1 package org.apache.turbine.services.security.ldap;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.io.ByteArrayOutputStream;
20 import java.io.PrintWriter;
21 import java.sql.Connection;
22 import java.util.Hashtable;
23 import javax.naming.NamingException;
24 import javax.naming.directory.Attribute;
25 import javax.naming.directory.Attributes;
26 import javax.naming.directory.BasicAttribute;
27 import javax.naming.directory.BasicAttributes;
28 import javax.servlet.http.HttpSessionBindingEvent;
29
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.torque.om.BaseObject;
33 import org.apache.torque.om.StringKey;
34 import org.apache.turbine.om.security.User;
35 import org.apache.turbine.services.security.TurbineSecurity;
36
37 /***
38 * LDAPUser implements User and provides access to a user who accesses the
39 * system via LDAP.
40 *
41 * @author <a href="mailto:cberry@gluecode.com">Craig D. Berry</a>
42 * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi</a>
43 * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
44 * @author <a href="mailto:dlr@finemaltcoding.com">Daniel Rall</a>
45 * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
46 * @version $Id: LDAPUser.java 278822 2005-09-05 19:53:05Z henning $
47 */
48 public class LDAPUser extends BaseObject implements User
49 {
50
51 /*** Serial Version UID */
52 private static final long serialVersionUID = 3953123276619326752L;
53
54 /*** Logging */
55 private static Log log = LogFactory.getLog(LDAPUser.class);
56
57
58
59 /*** Date when the user was created */
60 private java.util.Date createDate = null;
61
62 /*** Date when the user was last accessed */
63 private java.util.Date lastAccessDate = null;
64
65 /*** timeout */
66 private int timeout = 15;
67
68 /*** This is data that will survive a servlet engine restart. */
69 private Hashtable permStorage = null;
70
71 /*** This is data that will not survive a servlet engine restart. */
72 private Hashtable tempStorage = null;
73
74 /***
75 * Constructor.
76 * Create a new User and set the createDate.
77 */
78 public LDAPUser()
79 {
80 createDate = new java.util.Date();
81 tempStorage = new Hashtable(10);
82 permStorage = new Hashtable(10);
83 setHasLoggedIn(Boolean.FALSE);
84 }
85
86 /***
87 * Populates the user with values obtained from the LDAP Service.
88 * This method could be redefined in subclasses.
89 * @param attribs The attributes obtained from LDAP.
90 * @throws NamingException if there was an error with JNDI.
91 */
92 public void setLDAPAttributes(Attributes attribs)
93 throws NamingException
94 {
95
96 Attribute attr;
97 String attrName;
98
99
100 attrName = LDAPSecurityConstants.getUserIdAttribute();
101 if (attrName != null)
102 {
103 attr = attribs.get(attrName);
104 if (attr != null && attr.get() != null)
105 {
106 try
107 {
108 setPrimaryKey(new StringKey(attr.get().toString()));
109 }
110 catch (Exception ex)
111 {
112 log.error("Exception caught:", ex);
113 }
114 }
115 }
116
117
118 attrName = LDAPSecurityConstants.getNameAttribute();
119 if (attrName != null)
120 {
121 attr = attribs.get(attrName);
122 if (attr != null && attr.get() != null)
123 {
124 setUserName(attr.get().toString());
125 }
126 }
127 else
128 {
129 log.error("There is no LDAP attribute for the username.");
130 }
131
132
133 attrName = LDAPSecurityConstants.getFirstNameAttribute();
134 if (attrName != null)
135 {
136 attr = attribs.get(attrName);
137 if (attr != null && attr.get() != null)
138 {
139 setFirstName(attr.get().toString());
140 }
141 }
142
143
144 attrName = LDAPSecurityConstants.getLastNameAttribute();
145 if (attrName != null)
146 {
147 attr = attribs.get(attrName);
148 if (attr != null && attr.get() != null)
149 {
150 setLastName(attr.get().toString());
151 }
152 }
153
154
155 attrName = LDAPSecurityConstants.getEmailAttribute();
156 if (attrName != null)
157 {
158 attr = attribs.get(attrName);
159 if (attr != null && attr.get() != null)
160 {
161 setEmail(attr.get().toString());
162 }
163 }
164 }
165
166 /***
167 * Get the JNDI Attributes used to store the user in LDAP.
168 * This method could be redefined in a subclass.
169 *
170 * @throws NamingException if there is a JNDI error.
171 * @return The JNDI attributes of the user.
172 */
173 public Attributes getLDAPAttributes()
174 throws NamingException
175 {
176 Attributes attribs = new BasicAttributes();
177 String attrName;
178
179
180 attrName = "objectClass";
181 if (attrName != null)
182 {
183 Object value = "turbineUser";
184
185 if (value != null)
186 {
187 Attribute attr = new BasicAttribute(attrName, value);
188
189 attribs.put(attr);
190 }
191 }
192
193
194 attrName = LDAPSecurityConstants.getUserIdAttribute();
195 if (attrName != null)
196 {
197 Object value = getPrimaryKey();
198
199 if (value != null)
200 {
201 Attribute attr = new BasicAttribute(attrName, value);
202
203 attribs.put(attr);
204 }
205 }
206
207
208 attrName = LDAPSecurityConstants.getNameAttribute();
209 if (attrName != null)
210 {
211 Object value = getName();
212
213 if (value != null)
214 {
215 Attribute attr = new BasicAttribute(attrName, value);
216
217 attribs.put(attr);
218 }
219 }
220
221
222 attrName = LDAPSecurityConstants.getFirstNameAttribute();
223 if (attrName != null)
224 {
225 Object value = getFirstName();
226
227 if (value != null)
228 {
229 Attribute attr = new BasicAttribute(attrName, value);
230
231 attribs.put(attr);
232 }
233 }
234
235
236 attrName = LDAPSecurityConstants.getLastNameAttribute();
237 if (attrName != null)
238 {
239 Object value = getLastName();
240
241 if (value != null)
242 {
243 Attribute attr = new BasicAttribute(attrName, value);
244
245 attribs.put(attr);
246 }
247 }
248
249
250 attrName = LDAPSecurityConstants.getEmailAttribute();
251 if (attrName != null)
252 {
253 Object value = getEmail();
254
255 if (value != null)
256 {
257 Attribute attr = new BasicAttribute(attrName, value);
258
259 attribs.put(attr);
260 }
261 }
262
263
264 attrName = LDAPSecurityConstants.getPasswordAttribute();
265 if (attrName != null)
266 {
267 Object value = getPassword();
268
269 if (value != null)
270 {
271 Attribute attr = new BasicAttribute(attrName, value);
272
273 attribs.put(attr);
274 }
275 }
276
277 return attribs;
278 }
279
280 /***
281 * Gets the distinguished name (DN) of the User.
282 * This method could be redefined in a subclass.
283 * @return The Distinguished Name of the user.
284 */
285 public String getDN()
286 {
287 String filterAttribute = LDAPSecurityConstants.getNameAttribute();
288 String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
289 String userName = getName();
290
291 String dn = filterAttribute + "=" + userName + "," + userBaseSearch;
292
293 return dn;
294 }
295
296 /***
297 * Gets the access counter for a user during a session.
298 *
299 * @return The access counter for the user for the session.
300 */
301 public int getAccessCounterForSession()
302 {
303 try
304 {
305 return ((Integer) getTemp(User.SESSION_ACCESS_COUNTER)).intValue();
306 }
307 catch (Exception e)
308 {
309 return 0;
310 }
311 }
312
313 /***
314 * Gets the access counter for a user from perm storage.
315 *
316 * @return The access counter for the user.
317 */
318 public int getAccessCounter()
319 {
320 try
321 {
322 return ((Integer) getPerm(User.ACCESS_COUNTER)).intValue();
323 }
324 catch (Exception e)
325 {
326 return 0;
327 }
328 }
329
330 /***
331 * Gets the create date for this User. This is the time at which
332 * the user object was created.
333 *
334 * @return A Java Date with the date of creation for the user.
335 */
336 public java.util.Date getCreateDate()
337 {
338 return createDate;
339 }
340
341 /***
342 * Returns the value of Confirmed variable
343 * @return the confirm value.
344 */
345 public String getConfirmed()
346 {
347 String tmp = null;
348
349 tmp = (String) getPerm(User.CONFIRM_VALUE);
350 if (tmp != null && tmp.length() == 0)
351 {
352 tmp = null;
353 }
354 return tmp;
355 }
356
357 /***
358 * Returns the Email for this user. If this is defined, then
359 * the user is considered logged in.
360 *
361 * @return A String with the user's Email.
362 */
363 public String getEmail()
364 {
365 String tmp = null;
366
367 tmp = (String) getPerm(User.EMAIL);
368 if (tmp != null && tmp.length() == 0)
369 {
370 tmp = null;
371 }
372 return tmp;
373 }
374
375 /***
376 * Gets the last access date for this User. This is the last time
377 * that the user object was referenced.
378 *
379 * @return A Java Date with the last access date for the user.
380 */
381 public java.util.Date getLastAccessDate()
382 {
383 if (lastAccessDate == null)
384 {
385 setLastAccessDate();
386 }
387 return lastAccessDate;
388 }
389
390 /***
391 * Get last login date/time for this user.
392 *
393 * @return A Java Date with the last login date for the user.
394 */
395 public java.util.Date getLastLogin()
396 {
397 return (java.util.Date) getPerm(User.LAST_LOGIN);
398 }
399
400 /***
401 * Get password for this user.
402 *
403 * @return A String with the password for the user.
404 */
405 public String getPassword()
406 {
407 return (String) getPerm(User.PASSWORD);
408 }
409
410 /***
411 * Get an object from permanent storage.
412 * @param name The object's name.
413 * @return An Object with the given name.
414 */
415 public Object getPerm(String name)
416 {
417 return permStorage.get(name);
418 }
419
420 /***
421 * Get an object from permanent storage; return default if value
422 * is null.
423 *
424 * @param name The object's name.
425 * @param def A default value to return.
426 * @return An Object with the given name.
427 */
428 public Object getPerm(String name, Object def)
429 {
430 try
431 {
432 Object val = permStorage.get(name);
433
434 if (val == null)
435 {
436 return def;
437 }
438 return val;
439 }
440 catch (Exception e)
441 {
442 return def;
443 }
444 }
445
446 /***
447 * This should only be used in the case where we want to save the
448 * data to the database.
449 *
450 * @return A Hashtable.
451 */
452 public Hashtable getPermStorage()
453 {
454 if (this.permStorage == null)
455 {
456 this.permStorage = new Hashtable();
457 }
458 return this.permStorage;
459 }
460
461 /***
462 * Get an object from temporary storage.
463 *
464 * @param name The object's name.
465 * @return An Object with the given name.
466 */
467 public Object getTemp(String name)
468 {
469 return tempStorage.get(name);
470 }
471
472 /***
473 * Get an object from temporary storage; return default if value
474 * is null.
475 *
476 * @param name The object's name.
477 * @param def A default value to return.
478 * @return An Object with the given name.
479 */
480 public Object getTemp(String name, Object def)
481 {
482 Object val;
483
484 try
485 {
486 val = tempStorage.get(name);
487 if (val == null)
488 {
489 val = def;
490 }
491 }
492 catch (Exception e)
493 {
494 val = def;
495 }
496 return val;
497 }
498
499 /***
500 * A User object can have a variable Timeout, which is defined in
501 * minutes. If the user has been timed out, then the
502 * hasLoggedIn() value will return false.
503 *
504 * @return An int specifying the timeout.
505 */
506 public int getTimeout()
507 {
508 return this.timeout;
509 }
510
511 /***
512 * Returns the username for this user. If this is defined, then
513 * the user is considered logged in.
514 *
515 * @return A String with the username.
516 * @deprecated Use getName() instead
517 */
518 public String getUserName()
519 {
520 return getName();
521 }
522
523 /***
524 * Returns the first name for this user. If this is defined, then
525 * the user is considered logged in.
526 *
527 * @return A String with the user's first name.
528 */
529 public String getFirstName()
530 {
531 String tmp = null;
532
533 tmp = (String) getPerm(User.FIRST_NAME);
534 if (tmp != null && tmp.length() == 0)
535 {
536 tmp = null;
537 }
538 return tmp;
539 }
540
541 /***
542 * Returns the last name for this user. If this is defined, then
543 * the user is considered logged in.
544 *
545 * @return A String with the user's last name.
546 */
547 public String getLastName()
548 {
549 String tmp = null;
550
551 tmp = (String) getPerm(User.LAST_NAME);
552 if (tmp != null && tmp.length() == 0)
553 {
554 tmp = null;
555 }
556 return tmp;
557 }
558
559 /***
560 * The user is considered logged in if they have not timed out.
561 *
562 * @return True if the user has logged in.
563 */
564 public boolean hasLoggedIn()
565 {
566 Boolean tmp = getHasLoggedIn();
567
568 if (tmp != null && tmp.booleanValue())
569 {
570 return true;
571 }
572 else
573 {
574 return false;
575 }
576 }
577
578 /***
579 * This method reports whether or not the user has been confirmed
580 * in the system by checking the <code>CONFIRM_VALUE</code>
581 * column to see if it is equal to <code>CONFIRM_DATA</code>.
582 *
583 * @return True if the user has been confirmed.
584 */
585 public boolean isConfirmed()
586 {
587 return ((String) getTemp(CONFIRM_VALUE, "")).equals(CONFIRM_DATA);
588 }
589
590 /***
591 * Increments the permanent hit counter for the user.
592 */
593 public void incrementAccessCounter()
594 {
595 setAccessCounter(getAccessCounter() + 1);
596 }
597
598 /***
599 * Increments the session hit counter for the user.
600 */
601 public void incrementAccessCounterForSession()
602 {
603 setAccessCounterForSession(getAccessCounterForSession() + 1);
604 }
605
606 /***
607 * Remove an object from temporary storage and return the object.
608 *
609 * @param name The name of the object to remove.
610 * @return An Object.
611 */
612 public Object removeTemp(String name)
613 {
614 return tempStorage.remove(name);
615 }
616
617 /***
618 * Sets the access counter for a user, saved in perm storage.
619 *
620 * @param cnt The new count.
621 */
622 public void setAccessCounter(int cnt)
623 {
624 setPerm(User.ACCESS_COUNTER, new Integer(cnt));
625 }
626
627 /***
628 * Sets the session access counter for a user, saved in temp
629 * storage.
630 *
631 * @param cnt The new count.
632 */
633 public void setAccessCounterForSession(int cnt)
634 {
635 setTemp(User.SESSION_ACCESS_COUNTER, new Integer(cnt));
636 }
637
638 /***
639 * Set the users confirmed variable
640 *
641 * @param confirm The new confim value.
642 */
643 public void setConfirmed(String confirm)
644 {
645 getPerm(User.CONFIRM_VALUE, confirm);
646 }
647
648 /***
649 * Sets the last access date for this User. This is the last time
650 * that the user object was referenced.
651 */
652 public void setLastAccessDate()
653 {
654 lastAccessDate = new java.util.Date();
655 }
656
657 /***
658 * Sets the create date for this User. This is the time at which
659 * the user object was created.
660 *
661 * @param date The create date.
662 */
663 public void setCreateDate(java.util.Date date)
664 {
665 createDate = date;
666 }
667
668 /***
669 * Set the users Email
670 *
671 * @param email The new email.
672 */
673 public void setEmail(String email)
674 {
675 setPerm(User.EMAIL, email);
676 }
677
678 /***
679 * Set the users First Name
680 *
681 * @param fname The new firstname.
682 */
683 public void setFirstName(String fname)
684 {
685 setPerm(User.FIRST_NAME, fname);
686 }
687
688 /***
689 * Set last login date/time.
690 *
691 * @param date The last login date.
692 */
693 public void setLastLogin(java.util.Date date)
694 {
695 setPerm(User.LAST_LOGIN, date);
696 }
697
698 /***
699 * Set the users Last Name
700 * Sets the last name for this user.
701 *
702 * @param lname The new lastname.
703 */
704 public void setLastName(String lname)
705 {
706 setPerm(User.LAST_NAME, lname);
707 }
708
709 /***
710 * Set password.
711 *
712 * @param password The new password.
713 */
714 public void setPassword(String password)
715 {
716 setPerm(User.PASSWORD, password);
717 }
718
719 /***
720 * Put an object into permanent storage.
721 *
722 * @param name The object's name.
723 * @param value The object.
724 */
725 public void setPerm(String name, Object value)
726 {
727 permStorage.put(name, value);
728 }
729
730 /***
731 * This should only be used in the case where we want to save the
732 * data to the database.
733 *
734 * @param stuff A Hashtable.
735 */
736 public void setPermStorage(Hashtable stuff)
737 {
738 this.permStorage = stuff;
739 }
740
741 /***
742 * This should only be used in the case where we want to save the
743 * data to the database.
744 *
745 * @return A Hashtable.
746 */
747 public Hashtable getTempStorage()
748 {
749 if (this.tempStorage == null)
750 {
751 this.tempStorage = new Hashtable();
752 }
753 return this.tempStorage;
754 }
755
756 /***
757 * This should only be used in the case where we want to save the
758 * data to the database.
759 *
760 * @param storage A Hashtable.
761 */
762 public void setTempStorage(Hashtable storage)
763 {
764 this.tempStorage = storage;
765 }
766
767 /***
768 * This gets whether or not someone has logged in. hasLoggedIn()
769 * returns this value as a boolean. This is private because you
770 * should use hasLoggedIn() instead.
771 *
772 * @return True if someone has logged in.
773 */
774 private Boolean getHasLoggedIn()
775 {
776 return (Boolean) getTemp(User.HAS_LOGGED_IN);
777 }
778
779 /***
780 * This sets whether or not someone has logged in. hasLoggedIn()
781 * returns this value.
782 *
783 * @param value Whether someone has logged in or not.
784 */
785 public void setHasLoggedIn(Boolean value)
786 {
787 setTemp(User.HAS_LOGGED_IN, value);
788 }
789
790 /***
791 * Put an object into temporary storage.
792 *
793 * @param name The object's name.
794 * @param value The object.
795 */
796 public void setTemp(String name, Object value)
797 {
798 tempStorage.put(name, value);
799 }
800
801 /***
802 * A User object can have a variable Timeout which is defined in
803 * minutes. If the user has been timed out, then the
804 * hasLoggedIn() value will return false.
805 *
806 * @param time The user's timeout.
807 */
808 public void setTimeout(int time)
809 {
810 this.timeout = time;
811 }
812
813 /***
814 * Sets the username for this user.
815 *
816 * @param username The user's username.
817 */
818 public void setUserName(String username)
819 {
820 setPerm(User.USERNAME, username);
821 }
822
823 /***
824 * Updates the last login date in the database.
825 *
826 * @exception Exception a generic exception.
827 */
828 public void updateLastLogin() throws Exception
829 {
830 setPerm(User.LAST_LOGIN, new java.util.Date());
831 }
832
833 /***
834 * Implement this method if you wish to be notified when the User
835 * has been Bound to the session.
836 *
837 * @param hsbe The HttpSessionBindingEvent.
838 */
839 public void valueBound(HttpSessionBindingEvent hsbe)
840 {
841
842 }
843
844 /***
845 * Implement this method if you wish to be notified when the User
846 * has been Unbound from the session.
847 *
848 * @param hsbe The HttpSessionBindingEvent.
849 */
850 public void valueUnbound(HttpSessionBindingEvent hsbe)
851 {
852 try
853 {
854 if (hasLoggedIn())
855 {
856 TurbineSecurity.saveUser(this);
857 }
858 }
859 catch (Exception e)
860 {
861 log.error("BaseUser.valueUnbobund(): "
862 + e.getMessage());
863 log.error(e);
864
865
866
867
868 ByteArrayOutputStream ostr = new ByteArrayOutputStream();
869
870 e.printStackTrace(new PrintWriter(ostr, true));
871 String stackTrace = ostr.toString();
872
873 System.out.println(stackTrace);
874 }
875 }
876
877 /***
878 * Returns the username for this user. If this is defined, then
879 * the user is considered logged in.
880 *
881 * @return A String with the username.
882 */
883 public String getName()
884 {
885 String tmp = null;
886
887 tmp = (String) getPerm(User.USERNAME);
888 if (tmp != null && tmp.length() == 0)
889 {
890 tmp = null;
891 }
892 return tmp;
893 }
894
895 /***
896 * Not implemented.
897 * @param name the name of the User.
898 */
899 public void setName(String name)
900 {
901 }
902
903 /***
904 * Not implemented.
905 * @return 0
906 */
907 public int getId()
908 {
909 return 0;
910 }
911
912 /***
913 * Not implemented.
914 * @return null
915 */
916 public Integer getIdAsObj()
917 {
918 return new Integer(0);
919 }
920
921 /***
922 * Not implemented.
923 *
924 * @param id The id of the User.
925 */
926 public void setId(int id)
927 {
928 }
929
930 /***
931 * Saves this object to the data store.
932 * @throws Exception if it cannot be saved
933 */
934 public void save()
935 throws Exception
936 {
937 if (TurbineSecurity.accountExists(this))
938 {
939 TurbineSecurity.saveUser(this);
940 }
941 else
942 {
943 TurbineSecurity.addUser(this, getPassword());
944 }
945 }
946
947 /***
948 * not implemented
949 *
950 * @param conn the database connection
951 * @throws Exception if there is an error
952 */
953 public void save(Connection conn) throws Exception
954 {
955 throw new Exception("not implemented");
956 }
957
958 /***
959 * not implemented
960 *
961 * @param dbname the database name
962 * @throws Exception if there is an error
963 */
964 public void save(String dbname) throws Exception
965 {
966 throw new Exception("not implemented");
967 }
968
969 }