Coverage report

  %line %branch
org.apache.turbine.services.security.ldap.LDAPSecurityService
0% 
0% 

 1  
 package org.apache.turbine.services.security.ldap;
 2  
 
 3  
 /*
 4  
  * Copyright 2001-2005 The Apache Software Foundation.
 5  
  *
 6  
  * Licensed under the Apache License, Version 2.0 (the "License")
 7  
  * you may not use this file except in compliance with the License.
 8  
  * You may obtain a copy of the License at
 9  
  *
 10  
  *     http://www.apache.org/licenses/LICENSE-2.0
 11  
  *
 12  
  * Unless required by applicable law or agreed to in writing, software
 13  
  * distributed under the License is distributed on an "AS IS" BASIS,
 14  
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 15  
  * See the License for the specific language governing permissions and
 16  
  * limitations under the License.
 17  
  */
 18  
 
 19  
 import java.util.Hashtable;
 20  
 import java.util.Iterator;
 21  
 import java.util.Vector;
 22  
 import javax.naming.NameAlreadyBoundException;
 23  
 import javax.naming.NamingEnumeration;
 24  
 import javax.naming.NamingException;
 25  
 import javax.naming.directory.Attribute;
 26  
 import javax.naming.directory.Attributes;
 27  
 import javax.naming.directory.BasicAttribute;
 28  
 import javax.naming.directory.BasicAttributes;
 29  
 import javax.naming.directory.DirContext;
 30  
 import javax.naming.directory.SearchControls;
 31  
 import javax.naming.directory.SearchResult;
 32  
 
 33  
 import org.apache.commons.logging.Log;
 34  
 import org.apache.commons.logging.LogFactory;
 35  
 import org.apache.torque.util.Criteria;
 36  
 import org.apache.turbine.om.security.Group;
 37  
 import org.apache.turbine.om.security.Permission;
 38  
 import org.apache.turbine.om.security.Role;
 39  
 import org.apache.turbine.om.security.TurbineGroup;
 40  
 import org.apache.turbine.om.security.TurbinePermission;
 41  
 import org.apache.turbine.om.security.TurbineRole;
 42  
 import org.apache.turbine.om.security.User;
 43  
 import org.apache.turbine.services.security.BaseSecurityService;
 44  
 import org.apache.turbine.services.security.TurbineSecurity;
 45  
 import org.apache.turbine.util.security.AccessControlList;
 46  
 import org.apache.turbine.util.security.DataBackendException;
 47  
 import org.apache.turbine.util.security.EntityExistsException;
 48  
 import org.apache.turbine.util.security.GroupSet;
 49  
 import org.apache.turbine.util.security.PermissionSet;
 50  
 import org.apache.turbine.util.security.RoleSet;
 51  
 import org.apache.turbine.util.security.UnknownEntityException;
 52  
 
 53  
 /**
 54  
  * An implementation of SecurityService that uses LDAP as a backend.
 55  
  *
 56  
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
 57  
  * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi </a>
 58  
  * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
 59  
  * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a>
 60  
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
 61  
  * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
 62  
  * @version $Id: LDAPSecurityService.java 264148 2005-08-29 14:21:04Z henning $
 63  
  */
 64  0
 public class LDAPSecurityService extends BaseSecurityService
 65  
 {
 66  
 
 67  
     /** Logging */
 68  0
     private static Log log = LogFactory.getLog(LDAPSecurityService.class);
 69  
 
 70  
     /*
 71  
      * -----------------------------------------------------------------------
 72  
      *  C R E A T I O N  O F  A C C E S S  C O N T R O L  L I S T
 73  
      * -----------------------------------------------------------------------
 74  
      */
 75  
 
 76  
     /**
 77  
      * Constructs an AccessControlList for a specific user.
 78  
      *
 79  
      * This method creates a snapshot of the state of security information
 80  
      * concerning this user, at the moment of invocation and stores it
 81  
      * into an AccessControlList object.
 82  
      *
 83  
      * @param user the user for whom the AccessControlList are to be retrieved
 84  
      * @throws DataBackendException if there was an error accessing the backend.
 85  
      * @throws UnknownEntityException if user account is not present.
 86  
      * @return an AccessControlList for a specific user.
 87  
      */
 88  
     public AccessControlList getACL(User user)
 89  
             throws DataBackendException, UnknownEntityException
 90  
     {
 91  0
         if (!TurbineSecurity.accountExists(user))
 92  
         {
 93  0
             throw new UnknownEntityException("The account '"
 94  
                     + user.getName() + "' does not exist");
 95  
         }
 96  
         try
 97  
         {
 98  0
             Hashtable roles = new Hashtable();
 99  0
             Hashtable permissions = new Hashtable();
 100  
 
 101  
             // notify the state modifiers (writers) that we want to create
 102  
             // the snapshot.
 103  0
             lockShared();
 104  
 
 105  
             // construct the snapshot:
 106  
             // foreach group in the system
 107  0
             Iterator groupsIterator = getAllGroups().iterator();
 108  
 
 109  0
             while (groupsIterator.hasNext())
 110  
             {
 111  0
                 Group group = (Group) groupsIterator.next();
 112  
 
 113  
                 // get roles of user in the group
 114  0
                 RoleSet groupRoles = getRoles(user, group);
 115  
 
 116  
                 // put the Set into roles(group)
 117  0
                 roles.put(group, groupRoles);
 118  
                 // collect all permissoins in this group
 119  0
                 PermissionSet groupPermissions = new PermissionSet();
 120  
                 // foreach role in Set
 121  0
                 Iterator rolesIterator = groupRoles.iterator();
 122  
 
 123  0
                 while (rolesIterator.hasNext())
 124  
                 {
 125  0
                     Role role = (Role) rolesIterator.next();
 126  
                     // get permissions of the role
 127  0
                     PermissionSet rolePermissions = getPermissions(role);
 128  
 
 129  0
                     groupPermissions.add(rolePermissions);
 130  
                 }
 131  
                 // put the Set into permissions(group)
 132  0
                 permissions.put(group, groupPermissions);
 133  
             }
 134  0
             return getAclInstance(roles, permissions);
 135  
         }
 136  0
         catch (Exception e)
 137  
         {
 138  0
             throw new DataBackendException("Failed to build ACL for user '"
 139  
                     + user.getName() + "'", e);
 140  
         }
 141  
         finally
 142  
         {
 143  
             // notify the state modifiers that we are done creating
 144  
             // the snapshot.
 145  0
             unlockShared();
 146  
         }
 147  
     }
 148  
 
 149  
     /*
 150  
      * -----------------------------------------------------------------------
 151  
      * S E C U R I T Y  M A N A G E M E N T
 152  
      * -----------------------------------------------------------------------
 153  
      */
 154  
 
 155  
     /**
 156  
      * Grant an User a Role in a Group.
 157  
      *
 158  
      * @param user the user.
 159  
      * @param group the group.
 160  
      * @param role the role.
 161  
      * @throws DataBackendException if there was an error accessing the backend.
 162  
      * @throws UnknownEntityException if user account, group or role
 163  
      *         is not present.
 164  
      */
 165  
     public synchronized void grant(User user, Group group, Role role)
 166  
             throws DataBackendException, UnknownEntityException
 167  
     {
 168  
         try
 169  
         {
 170  0
             lockExclusive();
 171  
 
 172  0
             String userName = user.getName();
 173  0
             String roleName = role.getName();
 174  0
             String groupName = group.getName();
 175  
 
 176  0
             if (!accountExists(user))
 177  
             {
 178  0
                 throw new UnknownEntityException(
 179  
                         "User '" + userName + "' does not exist");
 180  
             }
 181  
 
 182  0
             if (!checkExists(role))
 183  
             {
 184  0
                 throw new UnknownEntityException(
 185  
                         "Role '" + roleName + "' does not exist");
 186  
             }
 187  
 
 188  0
             if (!checkExists(group))
 189  
             {
 190  0
                 throw new UnknownEntityException(
 191  
                         "Group '" + groupName + "' does not exist");
 192  
             }
 193  
 
 194  
             // Make the distinguished name.
 195  0
             String dn = "turbineGroupName=" + groupName + ","
 196  
                     + LDAPSecurityConstants.getNameAttribute()
 197  
                     + "=" + userName + ","
 198  
                     + LDAPSecurityConstants.getBaseSearch();
 199  
 
 200  
 
 201  
             // Connect to LDAP.
 202  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 203  
 
 204  
             // Make the attributes.
 205  0
             Attributes attrs = new BasicAttributes();
 206  
 
 207  0
             attrs.put(new BasicAttribute("turbineRoleName", roleName));
 208  0
             attrs.put(new BasicAttribute("objectClass", "turbineUserGroup"));
 209  0
             attrs.put(new BasicAttribute("turbineUserUniqueId", userName));
 210  
             try
 211  
             {
 212  
                 // Add the turbineUserGroup.
 213  0
                 ctx.bind(dn, null, attrs);
 214  
             }
 215  0
             catch (NameAlreadyBoundException ex)
 216  
             {
 217  
                 // Since turbineUserGroup had already been created
 218  
                 // then just add the role name attribute.
 219  0
                 attrs = new BasicAttributes();
 220  0
                 attrs.put(new BasicAttribute("turbineRoleName", roleName));
 221  0
                 ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
 222  0
             }
 223  
 
 224  
         }
 225  0
         catch (NamingException ex)
 226  
         {
 227  0
             throw new DataBackendException("NamingException caught", ex);
 228  
         }
 229  
         finally
 230  
         {
 231  0
             unlockExclusive();
 232  0
         }
 233  0
     }
 234  
 
 235  
     /**
 236  
      * Revoke a Role in a Group from an User.
 237  
      *
 238  
      * @param user the user.
 239  
      * @param group the group.
 240  
      * @param role the role.
 241  
      * @throws DataBackendException if there was an error accessing the backend.
 242  
      * @throws UnknownEntityException if user account, group or role is
 243  
      *         not present.
 244  
      */
 245  
     public synchronized void revoke(User user, Group group, Role role)
 246  
             throws DataBackendException, UnknownEntityException
 247  
     {
 248  
         try
 249  
         {
 250  0
             lockExclusive();
 251  
 
 252  0
             String userName = user.getName();
 253  0
             String roleName = role.getName();
 254  0
             String groupName = group.getName();
 255  
 
 256  0
             if (!accountExists(user))
 257  
             {
 258  0
                 throw new UnknownEntityException(
 259  
                         "User '" + userName + "' does not exist");
 260  
             }
 261  
 
 262  0
             if (!checkExists(role))
 263  
             {
 264  0
                 throw new UnknownEntityException(
 265  
                         "Role '" + roleName + "' does not exist");
 266  
             }
 267  
 
 268  0
             if (!checkExists(group))
 269  
             {
 270  0
                 throw new UnknownEntityException(
 271  
                         "Group '" + groupName + "' does not exist");
 272  
             }
 273  
 
 274  
             // Make the distinguished name.
 275  0
             String dn = "turbineGroupName=" + groupName + ","
 276  
                     + LDAPSecurityConstants.getNameAttribute()
 277  
                     + "=" + userName + ","
 278  
                     + LDAPSecurityConstants.getBaseSearch();
 279  
 
 280  
             // Make the attributes.
 281  0
             Attributes attrs = new BasicAttributes();
 282  
 
 283  0
             attrs.put(new BasicAttribute("turbineRoleName", roleName));
 284  
 
 285  
             // Connect to LDAP.
 286  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 287  
 
 288  
             // Remove the role.
 289  0
             ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs);
 290  
 
 291  
         }
 292  0
         catch (NamingException ex)
 293  
         {
 294  0
             throw new DataBackendException("NamingException caught", ex);
 295  
         }
 296  
         finally
 297  
         {
 298  0
             unlockExclusive();
 299  0
         }
 300  0
     }
 301  
 
 302  
     /**
 303  
      * Grants a Role a Permission
 304  
      *
 305  
      * @param role the Role.
 306  
      * @param permission the Permission.
 307  
      * @throws DataBackendException if there was an error accessing the backend.
 308  
      * @throws UnknownEntityException if role or permission is not present.
 309  
      */
 310  
     public synchronized void grant(Role role, Permission permission)
 311  
             throws DataBackendException, UnknownEntityException
 312  
     {
 313  
         try
 314  
         {
 315  0
             lockExclusive();
 316  
 
 317  0
             String roleName = role.getName();
 318  0
             String permName = permission.getName();
 319  
 
 320  0
             if (!checkExists(role))
 321  
             {
 322  0
                 throw new UnknownEntityException(
 323  
                         "Role '" + roleName + "' does not exist");
 324  
             }
 325  
 
 326  0
             if (!checkExists(permission))
 327  
             {
 328  0
                 throw new UnknownEntityException(
 329  
                         "Permission '" + permName + "' does not exist");
 330  
             }
 331  
 
 332  
             // Make the distinguished name.
 333  0
             String dn = "turbineRoleName=" + roleName + ","
 334  
                     + LDAPSecurityConstants.getBaseSearch();
 335  
 
 336  
             // Make the attributes.
 337  0
             Attributes attrs = new BasicAttributes();
 338  
 
 339  0
             attrs.put(new BasicAttribute("turbinePermissionName", permName));
 340  
 
 341  
             // Connect to LDAP.
 342  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 343  
 
 344  
             // Add the permission.
 345  0
             ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs);
 346  
 
 347  
         }
 348  0
         catch (NamingException ex)
 349  
         {
 350  0
             throw new DataBackendException("NamingException caught", ex);
 351  
         }
 352  
         finally
 353  
         {
 354  0
             unlockExclusive();
 355  0
         }
 356  0
     }
 357  
 
 358  
     /**
 359  
      * Revokes a Permission from a Role.
 360  
      *
 361  
      * @param role the Role.
 362  
      * @param permission the Permission.
 363  
      * @throws DataBackendException if there was an error accessing the backend.
 364  
      * @throws UnknownEntityException if role or permission is not present.
 365  
      */
 366  
     public synchronized void revoke(Role role, Permission permission)
 367  
             throws DataBackendException, UnknownEntityException
 368  
     {
 369  
         try
 370  
         {
 371  0
             lockExclusive();
 372  
 
 373  0
             String roleName = role.getName();
 374  0
             String permName = permission.getName();
 375  
 
 376  0
             if (!checkExists(role))
 377  
             {
 378  0
                 throw new UnknownEntityException(
 379  
                         "Role '" + roleName + "' does not exist");
 380  
             }
 381  
 
 382  0
             if (!checkExists(permission))
 383  
             {
 384  0
                 throw new UnknownEntityException(
 385  
                         "Permission '" + permName + "' does not exist");
 386  
             }
 387  
 
 388  
             // Make the distinguished name.
 389  0
             String dn = "turbineRoleName=" + roleName + ","
 390  
                     + LDAPSecurityConstants.getBaseSearch();
 391  
 
 392  
             // Make the attributes.
 393  0
             Attributes attrs = new BasicAttributes();
 394  
 
 395  0
             attrs.put(new BasicAttribute("turbinePermissionName", permName));
 396  
 
 397  
             // Connect to LDAP.
 398  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 399  
 
 400  
             // Remove the permission.
 401  0
             ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs);
 402  
 
 403  
         }
 404  0
         catch (NamingException ex)
 405  
         {
 406  0
             throw new DataBackendException("NamingException caught", ex);
 407  
         }
 408  
         finally
 409  
         {
 410  0
             unlockExclusive();
 411  0
         }
 412  0
     }
 413  
 
 414  
     /*
 415  
      * -----------------------------------------------------------------------
 416  
      * G R O U P / R O L E / P E R M I S S I O N  M A N A G E M E N T
 417  
      * -----------------------------------------------------------------------
 418  
      */
 419  
 
 420  
     /**
 421  
      * Retrieves a new Group. It creates
 422  
      * a new Group based on the Services Group implementation. It does not
 423  
      * create a new Group in the system though. Use addGroup for that.
 424  
      * <strong>Not implemented</strong>
 425  
      *
 426  
      * @param groupName The name of the Group to be retrieved.
 427  
      * @return a Group.
 428  
      */
 429  
     public Group getNewGroup(String groupName)
 430  
     {
 431  0
         return (Group) new TurbineGroup(groupName);
 432  
     }
 433  
 
 434  
     /**
 435  
      * Retrieves a new Role. It creates
 436  
      * a new Role based on the Services Role implementation. It does not
 437  
      * create a new Role in the system though. Use addRole for that.
 438  
      * <strong>Not implemented</strong>
 439  
      *
 440  
      * @param roleName The name of the Group to be retrieved.
 441  
      * @return a Role.
 442  
      */
 443  
     public Role getNewRole(String roleName)
 444  
     {
 445  0
         return (Role) new TurbineRole(roleName);
 446  
     }
 447  
 
 448  
     /**
 449  
      * Retrieves a new Permission. It creates
 450  
      * a new Permission based on the Services Permission implementation. It
 451  
      * does not create a new Permission in the system though. Use create for
 452  
      * that.
 453  
      * <strong>Not implemented</strong>
 454  
      *
 455  
      * @param permissionName The name of the Permission to be retrieved.
 456  
      * @return a Permission
 457  
      */
 458  
     public Permission getNewPermission(String permissionName)
 459  
     {
 460  0
         return (Permission) new TurbinePermission(permissionName);
 461  
     }
 462  
 
 463  
     /**
 464  
      * Retrieve a set of Groups that meet the specified Criteria.
 465  
      *
 466  
      * @param criteria Criteria of Group selection.
 467  
      * @return a set of Groups that meet the specified Criteria.
 468  
      * @throws DataBackendException if there is problem with the Backend.
 469  
      */
 470  
     public GroupSet getGroups(Criteria criteria)
 471  
             throws DataBackendException
 472  
     {
 473  0
         Vector groups = new Vector();
 474  
 
 475  
         try
 476  
         {
 477  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 478  
 
 479  0
             String baseSearch = LDAPSecurityConstants.getBaseSearch();
 480  0
             String filter = "(objectclass=turbineGroup)";
 481  
 
 482  
             /*
 483  
              * Create the default search controls.
 484  
              */
 485  0
             SearchControls ctls = new SearchControls();
 486  
 
 487  0
             NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
 488  
 
 489  0
             while (answer.hasMore())
 490  
             {
 491  0
                 SearchResult sr = (SearchResult) answer.next();
 492  0
                 Attributes attribs = sr.getAttributes();
 493  0
                 Attribute attr = attribs.get("turbineGroupName");
 494  
 
 495  0
                 if (attr != null && attr.get() != class="keyword">null)
 496  
                 {
 497  0
                     Group group = getNewGroup(attr.get().toString());
 498  
 
 499  0
                     groups.add(group);
 500  
                 }
 501  
             }
 502  
         }
 503  0
         catch (NamingException ex)
 504  
         {
 505  0
             throw new DataBackendException("NamingException caught", ex);
 506  0
         }
 507  0
         return new GroupSet(groups);
 508  
     }
 509  
 
 510  
     /** Get the Roles that a user belongs in a specific group.
 511  
      * @param user The user.
 512  
      * @param group The group
 513  
      * @throws DataBackendException if there is a problem with
 514  
      *     the LDAP service.
 515  
      * @return a RoleSet.
 516  
      */
 517  
     private RoleSet getRoles(User user, Group group)
 518  
             throws DataBackendException
 519  
     {
 520  0
         Vector roles = new Vector(0);
 521  
 
 522  
         try
 523  
         {
 524  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 525  
 
 526  0
             String baseSearch = LDAPSecurityConstants.getBaseSearch();
 527  0
             String filter = "(& ";
 528  
 
 529  0
             filter += "(objectclass=turbineUserGroup)";
 530  0
             filter += "(turbineUserUniqueId=" + user.getName() + ")";
 531  0
             filter += "(turbineGroupName=" + group.getName() + ")";
 532  0
             filter += ")";
 533  
 
 534  
             /*
 535  
              * Create the default search controls.
 536  
              */
 537  0
             SearchControls ctls = new SearchControls();
 538  
 
 539  0
             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 540  
 
 541  0
             NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
 542  
 
 543  0
             while (answer.hasMore())
 544  
             {
 545  0
                 SearchResult sr = (SearchResult) answer.next();
 546  0
                 Attributes attribs = sr.getAttributes();
 547  0
                 Attribute attr = attribs.get("turbineRoleName");
 548  
 
 549  0
                 if (attr != null)
 550  
                 {
 551  0
                     NamingEnumeration values = attr.getAll();
 552  
 
 553  0
                     while (values.hasMore())
 554  
                     {
 555  0
                         Role role = getNewRole(values.next().toString());
 556  
 
 557  0
                         roles.add(role);
 558  
                     }
 559  
                 }
 560  
                 else
 561  
                 {
 562  0
                     log.error("Role doesn't have a name");
 563  
                 }
 564  
             }
 565  
         }
 566  0
         catch (NamingException ex)
 567  
         {
 568  0
             throw new DataBackendException(
 569  
                     "NamingException caught:", ex);
 570  0
         }
 571  
 
 572  0
         return new RoleSet(roles);
 573  
     }
 574  
 
 575  
     /**
 576  
      * Retrieve a set of Roles that meet the specified Criteria.
 577  
      *
 578  
      * @param criteria Criteria of Roles selection.
 579  
      * @return a set of Roles that meet the specified Criteria.
 580  
      * @throws DataBackendException if there is a problem with the Backend.
 581  
      */
 582  
     public RoleSet getRoles(Criteria criteria) throws DataBackendException
 583  
     {
 584  0
         Vector roles = new Vector(0);
 585  
 
 586  
         try
 587  
         {
 588  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 589  
 
 590  0
             String baseSearch = LDAPSecurityConstants.getBaseSearch();
 591  0
             String filter = "(objectclass=turbineRole)";
 592  
 
 593  
             /*
 594  
              * Create the default search controls.
 595  
              */
 596  0
             SearchControls ctls = new SearchControls();
 597  
 
 598  0
             NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
 599  
 
 600  0
             while (answer.hasMore())
 601  
             {
 602  0
                 SearchResult sr = (SearchResult) answer.next();
 603  0
                 Attributes attribs = sr.getAttributes();
 604  0
                 Attribute attr = attribs.get("turbineRoleName");
 605  
 
 606  0
                 if (attr != null && attr.get() != class="keyword">null)
 607  
                 {
 608  0
                     Role role = getNewRole(attr.get().toString());
 609  
 
 610  0
                     roles.add(role);
 611  
                 }
 612  
                 else
 613  
                 {
 614  0
                     log.error("Role doesn't have a name");
 615  
                 }
 616  
             }
 617  
         }
 618  0
         catch (NamingException ex)
 619  
         {
 620  0
             throw new DataBackendException("NamingException caught", ex);
 621  0
         }
 622  
 
 623  0
         return new RoleSet(roles);
 624  
     }
 625  
 
 626  
     /**
 627  
      * Retrieve a set of Permissions that meet the specified Criteria.
 628  
      *
 629  
      * @param criteria Criteria of Permissions selection.
 630  
      * @return a set of Permissions that meet the specified Criteria.
 631  
      * @throws DataBackendException if there is a problem with the Backend.
 632  
      */
 633  
     public PermissionSet getPermissions(Criteria criteria)
 634  
             throws DataBackendException
 635  
     {
 636  0
         Vector permissions = new Vector();
 637  
 
 638  
         try
 639  
         {
 640  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 641  
 
 642  0
             String baseSearch = LDAPSecurityConstants.getBaseSearch();
 643  0
             String filter = "(objectClass=turbinePermission)";
 644  
 
 645  
             /*
 646  
              * Create the default search controls.
 647  
              */
 648  0
             SearchControls ctls = new SearchControls();
 649  
 
 650  0
             NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
 651  
 
 652  0
             while (answer.hasMore())
 653  
             {
 654  0
                 SearchResult sr = (SearchResult) answer.next();
 655  0
                 Attributes attribs = sr.getAttributes();
 656  0
                 Attribute attr = attribs.get("turbinePermissionName");
 657  
 
 658  0
                 if (attr != null && attr.get() != class="keyword">null)
 659  
                 {
 660  0
                     Permission perm = getNewPermission(attr.get().toString());
 661  
 
 662  0
                     permissions.add(perm);
 663  
                 }
 664  
                 else
 665  
                 {
 666  0
                     log.error("Permission doesn't have a name");
 667  
                 }
 668  
             }
 669  
         }
 670  0
         catch (NamingException ex)
 671  
         {
 672  0
             throw new DataBackendException(
 673  
                     "The LDAP server specified is unavailable", ex);
 674  0
         }
 675  0
         return new PermissionSet(permissions);
 676  
     }
 677  
 
 678  
     /**
 679  
      * Retrieves all permissions associated with a role.
 680  
      *
 681  
      * @param role the role name, for which the permissions are to be retrieved.
 682  
      * @throws DataBackendException if there was an error accessing the backend.
 683  
      * @throws UnknownEntityException if the role is not present.
 684  
      * @return a PermissionSet.
 685  
      */
 686  
     public PermissionSet getPermissions(Role role)
 687  
             throws DataBackendException, UnknownEntityException
 688  
     {
 689  0
         Hashtable permissions = new Hashtable();
 690  
 
 691  
         try
 692  
         {
 693  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 694  
 
 695  0
             String baseSearch = LDAPSecurityConstants.getBaseSearch();
 696  0
             String filter = "(& ";
 697  
 
 698  0
             filter += "(objectClass=turbineRole)";
 699  0
             filter += "(turbineRoleName=" + role.getName() + ")";
 700  0
             filter += ")";
 701  
 
 702  
             /*
 703  
              * Create the default search controls.
 704  
              */
 705  0
             SearchControls ctls = new SearchControls();
 706  
 
 707  0
             NamingEnumeration answer = ctx.search(baseSearch, filter, ctls);
 708  
 
 709  0
             while (answer.hasMore())
 710  
             {
 711  0
                 SearchResult sr = (SearchResult) answer.next();
 712  0
                 Attributes attribs = sr.getAttributes();
 713  0
                 Attribute attr = attribs.get("turbinePermissionName");
 714  
 
 715  0
                 if (attr != null)
 716  
                 {
 717  0
                     NamingEnumeration values = attr.getAll();
 718  
 
 719  0
                     while (values.hasMore())
 720  
                     {
 721  0
                         String permName = values.next().toString();
 722  0
                         Permission perm = getNewPermission(permName);
 723  
 
 724  0
                         permissions.put(perm.getName(), perm);
 725  
                     }
 726  
                 }
 727  
             }
 728  
         }
 729  0
         catch (NamingException ex)
 730  
         {
 731  0
             throw new DataBackendException(
 732  
                     "The LDAP server specified is unavailable", ex);
 733  0
         }
 734  0
         return new PermissionSet(permissions.values());
 735  
     }
 736  
 
 737  
     /**
 738  
      * Stores Group's attributes. The Groups is required to exist in the system.
 739  
      *
 740  
      * @param group The Group to be stored.
 741  
      * @throws DataBackendException if there was an error accessing the backend.
 742  
      * @throws UnknownEntityException if the group does not exist.
 743  
      */
 744  
     public void saveGroup(Group group) throws DataBackendException,
 745  
             UnknownEntityException
 746  
     {
 747  
         // Not implemented yet.
 748  0
     }
 749  
 
 750  
     /**
 751  
      * Stores Role's attributes. The Roles is required to exist in the system.
 752  
      *
 753  
      * @param role The Role to be stored.
 754  
      * @throws DataBackendException if there was an error accessing the backend.
 755  
      * @throws UnknownEntityException if the role does not exist.
 756  
      */
 757  
     public void saveRole(Role role) throws DataBackendException,
 758  
             UnknownEntityException
 759  
     {
 760  
         // Not implemented yet.
 761  0
     }
 762  
 
 763  
     /**
 764  
      * Stores Permission's attributes. The Permissions is required to exist in
 765  
      * the system.
 766  
      *
 767  
      * @param permission The Permission to be stored.
 768  
      * @throws DataBackendException if there was an error accessing the backend.
 769  
      * @throws UnknownEntityException if the permission does not exist.
 770  
      */
 771  
     public void savePermission(Permission permission)
 772  
             throws DataBackendException, UnknownEntityException
 773  
     {
 774  
         // Not implemented yet.
 775  0
     }
 776  
 
 777  
     /**
 778  
      * Creates a new group with specified attributes.
 779  
      * <strong>Not implemented</strong>
 780  
      *
 781  
      * @param group the object describing the group to be created.
 782  
      * @return a new Group object that has id set up properly.
 783  
      * @throws DataBackendException if there was an error accessing the backend.
 784  
      * @throws EntityExistsException if the group already exists.
 785  
      */
 786  
     public synchronized Group addGroup(Group group)
 787  
             throws DataBackendException, EntityExistsException
 788  
     {
 789  
         try
 790  
         {
 791  0
             lockExclusive();
 792  
 
 793  0
             String groupName = group.getName();
 794  
 
 795  0
             if (checkExists(group))
 796  
             {
 797  0
                 throw new EntityExistsException(
 798  
                         "Group '" + groupName + "' already exists");
 799  
             }
 800  
 
 801  
             // Make the distinguished name.
 802  0
             String dn = "turbineGroupName=" + groupName + ","
 803  
                     + LDAPSecurityConstants.getBaseSearch();
 804  
 
 805  
             // Make the attributes.
 806  0
             Attributes attrs = new BasicAttributes();
 807  
 
 808  0
             attrs.put(new BasicAttribute("objectClass", "turbineGroup"));
 809  0
             attrs.put(new BasicAttribute("turbineGroupName", groupName));
 810  
 
 811  
             // Connect to LDAP.
 812  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 813  
 
 814  
             // Add the group in LDAP.
 815  0
             ctx.bind(dn, null, attrs);
 816  
 
 817  
             // Add the group to system-wide cache.
 818  0
             getAllGroups().add(group);
 819  
 
 820  0
             return group;
 821  
         }
 822  0
         catch (NamingException ex)
 823  
         {
 824  0
             throw new DataBackendException("NamingException caught", ex);
 825  
         }
 826  
         finally
 827  
         {
 828  0
             unlockExclusive();
 829  
         }
 830  
     }
 831  
 
 832  
     /**
 833  
      * Creates a new role with specified attributes.
 834  
      *
 835  
      * @param role the object describing the role to be created.
 836  
      * @return a new Role object that has id set up properly.
 837  
      * @throws DataBackendException if there was an error accessing the backend.
 838  
      * @throws EntityExistsException if the role already exists.
 839  
      */
 840  
     public synchronized Role addRole(Role role)
 841  
             throws DataBackendException, EntityExistsException
 842  
     {
 843  
         try
 844  
         {
 845  0
             lockExclusive();
 846  
 
 847  0
             String roleName = role.getName();
 848  
 
 849  0
             if (checkExists(role))
 850  
             {
 851  0
                 throw new EntityExistsException(
 852  
                         "Role '" + roleName + "' already exists");
 853  
             }
 854  
 
 855  
             // Make the distinguished name.
 856  0
             String dn = "turbineRoleName=" + roleName + ","
 857  
                     + LDAPSecurityConstants.getBaseSearch();
 858  
 
 859  
             // Make the attributes.
 860  0
             Attributes attrs = new BasicAttributes();
 861  
 
 862  0
             attrs.put(new BasicAttribute("objectClass", "turbineRole"));
 863  0
             attrs.put(new BasicAttribute("turbineRoleName", roleName));
 864  
 
 865  
             // Connect to LDAP.
 866  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 867  
 
 868  
             // Add the role in LDAP.
 869  0
             ctx.bind(dn, null, attrs);
 870  
 
 871  
             // Add the role to system-wide cache.
 872  0
             getAllRoles().add(role);
 873  
 
 874  0
             return role;
 875  
         }
 876  0
         catch (NamingException ex)
 877  
         {
 878  0
             throw new DataBackendException("NamingException caught", ex);
 879  
         }
 880  
         finally
 881  
         {
 882  0
             unlockExclusive();
 883  
         }
 884  
     }
 885  
 
 886  
     /**
 887  
      * Creates a new permission with specified attributes.
 888  
      * <strong>Not implemented</strong>
 889  
      *
 890  
      * @param permission the object describing the permission to be created.
 891  
      * @return a new Permission object that has id set up properly.
 892  
      * @throws DataBackendException if there was an error accessing the backend.
 893  
      * @throws EntityExistsException if the permission already exists.
 894  
      */
 895  
     public synchronized Permission addPermission(Permission permission)
 896  
             throws DataBackendException, EntityExistsException
 897  
     {
 898  
         try
 899  
         {
 900  0
             lockExclusive();
 901  
 
 902  0
             String permName = permission.getName();
 903  
 
 904  0
             if (checkExists(permission))
 905  
             {
 906  0
                 throw new EntityExistsException(
 907  
                         "Permission '" + permName + "' already exists");
 908  
             }
 909  
 
 910  
             // Make the distinguished name.
 911  0
             String dn = "turbinePermissionName=" + permName + ","
 912  
                     + LDAPSecurityConstants.getBaseSearch();
 913  
 
 914  
             // Make the attributes.
 915  0
             Attributes attrs = new BasicAttributes();
 916  
 
 917  0
             attrs.put(new BasicAttribute("objectClass", "turbinePermission"));
 918  0
             attrs.put(new BasicAttribute("turbinePermissionName", permName));
 919  
 
 920  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 921  
 
 922  
             // Add the permission in LDAP.
 923  0
             ctx.bind(dn, null, attrs);
 924  
 
 925  
             // add the permission to system-wide cache
 926  0
             getAllPermissions().add(permission);
 927  
 
 928  0
             return permission;
 929  
         }
 930  0
         catch (NamingException ex)
 931  
         {
 932  0
             throw new DataBackendException("NamingException caught", ex);
 933  
         }
 934  
         finally
 935  
         {
 936  0
             unlockExclusive();
 937  
         }
 938  
     }
 939  
 
 940  
     /**
 941  
      * Removes a Group from the system.
 942  
      *
 943  
      * @param group object describing group to be removed.
 944  
      * @throws DataBackendException if there was an error accessing the backend.
 945  
      * @throws UnknownEntityException if the group does not exist.
 946  
      */
 947  
     public synchronized void removeGroup(Group group)
 948  
             throws DataBackendException, UnknownEntityException
 949  
     {
 950  
         try
 951  
         {
 952  0
             lockExclusive();
 953  
 
 954  0
             String groupName = group.getName();
 955  
 
 956  0
             if (!checkExists(group))
 957  
             {
 958  0
                 throw new UnknownEntityException(
 959  
                         "Group '" + groupName + "' does not exist");
 960  
             }
 961  
 
 962  
             // Make the distinguished name.
 963  0
             String dn = "turbineGroupName=" + groupName + ","
 964  
                     + LDAPSecurityConstants.getBaseSearch();
 965  
 
 966  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 967  
 
 968  
             // Remove the group from LDAP.
 969  0
             ctx.unbind(dn);
 970  
 
 971  
             // Remove the group from system-wide cache.
 972  0
             getAllGroups().remove(group);
 973  
         }
 974  0
         catch (NamingException ex)
 975  
         {
 976  0
             throw new DataBackendException("NamingException caught", ex);
 977  
         }
 978  
         finally
 979  
         {
 980  0
             unlockExclusive();
 981  0
         }
 982  0
     }
 983  
 
 984  
     /**
 985  
      * Removes a Role from the system.
 986  
      *
 987  
      * @param role object describing role to be removed.
 988  
      * @throws DataBackendException if there was an error accessing the backend.
 989  
      * @throws UnknownEntityException if the role does not exist.
 990  
      */
 991  
     public synchronized void removeRole(Role role)
 992  
             throws DataBackendException, UnknownEntityException
 993  
     {
 994  
         try
 995  
         {
 996  0
             lockExclusive();
 997  
 
 998  0
             String roleName = role.getName();
 999  
 
 1000  0
             if (!checkExists(role))
 1001  
             {
 1002  0
                 throw new UnknownEntityException(
 1003  
                         "Role '" + roleName + "' does not exist");
 1004  
             }
 1005  
 
 1006  
             // Make the distinguished name.
 1007  0
             String dn = "turbineRoleName=" + roleName + ","
 1008  
                     + LDAPSecurityConstants.getBaseSearch();
 1009  
 
 1010  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 1011  
 
 1012  
             // Remove the role from LDAP.
 1013  0
             ctx.unbind(dn);
 1014  
 
 1015  
             // Remove the role from system-wide cache.
 1016  0
             getAllRoles().remove(role);
 1017  
         }
 1018  0
         catch (NamingException ex)
 1019  
         {
 1020  0
             throw new DataBackendException("NamingException caught", ex);
 1021  
         }
 1022  
         finally
 1023  
         {
 1024  0
             unlockExclusive();
 1025  0
         }
 1026  0
     }
 1027  
 
 1028  
     /**
 1029  
      * Removes a Permission from the system.
 1030  
      *
 1031  
      * @param permission object describing permission to be removed.
 1032  
      * @throws DataBackendException if there was an error accessing the backend.
 1033  
      * @throws UnknownEntityException if the permission does not exist.
 1034  
      */
 1035  
     public synchronized void removePermission(Permission permission)
 1036  
             throws DataBackendException, UnknownEntityException
 1037  
     {
 1038  
         try
 1039  
         {
 1040  0
             lockExclusive();
 1041  
 
 1042  0
             String permName = permission.getName();
 1043  
 
 1044  0
             if (!checkExists(permission))
 1045  
             {
 1046  0
                 throw new UnknownEntityException(
 1047  
                         "Permission '" + permName + "' does not exist");
 1048  
             }
 1049  
 
 1050  
             // Make the distinguished name.
 1051  0
             String dn = "turbinePermissionName=" + permName + ","
 1052  
                     + LDAPSecurityConstants.getBaseSearch();
 1053  
 
 1054  0
             DirContext ctx = LDAPUserManager.bindAsAdmin();
 1055  
 
 1056  
             // Remove the permission in LDAP.
 1057  0
             ctx.unbind(dn);
 1058  
 
 1059  
             // Remove the permission from system-wide cache.
 1060  0
             getAllPermissions().remove(permission);
 1061  
         }
 1062  0
         catch (NamingException ex)
 1063  
         {
 1064  0
             throw new DataBackendException("NamingException caught", ex);
 1065  
         }
 1066  
         finally
 1067  
         {
 1068  0
             unlockExclusive();
 1069  0
         }
 1070  0
     }
 1071  
 
 1072  
     /**
 1073  
      * Renames an existing Group.
 1074  
      *
 1075  
      * @param group object describing the group to be renamed.
 1076  
      * @param name the new name for the group.
 1077  
      * @throws DataBackendException if there was an error accessing the backend.
 1078  
      * @throws UnknownEntityException if the group does not exist.
 1079  
      */
 1080  
     public synchronized void renameGroup(Group group, String name)
 1081  
             throws DataBackendException, UnknownEntityException
 1082  
     {
 1083  
         // Not implemented yet.
 1084  0
     }
 1085  
 
 1086  
     /**
 1087  
      * Renames an existing Role.
 1088  
      *
 1089  
      * @param role object describing the role to be renamed.
 1090  
      * @param name the new name for the role.
 1091  
      * @throws DataBackendException if there was an error accessing the backend.
 1092  
      * @throws UnknownEntityException if the role does not exist.
 1093  
      */
 1094  
     public synchronized void renameRole(Role role, String name)
 1095  
             throws DataBackendException, UnknownEntityException
 1096  
     {
 1097  
         // Not implemented yet.
 1098  0
     }
 1099  
 
 1100  
     /**
 1101  
      * Renames an existing Permission.
 1102  
      *
 1103  
      * @param permission object describing the permission to be renamed.
 1104  
      * @param name the new name for the permission.
 1105  
      * @throws DataBackendException if there was an error accessing the backend.
 1106  
      * @throws UnknownEntityException if the permission does not exist.
 1107  
      */
 1108  
     public synchronized void renamePermission(Permission permission,
 1109  
                                               String name)
 1110  
             throws DataBackendException, UnknownEntityException
 1111  
     {
 1112  
         // Not implemented yet.
 1113  0
     }
 1114  
 
 1115  
     /**
 1116  
      * Revoke all the roles to a user
 1117  
      * @param user the user.
 1118  
      * @throws DataBackendException if there is an error with the data backend.
 1119  
      * @throws UnkownEntityException if the role or a permission is not found.
 1120  
      */
 1121  
     public void revokeAll(User user)
 1122  
             throws DataBackendException, UnknownEntityException
 1123  
     {
 1124  0
         Iterator groupsIterator = getAllGroups().iterator();
 1125  0
         while (groupsIterator.hasNext())
 1126  
         {
 1127  0
             Group group = (Group) groupsIterator.next();
 1128  0
             Iterator rolesIterator = getRoles(user, group).iterator();
 1129  0
             while (rolesIterator.hasNext())
 1130  
             {
 1131  0
                 Role role = (Role) rolesIterator.next();
 1132  0
                 revoke(user, group, role);
 1133  
             }
 1134  
         }
 1135  0
     }
 1136  
 
 1137  
     /**
 1138  
      * Revoke all the permissions to a role.
 1139  
      * @param role the role.
 1140  
      * @throws DataBackendException if there is an error with the data backend.
 1141  
      * @throws UnkownEntityException if the role or a permission is not found.
 1142  
      */
 1143  
     public void revokeAll(Role role)
 1144  
             throws DataBackendException, UnknownEntityException
 1145  
     {
 1146  0
         PermissionSet permissions = getPermissions(role);
 1147  0
         Iterator permIterator = permissions.iterator();
 1148  0
         while (permIterator.hasNext())
 1149  
         {
 1150  0
             Permission perm = (Permission) permIterator.next();
 1151  0
             revoke(role, perm);
 1152  
         }
 1153  0
     }
 1154  
 
 1155  
     /**
 1156  
      * Revoke all the roles to a group.
 1157  
      * @param group the group.
 1158  
      * @throws DataBackendException if there is an error with the data backend.
 1159  
      * @throws UnkownEntityException if the role or a permission is not found.
 1160  
      */
 1161  
     public void revokeAll(Group group)
 1162  
             throws DataBackendException, UnknownEntityException
 1163  
     {
 1164  0
         for (Iterator it = getUserList(new Criteria()).iterator();
 1165  0
              it.hasNext();)
 1166  
         {
 1167  0
             User user = (User) it.next();
 1168  0
             for (Iterator rolesIterator = getRoles(user, group).iterator();
 1169  0
                  rolesIterator.hasNext();)
 1170  
             {
 1171  0
                 Role role = (Role) rolesIterator.next();
 1172  0
                 revoke(user, group, role);
 1173  
             }
 1174  
         }
 1175  0
     }
 1176  
 
 1177  
     /**
 1178  
      * Determines if the <code>Role</code> exists in the security system.
 1179  
      *
 1180  
      * @param role a <code>Role</code> value
 1181  
      * @return true if the role exists in the system, false otherwise
 1182  
      * @throws DataBackendException if there is an error with LDAP
 1183  
      */
 1184  
     public boolean checkExists(Role role)
 1185  
             throws DataBackendException
 1186  
     {
 1187  0
         RoleSet roleSet = getRoles(new Criteria());
 1188  
 
 1189  0
         return roleSet.contains(role);
 1190  
     }
 1191  
 
 1192  
     /**
 1193  
      * Determines if the <code>Group</code> exists in the security system.
 1194  
      *
 1195  
      * @param group a <code>Group</code> value
 1196  
      * @return true if the group exists in the system, false otherwise
 1197  
      * @throws DataBackendException if there is an error with LDAP
 1198  
      */
 1199  
     public boolean checkExists(Group group)
 1200  
             throws DataBackendException
 1201  
     {
 1202  0
         GroupSet groupSet = getGroups(new Criteria());
 1203  
 
 1204  0
         return groupSet.contains(group);
 1205  
     }
 1206  
 
 1207  
     /**
 1208  
      * Determines if the <code>Permission</code> exists in the security system.
 1209  
      *
 1210  
      * @param permission a <code>Permission</code> value
 1211  
      * @return true if the permission exists in the system, false otherwise
 1212  
      * @throws DataBackendException if there is an error with LDAP
 1213  
      */
 1214  
     public boolean checkExists(Permission permission)
 1215  
             throws DataBackendException
 1216  
     {
 1217  0
         PermissionSet permissionSet = getPermissions(new Criteria());
 1218  
 
 1219  0
         return permissionSet.contains(permission);
 1220  
     }
 1221  
 }

This report is generated by jcoverage, Maven and Maven JCoverage Plugin.