Package com.esri.gpt.framework.security.identity.ldap

Examples of com.esri.gpt.framework.security.identity.ldap.LdapConnectionProperties


    // connection properties & service account
    Node ndCon = (Node) xpath.evaluate("ldapConnectionProperties", ndLdap,
        XPathConstants.NODE);
    if (ndCon != null) {
      LdapConnectionProperties props = ldapConfig.getConnectionProperties();
      props.setProviderUrl(xpath.evaluate("@providerURL", ndCon));
      props.setInitialContextFactoryName(xpath.evaluate(
          "@initialContextFactoryName", ndCon));
      props.setSecurityAuthenticationLevel(xpath.evaluate(
          "@securityAuthentication", ndCon));
      props.setSecurityProtocol(xpath.evaluate("@securityProtocol", ndCon));

      Node ndService = (Node) xpath.evaluate("ldapServiceAccount", ndCon, XPathConstants.NODE);
      if (ndService != null) {
        String sUser = xpath.evaluate("@securityPrincipal", ndService);
        String sPwd = xpath.evaluate("@securityCredentials", ndService);
        boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndService), false);
        if (bEncrypted) {
          try {
            String sDecrypted = PC1_Encryptor.decrypt(sPwd);
            sPwd = sDecrypted;
          } catch (Exception e) {
            this.getLogger().log(Level.SEVERE, "The securityCredentials failed to decrypt.", e);
          }
        }
        UsernamePasswordCredentials creds = new UsernamePasswordCredentials(sUser, sPwd);
        props.setServiceAccountCredentials(creds);
        idConfig.setCatalogAdminDN(xpath.evaluate("@catalogAdminDN", ndService));
      }
    }

    // single sign-on mechanism
    Node ndSSO = (Node) xpath.evaluate("singleSignOn", ndLdap,
        XPathConstants.NODE);
    if (ndSSO != null) {
      SingleSignOnMechanism sso = idConfig.getSingleSignOnMechanism();
      sso.setActive(Val.chkBool(xpath.evaluate("@active", ndSSO), false));
      sso.setCredentialLocation(xpath.evaluate("@credentialLocation", ndSSO));
      sso.setAnonymousValue(xpath.evaluate("@anonymousValue", ndSSO));
    }

    // self care support
    Node ndSupport = (Node) xpath.evaluate("selfCareSupport", ndLdap,
        XPathConstants.NODE);
    if (ndSupport != null) {
      IdentitySupport support = idConfig.getSupportedFunctions();
      support.setSupportsLogin(Val.chkBool(xpath.evaluate("@supportsLogin",
          ndSupport), true));
      support.setSupportsLogout(Val.chkBool(xpath.evaluate("@supportsLogout",
          ndSupport), true));
      support.setSupportsUserRegistration(Val.chkBool(xpath.evaluate(
          "@supportsUserRegistration", ndSupport), false));
      support.setSupportsUserProfileManagement(Val.chkBool(xpath.evaluate(
          "@supportsUserProfileManagement", ndSupport), false));
      support.setSupportsPasswordChange(Val.chkBool(xpath.evaluate(
          "@supportsPasswordChange", ndSupport), false));
      support.setSupportsPasswordRecovery(Val.chkBool(xpath.evaluate(
          "@supportsPasswordRecovery", ndSupport), false));
    }

    // roles
    Node ndRoles = (Node) xpath.evaluate("roles", ndLdap, XPathConstants.NODE);
    if (ndRoles != null) {
      Roles roles = idConfig.getConfiguredRoles();
      String sRegUserKey = Val.chkStr(xpath.evaluate("@registeredUserRoleKey",
          ndRoles));
      if (sRegUserKey.length() == 0) {
        sRegUserKey = "gptRegisteredUser";
      }
      roles.setAuthenticatedUserRequiresRole(Val.chkBool(xpath.evaluate(
          "@authenticatedUserRequiresRole", ndRoles), true));
      roles.setRegisteredUserRoleKey(sRegUserKey);
                
      NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles,
          XPathConstants.NODESET);
      for (int i = 0; i < nlRoles.getLength(); i++) {
        Node ndRole = nlRoles.item(i);
        Role role = new Role();
        role.setKey(xpath.evaluate("@key", ndRole));
        role.setInherits(xpath.evaluate("@inherits", ndRole));
        role.setResKey(xpath.evaluate("@resKey", ndRole));
        role.setManage(Val.chkBool(xpath.evaluate("@manage", ndRole),true));
        role.setForbidden(Val.chkBool(xpath.evaluate("@forbidden", ndRole),false));
        role.setDistinguishedName(xpath.evaluate("@groupDN", ndRole));
        roles.add(role);
      }
      for (Role role : roles.values()) {
        role.buildFullRoleSet(roles);
      }
    }

    // user properties
    Node ndUser = (Node) xpath.evaluate("users", ndLdap, XPathConstants.NODE);
    if (ndUser != null) {
      LdapUserProperties props = ldapConfig.getUserProperties();
      props.setUserDisplayNameAttribute(xpath.evaluate("@displayNameAttribute",
          ndUser));
      props.setPasswordEncryptionAlgorithm(xpath.evaluate(
          "@passwordEncryptionAlgorithm", ndUser));
      props.setUserDNPattern(xpath.evaluate("@newUserDNPattern", ndUser));
      props.setUsernameSearchPattern(xpath.evaluate("@usernameSearchPattern",
          ndUser));
     
      props.setUserRequestsSearchPattern(xpath.evaluate("@newUserRequestSearchPattern",
              ndUser));
     
      props.setUserSearchDIT(xpath.evaluate("@searchDIT", ndUser));
      NodeList nlObj = (NodeList) xpath.evaluate(
          "requiredObjectClasses/objectClass/@name", ndUser,
          XPathConstants.NODESET);
      for (int i = 0; i < nlObj.getLength(); i++) {
        props.addUserObjectClass(nlObj.item(i).getNodeValue());
      }
    }

    // user profile parameters
    UserAttributeMap uaMap = idConfig.getUserAttributeMap();
    NodeList nlUserAttr = (NodeList) xpath.evaluate(
        "users/userAttributeMap/attribute", ndLdap, XPathConstants.NODESET);
    for (int i = 0; i < nlUserAttr.getLength(); i++) {
      UserAttribute attr = new UserAttribute();
      attr.setKey(xpath.evaluate("@key", nlUserAttr.item(i)));
      attr.setLdapName(xpath.evaluate("@ldapName", nlUserAttr.item(i)));

      // TODO: need to do a better check to filter out badly defined
      // parameters
      boolean bIsLdap = (idConfig.getAdapterClassName().indexOf("Ldap") != -1);
      if (bIsLdap && (attr.getLdapName().length() > 0)) {
        uaMap.add(attr);
      }
    }
    ldapConfig.getUserProperties().getUserProfileMapping().configureFromUserAttributes(uaMap);

    // group properties
    Node ndGroup = (Node) xpath.evaluate("groups", ndLdap, XPathConstants.NODE);
    if (ndGroup != null) {
      LdapGroupProperties props = ldapConfig.getGroupProperties();
      props.setGroupDisplayNameAttribute(xpath.evaluate(
          "@displayNameAttribute", ndGroup));
      props.setGroupDynamicMemberAttribute(xpath.evaluate(
          "@dynamicMemberOfGroupsAttribute", ndGroup));
      props.setGroupDynamicMembersAttribute(xpath.evaluate(
          "@dynamicMembersAttribute", ndGroup));
      props.setGroupMemberAttribute(xpath.evaluate("@memberAttribute", ndGroup));
      props.setGroupMemberSearchPattern(xpath.evaluate("@memberSearchPattern",
          ndGroup));
      props.setGroupNameSearchPattern(xpath.evaluate("@nameSearchPattern",
          ndGroup));
      props.setGroupSearchDIT(xpath.evaluate("@searchDIT", ndGroup));
    }

    // metadata management groups
    NodeList nlMmg = (NodeList) xpath.evaluate("groups/metadataManagementGroup",ndLdap,XPathConstants.NODESET);
    for (int i = 0; i < nlMmg.getLength(); i++) {
View Full Code Here

TOP

Related Classes of com.esri.gpt.framework.security.identity.ldap.LdapConnectionProperties

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.