1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security.spi.impl;
18
19 import java.security.Principal;
20 import java.util.HashSet;
21 import java.util.Set;
22 import java.util.prefs.Preferences;
23
24 import javax.naming.NamingException;
25
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28 import org.apache.jetspeed.security.GroupPrincipal;
29 import org.apache.jetspeed.security.HierarchyResolver;
30 import org.apache.jetspeed.security.RolePrincipal;
31 import org.apache.jetspeed.security.SecurityException;
32 import org.apache.jetspeed.security.UserPrincipal;
33 import org.apache.jetspeed.security.impl.GeneralizationHierarchyResolver;
34 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
35 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
36 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
37 import org.apache.jetspeed.security.spi.SecurityMappingHandler;
38 import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;
39 import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
40 import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl;
41 import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao;
42 import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl;
43
44 /***
45 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler
46 * @author <a href="mailto:mike.long@dataline.com">Mike Long </a><br/>
47 * <a href="mailto:dlestrat@apache.org">David Le Strat </a>
48 */
49 public class LdapSecurityMappingHandler implements SecurityMappingHandler
50 {
51
52 private LdapUserPrincipalDao userDao;
53
54 private LdapPrincipalDao groupDao;
55
56 private LdapPrincipalDao roleDao;
57
58 /*** The logger. */
59 private static final Log LOG = LogFactory.getLog(LdapSecurityMappingHandler.class);
60
61 /*** The role hierarchy resolver. */
62 private HierarchyResolver roleHierarchyResolver = new GeneralizationHierarchyResolver();
63
64 /*** The group hierarchy resolver. */
65 private HierarchyResolver groupHierarchyResolver = new GeneralizationHierarchyResolver();
66
67 /***
68 * @param userDao
69 * @param groupDao
70 */
71 public LdapSecurityMappingHandler(LdapUserPrincipalDao userDao, LdapPrincipalDao groupDao,LdapPrincipalDao roleDao)
72 {
73 this.userDao = userDao;
74 this.groupDao = groupDao;
75 this.roleDao = roleDao;
76 }
77
78 /***
79 * @throws NamingException A {@link NamingException}.
80 * @throws SecurityException A {@link SecurityException}.
81 */
82 public LdapSecurityMappingHandler() throws SecurityException, NamingException
83 {
84 this.userDao = new LdapUserPrincipalDaoImpl();
85 this.groupDao = new LdapGroupDaoImpl();
86 this.roleDao = new LdapRoleDaoImpl();
87 }
88
89 /***
90 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRoleHierarchyResolver()
91 */
92 public HierarchyResolver getRoleHierarchyResolver()
93 {
94 return roleHierarchyResolver;
95 }
96
97 /***
98 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRoleHierarchyResolver(org.apache.jetspeed.security.HierarchyResolver)
99 */
100 public void setRoleHierarchyResolver(HierarchyResolver roleHierarchyResolver)
101 {
102 this.roleHierarchyResolver = roleHierarchyResolver;
103 }
104
105 /***
106 * @return Returns the groupHierarchyResolver.
107 */
108 public HierarchyResolver getGroupHierarchyResolver()
109 {
110 return groupHierarchyResolver;
111 }
112
113 /***
114 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setGroupHierarchyResolver(org.apache.jetspeed.security.HierarchyResolver)
115 */
116 public void setGroupHierarchyResolver(HierarchyResolver groupHierarchyResolver)
117 {
118 this.groupHierarchyResolver = groupHierarchyResolver;
119 }
120
121 /***
122 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRolePrincipals(java.lang.String)
123 */
124 public Set getRolePrincipals(String username)
125 {
126 Set rolePrincipals = new HashSet();
127 String[] roles;
128 try
129 {
130 roles = userDao.getRoleUidsForUser(username);
131 for (int i = 0; i < roles.length; i++)
132 {
133 createResolvedRolePrincipalSet(username, rolePrincipals, roles, i);
134 }
135 }
136 catch (SecurityException e)
137 {
138 LOG.error(e);
139 }
140 return rolePrincipals;
141
142 }
143
144 /***
145 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInRole(java.lang.String,
146 * java.lang.String)
147 */
148 public void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException
149 {
150 verifyUserAndRoleExist(username, roleFullPathName);
151 addRoleToUser(username, roleFullPathName);
152 }
153
154 /***
155 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInRole(java.lang.String,
156 * java.lang.String)
157 */
158 public void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException
159 {
160 verifyUserAndRoleExist(username, roleFullPathName);
161 removeUserFromRole(username, roleFullPathName);
162 }
163
164 /***
165 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getRolePrincipalsInGroup(java.lang.String)
166 */
167 public Set getRolePrincipalsInGroup(String groupFullPathName)
168 {
169 Set rolePrincipalsInGroup = new HashSet();
170 String[] roles;
171 try
172 {
173
174 roles = userDao.getRolesForGroup(groupFullPathName);
175 for (int i = 0; i < roles.length; i++)
176 {
177 createResolvedRolePrincipalSet(groupFullPathName, rolePrincipalsInGroup, roles, i);
178 }
179 }
180 catch (SecurityException e)
181 {
182 LOG.error(e);
183 }
184 return rolePrincipalsInGroup;
185 }
186
187 /***
188 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRolePrincipalInGroup(java.lang.String,
189 * java.lang.String)
190 */
191 public void setRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException
192 {
193 verifyGroupAndRoleExist(groupFullPathName, roleFullPathName);
194 addRoleToGroup(groupFullPathName, roleFullPathName);
195 }
196
197 /***
198 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeRolePrincipalInGroup(java.lang.String,
199 * java.lang.String)
200 */
201 public void removeRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException
202 {
203 verifyGroupAndRoleExist(groupFullPathName, roleFullPathName);
204 removeRoleFromGroup(groupFullPathName, roleFullPathName);
205 }
206
207
208 /***
209 * This method returns the set of group principals associated with a user.
210 *
211 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getGroupPrincipals(java.lang.String)
212 */
213 public Set getGroupPrincipals(String userPrincipalUid)
214 {
215 Set groupPrincipals = new HashSet();
216
217 String[] groups;
218 try
219 {
220 groups = userDao.getGroupUidsForUser(userPrincipalUid);
221 for (int i = 0; i < groups.length; i++)
222 {
223 createResolvedGroupPrincipalSet(userPrincipalUid, groupPrincipals, groups, i);
224 }
225 }
226 catch (SecurityException e)
227 {
228 LOG.error(e);
229 }
230 return groupPrincipals;
231 }
232
233 /***
234 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getGroupPrincipalsInRole(java.lang.String)
235 */
236 public Set getGroupPrincipalsInRole(String roleFullPathName)
237 {
238 Set groupPrincipals = new HashSet();
239 return groupPrincipals;
240 }
241
242 /***
243 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getUserPrincipalsInRole(java.lang.String)
244 */
245 public Set getUserPrincipalsInRole(String roleFullPathName)
246 {
247
248 Set userPrincipals = new HashSet();
249 String[] fullPaths = {roleFullPathName};
250 try
251 {
252 getUserPrincipalsInRole(userPrincipals, fullPaths);
253 }
254 catch (SecurityException e)
255 {
256 LOG.error(e);
257 }
258 return userPrincipals;
259 }
260
261 /***
262 * <p>
263 * This method is the analog of the getGroupPrincipals except it returns the
264 * set of user principals in a group.
265 * </p>
266 *
267 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getUserPrincipalsInGroup(java.lang.String)
268 */
269 public Set getUserPrincipalsInGroup(String groupFullPathName)
270 {
271 Set userPrincipals = new HashSet();
272
273
274 String[] fullPaths = {groupFullPathName};
275
276 try
277 {
278 getUserPrincipalsInGroup(userPrincipals, fullPaths);
279 }
280 catch (SecurityException e)
281 {
282 LOG.error(e);
283 }
284 return userPrincipals;
285 }
286
287 /***
288 * <p>
289 * Gets the user principals in groups.
290 * </p>
291 *
292 * @param userPrincipals
293 * @param fullPaths
294 * @throws SecurityException A {@link SecurityException}.
295 */
296 private void getUserPrincipalsInGroup(Set userPrincipals, String[] fullPaths) throws SecurityException
297 {
298 for (int i = 0; i < fullPaths.length; i++)
299 {
300 String[] usersInGroup = userDao.getUserUidsForGroup(fullPaths[i]);
301 for (int y = 0; y < usersInGroup.length; y++)
302 {
303 Principal userPrincipal = new UserPrincipalImpl(usersInGroup[y]);
304 userPrincipals.add(userPrincipal);
305 }
306 }
307 }
308
309 /***
310 * <p>
311 * Gets the user principals in groups.
312 * </p>
313 *
314 * @param userPrincipals
315 * @param fullPaths
316 * @throws SecurityException A {@link SecurityException}.
317 */
318 private void getUserPrincipalsInRole(Set userPrincipals, String[] fullPaths) throws SecurityException
319 {
320 for (int i = 0; i < fullPaths.length; i++)
321 {
322 String[] usersInRole = userDao.getUserUidsForRole(fullPaths[i]);
323 for (int y = 0; y < usersInRole.length; y++)
324 {
325 Principal userPrincipal = new UserPrincipalImpl(usersInRole[y]);
326 userPrincipals.add(userPrincipal);
327 }
328 }
329 }
330
331 /***
332 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInGroup(java.lang.String,
333 * java.lang.String)
334 */
335 public void setUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException
336 {
337 verifyUserAndGroupExist(username, groupFullPathName);
338 addGroupToUser(username, groupFullPathName);
339 }
340
341 /***
342 * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInGroup(java.lang.String,
343 * java.lang.String)
344 */
345 public void removeUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException
346 {
347 verifyUserAndGroupExist(username, groupFullPathName);
348 removeUserFromGroup(username, groupFullPathName);
349 }
350 /***
351 * @param username
352 * @param groupFullPathName
353 * @throws SecurityException
354 */
355 private void verifyGroupAndRoleExist(String groupFullPathName, String roleFullPathName) throws SecurityException
356 {
357 GroupPrincipal group = getGroup(groupFullPathName);
358 RolePrincipal role = getRole(roleFullPathName);
359 if ((null == group) && (null == role))
360 {
361 throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST);
362 }
363 }
364
365 /***
366 * @param username
367 * @param groupFullPathName
368 * @throws SecurityException
369 */
370 private void verifyUserAndGroupExist(String username, String groupFullPathName) throws SecurityException
371 {
372 UserPrincipal user = getUser(username);
373 GroupPrincipal group = getGroup(groupFullPathName);
374 if ((null == user) && (null == group))
375 {
376 throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST);
377 }
378 }
379
380 /***
381 * @param username
382 * @param groupFullPathName
383 * @throws SecurityException
384 */
385 private void verifyUserAndRoleExist(String username, String roleFullPathName) throws SecurityException
386 {
387 UserPrincipal user = getUser(username);
388 RolePrincipal role = getRole(roleFullPathName);
389 if ((null == user) && (null == role))
390 {
391 throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST);
392 }
393 }
394
395 /***
396 * @param username
397 * @param groupPrincipals
398 * @param groups
399 * @param i
400 */
401 private void createResolvedGroupPrincipalSet(String username, Set groupPrincipals, String[] groups, int i)
402 {
403 LOG.debug("Group [" + i + "] for user[" + username + "] is [" + groups[i] + "]");
404
405 GroupPrincipal group = new GroupPrincipalImpl(groups[i]);
406 Preferences preferences = Preferences.userRoot().node(group.getFullPath());
407 LOG.debug("Group name:" + group.getName());
408 String[] fullPaths = groupHierarchyResolver.resolve(preferences);
409 for (int n = 0; n < fullPaths.length; n++)
410 {
411 LOG.debug("Group [" + i + "] for user[" + username + "] is ["
412 + GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]) + "]");
413 groupPrincipals.add(new GroupPrincipalImpl(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n])));
414 }
415 }
416
417 /***
418 * @param username
419 * @param groupPrincipals
420 * @param groups
421 * @param i
422 */
423 private void createResolvedRolePrincipalSet(String username, Set rolePrincipals, String[] roles, int i)
424 {
425 LOG.debug("Group [" + i + "] for user[" + username + "] is [" + roles[i] + "]");
426
427 RolePrincipal role = new RolePrincipalImpl(roles[i]);
428 Preferences preferences = Preferences.userRoot().node(role.getFullPath());
429 LOG.debug("Group name:" + role.getName());
430 String[] fullPaths = roleHierarchyResolver.resolve(preferences);
431 for (int n = 0; n < fullPaths.length; n++)
432 {
433 LOG.debug("Group [" + i + "] for user[" + username + "] is ["
434 + RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]) + "]");
435 rolePrincipals.add(new RolePrincipalImpl(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n])));
436 }
437 }
438
439
440 /***
441 * @param username
442 * @param groupFullPathName
443 * @throws SecurityException
444 */
445 private void removeUserFromGroup(String username, String groupFullPathName) throws SecurityException
446 {
447 userDao.removeGroup(username, groupFullPathName);
448 }
449
450 /***
451 * @param username
452 * @param groupFullPathName
453 * @throws SecurityException
454 */
455 private void removeUserFromRole(String username, String roleFullPathName) throws SecurityException
456 {
457 userDao.removeRole(username, roleFullPathName);
458 }
459
460 private void removeRoleFromGroup(String groupFullPathName, String roleFullPathName)throws SecurityException
461 {
462 userDao.removeRoleFromGroup(groupFullPathName,roleFullPathName);
463 }
464
465
466 /***
467 * @param uid
468 * @return
469 * @throws SecurityException A {@link SecurityException}.
470 */
471 private UserPrincipal getUser(String uid) throws SecurityException
472 {
473 Principal[] user = userDao.find(uid, UserPrincipal.PREFS_USER_ROOT);
474 if (user.length == 1)
475 {
476 return (UserPrincipal) user[0];
477 }
478 else
479 {
480 throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(uid));
481 }
482 }
483
484 /***
485 * @param uid
486 * @return
487 * @throws SecurityException A {@link SecurityException}.
488 */
489 private GroupPrincipal getGroup(String uid) throws SecurityException
490 {
491 Principal[] group = groupDao.find(uid, GroupPrincipal.PREFS_GROUP_ROOT);
492 if (group.length == 1)
493 {
494 return (GroupPrincipal) group[0];
495 }
496 else
497 {
498 throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(uid));
499 }
500 }
501
502 /***
503 * @param uid
504 * @return
505 * @throws SecurityException A {@link SecurityException}.
506 */
507 private RolePrincipal getRole(String uid) throws SecurityException
508 {
509 Principal[] role = roleDao.find(uid, RolePrincipal.PREFS_ROLE_ROOT);
510
511 if (role.length == 1)
512
513 {
514 return (RolePrincipal) role[0];
515 }
516 else
517 {
518 throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(uid));
519 }
520 }
521
522 /***
523 * @param username
524 * @param groupFullPathName
525 * @throws SecurityException A {@link SecurityException}.
526 */
527 private void addGroupToUser(String username, String groupFullPathName) throws SecurityException
528 {
529 userDao.addGroup(username, groupFullPathName);
530 }
531
532 /***
533 * @param username
534 * @param groupFullPathName
535 * @throws SecurityException A {@link SecurityException}.
536 */
537 private void addRoleToUser(String username, String roleFullPathName) throws SecurityException
538 {
539 userDao.addRole(username, roleFullPathName);
540 }
541
542 /***
543 * @param username
544 * @param groupFullPathName
545 * @throws SecurityException A {@link SecurityException}.
546 */
547 private void addRoleToGroup(String groupFullPathName, String roleFullPathName) throws SecurityException
548 {
549 userDao.addRoleToGroup(groupFullPathName, roleFullPathName);
550 }
551
552
553 }