1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.spi.impl.ldap; |
18 |
|
|
19 |
|
import javax.naming.Name; |
20 |
|
import javax.naming.NameParser; |
21 |
|
import javax.naming.NamingEnumeration; |
22 |
|
import javax.naming.NamingException; |
23 |
|
import javax.naming.directory.DirContext; |
24 |
|
import javax.naming.directory.SearchControls; |
25 |
|
import javax.naming.directory.SearchResult; |
26 |
|
import javax.naming.ldap.LdapContext; |
27 |
|
|
28 |
|
import org.apache.commons.lang.StringUtils; |
29 |
|
import org.apache.commons.logging.Log; |
30 |
|
import org.apache.commons.logging.LogFactory; |
31 |
|
import org.apache.jetspeed.security.InvalidDnException; |
32 |
|
import org.apache.jetspeed.security.InvalidPasswordException; |
33 |
|
import org.apache.jetspeed.security.InvalidUidException; |
34 |
|
import org.apache.jetspeed.security.SecurityException; |
35 |
|
|
36 |
|
|
37 |
|
|
38 |
|
|
39 |
|
|
40 |
|
|
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
public abstract class AbstractLdapDao |
45 |
|
{ |
46 |
|
|
47 |
0 |
private static final Log logger = LogFactory.getLog(AbstractLdapDao.class); |
48 |
|
|
49 |
|
|
50 |
0 |
private LdapBindingConfig ldapBindingConfig = null; |
51 |
|
|
52 |
|
|
53 |
|
protected LdapContext ctx; |
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
public AbstractLdapDao() |
61 |
0 |
{ |
62 |
0 |
throw new UnsupportedOperationException("Must be instantiated with LDAP binding configuration."); |
63 |
|
} |
64 |
|
|
65 |
|
|
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
|
72 |
|
|
73 |
|
public AbstractLdapDao(LdapBindingConfig ldapConfig) throws SecurityException |
74 |
0 |
{ |
75 |
0 |
this.ldapBindingConfig = ldapConfig; |
76 |
0 |
bindToServer(ldapConfig.getRootDn(), ldapConfig.getRootPassword()); |
77 |
0 |
} |
78 |
|
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
|
|
84 |
|
|
85 |
|
|
86 |
|
|
87 |
|
|
88 |
|
protected void bindToServer(String rootDn, String rootPassword) throws SecurityException |
89 |
|
{ |
90 |
0 |
if ( ctx == null ) |
91 |
|
{ |
92 |
0 |
validateDn(rootDn); |
93 |
0 |
validatePassword(rootPassword); |
94 |
|
|
95 |
0 |
ctx = LdapContextProxy.createProxy(ldapBindingConfig); |
96 |
|
} |
97 |
0 |
} |
98 |
|
|
99 |
|
|
100 |
|
|
101 |
|
|
102 |
|
|
103 |
|
|
104 |
|
|
105 |
|
|
106 |
|
|
107 |
|
|
108 |
|
protected String getSubcontextName(final String dn) throws NamingException |
109 |
|
{ |
110 |
0 |
NameParser parser = ctx.getNameParser(""); |
111 |
0 |
Name name = parser.parse(dn); |
112 |
0 |
String rootStr = ctx.getNameInNamespace(); |
113 |
0 |
Name root = parser.parse(rootStr); |
114 |
|
|
115 |
0 |
if (name.startsWith(root)) |
116 |
|
{ |
117 |
0 |
Name rname = name.getSuffix(root.size()); |
118 |
|
|
119 |
0 |
return rname.toString(); |
120 |
|
} |
121 |
|
|
122 |
0 |
return dn; |
123 |
|
} |
124 |
|
|
125 |
|
|
126 |
|
|
127 |
|
|
128 |
|
|
129 |
|
|
130 |
|
|
131 |
|
|
132 |
|
protected void validateDn(final String dn) throws SecurityException |
133 |
|
{ |
134 |
0 |
if (StringUtils.isEmpty(dn)) |
135 |
|
{ |
136 |
0 |
throw new InvalidDnException(); |
137 |
|
} |
138 |
0 |
} |
139 |
|
|
140 |
|
|
141 |
|
|
142 |
|
|
143 |
|
|
144 |
|
|
145 |
|
|
146 |
|
|
147 |
|
protected void validatePassword(final String password) throws SecurityException |
148 |
|
{ |
149 |
0 |
if (StringUtils.isEmpty(password)) |
150 |
|
{ |
151 |
0 |
throw new InvalidPasswordException(); |
152 |
|
} |
153 |
0 |
} |
154 |
|
|
155 |
|
|
156 |
|
|
157 |
|
|
158 |
|
|
159 |
|
protected SearchControls setSearchControls() |
160 |
|
{ |
161 |
0 |
SearchControls controls = new SearchControls(); |
162 |
0 |
controls.setReturningAttributes(getKnownAttributes()); |
163 |
0 |
controls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
164 |
0 |
controls.setReturningObjFlag(true); |
165 |
|
|
166 |
0 |
return controls; |
167 |
|
} |
168 |
|
|
169 |
|
|
170 |
|
|
171 |
|
|
172 |
|
|
173 |
|
|
174 |
|
|
175 |
|
|
176 |
|
public String lookupByUid(final String uid) throws SecurityException |
177 |
|
{ |
178 |
0 |
validateUid(uid); |
179 |
|
|
180 |
|
try |
181 |
|
{ |
182 |
0 |
SearchControls cons = setSearchControls(); |
183 |
0 |
NamingEnumeration searchResults = searchByWildcardedUid(uid, cons); |
184 |
|
|
185 |
0 |
return getFirstDnForUid(searchResults); |
186 |
|
} |
187 |
0 |
catch (NamingException e) |
188 |
|
{ |
189 |
0 |
throw new SecurityException(e); |
190 |
|
} |
191 |
|
} |
192 |
|
|
193 |
|
|
194 |
|
|
195 |
|
|
196 |
|
|
197 |
|
|
198 |
|
|
199 |
|
|
200 |
|
|
201 |
|
|
202 |
|
|
203 |
|
private String getFirstDnForUid(NamingEnumeration searchResults) throws NamingException |
204 |
|
{ |
205 |
0 |
String userDn = null; |
206 |
0 |
while ((null != searchResults) && searchResults.hasMore()) |
207 |
|
{ |
208 |
0 |
SearchResult searchResult = (SearchResult) searchResults.next(); |
209 |
0 |
userDn = searchResult.getName(); |
210 |
0 |
} |
211 |
0 |
return userDn; |
212 |
|
} |
213 |
|
|
214 |
|
|
215 |
|
|
216 |
|
|
217 |
|
|
218 |
|
|
219 |
|
|
220 |
|
|
221 |
|
protected void validateUid(String uid) throws SecurityException |
222 |
|
{ |
223 |
0 |
String pattern = ".*\\(.*|.*\\[.*|.*\\{.*|.*\\\\.*|.*\\^.*|.*\\$.*|.*\\|.*|.*\\).*|.*\\?.*|.*\\*.*|.*\\+.*|.*\\..*"; |
224 |
0 |
if (StringUtils.isEmpty(uid) || uid.matches(pattern)) |
225 |
|
{ |
226 |
0 |
throw new InvalidUidException(); |
227 |
|
} |
228 |
0 |
} |
229 |
|
|
230 |
|
|
231 |
|
|
232 |
|
|
233 |
|
|
234 |
|
|
235 |
|
|
236 |
|
|
237 |
|
|
238 |
|
|
239 |
|
|
240 |
|
protected NamingEnumeration searchByWildcardedUid(final String filter, SearchControls cons) throws NamingException |
241 |
|
{ |
242 |
|
|
243 |
0 |
String query = ""; |
244 |
0 |
if (StringUtils.isEmpty(getSearchSuffix())) { |
245 |
0 |
query = "(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")"; |
246 |
|
} else { |
247 |
0 |
query = "(&(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getSearchSuffix() + ")"; |
248 |
|
} |
249 |
0 |
logger.debug("searchByWildCardedUid = " + query); |
250 |
|
|
251 |
0 |
cons.setSearchScope(getSearchScope()); |
252 |
|
|
253 |
0 |
String searchBase = StringUtils.replace(getSearchDomain(), "," + getRootContext(), ""); |
254 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons); |
255 |
|
|
256 |
0 |
return results; |
257 |
|
} |
258 |
|
|
259 |
|
|
260 |
|
|
261 |
|
|
262 |
|
|
263 |
|
|
264 |
|
|
265 |
|
|
266 |
|
|
267 |
|
|
268 |
|
|
269 |
|
protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException |
270 |
|
{ |
271 |
|
|
272 |
0 |
String query = ""; |
273 |
0 |
if (StringUtils.isEmpty(getGroupFilter())) { |
274 |
0 |
query = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")"; |
275 |
|
} else { |
276 |
0 |
query = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getGroupFilter() + ")"; |
277 |
|
} |
278 |
|
|
279 |
0 |
String searchBase = ""; |
280 |
0 |
if (!StringUtils.isEmpty(getGroupFilterBase())) |
281 |
0 |
searchBase+=getGroupFilterBase(); |
282 |
0 |
cons.setSearchScope(getSearchScope()); |
283 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons); |
284 |
|
|
285 |
0 |
return results; |
286 |
|
} |
287 |
|
|
288 |
|
|
289 |
|
|
290 |
|
|
291 |
|
|
292 |
|
|
293 |
|
|
294 |
|
|
295 |
|
|
296 |
|
|
297 |
|
|
298 |
|
protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException |
299 |
|
{ |
300 |
0 |
String query = ""; |
301 |
0 |
if (StringUtils.isEmpty(getRoleFilter())) { |
302 |
0 |
query = "(" + getRoleIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")"; |
303 |
|
} else { |
304 |
0 |
query = "(&(" + getRoleIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getRoleFilter() + ")"; |
305 |
|
} |
306 |
|
|
307 |
0 |
String searchBase = ""; |
308 |
0 |
if (!StringUtils.isEmpty(getRoleFilterBase())) |
309 |
0 |
searchBase+=getRoleFilterBase(); |
310 |
0 |
cons.setSearchScope(getSearchScope()); |
311 |
0 |
NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons); |
312 |
|
|
313 |
0 |
return results; |
314 |
|
} |
315 |
|
|
316 |
|
|
317 |
|
|
318 |
|
|
319 |
|
|
320 |
|
|
321 |
|
|
322 |
|
|
323 |
|
protected String getGroupFilterBase() |
324 |
|
{ |
325 |
0 |
return this.ldapBindingConfig.getGroupFilterBase(); |
326 |
|
} |
327 |
|
|
328 |
|
|
329 |
|
|
330 |
|
|
331 |
|
|
332 |
|
|
333 |
|
|
334 |
|
|
335 |
|
protected String[] getGroupObjectClasses() |
336 |
|
{ |
337 |
0 |
return this.ldapBindingConfig.getGroupObjectClasses(); |
338 |
|
} |
339 |
|
|
340 |
|
|
341 |
|
|
342 |
|
|
343 |
|
|
344 |
|
|
345 |
|
|
346 |
|
|
347 |
|
|
348 |
|
protected String getRoleFilterBase() |
349 |
|
{ |
350 |
0 |
return this.ldapBindingConfig.getRoleFilterBase(); |
351 |
|
} |
352 |
|
|
353 |
|
|
354 |
|
|
355 |
|
|
356 |
|
|
357 |
|
|
358 |
|
|
359 |
|
|
360 |
|
protected String[] getRoleObjectClasses() |
361 |
|
{ |
362 |
0 |
return this.ldapBindingConfig.getRoleObjectClasses(); |
363 |
|
} |
364 |
|
|
365 |
|
|
366 |
|
|
367 |
|
|
368 |
|
|
369 |
|
|
370 |
|
|
371 |
|
|
372 |
|
protected String getUserFilterBase() |
373 |
|
{ |
374 |
0 |
return this.ldapBindingConfig.getUserFilterBase(); |
375 |
|
} |
376 |
|
|
377 |
|
|
378 |
|
|
379 |
|
|
380 |
|
|
381 |
|
|
382 |
|
|
383 |
|
|
384 |
|
protected String getGroupFilter() |
385 |
|
{ |
386 |
0 |
return this.ldapBindingConfig.getGroupFilter(); |
387 |
|
} |
388 |
|
|
389 |
|
|
390 |
|
|
391 |
|
|
392 |
|
|
393 |
|
|
394 |
|
|
395 |
|
|
396 |
|
|
397 |
|
protected String getRoleFilter() |
398 |
|
{ |
399 |
0 |
return this.ldapBindingConfig.getRoleFilter(); |
400 |
|
} |
401 |
|
|
402 |
|
|
403 |
|
|
404 |
|
|
405 |
|
|
406 |
|
|
407 |
|
|
408 |
|
|
409 |
|
|
410 |
|
|
411 |
|
protected String getRootContext() |
412 |
|
{ |
413 |
0 |
return this.ldapBindingConfig.getRootContext(); |
414 |
|
} |
415 |
|
|
416 |
|
|
417 |
|
|
418 |
|
|
419 |
|
|
420 |
|
|
421 |
|
|
422 |
|
|
423 |
|
|
424 |
|
|
425 |
|
protected abstract String getEntryPrefix(); |
426 |
|
|
427 |
|
|
428 |
|
|
429 |
|
|
430 |
|
|
431 |
|
|
432 |
|
|
433 |
|
|
434 |
|
|
435 |
|
|
436 |
|
protected abstract String getSearchSuffix(); |
437 |
|
|
438 |
|
|
439 |
|
|
440 |
|
|
441 |
|
|
442 |
|
|
443 |
|
|
444 |
|
|
445 |
|
|
446 |
|
|
447 |
|
protected abstract String getSearchDomain(); |
448 |
|
|
449 |
|
protected String getUserFilter() |
450 |
|
{ |
451 |
0 |
return this.ldapBindingConfig.getUserFilter(); |
452 |
|
} |
453 |
|
|
454 |
|
protected String[] getUserObjectClasses() |
455 |
|
{ |
456 |
0 |
return this.ldapBindingConfig.getUserObjectClasses(); |
457 |
|
} |
458 |
|
|
459 |
|
protected String getGroupMembershipAttribute() |
460 |
|
{ |
461 |
0 |
return this.ldapBindingConfig.getGroupMembershipAttributes(); |
462 |
|
} |
463 |
|
|
464 |
|
protected String getUserGroupMembershipAttribute() |
465 |
|
{ |
466 |
0 |
return this.ldapBindingConfig.getUserGroupMembershipAttributes(); |
467 |
|
} |
468 |
|
|
469 |
|
|
470 |
|
protected String getGroupMembershipForRoleAttribute() |
471 |
|
{ |
472 |
0 |
return this.ldapBindingConfig.getGroupMembershipForRoleAttributes(); |
473 |
|
} |
474 |
|
|
475 |
|
protected String getRoleGroupMembershipForRoleAttribute() |
476 |
|
{ |
477 |
0 |
return this.ldapBindingConfig.getRoleGroupMembershipForRoleAttributes(); |
478 |
|
} |
479 |
|
|
480 |
|
protected String getRoleMembershipAttribute() |
481 |
|
{ |
482 |
0 |
return this.ldapBindingConfig.getRoleMembershipAttributes(); |
483 |
|
} |
484 |
|
|
485 |
|
protected String getUserRoleMembershipAttribute() |
486 |
|
{ |
487 |
0 |
return this.ldapBindingConfig.getUserRoleMembershipAttributes(); |
488 |
|
} |
489 |
|
|
490 |
|
protected String getRoleIdAttribute() |
491 |
|
{ |
492 |
0 |
return this.ldapBindingConfig.getRoleIdAttribute(); |
493 |
|
} |
494 |
|
|
495 |
|
protected String getGroupIdAttribute() |
496 |
|
{ |
497 |
0 |
return this.ldapBindingConfig.getGroupIdAttribute(); |
498 |
|
} |
499 |
|
|
500 |
|
protected String getUserIdAttribute() |
501 |
|
{ |
502 |
0 |
return this.ldapBindingConfig.getUserIdAttribute(); |
503 |
|
} |
504 |
|
|
505 |
|
protected String getUidAttribute() |
506 |
|
{ |
507 |
0 |
return this.ldapBindingConfig.getUidAttribute(); |
508 |
|
} |
509 |
|
|
510 |
|
protected int getSearchScope() |
511 |
|
{ |
512 |
0 |
return Integer.parseInt(this.ldapBindingConfig.getMemberShipSearchScope()); |
513 |
|
} |
514 |
|
|
515 |
|
protected String getRoleUidAttribute() |
516 |
|
{ |
517 |
0 |
return this.ldapBindingConfig.getRoleUidAttribute(); |
518 |
|
} |
519 |
|
|
520 |
|
protected String getGroupUidAttribute() |
521 |
|
{ |
522 |
0 |
return this.ldapBindingConfig.getGroupUidAttribute(); |
523 |
|
} |
524 |
|
|
525 |
|
protected String getUserUidAttribute() |
526 |
|
{ |
527 |
0 |
return this.ldapBindingConfig.getUserUidAttribute(); |
528 |
|
} |
529 |
|
|
530 |
|
protected String getGroupObjectRequiredAttributeClasses() |
531 |
|
{ |
532 |
0 |
return this.ldapBindingConfig.getGroupObjectRequiredAttributeClasses(); |
533 |
|
} |
534 |
|
|
535 |
|
protected String getRoleObjectRequiredAttributeClasses() |
536 |
|
{ |
537 |
0 |
return this.ldapBindingConfig.getRoleObjectRequiredAttributeClasses(); |
538 |
|
} |
539 |
|
|
540 |
|
protected String[] getUserAttributes() |
541 |
|
{ |
542 |
0 |
return this.ldapBindingConfig.getUserAttributes(); |
543 |
|
} |
544 |
|
|
545 |
|
protected String[] getGroupAttributes() |
546 |
|
{ |
547 |
0 |
return this.ldapBindingConfig.getGroupAttributes(); |
548 |
|
} |
549 |
|
|
550 |
|
protected String[] getRoleAttributes() |
551 |
|
{ |
552 |
0 |
return this.ldapBindingConfig.getRoleAttributes(); |
553 |
|
} |
554 |
|
|
555 |
|
protected String getUserPasswordAttribute() { |
556 |
0 |
return this.ldapBindingConfig.getUserPasswordAttribute(); |
557 |
|
} |
558 |
|
|
559 |
|
protected String[] getKnownAttributes() { |
560 |
0 |
return this.ldapBindingConfig.getKnownAttributes(); |
561 |
|
} |
562 |
|
|
563 |
|
protected abstract String[] getObjectClasses(); |
564 |
|
protected abstract String[] getAttributes(); |
565 |
|
} |