Repository: james-project Updated Branches: refs/heads/master dca7006e4 -> 21bb9757b
JAMES-2441 Extract LDAP configuration in a POJO Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/fcd09ee0 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/fcd09ee0 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/fcd09ee0 Branch: refs/heads/master Commit: fcd09ee0daf66ca346b2f781e4a88fbfbd937a50 Parents: dca7006 Author: benwa <[email protected]> Authored: Wed Jun 27 10:38:13 2018 +0700 Committer: benwa <[email protected]> Committed: Mon Jul 2 16:35:49 2018 +0700 ---------------------------------------------------------------------- .../user/ldap/LdapRepositoryConfiguration.java | 306 +++++++++++++++++++ .../user/ldap/ReadOnlyUsersLDAPRepository.java | 214 ++++--------- 2 files changed, 357 insertions(+), 163 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/fcd09ee0/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/LdapRepositoryConfiguration.java ---------------------------------------------------------------------- diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/LdapRepositoryConfiguration.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/LdapRepositoryConfiguration.java new file mode 100644 index 0000000..fe230f0 --- /dev/null +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/LdapRepositoryConfiguration.java @@ -0,0 +1,306 @@ +/**************************************************************** + * Licensed to the Apache Software Foundation (ASF) under one * + * or more contributor license agreements. See the NOTICE file * + * distributed with this work for additional information * + * regarding copyright ownership. The ASF licenses this file * + * to you under the Apache License, Version 2.0 (the * + * "License"); you may not use this file except in compliance * + * with the License. You may obtain a copy of the License at * + * * + * http://www.apache.org/licenses/LICENSE-2.0 * + * * + * Unless required by applicable law or agreed to in writing, * + * software distributed under the License is distributed on an * + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * + * KIND, either express or implied. See the License for the * + * specific language governing permissions and limitations * + * under the License. * + ****************************************************************/ + +package org.apache.james.user.ldap; + +import java.util.Objects; +import java.util.Optional; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.HierarchicalConfiguration; + +public class LdapRepositoryConfiguration { + public static final String SUPPORTS_VIRTUAL_HOSTING = "supportsVirtualHosting"; + + public static LdapRepositoryConfiguration from(HierarchicalConfiguration configuration) throws ConfigurationException { + String ldapHost = configuration.getString("[@ldapHost]", ""); + String principal = configuration.getString("[@principal]", ""); + String credentials = configuration.getString("[@credentials]", ""); + String userBase = configuration.getString("[@userBase]"); + String userIdAttribute = configuration.getString("[@userIdAttribute]"); + String userObjectClass = configuration.getString("[@userObjectClass]"); + // Default is to use connection pooling + boolean useConnectionPool = configuration.getBoolean("[@useConnectionPool]", true); + int connectionTimeout = configuration.getInt("[@connectionTimeout]", -1); + int readTimeout = configuration.getInt("[@readTimeout]", -1); + // Default maximum retries is 1, which allows an alternate connection to + // be found in a multi-homed environment + int maxRetries = configuration.getInt("[@maxRetries]", 1); + boolean supportsVirtualHosting = configuration.getBoolean(SUPPORTS_VIRTUAL_HOSTING, false); + // Default retry start interval is 0 second + long retryStartInterval = configuration.getLong("[@retryStartInterval]", 0); + // Default maximum retry interval is 60 seconds + long retryMaxInterval = configuration.getLong("[@retryMaxInterval]", 60); + int scale = configuration.getInt("[@retryIntervalScale]", 1000); // seconds + + HierarchicalConfiguration restrictionConfig = null; + // Check if we have a restriction we can use + // See JAMES-1204 + if (configuration.containsKey("restriction[@memberAttribute]")) { + restrictionConfig = configuration.configurationAt("restriction"); + } + ReadOnlyLDAPGroupRestriction restriction = new ReadOnlyLDAPGroupRestriction(restrictionConfig); + + //see if there is a filter argument + String filter = configuration.getString("[@filter]"); + + Optional<String> administratorId = Optional.ofNullable(configuration.getString("[@administratorId]")); + + return new LdapRepositoryConfiguration( + ldapHost, + principal, + credentials, + userBase, + userIdAttribute, + userObjectClass, + useConnectionPool, + connectionTimeout, + readTimeout, + maxRetries, + supportsVirtualHosting, + retryStartInterval, + retryMaxInterval, + scale, + restriction, + filter, + administratorId); + } + + /** + * The URL of the LDAP server against which users are to be authenticated. + * Note that users are actually authenticated by binding against the LDAP + * server using the users "dn" and "credentials".The + * value of this field is taken from the value of the configuration + * attribute "ldapHost". + */ + private final String ldapHost; + + /** + * The user with which to initially bind to the LDAP server. The value of + * this field is taken from the configuration attribute + * "principal". + */ + private final String principal; + + /** + * The password/credentials with which to initially bind to the LDAP server. + * The value of this field is taken from the configuration attribute + * "credentials". + */ + private final String credentials; + + /** + * This is the LDAP context/sub-context within which to search for user + * entities. The value of this field is taken from the configuration + * attribute "userBase". + */ + private final String userBase; + + /** + * The value of this field is taken from the configuration attribute + * "userIdAttribute". This is the LDAP attribute type which holds + * the userId value. Note that this is not the same as the email address + * attribute. + */ + private final String userIdAttribute; + + /** + * The value of this field is taken from the configuration attribute + * "userObjectClass". This is the LDAP object class to use in the + * search filter for user nodes under the userBase value. + */ + private final String userObjectClass; + + // Use a connection pool. Default is true. + private final boolean useConnectionPool; + + // The connection timeout in milliseconds. + // A value of less than or equal to zero means to use the network protocol's + // (i.e., TCP's) timeout value. + private final int connectionTimeout; + + // The LDAP read timeout in milliseconds. + private final int readTimeout; + + // Maximum number of times to retry a connection attempts. Default is no + // retries. + private final int maxRetries; + private final boolean supportsVirtualHosting; + private final long retryStartInterval; + private final long retryMaxInterval; + private final int scale; + + /** + * Encapsulates the information required to restrict users to LDAP groups or + * roles. This object is populated from the contents of the configuration + * element <restriction>. + */ + private final ReadOnlyLDAPGroupRestriction restriction; + + /** + * The value of this field is taken from the configuration attribute "filter". + * This is the search filter to use to find the desired user. + */ + private final String filter; + + /** + * UserId of the administrator + * The administrator is allowed to log in as other users + */ + private final Optional<String> administratorId; + + private LdapRepositoryConfiguration(String ldapHost, String principal, String credentials, String userBase, String userIdAttribute, + String userObjectClass, boolean useConnectionPool, int connectionTimeout, int readTimeout, + int maxRetries, boolean supportsVirtualHosting, long retryStartInterval, long retryMaxInterval, + int scale, ReadOnlyLDAPGroupRestriction restriction, String filter, + Optional<String> administratorId) throws ConfigurationException { + this.ldapHost = ldapHost; + this.principal = principal; + this.credentials = credentials; + this.userBase = userBase; + this.userIdAttribute = userIdAttribute; + this.userObjectClass = userObjectClass; + this.useConnectionPool = useConnectionPool; + this.connectionTimeout = connectionTimeout; + this.readTimeout = readTimeout; + this.maxRetries = maxRetries; + this.supportsVirtualHosting = supportsVirtualHosting; + this.retryStartInterval = retryStartInterval; + this.retryMaxInterval = retryMaxInterval; + this.scale = scale; + this.restriction = restriction; + this.filter = filter; + this.administratorId = administratorId; + + checkState(); + } + + private void checkState() throws ConfigurationException { + if (userBase == null) { + throw new ConfigurationException("[@userBase] is mandatory"); + } + if (userIdAttribute == null) { + throw new ConfigurationException("[@userIdAttribute] is mandatory"); + } + if (userObjectClass == null) { + throw new ConfigurationException("[@userObjectClass] is mandatory"); + } + } + + public String getLdapHost() { + return ldapHost; + } + + public String getPrincipal() { + return principal; + } + + public String getCredentials() { + return credentials; + } + + public String getUserBase() { + return userBase; + } + + public String getUserIdAttribute() { + return userIdAttribute; + } + + public String getUserObjectClass() { + return userObjectClass; + } + + public boolean useConnectionPool() { + return useConnectionPool; + } + + public int getConnectionTimeout() { + return connectionTimeout; + } + + public int getReadTimeout() { + return readTimeout; + } + + public int getMaxRetries() { + return maxRetries; + } + + public boolean supportsVirtualHosting() { + return supportsVirtualHosting; + } + + public long getRetryStartInterval() { + return retryStartInterval; + } + + public long getRetryMaxInterval() { + return retryMaxInterval; + } + + public int getScale() { + return scale; + } + + public ReadOnlyLDAPGroupRestriction getRestriction() { + return restriction; + } + + public String getFilter() { + return filter; + } + + public Optional<String> getAdministratorId() { + return administratorId; + } + + @Override + public final boolean equals(Object o) { + if (o instanceof LdapRepositoryConfiguration) { + LdapRepositoryConfiguration that = (LdapRepositoryConfiguration) o; + + return Objects.equals(this.useConnectionPool, that.useConnectionPool) + && Objects.equals(this.connectionTimeout, that.connectionTimeout) + && Objects.equals(this.readTimeout, that.readTimeout) + && Objects.equals(this.maxRetries, that.maxRetries) + && Objects.equals(this.supportsVirtualHosting, that.supportsVirtualHosting) + && Objects.equals(this.retryStartInterval, that.retryStartInterval) + && Objects.equals(this.retryMaxInterval, that.retryMaxInterval) + && Objects.equals(this.scale, that.scale) + && Objects.equals(this.ldapHost, that.ldapHost) + && Objects.equals(this.principal, that.principal) + && Objects.equals(this.credentials, that.credentials) + && Objects.equals(this.userBase, that.userBase) + && Objects.equals(this.userIdAttribute, that.userIdAttribute) + && Objects.equals(this.userObjectClass, that.userObjectClass) + && Objects.equals(this.restriction, that.restriction) + && Objects.equals(this.filter, that.filter) + && Objects.equals(this.administratorId, that.administratorId); + } + return false; + } + + @Override + public final int hashCode() { + return Objects.hash(ldapHost, principal, credentials, userBase, userIdAttribute, userObjectClass, useConnectionPool, + connectionTimeout, readTimeout, maxRetries, supportsVirtualHosting, retryStartInterval, retryMaxInterval, scale, + restriction, filter, administratorId); + } +} http://git-wip-us.apache.org/repos/asf/james-project/blob/fcd09ee0/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java ---------------------------------------------------------------------- diff --git a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java index 3007d85..6f6677b 100644 --- a/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java +++ b/server/data/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java @@ -25,7 +25,6 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Optional; import java.util.Properties; import java.util.Set; @@ -59,6 +58,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.github.steveash.guavate.Guavate; +import com.google.common.base.Strings; /** * <p> @@ -251,96 +251,16 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl public static final String SUPPORTS_VIRTUAL_HOSTING = "supportsVirtualHosting"; /** - * The URL of the LDAP server against which users are to be authenticated. - * Note that users are actually authenticated by binding against the LDAP - * server using the users "dn" and "credentials".The - * value of this field is taken from the value of the configuration - * attribute "ldapHost". - */ - private String ldapHost; - - /** - * The value of this field is taken from the configuration attribute - * "userIdAttribute". This is the LDAP attribute type which holds - * the userId value. Note that this is not the same as the email address - * attribute. - */ - private String userIdAttribute; - - /** - * The value of this field is taken from the configuration attribute - * "userObjectClass". This is the LDAP object class to use in the - * search filter for user nodes under the userBase value. - */ - private String userObjectClass; - - /** - * The value of this field is taken from the configuration attribute "filter". - * This is the search filter to use to find the desired user. - */ - private String filter; - - /** - * This is the LDAP context/sub-context within which to search for user - * entities. The value of this field is taken from the configuration - * attribute "userBase". - */ - private String userBase; - - /** - * The user with which to initially bind to the LDAP server. The value of - * this field is taken from the configuration attribute - * "principal". - */ - private String principal; - - /** - * The password/credentials with which to initially bind to the LDAP server. - * The value of this field is taken from the configuration attribute - * "credentials". - */ - private String credentials; - - /** - * Encapsulates the information required to restrict users to LDAP groups or - * roles. This object is populated from the contents of the configuration - * element <restriction>. - */ - private ReadOnlyLDAPGroupRestriction restriction; - - /** * The context for the LDAP server. This is the connection that is built * from the configuration attributes "ldapHost", * "principal" and "credentials". */ private LdapContext ldapContext; - private boolean supportsVirtualHosting; - - /** - * UserId of the administrator - * The administrator is allowed to log in as other users - */ - private Optional<String> administratorId; - - // Use a connection pool. Default is true. - private boolean useConnectionPool = true; - - // The connection timeout in milliseconds. - // A value of less than or equal to zero means to use the network protocol's - // (i.e., TCP's) timeout value. - private int connectionTimeout = -1; - - // The LDAP read timeout in milliseconds. - private int readTimeout = -1; - // The schedule for retry attempts private RetrySchedule schedule = null; - // Maximum number of times to retry a connection attempts. Default is no - // retries. - private int maxRetries = 0; - private final DomainList domainList; + private LdapRepositoryConfiguration ldapConfiguration; @Inject public ReadOnlyUsersLDAPRepository(DomainList domainList) { @@ -351,61 +271,24 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl /** * Extracts the parameters required by the repository instance from the * James server configuration data. The fields extracted include - * {@link #ldapHost}, {@link #userIdAttribute}, {@link #userBase}, - * {@link #principal}, {@link #credentials} and {@link #restriction}. + * {@link LdapRepositoryConfiguration#ldapHost}, {@link LdapRepositoryConfiguration#userIdAttribute}, {@link LdapRepositoryConfiguration#userBase}, + * {@link LdapRepositoryConfiguration#principal}, {@link LdapRepositoryConfiguration#credentials} and {@link LdapRepositoryConfiguration#restriction}. * * @param configuration * An encapsulation of the James server configuration data. */ @Override public void configure(HierarchicalConfiguration configuration) throws ConfigurationException { - ldapHost = configuration.getString("[@ldapHost]", ""); - principal = configuration.getString("[@principal]", ""); - credentials = configuration.getString("[@credentials]", ""); - userBase = configuration.getString("[@userBase]"); - userIdAttribute = configuration.getString("[@userIdAttribute]"); - userObjectClass = configuration.getString("[@userObjectClass]"); - // Default is to use connection pooling - useConnectionPool = configuration.getBoolean("[@useConnectionPool]", true); - connectionTimeout = configuration.getInt("[@connectionTimeout]", -1); - readTimeout = configuration.getInt("[@readTimeout]", -1); - // Default maximum retries is 1, which allows an alternate connection to - // be found in a multi-homed environment - maxRetries = configuration.getInt("[@maxRetries]", 1); - supportsVirtualHosting = configuration.getBoolean(SUPPORTS_VIRTUAL_HOSTING, false); - // Default retry start interval is 0 second - long retryStartInterval = configuration.getLong("[@retryStartInterval]", 0); - // Default maximum retry interval is 60 seconds - long retryMaxInterval = configuration.getLong("[@retryMaxInterval]", 60); - int scale = configuration.getInt("[@retryIntervalScale]", 1000); // seconds - schedule = new DoublingRetrySchedule(retryStartInterval, retryMaxInterval, scale); - - HierarchicalConfiguration restrictionConfig = null; - // Check if we have a restriction we can use - // See JAMES-1204 - if (configuration.containsKey("restriction[@memberAttribute]")) { - restrictionConfig = configuration.configurationAt("restriction"); - } - restriction = new ReadOnlyLDAPGroupRestriction(restrictionConfig); - - //see if there is a filter argument - filter = configuration.getString("[@filter]"); - - administratorId = Optional.ofNullable(configuration.getString("[@administratorId]")); - - checkState(); + configure(LdapRepositoryConfiguration.from(configuration)); } - private void checkState() throws ConfigurationException { - if (userBase == null) { - throw new ConfigurationException("[@userBase] is mandatory"); - } - if (userIdAttribute == null) { - throw new ConfigurationException("[@userIdAttribute] is mandatory"); - } - if (userObjectClass == null) { - throw new ConfigurationException("[@userObjectClass] is mandatory"); - } + public void configure(LdapRepositoryConfiguration configuration) { + ldapConfiguration = configuration; + + schedule = new DoublingRetrySchedule( + configuration.getRetryStartInterval(), + configuration.getRetryMaxInterval(), + configuration.getScale()); } /** @@ -419,7 +302,12 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl @PostConstruct public void init() throws Exception { if (LOGGER.isDebugEnabled()) { - LOGGER.debug(this.getClass().getName() + ".init()" + '\n' + "LDAP host: " + ldapHost + '\n' + "User baseDN: " + userBase + '\n' + "userIdAttribute: " + userIdAttribute + '\n' + "Group restriction: " + restriction + '\n' + "UseConnectionPool: " + useConnectionPool + '\n' + "connectionTimeout: " + connectionTimeout + '\n' + "readTimeout: " + readTimeout + '\n' + "retrySchedule: " + schedule + '\n' + "maxRetries: " + maxRetries + '\n'); + LOGGER.debug(this.getClass().getName() + ".init()" + '\n' + "LDAP host: " + ldapConfiguration.getLdapHost() + + '\n' + "User baseDN: " + ldapConfiguration.getUserBase() + '\n' + "userIdAttribute: " + + ldapConfiguration.getUserIdAttribute() + '\n' + "Group restriction: " + ldapConfiguration.getRestriction() + + '\n' + "UseConnectionPool: " + ldapConfiguration.useConnectionPool() + '\n' + "connectionTimeout: " + + ldapConfiguration.getConnectionTimeout() + '\n' + "readTimeout: " + ldapConfiguration.getReadTimeout() + + '\n' + "retrySchedule: " + schedule + '\n' + "maxRetries: " + ldapConfiguration.getMaxRetries() + '\n'); } // Setup the initial LDAP context updateLdapContext(); @@ -450,7 +338,7 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl * Propagated from underlying LDAP communication API. */ protected LdapContext computeLdapContext() throws NamingException { - return new RetryingLdapContext(schedule, maxRetries) { + return new RetryingLdapContext(schedule, ldapConfiguration.getMaxRetries()) { @Override public Context newDelegate() throws NamingException { @@ -462,21 +350,21 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl protected Properties getContextEnvironment() { final Properties props = new Properties(); props.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY); - props.put(Context.PROVIDER_URL, null == ldapHost ? "" : ldapHost); - if (null == credentials || credentials.isEmpty()) { + props.put(Context.PROVIDER_URL, null == ldapConfiguration.getLdapHost() ? "" : ldapConfiguration.getLdapHost()); + if (Strings.isNullOrEmpty(ldapConfiguration.getCredentials())) { props.put(Context.SECURITY_AUTHENTICATION, LdapConstants.SECURITY_AUTHENTICATION_NONE); } else { props.put(Context.SECURITY_AUTHENTICATION, LdapConstants.SECURITY_AUTHENTICATION_SIMPLE); - props.put(Context.SECURITY_PRINCIPAL, null == principal ? "" : principal); - props.put(Context.SECURITY_CREDENTIALS, credentials); + props.put(Context.SECURITY_PRINCIPAL, null == ldapConfiguration.getPrincipal() ? "" : ldapConfiguration.getPrincipal()); + props.put(Context.SECURITY_CREDENTIALS, ldapConfiguration.getCredentials()); } // The following properties are specific to com.sun.jndi.ldap.LdapCtxFactory - props.put(PROPERTY_NAME_CONNECTION_POOL, Boolean.toString(useConnectionPool)); - if (connectionTimeout > -1) { - props.put(PROPERTY_NAME_CONNECT_TIMEOUT, Integer.toString(connectionTimeout)); + props.put(PROPERTY_NAME_CONNECTION_POOL, String.valueOf(ldapConfiguration.useConnectionPool())); + if (ldapConfiguration.getConnectionTimeout() > -1) { + props.put(PROPERTY_NAME_CONNECT_TIMEOUT, String.valueOf(ldapConfiguration.getConnectionTimeout())); } - if (readTimeout > -1) { - props.put(PROPERTY_NAME_READ_TIMEOUT, Integer.toString(readTimeout)); + if (ldapConfiguration.getReadTimeout() > -1) { + props.put(PROPERTY_NAME_READ_TIMEOUT, Integer.toString(ldapConfiguration.getReadTimeout())); } return props; } @@ -515,7 +403,7 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl /** * Gets all the user entities taken from the LDAP server, as taken from the - * search-context given by the value of the attribute {@link #userBase}. + * search-context given by the value of the attribute {@link LdapRepositoryConfiguration#userBase}. * * @return A set containing all the relevant users found in the LDAP * directory. @@ -528,8 +416,8 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); sc.setReturningAttributes(new String[] { "distinguishedName" }); - NamingEnumeration<SearchResult> sr = ldapContext.search(userBase, "(objectClass=" - + userObjectClass + ")", sc); + NamingEnumeration<SearchResult> sr = ldapContext.search(ldapConfiguration.getUserBase(), "(objectClass=" + + ldapConfiguration.getUserObjectClass() + ")", sc); while (sr.hasMore()) { SearchResult r = sr.next(); result.add(r.getNameInNamespace()); @@ -565,11 +453,11 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl } /** - * For a given name, this method makes ldap search in userBase with filter {@link #userIdAttribute}=name and objectClass={@link #userObjectClass} - * and builds {@link User} based on search result. + * For a given name, this method makes ldap search in userBase with filter {@link LdapRepositoryConfiguration#userIdAttribute}=name + * and objectClass={@link LdapRepositoryConfiguration#userObjectClass} and builds {@link User} based on search result. * * @param name - * The userId which should be value of the field {@link #userIdAttribute} + * The userId which should be value of the field {@link LdapRepositoryConfiguration#userIdAttribute} * @return A {@link ReadOnlyLDAPUser} instance which is initialized with the * userId of this user and ldap connection information with which * the user was searched. Return null if such a user was not found. @@ -579,30 +467,30 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl private ReadOnlyLDAPUser searchAndBuildUser(String name) throws NamingException { SearchControls sc = new SearchControls(); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); - sc.setReturningAttributes(new String[] { userIdAttribute }); + sc.setReturningAttributes(new String[] { ldapConfiguration.getUserIdAttribute() }); sc.setCountLimit(1); String filterTemplate = "(&({0}={1})(objectClass={2})" + - StringUtils.defaultString(filter, "") + + StringUtils.defaultString(ldapConfiguration.getFilter(), "") + ")"; String sanitizedFilter = FilterEncoder.format( filterTemplate, - userIdAttribute, + ldapConfiguration.getUserIdAttribute(), name, - userObjectClass); + ldapConfiguration.getUserObjectClass()); - NamingEnumeration<SearchResult> sr = ldapContext.search(userBase, sanitizedFilter, sc); + NamingEnumeration<SearchResult> sr = ldapContext.search(ldapConfiguration.getUserBase(), sanitizedFilter, sc); if (!sr.hasMore()) { return null; } SearchResult r = sr.next(); - Attribute userName = r.getAttributes().get(userIdAttribute); + Attribute userName = r.getAttributes().get(ldapConfiguration.getUserIdAttribute()); - if (!restriction.isActivated() - || userInGroupsMembershipList(r.getNameInNamespace(), restriction.getGroupMembershipLists(ldapContext))) { + if (!ldapConfiguration.getRestriction().isActivated() + || userInGroupsMembershipList(r.getNameInNamespace(), ldapConfiguration.getRestriction().getGroupMembershipLists(ldapContext))) { return new ReadOnlyLDAPUser(userName.get().toString(), r.getNameInNamespace(), ldapContext); } @@ -614,7 +502,7 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl * server, so as to extract the items that are of interest to James. * Specifically it extracts the userId, which is extracted from the LDAP * attribute whose name is given by the value of the field - * {@link #userIdAttribute}. + * {@link LdapRepositoryConfiguration#userIdAttribute}. * * @param userDN * The distinguished-name of the user whose details are to be @@ -627,7 +515,7 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl */ private ReadOnlyLDAPUser buildUser(String userDN) throws NamingException { Attributes userAttributes = ldapContext.getAttributes(userDN); - Attribute userName = userAttributes.get(userIdAttribute); + Attribute userName = userAttributes.get(ldapConfiguration.getUserIdAttribute()); return new ReadOnlyLDAPUser(userName.get().toString(), userDN, ldapContext); } @@ -709,8 +597,8 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl Set<String> userDNs = getAllUsersFromLDAP(); Collection<String> validUserDNs; - if (restriction.isActivated()) { - Map<String, Collection<String>> groupMembershipList = restriction + if (ldapConfiguration.getRestriction().isActivated()) { + Map<String, Collection<String>> groupMembershipList = ldapConfiguration.getRestriction() .getGroupMembershipLists(ldapContext); validUserDNs = new ArrayList<>(); @@ -761,12 +649,12 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl */ @Override public boolean supportVirtualHosting() { - return supportsVirtualHosting; + return ldapConfiguration.supportsVirtualHosting(); } @Override - public String getUser(MailAddress mailAddress) throws UsersRepositoryException { + public String getUser(MailAddress mailAddress) { if (supportVirtualHosting()) { return mailAddress.asString(); } else { @@ -775,9 +663,9 @@ public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurabl } @Override - public boolean isAdministrator(String username) throws UsersRepositoryException { - if (administratorId.isPresent()) { - return administratorId.get().equals(username); + public boolean isAdministrator(String username) { + if (ldapConfiguration.getAdministratorId().isPresent()) { + return ldapConfiguration.getAdministratorId().get().equals(username); } return false; } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
