
0299:
0300:                    if (!checkExists(permission)) {
0301:                        throw new UnknownEntityException("Permission '"
0302:                                + permName + "' does not exist");
0303:                    }
0304:
0305:                    // Make the distinguished name.
0306:                    String dn = "turbineRoleName=" + roleName + ","
0307:                            + LDAPSecurityConstants.getBaseSearch();
0308:
0309:                    // Make the attributes.
0310:                    Attributes attrs = new BasicAttributes();
0311:
0312:                    attrs.put(new BasicAttribute("turbinePermissionName",
0313:                            permName));
0314:
0315:                    // Connect to LDAP.
0316:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0317:
0318:                    // Add the permission.
0319:                    ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
0320:
0321:                } catch (NamingException ex) {
0322:                    throw new DataBackendException("NamingException caught", ex);
0323:                } finally {
0324:                    unlockExclusive();
0325:                }
0326:            }
0327:
0328:            /**
0329:             * Revokes a Permission from a Role.
0330:             *
0331:             * @param role the Role.
0332:             * @param permission the Permission.
0333:             * @throws DataBackendException if there was an error accessing the backend.
0334:             * @throws UnknownEntityException if role or permission is not present.
0335:             */
0336:            public synchronized void revoke(Role role, Permission permission)
0337:                    throws DataBackendException, UnknownEntityException {
0338:                try {
0339:                    lockExclusive();
0340:
0341:                    String roleName = role.getName();
0342:                    String permName = permission.getName();
0343:
0344:                    if (!checkExists(role)) {
0345:                        throw new UnknownEntityException("Role '" + roleName
0346:                                + "' does not exist");
0347:                    }
0348:
0349:                    if (!checkExists(permission)) {
0350:                        throw new UnknownEntityException("Permission '"
0351:                                + permName + "' does not exist");
0352:                    }
0353:
0354:                    // Make the distinguished name.
0355:                    String dn = "turbineRoleName=" + roleName + ","
0356:                            + LDAPSecurityConstants.getBaseSearch();
0357:
0358:                    // Make the attributes.
0359:                    Attributes attrs = new BasicAttributes();
0360:
0361:                    attrs.put(new BasicAttribute("turbinePermissionName",
0362:                            permName));
0363:
0364:                    // Connect to LDAP.
0365:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0366:
0367:                    // Remove the permission.
0368:                    ctx
0369:                            .modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE,
0370:                                    attrs);
0371:
0372:                } catch (NamingException ex) {
0373:                    throw new DataBackendException("NamingException caught", ex);
0374:                } finally {
0375:                    unlockExclusive();
0376:                }
0377:            }
0378:
0379:            /*
0380:             * -----------------------------------------------------------------------
0381:             * G R O U P / R O L E / P E R M I S S I O N  M A N A G E M E N T
0382:             * -----------------------------------------------------------------------
0383:             */
0384:
0385:            /**
0386:             * Retrieve a set of Groups that meet the specified Criteria.
0387:             *
0388:             * @param criteria Criteria of Group selection.
0389:             * @return a set of Groups that meet the specified Criteria.
0390:             * @throws DataBackendException if there is problem with the Backend.
0391:             */
0392:            public GroupSet getGroups(Criteria criteria)
0393:                    throws DataBackendException {
0394:                Vector groups = new Vector();
0395:
0396:                try {
0397:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0398:
0399:                    String baseSearch = LDAPSecurityConstants.getBaseSearch();
0400:                    String filter = "(objectclass=turbineGroup)";
0401:
0402:                    /*
0403:                     * Create the default search controls.
0404:                     */
0405:                    SearchControls ctls = new SearchControls();
0406:
0407:                    NamingEnumeration answer = ctx.search(baseSearch, filter,
0408:                            ctls);
0409:
0410:                    while (answer.hasMore()) {
0411:                        SearchResult sr = (SearchResult) answer.next();
0412:                        Attributes attribs = sr.getAttributes();
0413:                        Attribute attr = attribs.get("turbineGroupName");
0414:
0415:                        if (attr != null && attr.get() != null) {
0416:                            Group group = getGroupInstance(attr.get()
0417:                                    .toString());
0418:
0419:                            groups.add(group);
0420:                        }
0421:                    }
0422:                } catch (NamingException ex) {
0423:                    throw new DataBackendException("NamingException caught", ex);
0424:                } catch (UnknownEntityException ex) {
0425:                    throw new DataBackendException(
0426:                            "Group instance could not be created.", ex);
0427:                }
0428:
0429:                return new GroupSet(groups);
0430:            }
0431:
0432:            /** Get the Roles that a user belongs in a specific group.
0433:             * @param user The user.
0434:             * @param group The group
0435:             * @throws DataBackendException if there is a problem with
0436:             *     the LDAP service.
0437:             * @return a RoleSet.
0438:             */
0439:            private RoleSet getRoles(User user, Group group)
0440:                    throws DataBackendException {
0441:                Vector roles = new Vector(0);
0442:
0443:                try {
0444:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0445:
0446:                    String baseSearch = LDAPSecurityConstants.getBaseSearch();
0447:                    String filter = "(& ";
0448:
0449:                    filter += "(objectclass=turbineUserGroup)";
0450:                    filter += "(turbineUserUniqueId=" + user.getName() + ")";
0451:                    filter += "(turbineGroupName=" + group.getName() + ")";
0452:                    filter += ")";
0453:
0454:                    /*
0455:                     * Create the default search controls.
0456:                     */
0457:                    SearchControls ctls = new SearchControls();
0458:
0459:                    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
0460:
0461:                    NamingEnumeration answer = ctx.search(baseSearch, filter,
0462:                            ctls);
0463:
0464:                    while (answer.hasMore()) {
0465:                        SearchResult sr = (SearchResult) answer.next();
0466:                        Attributes attribs = sr.getAttributes();
0467:                        Attribute attr = attribs.get("turbineRoleName");
0468:
0469:                        if (attr != null) {
0470:                            NamingEnumeration values = attr.getAll();
0471:
0472:                            while (values.hasMore()) {
0473:                                Role role = getRoleInstance(values.next()
0474:                                        .toString());
0475:
0476:                                roles.add(role);
0477:                            }
0478:                        } else {
0479:                            log.error("Role doesn't have a name");
0480:                        }
0481:                    }
0482:                } catch (NamingException ex) {
0483:                    throw new DataBackendException("NamingException caught:",
0484:                            ex);
0485:                } catch (UnknownEntityException ex) {
0486:                    throw new DataBackendException(
0487:                            "Role instance could not be created.", ex);
0488:                }
0489:
0490:                return new RoleSet(roles);
0491:            }
0492:
0493:            /**
0494:             * Retrieve a set of Roles that meet the specified Criteria.
0495:             *
0496:             * @param criteria Criteria of Roles selection.
0497:             * @return a set of Roles that meet the specified Criteria.
0498:             * @throws DataBackendException if there is a problem with the Backend.
0499:             */
0500:            public RoleSet getRoles(Criteria criteria)
0501:                    throws DataBackendException {
0502:                Vector roles = new Vector(0);
0503:
0504:                try {
0505:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0506:
0507:                    String baseSearch = LDAPSecurityConstants.getBaseSearch();
0508:                    String filter = "(objectclass=turbineRole)";
0509:
0510:                    /*
0511:                     * Create the default search controls.
0512:                     */
0513:                    SearchControls ctls = new SearchControls();
0514:
0515:                    NamingEnumeration answer = ctx.search(baseSearch, filter,
0516:                            ctls);
0517:
0518:                    while (answer.hasMore()) {
0519:                        SearchResult sr = (SearchResult) answer.next();
0520:                        Attributes attribs = sr.getAttributes();
0521:                        Attribute attr = attribs.get("turbineRoleName");
0522:
0523:                        if (attr != null && attr.get() != null) {
0524:                            Role role = getRoleInstance(attr.get().toString());
0525:
0526:                            roles.add(role);
0527:                        } else {
0528:                            log.error("Role doesn't have a name");
0529:                        }
0530:                    }
0531:                } catch (NamingException ex) {
0532:                    throw new DataBackendException("NamingException caught", ex);
0533:                } catch (UnknownEntityException ex) {
0534:                    throw new DataBackendException(
0535:                            "Role instance could not be created.", ex);
0536:                }
0537:
0538:                return new RoleSet(roles);
0539:            }
0540:
0541:            /**
0542:             * Retrieve a set of Permissions that meet the specified Criteria.
0543:             *
0544:             * @param criteria Criteria of Permissions selection.
0545:             * @return a set of Permissions that meet the specified Criteria.
0546:             * @throws DataBackendException if there is a problem with the Backend.
0547:             */
0548:            public PermissionSet getPermissions(Criteria criteria)
0549:                    throws DataBackendException {
0550:                Vector permissions = new Vector();
0551:
0552:                try {
0553:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0554:
0555:                    String baseSearch = LDAPSecurityConstants.getBaseSearch();
0556:                    String filter = "(objectClass=turbinePermission)";
0557:
0558:                    /*
0559:                     * Create the default search controls.
0560:                     */
0561:                    SearchControls ctls = new SearchControls();
0562:
0563:                    NamingEnumeration answer = ctx.search(baseSearch, filter,
0564:                            ctls);
0565:
0566:                    while (answer.hasMore()) {
0567:                        SearchResult sr = (SearchResult) answer.next();
0568:                        Attributes attribs = sr.getAttributes();
0569:                        Attribute attr = attribs.get("turbinePermissionName");
0570:
0571:                        if (attr != null && attr.get() != null) {
0572:                            Permission perm = getPermissionInstance(attr.get()
0573:                                    .toString());
0574:
0575:                            permissions.add(perm);
0576:                        } else {
0577:                            log.error("Permission doesn't have a name");
0578:                        }
0579:                    }
0580:                } catch (NamingException ex) {
0581:                    throw new DataBackendException(
0582:                            "The LDAP server specified is unavailable", ex);
0583:                } catch (UnknownEntityException ex) {
0584:                    throw new DataBackendException(
0585:                            "Permission instance could not be created.", ex);
0586:                }
0587:
0588:                return new PermissionSet(permissions);
0589:            }
0590:
0591:            /**
0592:             * Retrieves all permissions associated with a role.
0593:             *
0594:             * @param role the role name, for which the permissions are to be retrieved.
0595:             * @throws DataBackendException if there was an error accessing the backend.
0596:             * @throws UnknownEntityException if the role is not present.
0597:             * @return a PermissionSet.
0598:             */
0599:            public PermissionSet getPermissions(Role role)
0600:                    throws DataBackendException, UnknownEntityException {
0601:                Hashtable permissions = new Hashtable();
0602:
0603:                try {
0604:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0605:
0606:                    String baseSearch = LDAPSecurityConstants.getBaseSearch();
0607:                    String filter = "(& ";
0608:
0609:                    filter += "(objectClass=turbineRole)";
0610:                    filter += "(turbineRoleName=" + role.getName() + ")";
0611:                    filter += ")";
0612:
0613:                    /*
0614:                     * Create the default search controls.
0615:                     */
0616:                    SearchControls ctls = new SearchControls();
0617:
0618:                    NamingEnumeration answer = ctx.search(baseSearch, filter,
0619:                            ctls);
0620:
0621:                    while (answer.hasMore()) {
0622:                        SearchResult sr = (SearchResult) answer.next();
0623:                        Attributes attribs = sr.getAttributes();
0624:                        Attribute attr = attribs.get("turbinePermissionName");
0625:
0626:                        if (attr != null) {
0627:                            NamingEnumeration values = attr.getAll();
0628:
0629:                            while (values.hasMore()) {
0630:                                String permName = values.next().toString();
0631:                                Permission perm = getPermissionInstance(permName);
0632:
0633:                                permissions.put(perm.getName(), perm);
0634:                            }
0635:                        }
0636:                    }
0637:                } catch (NamingException ex) {
0638:                    throw new DataBackendException(
0639:                            "The LDAP server specified is unavailable", ex);
0640:                } catch (UnknownEntityException ex) {
0641:                    throw new DataBackendException(
0642:                            "Permission instance could not be created.", ex);
0643:                }
0644:
0645:                return new PermissionSet(permissions.values());
0646:            }
0647:
0648:            /**
0649:             * Stores Group's attributes. The Groups is required to exist in the system.
0650:             *
0651:             * @param group The Group to be stored.
0652:             * @throws DataBackendException if there was an error accessing the backend.
0653:             * @throws UnknownEntityException if the group does not exist.
0654:             */
0655:            public void saveGroup(Group group) throws DataBackendException,
0656:                    UnknownEntityException {
0657:                // Not implemented yet.
0658:            }
0659:
0660:            /**
0661:             * Stores Role's attributes. The Roles is required to exist in the system.
0662:             *
0663:             * @param role The Role to be stored.
0664:             * @throws DataBackendException if there was an error accessing the backend.
0665:             * @throws UnknownEntityException if the role does not exist.
0666:             */
0667:            public void saveRole(Role role) throws DataBackendException,
0668:                    UnknownEntityException {
0669:                // Not implemented yet.
0670:            }
0671:
0672:            /**
0673:             * Stores Permission's attributes. The Permissions is required to exist in
0674:             * the system.
0675:             *
0676:             * @param permission The Permission to be stored.
0677:             * @throws DataBackendException if there was an error accessing the backend.
0678:             * @throws UnknownEntityException if the permission does not exist.
0679:             */
0680:            public void savePermission(Permission permission)
0681:                    throws DataBackendException, UnknownEntityException {
0682:                // Not implemented yet.
0683:            }
0684:
0685:            /**
0686:             * Creates a new group with specified attributes.
0687:             * <strong>Not implemented</strong>
0688:             *
0689:             * @param group the object describing the group to be created.
0690:             * @return a new Group object that has id set up properly.
0691:             * @throws DataBackendException if there was an error accessing the backend.
0692:             * @throws EntityExistsException if the group already exists.
0693:             */
0694:            public synchronized Group addGroup(Group group)
0695:                    throws DataBackendException, EntityExistsException {
0696:                try {
0697:                    lockExclusive();
0698:
0699:                    String groupName = group.getName();
0700:
0701:                    if (checkExists(group)) {
0702:                        throw new EntityExistsException("Group '" + groupName
0703:                                + "' already exists");
0704:                    }
0705:
0706:                    // Make the distinguished name.
0707:                    String dn = "turbineGroupName=" + groupName + ","
0708:                            + LDAPSecurityConstants.getBaseSearch();
0709:
0710:                    // Make the attributes.
0711:                    Attributes attrs = new BasicAttributes();
0712:
0713:                    attrs
0714:                            .put(new BasicAttribute("objectClass",
0715:                                    "turbineGroup"));
0716:                    attrs
0717:                            .put(new BasicAttribute("turbineGroupName",
0718:                                    groupName));
0719:
0720:                    // Connect to LDAP.
0721:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0722:
0723:                    // Add the group in LDAP.
0724:                    ctx.bind(dn, null, attrs);
0725:
0726:                    // Add the group to system-wide cache.
0727:                    getAllGroups().add(group);
0728:
0729:                    return group;
0730:                } catch (NamingException ex) {
0731:                    throw new DataBackendException("NamingException caught", ex);
0732:                } finally {
0733:                    unlockExclusive();
0734:                }
0735:            }
0736:
0737:            /**
0738:             * Creates a new role with specified attributes.
0739:             *
0740:             * @param role the object describing the role to be created.
0741:             * @return a new Role object that has id set up properly.
0742:             * @throws DataBackendException if there was an error accessing the backend.
0743:             * @throws EntityExistsException if the role already exists.
0744:             */
0745:            public synchronized Role addRole(Role role)
0746:                    throws DataBackendException, EntityExistsException {
0747:                try {
0748:                    lockExclusive();
0749:
0750:                    String roleName = role.getName();
0751:
0752:                    if (checkExists(role)) {
0753:                        throw new EntityExistsException("Role '" + roleName
0754:                                + "' already exists");
0755:                    }
0756:
0757:                    // Make the distinguished name.
0758:                    String dn = "turbineRoleName=" + roleName + ","
0759:                            + LDAPSecurityConstants.getBaseSearch();
0760:
0761:                    // Make the attributes.
0762:                    Attributes attrs = new BasicAttributes();
0763:
0764:                    attrs.put(new BasicAttribute("objectClass", "turbineRole"));
0765:                    attrs.put(new BasicAttribute("turbineRoleName", roleName));
0766:
0767:                    // Connect to LDAP.
0768:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0769:
0770:                    // Add the role in LDAP.
0771:                    ctx.bind(dn, null, attrs);
0772:
0773:                    // Add the role to system-wide cache.
0774:                    getAllRoles().add(role);
0775:
0776:                    return role;
0777:                } catch (NamingException ex) {
0778:                    throw new DataBackendException("NamingException caught", ex);
0779:                } finally {
0780:                    unlockExclusive();
0781:                }
0782:            }
0783:
0784:            /**
0785:             * Creates a new permission with specified attributes.
0786:             * <strong>Not implemented</strong>
0787:             *
0788:             * @param permission the object describing the permission to be created.
0789:             * @return a new Permission object that has id set up properly.
0790:             * @throws DataBackendException if there was an error accessing the backend.
0791:             * @throws EntityExistsException if the permission already exists.
0792:             */
0793:            public synchronized Permission addPermission(Permission permission)
0794:                    throws DataBackendException, EntityExistsException {
0795:                try {
0796:                    lockExclusive();
0797:
0798:                    String permName = permission.getName();
0799:
0800:                    if (checkExists(permission)) {
0801:                        throw new EntityExistsException("Permission '"
0802:                                + permName + "' already exists");
0803:                    }
0804:
0805:                    // Make the distinguished name.
0806:                    String dn = "turbinePermissionName=" + permName + ","
0807:                            + LDAPSecurityConstants.getBaseSearch();
0808:
0809:                    // Make the attributes.
0810:                    Attributes attrs = new BasicAttributes();
0811:
0812:                    attrs.put(new BasicAttribute("objectClass",
0813:                            "turbinePermission"));
0814:                    attrs.put(new BasicAttribute("turbinePermissionName",
0815:                            permName));
0816:
0817:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0818:
0819:                    // Add the permission in LDAP.
0820:                    ctx.bind(dn, null, attrs);
0821:
0822:                    // add the permission to system-wide cache
0823:                    getAllPermissions().add(permission);
0824:
0825:                    return permission;
0826:                } catch (NamingException ex) {
0827:                    throw new DataBackendException("NamingException caught", ex);
0828:                } finally {
0829:                    unlockExclusive();
0830:                }
0831:            }
0832:
0833:            /**
0834:             * Removes a Group from the system.
0835:             *
0836:             * @param group object describing group to be removed.
0837:             * @throws DataBackendException if there was an error accessing the backend.
0838:             * @throws UnknownEntityException if the group does not exist.
0839:             */
0840:            public synchronized void removeGroup(Group group)
0841:                    throws DataBackendException, UnknownEntityException {
0842:                try {
0843:                    lockExclusive();
0844:
0845:                    String groupName = group.getName();
0846:
0847:                    if (!checkExists(group)) {
0848:                        throw new UnknownEntityException("Group '" + groupName
0849:                                + "' does not exist");
0850:                    }
0851:
0852:                    // Make the distinguished name.
0853:                    String dn = "turbineGroupName=" + groupName + ","
0854:                            + LDAPSecurityConstants.getBaseSearch();
0855:
0856:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0857:
0858:                    // Remove the group from LDAP.
0859:                    ctx.unbind(dn);
0860:
0861:                    // Remove the group from system-wide cache.
0862:                    getAllGroups().remove(group);
0863:                } catch (NamingException ex) {
0864:                    throw new DataBackendException("NamingException caught", ex);
0865:                } finally {
0866:                    unlockExclusive();
0867:                }
0868:            }
0869:
0870:            /**
0871:             * Removes a Role from the system.
0872:             *
0873:             * @param role object describing role to be removed.
0874:             * @throws DataBackendException if there was an error accessing the backend.
0875:             * @throws UnknownEntityException if the role does not exist.
0876:             */
0877:            public synchronized void removeRole(Role role)
0878:                    throws DataBackendException, UnknownEntityException {
0879:                try {
0880:                    lockExclusive();
0881:
0882:                    String roleName = role.getName();
0883:
0884:                    if (!checkExists(role)) {
0885:                        throw new UnknownEntityException("Role '" + roleName
0886:                                + "' does not exist");
0887:                    }
0888:
0889:                    // Make the distinguished name.
0890:                    String dn = "turbineRoleName=" + roleName + ","
0891:                            + LDAPSecurityConstants.getBaseSearch();
0892:
0893:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0894:
0895:                    // Remove the role from LDAP.
0896:                    ctx.unbind(dn);
0897:
0898:                    // Remove the role from system-wide cache.
0899:                    getAllRoles().remove(role);
0900:                } catch (NamingException ex) {
0901:                    throw new DataBackendException("NamingException caught", ex);
0902:                } finally {
0903:                    unlockExclusive();
0904:                }
0905:            }
0906:
0907:            /**
0908:             * Removes a Permission from the system.
0909:             *
0910:             * @param permission object describing permission to be removed.
0911:             * @throws DataBackendException if there was an error accessing the backend.
0912:             * @throws UnknownEntityException if the permission does not exist.
0913:             */
0914:            public synchronized void removePermission(Permission permission)
0915:                    throws DataBackendException, UnknownEntityException {
0916:                try {
0917:                    lockExclusive();
0918:
0919:                    String permName = permission.getName();
0920:
0921:                    if (!checkExists(permission)) {
0922:                        throw new UnknownEntityException("Permission '"
0923:                                + permName + "' does not exist");
0924:                    }
0925:
0926:                    // Make the distinguished name.
0927:                    String dn = "turbinePermissionName=" + permName + ","
0928:                            + LDAPSecurityConstants.getBaseSearch();
0929:
0930:                    DirContext ctx = LDAPUserManager.bindAsAdmin();
0931:
0932:                    // Remove the permission in LDAP.
0933:                    ctx.unbind(dn);
0934:
0935:                    // Remove the permission from system-wide cache.
0936:                    getAllPermissions().remove(permission);
0937:                } catch (NamingException ex) {
0938:                    throw new DataBackendException("NamingException caught", ex);
0939:                } finally {
0940:                    unlockExclusive();
0941:                }
0942:            }
0943:
0944:            /**
0945:             * Renames an existing Group.
0946:             *
0947:             * @param group object describing the group to be renamed.
0948:             * @param name the new name for the group.
0949:             * @throws DataBackendException if there was an error accessing the backend.
0950:             * @throws UnknownEntityException if the group does not exist.
0951:             */
0952:            public synchronized void renameGroup(Group group, String name)
0953:                    throws DataBackendException, UnknownEntityException {
0954:                // Not implemented yet.
0955:            }
0956:
0957:            /**
0958:             * Renames an existing Role.
0959:             *
0960:             * @param role object describing the role to be renamed.
0961:             * @param name the new name for the role.
0962:             * @throws DataBackendException if there was an error accessing the backend.
0963:             * @throws UnknownEntityException if the role does not exist.
0964:             */
0965:            public synchronized void renameRole(Role role, String name)
0966:                    throws DataBackendException, UnknownEntityException {
0967:                // Not implemented yet.
0968:            }
0969:
0970:            /**
0971:             * Renames an existing Permission.
0972:             *
0973:             * @param permission object describing the permission to be renamed.
0974:             * @param name the new name for the permission.
0975:             * @throws DataBackendException if there was an error accessing the backend.
0976:             * @throws UnknownEntityException if the permission does not exist.
0977:             */
0978:            public synchronized void renamePermission(Permission permission,
0979:                    String name) throws DataBackendException,
0980:                    UnknownEntityException {
0981:                // Not implemented yet.
0982:            }
0983:
0984:            /**
0985:             * Revoke all the roles to a user
0986:             * @param user the user.
0987:             * @throws DataBackendException if there is an error with the data backend.
0988:             * @throws UnkownEntityException if the role or a permission is not found.
0989:             */
0990:            public void revokeAll(User user) throws DataBackendException,
0991:                    UnknownEntityException {
0992:                Iterator groupsIterator = getAllGroups().iterator();
0993:                while (groupsIterator.hasNext()) {
0994:                    Group group = (Group) groupsIterator.next();
0995:                    Iterator rolesIterator = getRoles(user, group).iterator();
0996:                    while (rolesIterator.hasNext()) {
0997:                        Role role = (Role) rolesIterator.next();
0998:                        revoke(user, group, role);
0999:                    }
1000:                }
1001:            }
1002:
1003:            /**
1004:             * Revoke all the permissions to a role.
1005:             * @param role the role.
1006:             * @throws DataBackendException if there is an error with the data backend.
1007:             * @throws UnkownEntityException if the role or a permission is not found.
1008:             */
1009:            public void revokeAll(Role role) throws DataBackendException,
1010:                    UnknownEntityException {
1011:                PermissionSet permissions = getPermissions(role);
1012:                Iterator permIterator = permissions.iterator();
1013:                while (permIterator.hasNext()) {
1014:                    Permission perm = (Permission) permIterator.next();
1015:                    revoke(role, perm);
1016:                }
1017:            }
1018:
1019:            /**
1020:             * Revoke all the roles to a group.
1021:             * @param group the group.
1022:             * @throws DataBackendException if there is an error with the data backend.
1023:             * @throws UnkownEntityException if the role or a permission is not found.
1024:             */
1025:            public void revokeAll(Group group) throws DataBackendException,
1026:                    UnknownEntityException {
1027:                for (Iterator it = getUserList(new Criteria()).iterator(); it
1028:                        .hasNext();) {
1029:                    User user = (User) it.next();
1030:                    for (Iterator rolesIterator = getRoles(user, group)
1031:                            .iterator(); rolesIterator.hasNext();) {
1032:                        Role role = (Role) rolesIterator.next();
1033:                        revoke(user, group, role);
1034:                    }
1035:                }
1036:            }
1037:
1038:            /**
1039:             * Determines if the <code>Role</code> exists in the security system.
1040:             *
1041:             * @param role a <code>Role</code> value
1042:             * @return true if the role exists in the system, false otherwise
1043:             * @throws DataBackendException if there is an error with LDAP
1044:             */
1045:            public boolean checkExists(Role role) throws DataBackendException {
1046:                RoleSet roleSet = getRoles(new Criteria());
1047:
1048:                return roleSet.contains(role);
1049:            }
1050:
1051:            /**
1052:             * Determines if the <code>Group</code> exists in the security system.
1053:             *
1054:             * @param group a <code>Group</code> value
1055:             * @return true if the group exists in the system, false otherwise
1056:             * @throws DataBackendException if there is an error with LDAP
1057:             */
1058:            public boolean checkExists(Group group) throws DataBackendException {
1059:                GroupSet groupSet = getGroups(new Criteria());
1060:
1061:                return groupSet.contains(group);
1062:            }
1063:
1064:            /**
1065:             * Determines if the <code>Permission</code> exists in the security system.
1066:             *
1067:             * @param permission a <code>Permission</code> value
1068:             * @return true if the permission exists in the system, false otherwise
1069:             * @throws DataBackendException if there is an error with LDAP
1070:             */
1071:            public boolean checkExists(Permission permission)
1072:                    throws DataBackendException {
1073:                PermissionSet permissionSet = getPermissions(new Criteria());
1074:
1075:                return permissionSet.contains(permission);
1076:            }
1077:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.