Google Git
Sign in
apache / archiva-redback-core / f012c5608a510acb9844ad4711d1588fe55593f0 / . / redback-rbac / redback-rbac-providers / redback-rbac-ldap / src / main / java / org / apache / archiva / redback / rbac / ldap / LdapRbacManager.java
blob: aefb8295d8665704284cd72a41eb8669e4d9d7f9 [file] [log] [blame]
package org.apache.archiva.redback.rbac.ldap;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import org.apache.archiva.redback.common.ldap.MappingException;
import org.apache.archiva.redback.common.ldap.connection.LdapConnection;
import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
import org.apache.archiva.redback.common.ldap.connection.LdapException;
import org.apache.archiva.redback.common.ldap.role.LdapRoleMapper;
import org.apache.archiva.redback.common.ldap.role.LdapRoleMapperConfiguration;
import org.apache.archiva.redback.components.cache.Cache;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.configuration.UserConfigurationKeys;
import org.apache.archiva.redback.rbac.AbstractRBACManager;
import org.apache.archiva.redback.rbac.AbstractRole;
import org.apache.archiva.redback.rbac.Operation;
import org.apache.archiva.redback.rbac.Permission;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RBACManagerListener;
import org.apache.archiva.redback.rbac.RBACObjectAssertions;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
import org.apache.archiva.redback.rbac.RbacPermanentException;
import org.apache.archiva.redback.rbac.Resource;
import org.apache.archiva.redback.rbac.Role;
import org.apache.archiva.redback.rbac.UserAssignment;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.ldap.ctl.LdapController;
import org.apache.archiva.redback.users.ldap.ctl.LdapControllerException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* LdapRbacManager will read datas from ldap for mapping groups to role.
* Write operations will delegate to cached implementation.
*
* @author Olivier Lamy
*/
@Service("rbacManager#ldap")
public class LdapRbacManager
extends AbstractRBACManager
implements RBACManager, RBACManagerListener
{
private Logger log = LoggerFactory.getLogger( getClass() );
@Inject
@Named(value = "rbacManager#cached")
private RBACManager rbacImpl;
@Inject
@Named(value = "ldapRoleMapper#default")
private LdapRoleMapper ldapRoleMapper;
@Inject
@Named(value = "userConfiguration#default")
private UserConfiguration userConf;
@Inject
@Named(value = "userManager#ldap")
private UserManager userManager;
@Inject
private LdapConnectionFactory ldapConnectionFactory;
@Inject
private LdapController ldapController;
@Inject
@Named(value = "ldapRoleMapperConfiguration#default")
private LdapRoleMapperConfiguration ldapRoleMapperConfiguration;
@Inject
@Named(value = "cache#ldapRoles")
private Cache<String, Role> rolesCache;
@Inject
@Named(value = "cache#userAssignments")
private Cache<String, UserAssignment> userAssignmentsCache;
private boolean writableLdap = false;
@PostConstruct
public void initialize()
{
this.writableLdap = userConf.getBoolean( UserConfigurationKeys.LDAP_WRITABLE, this.writableLdap );
}
public void addChildRole( Role role, Role childRole )
throws RbacObjectInvalidException, RbacManagerException
{
this.rbacImpl.addChildRole( role, childRole );
}
public void addListener( RBACManagerListener listener )
{
super.addListener( listener );
this.rbacImpl.addListener( listener );
}
public Operation createOperation( String name )
throws RbacManagerException
{
return this.rbacImpl.createOperation( name );
}
public Permission createPermission( String name )
throws RbacManagerException
{
return this.rbacImpl.createPermission( name );
}
public Permission createPermission( String name, String operationName, String resourceIdentifier )
throws RbacManagerException
{
return this.rbacImpl.createPermission( name, operationName, resourceIdentifier );
}
public Resource createResource( String identifier )
throws RbacManagerException
{
return this.rbacImpl.createResource( identifier );
}
public Role createRole( String name )
{
return this.rbacImpl.createRole( name );
}
public UserAssignment createUserAssignment( String username )
throws RbacManagerException
{
// TODO ldap cannot or isWritable ldap ?
return this.rbacImpl.createUserAssignment( username );
}
public void eraseDatabase()
{
if ( writableLdap )
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
ldapRoleMapper.removeAllRoles( context );
}
catch ( MappingException e )
{
log.warn( "skip error removing all roles {}", e.getMessage() );
}
catch ( LdapException e )
{
log.warn( "skip error removing all roles {}", e.getMessage() );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
}
this.rolesCache.clear();
this.userAssignmentsCache.clear();
this.rbacImpl.eraseDatabase();
}
/**
* @see org.apache.archiva.redback.rbac.RBACManager#getAllAssignableRoles()
*/
public List<Role> getAllAssignableRoles()
throws RbacManagerException
{
try
{
Collection<Collection<String>> roleNames = ldapRoleMapperConfiguration.getLdapGroupMappings().values();
Set<Role> roles = new HashSet<Role>();
for ( Collection<String> names : roleNames )
{
for ( String name : names )
{
roles.add( new RoleImpl( name ) );
}
}
return new ArrayList<Role>( roles );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
}
public List<Operation> getAllOperations()
throws RbacManagerException
{
return this.rbacImpl.getAllOperations();
}
public List<Permission> getAllPermissions()
throws RbacManagerException
{
return this.rbacImpl.getAllPermissions();
}
public List<Resource> getAllResources()
throws RbacManagerException
{
return this.rbacImpl.getAllResources();
}
public List<Role> getAllRoles()
throws RbacManagerException
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> groups = ldapRoleMapper.getAllGroups( context );
return mapToRoles( groups );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
//return this.rbacImpl.getAllRoles();
}
public List<UserAssignment> getAllUserAssignments()
throws RbacManagerException
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
Map<String, Collection<String>> usersWithRoles = ldapController.findUsersWithRoles( context );
List<UserAssignment> userAssignments = new ArrayList<UserAssignment>( usersWithRoles.size() );
for ( Map.Entry<String, Collection<String>> entry : usersWithRoles.entrySet() )
{
UserAssignment userAssignment = new UserAssignmentImpl( entry.getKey(), entry.getValue() );
userAssignments.add( userAssignment );
userAssignmentsCache.put( userAssignment.getPrincipal(), userAssignment );
}
return userAssignments;
}
catch ( LdapControllerException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
}
protected void closeLdapConnection( LdapConnection ldapConnection )
{
if ( ldapConnection != null )
{
ldapConnection.close();
}
}
protected void closeContext( DirContext context )
{
if ( context != null )
{
try
{
context.close();
}
catch ( NamingException e )
{
log.warn( "skip issue closing context: {}", e.getMessage() );
}
}
}
/**
* public Map<String, List<Permission>> getAssignedPermissionMap( String username )
* throws RbacManagerException
* {
* return this.rbacImpl.getAssignedPermissionMap( username );
* }*
*/
/*public Set<Permission> getAssignedPermissions( String username )
throws RbacObjectNotFoundException, RbacManagerException
{
// TODO here !!
return this.rbacImpl.getAssignedPermissions( username );
}*/
private List<Role> mapToRoles( List<String> groups )
throws MappingException, RbacManagerException
{
if ( groups == null || groups.isEmpty() )
{
return Collections.emptyList();
}
List<Role> roles = new ArrayList<Role>( groups.size() );
Map<String, Collection<String>> mappedGroups = ldapRoleMapperConfiguration.getLdapGroupMappings();
for ( String group : groups )
{
Collection<String> roleNames = mappedGroups.get( group );
if ( roleNames != null )
{
for ( String roleName : roleNames )
{
Role role = buildRole( roleName );
roles.add( role );
}
}
else if ( this.ldapRoleMapper.isUseDefaultRoleName() )
{
Role role = buildRole( group );
roles.add( role );
}
}
return roles;
}
private Role buildRole( String group )
throws RbacManagerException
{
Role role = null;
try
{
role = this.rbacImpl.getRole( group );
}
catch ( RbacObjectNotFoundException e )
{
// if it's mapped role to a group it doesn't exist in jdo
}
role = ( role == null ) ? new RoleImpl( group ) : role;
if ( role != null )
{
rolesCache.put( role.getName(), role );
}
return role;
}
protected List<String> getRealRoles()
throws RbacManagerException
{
List<Role> roles = this.rbacImpl.getAllRoles();
List<String> roleNames = new ArrayList<String>( roles.size() );
for ( Role role : roles )
{
roleNames.add( role.getName() );
}
return roleNames;
}
public Collection<Role> getAssignedRoles( String username )
throws RbacManagerException
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> roleNames = ldapRoleMapper.getRoles( username, context, getRealRoles() );
if ( roleNames.isEmpty() )
{
return Collections.emptyList();
}
List<Role> roles = new ArrayList<Role>( roleNames.size() );
for ( String name : roleNames )
{
roles.add( this.rbacImpl.getRole( name ) );// new RoleImpl( name ) );
}
return roles;
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
}
public Collection<Role> getAssignedRoles( UserAssignment userAssignment )
throws RbacManagerException
{
return getAssignedRoles( userAssignment.getPrincipal() );
}
public Map<String, Role> getChildRoles( Role role )
throws RbacManagerException
{
return this.rbacImpl.getChildRoles( role );
}
public Map<String, Role> getParentRoles( Role role )
throws RbacManagerException
{
return this.rbacImpl.getParentRoles( role );
}
//
// public Collection<Role> getEffectivelyAssignedRoles( String username )
// throws RbacManagerException
// {
// TODO here !!
// return this.rbacImpl.getEffectivelyAssignedRoles( username );
// }
//public Collection<Role> getEffectivelyUnassignedRoles( String username )
//throws RbacManagerException
//{
// TODO here !!
// return this.rbacImpl.getEffectivelyUnassignedRoles( username );
// }
public Set<Role> getEffectiveRoles( Role role )
throws RbacManagerException
{
return this.rbacImpl.getEffectiveRoles( role );
}
public Resource getGlobalResource()
throws RbacManagerException
{
return this.rbacImpl.getGlobalResource();
}
public Operation getOperation( String operationName )
throws RbacManagerException
{
return this.rbacImpl.getOperation( operationName );
}
public Permission getPermission( String permissionName )
throws RbacManagerException
{
return this.rbacImpl.getPermission( permissionName );
}
public Resource getResource( String resourceIdentifier )
throws RbacManagerException
{
return this.rbacImpl.getResource( resourceIdentifier );
}
public Role getRole( String roleName )
throws RbacManagerException
{
Role role = rolesCache.get( roleName );
if ( role != null )
{
return role;
}
LdapConnection ldapConnection = null;
DirContext context = null;
//verify it's a ldap group
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
if ( !ldapRoleMapper.hasRole( context, roleName ) )
{
return null;
}
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
role = this.rbacImpl.getRole( roleName );
role = ( role == null ) ? new RoleImpl( roleName ) : role;
rolesCache.put( roleName, role );
return role;
}
public Map<String, Role> getRoles( Collection<String> roleNames )
throws RbacManagerException
{
return this.rbacImpl.getRoles( roleNames );
}
public Collection<Role> getUnassignedRoles( String username )
throws RbacManagerException
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> allRoles = ldapRoleMapper.getAllRoles( context );
final List<String> userRoles = ldapRoleMapper.getRoles( username, context, getRealRoles() );
List<Role> unassignedRoles = new ArrayList<Role>();
for ( String roleName : allRoles )
{
if ( !userRoles.contains( roleName ) )
{
unassignedRoles.add( rbacImpl.getRole( roleName ) );
}
}
return unassignedRoles;
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
}
public UserAssignment getUserAssignment( String username )
throws RbacManagerException
{
UserAssignment ua = userAssignmentsCache.get( username );
if ( ua != null )
{
return ua;
}
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() );
ua = new UserAssignmentImpl( username, roles );
userAssignmentsCache.put( username, ua );
return ua;
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
//return this.rbacImpl.getUserAssignment( username );
}
public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
throws RbacManagerException
{
// TODO from ldap
return this.rbacImpl.getUserAssignmentsForRoles( roleNames );
}
public boolean operationExists( Operation operation )
{
return this.rbacImpl.operationExists( operation );
}
public boolean operationExists( String name )
{
return this.rbacImpl.operationExists( name );
}
public boolean permissionExists( Permission permission )
{
return this.rbacImpl.permissionExists( permission );
}
public boolean permissionExists( String name )
{
return this.rbacImpl.permissionExists( name );
}
public void rbacInit( boolean freshdb )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacInit( freshdb );
}
}
public void rbacPermissionRemoved( Permission permission )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacPermissionRemoved( permission );
}
}
public void rbacPermissionSaved( Permission permission )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacPermissionSaved( permission );
}
}
public void rbacRoleRemoved( Role role )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacRoleRemoved( role );
}
}
public void rbacRoleSaved( Role role )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacRoleSaved( role );
}
}
public void rbacUserAssignmentRemoved( UserAssignment userAssignment )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentRemoved( userAssignment );
}
}
public void rbacUserAssignmentSaved( UserAssignment userAssignment )
{
if ( rbacImpl instanceof RBACManagerListener )
{
( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentSaved( userAssignment );
}
}
public void removeListener( RBACManagerListener listener )
{
this.rbacImpl.removeListener( listener );
}
public void removeOperation( Operation operation )
throws RbacManagerException
{
this.rbacImpl.removeOperation( operation );
}
public void removeOperation( String operationName )
throws RbacManagerException
{
this.rbacImpl.removeOperation( operationName );
}
public void removePermission( Permission permission )
throws RbacManagerException
{
this.rbacImpl.removePermission( permission );
}
public void removePermission( String permissionName )
throws RbacManagerException
{
this.rbacImpl.removePermission( permissionName );
}
public void removeResource( Resource resource )
throws RbacManagerException
{
this.rbacImpl.removeResource( resource );
}
public void removeResource( String resourceIdentifier )
throws RbacManagerException
{
this.rbacImpl.removeResource( resourceIdentifier );
}
public void removeRole( Role role )
throws RbacManagerException
{
RBACObjectAssertions.assertValid( role );
if ( role.isPermanent() )
{
throw new RbacPermanentException( "Unable to delete permanent role [" + role.getName() + "]" );
}
rolesCache.remove( role.getName() );
if ( writableLdap )
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
ldapRoleMapper.removeRole( role.getName(), context );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
fireRbacRoleRemoved( role );
}
}
public void removeRole( String roleName )
throws RbacManagerException
{
if ( roleName == null )
{
return;
}
removeRole( new RoleImpl( roleName ) );
}
public void removeUserAssignment( String username )
throws RbacManagerException
{
// TODO ldap cannot or isWritable ldap ?
userAssignmentsCache.remove( username );
this.rbacImpl.removeUserAssignment( username );
}
public void removeUserAssignment( UserAssignment userAssignment )
throws RbacManagerException
{
if ( userAssignment != null )
{
userAssignmentsCache.remove( userAssignment.getPrincipal() );
}
// TODO ldap cannot or isWritable ldap ?
this.rbacImpl.removeUserAssignment( userAssignment );
}
public boolean resourceExists( Resource resource )
{
return this.rbacImpl.resourceExists( resource );
}
public boolean resourceExists( String identifier )
{
return this.rbacImpl.resourceExists( identifier );
}
@Override
public boolean roleExists( Role role )
throws RbacManagerException
{
if ( role == null )
{
return false;
}
return roleExists( role.getName() );
}
@Override
public boolean roleExists( String name )
throws RbacManagerException
{
if ( StringUtils.isEmpty( name ) )
{
return false;
}
if ( rolesCache.get( name ) != null )
{
return true;
}
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
if ( rolesCache.hasKey( name ) )
{
return true;
}
return ldapRoleMapper.hasRole( context, name );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
}
public Operation saveOperation( Operation operation )
throws RbacManagerException
{
return this.rbacImpl.saveOperation( operation );
}
public Permission savePermission( Permission permission )
throws RbacManagerException
{
return this.rbacImpl.savePermission( permission );
}
public Resource saveResource( Resource resource )
throws RbacManagerException
{
return this.rbacImpl.saveResource( resource );
}
public synchronized Role saveRole( Role role )
throws RbacManagerException
{
if ( writableLdap )
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
ldapRoleMapper.saveRole( role.getName(), context );
if ( !role.getChildRoleNames().isEmpty() )
{
for ( String roleName : role.getChildRoleNames() )
{
ldapRoleMapper.saveRole( roleName, context );
}
}
fireRbacRoleSaved( role );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
}
role = this.rbacImpl.saveRole( role );
rolesCache.put( role.getName(), role );
return role;
//return new RoleImpl( role.getName(), role.getPermissions() );
}
public synchronized void saveRoles( Collection<Role> roles )
throws RbacManagerException
{
if ( writableLdap )
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
for ( Role role : roles )
{
ldapRoleMapper.saveRole( role.getName(), context );
fireRbacRoleSaved( role );
}
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
}
this.rbacImpl.saveRoles( roles );
}
public UserAssignment saveUserAssignment( UserAssignment userAssignment )
throws RbacManagerException
{
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
if ( !userManager.userExists( userAssignment.getPrincipal() ) )
{
User user = userManager.createUser( userAssignment.getPrincipal(), null, null );
userManager.addUser( user );
}
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> allRoles = ldapRoleMapper.getAllRoles( context );
List<String> currentUserRoles =
ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() );
for ( String role : userAssignment.getRoleNames() )
{
if ( !currentUserRoles.contains( role ) && writableLdap )
{
// role exists in ldap ?
if ( !allRoles.contains( role ) )
{
ldapRoleMapper.saveRole( role, context );
allRoles.add( role );
}
ldapRoleMapper.saveUserRole( role, userAssignment.getPrincipal(), context );
currentUserRoles.add( role );
}
}
for ( String role : currentUserRoles )
{
if ( !userAssignment.getRoleNames().contains( role ) && writableLdap )
{
ldapRoleMapper.removeUserRole( role, userAssignment.getPrincipal(), context );
}
}
userAssignmentsCache.put( userAssignment.getPrincipal(), userAssignment );
return userAssignment;
}
catch ( UserManagerException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( MappingException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
catch ( LdapException e )
{
throw new RbacManagerException( e.getMessage(), e );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
}
public boolean userAssignmentExists( String principal )
{
if ( userAssignmentsCache.hasKey( principal ) )
{
return true;
}
LdapConnection ldapConnection = null;
DirContext context = null;
try
{
ldapConnection = ldapConnectionFactory.getConnection();
context = ldapConnection.getDirContext();
List<String> roles = ldapRoleMapper.getRoles( principal, context, getRealRoles() );
if ( roles == null || roles.isEmpty() )
{
return false;
}
return true;
}
catch ( RbacManagerException e )
{
log.warn( "fail to call userAssignmentExists: {}", e.getMessage() );
}
catch ( LdapException e )
{
log.warn( "fail to call userAssignmentExists: {}", e.getMessage() );
}
catch ( MappingException e )
{
log.warn( "fail to call userAssignmentExists: {}", e.getMessage() );
}
finally
{
closeContext( context );
closeLdapConnection( ldapConnection );
}
return false;
}
public boolean userAssignmentExists( UserAssignment assignment )
{
if ( assignment == null )
{
return false;
}
return this.userAssignmentExists( assignment.getPrincipal() );
}
public RBACManager getRbacImpl()
{
return rbacImpl;
}
public void setRbacImpl( RBACManager rbacImpl )
{
this.rbacImpl = rbacImpl;
}
public boolean isWritableLdap()
{
return writableLdap;
}
public void setWritableLdap( boolean writableLdap )
{
this.writableLdap = writableLdap;
}
public LdapRoleMapper getLdapRoleMapper()
{
return ldapRoleMapper;
}
public void setLdapRoleMapper( LdapRoleMapper ldapRoleMapper )
{
this.ldapRoleMapper = ldapRoleMapper;
}
private static class RoleImpl
extends AbstractRole
{
private String name;
private String description;
private List<Permission> permissions = new ArrayList<Permission>();
private List<String> childRoleNames = new ArrayList<String>();
private RoleImpl( String name )
{
this.name = name;
}
private RoleImpl( String name, List<Permission> permissions )
{
this.name = name;
this.permissions = permissions;
}
public void addPermission( Permission permission )
{
this.permissions.add( permission );
}
public void addChildRoleName( String name )
{
this.childRoleNames.add( name );
}
public List<String> getChildRoleNames()
{
return this.childRoleNames;
}
public String getDescription()
{
return this.description;
}
public String getName()
{
return this.name;
}
public List<Permission> getPermissions()
{
return this.permissions;
}
public boolean isAssignable()
{
return true;
}
public void removePermission( Permission permission )
{
this.permissions.remove( permission );
}
public void setAssignable( boolean assignable )
{
// no op
}
public void setChildRoleNames( List<String> names )
{
this.childRoleNames = names;
}
public void setDescription( String description )
{
this.description = description;
}
public void setName( String name )
{
this.name = name;
}
public void setPermissions( List<Permission> permissions )
{
this.permissions = permissions;
}
public boolean isPermanent()
{
return true;
}
public void setPermanent( boolean permanent )
{
// no op
}
@Override
public String toString()
{
final StringBuilder sb = new StringBuilder();
sb.append( "RoleImpl" );
sb.append( "{name='" ).append( name ).append( '\'' );
sb.append( '}' );
return sb.toString();
}
@Override
public boolean equals( Object o )
{
if ( this == o )
{
return true;
}
if ( o == null || getClass() != o.getClass() )
{
return false;
}
RoleImpl role = (RoleImpl) o;
if ( name != null ? !name.equals( role.name ) : role.name != null )
{
return false;
}
return true;
}
@Override
public int hashCode()
{
return name != null ? name.hashCode() : 0;
}
}
private static class UserAssignmentImpl
implements UserAssignment
{
private String username;
private List<String> roleNames;
private boolean permanent;
private UserAssignmentImpl( String username, Collection<String> roleNames )
{
this.username = username;
if ( roleNames == null )
{
this.roleNames = new ArrayList<String>();
}
else
{
this.roleNames = new ArrayList<String>( roleNames );
}
}
public String getPrincipal()
{
return this.username;
}
public List<String> getRoleNames()
{
return this.roleNames;
}
public void addRoleName( Role role )
{
if ( role == null )
{
return;
}
this.roleNames.add( role.getName() );
}
public void addRoleName( String roleName )
{
if ( roleName == null )
{
return;
}
this.roleNames.add( roleName );
}
public void removeRoleName( Role role )
{
if ( role == null )
{
return;
}
this.roleNames.remove( role.getName() );
}
public void removeRoleName( String roleName )
{
if ( roleName == null )
{
return;
}
this.roleNames.remove( roleName );
}
public void setPrincipal( String principal )
{
this.username = principal;
}
public void setRoleNames( List<String> roles )
{
this.roleNames = roles;
}
public boolean isPermanent()
{
return this.permanent;
}
public void setPermanent( boolean permanent )
{
this.permanent = permanent;
}
@Override
public String toString()
{
final StringBuilder sb = new StringBuilder();
sb.append( "UserAssignmentImpl" );
sb.append( "{username='" ).append( username ).append( '\'' );
sb.append( ", roleNames=" ).append( roleNames );
sb.append( ", permanent=" ).append( permanent );
sb.append( '}' );
return sb.toString();
}
}
@Override
public boolean isFinalImplementation()
{
return true;
}
public String getDescriptionKey()
{
return "archiva.redback.rbacmanager.ldap";
}
public boolean isReadOnly()
{
return !writableLdap;
}
}