LdapRoleSecurityHandler xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.util.ArrayList;
20  import java.util.Arrays;
21  import java.util.List;
22  
23  import javax.naming.NamingException;
24  
25  import org.apache.commons.lang.StringUtils;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  import org.apache.jetspeed.security.RolePrincipal;
29  import org.apache.jetspeed.security.SecurityException;
30  import org.apache.jetspeed.security.impl.RolePrincipalImpl;
31  import org.apache.jetspeed.security.spi.RoleSecurityHandler;
32  import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl;
33  import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
34  
35  public class LdapRoleSecurityHandler implements RoleSecurityHandler {
36  
37  	   /*** The logger. */
38      private static final Log logger = LogFactory.getLog(LdapRoleSecurityHandler.class);
39  
40      /*** The {@link LdapPrincipalDao}. */
41      private LdapPrincipalDao ldap;
42  
43      /***
44       * @param ldap The {@link LdapPrincipalDao}.
45       */
46      public LdapRoleSecurityHandler(LdapPrincipalDao ldap)
47      {
48          this.ldap = ldap;
49      }
50  
51      /***
52       * <p>
53       * Default constructor.
54       * </p>
55       * 
56       * @throws NamingException A {@link NamingException}.
57       * @throws SecurityException A {@link SecurityException}.
58       */
59      public LdapRoleSecurityHandler() throws NamingException, SecurityException
60      {
61          this(new LdapRoleDaoImpl());
62      }
63  	
64  	public RolePrincipal getRolePrincipal(String roleFullPathName) {
65          String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(roleFullPathName);
66          verifyRoleId(roleUidWithoutSlashes);
67          try
68          {
69              String dn = ldap.lookupByUid(roleUidWithoutSlashes);
70  
71              if (!StringUtils.isEmpty(dn))
72              {
73                  return new RolePrincipalImpl(roleFullPathName);
74              }
75          }
76          catch (SecurityException e)
77          {
78              logSecurityException(e, roleFullPathName);
79          }
80          return null;
81  	}
82  
83  	public void setRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException {
84          verifyRolePrincipal(rolePrincipal);
85  
86          String fullPath = rolePrincipal.getFullPath();
87          String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);
88          if (getRolePrincipal(groupUidWithoutSlashes) == null)
89          {
90              ldap.create(groupUidWithoutSlashes);
91          }
92  	}
93  
94  	public void removeRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException {
95          verifyRolePrincipal(rolePrincipal);
96  
97          String fullPath = rolePrincipal.getFullPath();
98          String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);
99  
100         ldap.delete(roleUidWithoutSlashes);
101 	}
102 
103 	public List getRolePrincipals(String filter) {
104         try
105         {
106             return Arrays.asList(ldap.find(filter, RolePrincipal.PREFS_ROLE_ROOT));
107         }
108         catch (SecurityException e)
109         {
110             logSecurityException(e, filter);
111         }
112         return new ArrayList();
113 	}
114 	
115     /***
116      * <p>
117      * Verify that the group uid is valid.
118      * </p>
119      * 
120      * @param groupPrincipalUid The group uid.
121      */
122     private void verifyRoleId(String rolePrincipalUid)
123     {
124         if (StringUtils.isEmpty(rolePrincipalUid))
125         {
126             throw new IllegalArgumentException("The roleId cannot be null or empty.");
127         }
128     }
129 
130     /***
131      * <p>
132      * Log the security exception.
133      * </p>
134      * 
135      * @param e The {@link SecurityException}.
136      * @param groupPrincipalUid The group principal uid.
137      */
138     private void logSecurityException(SecurityException e, String groupPrincipalUid)
139     {
140         if (logger.isErrorEnabled())
141         {
142             logger.error("An LDAP error has occurred for groupId:" + groupPrincipalUid, e);
143         }
144     }
145     
146     /***
147      * <p>
148      * Verify that the group principal is valid.
149      * </p>
150      * 
151      * @param groupPrincipal The group principal.
152      */
153     private void verifyRolePrincipal(RolePrincipal rolePrincipal)
154     {
155         if (rolePrincipal == null)
156         {
157             throw new IllegalArgumentException("The RolePrincipal cannot be null or empty.");
158         }
159     }    
160 }