mpoeschl 2002/12/31 04:51:11
Modified: conf TurbineResources.properties
conf/master TurbineResources.master
src/java/org/apache/turbine/om/security/peer RolePeer.java
src/java/org/apache/turbine/services/security/ldap
LDAPSecurityConstants.java LDAPSecurityService.java
LDAPUser.java LDAPUserManager.java
xdocs changes.xml
Added: conf/openldap slapd.conf turbine.schema turbine.ldif
Log:
TTWS24: improved LDAP SecurityService
Revision Changes Path
1.22 +115 -11 jakarta-turbine-2/conf/TurbineResources.properties
Index: TurbineResources.properties
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/conf/TurbineResources.properties,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- TurbineResources.properties 23 Dec 2002 23:03:08 -0000 1.21
+++ TurbineResources.properties 31 Dec 2002 12:51:10 -0000 1.22
@@ -601,6 +601,8 @@
# You want to override this setting only if you want your User
# implementation to provide application specific addtional
# functionality.
+# For LDAP use:
+#
services.SecurityService.user.class=org.apache.turbine.services.security.ldap.LDAPUser
#
# Default: org.apache.turbine.om.security.TurbineUser
#
@@ -622,7 +624,10 @@
# This is the class that implements UserManager interface.
# Override this setting if you want your User information stored
# on a different medium (LDAP directory is a good example).
-# Default implementation uses Peers and a relational database .
+# Default implementation uses Peers and a relational database.
+#
+# For LDAP use:
+#
services.SecurityService.user.manager=org.apache.turbine.services.security.ldap.LDAPUserManager
#
services.SecurityService.user.manager=org.apache.turbine.services.security.db.DBUserManager
@@ -650,17 +655,116 @@
services.SecurityService.secure.passwords.algorithm=SHA
+#
# Configuration for the LDAP Security Service implementation
+#
+
+#
+# This property specifies the type of security authentication
+#
+# Default: simple
+#
+
+# services.SecurityService.ldap.security.authentication=simple
+
+#
+# The host name where the LDAP server is listenting.
+#
+# Default: localhost
+#
+
+# services.SecurityService.ldap.host=localhost
+
+#
+# The port number where the LDAP server is listenting.
+#
+# Default: 389
+#
+
+# services.SecurityService.ldap.port=389
+
+#
+# The user name of the admin user. The admin user should be able to
+# read from the LDAP repository.
+# Characteres '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+
+#
services.SecurityService.ldap.admin.username=turbineUserUniqueId/turbine%dc/example%dc/com
+
+#
+# The password of the admin user.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.admin.password=turbine
+
+#
+# The class name of the ldap provider.
+#
+# Default: com.sun.jndi.ldap.LdapCtxFactory
+#
+
+# services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
+
+#
+# The directory base to search.
+# '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.basesearch=dc/example%dc/com
+
+#
+# The unique id. It must be an integer field and it is required only when
+# the users are in LDAP but the groups, roles and permissions are in the
+# Database.
+#
+# services.SecurityService.ldap.user.userid=
+
+#
+# This property maps the username with an attribute in LDAP.
+#
+# Default: turbineUserUniqueId
+#
+
+# services.SecurityService.ldap.user.username=turbineUserUniqueId
+
+#
+# This property maps the firstname with an attribute in LDAP.
+#
+# Default: turbineUserFirstName
+#
+
+# services.SecurityService.ldap.user.firstname=turbineUserFirstName
+
+#
+# This property maps the lastname with an attribute in LDAP.
+#
+# Default: turbineUserLastName
+#
+
+# services.SecurityService.ldap.user.lastname=turbineUserLastName
+
+#
+# This property maps the email with an attribute in LDAP.
+#
+# Default: turbineUserMailAddress
+#
+
+# services.SecurityService.ldap.user.email=turbineUserMailAddress
+
+#
+# This property maps the userPassword with an attribute in LDAP.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.user.password=userPassword
-#services.SecurityService.ldap.security.athentication=simple
-#services.SecurityService.ldap.port=<LDAP PORT>
-#services.SecurityService.ldap.host=<LDAP HOST>
-#services.SecurityService.ldap.admin.username=<ADMIN USERNAME>
-#services.SecurityService.ldap.admin.password=<ADMIN PASSWORD>
-#services.SecurityService.ldap.user.basesearch=<SEARCH PATTERN>
-#services.SecurityService.ldap.user.search.filter=<SEARCH FILTER>
-#services.SecurityService.ldap.dn.attribute=userPrincipalName
-#services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
# -------------------------------------------------------------------
#
1.21 +115 -11 jakarta-turbine-2/conf/master/TurbineResources.master
Index: TurbineResources.master
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/conf/master/TurbineResources.master,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- TurbineResources.master 23 Dec 2002 23:03:08 -0000 1.20
+++ TurbineResources.master 31 Dec 2002 12:51:11 -0000 1.21
@@ -601,6 +601,8 @@
# You want to override this setting only if you want your User
# implementation to provide application specific addtional
# functionality.
+# For LDAP use:
+#
services.SecurityService.user.class=org.apache.turbine.services.security.ldap.LDAPUser
#
# Default: org.apache.turbine.om.security.TurbineUser
#
@@ -622,7 +624,10 @@
# This is the class that implements UserManager interface.
# Override this setting if you want your User information stored
# on a different medium (LDAP directory is a good example).
-# Default implementation uses Peers and a relational database .
+# Default implementation uses Peers and a relational database.
+#
+# For LDAP use:
+#
services.SecurityService.user.manager=org.apache.turbine.services.security.ldap.LDAPUserManager
#
services.SecurityService.user.manager=org.apache.turbine.services.security.db.DBUserManager
@@ -650,17 +655,116 @@
services.SecurityService.secure.passwords.algorithm=SHA
+#
# Configuration for the LDAP Security Service implementation
+#
+
+#
+# This property specifies the type of security authentication
+#
+# Default: simple
+#
+
+# services.SecurityService.ldap.security.authentication=simple
+
+#
+# The host name where the LDAP server is listenting.
+#
+# Default: localhost
+#
+
+# services.SecurityService.ldap.host=localhost
+
+#
+# The port number where the LDAP server is listenting.
+#
+# Default: 389
+#
+
+# services.SecurityService.ldap.port=389
+
+#
+# The user name of the admin user. The admin user should be able to
+# read from the LDAP repository.
+# Characteres '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+
+#
services.SecurityService.ldap.admin.username=turbineUserUniqueId/turbine%dc/example%dc/com
+
+#
+# The password of the admin user.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.admin.password=turbine
+
+#
+# The class name of the ldap provider.
+#
+# Default: com.sun.jndi.ldap.LdapCtxFactory
+#
+
+# services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
+
+#
+# The directory base to search.
+# '/' are replaced by '=' and '%' are replaced by ','.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.basesearch=dc/example%dc/com
+
+#
+# The unique id. It must be an integer field and it is required only when
+# the users are in LDAP but the groups, roles and permissions are in the
+# Database.
+#
+# services.SecurityService.ldap.user.userid=
+
+#
+# This property maps the username with an attribute in LDAP.
+#
+# Default: turbineUserUniqueId
+#
+
+# services.SecurityService.ldap.user.username=turbineUserUniqueId
+
+#
+# This property maps the firstname with an attribute in LDAP.
+#
+# Default: turbineUserFirstName
+#
+
+# services.SecurityService.ldap.user.firstname=turbineUserFirstName
+
+#
+# This property maps the lastname with an attribute in LDAP.
+#
+# Default: turbineUserLastName
+#
+
+# services.SecurityService.ldap.user.lastname=turbineUserLastName
+
+#
+# This property maps the email with an attribute in LDAP.
+#
+# Default: turbineUserMailAddress
+#
+
+# services.SecurityService.ldap.user.email=turbineUserMailAddress
+
+#
+# This property maps the userPassword with an attribute in LDAP.
+#
+# Default: none
+#
+
+# services.SecurityService.ldap.user.password=userPassword
-#services.SecurityService.ldap.security.athentication=simple
-#services.SecurityService.ldap.port=<LDAP PORT>
-#services.SecurityService.ldap.host=<LDAP HOST>
-#services.SecurityService.ldap.admin.username=<ADMIN USERNAME>
-#services.SecurityService.ldap.admin.password=<ADMIN PASSWORD>
-#services.SecurityService.ldap.user.basesearch=<SEARCH PATTERN>
-#services.SecurityService.ldap.user.search.filter=<SEARCH FILTER>
-#services.SecurityService.ldap.dn.attribute=userPrincipalName
-#services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
# -------------------------------------------------------------------
#
1.1 jakarta-turbine-2/conf/openldap/slapd.conf
Index: slapd.conf
===================================================================
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt
Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/turbine.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/slapd.pid
argsfile /usr/local/var/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=example,dc=com"
rootdn "turbineUserUniqueId=turbine,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw turbine
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /usr/local/var/openldap-ldbm
# Indices to maintain
index objectClass eq
access to attr=userPassword
by self write
by anonymous auth
by dn="turbineUserUniqueId=turbine,dc=example,dc=com" write
by * none
access to *
by self write
by dn="turbineUserUniqueId=turbine,dc=example,dc=com" write
by users read
1.1 jakarta-turbine-2/conf/openldap/turbine.schema
Index: turbine.schema
===================================================================
attributetype ( 15530.1.1
NAME 'turbineGroupMember'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 15530.1.2
NAME 'turbineObjectData'
DESC ''
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
attributetype ( 15530.1.3
NAME 'turbinePermission'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 15530.1.4
NAME 'turbineRoleMember'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
attributetype ( 15530.1.5
NAME 'turbineUserCreationDate'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
SINGLE-VALUE)
attributetype ( 15530.1.6
NAME 'turbineUserFirstName'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 15530.1.7
NAME 'turbineUserLastLogon'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
SINGLE-VALUE)
attributetype ( 15530.1.8
NAME 'turbineUserLastModifiedTime'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
SINGLE-VALUE)
attributetype ( 15530.1.9
NAME 'turbineUserLastName'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 15530.1.10
NAME 'turbineUserMailAddress'
DESC ''
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 15530.1.11
NAME 'turbineUserPassword'
DESC ''
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype ( 15530.1.12
NAME 'turbineUserUniqueId'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE)
attributetype ( 15530.1.13
NAME 'turbineGroup'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( 15530.1.14
NAME 'turbineRoleName'
DESC ''
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
objectclass ( 15530.2.1
NAME 'turbineUserGroup'
DESC 'Turbine User Group '
SUP top
AUXILIARY
MUST ( turbineUserUniqueId $ turbineGroup )
MAY ( turbineRoleName $ turbineObjectData ))
objectclass ( 15530.2.2
NAME 'turbineRole'
DESC 'Turbine role'
SUP top
AUXILIARY
MUST ( turbineRoleName )
MAY ( turbineObjectData $ turbinePermission ))
objectclass ( 15530.2.3
NAME 'turbineUser'
DESC 'Turbine user'
SUP top
AUXILIARY
MUST ( turbineUserUniqueId )
MAY ( turbineObjectData $ turbineUserCreationDate $ turbineUserFirstName $
turbineUserLastLogon $ turbineUserLastModifiedTime $ turbineUserLastName $
turbineUserMailAddress $ userPassword ))
1.1 jakarta-turbine-2/conf/openldap/turbine.ldif
Index: turbine.ldif
===================================================================
dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example
dn: turbineUserUniqueId=turbine,dc=example,dc=com
objectclass: turbineUser
turbineUserUniqueId: turbine
turbineUserFirstName: Turbine
userPassword: turbine
dn: turbineUserUniqueId=hhernandez,dc=example,dc=com
objectclass: turbineUser
turbineUserUniqueId: hhernandez
turbineUserFirstName: Humberto
turbineUserLastName: Hernandez
turbineUserMailAddress: [EMAIL PROTECTED]
userPassword: secreto
dn: turbineRoleName=root,dc=example,dc=com
objectclass: turbineRole
turbineRoleName: root
turbinePermission: admin
turbinePermission: view
dn: turbineRoleName=editor,dc=example,dc=com
objectclass: turbineRole
turbineRoleName: editor
turbinePermission: edit
turbinePermission: view
dn: turbineGroup=global,turbineUserUniqueId=turbine,dc=example,dc=com
objectclass: turbineUserGroup
turbineUserUniqueId: turbine
turbineGroup: global
turbineRoleName: root
turbineRoleName: editor
dn: turbineGroup=global,turbineUserUniqueId=hhernandez,dc=example,dc=com
objectclass: turbineUserGroup
turbineUserUniqueId: hhernandez
turbineGroup: global
turbineRoleName: editor
dn: turbineGroup=yellow,turbineUserUniqueId=hhernandez,dc=example,dc=com
objectclass: turbineUserGroup
turbineUserUniqueId: hhernandez
turbineGroup: yellow
turbineRoleName: root
1.5 +9 -1
jakarta-turbine-2/src/java/org/apache/turbine/om/security/peer/RolePeer.java
Index: RolePeer.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/om/security/peer/RolePeer.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- RolePeer.java 12 Dec 2002 15:52:32 -0000 1.4
+++ RolePeer.java 31 Dec 2002 12:51:11 -0000 1.5
@@ -140,6 +140,7 @@
* UserPeer up = TurbineSecurity.getUserPeerInstance();
*/
+/*
UserPeer up = ((DBSecurityService)TurbineSecurity.getService())
.getUserPeerInstance();
@@ -151,6 +152,13 @@
criteria.addJoin(up.getFullColumnName(UserPeer.USER_ID),
UserGroupRolePeer.USER_ID);
criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
+*/
+ criteria.add(UserGroupRolePeer.USER_ID,
+ ((Persistent)user).getPrimaryKey());
+ criteria.add(UserGroupRolePeer.GROUP_ID,
+ ((Persistent)group).getPrimaryKey());
+ criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
+
return retrieveSet(criteria);
}
1.2 +180 -9
jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java
Index: LDAPSecurityConstants.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- LDAPSecurityConstants.java 16 Aug 2001 05:09:19 -0000 1.1
+++ LDAPSecurityConstants.java 31 Dec 2002 12:51:11 -0000 1.2
@@ -54,21 +54,192 @@
* <http://www.apache.org/>.
*/
+import java.util.Properties;
+import org.apache.turbine.services.security.TurbineSecurity;
+
/**
* <p>This is a static class for defining the default ldap confiquration
* keys used by core Turbine components.</p>
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
*
*/
-public interface LDAPSecurityConstants
+public class LDAPSecurityConstants
{
- public static final String LDAP_DN_ATTR = "ldap.dn.attribute";
- public static final String LDAP_SEARCH_FLTR = "ldap.user.search.filter";
- public static final String LDAP_BASE_SERACH = "ldap.user.basesearch";
- public static final String LDAP_ADMIN_USRNAME = "ldap.admin.username";
- public static final String LDAP_ADMIN_PASSWRD = "ldap.admin.password";
- public static final String LDAP_HOST = "ldap.host";
- public static final String LDAP_PORT = "ldap.port";
- public static final String LDAP_PROVIDER = "ldap.provider";
+ static final String LDAP_ADMIN_USERNAME_KEY = "ldap.admin.username";
+ static final String LDAP_ADMIN_PASSWORD_KEY = "ldap.admin.password";
+ static final String LDAP_HOST_KEY = "ldap.host";
+ static final String LDAP_HOST_DEFAULT = "localhost";
+ static final String LDAP_PORT_KEY = "ldap.port";
+ static final String LDAP_PORT_DEFAULT = "389";
+ static final String LDAP_PROVIDER_KEY = "ldap.provider";
+ static final String LDAP_PROVIDER_DEFAULT =
+ "com.sun.jndi.ldap.LdapCtxFactory";
+ static final String LDAP_BASE_SEARCH_KEY = "ldap.basesearch";
+ static final String LDAP_USER_USERID_KEY = "ldap.user.userid";
+ static final String LDAP_USER_USERNAME_KEY = "ldap.user.username";
+ static final String LDAP_USER_USERNAME_DEFAULT = "turbineUserUniqueId";
+ static final String LDAP_USER_FIRSTNAME_KEY = "ldap.user.firstname";
+ static final String LDAP_USER_FIRSTNAME_DEFAULT = "turbineUserFirstName";
+ static final String LDAP_USER_LASTNAME_KEY = "ldap.user.lastname";
+ static final String LDAP_USER_LASTNAME_DEFAULT = "turbineUserLastName";
+ static final String LDAP_USER_EMAIL_KEY = "ldap.user.email";
+ static final String LDAP_USER_EMAIL_DEFAULT = "turbineUserMailAddress";
+ static final String LDAP_USER_PASSWORD_KEY = "ldap.user.password";
+ static final String LDAP_USER_PASSWORD_DEFAULT = "userPassword";
+
+ /**
+ * Get all the properties for the security service.
+ * @return all the properties of the security service.
+ */
+ public static Properties getProperties()
+ {
+ return TurbineSecurity.getService().getProperties();
+ }
+
+ /**
+ * Get a property from the LDAP security service.
+ * @param key The key to access the value of the property.
+ * @return The value of the property.
+ */
+ public static String getProperty(String key)
+ {
+ return getProperties().getProperty(key);
+ }
+
+ /**
+ * Get a property from the LDAP security service.
+ * @param key The key to access the value of the property.
+ * @param defaultValue The value that the property takes
+ * when it doesn't exist.
+ * @return The value of the property.
+ */
+ public static String getProperty(String key, String defaultValue)
+ {
+ return getProperties().getProperty(key, defaultValue);
+ }
+
+ /**
+ * Get the value of the property for the administration username.
+ * @return the value of the property.
+ */
+ public static String getAdminUsername()
+ {
+ String str = getProperty(LDAP_ADMIN_USERNAME_KEY);
+ /*
+ * The adminUsername string contains some
+ * characters that need to be transformed.
+ */
+ str = str.replace('/','=');
+ str = str.replace('%',',');
+ return str;
+ }
+
+ /**
+ * Get the value of the property for the administration password.
+ * @return the value of the property.
+ */
+ public static String getAdminPassword()
+ {
+ return getProperty(LDAP_ADMIN_PASSWORD_KEY);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Host.
+ * @return the value of the property.
+ */
+ public static String getLDAPHost()
+ {
+ return getProperty(LDAP_HOST_KEY, LDAP_HOST_DEFAULT);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Port.
+ * @return the value of the property.
+ */
+ public static String getLDAPPort()
+ {
+ return getProperty(LDAP_PORT_KEY, LDAP_PORT_DEFAULT);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Provider.
+ * @return the value of the property.
+ */
+ public static String getLDAPProvider()
+ {
+ return getProperty(LDAP_PROVIDER_KEY, LDAP_PROVIDER_DEFAULT);
+ }
+
+ /**
+ * Get value of the property for the Base Search.
+ * @return the value of the property.
+ */
+ public static String getBaseSearch()
+ {
+ String str = getProperty(LDAP_BASE_SEARCH_KEY);
+ /*
+ * The userBaseSearch string contains some
+ * characters that need to be transformed.
+ */
+ str = str.replace('/','=');
+ str = str.replace('%',',');
+ return str;
+ }
+
+ /**
+ * Get the value of the User id Attribute.
+ * @return the value of the property.
+ */
+ public static String getUserIdAttribute()
+ {
+ return getProperty(LDAP_USER_USERID_KEY);
+ }
+
+ /**
+ * Get the value of the Username Attribute.
+ * @return the value of the property.
+ */
+ public static String getUserNameAttribute()
+ {
+ return getProperty(LDAP_USER_USERNAME_KEY, LDAP_USER_USERNAME_DEFAULT);
+ }
+
+ /**
+ * Get the value of the Firstname Attribute.
+ * @return the value of the property.
+ */
+ public static String getFirstNameAttribute()
+ {
+ return getProperty(LDAP_USER_FIRSTNAME_KEY, LDAP_USER_FIRSTNAME_DEFAULT);
+ }
+
+ /**
+ * Get the value of the Lastname Attribute.
+ * @return the value of the property.
+ */
+ public static String getLastNameAttribute()
+ {
+ return getProperty(LDAP_USER_LASTNAME_KEY, LDAP_USER_LASTNAME_DEFAULT);
+ }
+
+ /**
+ * Get the value of the Password Attribute.
+ * @return the value of the property.
+ */
+ public static String getPasswordAttribute()
+ {
+ return getProperty(LDAP_USER_PASSWORD_KEY, LDAP_USER_PASSWORD_DEFAULT);
+ }
+
+ /**
+ * Get the value of the E-Mail Attribute.
+ * @return the value of the property.
+ */
+ public static String getEmailAttribute()
+ {
+ return getProperty(LDAP_USER_EMAIL_KEY, LDAP_USER_EMAIL_DEFAULT);
+ }
+
}
1.6 +276 -19
jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityService.java
Index: LDAPSecurityService.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityService.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- LDAPSecurityService.java 11 Jul 2002 16:53:24 -0000 1.5
+++ LDAPSecurityService.java 31 Dec 2002 12:51:11 -0000 1.6
@@ -56,12 +56,26 @@
import java.util.Hashtable;
import java.util.Vector;
+import java.util.Iterator;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.AuthenticationException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
import org.apache.torque.util.Criteria;
import org.apache.turbine.om.security.Group;
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
+import org.apache.turbine.om.security.TurbineGroup;
+import org.apache.turbine.om.security.TurbinePermission;
+import org.apache.turbine.om.security.TurbineRole;
import org.apache.turbine.services.security.BaseSecurityService;
+import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.EntityExistsException;
@@ -69,6 +83,7 @@
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.security.UnknownEntityException;
+import org.apache.turbine.util.Log;
/**
* An implementation of SecurityService that uses LDAP as a backend.
@@ -78,6 +93,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Leonard J. Flournoy </a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Marco Knüttel</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
* @version $Id$
*/
public class LDAPSecurityService extends BaseSecurityService
@@ -102,12 +118,109 @@
public AccessControlList getACL(User user)
throws DataBackendException, UnknownEntityException
{
- /*
- * This is severely lacking [jvz].
- */
- Hashtable roles = new Hashtable();
- Hashtable permissions = new Hashtable();
- return new AccessControlList(roles, permissions);
+ if(!TurbineSecurity.accountExists(user))
+ {
+ throw new UnknownEntityException("The account '" +
+ user.getUserName() + "' does not exist");
+ }
+ try
+ {
+ Hashtable roles = new Hashtable();
+ Hashtable permissions = new Hashtable();
+ // notify the state modifiers (writers) that we want to create the
snapshot.
+ lockShared();
+
+ // construct the snapshot:
+ // foreach group in the system
+ Iterator groupsIterator = getAllGroups().elements();
+ while(groupsIterator.hasNext())
+ {
+ Group group = (Group)groupsIterator.next();
+
+ // get roles of user in the group
+ RoleSet groupRoles = getRoles( user, group );
+ // put the Set into roles(group)
+ roles.put(group, groupRoles);
+ // collect all permissoins in this group
+ PermissionSet groupPermissions = new PermissionSet();
+ // foreach role in Set
+ Iterator rolesIterator = groupRoles.elements();
+ while(rolesIterator.hasNext())
+ {
+ Role role = (Role)rolesIterator.next();
+ // get permissions of the role
+ PermissionSet rolePermissions = getPermissions(role);
+ groupPermissions.add(rolePermissions);
+ }
+ // put the Set into permissions(group)
+ permissions.put(group, groupPermissions);
+ }
+ return new AccessControlList(roles, permissions);
+ }
+ catch(Exception e)
+ {
+ throw new DataBackendException("Failed to build ACL for user '" +
+ user.getUserName() + "'" , e);
+ }
+ finally
+ {
+ // notify the state modifiers that we are done creating the snapshot.
+ unlockShared();
+ }
+ }
+
+ private RoleSet getRoles(User user, Group group)
+ throws DataBackendException
+ {
+ Vector roles = new Vector(0);
+ try
+ {
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ String baseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = "(& ";
+ filter += "(objectclass=turbineUserGroup)";
+ filter += "(turbineUserUniqueId="+user.getUserName()+")";
+ filter += "(turbineGroup="+group.getName()+")";
+ filter += ")";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+ NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ Attribute attr = attribs.get("turbineRoleName");
+ if (attr != null)
+ {
+ NamingEnumeration values = attr.getAll();
+ while(values.hasMore())
+ {
+ Role role = getNewRole(values.next().toString());
+ roles.add(role);
+ }
+ }
+ else
+ {
+ Log.error("Role doesn't have a name");
+ }
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+
+ return new RoleSet(roles);
}
/*
@@ -186,8 +299,7 @@
*/
public Group getNewGroup( String groupName )
{
- // Not implemented
- return null;
+ return (Group) new TurbineGroup(groupName);
}
/**
@@ -200,8 +312,7 @@
*/
public Role getNewRole(String roleName)
{
- // Not implemented
- return null;
+ return (Role) new TurbineRole(roleName);
}
/**
@@ -214,8 +325,7 @@
*/
public Permission getNewPermission( String permissionName )
{
- // Not implemented
- return null;
+ return (Permission) new TurbinePermission(permissionName);
}
/**
@@ -224,10 +334,44 @@
* @param a Criteria of Group selection.
* @return a set of Groups that meet the specified Criteria.
*/
- public GroupSet getGroups(Criteria criteria) throws DataBackendException
+ public GroupSet getGroups(Criteria criteria)
+ throws DataBackendException
{
- Vector groups = new Vector(0);
- return new GroupSet(groups);
+ Hashtable groups = new Hashtable();
+ try
+ {
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ String baseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = "(objectclass=turbineUserGroup)";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+ NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ Attribute attr = attribs.get("turbineGroup");
+ if (attr != null && attr.get() != null)
+ {
+ Group group = getNewGroup(attr.get().toString());
+ groups.put(group.getName(), group);
+ }
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+ return new GroupSet(groups.values());
}
/**
@@ -239,6 +383,43 @@
public RoleSet getRoles(Criteria criteria) throws DataBackendException
{
Vector roles = new Vector(0);
+ try
+ {
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ String baseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = "(objectclass=turbineRole)";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ Attribute attr = attribs.get("turbineRoleName");
+ if (attr != null && attr.get() != null)
+ {
+ Role role = getNewRole(attr.get().toString());
+ roles.add(role);
+ }
+ else
+ {
+ Log.error("Role doesn't have a name");
+ }
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+
return new RoleSet(roles);
}
@@ -251,8 +432,44 @@
public PermissionSet getPermissions(Criteria criteria)
throws DataBackendException
{
- Vector permissions = new Vector(0);
- return new PermissionSet(permissions);
+ Hashtable permissions = new Hashtable();
+ try
+ {
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ String baseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = "(objectClass=turbineRole)";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ Attribute attr = attribs.get("turbinePermission");
+ if (attr != null)
+ {
+ NamingEnumeration values = attr.getAll();
+ while(values.hasMore())
+ {
+ Permission perm =
getNewPermission(values.next().toString());
+ permissions.put(perm.getName(), perm);
+ }
+ }
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+ return new PermissionSet(permissions.values());
}
/**
@@ -265,7 +482,47 @@
public PermissionSet getPermissions(Role role)
throws DataBackendException, UnknownEntityException
{
- return new PermissionSet();
+ Hashtable permissions = new Hashtable();
+ try
+ {
+ DirContext ctx = LDAPUserManager.bindAsAdmin();
+
+ String baseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = "(& ";
+ filter += "(objectClass=turbineRole)";
+ filter += "(turbineRoleName="+ role.getName() +")";
+ filter += ")";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ Attribute attr = attribs.get("turbinePermission");
+ if (attr != null)
+ {
+ NamingEnumeration values = attr.getAll();
+ while(values.hasMore())
+ {
+ Permission perm =
getNewPermission(values.next().toString());
+ permissions.put(perm.getName(), perm);
+ }
+ }
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+ return new PermissionSet(permissions.values());
}
/**
1.4 +116 -3
jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUser.java
Index: LDAPUser.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUser.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- LDAPUser.java 11 Jul 2002 07:34:31 -0000 1.3
+++ LDAPUser.java 31 Dec 2002 12:51:11 -0000 1.4
@@ -58,10 +58,18 @@
import java.io.PrintWriter;
import java.sql.Connection;
import java.util.Hashtable;
+import java.util.Properties;
import javax.servlet.http.HttpSessionBindingEvent;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+import javax.naming.NamingException;
import org.apache.torque.om.BaseObject;
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.security.TurbineSecurity;
+import org.apache.turbine.util.Log;
+import org.apache.torque.om.ObjectKey;
+import org.apache.torque.om.NumberKey;
+import org.apache.torque.om.StringKey;
/**
* LDAPUser implements User and provides access to a user who accesses the
@@ -71,6 +79,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Tracy M. Adewunmi</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Leonard J. Flournoy </a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Daniel Rall</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
*/
public class LDAPUser extends BaseObject implements User
{
@@ -97,6 +106,107 @@
setHasLoggedIn(new Boolean(false));
}
+
+ /**
+ * Populates the user with values obtained from the LDAP Service.
+ * This method could be redefined in subclasses.
+ * @param attribs The attributes obtained from LDAP.
+ * @throws NamingException if there was an error with JNDI.
+ */
+ public void setAttributes(Attributes attribs)
+ throws NamingException
+ {
+
+ Attribute attr;
+ String attrName;
+
+ // Set the User id.
+ attrName = LDAPSecurityConstants.getUserIdAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ try
+ {
+ setPrimaryKey(new StringKey(attr.get().toString()));
+ }
+ catch(Exception ex)
+ {
+ Log.error("Exception caught:",ex);
+ }
+ }
+ }
+
+ // Set the Username.
+ attrName = LDAPSecurityConstants.getUserNameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setUserName(attr.get().toString());
+ }
+ }
+ else
+ {
+ Log.error("There is no LDAP attribute for the username.");
+ }
+
+ // Set the Firstname.
+ attrName = LDAPSecurityConstants.getFirstNameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setFirstName(attr.get().toString());
+ }
+ }
+
+ // Set the Lastname.
+ attrName = LDAPSecurityConstants.getLastNameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setLastName(attr.get().toString());
+ }
+ }
+
+ // Set the E-Mail
+ attrName = LDAPSecurityConstants.getEmailAttribute();
+ Log.debug("emailattr = "+attrName);
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ Log.debug("attr.get() = "+attr.get().toString());
+ setEmail(attr.get().toString());
+ Log.debug("getEmail = "+getEmail());
+ }
+ }
+ }
+
+ /**
+ * Gets the distinguished name (DN) of the User.
+ * This method could be redefined in a subclass.
+ * @return The Distinguished Name of the user.
+ */
+ public String getDN()
+ {
+ String filterAttribute = LDAPSecurityConstants.getUserNameAttribute();
+ String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
+ String userName = getUserName();
+ Log.debug("userName ="+userName);
+
+ String dn = filterAttribute + "=" + userName + "," + userBaseSearch;
+ Log.debug("dn ="+dn);
+ return dn;
+ }
+
/**
* Gets the access counter for a user during a session.
*
@@ -169,6 +279,7 @@
*/
public String getEmail()
{
+ Log.debug("start getEmail()");
String tmp = null;
try
{
@@ -179,6 +290,7 @@
catch (Exception e)
{
}
+ Log.debug("email = "+tmp);
return tmp;
}
@@ -486,7 +598,8 @@
*/
public void setEmail(String email)
{
- getPerm (User.EMAIL, email);
+ Log.debug("setEmail("+email+")");
+ setPerm(User.EMAIL, email);
}
/**
@@ -495,7 +608,7 @@
*/
public void setFirstName(String fname)
{
- setPerm (User.FIRST_NAME, fname);
+ setPerm(User.FIRST_NAME, fname);
}
/**
@@ -516,7 +629,7 @@
*/
public void setLastName(String lname)
{
- setPerm (User.LAST_NAME, lname);
+ setPerm(User.LAST_NAME, lname);
}
/**
1.4 +121 -115
jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java
Index: LDAPUserManager.java
===================================================================
RCS file:
/home/cvs/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- LDAPUserManager.java 11 Jul 2002 16:53:24 -0000 1.3
+++ LDAPUserManager.java 31 Dec 2002 12:51:11 -0000 1.4
@@ -53,13 +53,14 @@
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
-
+import java.util.Properties;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.AuthenticationException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
@@ -68,6 +69,7 @@
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.services.security.UserManager;
+import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.services.security.ldap.util.ParseExceptionMessage;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.security.DataBackendException;
@@ -93,9 +95,10 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Leonard J. Flournoy</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Daniel Rall</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
* @version $Id$
*/
-public class LDAPUserManager implements UserManager, LDAPSecurityConstants
+public class LDAPUserManager implements UserManager
{
/**
* Check wether a specified user's account exists.
@@ -123,21 +126,13 @@
public boolean accountExists(String username)
throws DataBackendException
{
- /*!
- * Is it possible to retrieve more then one user?
- * Possibly the check for multiple users that is
- * employed in the DBUserManager can be employed
- * here.
- */
-
try
{
User ldapUser = retrieve(username);
}
- catch (Exception e)
+ catch (UnknownEntityException ex)
{
- throw new DataBackendException(
- "Failed to check account's presence", e);
+ return false;
}
return true;
@@ -156,83 +151,51 @@
public User retrieve(String username)
throws UnknownEntityException, DataBackendException
{
- String dNAttribute = TurbineResources.getString(LDAP_DN_ATTR);
- String filter = TurbineResources.getString(LDAP_SEARCH_FLTR);
- String userBaseSearch = TurbineResources.getString(LDAP_BASE_SERACH);
- String dN = null;
- String adminUser = TurbineResources.getString(LDAP_ADMIN_USRNAME);
- String adminPassword = TurbineResources.getString(LDAP_ADMIN_PASSWRD);
-
- adminUser = adminUser.replace('/', '=');
- adminUser = adminUser.replace('%', ',');
-
- User ldapUser = null;
-
- /*
- * The userBaseSearch string contains some
- * characters that need to be transformed.
- */
- userBaseSearch = userBaseSearch.replace('/', '=');
- userBaseSearch = userBaseSearch.replace('%', ',');
-
try
{
- DirContext ctx = bind(adminUser, adminPassword);
+ DirContext ctx = bindAsAdmin();
/*
- * Create the default search controls.
+ * Define the search.
*/
- SearchControls ctls = new SearchControls();
+ String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = LDAPSecurityConstants.getUserNameAttribute();
+ filter = "("+filter + "="+username + ")";
/*
- * Create filter.
+ * Create the default search controls.
*/
- filter = "("+filter + "="+username + ")";
+ SearchControls ctls = new SearchControls();
NamingEnumeration answer =
ctx.search(userBaseSearch, filter, ctls);
- while (answer.hasMore())
+ if (answer.hasMore())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attribs = sr.getAttributes();
- Log.debug("attribs: " + attribs.get(dNAttribute));
- dN = attribs.get(dNAttribute).toString();
- Log.debug("dN: " + dN);
- }
+ LDAPUser ldapUser = createLDAPUser();
+ ldapUser.setAttributes(attribs);
+ ldapUser.setTemp("turbine.user", ldapUser);
- if (dN == null)
+ return ldapUser;
+ }
+ else
{
throw new UnknownEntityException("The given user: " +
username + "\n does not exist.");
}
-
- StringTokenizer sT = new StringTokenizer(dN, ":");
-
- while (sT.hasMoreElements())
- {
- dN = sT.nextToken();
- }
-
- dN = dN.trim();
-
- ldapUser = new LDAPUser();
- ldapUser.setUserName(dN);
-
- ldapUser.setTemp("turbine.user", ldapUser);
-
}
- catch (NamingException nameEx)
+ catch (NamingException ex)
{
throw new DataBackendException(
- "The LDAP server specified is unavailable");
+ "The LDAP server specified is unavailable",ex);
}
- return ldapUser;
}
/**
- * This is currently not implemented to behave as expected. It is
- * just here to support the interface requirement.
+ * This is currently not implemented to behave as expected. It
+ * ignores the Criteria argument and returns all the users.
*
* Retrieve a set of users that meet the specified criteria.
*
@@ -246,10 +209,44 @@
* @return a List of users meeting the criteria.
* @throws DataBackendException Error accessing the data backend.
*/
- public User[] retrieve(Criteria criteria) throws DataBackendException
+ public User[] retrieve(Criteria criteria)
+ throws DataBackendException
{
+
Vector users = new Vector(0);
- return (User[]) users.toArray(new User[0]);
+ try
+ {
+ DirContext ctx = bindAsAdmin();
+
+ String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
+ String filter = LDAPSecurityConstants.getUserNameAttribute();
+ filter = "("+filter+"=*)";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ NamingEnumeration answer =
+ ctx.search(userBaseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ LDAPUser ldapUser = createLDAPUser();
+ ldapUser.setAttributes(attribs);
+ ldapUser.setTemp("turbine.user", ldapUser);
+ users.add(ldapUser);
+ }
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+
+ return (User[]) users.toArray(new User[users.size()]);
}
/**
@@ -271,7 +268,6 @@
throws PasswordMismatchException,
UnknownEntityException,DataBackendException
{
-
User user = retrieve(username);
authenticate(user, password);
return user;
@@ -313,17 +309,24 @@
*/
public void authenticate(User user, String password)
throws PasswordMismatchException,
- UnknownEntityException, DataBackendException
+ UnknownEntityException,
+ DataBackendException
{
+ LDAPUser ldapUser = (LDAPUser)user;
try
{
- bind(user.getUserName(), password);
+ bind(ldapUser.getDN(), password);
}
- catch (NamingException authEx)
+ catch (AuthenticationException ex)
{
throw new PasswordMismatchException(
"The given password for: " +
- user.getUserName() + " is invalid\n");
+ ldapUser.getDN() + " is invalid\n");
+ }
+ catch (NamingException ex)
+ {
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
}
}
@@ -399,67 +402,70 @@
"The method removeAccount has no implementation.");
}
+ /**
+ * Bind as the admin user.
+ * @throws NamingException when an error occurs with the named server.
+ */
+ public static DirContext bindAsAdmin()
+ throws NamingException
+ {
+ String adminUser = LDAPSecurityConstants.getAdminUsername();
+ String adminPassword = LDAPSecurityConstants.getAdminPassword();
+ return bind(adminUser, adminPassword);
+ }
/**
- * Creats an initial context.
+ * Creates an initial context.
*
* @param ldap admin username supplied in TRP.
* @param ldap admin password supplied in TRP
- * @throws DataBackendException Error accessing the data backend.
- * @throws UnknownEntityException if the user account is not present.
* @throws NamingException when an error occurs with the named server.
*/
- public DirContext bind(String username, String password)
- throws NamingException, DataBackendException, UnknownEntityException
+ public static DirContext bind(String username, String password)
+ throws NamingException
{
- DirContext ctx = null;
+ String host = LDAPSecurityConstants.getLDAPHost();
+ String port = LDAPSecurityConstants.getLDAPPort();
+ String providerURL = new String("ldap://"; + host + ":" + port);
- try
- {
- String host = TurbineResources.getString(LDAP_HOST);
- String port = TurbineResources.getString(LDAP_PORT);
+ String ldapProvider = LDAPSecurityConstants.getLDAPProvider();
- String providerURL = new String("ldap://"; + host + ":" + port);
-
- /*
- * creating an initial context using Sun's client
- * LDAP Provider.
- */
- Hashtable env = new Hashtable();
- env.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
+ /*
+ * creating an initial context using Sun's client
+ * LDAP Provider.
+ */
+ Hashtable env = new Hashtable();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, ldapProvider);
+ env.put(Context.PROVIDER_URL, providerURL);
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, username);
+ env.put(Context.SECURITY_CREDENTIALS, password);
- env.put(Context.PROVIDER_URL, providerURL);
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, username);
- env.put(Context.SECURITY_CREDENTIALS, password);
+ DirContext ctx = new javax.naming.directory.InitialDirContext(env);
+ return ctx;
+ }
- ctx = new javax.naming.directory.InitialDirContext(env);
- Log.debug("CTX: " + ctx.toString());
+ /**
+ * Create a new instance of the LDAP User according to the value
+ * configured in TurbineResources.properties.
+ * @return a new instance of the LDAP User.
+ * @throws DataBackendException if there is an error creating the
+ */
+ private LDAPUser createLDAPUser()
+ throws DataBackendException
+ {
+ try
+ {
+ return (LDAPUser)TurbineSecurity.getUserInstance();
}
- catch (NamingException ne)
+ catch(ClassCastException ex)
{
- String errno = ParseExceptionMessage.findErrno(ne.getExplanation());
-
- if (errno.equals("49"))
- {
- throw new UnknownEntityException(
- "The given credentials for the administrator are invalid");
- }
- else if (errno.equals("22"))
- {
- throw new DataBackendException(
- "The LDAP server specified is unavailable");
- }
- else
- {
- throw ne;
- }
+ throw new DataBackendException("ClassCastException caught:", ex);
}
- catch (Exception e)
+ catch(UnknownEntityException ex)
{
- Log.error(e);
+ throw new DataBackendException("UnknownEntityException caught:", ex);
}
+ }
- return ctx;
- }
}
1.16 +9 -1 jakarta-turbine-2/xdocs/changes.xml
Index: changes.xml
===================================================================
RCS file: /home/cvs/jakarta-turbine-2/xdocs/changes.xml,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- changes.xml 27 Dec 2002 12:44:15 -0000 1.15
+++ changes.xml 31 Dec 2002 12:51:11 -0000 1.16
@@ -88,6 +88,14 @@
<p>
<ul>
<li>
+ TTWS24: With this patch LDAP security services can have users, groups,
+ roles and permissions in the LDAP repository. It also works with users in
+ LDAP and the rest in the Database. <br/>
+ Sample configuration files for Openldap can be found
+ <a href="http://cvs.apache.org/viewcvs/jakarta-turbine-2/conf/openldap/";>
+ here</a>
+ </li>
+ <li>
added new Logging code which uses commons-logging everywhere.
</li>
<li>
@@ -95,7 +103,7 @@
all configuration requests to commons-configuration.
</li>
<li>
- added Log4j configuration and startup.
+ added Log4j configuration and startup.
</li>
<li>
removed all remaining Torque code.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
