src/main/java/org/apache/directory/fortress/core/impl/GroupP.java - directory-fortress-core - Git at Google

 /*
  *   Licensed to the Apache Software Foundation (ASF) under one
  *   or more contributor license agreements.  See the NOTICE file
  *   distributed with this work for additional information
  *   regarding copyright ownership.  The ASF licenses this file
  *   to you under the Apache License, Version 2.0 (the
  *   "License"); you may not use this file except in compliance
  *   with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *   Unless required by applicable law or agreed to in writing,
  *   software distributed under the License is distributed on an
  *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *   KIND, either express or implied.  See the License for the
  *   specific language governing permissions and limitations
  *   under the License.
  *
  */
 package org.apache.directory.fortress.core.impl;


 import java.util.ArrayList;
 import java.util.List;

 import org.apache.commons.collections.CollectionUtils;
 import org.apache.directory.api.util.Strings;
 import org.apache.directory.fortress.core.GlobalErrIds;
 import org.apache.directory.fortress.core.GlobalIds;
 import org.apache.directory.fortress.core.SecurityException;
 import org.apache.directory.fortress.core.ValidationException;
 import org.apache.directory.fortress.core.model.*;
 import org.apache.directory.fortress.core.model.ConstraintUtil;
 import org.apache.directory.fortress.core.util.VUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;


 /**
  * Process module for the group node of Fortress directory structure.
  * This class is thread safe.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 final class GroupP
 {
     private static final String CLS_NM = GroupP.class.getName();
     private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
     private GroupDAO gDao = new GroupDAO();

     /**
      * Add a group node to the Directory Information Tree (DIT).
      *
      * @param group contains the group entity for target node.
      * @throws org.apache.directory.fortress.core.SecurityException
      *          in event of validation or system error.
      */
     Group add( Group group ) throws SecurityException
     {
         validate( group );

         Group outGroup = gDao.create(group);
         fillRoles(outGroup);
         return outGroup;
     }


     /**
      * Modify a group node within the Directory Information Tree (DIT).
      *
      * @param group contains the group entity for target node.
      * @throws org.apache.directory.fortress.core.SecurityException
      *          in event of validation or system error.
      */
     Group update( Group group ) throws SecurityException
     {
         validate( group );

         return gDao.update( group );
     }


     /**
      * Remove the group node.
      *
      * @param group contains the group entity for target node.
      * @throws SecurityException in event of validation or system error.
      */
     Group delete( Group group ) throws SecurityException
     {
         return gDao.remove( group );
     }


     /**
      * Add a new property to an existing Group
      *
      * @param group
      * @param key
      * @param value
      * @return
      * @throws org.apache.directory.fortress.core.SecurityException
      *
      */
     Group add( Group group, String key, String value ) throws SecurityException
     {
         return gDao.add( group, key, value );
     }


     /**
      * Remove an existing property value from an existing Group
      *
      * @param group
      * @param key
      * @param value
      * @return
      * @throws org.apache.directory.fortress.core.SecurityException
      *
      */
     Group delete( Group group, String key, String value ) throws SecurityException
     {
         return gDao.delete( group, key, value );
     }


     /**
      * Method will add the "member" attribute on LDAP entry which represents a Group assignment.
      *
      * @param entity contains the group name targeted.
      * @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
      * @return Group containing copy of input data.
      * @throws SecurityException in the event of data validation or DAO system error.
      */
     Group assign( Group entity, String userDn ) throws SecurityException
     {
         Group group = read( entity );
         group.setContextId( entity.getContextId() );

         return gDao.assign( group, userDn );
     }


     /**
      * Method will remove the "member" attribute on LDAP entry which represents a Group assignment.
      *
      * @param entity contains the role name targeted.
      * @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
      * @return Role containing copy of input data.
      * @throws SecurityException in the event of data validation or DAO system error.
      */
     Group deassign( Group entity, String userDn ) throws SecurityException
     {
         Group group = read( entity );
         group.setContextId( entity.getContextId() );

         return gDao.deassign( group, userDn );
     }


     /**
      * Return a fully populated Group entity for a given name.  If matching record not found a
      * SecurityException will be thrown.
      *
      * @param group contains full group name for entry in directory.
      * @return Group entity containing all attributes associated.
      * @throws SecurityException in the event not found or DAO search error.
      */
     Group read( Group group ) throws SecurityException
     {
         Group outGroup = gDao.get(group);
         outGroup.setContextId( group.getContextId() );
         fillRoles(outGroup);
         return outGroup;
     }


     /**
      * Takes a search string that contains full or partial Group name in directory.
      *
      * @param group contains full or partial name.
      * @return List of type Group containing fully populated matching entities.  If no records found this will be empty.
      * @throws SecurityException in the event of DAO search error.
      */
     List<Group> search( Group group ) throws SecurityException
     {
         return gDao.find( group );
     }


     /**
      * Takes a search string that contains full or partial Group name in directory.
      *
      * @param user contains full dn for existing user.
      * @return List of type Group containing fully populated matching entities.  If no records found this will be empty.
      * @throws SecurityException in the event of DAO search error.
      */
     List<Group> search( User user ) throws SecurityException
     {
         return gDao.find( user );
     }

     /**
      * Takes a search string that contains full or partial Role name in directory.
      *
      * @param role contains full dn name of role
      * @return List of type Group containing fully populated matching entities.  If no records found this will be empty.
      * @throws SecurityException in the event of DAO search error.
      */
     List<Group> roleGroups( Role role ) throws SecurityException
     {
         return gDao.roleGroups( role );
     }

     /**
      * Return a list of group Roles for a given Group name.  If matching record not found a
      * SecurityException will be thrown.
      *
      * @param group contains full group name for entry in directory.
      * @return Group entity containing all attributes associated.
      * @throws SecurityException in the event not found or DAO search error.
      */
     List<UserRole> groupRoles( Group group ) throws SecurityException
     {
         Group outGroup = read(group);
         fillRoles( outGroup );
         return outGroup.getRoles();
     }


     /**
      * Creates a Session using given Group and its members, if Group type is ROLE
      * @param group a group to create Session for
      * @return Session object
      * @throws SecurityException
      */
     Session createSession( Group group ) throws SecurityException
     {
         // Create the impl session without authentication of password.
         Session session = createSessionTrusted( group );

         // Did the caller pass in a set of roles for selective activation?
         if ( CollectionUtils.isNotEmpty( group.getMembers() ) )
         {
             // Process selective activation of user's RBAC roles into session:
             List<String> availableRoles = session.getGroup().getMembers();
             availableRoles.retainAll( group.getMembers() );
         }
         // Fill aux field 'roles' with Role entities
         fillRoles( session.getGroup() );

         // Check role temporal constraints + activate roles:
         VUtil.getInstance().validateConstraints( session, VUtil.ConstraintType.ROLE, true );
         return session;
     }


     private Session createSessionTrusted( Group inGroup) throws SecurityException
     {
         Group group = read( inGroup );
         group.setContextId( inGroup.getContextId() );

         if ( group.getType() != Group.Type.ROLE )
         {
             String info = "createSession failed for Group ["
                     + group.getName() + "], group must be of type ROLE.";

             throw new ValidationException( GlobalErrIds.GROUP_TYPE_INVLD, info );
         }

         Session session = new Session(group);
         // Set this flag to false because group was not authenticated.
         session.setAuthenticated( false );
         return session;
     }


     /**
      * Populates the auxiliary field 'roles' in given group object with
      * {@link UserRole} data
      * @param group a group object to populate
      * @throws SecurityException thrown in the event the attribute is null.
      */
     private void fillRoles( Group group ) throws SecurityException {
         if ( Group.Type.ROLE.equals( group.getType() ) )
         {
             RoleP rp = new RoleP();
             List<UserRole> uRoles = new ArrayList<>();
             List<Role> roles = rp.search( group );
             for ( Role inRole : roles )
             {
                 UserRole ure = new UserRole( group.getName(), inRole.getName(), true );
                 ConstraintUtil.validateOrCopy( inRole, ure );
                 uRoles.add( ure );
             }
             group.setRoles( uRoles );
         }
     }


 /*
     private void fillRoles( Group group ) throws SecurityException {
         if ( Group.Type.ROLE.equals( group.getType() ) )
         {
             RoleP rp = new RoleP();
             List<UserRole> roles = new ArrayList<>();
             List<String> members = group.getMembers();
             for ( String roleDn : members )
             {
                 String roleRdn = roleDn;
                 if ( group.isMemberDn() )
                 {
                     String[] parts = roleDn.split( "," );
                     if (parts.length > 0)
                     {
                         roleRdn = parts[ 0 ];
                     }
                     roleRdn = roleRdn.replaceFirst( "cn=", "" ); // remove 'cn='
                 }
                 Role inRole = new Role( roleRdn );
                 inRole.setContextId( group.getContextId() );
                 Role role = rp.read( inRole );

                 UserRole ure = new UserRole( group.getName(), roleRdn, true );
                 ConstraintUtil.validateOrCopy( role, ure );
                 roles.add( ure );
             }
             group.setRoles( roles );
         }
     }


 */
     /**
      * Method will perform simple validations to ensure the integrity of the {@link Group} entity targeted for insertion
      * or deletion in directory.
      *
      * @param entity contains the enum type to validate
      * @throws org.apache.directory.fortress.core.SecurityException
      *          thrown in the event the attribute is null.
      */
     private void validate( Group entity ) throws SecurityException
     {
         if ( Strings.isEmpty( entity.getName() ) )
         {
             String error = "validate name validation failed, null or empty value";
             LOG.warn( error );
             throw new ValidationException( GlobalErrIds.GROUP_NAME_NULL, error );
         }

         if ( entity.getName().length() > GlobalIds.OU_LEN )
         {
             String name = entity.getName();
             String error = "validate name [" + name + "] invalid length [" + entity.getName().length() + "]";
             LOG.warn( error );
             throw new ValidationException( GlobalErrIds.GROUP_NAME_INVLD, error );
         }

         if ( entity.getProtocol().length() > GlobalIds.OU_LEN )
         {
             String error = "validate protocol [" + entity.getProtocol() + "] invalid length [" + entity.getProtocol()
                 .length() + "]";
             LOG.warn( error );
             throw new ValidationException( GlobalErrIds.GROUP_PROTOCOL_INVLD, error );
         }

         if ( !Strings.isEmpty( entity.getDescription() ) )
         {
             VUtil.description( entity.getDescription() );
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*
	*/
	package org.apache.directory.fortress.core.impl;


	import java.util.ArrayList;
	import java.util.List;

	import org.apache.commons.collections.CollectionUtils;
	import org.apache.directory.api.util.Strings;
	import org.apache.directory.fortress.core.GlobalErrIds;
	import org.apache.directory.fortress.core.GlobalIds;
	import org.apache.directory.fortress.core.SecurityException;
	import org.apache.directory.fortress.core.ValidationException;
	import org.apache.directory.fortress.core.model.*;
	import org.apache.directory.fortress.core.model.ConstraintUtil;
	import org.apache.directory.fortress.core.util.VUtil;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;


	/**
	* Process module for the group node of Fortress directory structure.
	* This class is thread safe.
	*
	* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
	*/
	final class GroupP
	{
	private static final String CLS_NM = GroupP.class.getName();
	private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
	private GroupDAO gDao = new GroupDAO();

	/**
	* Add a group node to the Directory Information Tree (DIT).
	*
	* @param group contains the group entity for target node.
	* @throws org.apache.directory.fortress.core.SecurityException
	* in event of validation or system error.
	*/
	Group add( Group group ) throws SecurityException
	{
	validate( group );

	Group outGroup = gDao.create(group);
	fillRoles(outGroup);
	return outGroup;
	}


	/**
	* Modify a group node within the Directory Information Tree (DIT).
	*
	* @param group contains the group entity for target node.
	* @throws org.apache.directory.fortress.core.SecurityException
	* in event of validation or system error.
	*/
	Group update( Group group ) throws SecurityException
	{
	validate( group );

	return gDao.update( group );
	}


	/**
	* Remove the group node.
	*
	* @param group contains the group entity for target node.
	* @throws SecurityException in event of validation or system error.
	*/
	Group delete( Group group ) throws SecurityException
	{
	return gDao.remove( group );
	}


	/**
	* Add a new property to an existing Group
	*
	* @param group
	* @param key
	* @param value
	* @return
	* @throws org.apache.directory.fortress.core.SecurityException
	*
	*/
	Group add( Group group, String key, String value ) throws SecurityException
	{
	return gDao.add( group, key, value );
	}


	/**
	* Remove an existing property value from an existing Group
	*
	* @param group
	* @param key
	* @param value
	* @return
	* @throws org.apache.directory.fortress.core.SecurityException
	*
	*/
	Group delete( Group group, String key, String value ) throws SecurityException
	{
	return gDao.delete( group, key, value );
	}


	/**
	* Method will add the "member" attribute on LDAP entry which represents a Group assignment.
	*
	* @param entity contains the group name targeted.
	* @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
	* @return Group containing copy of input data.
	* @throws SecurityException in the event of data validation or DAO system error.
	*/
	Group assign( Group entity, String userDn ) throws SecurityException
	{
	Group group = read( entity );
	group.setContextId( entity.getContextId() );

	return gDao.assign( group, userDn );
	}


	/**
	* Method will remove the "member" attribute on LDAP entry which represents a Group assignment.
	*
	* @param entity contains the role name targeted.
	* @param userDn String contains the dn for the user entry that is being assigned the RBAC Role.
	* @return Role containing copy of input data.
	* @throws SecurityException in the event of data validation or DAO system error.
	*/
	Group deassign( Group entity, String userDn ) throws SecurityException
	{
	Group group = read( entity );
	group.setContextId( entity.getContextId() );

	return gDao.deassign( group, userDn );
	}


	/**
	* Return a fully populated Group entity for a given name. If matching record not found a
	* SecurityException will be thrown.
	*
	* @param group contains full group name for entry in directory.
	* @return Group entity containing all attributes associated.
	* @throws SecurityException in the event not found or DAO search error.
	*/
	Group read( Group group ) throws SecurityException
	{
	Group outGroup = gDao.get(group);
	outGroup.setContextId( group.getContextId() );
	fillRoles(outGroup);
	return outGroup;
	}


	/**
	* Takes a search string that contains full or partial Group name in directory.
	*
	* @param group contains full or partial name.
	* @return List of type Group containing fully populated matching entities. If no records found this will be empty.
	* @throws SecurityException in the event of DAO search error.
	*/
	List<Group> search( Group group ) throws SecurityException
	{
	return gDao.find( group );
	}


	/**
	* Takes a search string that contains full or partial Group name in directory.
	*
	* @param user contains full dn for existing user.
	* @return List of type Group containing fully populated matching entities. If no records found this will be empty.
	* @throws SecurityException in the event of DAO search error.
	*/
	List<Group> search( User user ) throws SecurityException
	{
	return gDao.find( user );
	}

	/**
	* Takes a search string that contains full or partial Role name in directory.
	*
	* @param role contains full dn name of role
	* @return List of type Group containing fully populated matching entities. If no records found this will be empty.
	* @throws SecurityException in the event of DAO search error.
	*/
	List<Group> roleGroups( Role role ) throws SecurityException
	{
	return gDao.roleGroups( role );
	}

	/**
	* Return a list of group Roles for a given Group name. If matching record not found a
	* SecurityException will be thrown.
	*
	* @param group contains full group name for entry in directory.
	* @return Group entity containing all attributes associated.
	* @throws SecurityException in the event not found or DAO search error.
	*/
	List<UserRole> groupRoles( Group group ) throws SecurityException
	{
	Group outGroup = read(group);
	fillRoles( outGroup );
	return outGroup.getRoles();
	}


	/**
	* Creates a Session using given Group and its members, if Group type is ROLE
	* @param group a group to create Session for
	* @return Session object
	* @throws SecurityException
	*/
	Session createSession( Group group ) throws SecurityException
	{
	// Create the impl session without authentication of password.
	Session session = createSessionTrusted( group );

	// Did the caller pass in a set of roles for selective activation?
	if ( CollectionUtils.isNotEmpty( group.getMembers() ) )
	{
	// Process selective activation of user's RBAC roles into session:
	List<String> availableRoles = session.getGroup().getMembers();
	availableRoles.retainAll( group.getMembers() );
	}
	// Fill aux field 'roles' with Role entities
	fillRoles( session.getGroup() );

	// Check role temporal constraints + activate roles:
	VUtil.getInstance().validateConstraints( session, VUtil.ConstraintType.ROLE, true );
	return session;
	}


	private Session createSessionTrusted( Group inGroup) throws SecurityException
	{
	Group group = read( inGroup );
	group.setContextId( inGroup.getContextId() );

	if ( group.getType() != Group.Type.ROLE )
	{
	String info = "createSession failed for Group ["
	+ group.getName() + "], group must be of type ROLE.";

	throw new ValidationException( GlobalErrIds.GROUP_TYPE_INVLD, info );
	}

	Session session = new Session(group);
	// Set this flag to false because group was not authenticated.
	session.setAuthenticated( false );
	return session;
	}


	/**
	* Populates the auxiliary field 'roles' in given group object with
	* {@link UserRole} data
	* @param group a group object to populate
	* @throws SecurityException thrown in the event the attribute is null.
	*/
	private void fillRoles( Group group ) throws SecurityException {
	if ( Group.Type.ROLE.equals( group.getType() ) )
	{
	RoleP rp = new RoleP();
	List<UserRole> uRoles = new ArrayList<>();
	List<Role> roles = rp.search( group );
	for ( Role inRole : roles )
	{
	UserRole ure = new UserRole( group.getName(), inRole.getName(), true );
	ConstraintUtil.validateOrCopy( inRole, ure );
	uRoles.add( ure );
	}
	group.setRoles( uRoles );
	}
	}


	/*
	private void fillRoles( Group group ) throws SecurityException {
	if ( Group.Type.ROLE.equals( group.getType() ) )
	{
	RoleP rp = new RoleP();
	List<UserRole> roles = new ArrayList<>();
	List<String> members = group.getMembers();
	for ( String roleDn : members )
	{
	String roleRdn = roleDn;
	if ( group.isMemberDn() )
	{
	String[] parts = roleDn.split( "," );
	if (parts.length > 0)
	{
	roleRdn = parts[ 0 ];
	}
	roleRdn = roleRdn.replaceFirst( "cn=", "" ); // remove 'cn='
	}
	Role inRole = new Role( roleRdn );
	inRole.setContextId( group.getContextId() );
	Role role = rp.read( inRole );

	UserRole ure = new UserRole( group.getName(), roleRdn, true );
	ConstraintUtil.validateOrCopy( role, ure );
	roles.add( ure );
	}
	group.setRoles( roles );
	}
	}


	*/
	/**
	* Method will perform simple validations to ensure the integrity of the {@link Group} entity targeted for insertion
	* or deletion in directory.
	*
	* @param entity contains the enum type to validate
	* @throws org.apache.directory.fortress.core.SecurityException
	* thrown in the event the attribute is null.
	*/
	private void validate( Group entity ) throws SecurityException
	{
	if ( Strings.isEmpty( entity.getName() ) )
	{
	String error = "validate name validation failed, null or empty value";
	LOG.warn( error );
	throw new ValidationException( GlobalErrIds.GROUP_NAME_NULL, error );
	}

	if ( entity.getName().length() > GlobalIds.OU_LEN )
	{
	String name = entity.getName();
	String error = "validate name [" + name + "] invalid length [" + entity.getName().length() + "]";
	LOG.warn( error );
	throw new ValidationException( GlobalErrIds.GROUP_NAME_INVLD, error );
	}

	if ( entity.getProtocol().length() > GlobalIds.OU_LEN )
	{
	String error = "validate protocol [" + entity.getProtocol() + "] invalid length [" + entity.getProtocol()
	.length() + "]";
	LOG.warn( error );
	throw new ValidationException( GlobalErrIds.GROUP_PROTOCOL_INVLD, error );
	}

	if ( !Strings.isEmpty( entity.getDescription() ) )
	{
	VUtil.description( entity.getDescription() );
	}
	}
	}