LdapUserSecurityHandler xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.security.Principal;
20  import java.util.ArrayList;
21  import java.util.Arrays;
22  import java.util.List;
23  
24  import javax.naming.NamingException;
25  
26  import org.apache.commons.lang.StringUtils;
27  import org.apache.commons.logging.Log;
28  import org.apache.commons.logging.LogFactory;
29  import org.apache.jetspeed.security.SecurityException;
30  import org.apache.jetspeed.security.UserPrincipal;
31  import org.apache.jetspeed.security.impl.UserPrincipalImpl;
32  import org.apache.jetspeed.security.spi.UserSecurityHandler;
33  import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
34  import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl;
35  
36  /***
37   * @see org.apache.jetspeed.security.spi.UserSecurityHandler
38   * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>
39   */
40  public class LdapUserSecurityHandler implements UserSecurityHandler
41  {
42      /*** The logger. */
43      private static final Log logger = LogFactory.getLog(LdapUserSecurityHandler.class);
44  
45      /*** The {@link LdapPrincipalDao}. */
46      private LdapPrincipalDao ldap;
47  
48      /***
49       * @param ldap The LdapPrincipalDao.
50       */
51      public LdapUserSecurityHandler(LdapPrincipalDao ldap)
52      {
53          this.ldap = ldap;
54      }
55  
56      /***
57       * <p>
58       * Default constructor.
59       * </p>
60       */
61      public LdapUserSecurityHandler() throws NamingException, SecurityException
62      {
63          this(new LdapUserPrincipalDaoImpl());
64      }
65  
66      /***
67       * <p>
68       * Lookup the user by his UID attribute on the Ldap Server.
69       * </p>
70       * 
71       * @return true if the Ldap Server finds a user with that UID; false if he
72       *         is not found or some sort of NamingException occurred.
73       * @see org.apache.jetspeed.security.spi.UserSecurityHandler#isUserPrincipal(java.lang.String)
74       */
75      public boolean isUserPrincipal(String uid)
76      {
77          verifyUid(uid);
78          return getUserPrincipal(uid) != null;
79      }
80  
81      /***
82       * @see org.apache.jetspeed.security.spi.UserSecurityHandler#getUserPrincipal(java.lang.String)
83       */
84      public Principal getUserPrincipal(String uid)
85      {
86          verifyUid(uid);
87          try
88          {
89              String dn = ldap.lookupByUid(uid);
90  
91              if (!StringUtils.isEmpty(dn))
92              {
93                  return new UserPrincipalImpl(uid);
94              }
95          }
96          catch (SecurityException e)
97          {
98              logSecurityException(e, uid);
99          }
100 
101         return null;
102     }
103 
104     /***
105      * <p>
106      * Verify the uid.
107      * </p>
108      * 
109      * @param uid The uid.
110      */
111     private void verifyUid(String uid)
112     {
113         if (StringUtils.isEmpty(uid))
114         {
115             throw new IllegalArgumentException("The uid cannot be null or empty.");
116         }
117     }
118 
119     /***
120      * @param se SecurityException Throws a {@link SecurityException}.
121      * @param uid The uid.
122      */
123     private void logSecurityException(SecurityException se, String uid)
124     {
125         if (logger.isErrorEnabled())
126         {
127             logger.error("An LDAP error has occurred for user uid:" + uid, se);
128         }
129     }
130 
131     /***
132      * @see org.apache.jetspeed.security.spi.UserSecurityHandler#getUserPrincipals(java.lang.String)
133      */
134     public List getUserPrincipals(String filter)
135     {
136         try
137         {
138             return Arrays.asList(ldap.find(filter, UserPrincipal.PREFS_USER_ROOT));
139         }
140         catch (SecurityException e)
141         {
142             logSecurityException(e, filter);
143         }
144 
145         return new ArrayList();
146     }
147 
148     /***
149      * @see org.apache.jetspeed.security.spi.UserSecurityHandler#addUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
150      */
151     public void addUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
152     {
153         verifyUserPrincipal(userPrincipal);
154 
155         String uid = userPrincipal.getName();
156         if (isUserPrincipal(uid))
157         {
158             throw new SecurityException(SecurityException.USER_ALREADY_EXISTS.create(uid));
159         }
160         ldap.create(uid);
161     }
162 
163     /***
164      * @see org.apache.jetspeed.security.spi.UserSecurityHandler#updateUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
165      */
166     public void updateUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
167     {
168         verifyUserPrincipal(userPrincipal);
169         String uid = userPrincipal.getName();
170         if (!isUserPrincipal(uid))
171         {
172             ldap.create(uid);
173         }
174     }
175 
176     /***
177      * @param userPrincipal
178      */
179     private void verifyUserPrincipal(UserPrincipal userPrincipal)
180     {
181         if (userPrincipal == null)
182         {
183             throw new IllegalArgumentException("The UserPrincipal cannot be null or empty.");
184         }
185     }
186 
187     /***
188      * @see org.apache.jetspeed.security.spi.UserSecurityHandler#removeUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
189      */
190     public void removeUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
191     {
192         verifyUserPrincipal(userPrincipal);
193 
194         String uid = userPrincipal.getName();
195 
196         ldap.delete(uid);
197     }
198 }