1 | |
package org.apache.turbine.services.security.ldap; |
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
import java.util.Hashtable; |
23 | |
import java.util.Iterator; |
24 | |
import java.util.List; |
25 | |
import java.util.Vector; |
26 | |
import javax.naming.NameAlreadyBoundException; |
27 | |
import javax.naming.NamingEnumeration; |
28 | |
import javax.naming.NamingException; |
29 | |
import javax.naming.directory.Attribute; |
30 | |
import javax.naming.directory.Attributes; |
31 | |
import javax.naming.directory.BasicAttribute; |
32 | |
import javax.naming.directory.BasicAttributes; |
33 | |
import javax.naming.directory.DirContext; |
34 | |
import javax.naming.directory.SearchControls; |
35 | |
import javax.naming.directory.SearchResult; |
36 | |
|
37 | |
import org.apache.commons.logging.Log; |
38 | |
import org.apache.commons.logging.LogFactory; |
39 | |
import org.apache.turbine.om.security.Group; |
40 | |
import org.apache.turbine.om.security.Permission; |
41 | |
import org.apache.turbine.om.security.Role; |
42 | |
import org.apache.turbine.om.security.TurbineGroup; |
43 | |
import org.apache.turbine.om.security.TurbinePermission; |
44 | |
import org.apache.turbine.om.security.TurbineRole; |
45 | |
import org.apache.turbine.om.security.User; |
46 | |
import org.apache.turbine.services.security.BaseSecurityService; |
47 | |
import org.apache.turbine.services.security.TurbineSecurity; |
48 | |
import org.apache.turbine.util.security.AccessControlList; |
49 | |
import org.apache.turbine.util.security.DataBackendException; |
50 | |
import org.apache.turbine.util.security.EntityExistsException; |
51 | |
import org.apache.turbine.util.security.GroupSet; |
52 | |
import org.apache.turbine.util.security.PermissionSet; |
53 | |
import org.apache.turbine.util.security.RoleSet; |
54 | |
import org.apache.turbine.util.security.UnknownEntityException; |
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
|
67 | 0 | public class LDAPSecurityService extends BaseSecurityService |
68 | |
{ |
69 | |
|
70 | |
|
71 | 0 | private static Log log = LogFactory.getLog(LDAPSecurityService.class); |
72 | |
|
73 | |
|
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | |
|
84 | |
|
85 | |
|
86 | |
|
87 | |
|
88 | |
|
89 | |
|
90 | |
|
91 | |
public AccessControlList getACL(User user) |
92 | |
throws DataBackendException, UnknownEntityException |
93 | |
{ |
94 | 0 | if (!TurbineSecurity.accountExists(user)) |
95 | |
{ |
96 | 0 | throw new UnknownEntityException("The account '" |
97 | |
+ user.getName() + "' does not exist"); |
98 | |
} |
99 | |
try |
100 | |
{ |
101 | 0 | Hashtable roles = new Hashtable(); |
102 | 0 | Hashtable permissions = new Hashtable(); |
103 | |
|
104 | |
|
105 | |
|
106 | 0 | lockShared(); |
107 | |
|
108 | |
|
109 | |
|
110 | 0 | Iterator groupsIterator = getAllGroups().iterator(); |
111 | |
|
112 | 0 | while (groupsIterator.hasNext()) |
113 | |
{ |
114 | 0 | Group group = (Group) groupsIterator.next(); |
115 | |
|
116 | |
|
117 | 0 | RoleSet groupRoles = getRoles(user, group); |
118 | |
|
119 | |
|
120 | 0 | roles.put(group, groupRoles); |
121 | |
|
122 | 0 | PermissionSet groupPermissions = new PermissionSet(); |
123 | |
|
124 | 0 | Iterator rolesIterator = groupRoles.iterator(); |
125 | |
|
126 | 0 | while (rolesIterator.hasNext()) |
127 | |
{ |
128 | 0 | Role role = (Role) rolesIterator.next(); |
129 | |
|
130 | 0 | PermissionSet rolePermissions = getPermissions(role); |
131 | |
|
132 | 0 | groupPermissions.add(rolePermissions); |
133 | 0 | } |
134 | |
|
135 | 0 | permissions.put(group, groupPermissions); |
136 | 0 | } |
137 | 0 | return getAclInstance(roles, permissions); |
138 | |
} |
139 | 0 | catch (Exception e) |
140 | |
{ |
141 | 0 | throw new DataBackendException("Failed to build ACL for user '" |
142 | |
+ user.getName() + "'", e); |
143 | |
} |
144 | |
finally |
145 | |
{ |
146 | |
|
147 | |
|
148 | 0 | unlockShared(); |
149 | |
} |
150 | |
} |
151 | |
|
152 | |
|
153 | |
|
154 | |
|
155 | |
|
156 | |
|
157 | |
|
158 | |
|
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
|
164 | |
|
165 | |
|
166 | |
|
167 | |
|
168 | |
public synchronized void grant(User user, Group group, Role role) |
169 | |
throws DataBackendException, UnknownEntityException |
170 | |
{ |
171 | |
try |
172 | |
{ |
173 | 0 | lockExclusive(); |
174 | |
|
175 | 0 | String userName = user.getName(); |
176 | 0 | String roleName = role.getName(); |
177 | 0 | String groupName = group.getName(); |
178 | |
|
179 | 0 | if (!accountExists(user)) |
180 | |
{ |
181 | 0 | throw new UnknownEntityException( |
182 | |
"User '" + userName + "' does not exist"); |
183 | |
} |
184 | |
|
185 | 0 | if (!checkExists(role)) |
186 | |
{ |
187 | 0 | throw new UnknownEntityException( |
188 | |
"Role '" + roleName + "' does not exist"); |
189 | |
} |
190 | |
|
191 | 0 | if (!checkExists(group)) |
192 | |
{ |
193 | 0 | throw new UnknownEntityException( |
194 | |
"Group '" + groupName + "' does not exist"); |
195 | |
} |
196 | |
|
197 | |
|
198 | 0 | String dn = "turbineGroupName=" + groupName + "," |
199 | |
+ LDAPSecurityConstants.getNameAttribute() |
200 | |
+ "=" + userName + "," |
201 | |
+ LDAPSecurityConstants.getBaseSearch(); |
202 | |
|
203 | |
|
204 | |
|
205 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
206 | |
|
207 | |
|
208 | 0 | Attributes attrs = new BasicAttributes(); |
209 | |
|
210 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
211 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineUserGroup")); |
212 | 0 | attrs.put(new BasicAttribute("turbineUserUniqueId", userName)); |
213 | |
try |
214 | |
{ |
215 | |
|
216 | 0 | ctx.bind(dn, null, attrs); |
217 | |
} |
218 | 0 | catch (NameAlreadyBoundException ex) |
219 | |
{ |
220 | |
|
221 | |
|
222 | 0 | attrs = new BasicAttributes(); |
223 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
224 | 0 | ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs); |
225 | 0 | } |
226 | |
|
227 | |
} |
228 | 0 | catch (NamingException ex) |
229 | |
{ |
230 | 0 | throw new DataBackendException("NamingException caught", ex); |
231 | |
} |
232 | |
finally |
233 | |
{ |
234 | 0 | unlockExclusive(); |
235 | 0 | } |
236 | 0 | } |
237 | |
|
238 | |
|
239 | |
|
240 | |
|
241 | |
|
242 | |
|
243 | |
|
244 | |
|
245 | |
|
246 | |
|
247 | |
|
248 | |
public synchronized void revoke(User user, Group group, Role role) |
249 | |
throws DataBackendException, UnknownEntityException |
250 | |
{ |
251 | |
try |
252 | |
{ |
253 | 0 | lockExclusive(); |
254 | |
|
255 | 0 | String userName = user.getName(); |
256 | 0 | String roleName = role.getName(); |
257 | 0 | String groupName = group.getName(); |
258 | |
|
259 | 0 | if (!accountExists(user)) |
260 | |
{ |
261 | 0 | throw new UnknownEntityException( |
262 | |
"User '" + userName + "' does not exist"); |
263 | |
} |
264 | |
|
265 | 0 | if (!checkExists(role)) |
266 | |
{ |
267 | 0 | throw new UnknownEntityException( |
268 | |
"Role '" + roleName + "' does not exist"); |
269 | |
} |
270 | |
|
271 | 0 | if (!checkExists(group)) |
272 | |
{ |
273 | 0 | throw new UnknownEntityException( |
274 | |
"Group '" + groupName + "' does not exist"); |
275 | |
} |
276 | |
|
277 | |
|
278 | 0 | String dn = "turbineGroupName=" + groupName + "," |
279 | |
+ LDAPSecurityConstants.getNameAttribute() |
280 | |
+ "=" + userName + "," |
281 | |
+ LDAPSecurityConstants.getBaseSearch(); |
282 | |
|
283 | |
|
284 | 0 | Attributes attrs = new BasicAttributes(); |
285 | |
|
286 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
287 | |
|
288 | |
|
289 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
290 | |
|
291 | |
|
292 | 0 | ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs); |
293 | |
|
294 | |
} |
295 | 0 | catch (NamingException ex) |
296 | |
{ |
297 | 0 | throw new DataBackendException("NamingException caught", ex); |
298 | |
} |
299 | |
finally |
300 | |
{ |
301 | 0 | unlockExclusive(); |
302 | 0 | } |
303 | 0 | } |
304 | |
|
305 | |
|
306 | |
|
307 | |
|
308 | |
|
309 | |
|
310 | |
|
311 | |
|
312 | |
|
313 | |
public synchronized void grant(Role role, Permission permission) |
314 | |
throws DataBackendException, UnknownEntityException |
315 | |
{ |
316 | |
try |
317 | |
{ |
318 | 0 | lockExclusive(); |
319 | |
|
320 | 0 | String roleName = role.getName(); |
321 | 0 | String permName = permission.getName(); |
322 | |
|
323 | 0 | if (!checkExists(role)) |
324 | |
{ |
325 | 0 | throw new UnknownEntityException( |
326 | |
"Role '" + roleName + "' does not exist"); |
327 | |
} |
328 | |
|
329 | 0 | if (!checkExists(permission)) |
330 | |
{ |
331 | 0 | throw new UnknownEntityException( |
332 | |
"Permission '" + permName + "' does not exist"); |
333 | |
} |
334 | |
|
335 | |
|
336 | 0 | String dn = "turbineRoleName=" + roleName + "," |
337 | |
+ LDAPSecurityConstants.getBaseSearch(); |
338 | |
|
339 | |
|
340 | 0 | Attributes attrs = new BasicAttributes(); |
341 | |
|
342 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
343 | |
|
344 | |
|
345 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
346 | |
|
347 | |
|
348 | 0 | ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs); |
349 | |
|
350 | |
} |
351 | 0 | catch (NamingException ex) |
352 | |
{ |
353 | 0 | throw new DataBackendException("NamingException caught", ex); |
354 | |
} |
355 | |
finally |
356 | |
{ |
357 | 0 | unlockExclusive(); |
358 | 0 | } |
359 | 0 | } |
360 | |
|
361 | |
|
362 | |
|
363 | |
|
364 | |
|
365 | |
|
366 | |
|
367 | |
|
368 | |
|
369 | |
public synchronized void revoke(Role role, Permission permission) |
370 | |
throws DataBackendException, UnknownEntityException |
371 | |
{ |
372 | |
try |
373 | |
{ |
374 | 0 | lockExclusive(); |
375 | |
|
376 | 0 | String roleName = role.getName(); |
377 | 0 | String permName = permission.getName(); |
378 | |
|
379 | 0 | if (!checkExists(role)) |
380 | |
{ |
381 | 0 | throw new UnknownEntityException( |
382 | |
"Role '" + roleName + "' does not exist"); |
383 | |
} |
384 | |
|
385 | 0 | if (!checkExists(permission)) |
386 | |
{ |
387 | 0 | throw new UnknownEntityException( |
388 | |
"Permission '" + permName + "' does not exist"); |
389 | |
} |
390 | |
|
391 | |
|
392 | 0 | String dn = "turbineRoleName=" + roleName + "," |
393 | |
+ LDAPSecurityConstants.getBaseSearch(); |
394 | |
|
395 | |
|
396 | 0 | Attributes attrs = new BasicAttributes(); |
397 | |
|
398 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
399 | |
|
400 | |
|
401 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
402 | |
|
403 | |
|
404 | 0 | ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs); |
405 | |
|
406 | |
} |
407 | 0 | catch (NamingException ex) |
408 | |
{ |
409 | 0 | throw new DataBackendException("NamingException caught", ex); |
410 | |
} |
411 | |
finally |
412 | |
{ |
413 | 0 | unlockExclusive(); |
414 | 0 | } |
415 | 0 | } |
416 | |
|
417 | |
|
418 | |
|
419 | |
|
420 | |
|
421 | |
|
422 | |
|
423 | |
|
424 | |
|
425 | |
|
426 | |
|
427 | |
|
428 | |
|
429 | |
|
430 | |
|
431 | |
|
432 | |
public Group getNewGroup(String groupName) |
433 | |
{ |
434 | 0 | return (Group) new TurbineGroup(groupName); |
435 | |
} |
436 | |
|
437 | |
|
438 | |
|
439 | |
|
440 | |
|
441 | |
|
442 | |
|
443 | |
|
444 | |
|
445 | |
|
446 | |
public Role getNewRole(String roleName) |
447 | |
{ |
448 | 0 | return (Role) new TurbineRole(roleName); |
449 | |
} |
450 | |
|
451 | |
|
452 | |
|
453 | |
|
454 | |
|
455 | |
|
456 | |
|
457 | |
|
458 | |
|
459 | |
|
460 | |
|
461 | |
public Permission getNewPermission(String permissionName) |
462 | |
{ |
463 | 0 | return (Permission) new TurbinePermission(permissionName); |
464 | |
} |
465 | |
|
466 | |
|
467 | |
|
468 | |
|
469 | |
|
470 | |
|
471 | |
|
472 | |
|
473 | |
public GroupSet getGroups(Object criteria) |
474 | |
throws DataBackendException |
475 | |
{ |
476 | 0 | Vector groups = new Vector(); |
477 | |
|
478 | |
try |
479 | |
{ |
480 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
481 | |
|
482 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
483 | 0 | String filter = "(objectclass=turbineGroup)"; |
484 | |
|
485 | |
|
486 | |
|
487 | |
|
488 | 0 | SearchControls ctls = new SearchControls(); |
489 | |
|
490 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
491 | |
|
492 | 0 | while (answer.hasMore()) |
493 | |
{ |
494 | 0 | SearchResult sr = (SearchResult) answer.next(); |
495 | 0 | Attributes attribs = sr.getAttributes(); |
496 | 0 | Attribute attr = attribs.get("turbineGroupName"); |
497 | |
|
498 | 0 | if (attr != null && attr.get() != null) |
499 | |
{ |
500 | 0 | Group group = getNewGroup(attr.get().toString()); |
501 | |
|
502 | 0 | groups.add(group); |
503 | |
} |
504 | 0 | } |
505 | |
} |
506 | 0 | catch (NamingException ex) |
507 | |
{ |
508 | 0 | throw new DataBackendException("NamingException caught", ex); |
509 | 0 | } |
510 | 0 | return new GroupSet(groups); |
511 | |
} |
512 | |
|
513 | |
|
514 | |
|
515 | |
|
516 | |
|
517 | |
|
518 | |
|
519 | |
|
520 | |
private RoleSet getRoles(User user, Group group) |
521 | |
throws DataBackendException |
522 | |
{ |
523 | 0 | Vector roles = new Vector(0); |
524 | |
|
525 | |
try |
526 | |
{ |
527 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
528 | |
|
529 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
530 | 0 | String filter = "(& "; |
531 | |
|
532 | 0 | filter += "(objectclass=turbineUserGroup)"; |
533 | 0 | filter += "(turbineUserUniqueId=" + user.getName() + ")"; |
534 | 0 | filter += "(turbineGroupName=" + group.getName() + ")"; |
535 | 0 | filter += ")"; |
536 | |
|
537 | |
|
538 | |
|
539 | |
|
540 | 0 | SearchControls ctls = new SearchControls(); |
541 | |
|
542 | 0 | ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
543 | |
|
544 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
545 | |
|
546 | 0 | while (answer.hasMore()) |
547 | |
{ |
548 | 0 | SearchResult sr = (SearchResult) answer.next(); |
549 | 0 | Attributes attribs = sr.getAttributes(); |
550 | 0 | Attribute attr = attribs.get("turbineRoleName"); |
551 | |
|
552 | 0 | if (attr != null) |
553 | |
{ |
554 | 0 | NamingEnumeration values = attr.getAll(); |
555 | |
|
556 | 0 | while (values.hasMore()) |
557 | |
{ |
558 | 0 | Role role = getNewRole(values.next().toString()); |
559 | |
|
560 | 0 | roles.add(role); |
561 | 0 | } |
562 | 0 | } |
563 | |
else |
564 | |
{ |
565 | 0 | log.error("Role doesn't have a name"); |
566 | |
} |
567 | 0 | } |
568 | |
} |
569 | 0 | catch (NamingException ex) |
570 | |
{ |
571 | 0 | throw new DataBackendException( |
572 | |
"NamingException caught:", ex); |
573 | 0 | } |
574 | |
|
575 | 0 | return new RoleSet(roles); |
576 | |
} |
577 | |
|
578 | |
|
579 | |
|
580 | |
|
581 | |
|
582 | |
|
583 | |
|
584 | |
|
585 | |
public RoleSet getRoles(Object criteria) throws DataBackendException |
586 | |
{ |
587 | 0 | Vector roles = new Vector(0); |
588 | |
|
589 | |
try |
590 | |
{ |
591 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
592 | |
|
593 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
594 | 0 | String filter = "(objectclass=turbineRole)"; |
595 | |
|
596 | |
|
597 | |
|
598 | |
|
599 | 0 | SearchControls ctls = new SearchControls(); |
600 | |
|
601 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
602 | |
|
603 | 0 | while (answer.hasMore()) |
604 | |
{ |
605 | 0 | SearchResult sr = (SearchResult) answer.next(); |
606 | 0 | Attributes attribs = sr.getAttributes(); |
607 | 0 | Attribute attr = attribs.get("turbineRoleName"); |
608 | |
|
609 | 0 | if (attr != null && attr.get() != null) |
610 | |
{ |
611 | 0 | Role role = getNewRole(attr.get().toString()); |
612 | |
|
613 | 0 | roles.add(role); |
614 | 0 | } |
615 | |
else |
616 | |
{ |
617 | 0 | log.error("Role doesn't have a name"); |
618 | |
} |
619 | 0 | } |
620 | |
} |
621 | 0 | catch (NamingException ex) |
622 | |
{ |
623 | 0 | throw new DataBackendException("NamingException caught", ex); |
624 | 0 | } |
625 | |
|
626 | 0 | return new RoleSet(roles); |
627 | |
} |
628 | |
|
629 | |
|
630 | |
|
631 | |
|
632 | |
|
633 | |
|
634 | |
|
635 | |
|
636 | |
public PermissionSet getPermissions(Object criteria) |
637 | |
throws DataBackendException |
638 | |
{ |
639 | 0 | Vector permissions = new Vector(); |
640 | |
|
641 | |
try |
642 | |
{ |
643 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
644 | |
|
645 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
646 | 0 | String filter = "(objectClass=turbinePermission)"; |
647 | |
|
648 | |
|
649 | |
|
650 | |
|
651 | 0 | SearchControls ctls = new SearchControls(); |
652 | |
|
653 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
654 | |
|
655 | 0 | while (answer.hasMore()) |
656 | |
{ |
657 | 0 | SearchResult sr = (SearchResult) answer.next(); |
658 | 0 | Attributes attribs = sr.getAttributes(); |
659 | 0 | Attribute attr = attribs.get("turbinePermissionName"); |
660 | |
|
661 | 0 | if (attr != null && attr.get() != null) |
662 | |
{ |
663 | 0 | Permission perm = getNewPermission(attr.get().toString()); |
664 | |
|
665 | 0 | permissions.add(perm); |
666 | 0 | } |
667 | |
else |
668 | |
{ |
669 | 0 | log.error("Permission doesn't have a name"); |
670 | |
} |
671 | 0 | } |
672 | |
} |
673 | 0 | catch (NamingException ex) |
674 | |
{ |
675 | 0 | throw new DataBackendException( |
676 | |
"The LDAP server specified is unavailable", ex); |
677 | 0 | } |
678 | 0 | return new PermissionSet(permissions); |
679 | |
} |
680 | |
|
681 | |
|
682 | |
|
683 | |
|
684 | |
|
685 | |
|
686 | |
|
687 | |
|
688 | |
|
689 | |
public PermissionSet getPermissions(Role role) |
690 | |
throws DataBackendException, UnknownEntityException |
691 | |
{ |
692 | 0 | Hashtable permissions = new Hashtable(); |
693 | |
|
694 | |
try |
695 | |
{ |
696 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
697 | |
|
698 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
699 | 0 | String filter = "(& "; |
700 | |
|
701 | 0 | filter += "(objectClass=turbineRole)"; |
702 | 0 | filter += "(turbineRoleName=" + role.getName() + ")"; |
703 | 0 | filter += ")"; |
704 | |
|
705 | |
|
706 | |
|
707 | |
|
708 | 0 | SearchControls ctls = new SearchControls(); |
709 | |
|
710 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
711 | |
|
712 | 0 | while (answer.hasMore()) |
713 | |
{ |
714 | 0 | SearchResult sr = (SearchResult) answer.next(); |
715 | 0 | Attributes attribs = sr.getAttributes(); |
716 | 0 | Attribute attr = attribs.get("turbinePermissionName"); |
717 | |
|
718 | 0 | if (attr != null) |
719 | |
{ |
720 | 0 | NamingEnumeration values = attr.getAll(); |
721 | |
|
722 | 0 | while (values.hasMore()) |
723 | |
{ |
724 | 0 | String permName = values.next().toString(); |
725 | 0 | Permission perm = getNewPermission(permName); |
726 | |
|
727 | 0 | permissions.put(perm.getName(), perm); |
728 | 0 | } |
729 | |
} |
730 | 0 | } |
731 | |
} |
732 | 0 | catch (NamingException ex) |
733 | |
{ |
734 | 0 | throw new DataBackendException( |
735 | |
"The LDAP server specified is unavailable", ex); |
736 | 0 | } |
737 | 0 | return new PermissionSet(permissions.values()); |
738 | |
} |
739 | |
|
740 | |
|
741 | |
|
742 | |
|
743 | |
|
744 | |
|
745 | |
|
746 | |
|
747 | |
public void saveGroup(Group group) throws DataBackendException, |
748 | |
UnknownEntityException |
749 | |
{ |
750 | |
|
751 | 0 | } |
752 | |
|
753 | |
|
754 | |
|
755 | |
|
756 | |
|
757 | |
|
758 | |
|
759 | |
|
760 | |
public void saveRole(Role role) throws DataBackendException, |
761 | |
UnknownEntityException |
762 | |
{ |
763 | |
|
764 | 0 | } |
765 | |
|
766 | |
|
767 | |
|
768 | |
|
769 | |
|
770 | |
|
771 | |
|
772 | |
|
773 | |
|
774 | |
public void savePermission(Permission permission) |
775 | |
throws DataBackendException, UnknownEntityException |
776 | |
{ |
777 | |
|
778 | 0 | } |
779 | |
|
780 | |
|
781 | |
|
782 | |
|
783 | |
|
784 | |
|
785 | |
|
786 | |
|
787 | |
|
788 | |
|
789 | |
public synchronized Group addGroup(Group group) |
790 | |
throws DataBackendException, EntityExistsException |
791 | |
{ |
792 | |
try |
793 | |
{ |
794 | 0 | lockExclusive(); |
795 | |
|
796 | 0 | String groupName = group.getName(); |
797 | |
|
798 | 0 | if (checkExists(group)) |
799 | |
{ |
800 | 0 | throw new EntityExistsException( |
801 | |
"Group '" + groupName + "' already exists"); |
802 | |
} |
803 | |
|
804 | |
|
805 | 0 | String dn = "turbineGroupName=" + groupName + "," |
806 | |
+ LDAPSecurityConstants.getBaseSearch(); |
807 | |
|
808 | |
|
809 | 0 | Attributes attrs = new BasicAttributes(); |
810 | |
|
811 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineGroup")); |
812 | 0 | attrs.put(new BasicAttribute("turbineGroupName", groupName)); |
813 | |
|
814 | |
|
815 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
816 | |
|
817 | |
|
818 | 0 | ctx.bind(dn, null, attrs); |
819 | |
|
820 | |
|
821 | 0 | getAllGroups().add(group); |
822 | |
|
823 | 0 | return group; |
824 | |
} |
825 | 0 | catch (NamingException ex) |
826 | |
{ |
827 | 0 | throw new DataBackendException("NamingException caught", ex); |
828 | |
} |
829 | |
finally |
830 | |
{ |
831 | 0 | unlockExclusive(); |
832 | |
} |
833 | |
} |
834 | |
|
835 | |
|
836 | |
|
837 | |
|
838 | |
|
839 | |
|
840 | |
|
841 | |
|
842 | |
|
843 | |
public synchronized Role addRole(Role role) |
844 | |
throws DataBackendException, EntityExistsException |
845 | |
{ |
846 | |
try |
847 | |
{ |
848 | 0 | lockExclusive(); |
849 | |
|
850 | 0 | String roleName = role.getName(); |
851 | |
|
852 | 0 | if (checkExists(role)) |
853 | |
{ |
854 | 0 | throw new EntityExistsException( |
855 | |
"Role '" + roleName + "' already exists"); |
856 | |
} |
857 | |
|
858 | |
|
859 | 0 | String dn = "turbineRoleName=" + roleName + "," |
860 | |
+ LDAPSecurityConstants.getBaseSearch(); |
861 | |
|
862 | |
|
863 | 0 | Attributes attrs = new BasicAttributes(); |
864 | |
|
865 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineRole")); |
866 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
867 | |
|
868 | |
|
869 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
870 | |
|
871 | |
|
872 | 0 | ctx.bind(dn, null, attrs); |
873 | |
|
874 | |
|
875 | 0 | getAllRoles().add(role); |
876 | |
|
877 | 0 | return role; |
878 | |
} |
879 | 0 | catch (NamingException ex) |
880 | |
{ |
881 | 0 | throw new DataBackendException("NamingException caught", ex); |
882 | |
} |
883 | |
finally |
884 | |
{ |
885 | 0 | unlockExclusive(); |
886 | |
} |
887 | |
} |
888 | |
|
889 | |
|
890 | |
|
891 | |
|
892 | |
|
893 | |
|
894 | |
|
895 | |
|
896 | |
|
897 | |
|
898 | |
public synchronized Permission addPermission(Permission permission) |
899 | |
throws DataBackendException, EntityExistsException |
900 | |
{ |
901 | |
try |
902 | |
{ |
903 | 0 | lockExclusive(); |
904 | |
|
905 | 0 | String permName = permission.getName(); |
906 | |
|
907 | 0 | if (checkExists(permission)) |
908 | |
{ |
909 | 0 | throw new EntityExistsException( |
910 | |
"Permission '" + permName + "' already exists"); |
911 | |
} |
912 | |
|
913 | |
|
914 | 0 | String dn = "turbinePermissionName=" + permName + "," |
915 | |
+ LDAPSecurityConstants.getBaseSearch(); |
916 | |
|
917 | |
|
918 | 0 | Attributes attrs = new BasicAttributes(); |
919 | |
|
920 | 0 | attrs.put(new BasicAttribute("objectClass", "turbinePermission")); |
921 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
922 | |
|
923 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
924 | |
|
925 | |
|
926 | 0 | ctx.bind(dn, null, attrs); |
927 | |
|
928 | |
|
929 | 0 | getAllPermissions().add(permission); |
930 | |
|
931 | 0 | return permission; |
932 | |
} |
933 | 0 | catch (NamingException ex) |
934 | |
{ |
935 | 0 | throw new DataBackendException("NamingException caught", ex); |
936 | |
} |
937 | |
finally |
938 | |
{ |
939 | 0 | unlockExclusive(); |
940 | |
} |
941 | |
} |
942 | |
|
943 | |
|
944 | |
|
945 | |
|
946 | |
|
947 | |
|
948 | |
|
949 | |
|
950 | |
public synchronized void removeGroup(Group group) |
951 | |
throws DataBackendException, UnknownEntityException |
952 | |
{ |
953 | |
try |
954 | |
{ |
955 | 0 | lockExclusive(); |
956 | |
|
957 | 0 | String groupName = group.getName(); |
958 | |
|
959 | 0 | if (!checkExists(group)) |
960 | |
{ |
961 | 0 | throw new UnknownEntityException( |
962 | |
"Group '" + groupName + "' does not exist"); |
963 | |
} |
964 | |
|
965 | |
|
966 | 0 | String dn = "turbineGroupName=" + groupName + "," |
967 | |
+ LDAPSecurityConstants.getBaseSearch(); |
968 | |
|
969 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
970 | |
|
971 | |
|
972 | 0 | ctx.unbind(dn); |
973 | |
|
974 | |
|
975 | 0 | getAllGroups().remove(group); |
976 | |
} |
977 | 0 | catch (NamingException ex) |
978 | |
{ |
979 | 0 | throw new DataBackendException("NamingException caught", ex); |
980 | |
} |
981 | |
finally |
982 | |
{ |
983 | 0 | unlockExclusive(); |
984 | 0 | } |
985 | 0 | } |
986 | |
|
987 | |
|
988 | |
|
989 | |
|
990 | |
|
991 | |
|
992 | |
|
993 | |
|
994 | |
public synchronized void removeRole(Role role) |
995 | |
throws DataBackendException, UnknownEntityException |
996 | |
{ |
997 | |
try |
998 | |
{ |
999 | 0 | lockExclusive(); |
1000 | |
|
1001 | 0 | String roleName = role.getName(); |
1002 | |
|
1003 | 0 | if (!checkExists(role)) |
1004 | |
{ |
1005 | 0 | throw new UnknownEntityException( |
1006 | |
"Role '" + roleName + "' does not exist"); |
1007 | |
} |
1008 | |
|
1009 | |
|
1010 | 0 | String dn = "turbineRoleName=" + roleName + "," |
1011 | |
+ LDAPSecurityConstants.getBaseSearch(); |
1012 | |
|
1013 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
1014 | |
|
1015 | |
|
1016 | 0 | ctx.unbind(dn); |
1017 | |
|
1018 | |
|
1019 | 0 | getAllRoles().remove(role); |
1020 | |
} |
1021 | 0 | catch (NamingException ex) |
1022 | |
{ |
1023 | 0 | throw new DataBackendException("NamingException caught", ex); |
1024 | |
} |
1025 | |
finally |
1026 | |
{ |
1027 | 0 | unlockExclusive(); |
1028 | 0 | } |
1029 | 0 | } |
1030 | |
|
1031 | |
|
1032 | |
|
1033 | |
|
1034 | |
|
1035 | |
|
1036 | |
|
1037 | |
|
1038 | |
public synchronized void removePermission(Permission permission) |
1039 | |
throws DataBackendException, UnknownEntityException |
1040 | |
{ |
1041 | |
try |
1042 | |
{ |
1043 | 0 | lockExclusive(); |
1044 | |
|
1045 | 0 | String permName = permission.getName(); |
1046 | |
|
1047 | 0 | if (!checkExists(permission)) |
1048 | |
{ |
1049 | 0 | throw new UnknownEntityException( |
1050 | |
"Permission '" + permName + "' does not exist"); |
1051 | |
} |
1052 | |
|
1053 | |
|
1054 | 0 | String dn = "turbinePermissionName=" + permName + "," |
1055 | |
+ LDAPSecurityConstants.getBaseSearch(); |
1056 | |
|
1057 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
1058 | |
|
1059 | |
|
1060 | 0 | ctx.unbind(dn); |
1061 | |
|
1062 | |
|
1063 | 0 | getAllPermissions().remove(permission); |
1064 | |
} |
1065 | 0 | catch (NamingException ex) |
1066 | |
{ |
1067 | 0 | throw new DataBackendException("NamingException caught", ex); |
1068 | |
} |
1069 | |
finally |
1070 | |
{ |
1071 | 0 | unlockExclusive(); |
1072 | 0 | } |
1073 | 0 | } |
1074 | |
|
1075 | |
|
1076 | |
|
1077 | |
|
1078 | |
|
1079 | |
|
1080 | |
|
1081 | |
|
1082 | |
|
1083 | |
public synchronized void renameGroup(Group group, String name) |
1084 | |
throws DataBackendException, UnknownEntityException |
1085 | |
{ |
1086 | |
|
1087 | 0 | } |
1088 | |
|
1089 | |
|
1090 | |
|
1091 | |
|
1092 | |
|
1093 | |
|
1094 | |
|
1095 | |
|
1096 | |
|
1097 | |
public synchronized void renameRole(Role role, String name) |
1098 | |
throws DataBackendException, UnknownEntityException |
1099 | |
{ |
1100 | |
|
1101 | 0 | } |
1102 | |
|
1103 | |
|
1104 | |
|
1105 | |
|
1106 | |
|
1107 | |
|
1108 | |
|
1109 | |
|
1110 | |
|
1111 | |
public synchronized void renamePermission(Permission permission, |
1112 | |
String name) |
1113 | |
throws DataBackendException, UnknownEntityException |
1114 | |
{ |
1115 | |
|
1116 | 0 | } |
1117 | |
|
1118 | |
|
1119 | |
|
1120 | |
|
1121 | |
|
1122 | |
|
1123 | |
|
1124 | |
public void revokeAll(User user) |
1125 | |
throws DataBackendException, UnknownEntityException |
1126 | |
{ |
1127 | 0 | Iterator groupsIterator = getAllGroups().iterator(); |
1128 | 0 | while (groupsIterator.hasNext()) |
1129 | |
{ |
1130 | 0 | Group group = (Group) groupsIterator.next(); |
1131 | 0 | Iterator rolesIterator = getRoles(user, group).iterator(); |
1132 | 0 | while (rolesIterator.hasNext()) |
1133 | |
{ |
1134 | 0 | Role role = (Role) rolesIterator.next(); |
1135 | 0 | revoke(user, group, role); |
1136 | 0 | } |
1137 | 0 | } |
1138 | 0 | } |
1139 | |
|
1140 | |
|
1141 | |
|
1142 | |
|
1143 | |
|
1144 | |
|
1145 | |
|
1146 | |
public void revokeAll(Role role) |
1147 | |
throws DataBackendException, UnknownEntityException |
1148 | |
{ |
1149 | 0 | PermissionSet permissions = getPermissions(role); |
1150 | 0 | Iterator permIterator = permissions.iterator(); |
1151 | 0 | while (permIterator.hasNext()) |
1152 | |
{ |
1153 | 0 | Permission perm = (Permission) permIterator.next(); |
1154 | 0 | revoke(role, perm); |
1155 | 0 | } |
1156 | 0 | } |
1157 | |
|
1158 | |
|
1159 | |
|
1160 | |
|
1161 | |
|
1162 | |
|
1163 | |
|
1164 | |
public void revokeAll(Group group) |
1165 | |
throws DataBackendException, UnknownEntityException |
1166 | |
{ |
1167 | 0 | for (Iterator it = getUserList(new Object()).iterator(); |
1168 | 0 | it.hasNext();) |
1169 | |
{ |
1170 | 0 | User user = (User) it.next(); |
1171 | 0 | for (Iterator rolesIterator = getRoles(user, group).iterator(); |
1172 | 0 | rolesIterator.hasNext();) |
1173 | |
{ |
1174 | 0 | Role role = (Role) rolesIterator.next(); |
1175 | 0 | revoke(user, group, role); |
1176 | 0 | } |
1177 | 0 | } |
1178 | 0 | } |
1179 | |
|
1180 | |
|
1181 | |
|
1182 | |
|
1183 | |
|
1184 | |
|
1185 | |
|
1186 | |
|
1187 | |
public boolean checkExists(Role role) |
1188 | |
throws DataBackendException |
1189 | |
{ |
1190 | 0 | RoleSet roleSet = getRoles(new Object()); |
1191 | |
|
1192 | 0 | return roleSet.contains(role); |
1193 | |
} |
1194 | |
|
1195 | |
|
1196 | |
|
1197 | |
|
1198 | |
|
1199 | |
|
1200 | |
|
1201 | |
|
1202 | |
public boolean checkExists(Group group) |
1203 | |
throws DataBackendException |
1204 | |
{ |
1205 | 0 | GroupSet groupSet = getGroups(new Object()); |
1206 | |
|
1207 | 0 | return groupSet.contains(group); |
1208 | |
} |
1209 | |
|
1210 | |
|
1211 | |
|
1212 | |
|
1213 | |
|
1214 | |
|
1215 | |
|
1216 | |
|
1217 | |
public boolean checkExists(Permission permission) |
1218 | |
throws DataBackendException |
1219 | |
{ |
1220 | 0 | PermissionSet permissionSet = getPermissions(new Object()); |
1221 | |
|
1222 | 0 | return permissionSet.contains(permission); |
1223 | |
} |
1224 | |
|
1225 | |
|
1226 | |
|
1227 | |
|
1228 | |
|
1229 | |
public GroupSet getAllGroups() throws DataBackendException { |
1230 | |
|
1231 | 0 | return null; |
1232 | |
} |
1233 | |
|
1234 | |
|
1235 | |
|
1236 | |
public PermissionSet getAllPermissions() throws DataBackendException { |
1237 | |
|
1238 | 0 | return null; |
1239 | |
} |
1240 | |
|
1241 | |
|
1242 | |
|
1243 | |
public RoleSet getAllRoles() throws DataBackendException { |
1244 | |
|
1245 | 0 | return null; |
1246 | |
} |
1247 | |
|
1248 | |
|
1249 | |
|
1250 | |
public List getUserList(Object criteria) throws DataBackendException { |
1251 | |
|
1252 | 0 | return null; |
1253 | |
} |
1254 | |
} |