1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl.ldap; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.Enumeration; |
22 |
|
import java.util.Iterator; |
23 |
|
import java.util.List; |
24 |
|
|
25 |
|
import javax.naming.NamingEnumeration; |
26 |
|
import javax.naming.NamingException; |
27 |
|
import javax.naming.directory.Attribute; |
28 |
|
import javax.naming.directory.Attributes; |
29 |
|
import javax.naming.directory.BasicAttribute; |
30 |
|
import javax.naming.directory.BasicAttributes; |
31 |
|
import javax.naming.directory.DirContext; |
32 |
|
import javax.naming.directory.SearchControls; |
33 |
|
import javax.naming.directory.SearchResult; |
34 |
|
|
35 |
|
import org.apache.commons.lang.StringUtils; |
36 |
|
import org.apache.commons.logging.Log; |
37 |
|
import org.apache.commons.logging.LogFactory; |
38 |
|
import org.apache.jetspeed.security.SecurityException; |
39 |
|
import org.apache.jetspeed.security.impl.UserPrincipalImpl; |
40 |
|
|
41 |
|
|
42 |
|
public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao { |
43 |
|
|
44 |
|
|
45 |
0 |
private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class); |
46 |
|
|
47 |
|
public LdapMemberShipDaoImpl() throws SecurityException { |
48 |
0 |
super(); |
49 |
0 |
} |
50 |
|
|
51 |
|
public LdapMemberShipDaoImpl(LdapBindingConfig config) throws SecurityException { |
52 |
0 |
super(config); |
53 |
0 |
} |
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException { |
59 |
|
|
60 |
0 |
String query = "(&(" + getGroupMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getGroupFilter() + ")"; |
61 |
|
|
62 |
0 |
if (logger.isDebugEnabled()) |
63 |
|
{ |
64 |
0 |
logger.debug("query[" + query + "]"); |
65 |
|
} |
66 |
|
|
67 |
0 |
cons.setSearchScope(getSearchScope()); |
68 |
0 |
String groupFilterBase = getGroupFilterBase(); |
69 |
0 |
NamingEnumeration searchResults = ((DirContext) ctx).search(groupFilterBase,query , cons); |
70 |
|
|
71 |
0 |
List groupPrincipalUids = new ArrayList(); |
72 |
0 |
while (searchResults.hasMore()) |
73 |
|
{ |
74 |
0 |
SearchResult result = (SearchResult) searchResults.next(); |
75 |
0 |
Attributes answer = result.getAttributes(); |
76 |
0 |
groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer))); |
77 |
0 |
} |
78 |
0 |
return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]); |
79 |
|
|
80 |
|
} |
81 |
|
|
82 |
|
|
83 |
|
|
84 |
|
|
85 |
|
public String[] searchGroupMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException { |
86 |
0 |
NamingEnumeration searchResults = searchByWildcardedUid(userPrincipalUid, cons); |
87 |
|
|
88 |
0 |
if (!searchResults.hasMore()) |
89 |
|
{ |
90 |
0 |
throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]"); |
91 |
|
} |
92 |
|
|
93 |
0 |
Attributes userAttributes = getFirstUser(searchResults); |
94 |
0 |
List groupUids = new ArrayList(); |
95 |
0 |
Attribute attr = getAttribute(getUserGroupMembershipAttribute(), userAttributes); |
96 |
0 |
List attrs = getAttributes(attr); |
97 |
0 |
Iterator it = attrs.iterator(); |
98 |
0 |
while(it.hasNext()) { |
99 |
0 |
String cnfull = (String)it.next(); |
100 |
0 |
if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) { |
101 |
0 |
String cn = extractLdapAttr(cnfull,getRoleUidAttribute()); |
102 |
0 |
groupUids.add(cn); |
103 |
|
} |
104 |
0 |
} |
105 |
|
|
106 |
0 |
return (String[]) groupUids.toArray(new String[groupUids.size()]); |
107 |
|
} |
108 |
|
|
109 |
|
|
110 |
|
|
111 |
|
|
112 |
|
public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException { |
113 |
|
|
114 |
0 |
String query = "(&(" + getRoleMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getRoleFilter() + ")"; |
115 |
|
|
116 |
0 |
if (logger.isDebugEnabled()) |
117 |
|
{ |
118 |
0 |
logger.debug("query[" + query + "]"); |
119 |
|
} |
120 |
|
|
121 |
0 |
cons.setSearchScope(getSearchScope()); |
122 |
0 |
NamingEnumeration searchResults = ((DirContext) ctx).search(getRoleFilterBase(),query , cons); |
123 |
0 |
List rolePrincipalUids = new ArrayList(); |
124 |
0 |
while (searchResults.hasMore()) |
125 |
|
{ |
126 |
|
|
127 |
0 |
SearchResult result = (SearchResult) searchResults.next(); |
128 |
0 |
Attributes answer = result.getAttributes(); |
129 |
0 |
rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer))); |
130 |
0 |
} |
131 |
0 |
return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]); |
132 |
|
} |
133 |
|
|
134 |
|
|
135 |
|
|
136 |
|
|
137 |
|
public String[] searchRoleMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException { |
138 |
|
|
139 |
0 |
NamingEnumeration results = searchByWildcardedUid(userPrincipalUid, cons); |
140 |
|
|
141 |
0 |
if (!results.hasMore()) |
142 |
|
{ |
143 |
0 |
throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]"); |
144 |
|
} |
145 |
|
|
146 |
0 |
Attributes userAttributes = getFirstUser(results); |
147 |
0 |
List newAttrs = new ArrayList(); |
148 |
0 |
Attribute attr = getAttribute(getUserRoleMembershipAttribute(), userAttributes); |
149 |
0 |
List attrs = getAttributes(attr); |
150 |
0 |
Iterator it = attrs.iterator(); |
151 |
0 |
while(it.hasNext()) { |
152 |
0 |
String cnfull = (String)it.next(); |
153 |
0 |
if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) { |
154 |
0 |
String cn = extractLdapAttr(cnfull,getRoleUidAttribute()); |
155 |
0 |
newAttrs.add(cn); |
156 |
|
} |
157 |
0 |
} |
158 |
0 |
return (String[]) newAttrs.toArray(new String[class="keyword">newAttrs.size()]); |
159 |
|
} |
160 |
|
|
161 |
|
|
162 |
|
|
163 |
|
|
164 |
|
public String[] searchUsersFromGroupByGroup(final String groupPrincipalUid, SearchControls cons) |
165 |
|
throws NamingException |
166 |
|
{ |
167 |
|
|
168 |
0 |
String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")"; |
169 |
|
|
170 |
0 |
if (logger.isDebugEnabled()) |
171 |
|
{ |
172 |
0 |
logger.debug("query[" + query + "]"); |
173 |
|
} |
174 |
|
|
175 |
0 |
ArrayList userPrincipalUids=new ArrayList(); |
176 |
|
|
177 |
0 |
cons.setSearchScope(getSearchScope()); |
178 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(getGroupFilterBase(),query , cons); |
179 |
|
|
180 |
0 |
while (results.hasMore()) |
181 |
|
{ |
182 |
0 |
SearchResult result = (SearchResult) results.next(); |
183 |
0 |
Attributes answer = result.getAttributes(); |
184 |
|
|
185 |
0 |
List newAttrs = new ArrayList(); |
186 |
|
|
187 |
0 |
Attribute userPrincipalUid = getAttribute(getGroupMembershipAttribute(), answer); |
188 |
0 |
List attrs = getAttributes(userPrincipalUid); |
189 |
0 |
Iterator it = attrs.iterator(); |
190 |
0 |
while(it.hasNext()) { |
191 |
0 |
String uidfull = (String)it.next(); |
192 |
0 |
if (!StringUtils.isEmpty(uidfull)) { |
193 |
0 |
if (uidfull.toLowerCase().indexOf(getUserFilterBase().toLowerCase())!=-1) { |
194 |
0 |
String uid = extractLdapAttr(uidfull,getUserIdAttribute()); |
195 |
0 |
newAttrs.add(uid); |
196 |
|
} |
197 |
|
} |
198 |
0 |
} |
199 |
0 |
userPrincipalUids.addAll(newAttrs); |
200 |
0 |
} |
201 |
0 |
return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); |
202 |
|
} |
203 |
|
|
204 |
|
|
205 |
|
|
206 |
|
|
207 |
|
public String[] searchUsersFromGroupByUser(final String groupPrincipalUid, SearchControls cons) |
208 |
|
throws NamingException |
209 |
|
{ |
210 |
|
|
211 |
0 |
String query = "(&(" + getUserGroupMembershipAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getUserFilter() + ")"; |
212 |
0 |
if (logger.isDebugEnabled()) |
213 |
|
{ |
214 |
0 |
logger.debug("query[" + query + "]"); |
215 |
|
} |
216 |
|
|
217 |
0 |
cons.setSearchScope(getSearchScope()); |
218 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons); |
219 |
|
|
220 |
0 |
ArrayList userPrincipalUids = new ArrayList(); |
221 |
|
|
222 |
0 |
while (results.hasMore()) |
223 |
|
{ |
224 |
0 |
SearchResult result = (SearchResult) results.next(); |
225 |
0 |
Attributes answer = result.getAttributes(); |
226 |
0 |
userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer))); |
227 |
0 |
} |
228 |
0 |
return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); |
229 |
|
} |
230 |
|
|
231 |
|
public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid, |
232 |
|
SearchControls cons) throws NamingException { |
233 |
|
|
234 |
0 |
String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")"; |
235 |
|
|
236 |
0 |
if (logger.isDebugEnabled()) { |
237 |
0 |
logger.debug("query[" + query + "]"); |
238 |
|
} |
239 |
|
|
240 |
0 |
ArrayList rolePrincipalUids = new ArrayList(); |
241 |
|
|
242 |
0 |
cons.setSearchScope(getSearchScope()); |
243 |
0 |
NamingEnumeration groups = ((DirContext) ctx).search(getGroupFilterBase(),query , cons); |
244 |
|
|
245 |
0 |
while (groups.hasMore()) { |
246 |
0 |
SearchResult group = (SearchResult) groups.next(); |
247 |
0 |
Attributes groupAttributes = group.getAttributes(); |
248 |
|
|
249 |
0 |
Attribute rolesFromGroup = getAttribute(getGroupMembershipForRoleAttribute(), groupAttributes); |
250 |
0 |
List roleDNs = getAttributes(rolesFromGroup,getRoleFilterBase()); |
251 |
0 |
Iterator it = roleDNs.iterator(); |
252 |
0 |
while (it.hasNext()) { |
253 |
0 |
String roleDN = (String) it.next(); |
254 |
0 |
if (!StringUtils.isEmpty(roleDN)) { |
255 |
0 |
String roleId = extractLdapAttr(roleDN,getRoleUidAttribute()); |
256 |
0 |
if (roleId!=null) { |
257 |
0 |
NamingEnumeration rolesResults = searchRoleByWildcardedUid(roleId, cons); |
258 |
0 |
if (rolesResults.hasMore()) |
259 |
0 |
if(rolesResults.nextElement()!=null) |
260 |
0 |
rolePrincipalUids.add(roleId); |
261 |
|
} |
262 |
|
} |
263 |
0 |
} |
264 |
0 |
} |
265 |
0 |
return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]); |
266 |
|
} |
267 |
|
|
268 |
|
|
269 |
|
|
270 |
|
|
271 |
|
|
272 |
|
|
273 |
|
|
274 |
|
public String[] searchRolesFromGroupByRole(final String groupPrincipalUid, |
275 |
|
SearchControls cons) throws NamingException { |
276 |
|
|
277 |
0 |
String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getRoleFilter() + ")"; |
278 |
|
|
279 |
0 |
if (logger.isDebugEnabled()) { |
280 |
0 |
logger.debug("query[" + query + "]"); |
281 |
|
} |
282 |
|
|
283 |
0 |
cons.setSearchScope(getSearchScope()); |
284 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons); |
285 |
|
|
286 |
0 |
ArrayList rolePrincipalUids = new ArrayList(); |
287 |
|
|
288 |
0 |
while (results.hasMore()) { |
289 |
0 |
SearchResult result = (SearchResult) results.next(); |
290 |
0 |
Attributes answer = result.getAttributes(); |
291 |
0 |
rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer))); |
292 |
0 |
} |
293 |
0 |
return (String[]) rolePrincipalUids |
294 |
|
.toArray(new String[rolePrincipalUids.size()]); |
295 |
|
} |
296 |
|
|
297 |
|
|
298 |
|
|
299 |
|
|
300 |
|
|
301 |
|
public String[] searchUsersFromRoleByRole(final String rolePrincipalUid, SearchControls cons) |
302 |
|
throws NamingException |
303 |
|
{ |
304 |
|
|
305 |
0 |
String query = "(&(" + getRoleIdAttribute() + "=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")"; |
306 |
|
|
307 |
0 |
if (logger.isDebugEnabled()) |
308 |
|
{ |
309 |
0 |
logger.debug("query[" + query + "]"); |
310 |
|
} |
311 |
|
|
312 |
0 |
ArrayList userPrincipalUids=new ArrayList(); |
313 |
|
|
314 |
0 |
cons.setSearchScope(getSearchScope()); |
315 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons); |
316 |
|
|
317 |
0 |
while (results.hasMore()) |
318 |
|
{ |
319 |
0 |
SearchResult result = (SearchResult) results.next(); |
320 |
0 |
Attributes answer = result.getAttributes(); |
321 |
|
|
322 |
0 |
Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer); |
323 |
0 |
List attrs = getAttributes(userPrincipalUid); |
324 |
0 |
Iterator it = attrs.iterator(); |
325 |
0 |
while(it.hasNext()) { |
326 |
0 |
String uidfull = (String)it.next(); |
327 |
0 |
if (!StringUtils.isEmpty(uidfull)) { |
328 |
0 |
String uid = extractLdapAttr(uidfull,getUserIdAttribute()); |
329 |
0 |
userPrincipalUids.add(uid); |
330 |
|
} |
331 |
0 |
} |
332 |
0 |
} |
333 |
0 |
return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); |
334 |
|
} |
335 |
|
|
336 |
|
|
337 |
|
|
338 |
|
|
339 |
|
public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons) |
340 |
|
throws NamingException |
341 |
|
{ |
342 |
|
|
343 |
0 |
String query = "(&(" + getUserRoleMembershipAttribute() + "=" + getRoleDN(rolePrincipalUid) + ")" + getUserFilter() + ")"; |
344 |
0 |
if (logger.isDebugEnabled()) |
345 |
|
{ |
346 |
0 |
logger.debug("query[" + query + "]"); |
347 |
|
} |
348 |
|
|
349 |
0 |
cons.setSearchScope(getSearchScope()); |
350 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons); |
351 |
|
|
352 |
0 |
ArrayList userPrincipalUids = new ArrayList(); |
353 |
|
|
354 |
0 |
while (results.hasMore()) |
355 |
|
{ |
356 |
0 |
SearchResult result = (SearchResult) results.next(); |
357 |
0 |
Attributes answer = result.getAttributes(); |
358 |
0 |
userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer))); |
359 |
0 |
} |
360 |
0 |
return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); |
361 |
|
} |
362 |
|
|
363 |
|
|
364 |
|
|
365 |
|
|
366 |
|
|
367 |
|
|
368 |
|
protected List getAttributes(Attribute attr) throws NamingException |
369 |
|
{ |
370 |
0 |
return getAttributes(attr, null); |
371 |
|
} |
372 |
|
|
373 |
|
|
374 |
|
|
375 |
|
|
376 |
|
|
377 |
|
protected List getAttributes(Attribute attr,String filter) throws NamingException |
378 |
|
{ |
379 |
0 |
List uids = new ArrayList(); |
380 |
0 |
if (attr != null) |
381 |
|
{ |
382 |
0 |
Enumeration groupUidEnum = attr.getAll(); |
383 |
0 |
while (groupUidEnum.hasMoreElements()) |
384 |
|
{ |
385 |
0 |
String groupDN = (String)groupUidEnum.nextElement(); |
386 |
0 |
if (filter==null) { |
387 |
0 |
uids.add(groupDN); |
388 |
0 |
} else if (filter!=null && groupDN.toLowerCase().indexOf(filter.toLowerCase())!=-1) { |
389 |
0 |
uids.add(groupDN); |
390 |
|
} |
391 |
0 |
} |
392 |
|
} |
393 |
0 |
return uids; |
394 |
|
} |
395 |
|
|
396 |
|
|
397 |
|
|
398 |
|
|
399 |
|
|
400 |
|
|
401 |
|
private Attributes getFirstUser(NamingEnumeration results) throws NamingException |
402 |
|
{ |
403 |
0 |
SearchResult result = (SearchResult) results.next(); |
404 |
0 |
Attributes answer = result.getAttributes(); |
405 |
|
|
406 |
0 |
return answer; |
407 |
|
} |
408 |
|
|
409 |
|
|
410 |
|
|
411 |
|
|
412 |
|
|
413 |
|
|
414 |
|
|
415 |
|
|
416 |
|
|
417 |
|
|
418 |
|
|
419 |
|
protected Attributes defineLdapAttributes(final String principalUid) |
420 |
|
{ |
421 |
0 |
Attributes attrs = new BasicAttributes(true); |
422 |
0 |
BasicAttribute classes = new BasicAttribute("objectclass"); |
423 |
|
|
424 |
0 |
classes.add("top"); |
425 |
0 |
classes.add("person"); |
426 |
0 |
classes.add("organizationalPerson"); |
427 |
0 |
classes.add("inetorgperson"); |
428 |
0 |
attrs.put(classes); |
429 |
0 |
attrs.put("cn", principalUid); |
430 |
0 |
attrs.put("sn", principalUid); |
431 |
|
|
432 |
0 |
return attrs; |
433 |
|
} |
434 |
|
|
435 |
|
|
436 |
|
|
437 |
|
|
438 |
|
protected String getDnSuffix() |
439 |
|
{ |
440 |
0 |
return this.getUserFilterBase(); |
441 |
|
} |
442 |
|
|
443 |
|
|
444 |
|
|
445 |
|
|
446 |
|
|
447 |
|
|
448 |
|
|
449 |
|
|
450 |
|
|
451 |
|
protected Principal makePrincipal(String principalUid) |
452 |
|
{ |
453 |
0 |
return new UserPrincipalImpl(principalUid); |
454 |
|
} |
455 |
|
|
456 |
|
private String extractLdapAttr(String dn,String ldapAttrName) { |
457 |
|
|
458 |
0 |
String dnLowerCase = dn.toLowerCase(); |
459 |
0 |
String ldapAttrNameLowerCase = ldapAttrName.toLowerCase(); |
460 |
|
|
461 |
0 |
if (dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")==-1) |
462 |
0 |
return null; |
463 |
|
|
464 |
0 |
if (dn.indexOf(",")!=-1 && dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")!=-1) |
465 |
0 |
return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.indexOf(",")); |
466 |
0 |
return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.length()); |
467 |
|
} |
468 |
|
|
469 |
|
protected String[] getObjectClasses() { |
470 |
0 |
return this.getUserObjectClasses(); |
471 |
|
} |
472 |
|
|
473 |
|
protected String getUidAttributeForPrincipal() { |
474 |
0 |
return this.getUserUidAttribute(); |
475 |
|
} |
476 |
|
|
477 |
|
protected String[] getAttributes() { |
478 |
0 |
return getUserAttributes(); |
479 |
|
} |
480 |
|
|
481 |
|
protected String getEntryPrefix() { |
482 |
0 |
return "uid"; |
483 |
|
} |
484 |
|
|
485 |
|
protected String getSearchSuffix() { |
486 |
0 |
return this.getUserFilter(); |
487 |
|
} |
488 |
|
} |