Source Code of org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jetspeed.security.spi.impl;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;

import javax.naming.NamingException;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.UserPrincipal;
import org.apache.jetspeed.security.impl.UserPrincipalImpl;
import org.apache.jetspeed.security.spi.UserSecurityHandler;
import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl;

/**
 * @see org.apache.jetspeed.security.spi.UserSecurityHandler
 * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>
 */
public class LdapUserSecurityHandler implements UserSecurityHandler
{
    /** The logger. */
    private static final Log logger = LogFactory.getLog(LdapUserSecurityHandler.class);

    /** The {@link LdapPrincipalDao}. */
    private LdapPrincipalDao ldap;

    /**
     * @param ldap The LdapPrincipalDao.
     */
    public LdapUserSecurityHandler(LdapPrincipalDao ldap)
    {
        this.ldap = ldap;
    }

    /**
     * <p>
     * Default constructor.
     * </p>
     */
    public LdapUserSecurityHandler() throws NamingException, SecurityException
    {
        this(new LdapUserPrincipalDaoImpl());
    }

    /**
     * <p>
     * Lookup the user by his UID attribute on the Ldap Server.
     * </p>
     *
     * @return true if the Ldap Server finds a user with that UID; false if he
     *         is not found or some sort of NamingException occurred.
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#isUserPrincipal(java.lang.String)
     */
    public boolean isUserPrincipal(String uid)
    {
        verifyUid(uid);
        return getUserPrincipal(uid) != null;
    }

    /**
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#getUserPrincipal(java.lang.String)
     */
    public Principal getUserPrincipal(String uid)
    {
        verifyUid(uid);
        try
        {
            String dn = ldap.lookupByUid(uid);

            if (!StringUtils.isEmpty(dn))
            {
                return new UserPrincipalImpl(uid);
            }
        }
        catch (SecurityException e)
        {
            logSecurityException(e, uid);
        }

        return null;
    }

    /**
     * <p>
     * Verify the uid.
     * </p>
     *
     * @param uid The uid.
     */
    private void verifyUid(String uid)
    {
        if (StringUtils.isEmpty(uid))
        {
            throw new IllegalArgumentException("The uid cannot be null or empty.");
        }
    }

    /**
     * @param se SecurityException Throws a {@link SecurityException}.
     * @param uid The uid.
     */
    private void logSecurityException(SecurityException se, String uid)
    {
        if (logger.isErrorEnabled())
        {
            logger.error("An LDAP error has occurred for user uid:" + uid, se);
        }
    }

    /**
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#getUserPrincipals(java.lang.String)
     */
    public List getUserPrincipals(String filter)
    {
        try
        {
            return Arrays.asList(ldap.find(filter, UserPrincipal.PREFS_USER_ROOT));
        }
        catch (SecurityException e)
        {
            logSecurityException(e, filter);
        }

        return new ArrayList();
    }

    /**
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#addUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
     */
    public void addUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
    {
        verifyUserPrincipal(userPrincipal);

        String uid = userPrincipal.getName();
        if (isUserPrincipal(uid))
        {
            throw new SecurityException(SecurityException.USER_ALREADY_EXISTS.create(uid));
        }
        ldap.create(uid);
    }

    /**
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#updateUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
     */
    public void updateUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
    {
        verifyUserPrincipal(userPrincipal);
        String uid = userPrincipal.getName();
        if (!isUserPrincipal(uid))
        {
            ldap.create(uid);
        }
    }

    /**
     * @param userPrincipal
     */
    private void verifyUserPrincipal(UserPrincipal userPrincipal)
    {
        if (userPrincipal == null)
        {
            throw new IllegalArgumentException("The UserPrincipal cannot be null or empty.");
        }
    }

    /**
     * @see org.apache.jetspeed.security.spi.UserSecurityHandler#removeUserPrincipal(org.apache.jetspeed.security.UserPrincipal)
     */
    public void removeUserPrincipal(UserPrincipal userPrincipal) throws SecurityException
    {
        verifyUserPrincipal(userPrincipal);

        String uid = userPrincipal.getName();

        ldap.delete(uid);
    }
}