Source Code of org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jetspeed.security.spi.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import javax.naming.NamingException;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.security.GroupPrincipal;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
import org.apache.jetspeed.security.spi.GroupSecurityHandler;
import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;

/**
 * @see org.apache.jetspeed.security.spi.GroupSecurityHandler
 * @author <a href="mailto:mike.long@dataline.com">Mike Long </a><br/> <a
 *         href="mailto:dlestrat@apache.org">David Le Strat </a>
 */
public class LdapGroupSecurityHandler implements GroupSecurityHandler
{
    /** The logger. */
    private static final Log logger = LogFactory.getLog(LdapGroupSecurityHandler.class);

    /** The {@link LdapPrincipalDao}. */
    private LdapPrincipalDao ldap;

    /**
     * @param ldap The {@link LdapPrincipalDao}.
     */
    public LdapGroupSecurityHandler(LdapPrincipalDao ldap)
    {
        this.ldap = ldap;
    }

    /**
     * <p>
     * Default constructor.
     * </p>
     *
     * @throws NamingException A {@link NamingException}.
     * @throws SecurityException A {@link SecurityException}.
     */
    public LdapGroupSecurityHandler() throws NamingException, SecurityException
    {
        this(new LdapGroupDaoImpl());
    }

    /**
     * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipal(java.lang.String)
     */
    public GroupPrincipal getGroupPrincipal(String groupPrincipalUid)
    {
        String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(groupPrincipalUid);
        verifyGroupId(groupUidWithoutSlashes);
        try
        {
            String dn = ldap.lookupByUid(groupUidWithoutSlashes);

            if (!StringUtils.isEmpty(dn))
            {
                return new GroupPrincipalImpl(groupPrincipalUid);
            }
        }
        catch (SecurityException e)
        {
            logSecurityException(e, groupPrincipalUid);
        }
        return null;
    }

    /**
     * <p>
     * Verify that the group uid is valid.
     * </p>
     *
     * @param groupPrincipalUid The group uid.
     */
    private void verifyGroupId(String groupPrincipalUid)
    {
        if (StringUtils.isEmpty(groupPrincipalUid))
        {
            throw new IllegalArgumentException("The groupId cannot be null or empty.");
        }
    }

    /**
     * <p>
     * Log the security exception.
     * </p>
     *
     * @param e The {@link SecurityException}.
     * @param groupPrincipalUid The group principal uid.
     */
    private void logSecurityException(SecurityException e, String groupPrincipalUid)
    {
        if (logger.isErrorEnabled())
        {
            logger.error("An LDAP error has occurred for groupId:" + groupPrincipalUid, e);
        }
    }

    /**
     * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#setGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
     */
    public void setGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException
    {
        verifyGroupPrincipal(groupPrincipal);

        String fullPath = groupPrincipal.getFullPath();
        String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);
        if (getGroupPrincipal(groupUidWithoutSlashes) == null)
        {
            ldap.create(groupUidWithoutSlashes);
        }

    }

    /**
     * <p>
     * Verify that the group principal is valid.
     * </p>
     *
     * @param groupPrincipal The group principal.
     */
    private void verifyGroupPrincipal(GroupPrincipal groupPrincipal)
    {
        if (groupPrincipal == null)
        {
            throw new IllegalArgumentException("The GroupPrincipal cannot be null or empty.");
        }
    }

    /**
     * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#removeGroupPrincipal(org.apache.jetspeed.security.GroupPrincipal)
     */
    public void removeGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException
    {
        verifyGroupPrincipal(groupPrincipal);

        String fullPath = groupPrincipal.getFullPath();
        String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath);

        ldap.delete(groupUidWithoutSlashes);
    }

    /**
     * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipals(java.lang.String)
     */
    public List getGroupPrincipals(String filter)
    {
        try
        {
            return Arrays.asList(ldap.find(filter, GroupPrincipal.PREFS_GROUP_ROOT));
        }
        catch (SecurityException e)
        {
            logSecurityException(e, filter);
        }
        return new ArrayList();
    }
}