This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 6b91bb487e23045a8a9a02221ae9165fa7348f3d Author: Benoit Tellier <[email protected]> AuthorDate: Thu Jun 10 11:00:49 2021 +0700 JAMES-3594 Strong typing for DN --- .../user/ldap/ReadOnlyLDAPGroupRestriction.java | 10 +++-- .../apache/james/user/ldap/ReadOnlyLDAPUser.java | 7 ++-- .../james/user/ldap/ReadOnlyLDAPUsersDAO.java | 45 +++++++++++----------- 3 files changed, 33 insertions(+), 29 deletions(-) diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPGroupRestriction.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPGroupRestriction.java index d9023b7..25af9ed 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPGroupRestriction.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPGroupRestriction.java @@ -29,8 +29,9 @@ import java.util.Map; import org.apache.commons.configuration2.HierarchicalConfiguration; import org.apache.commons.configuration2.tree.ImmutableNode; +import com.github.fge.lambdas.Throwing; import com.github.steveash.guavate.Guavate; -import com.unboundid.ldap.sdk.LDAPConnection; +import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPConnectionPool; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.SearchResultEntry; @@ -114,8 +115,8 @@ public class ReadOnlyLDAPGroupRestriction { * * @return Returns a map of groupDNs to userDN lists. */ - protected Map<String, Collection<String>> getGroupMembershipLists(LDAPConnectionPool connection) throws LDAPException { - Map<String, Collection<String>> result = new HashMap<>(); + protected Map<String, Collection<DN>> getGroupMembershipLists(LDAPConnectionPool connection) throws LDAPException { + Map<String, Collection<DN>> result = new HashMap<>(); for (String groupDN : groupDNs) { result.put(groupDN, extractMembers(connection.getEntry(groupDN))); @@ -133,9 +134,10 @@ public class ReadOnlyLDAPGroupRestriction { * @return A collection of distinguished-names for the users belonging to * the group with the specified attributes. */ - private Collection<String> extractMembers(SearchResultEntry entry) { + private Collection<DN> extractMembers(SearchResultEntry entry) { com.unboundid.ldap.sdk.Attribute members = entry.getAttribute(memberAttribute); return Arrays.stream(members.getValues()) + .map(Throwing.function(DN::new)) .collect(Guavate.toImmutableList()); } } diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java index 5baaf02..1bc7147 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUser.java @@ -27,6 +27,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.unboundid.ldap.sdk.BindResult; +import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPConnectionPool; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.ldap.sdk.ResultCode; @@ -62,7 +63,7 @@ public class ReadOnlyLDAPUser implements User, Serializable { /** * The distinguished name of the user-record in the LDAP directory. */ - private final String userDN; + private final DN userDN; /** * The context for the LDAP server from which to retrieve the @@ -88,7 +89,7 @@ public class ReadOnlyLDAPUser implements User, Serializable { * invoked. * @param configuration */ - public ReadOnlyLDAPUser(Username userName, String userDN, LDAPConnectionPool connectionPool, LdapRepositoryConfiguration configuration) { + public ReadOnlyLDAPUser(Username userName, DN userDN, LDAPConnectionPool connectionPool, LdapRepositoryConfiguration configuration) { this.userName = userName; this.userDN = userDN; this.connectionPool = connectionPool; @@ -144,7 +145,7 @@ public class ReadOnlyLDAPUser implements User, Serializable { } private boolean doVerifyPassword(String password) throws LDAPException { - BindResult bindResult = connectionPool.bindAndRevertAuthentication(userDN, password); + BindResult bindResult = connectionPool.bindAndRevertAuthentication(userDN.toString(), password); return bindResult.getResultCode() == ResultCode.SUCCESS; } } diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java index 7a2301b..3839126 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyLDAPUsersDAO.java @@ -47,6 +47,7 @@ import org.slf4j.LoggerFactory; import com.github.fge.lambdas.Throwing; import com.github.steveash.guavate.Guavate; import com.unboundid.ldap.sdk.Attribute; +import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.Entry; import com.unboundid.ldap.sdk.Filter; import com.unboundid.ldap.sdk.LDAPConnection; @@ -156,22 +157,22 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { * least one group in the parameter map, and <code>False</code> * otherwise. */ - private boolean userInGroupsMembershipList(String userDN, - Map<String, Collection<String>> groupMembershipList) { + private boolean userInGroupsMembershipList(DN userDN, + Map<String, Collection<DN>> groupMembershipList) { boolean result = false; - Collection<Collection<String>> memberLists = groupMembershipList.values(); - Iterator<Collection<String>> memberListsIterator = memberLists.iterator(); + Collection<Collection<DN>> memberLists = groupMembershipList.values(); + Iterator<Collection<DN>> memberListsIterator = memberLists.iterator(); while (memberListsIterator.hasNext() && !result) { - Collection<String> groupMembers = memberListsIterator.next(); + Collection<DN> groupMembers = memberListsIterator.next(); result = groupMembers.contains(userDN); } return result; } - private Set<String> getAllUsersDNFromLDAP() throws LDAPException { + private Set<DN> getAllUsersDNFromLDAP() throws LDAPException { SearchRequest searchRequest = new SearchRequest(ldapConfiguration.getUserBase(), SearchScope.SUB, createFilter(), @@ -181,7 +182,7 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { return searchResult.getSearchEntries() .stream() - .map(Entry::getDN) + .map(Throwing.function(Entry::getParsedDN)) .collect(Guavate.toImmutableSet()); } @@ -204,7 +205,7 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { * Extract the user attributes for the given collection of userDNs, and * encapsulates the user list as a collection of {@link ReadOnlyLDAPUser}s. * This method delegates the extraction of a single user's details to the - * method {@link #buildUser(String)}. + * method {@link #buildUser(DN)}. * * @param userDNs * The distinguished-names (DNs) of the users whose information @@ -214,10 +215,10 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { * @throws LDAPException * Propagated from the underlying LDAP communication layer. */ - private Collection<ReadOnlyLDAPUser> buildUserCollection(Collection<String> userDNs) throws LDAPException { + private Collection<ReadOnlyLDAPUser> buildUserCollection(Collection<DN> userDNs) throws LDAPException { List<ReadOnlyLDAPUser> results = new ArrayList<>(); - for (String userDN : userDNs) { + for (DN userDN : userDNs) { Optional<ReadOnlyLDAPUser> user = buildUser(userDN); user.ifPresent(results::add); } @@ -240,15 +241,15 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { } if (!ldapConfiguration.getRestriction().isActivated() - || userInGroupsMembershipList(result.getDN(), ldapConfiguration.getRestriction().getGroupMembershipLists(ldapConnectionPool))) { + || userInGroupsMembershipList(result.getParsedDN(), ldapConfiguration.getRestriction().getGroupMembershipLists(ldapConnectionPool))) { - return new ReadOnlyLDAPUser(name, result.getDN(), ldapConnectionPool, ldapConfiguration); + return new ReadOnlyLDAPUser(name, result.getParsedDN(), ldapConnectionPool, ldapConfiguration); } return null; } - private Optional<ReadOnlyLDAPUser> buildUser(String userDN) throws LDAPException { - SearchResultEntry userAttributes = ldapConnectionPool.getEntry(userDN); + private Optional<ReadOnlyLDAPUser> buildUser(DN userDN) throws LDAPException { + SearchResultEntry userAttributes = ldapConnectionPool.getEntry(userDN.toString()); Optional<String> userName = Optional.ofNullable(userAttributes.getAttributeValue(ldapConfiguration.getUserIdAttribute())); return userName .map(Username::of) @@ -292,7 +293,7 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { return getAllUsernamesFromLDAP().count(); } - return getValidUsers().stream() + return getValidUserDNs().stream() .map(Throwing.function(this::buildUser).sneakyThrow()) .flatMap(Optional::stream) .count(); @@ -335,22 +336,22 @@ public class ReadOnlyLDAPUsersDAO implements UsersDAO, Configurable { return getAllUsernamesFromLDAP().iterator(); } - return buildUserCollection(getValidUsers()) + return buildUserCollection(getValidUserDNs()) .stream() .map(ReadOnlyLDAPUser::getUserName) .iterator(); } - private Collection<String> getValidUsers() throws LDAPException { - Set<String> userDNs = getAllUsersDNFromLDAP(); - Collection<String> validUserDNs; + private Collection<DN> getValidUserDNs() throws LDAPException { + Set<DN> userDNs = getAllUsersDNFromLDAP(); + Collection<DN> validUserDNs; if (ldapConfiguration.getRestriction().isActivated()) { - Map<String, Collection<String>> groupMembershipList = ldapConfiguration.getRestriction() + Map<String, Collection<DN>> groupMembershipList = ldapConfiguration.getRestriction() .getGroupMembershipLists(ldapConnectionPool); validUserDNs = new ArrayList<>(); - Iterator<String> userDNIterator = userDNs.iterator(); - String userDN; + Iterator<DN> userDNIterator = userDNs.iterator(); + DN userDN; while (userDNIterator.hasNext()) { userDN = userDNIterator.next(); if (userInGroupsMembershipList(userDN, groupMembershipList)) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
