/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.security.spi.impl;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.naming.NamingException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.security.GroupPrincipal;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
import org.apache.jetspeed.security.spi.GroupSecurityHandler;
import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;
/**
* @see org.apache.jetspeed.security.spi.GroupSecurityHandler
* @author <a href="mailto:mike.long@dataline.com">Mike Long </a><br/> <a
* href="mailto:dlestrat@apache.org">David Le Strat </a>
*/
public class LdapGroupSecurityHandler implements GroupSecurityHandler
{
/** The logger. */
private static final Log logger = LogFactory.getLog(LdapGroupSecurityHandler.class);
/** The {@link LdapPrincipalDao}. */
private LdapPrincipalDao ldap;
/**
* @param ldap The {@link LdapPrincipalDao}.
*/
public LdapGroupSecurityHandler(LdapPrincipalDao ldap)
{
this.ldap = ldap;
}
/**
* <p>
* Default constructor.
* </p>
*
* @throws NamingException A {@link NamingException}.
* @throws SecurityException A {@link SecurityException}.
*/
public LdapGroupSecurityHandler() throws NamingException, SecurityException
{
this(new LdapGroupDaoImpl());
}
/**
* @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipal(java.lang.String)
*/
public GroupPrincipal getGroupPrincipal(String groupPrincipalUid)
{
String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(groupPrincipalUid);
verifyGroupId(groupUidWithoutSlashes);
try
{
String dn = ldap.lookupByUid(groupUidWithoutSlashes);
if (!StringUtils.isEmpty(dn))
{
return new GroupPrincipalImpl(groupPrincipalUid);
}
}
catch (SecurityException e)
{
logSecurityException(e, groupPrincipalUid);
}
return null;
}
/**
* <p>
* Verify that the group uid is valid.
* </p>
*
* @param groupPrincipalUid The group uid.
*/
private void verifyGroupId(String groupPrincipalUid)
{
if (StringUtils.isEmpty(groupPrincipalUid))
{
throw new IllegalArgumentException("The groupId cannot be null or empty.");
}
}
/**
* <p>
* Log the security exception.
* </p>
*
* @param e The {@link SecurityException}.
* @param groupPrincipalUid The group principal uid.
*/
private void logSecurityException(SecurityException e, String groupPrincipalUid)
{
if (logger.isErrorEnabled())
{
logger.error("An LDAP error has occurred for groupId:" + groupPrincipalUid, e);
}
}
/**
* @see org.apache.jetspeed.security.spi.GroupSecurityHandler#setGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
*/
public void setGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException
{
verifyGroupPrincipal(groupPrincipal);
String fullPath = groupPrincipal.getFullPath();
String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);
if (getGroupPrincipal(groupUidWithoutSlashes) == null)
{
ldap.create(groupUidWithoutSlashes);
}
}
/**
* <p>
* Verify that the group principal is valid.
* </p>
*
* @param groupPrincipal The group principal.
*/
private void verifyGroupPrincipal(GroupPrincipal groupPrincipal)
{
if (groupPrincipal == null)
{
throw new IllegalArgumentException("The GroupPrincipal cannot be null or empty.");
}
}
/**
* @see org.apache.jetspeed.security.spi.GroupSecurityHandler#removeGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
*/
public void removeGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException
{
verifyGroupPrincipal(groupPrincipal);
String fullPath = groupPrincipal.getFullPath();
String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);
ldap.delete(groupUidWithoutSlashes);
}
/**
* @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipals(java.lang.String)
*/
public List getGroupPrincipals(String filter)
{
try
{
return Arrays.asList(ldap.find(filter, GroupPrincipal.PREFS_GROUP_ROOT));
}
catch (SecurityException e)
{
logSecurityException(e, filter);
}
return new ArrayList();
}
}