Author: fpunt
Date: 2010-03-19 11:52:26 +0100 (Fri, 19 Mar 2010)
New Revision: 41535
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonHibernateService.java
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonLDAPService.java
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonService.java
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthenticationLDAPService.java
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthorityLDAPService.java
Log:
CMSC-1539 CAS single sing-on implementation support for creating LDAP stuff
from the portal
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonHibernateService.java
===================================================================
---
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonHibernateService.java
2010-03-19 10:23:13 UTC (rev 41534)
+++
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonHibernateService.java
2010-03-19 10:52:26 UTC (rev 41535)
@@ -95,7 +95,7 @@
* {...@inheritdoc}
*/
@Transactional
- public Person createPerson(String firstName, String infix, String lastName,
Long authenticationId,String active,Date registerDate) {
+ public Person createPerson(String firstName, String infix, String lastName,
Object authenticationId,String active,Date registerDate) {
if (firstName == null) {
throw new IllegalArgumentException("Firstname is null. ");
}
@@ -110,7 +110,7 @@
person.setFirstName(firstName);
person.setInfix(infix);
person.setLastName(lastName);
- person.setAuthenticationId(authenticationId); // used to find account
+ person.setAuthenticationId((Long)authenticationId); // used to find
account
person.setActive(active);
person.setRegisterDate(registerDate);
getSession().save(person);
@@ -588,4 +588,9 @@
return null;
}
+public void setGenderByUserId(String userId, String gender) {
+ // TODO Auto-generated method stub
+
}
+
+}
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonLDAPService.java
===================================================================
---
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonLDAPService.java
2010-03-19 10:23:13 UTC (rev 41534)
+++
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonLDAPService.java
2010-03-19 10:52:26 UTC (rev 41535)
@@ -5,9 +5,15 @@
import java.util.Map;
import java.util.Set;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+
import org.apache.commons.lang.StringUtils;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
@@ -111,11 +117,109 @@
}
public Person createPerson(String firstName, String infix, String lastName,
- Long authenticationId, String active, Date registerDate) {
- // TODO Auto-generated method stub
- return null;
+ Object authenticationId, String active, Date registerDate) {
+ String email = (String)authenticationId;
+
+ // Create a new person and store it
+ Person person = new Person();
+ person.setFirstName(firstName);
+ person.setInfix(infix);
+ person.setLastName(lastName);
+ person.setEmail(email); // used to find account
+ person.setActive(active);
+ person.setRegisterDate(registerDate);
+
+ String storeId = generateNewIdStoreId(email);
+ person.setId(new Long(storeId.substring(storeId.lastIndexOf("@")+1)));
+
+ BasicAttributes attributes = new BasicAttributes();
+
+ BasicAttribute relationClassAttribute = new
BasicAttribute("objectClass");
+ relationClassAttribute.add(RELATION_CLASS_NAME);
+ attributes.put(relationClassAttribute);
+
+ attributes.put(new BasicAttribute("nai-idStoreId", storeId));
+ if(firstName != null) {
+ attributes.put(new BasicAttribute("nai-firstname",
firstName));
+ }
+ if(infix != null) {
+ attributes.put(new BasicAttribute("nai-nameInfix", infix));
+ }
+ attributes.put(new BasicAttribute("nai-lastName", lastName));
+ attributes.put(new BasicAttribute("nai-email", email));
+ if ("yes".equals(active)) {
+ attributes.put(new BasicAttribute("nai-active",
RegisterStatus.ACTIVE.getName()));
+ }
+ else {
+ attributes.put(new BasicAttribute("nai-active",
RegisterStatus.UNCONFIRMED.getName()));
+ }
+ attributes.put("nai-synchronisationStatus", "new");
+
+ attributes.put("cn", storeId);
+ attributes.put("sn", "Unused");
+
+
+ DistinguishedName newItemDN = new DistinguishedName(RELATION_BASE_DN);
+ newItemDN.add("cn", storeId);
+
+ getLdapTemplate().bind(newItemDN, null, attributes);
+
+ return person;
}
+ /**
+ * Generate a unique ID-store id, by looking in the LDAP database to ensure
it is unique
+ * @param emailAddress The email address to base the unique id on
+ * @return The generated unique id
+ * @throws ServiceException In case the emailAddress is already in use
(currently) by a relation.
+ */
+ private synchronized String generateNewIdStoreId(String emailAddress) {
+ // We never create a new relation for an email address that already
exists
+ if (getPersonByEmail(emailAddress) != null) {
+ throw new RuntimeException("Relation with email address
"+emailAddress+" already exists");
+ }
+ // Find an unused id
+ int index = 1;
+ while (true) {
+ String candidateId = createUniqueId(emailAddress, index);
+ if (getPersonByUserId(candidateId) == null) {
+ // Use this id
+ return candidateId;
+ }
+ // Try another new id
+ index++;
+ }
+ }
+
+ /**
+ * String function to create a unique id with the following properties:
+ * - length < 64
+ * - Based on email address, but possibly not containing all email
characters. The id
+ * itself is not an email address
+ * - Includes suffix (this is important to ensure id is unique as long as
suffix is unique)
+ * @param emailAddress The email address to use in the id
+ * @param suffix The extra number that must be included in the unique id
+ * @return The generated id
+ */
+ private String createUniqueId(String emailAddress, int suffix) {
+ // Create a string based on the suffix, that will be the end of the id
+ int maxIdLength = 64;
+ String suffixString = "@" + String.valueOf(suffix);
+ // Strip all non-Ascii Characters
+ StringBuilder uniqueId = new StringBuilder();
+ for (char emailAddressChar: emailAddress.toCharArray()) {
+ if (uniqueId.length() + suffixString.length() >= maxIdLength) {
+ // String will become too long
+ break;
+ }
+ // Do not include non-Ascii characters
+ if (String.valueOf(emailAddressChar).matches("[a-za-z0-9...@]")) {
+ uniqueId.append(emailAddressChar);
+ }
+ }
+ return uniqueId.toString() + suffixString;
+ }
+
public boolean deletePersonByAuthenticationId(Long userId) {
// TODO Auto-generated method stub
return false;
@@ -162,8 +266,11 @@
}
public Person getPersonByEmail(String email) {
- // TODO Auto-generated method stub
- return null;
+ if (StringUtils.isBlank(email)) {
+ throw new IllegalArgumentException("UserId is not filled in. ");
+ }
+ // Person person = findPersonByUserId(userId);
+ return getNaiIDStorePersonByProperty("nai-email",email);
}
public List<PersonExportImportVO> getPersonExportImportVO() {
@@ -221,6 +328,18 @@
}
return "unknown";
}
-
+ public void setGenderByUserId(String userId, String gender) {
+ DistinguishedName itemDN = new DistinguishedName(RELATION_BASE_DN);
+ itemDN.add("cn", userId);
+
+ BasicAttribute attr = new BasicAttribute("nai-gender", gender);
+ ModificationItem item = new
ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
+ getLdapTemplate().modifyAttributes(itemDN, new ModificationItem[]
{item});
+
+ attr = new BasicAttribute("nai-synchronisationStatus", "changed");
+ item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attr);
+ getLdapTemplate().modifyAttributes(itemDN, new ModificationItem[]
{item});
+
+ }
}
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonService.java
===================================================================
---
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonService.java
2010-03-19 10:23:13 UTC (rev 41534)
+++
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/person/PersonService.java
2010-03-19 10:52:26 UTC (rev 41535)
@@ -35,6 +35,10 @@
*/
String getGenderByUserId(String userId);
+
+ void setGenderByUserId(String userId, String gender);
+
+
/**
* Get a list of matching persons that match the given example. The fields
that are set on the example Person are the
* criteria for the search.
@@ -59,7 +63,7 @@
Person getPersonByEmail(String email);
- Person createPerson(String firstName, String infix, String lastName, Long
authenticationId,String active,Date registerDate);
+ Person createPerson(String firstName, String infix, String lastName, Object
authenticationId,String active,Date registerDate);
/*
* Save or update the person to the database
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthenticationLDAPService.java
===================================================================
---
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthenticationLDAPService.java
2010-03-19 10:23:13 UTC (rev 41534)
+++
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthenticationLDAPService.java
2010-03-19 10:52:26 UTC (rev 41535)
@@ -3,10 +3,15 @@
import java.io.UnsupportedEncodingException;
import java.util.List;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
@@ -24,6 +29,10 @@
public static final String RELATION_BASE_DN =
"ou=Relations,ou=idstore,dc=nai,dc=nl";
public static final String RELATION_CLASS_NAME = "naiIDStorePerson";
+
+ public static final String GROUPS_BASE_DN =
"ou=Groups,ou=idstore,dc=nai,dc=nl";
+ public static final String GROUP_CLASS_NAME = "groupOfUniqueNames";
+
private AuthorityService authorityLDAPService;
@Required
@@ -94,16 +103,58 @@
}
}
return passwordString;
- }
- public void addAuthorityToUser(String userId, String authority) {
- // TODO Auto-generated method stub
-
}
+
+ public void addAuthorityToUser(String userId, String authorityName) {
+// Authority authority =
authorityLDAPService.findAuthorityByName(authorityName);
+ AndFilter filter = new AndFilter();
+ filter.and(new EqualsFilter("objectClass", GROUP_CLASS_NAME));
+ filter.and(new EqualsFilter("cn", authorityName));
+ Attributes groupAttributes = (Attributes)
searchObject(GROUPS_BASE_DN, filter.encode(), getGroupMapper());
+
+ if(groupAttributes == null) {
+ log.warn("New group, create it!");
+ groupAttributes = new BasicAttributes();
+ BasicAttribute groupClassAttribute = new
BasicAttribute("objectClass");
+ groupClassAttribute.add(GROUP_CLASS_NAME);
+ groupAttributes.put(groupClassAttribute);
+ groupAttributes.put("cn", authorityName);
+ groupAttributes.put("description", "NAi Group created by
AuthenticationLDAPService");
+ groupAttributes.put("uniqueMember", "cn="+userId);
+
+ DistinguishedName newItemDN = new
DistinguishedName(GROUPS_BASE_DN);
+ newItemDN.add("cn", authorityName);
+ getLdapTemplate().bind(newItemDN, null, groupAttributes);
+ }
+ else {
+ log.warn("Old group, joining it!");
+ groupAttributes.put("uniqueMember", "cn="+userId);
+ DistinguishedName newItemDN = new
DistinguishedName(GROUPS_BASE_DN);
+ newItemDN.add("cn", authorityName);
+ getLdapTemplate().rebind(newItemDN, null, groupAttributes);
+ }
+ log.warn("Done adding to group!");
+ }
+
+
+
+ private ContextMapper getGroupMapper() {
+ return new GroupContextMapper();
+ }
+
+ private class GroupContextMapper extends AbstractContextMapper {
+ public Object doMapFromContext(DirContextOperations context) {
+ return context.getAttributes();
+ }
+ }
+
+
+
+
public void addAuthorityToUserByAuthenticationId(String authId,
String groupName) {
// TODO Auto-generated method stub
-
}
public boolean authenticate(String userId, String password) {
@@ -161,9 +212,13 @@
}
- public void removeAuthorityFromUser(String userId, String authority) {
- // TODO Auto-generated method stub
-
+ public void removeAuthorityFromUser(String userId, String authorityName) {
+ log.warn("This method is not implemented");
+// Authentication authentication = findAuthentication(userId);
+// Authority authority =
authorityLDAPService.findAuthorityByName(authorityName);
+// if(authority != null) {
+// authentication.removeAuthority(authority);
+// }
}
public void setAuthenticationEnabled(String userId, boolean enabled) {
Modified:
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthorityLDAPService.java
===================================================================
---
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthorityLDAPService.java
2010-03-19 10:23:13 UTC (rev 41534)
+++
CMSContainer/trunk/CMSContainer_Modules/community/src/java/com/finalist/cmsc/services/community/security/AuthorityLDAPService.java
2010-03-19 10:52:26 UTC (rev 41535)
@@ -77,9 +77,18 @@
return null;
}
+ @SuppressWarnings("unchecked")
public Authority findAuthorityByName(String authorityName) {
- // TODO Auto-generated method stub
- return null;
+ AndFilter filter = new AndFilter();
+ filter.and(new EqualsFilter("objectClass", GROUP_CLASS_NAME));
+ filter.and(new EqualsFilter("cn", authorityName));
+ List<Authority> groups=
(List<Authority>)getLdapTemplate().search(GROUPS_BASE_DN, filter.encode(), new
GroupContextMapper());
+ if(groups.size() > 0) {
+ return groups.get(0);
+ }
+ else {
+ return null;
+ }
}
public List<Authority> getAssociatedAuthorities(Map map,
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
