| package org.apache.archiva.redback.rbac.ldap; |
| |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| import org.apache.archiva.redback.common.ldap.MappingException; |
| import org.apache.archiva.redback.common.ldap.connection.LdapConnection; |
| import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory; |
| import org.apache.archiva.redback.common.ldap.connection.LdapException; |
| import org.apache.archiva.redback.common.ldap.role.LdapRoleMapper; |
| import org.apache.archiva.redback.common.ldap.role.LdapRoleMapperConfiguration; |
| import org.apache.archiva.redback.components.cache.Cache; |
| import org.apache.archiva.redback.configuration.UserConfiguration; |
| import org.apache.archiva.redback.configuration.UserConfigurationKeys; |
| import org.apache.archiva.redback.rbac.AbstractRBACManager; |
| import org.apache.archiva.redback.rbac.AbstractRole; |
| import org.apache.archiva.redback.rbac.Operation; |
| import org.apache.archiva.redback.rbac.Permission; |
| import org.apache.archiva.redback.rbac.RBACManager; |
| import org.apache.archiva.redback.rbac.RBACManagerListener; |
| import org.apache.archiva.redback.rbac.RBACObjectAssertions; |
| import org.apache.archiva.redback.rbac.RbacManagerException; |
| import org.apache.archiva.redback.rbac.RbacObjectInvalidException; |
| import org.apache.archiva.redback.rbac.RbacObjectNotFoundException; |
| import org.apache.archiva.redback.rbac.RbacPermanentException; |
| import org.apache.archiva.redback.rbac.Resource; |
| import org.apache.archiva.redback.rbac.Role; |
| import org.apache.archiva.redback.rbac.UserAssignment; |
| import org.apache.archiva.redback.users.User; |
| import org.apache.archiva.redback.users.UserManager; |
| import org.apache.archiva.redback.users.UserManagerException; |
| import org.apache.archiva.redback.users.ldap.ctl.LdapController; |
| import org.apache.archiva.redback.users.ldap.ctl.LdapControllerException; |
| import org.apache.commons.lang.StringUtils; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| import org.springframework.stereotype.Service; |
| |
| import javax.annotation.PostConstruct; |
| import javax.inject.Inject; |
| import javax.inject.Named; |
| import javax.naming.NamingException; |
| import javax.naming.directory.DirContext; |
| import java.util.ArrayList; |
| import java.util.Collection; |
| import java.util.Collections; |
| import java.util.HashSet; |
| import java.util.List; |
| import java.util.Map; |
| import java.util.Set; |
| |
| /** |
| * LdapRbacManager will read datas from ldap for mapping groups to role. |
| * Write operations will delegate to cached implementation. |
| * |
| * @author Olivier Lamy |
| */ |
| @Service("rbacManager#ldap") |
| public class LdapRbacManager |
| extends AbstractRBACManager |
| implements RBACManager, RBACManagerListener |
| { |
| |
| private Logger log = LoggerFactory.getLogger( getClass() ); |
| |
| @Inject |
| @Named(value = "rbacManager#cached") |
| private RBACManager rbacImpl; |
| |
| @Inject |
| @Named(value = "ldapRoleMapper#default") |
| private LdapRoleMapper ldapRoleMapper; |
| |
| @Inject |
| @Named(value = "userConfiguration#default") |
| private UserConfiguration userConf; |
| |
| @Inject |
| @Named(value = "userManager#ldap") |
| private UserManager userManager; |
| |
| @Inject |
| private LdapConnectionFactory ldapConnectionFactory; |
| |
| @Inject |
| private LdapController ldapController; |
| |
| @Inject |
| @Named(value = "ldapRoleMapperConfiguration#default") |
| private LdapRoleMapperConfiguration ldapRoleMapperConfiguration; |
| |
| @Inject |
| @Named(value = "cache#ldapRoles") |
| private Cache<String, Role> rolesCache; |
| |
| @Inject |
| @Named(value = "cache#userAssignments") |
| private Cache<String, UserAssignment> userAssignmentsCache; |
| |
| private boolean writableLdap = false; |
| |
| @PostConstruct |
| public void initialize() |
| { |
| this.writableLdap = userConf.getBoolean( UserConfigurationKeys.LDAP_WRITABLE, this.writableLdap ); |
| } |
| |
| |
| public void addChildRole( Role role, Role childRole ) |
| throws RbacObjectInvalidException, RbacManagerException |
| { |
| this.rbacImpl.addChildRole( role, childRole ); |
| } |
| |
| public void addListener( RBACManagerListener listener ) |
| { |
| super.addListener( listener ); |
| this.rbacImpl.addListener( listener ); |
| } |
| |
| public Operation createOperation( String name ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.createOperation( name ); |
| } |
| |
| public Permission createPermission( String name ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.createPermission( name ); |
| } |
| |
| public Permission createPermission( String name, String operationName, String resourceIdentifier ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.createPermission( name, operationName, resourceIdentifier ); |
| } |
| |
| public Resource createResource( String identifier ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.createResource( identifier ); |
| } |
| |
| public Role createRole( String name ) |
| { |
| return this.rbacImpl.createRole( name ); |
| } |
| |
| public UserAssignment createUserAssignment( String username ) |
| throws RbacManagerException |
| { |
| // TODO ldap cannot or isWritable ldap ? |
| return this.rbacImpl.createUserAssignment( username ); |
| } |
| |
| public void eraseDatabase() |
| { |
| if ( writableLdap ) |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| ldapRoleMapper.removeAllRoles( context ); |
| } |
| catch ( MappingException e ) |
| { |
| log.warn( "skip error removing all roles {}", e.getMessage() ); |
| } |
| catch ( LdapException e ) |
| { |
| log.warn( "skip error removing all roles {}", e.getMessage() ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| } |
| this.rolesCache.clear(); |
| this.userAssignmentsCache.clear(); |
| this.rbacImpl.eraseDatabase(); |
| } |
| |
| /** |
| * @see org.apache.archiva.redback.rbac.RBACManager#getAllAssignableRoles() |
| */ |
| public List<Role> getAllAssignableRoles() |
| throws RbacManagerException |
| { |
| try |
| { |
| Collection<Collection<String>> roleNames = ldapRoleMapperConfiguration.getLdapGroupMappings().values(); |
| |
| Set<Role> roles = new HashSet<Role>(); |
| |
| for ( Collection<String> names : roleNames ) |
| { |
| for ( String name : names ) |
| { |
| roles.add( new RoleImpl( name ) ); |
| } |
| } |
| |
| return new ArrayList<Role>( roles ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| } |
| |
| public List<Operation> getAllOperations() |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getAllOperations(); |
| } |
| |
| public List<Permission> getAllPermissions() |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getAllPermissions(); |
| } |
| |
| public List<Resource> getAllResources() |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getAllResources(); |
| } |
| |
| public List<Role> getAllRoles() |
| throws RbacManagerException |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| |
| List<String> groups = ldapRoleMapper.getAllGroups( context ); |
| return mapToRoles( groups ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| //return this.rbacImpl.getAllRoles(); |
| } |
| |
| |
| public List<UserAssignment> getAllUserAssignments() |
| throws RbacManagerException |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| Map<String, Collection<String>> usersWithRoles = ldapController.findUsersWithRoles( context ); |
| List<UserAssignment> userAssignments = new ArrayList<UserAssignment>( usersWithRoles.size() ); |
| |
| for ( Map.Entry<String, Collection<String>> entry : usersWithRoles.entrySet() ) |
| { |
| UserAssignment userAssignment = new UserAssignmentImpl( entry.getKey(), entry.getValue() ); |
| userAssignments.add( userAssignment ); |
| userAssignmentsCache.put( userAssignment.getPrincipal(), userAssignment ); |
| } |
| |
| return userAssignments; |
| } |
| catch ( LdapControllerException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| } |
| |
| protected void closeLdapConnection( LdapConnection ldapConnection ) |
| { |
| if ( ldapConnection != null ) |
| { |
| ldapConnection.close(); |
| } |
| } |
| |
| protected void closeContext( DirContext context ) |
| { |
| if ( context != null ) |
| { |
| try |
| { |
| context.close(); |
| } |
| catch ( NamingException e ) |
| { |
| log.warn( "skip issue closing context: {}", e.getMessage() ); |
| } |
| } |
| } |
| |
| /** |
| * public Map<String, List<Permission>> getAssignedPermissionMap( String username ) |
| * throws RbacManagerException |
| * { |
| * return this.rbacImpl.getAssignedPermissionMap( username ); |
| * }* |
| */ |
| |
| /*public Set<Permission> getAssignedPermissions( String username ) |
| throws RbacObjectNotFoundException, RbacManagerException |
| { |
| // TODO here !! |
| return this.rbacImpl.getAssignedPermissions( username ); |
| }*/ |
| private List<Role> mapToRoles( List<String> groups ) |
| throws MappingException, RbacManagerException |
| { |
| if ( groups == null || groups.isEmpty() ) |
| { |
| return Collections.emptyList(); |
| } |
| |
| List<Role> roles = new ArrayList<Role>( groups.size() ); |
| Map<String, Collection<String>> mappedGroups = ldapRoleMapperConfiguration.getLdapGroupMappings(); |
| for ( String group : groups ) |
| { |
| Collection<String> roleNames = mappedGroups.get( group ); |
| if ( roleNames != null ) |
| { |
| for ( String roleName : roleNames ) |
| { |
| Role role = buildRole( roleName ); |
| roles.add( role ); |
| } |
| } |
| else if ( this.ldapRoleMapper.isUseDefaultRoleName() ) |
| { |
| Role role = buildRole( group ); |
| roles.add( role ); |
| |
| |
| } |
| } |
| return roles; |
| |
| } |
| |
| private Role buildRole( String group ) |
| throws RbacManagerException |
| { |
| Role role = null; |
| try |
| { |
| role = this.rbacImpl.getRole( group ); |
| } |
| catch ( RbacObjectNotFoundException e ) |
| { |
| // if it's mapped role to a group it doesn't exist in jdo |
| } |
| role = ( role == null ) ? new RoleImpl( group ) : role; |
| if ( role != null ) |
| { |
| rolesCache.put( role.getName(), role ); |
| |
| } |
| return role; |
| } |
| |
| protected List<String> getRealRoles() |
| throws RbacManagerException |
| { |
| List<Role> roles = this.rbacImpl.getAllRoles(); |
| List<String> roleNames = new ArrayList<String>( roles.size() ); |
| for ( Role role : roles ) |
| { |
| roleNames.add( role.getName() ); |
| } |
| return roleNames; |
| } |
| |
| public Collection<Role> getAssignedRoles( String username ) |
| throws RbacManagerException |
| { |
| |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| |
| try |
| { |
| |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| List<String> roleNames = ldapRoleMapper.getRoles( username, context, getRealRoles() ); |
| |
| if ( roleNames.isEmpty() ) |
| { |
| return Collections.emptyList(); |
| } |
| |
| List<Role> roles = new ArrayList<Role>( roleNames.size() ); |
| |
| for ( String name : roleNames ) |
| { |
| roles.add( this.rbacImpl.getRole( name ) );// new RoleImpl( name ) ); |
| } |
| |
| return roles; |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| } |
| |
| public Collection<Role> getAssignedRoles( UserAssignment userAssignment ) |
| throws RbacManagerException |
| { |
| return getAssignedRoles( userAssignment.getPrincipal() ); |
| } |
| |
| public Map<String, Role> getChildRoles( Role role ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getChildRoles( role ); |
| } |
| |
| public Map<String, Role> getParentRoles( Role role ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getParentRoles( role ); |
| } |
| |
| // |
| // public Collection<Role> getEffectivelyAssignedRoles( String username ) |
| // throws RbacManagerException |
| // { |
| // TODO here !! |
| // return this.rbacImpl.getEffectivelyAssignedRoles( username ); |
| // } |
| |
| //public Collection<Role> getEffectivelyUnassignedRoles( String username ) |
| //throws RbacManagerException |
| //{ |
| // TODO here !! |
| // return this.rbacImpl.getEffectivelyUnassignedRoles( username ); |
| // } |
| |
| |
| public Set<Role> getEffectiveRoles( Role role ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getEffectiveRoles( role ); |
| } |
| |
| public Resource getGlobalResource() |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getGlobalResource(); |
| } |
| |
| public Operation getOperation( String operationName ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getOperation( operationName ); |
| } |
| |
| public Permission getPermission( String permissionName ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getPermission( permissionName ); |
| } |
| |
| public Resource getResource( String resourceIdentifier ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getResource( resourceIdentifier ); |
| } |
| |
| public Role getRole( String roleName ) |
| throws RbacManagerException |
| { |
| |
| Role role = rolesCache.get( roleName ); |
| if ( role != null ) |
| { |
| return role; |
| } |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| //verify it's a ldap group |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| if ( !ldapRoleMapper.hasRole( context, roleName ) ) |
| { |
| return null; |
| } |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| role = this.rbacImpl.getRole( roleName ); |
| role = ( role == null ) ? new RoleImpl( roleName ) : role; |
| |
| rolesCache.put( roleName, role ); |
| |
| return role; |
| } |
| |
| public Map<String, Role> getRoles( Collection<String> roleNames ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.getRoles( roleNames ); |
| } |
| |
| public Collection<Role> getUnassignedRoles( String username ) |
| throws RbacManagerException |
| { |
| LdapConnection ldapConnection = null; |
| |
| DirContext context = null; |
| |
| try |
| { |
| |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| |
| context = ldapConnection.getDirContext(); |
| |
| List<String> allRoles = ldapRoleMapper.getAllRoles( context ); |
| final List<String> userRoles = ldapRoleMapper.getRoles( username, context, getRealRoles() ); |
| |
| List<Role> unassignedRoles = new ArrayList<Role>(); |
| |
| for ( String roleName : allRoles ) |
| { |
| if ( !userRoles.contains( roleName ) ) |
| { |
| unassignedRoles.add( rbacImpl.getRole( roleName ) ); |
| } |
| } |
| return unassignedRoles; |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| } |
| |
| public UserAssignment getUserAssignment( String username ) |
| throws RbacManagerException |
| { |
| UserAssignment ua = userAssignmentsCache.get( username ); |
| if ( ua != null ) |
| { |
| return ua; |
| } |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() ); |
| |
| ua = new UserAssignmentImpl( username, roles ); |
| |
| userAssignmentsCache.put( username, ua ); |
| |
| return ua; |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| |
| //return this.rbacImpl.getUserAssignment( username ); |
| } |
| |
| public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames ) |
| throws RbacManagerException |
| { |
| // TODO from ldap |
| return this.rbacImpl.getUserAssignmentsForRoles( roleNames ); |
| } |
| |
| public boolean operationExists( Operation operation ) |
| { |
| return this.rbacImpl.operationExists( operation ); |
| } |
| |
| public boolean operationExists( String name ) |
| { |
| return this.rbacImpl.operationExists( name ); |
| } |
| |
| public boolean permissionExists( Permission permission ) |
| { |
| return this.rbacImpl.permissionExists( permission ); |
| } |
| |
| public boolean permissionExists( String name ) |
| { |
| return this.rbacImpl.permissionExists( name ); |
| } |
| |
| public void rbacInit( boolean freshdb ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacInit( freshdb ); |
| } |
| } |
| |
| public void rbacPermissionRemoved( Permission permission ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacPermissionRemoved( permission ); |
| } |
| |
| } |
| |
| public void rbacPermissionSaved( Permission permission ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacPermissionSaved( permission ); |
| } |
| |
| } |
| |
| public void rbacRoleRemoved( Role role ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacRoleRemoved( role ); |
| } |
| |
| } |
| |
| public void rbacRoleSaved( Role role ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacRoleSaved( role ); |
| } |
| |
| } |
| |
| public void rbacUserAssignmentRemoved( UserAssignment userAssignment ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentRemoved( userAssignment ); |
| } |
| |
| } |
| |
| public void rbacUserAssignmentSaved( UserAssignment userAssignment ) |
| { |
| if ( rbacImpl instanceof RBACManagerListener ) |
| { |
| ( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentSaved( userAssignment ); |
| } |
| |
| } |
| |
| public void removeListener( RBACManagerListener listener ) |
| { |
| this.rbacImpl.removeListener( listener ); |
| } |
| |
| public void removeOperation( Operation operation ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removeOperation( operation ); |
| } |
| |
| public void removeOperation( String operationName ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removeOperation( operationName ); |
| } |
| |
| public void removePermission( Permission permission ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removePermission( permission ); |
| } |
| |
| public void removePermission( String permissionName ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removePermission( permissionName ); |
| } |
| |
| public void removeResource( Resource resource ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removeResource( resource ); |
| } |
| |
| public void removeResource( String resourceIdentifier ) |
| throws RbacManagerException |
| { |
| this.rbacImpl.removeResource( resourceIdentifier ); |
| } |
| |
| public void removeRole( Role role ) |
| throws RbacManagerException |
| { |
| RBACObjectAssertions.assertValid( role ); |
| |
| if ( role.isPermanent() ) |
| { |
| throw new RbacPermanentException( "Unable to delete permanent role [" + role.getName() + "]" ); |
| } |
| rolesCache.remove( role.getName() ); |
| if ( writableLdap ) |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| ldapRoleMapper.removeRole( role.getName(), context ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| fireRbacRoleRemoved( role ); |
| } |
| } |
| |
| public void removeRole( String roleName ) |
| throws RbacManagerException |
| { |
| if ( roleName == null ) |
| { |
| return; |
| } |
| removeRole( new RoleImpl( roleName ) ); |
| } |
| |
| public void removeUserAssignment( String username ) |
| throws RbacManagerException |
| { |
| // TODO ldap cannot or isWritable ldap ? |
| userAssignmentsCache.remove( username ); |
| this.rbacImpl.removeUserAssignment( username ); |
| } |
| |
| public void removeUserAssignment( UserAssignment userAssignment ) |
| throws RbacManagerException |
| { |
| if ( userAssignment != null ) |
| { |
| userAssignmentsCache.remove( userAssignment.getPrincipal() ); |
| } |
| // TODO ldap cannot or isWritable ldap ? |
| this.rbacImpl.removeUserAssignment( userAssignment ); |
| } |
| |
| public boolean resourceExists( Resource resource ) |
| { |
| return this.rbacImpl.resourceExists( resource ); |
| } |
| |
| public boolean resourceExists( String identifier ) |
| { |
| return this.rbacImpl.resourceExists( identifier ); |
| } |
| |
| @Override |
| public boolean roleExists( Role role ) |
| throws RbacManagerException |
| { |
| if ( role == null ) |
| { |
| return false; |
| } |
| return roleExists( role.getName() ); |
| } |
| |
| @Override |
| public boolean roleExists( String name ) |
| throws RbacManagerException |
| { |
| if ( StringUtils.isEmpty( name ) ) |
| { |
| return false; |
| } |
| if ( rolesCache.get( name ) != null ) |
| { |
| return true; |
| } |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| if ( rolesCache.hasKey( name ) ) |
| { |
| return true; |
| } |
| return ldapRoleMapper.hasRole( context, name ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| } |
| |
| public Operation saveOperation( Operation operation ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.saveOperation( operation ); |
| } |
| |
| public Permission savePermission( Permission permission ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.savePermission( permission ); |
| } |
| |
| public Resource saveResource( Resource resource ) |
| throws RbacManagerException |
| { |
| return this.rbacImpl.saveResource( resource ); |
| } |
| |
| public synchronized Role saveRole( Role role ) |
| throws RbacManagerException |
| { |
| if ( writableLdap ) |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| ldapRoleMapper.saveRole( role.getName(), context ); |
| |
| if ( !role.getChildRoleNames().isEmpty() ) |
| { |
| for ( String roleName : role.getChildRoleNames() ) |
| { |
| ldapRoleMapper.saveRole( roleName, context ); |
| } |
| } |
| fireRbacRoleSaved( role ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| } |
| role = this.rbacImpl.saveRole( role ); |
| rolesCache.put( role.getName(), role ); |
| |
| return role; |
| //return new RoleImpl( role.getName(), role.getPermissions() ); |
| } |
| |
| public synchronized void saveRoles( Collection<Role> roles ) |
| throws RbacManagerException |
| { |
| if ( writableLdap ) |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| for ( Role role : roles ) |
| { |
| ldapRoleMapper.saveRole( role.getName(), context ); |
| fireRbacRoleSaved( role ); |
| } |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| } |
| this.rbacImpl.saveRoles( roles ); |
| |
| } |
| |
| public UserAssignment saveUserAssignment( UserAssignment userAssignment ) |
| throws RbacManagerException |
| { |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| if ( !userManager.userExists( userAssignment.getPrincipal() ) ) |
| { |
| User user = userManager.createUser( userAssignment.getPrincipal(), null, null ); |
| userManager.addUser( user ); |
| } |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| List<String> allRoles = ldapRoleMapper.getAllRoles( context ); |
| |
| List<String> currentUserRoles = |
| ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() ); |
| |
| for ( String role : userAssignment.getRoleNames() ) |
| { |
| if ( !currentUserRoles.contains( role ) && writableLdap ) |
| { |
| // role exists in ldap ? |
| if ( !allRoles.contains( role ) ) |
| { |
| ldapRoleMapper.saveRole( role, context ); |
| allRoles.add( role ); |
| } |
| ldapRoleMapper.saveUserRole( role, userAssignment.getPrincipal(), context ); |
| currentUserRoles.add( role ); |
| } |
| } |
| |
| for ( String role : currentUserRoles ) |
| { |
| if ( !userAssignment.getRoleNames().contains( role ) && writableLdap ) |
| { |
| ldapRoleMapper.removeUserRole( role, userAssignment.getPrincipal(), context ); |
| } |
| } |
| |
| userAssignmentsCache.put( userAssignment.getPrincipal(), userAssignment ); |
| return userAssignment; |
| } |
| catch ( UserManagerException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( MappingException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| catch ( LdapException e ) |
| { |
| throw new RbacManagerException( e.getMessage(), e ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| } |
| |
| public boolean userAssignmentExists( String principal ) |
| { |
| if ( userAssignmentsCache.hasKey( principal ) ) |
| { |
| return true; |
| } |
| LdapConnection ldapConnection = null; |
| DirContext context = null; |
| try |
| { |
| ldapConnection = ldapConnectionFactory.getConnection(); |
| context = ldapConnection.getDirContext(); |
| List<String> roles = ldapRoleMapper.getRoles( principal, context, getRealRoles() ); |
| if ( roles == null || roles.isEmpty() ) |
| { |
| return false; |
| } |
| return true; |
| } |
| catch ( RbacManagerException e ) |
| { |
| log.warn( "fail to call userAssignmentExists: {}", e.getMessage() ); |
| } |
| catch ( LdapException e ) |
| { |
| log.warn( "fail to call userAssignmentExists: {}", e.getMessage() ); |
| } |
| catch ( MappingException e ) |
| { |
| log.warn( "fail to call userAssignmentExists: {}", e.getMessage() ); |
| } |
| finally |
| { |
| closeContext( context ); |
| closeLdapConnection( ldapConnection ); |
| } |
| return false; |
| } |
| |
| public boolean userAssignmentExists( UserAssignment assignment ) |
| { |
| if ( assignment == null ) |
| { |
| return false; |
| } |
| return this.userAssignmentExists( assignment.getPrincipal() ); |
| } |
| |
| public RBACManager getRbacImpl() |
| { |
| return rbacImpl; |
| } |
| |
| public void setRbacImpl( RBACManager rbacImpl ) |
| { |
| this.rbacImpl = rbacImpl; |
| } |
| |
| public boolean isWritableLdap() |
| { |
| return writableLdap; |
| } |
| |
| public void setWritableLdap( boolean writableLdap ) |
| { |
| this.writableLdap = writableLdap; |
| } |
| |
| public LdapRoleMapper getLdapRoleMapper() |
| { |
| return ldapRoleMapper; |
| } |
| |
| public void setLdapRoleMapper( LdapRoleMapper ldapRoleMapper ) |
| { |
| this.ldapRoleMapper = ldapRoleMapper; |
| } |
| |
| private static class RoleImpl |
| extends AbstractRole |
| { |
| private String name; |
| |
| private String description; |
| |
| private List<Permission> permissions = new ArrayList<Permission>(); |
| |
| private List<String> childRoleNames = new ArrayList<String>(); |
| |
| private RoleImpl( String name ) |
| { |
| this.name = name; |
| } |
| |
| private RoleImpl( String name, List<Permission> permissions ) |
| { |
| this.name = name; |
| this.permissions = permissions; |
| } |
| |
| public void addPermission( Permission permission ) |
| { |
| this.permissions.add( permission ); |
| } |
| |
| public void addChildRoleName( String name ) |
| { |
| this.childRoleNames.add( name ); |
| } |
| |
| public List<String> getChildRoleNames() |
| { |
| return this.childRoleNames; |
| } |
| |
| public String getDescription() |
| { |
| return this.description; |
| } |
| |
| public String getName() |
| { |
| return this.name; |
| } |
| |
| public List<Permission> getPermissions() |
| { |
| return this.permissions; |
| } |
| |
| public boolean isAssignable() |
| { |
| return true; |
| } |
| |
| public void removePermission( Permission permission ) |
| { |
| this.permissions.remove( permission ); |
| } |
| |
| public void setAssignable( boolean assignable ) |
| { |
| // no op |
| } |
| |
| public void setChildRoleNames( List<String> names ) |
| { |
| this.childRoleNames = names; |
| } |
| |
| public void setDescription( String description ) |
| { |
| this.description = description; |
| } |
| |
| public void setName( String name ) |
| { |
| this.name = name; |
| } |
| |
| public void setPermissions( List<Permission> permissions ) |
| { |
| this.permissions = permissions; |
| } |
| |
| public boolean isPermanent() |
| { |
| return true; |
| } |
| |
| public void setPermanent( boolean permanent ) |
| { |
| // no op |
| } |
| |
| @Override |
| public String toString() |
| { |
| final StringBuilder sb = new StringBuilder(); |
| sb.append( "RoleImpl" ); |
| sb.append( "{name='" ).append( name ).append( '\'' ); |
| sb.append( '}' ); |
| return sb.toString(); |
| } |
| |
| @Override |
| public boolean equals( Object o ) |
| { |
| if ( this == o ) |
| { |
| return true; |
| } |
| if ( o == null || getClass() != o.getClass() ) |
| { |
| return false; |
| } |
| |
| RoleImpl role = (RoleImpl) o; |
| |
| if ( name != null ? !name.equals( role.name ) : role.name != null ) |
| { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| @Override |
| public int hashCode() |
| { |
| return name != null ? name.hashCode() : 0; |
| } |
| } |
| |
| private static class UserAssignmentImpl |
| implements UserAssignment |
| { |
| private String username; |
| |
| private List<String> roleNames; |
| |
| private boolean permanent; |
| |
| private UserAssignmentImpl( String username, Collection<String> roleNames ) |
| { |
| this.username = username; |
| |
| if ( roleNames == null ) |
| { |
| this.roleNames = new ArrayList<String>(); |
| } |
| else |
| { |
| this.roleNames = new ArrayList<String>( roleNames ); |
| } |
| } |
| |
| public String getPrincipal() |
| { |
| return this.username; |
| } |
| |
| public List<String> getRoleNames() |
| { |
| return this.roleNames; |
| } |
| |
| public void addRoleName( Role role ) |
| { |
| if ( role == null ) |
| { |
| return; |
| } |
| this.roleNames.add( role.getName() ); |
| } |
| |
| public void addRoleName( String roleName ) |
| { |
| if ( roleName == null ) |
| { |
| return; |
| } |
| this.roleNames.add( roleName ); |
| } |
| |
| public void removeRoleName( Role role ) |
| { |
| if ( role == null ) |
| { |
| return; |
| } |
| this.roleNames.remove( role.getName() ); |
| } |
| |
| public void removeRoleName( String roleName ) |
| { |
| if ( roleName == null ) |
| { |
| return; |
| } |
| this.roleNames.remove( roleName ); |
| } |
| |
| public void setPrincipal( String principal ) |
| { |
| this.username = principal; |
| } |
| |
| public void setRoleNames( List<String> roles ) |
| { |
| this.roleNames = roles; |
| } |
| |
| public boolean isPermanent() |
| { |
| return this.permanent; |
| } |
| |
| public void setPermanent( boolean permanent ) |
| { |
| this.permanent = permanent; |
| } |
| |
| @Override |
| public String toString() |
| { |
| final StringBuilder sb = new StringBuilder(); |
| sb.append( "UserAssignmentImpl" ); |
| sb.append( "{username='" ).append( username ).append( '\'' ); |
| sb.append( ", roleNames=" ).append( roleNames ); |
| sb.append( ", permanent=" ).append( permanent ); |
| sb.append( '}' ); |
| return sb.toString(); |
| } |
| } |
| |
| |
| @Override |
| public boolean isFinalImplementation() |
| { |
| return true; |
| } |
| |
| public String getDescriptionKey() |
| { |
| return "archiva.redback.rbacmanager.ldap"; |
| } |
| |
| public boolean isReadOnly() |
| { |
| return !writableLdap; |
| } |
| } |