org.apache.jetspeed.services.security.ldap
Class LDAPUserManagement

java.lang.Object
  extended byorg.apache.turbine.services.BaseInitable
      extended byorg.apache.turbine.services.BaseService
          extended byorg.apache.turbine.services.TurbineBaseService
              extended byorg.apache.jetspeed.services.security.ldap.LDAPUserManagement
All Implemented Interfaces:
CredentialsManagement, org.apache.turbine.services.Initable, org.apache.turbine.services.Service, UserManagement

public class LDAPUserManagement
extends org.apache.turbine.services.TurbineBaseService
implements UserManagement, CredentialsManagement

Version:
$Id: LDAPUserManagement.java,v 1.10 2004/02/23 03:52:33 jford Exp $
Author:
Ender KILICOGLU, Sami Leino

Field Summary
protected static java.lang.String passwordsAlgorithm
           
protected static java.lang.String passwordsSuffix
           
protected  java.lang.String[] roles
           
protected  JetspeedRunDataService runDataService
           
protected static boolean securePasswords
           
 
Fields inherited from class org.apache.turbine.services.BaseService
configuration, name, properties, serviceBroker
 
Fields inherited from class org.apache.turbine.services.BaseInitable
initableBroker, isInitialized
 
Fields inherited from interface org.apache.jetspeed.services.security.UserManagement
SERVICE_NAME
 
Constructor Summary
LDAPUserManagement()
           
 
Method Summary
protected  boolean accountExists(JetspeedUser user)
          Check whether a specified user's account exists.
protected  boolean accountExists(JetspeedUser user, boolean checkUniqueId)
           
protected  void addDefaultPSML(JetspeedUser user)
           
 void addUser(JetspeedUser user)
          Adds a JetspeedUser into permanent storage.
protected  LDAPUser buildUser(javax.naming.directory.Attributes attributes)
           
 void changePassword(JetspeedUser user, java.lang.String oldPassword, java.lang.String newPassword)
          Allows for a user to change their own password.
 java.lang.String encryptPassword(java.lang.String password)
          This method provides client-side encryption of passwords.
 void forcePassword(JetspeedUser user, java.lang.String password)
          Forcibly sets new password for a User.
protected  JetspeedRunData getRunData()
           
 JetspeedUser getUser(java.security.Principal principal)
          Retrieves a JetspeedUser given the primary principle.
 java.util.Iterator getUsers()
          Retrieves a collection of all JetspeedUsers.
 java.util.Iterator getUsers(java.lang.String filter)
          Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string.
protected  java.util.Iterator getUsersUsingLDAPSpecificFilter(java.lang.String filter, java.lang.String[] attributesToFetch)
          Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string.
 void init(javax.servlet.ServletConfig conf)
          This is the early initialization method called by the Turbine Service framework
static boolean passwordsMatch(JetspeedUser user, java.lang.String suppliedPassword)
          Check's if user's current password matches with the supplied password.
 void removeUser(java.security.Principal principal)
          Removes a JetspeedUser from the permanent store.
 void saveUser(JetspeedUser user)
          Saves a JetspeedUser's attributes into permanent storage.
 
Methods inherited from class org.apache.turbine.services.TurbineBaseService
init, init, init, shutdown
 
Methods inherited from class org.apache.turbine.services.BaseService
getConfiguration, getName, getProperties, getServiceBroker, setName, setServiceBroker
 
Methods inherited from class org.apache.turbine.services.BaseInitable
getInit, getInitableBroker, setInit, setInitableBroker
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.turbine.services.Service
getConfiguration, getName, getProperties, setName, setServiceBroker
 
Methods inherited from interface org.apache.turbine.services.Initable
getInit, init, init, setInitableBroker, shutdown
 

Field Detail

securePasswords

protected static boolean securePasswords

passwordsAlgorithm

protected static java.lang.String passwordsAlgorithm

passwordsSuffix

protected static java.lang.String passwordsSuffix

runDataService

protected JetspeedRunDataService runDataService

roles

protected java.lang.String[] roles
Constructor Detail

LDAPUserManagement

public LDAPUserManagement()
Method Detail

getUser

public JetspeedUser getUser(java.security.Principal principal)
                     throws JetspeedSecurityException
Retrieves a JetspeedUser given the primary principle. The principal can be any valid Jetspeed Security Principal: org.apache.jetspeed.om.security.UserNamePrincipal org.apache.jetspeed.om.security.UserIdPrincipal The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUser in interface UserManagement
Parameters:
principal - a principal identity to be retrieved.
Returns:
a JetspeedUser associated to the principal identity.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers()
                            throws JetspeedSecurityException
Retrieves a collection of all JetspeedUsers. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers(java.lang.String filter)
                            throws JetspeedSecurityException
Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string. For example SQL, OQL, JDOQL. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsersUsingLDAPSpecificFilter

protected java.util.Iterator getUsersUsingLDAPSpecificFilter(java.lang.String filter,
                                                             java.lang.String[] attributesToFetch)
                                                      throws JetspeedSecurityException
Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string. For example SQL, OQL, JDOQL. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

buildUser

protected LDAPUser buildUser(javax.naming.directory.Attributes attributes)

saveUser

public void saveUser(JetspeedUser user)
              throws JetspeedSecurityException
Saves a JetspeedUser's attributes into permanent storage. The user's account is required to exist in the storage. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
saveUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

addUser

public void addUser(JetspeedUser user)
             throws JetspeedSecurityException
Adds a JetspeedUser into permanent storage. The security service can throw a NotUniqueUserException when the public credentials fail to meet the security provider-specific unique constraints. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
addUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
NotUniqueUserException - when the public credentials fail to meet the security provider-specific unique constraints.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

addDefaultPSML

protected void addDefaultPSML(JetspeedUser user)
                       throws JetspeedSecurityException
Throws:
JetspeedSecurityException

removeUser

public void removeUser(java.security.Principal principal)
                throws JetspeedSecurityException
Removes a JetspeedUser from the permanent store. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
removeUser in interface UserManagement
Parameters:
principal - the principal identity to be retrieved.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

changePassword

public void changePassword(JetspeedUser user,
                           java.lang.String oldPassword,
                           java.lang.String newPassword)
                    throws JetspeedSecurityException
Allows for a user to change their own password.

Specified by:
changePassword in interface CredentialsManagement
Parameters:
user - the JetspeedUser to change password
oldPassword - the current password supplied by the user.
newPassword - the current password requested by the user.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

forcePassword

public void forcePassword(JetspeedUser user,
                          java.lang.String password)
                   throws JetspeedSecurityException
Forcibly sets new password for a User. Provides an administrator the ability to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.

Specified by:
forcePassword in interface CredentialsManagement
Parameters:
user - the user to change the password for.
password - the new password.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

encryptPassword

public java.lang.String encryptPassword(java.lang.String password)
                                 throws JetspeedSecurityException
This method provides client-side encryption of passwords. If secure.passwords are enabled in JetspeedSecurity.properties, the password will be encrypted, if not, it will be returned unchanged. The secure.passwords.algorithm property can be used to chose which digest algorithm should be used for performing the encryption. SHA is used by default.

Specified by:
encryptPassword in interface CredentialsManagement
Parameters:
password - the password to process
Returns:
processed password
Throws:
JetspeedSecurityException

passwordsMatch

public static boolean passwordsMatch(JetspeedUser user,
                                     java.lang.String suppliedPassword)

Check's if user's current password matches with the supplied password.

Parameters:
user - User whose password will be checked
suppliedPassword - Password to match
Returns:
True if passwords match.

init

public void init(javax.servlet.ServletConfig conf)
          throws org.apache.turbine.services.InitializationException
This is the early initialization method called by the Turbine Service framework

Parameters:
conf - The ServletConfig
Throws:
throws - a InitializationException if the service fails to initialize
org.apache.turbine.services.InitializationException

accountExists

protected boolean accountExists(JetspeedUser user)
                         throws UserException
Check whether a specified user's account exists. The login name is used for looking up the account.

Parameters:
user - The user to be checked.
Returns:
true If the specified account exists
Throws:
UserException - If there was a general db access error

accountExists

protected boolean accountExists(JetspeedUser user,
                                boolean checkUniqueId)
                         throws UserException
Throws:
UserException

getRunData

protected JetspeedRunData getRunData()


Copyright © 2000-2005 Apache Software Foundation. All Rights Reserved.