| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.fortress.core.impl; |
| |
| |
| import java.util.ArrayList; |
| import java.util.List; |
| |
| import org.apache.commons.collections.CollectionUtils; |
| import org.apache.commons.lang.StringUtils; |
| import org.apache.directory.api.ldap.model.constants.SchemaConstants; |
| import org.apache.directory.api.ldap.model.cursor.CursorException; |
| import org.apache.directory.api.ldap.model.cursor.SearchCursor; |
| import org.apache.directory.api.ldap.model.entry.DefaultEntry; |
| import org.apache.directory.api.ldap.model.entry.DefaultModification; |
| import org.apache.directory.api.ldap.model.entry.Entry; |
| import org.apache.directory.api.ldap.model.entry.Modification; |
| import org.apache.directory.api.ldap.model.entry.ModificationOperation; |
| import org.apache.directory.api.ldap.model.exception.LdapException; |
| import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException; |
| import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException; |
| import org.apache.directory.api.ldap.model.message.SearchScope; |
| import org.apache.directory.fortress.core.CfgException; |
| import org.apache.directory.fortress.core.CreateException; |
| import org.apache.directory.fortress.core.FinderException; |
| import org.apache.directory.fortress.core.GlobalErrIds; |
| import org.apache.directory.fortress.core.GlobalIds; |
| import org.apache.directory.fortress.core.RemoveException; |
| import org.apache.directory.fortress.core.UpdateException; |
| import org.apache.directory.fortress.core.ldap.LdapDataProvider; |
| import org.apache.directory.fortress.core.model.*; |
| import org.apache.directory.fortress.core.util.Config; |
| import org.apache.directory.fortress.core.util.PropUpdater; |
| import org.apache.directory.fortress.core.util.PropUtil; |
| import org.apache.directory.ldap.client.api.LdapConnection; |
| |
| |
| /** |
| * This class perform data access for Fortress Role entity. |
| * <p> |
| * The Fortress Role entity is a composite of the following other Fortress structural and aux object classes: |
| * <h4>1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes</h4> |
| * <ul> |
| * <li> ------------------------------------------ |
| * <li> <code>objectclass ( 1.3.6.1.4.1.38088.2.1</code> |
| * <li> <code>NAME 'ftRls'</code> |
| * <li> <code>DESC 'Fortress Role Object Class'</code> |
| * <li> <code>SUP organizationalrole</code> |
| * <li> <code>STRUCTURAL</code> |
| * <li> <code>MUST ( ftId $ ftRoleName )</code> |
| * <li> <code>MAY ( description $ ftCstr ) )</code> |
| * <li> ------------------------------------------ |
| * </ul> |
| * <h4>2. ftProperties AUXILIARY Object Class is used to store client specific name/value pairs on target entity</h4> |
| * <code># This aux object class can be used to store custom attributes.</code><br> |
| * <code># The properties collections consist of name/value pairs and are not constrainted by Fortress.</code><br> |
| * <ul> |
| * <li> ------------------------------------------ |
| * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.2</code> |
| * <li> <code>NAME 'ftProperties'</code> |
| * <li> <code>DESC 'Fortress Properties AUX Object Class'</code> |
| * <li> <code>AUXILIARY</code> |
| * <li> <code>MAY ( ftProps ) ) </code> |
| * <li> ------------------------------------------ |
| * </ul> |
| * <h4>3. ftMods AUXILIARY Object Class is used to store Fortress audit variables on target entity</h4> |
| * <ul> |
| * <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.4</code> |
| * <li> <code>NAME 'ftMods'</code> |
| * <li> <code>DESC 'Fortress Modifiers AUX Object Class'</code> |
| * <li> <code>AUXILIARY</code> |
| * <li> <code>MAY (</code> |
| * <li> <code>ftModifier $</code> |
| * <li> <code>ftModCode $</code> |
| * <li> <code>ftModId ) )</code> |
| * <li> ------------------------------------------ |
| * </ul> |
| * <p> |
| * This class is thread safe. |
| * |
| * @author Kevin McKinney |
| */ |
| final class RoleDAO extends LdapDataProvider implements PropertyProvider<Role>, PropUpdater |
| { |
| /* |
| * ************************************************************************* |
| * ** ROLE STATICS contain object and attribute definitions for LDAP operations. |
| * ************************************************************************ |
| */ |
| private static final String ROLE_NM = "ftRoleName"; |
| |
| private static final String[] ROLE_NM_ATR = |
| { |
| ROLE_NM |
| }; |
| |
| |
| // rfc2307 decls: |
| private static final String POSIX_GROUP = "posixGroup"; |
| static final boolean IS_RFC2307 = Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ) != null && Config.getInstance().getProperty( GlobalIds.RFC2307_PROP ).equalsIgnoreCase( "true" ) ? true : false; |
| |
| private static final String[] ROLE_ATRS = |
| { |
| GlobalIds.FT_IID, |
| ROLE_NM, |
| SchemaConstants.DESCRIPTION_AT, |
| GlobalIds.CONSTRAINT, |
| SchemaConstants.ROLE_OCCUPANT_AT, |
| GlobalIds.PARENT_NODES, |
| GlobalIds.PROPS, |
| IS_RFC2307 ? GlobalIds.GID_NUMBER : null |
| }; |
| |
| /** |
| * Defines the object class structure used within Fortress Role processing. |
| */ |
| private static String[] ROLE_OBJ_CLASS = IS_RFC2307 ? new String[] |
| { |
| SchemaConstants.TOP_OC, |
| GlobalIds.ROLE_OBJECT_CLASS_NM, |
| GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME, |
| GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME, |
| POSIX_GROUP |
| } |
| : new String[] |
| { |
| SchemaConstants.TOP_OC, |
| GlobalIds.ROLE_OBJECT_CLASS_NM, |
| GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME, |
| GlobalIds.FT_MODIFIER_AUX_OBJECT_CLASS_NAME |
| }; |
| |
| /** |
| * Method on PropUdater interface used to increment UID and GID prop values. |
| * @param value contains a String that will be converted to an Integer before incremeting. |
| * @return String value contains the new sequence value. |
| */ |
| public String newValue(String value) |
| { |
| Integer id = new Integer( value ); |
| Integer newId = id + 1; |
| return newId.toString(); |
| } |
| |
| /** |
| * @param entity |
| * @return |
| * @throws CreateException |
| */ |
| Role create( Role entity ) throws CreateException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( entity.getName(), entity.getContextId() ); |
| |
| try |
| { |
| Entry entry = new DefaultEntry( dn ); |
| entry.add( SchemaConstants.OBJECT_CLASS_AT, ROLE_OBJ_CLASS ); |
| entity.setId(); |
| entry.add( GlobalIds.FT_IID, entity.getId() ); |
| entry.add( ROLE_NM, entity.getName() ); |
| // description field is optional on this object class: |
| if ( StringUtils.isNotEmpty( entity.getDescription() ) ) |
| { |
| entry.add( SchemaConstants.DESCRIPTION_AT, entity.getDescription() ); |
| } |
| |
| // CN attribute is required for this object class: |
| entry.add( SchemaConstants.CN_AT, entity.getName() ); |
| entry.add( GlobalIds.CONSTRAINT, ConstraintUtil.setConstraint( entity ) ); |
| |
| // These multi-valued attributes are optional. The utility function will return quietly if items are not loaded into collection: |
| loadAttrs( entity.getParents(), entry, GlobalIds.PARENT_NODES ); |
| |
| if ( IS_RFC2307 ) |
| { |
| // Supporting RFC2307 posixGroups attributes on fortress roles. |
| loadGidNumber( entity ); |
| entry.add( GlobalIds.GID_NUMBER, entity.getGidNumber() ); |
| } |
| |
| ld = getAdminConnection(); |
| add( ld, entry, entity ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "create role [" + entity.getName() + "] caught LdapException=" + e; |
| throw new CreateException( GlobalErrIds.ROLE_ADD_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return entity; |
| } |
| |
| /** |
| * @param entity |
| * @return |
| * @throws org.apache.directory.fortress.core.UpdateException |
| * |
| */ |
| Role update( Role entity ) throws UpdateException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( entity.getName(), entity.getContextId() ); |
| |
| try |
| { |
| List<Modification> mods = new ArrayList<Modification>(); |
| |
| if ( StringUtils.isNotEmpty( entity.getDescription() ) ) |
| { |
| mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, |
| SchemaConstants.DESCRIPTION_AT, entity.getDescription() ) ); |
| } |
| |
| if ( entity.isTemporalSet() ) |
| { |
| String szRawData = ConstraintUtil.setConstraint( entity ); |
| |
| if ( StringUtils.isNotEmpty( szRawData ) ) |
| { |
| mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, |
| GlobalIds.CONSTRAINT, szRawData ) ); |
| } |
| } |
| |
| loadAttrs( entity.getParents(), mods, GlobalIds.PARENT_NODES ); |
| |
| if ( IS_RFC2307 && StringUtils.isNotEmpty( entity.getGidNumber() ) ) |
| { |
| mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, |
| GlobalIds.GID_NUMBER, entity.getGidNumber() ) ); |
| } |
| |
| if ( mods.size() > 0 ) |
| { |
| ld = getAdminConnection(); |
| modify( ld, dn, mods, entity ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "update name [" + entity.getName() + "] caught LdapException=" + e; |
| throw new UpdateException( GlobalErrIds.ROLE_UPDATE_FAILED, error, e ); |
| } |
| catch ( Exception e ) |
| { |
| String error = "update name [" + entity.getName() + "] caught LdapException=" + e.getMessage(); |
| throw new UpdateException( GlobalErrIds.ROLE_UPDATE_FAILED, error, e ); |
| } |
| finally |
| { |
| try |
| { |
| closeAdminConnection( ld ); |
| } |
| catch ( Exception e ) |
| { |
| String error = "update name [" + entity.getName() + "] caught LdapException=" + e; |
| throw new UpdateException( GlobalErrIds.ROLE_UPDATE_FAILED, error, e ); |
| } |
| } |
| |
| return entity; |
| } |
| |
| |
| /** |
| * |
| * @param entity |
| * @throws UpdateException |
| */ |
| void deleteParent( Role entity ) throws UpdateException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( entity.getName(), entity.getContextId() ); |
| try |
| { |
| List<Modification> mods = new ArrayList<Modification>(); |
| mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, |
| GlobalIds.PARENT_NODES ) ); |
| ld = getAdminConnection(); |
| modify( ld, dn, mods, entity ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "deleteParent name [" + entity.getName() + "] caught LdapException=" + e; |
| throw new UpdateException( GlobalErrIds.ROLE_REMOVE_PARENT_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| } |
| |
| |
| /** |
| * @param entity |
| * @param userDn |
| * @return |
| * @throws org.apache.directory.fortress.core.UpdateException |
| * |
| */ |
| Role assign( Role entity, String userDn ) throws UpdateException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( entity.getName(), entity.getContextId() ); |
| |
| try |
| { |
| List<Modification> mods = new ArrayList<Modification>(); |
| mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, SchemaConstants.ROLE_OCCUPANT_AT, |
| userDn ) ); |
| ld = getAdminConnection(); |
| modify( ld, dn, mods, entity ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "assign role name [" + entity.getName() + "] user dn [" + userDn + "] caught LdapException=" |
| + e; |
| throw new UpdateException( GlobalErrIds.ROLE_USER_ASSIGN_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return entity; |
| } |
| |
| |
| /** |
| * @param entity |
| * @param userDn |
| * @return |
| * @throws org.apache.directory.fortress.core.UpdateException |
| * |
| */ |
| Role deassign( Role entity, String userDn ) throws UpdateException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( entity.getName(), entity.getContextId() ); |
| try |
| { |
| List<Modification> mods = new ArrayList<Modification>(); |
| mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, |
| SchemaConstants.ROLE_OCCUPANT_AT, userDn ) ); |
| ld = getAdminConnection(); |
| modify( ld, dn, mods, entity ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "deassign role name [" + entity.getName() + "] user dn [" + userDn |
| + "] caught LdapException=" + e; |
| throw new UpdateException( GlobalErrIds.ROLE_USER_DEASSIGN_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return entity; |
| } |
| |
| |
| /** |
| * @param role |
| * @throws RemoveException |
| */ |
| void remove( Role role ) |
| throws RemoveException |
| { |
| LdapConnection ld = null; |
| String dn = getDn( role.getName(), role.getContextId() ); |
| |
| try |
| { |
| ld = getAdminConnection(); |
| delete( ld, dn, role ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "remove role name=" + role.getName() + " LdapException=" + e; |
| throw new RemoveException( GlobalErrIds.ROLE_DELETE_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| } |
| |
| |
| /** |
| * @param role |
| * @return |
| * @throws org.apache.directory.fortress.core.FinderException |
| * |
| */ |
| Role getRole( Role role ) |
| throws FinderException |
| { |
| Role entity = null; |
| LdapConnection ld = null; |
| String dn = getDn( role.getName(), role.getContextId() ); |
| |
| try |
| { |
| ld = getAdminConnection(); |
| Entry findEntry = read( ld, dn, ROLE_ATRS ); |
| if ( findEntry != null ) |
| { |
| entity = unloadLdapEntry( findEntry, 0, role.getContextId() ); |
| } |
| if ( entity == null ) |
| { |
| String warning = "getRole no entry found dn [" + dn + "]"; |
| throw new FinderException( GlobalErrIds.ROLE_NOT_FOUND, warning ); |
| } |
| } |
| catch ( LdapNoSuchObjectException e ) |
| { |
| String warning = "getRole Obj COULD NOT FIND ENTRY for dn [" + dn + "]"; |
| throw new FinderException( GlobalErrIds.ROLE_NOT_FOUND, warning ); |
| } |
| catch ( LdapException e ) |
| { |
| String error = "getRole dn [" + dn + "] LEXCD=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_READ_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return entity; |
| } |
| |
| |
| /** |
| * @param role |
| * @return |
| * @throws org.apache.directory.fortress.core.FinderException |
| * |
| */ |
| List<Role> findRoles( Role role ) |
| throws FinderException |
| { |
| List<Role> roleList = new ArrayList<>(); |
| LdapConnection ld = null; |
| String roleRoot = getRootDn( role.getContextId(), GlobalIds.ROLE_ROOT ); |
| String filter = null; |
| |
| try |
| { |
| String searchVal = encodeSafeText( role.getName(), GlobalIds.ROLE_LEN ); |
| filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" |
| + ROLE_NM + "=" + searchVal + "*))"; |
| ld = getAdminConnection(); |
| SearchCursor searchResults = search( ld, roleRoot, |
| SearchScope.ONELEVEL, filter, ROLE_ATRS, false, Config.getInstance().getInt(GlobalIds.CONFIG_LDAP_MAX_BATCH_SIZE, GlobalIds.BATCH_SIZE ) ); |
| long sequence = 0; |
| |
| while ( searchResults.next() ) |
| { |
| roleList.add( unloadLdapEntry( searchResults.getEntry(), sequence++, role.getContextId() ) ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "findRoles filter [" + filter + "] caught LdapException=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| catch ( CursorException e ) |
| { |
| String error = "findRoles filter [" + filter + "] caught CursorException=" + e.getMessage(); |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return roleList; |
| } |
| |
| |
| /** |
| * Pull back all roles that are assigned to a particular group. |
| * @param group |
| * @return |
| * @throws org.apache.directory.fortress.core.FinderException |
| * |
| */ |
| List<Role> groupRoles ( Group group ) throws FinderException |
| { |
| List<Role> roleList = new ArrayList<>(); |
| LdapConnection ld = null; |
| String roleRoot = getRootDn( group.getContextId(), GlobalIds.ROLE_ROOT ); |
| StringBuilder filterbuf = new StringBuilder(); |
| |
| try |
| { |
| // loop for each group member.... |
| // add role name to search filter |
| // |
| List<String> members = group.getMembers(); |
| if ( CollectionUtils.isNotEmpty( members ) ) |
| { |
| filterbuf.append( GlobalIds.FILTER_PREFIX ); |
| filterbuf.append( GlobalIds.ROLE_OBJECT_CLASS_NM ); |
| filterbuf.append( ")(" ); |
| filterbuf.append( "|" ); |
| for ( String memberdn : members ) |
| { |
| filterbuf.append( "(" ); |
| filterbuf.append( SchemaConstants.ENTRY_DN_AT ); |
| filterbuf.append( "=" ); |
| filterbuf.append( memberdn ); |
| filterbuf.append( ")" ); |
| } |
| filterbuf.append( "))" ); |
| |
| ld = getAdminConnection(); |
| SearchCursor searchResults = search( ld, roleRoot, |
| SearchScope.ONELEVEL, filterbuf.toString(), ROLE_ATRS, false, Config.getInstance().getInt(GlobalIds.CONFIG_LDAP_MAX_BATCH_SIZE, GlobalIds.BATCH_SIZE ) ); |
| long sequence = 0; |
| |
| while ( searchResults.next() ) |
| { |
| roleList.add( unloadLdapEntry( searchResults.getEntry(), sequence++, group.getContextId() ) ); |
| } |
| } |
| else |
| { |
| String error = "groupRoles passed empty member list"; |
| throw new FinderException( GlobalErrIds.GROUP_MEMBER_NULL, error ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "groupRoles filter [" + filterbuf.toString() + "] caught LdapException=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| catch ( CursorException e ) |
| { |
| String error = "groupRoles filter [" + filterbuf.toString() + "] caught CursorException=" + e.getMessage(); |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return roleList; |
| } |
| |
| |
| /** |
| * @param role |
| * @param limit |
| * @return |
| * @throws org.apache.directory.fortress.core.FinderException |
| * |
| */ |
| List<String> findRoles( Role role, int limit ) |
| throws FinderException |
| { |
| List<String> roleList = new ArrayList<>(); |
| LdapConnection ld = null; |
| String roleRoot = getRootDn( role.getContextId(), GlobalIds.ROLE_ROOT ); |
| String filter = null; |
| |
| try |
| { |
| String searchVal = encodeSafeText( role.getName(), GlobalIds.ROLE_LEN ); |
| filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" |
| + ROLE_NM + "=" + searchVal + "*))"; |
| ld = getAdminConnection(); |
| SearchCursor searchResults = search( ld, roleRoot, |
| SearchScope.ONELEVEL, filter, ROLE_NM_ATR, false, limit ); |
| |
| while ( searchResults.next() ) |
| { |
| Entry entry = searchResults.getEntry(); |
| roleList.add( getAttribute( entry, ROLE_NM ) ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "findRoles filter [" + filter + "] caught LdapException=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| catch ( CursorException e ) |
| { |
| String error = "findRoles filter [" + filter + "] caught CursorException=" + e.getMessage(); |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return roleList; |
| } |
| |
| |
| /** |
| * |
| * @param userDn |
| * @param contextId |
| * @return |
| * @throws FinderException |
| */ |
| List<String> findAssignedRoles( String userDn, String contextId ) |
| throws FinderException |
| { |
| List<String> roleNameList = new ArrayList<>(); |
| LdapConnection ld = null; |
| String roleRoot = getRootDn( contextId, GlobalIds.ROLE_ROOT ); |
| |
| try |
| { |
| String filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")"; |
| filter += "(" + SchemaConstants.ROLE_OCCUPANT_AT + "=" + userDn + "))"; |
| ld = getAdminConnection(); |
| SearchCursor searchResults = search( ld, roleRoot, |
| SearchScope.ONELEVEL, filter, ROLE_NM_ATR, false, Config.getInstance().getInt(GlobalIds.CONFIG_LDAP_MAX_BATCH_SIZE, GlobalIds.BATCH_SIZE ) ); |
| |
| while ( searchResults.next() ) |
| { |
| roleNameList.add( getAttribute( searchResults.getEntry(), ROLE_NM ) ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "findAssignedRoles userDn [" + userDn + "] caught LdapException=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_OCCUPANT_SEARCH_FAILED, error, e ); |
| } |
| catch ( CursorException e ) |
| { |
| String error = "findAssignedRoles userDn [" + userDn + "] caught CursorException=" + e.getMessage(); |
| throw new FinderException( GlobalErrIds.ROLE_OCCUPANT_SEARCH_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return roleNameList; |
| } |
| |
| |
| /** |
| * |
| * @param contextId |
| * @return |
| * @throws FinderException |
| */ |
| List<Graphable> getAllDescendants( String contextId ) |
| throws FinderException |
| { |
| String[] DESC_ATRS = |
| { ROLE_NM, GlobalIds.PARENT_NODES }; |
| List<Graphable> descendants = new ArrayList<>(); |
| LdapConnection ld = null; |
| String roleRoot = getRootDn( contextId, GlobalIds.ROLE_ROOT ); |
| String filter = null; |
| |
| try |
| { |
| filter = GlobalIds.FILTER_PREFIX + GlobalIds.ROLE_OBJECT_CLASS_NM + ")(" |
| + GlobalIds.PARENT_NODES + "=*))"; |
| ld = getAdminConnection(); |
| SearchCursor searchResults = search( ld, roleRoot, |
| SearchScope.ONELEVEL, filter, DESC_ATRS, false, Config.getInstance().getInt(GlobalIds.CONFIG_LDAP_MAX_BATCH_SIZE, GlobalIds.BATCH_SIZE ) ); |
| long sequence = 0; |
| |
| while ( searchResults.next() ) |
| { |
| descendants.add( unloadDescendants( searchResults.getEntry(), sequence++, contextId ) ); |
| } |
| } |
| catch ( LdapException e ) |
| { |
| String error = "getAllDescendants filter [" + filter + "] caught LdapException=" + e; |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| catch ( CursorException e ) |
| { |
| String error = "getAllDescendants filter [" + filter + "] caught CursorException=" + e.getMessage(); |
| throw new FinderException( GlobalErrIds.ROLE_SEARCH_FAILED, error, e ); |
| } |
| finally |
| { |
| closeAdminConnection( ld ); |
| } |
| |
| return descendants; |
| } |
| |
| |
| /** |
| * Sets the value of gidNumber on Role entity. Will use what's passed in or auto increment current. |
| * |
| * @param entity |
| * @throws CreateException |
| */ |
| private void loadGidNumber( Role entity ) throws CreateException |
| { |
| // Generate the value of gidNumber if not passed in by caller: |
| if ( StringUtils.isEmpty( entity.getGidNumber() ) ) |
| { |
| List<String> idNumbers = new ArrayList<>(); |
| idNumbers.add(GlobalIds.GID_NUMBER); |
| Configuration configuration; |
| try |
| { |
| configuration = Config.getInstance().getIncrementReplacePosixIds(idNumbers, this); |
| } |
| catch (CfgException ce) |
| { |
| String error = "Create role had a problem loading the gidNumber, catching a CfgException:" + ce.getMessage(); |
| throw new CreateException(GlobalErrIds.USER_ADD_FAILED, error, ce); |
| } |
| entity.setGidNumber( configuration.getGidNumber() ); |
| } |
| } |
| |
| /** |
| * |
| * @param le |
| * @param sequence |
| * @param contextId |
| * @return |
| * @throws LdapInvalidAttributeValueException |
| * @throws LdapException |
| */ |
| private Graphable unloadDescendants( Entry le, long sequence, String contextId ) |
| throws LdapInvalidAttributeValueException |
| { |
| Role entity = new ObjectFactory().createRole(); |
| entity.setSequenceId( sequence ); |
| entity.setName( getAttribute( le, ROLE_NM ) ); |
| entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) ); |
| return entity; |
| } |
| |
| |
| /** |
| * |
| * @param le |
| * @param sequence |
| * @param contextId |
| * @return |
| * @throws LdapInvalidAttributeValueException |
| * @throws LdapException |
| */ |
| private Role unloadLdapEntry( Entry le, long sequence, String contextId ) throws LdapInvalidAttributeValueException |
| { |
| Role entity = new ObjectFactory().createRole(); |
| entity.setSequenceId( sequence ); |
| entity.setId( getAttribute( le, GlobalIds.FT_IID ) ); |
| entity.setName( getAttribute( le, ROLE_NM ) ); |
| entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) ); |
| entity.setChildren( RoleUtil.getInstance().getChildren( entity.getName().toUpperCase(), contextId ) ); |
| entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) ); |
| unloadTemporal( le, entity ); |
| entity.setDn( le.getDn().getName() ); |
| entity.addProperties( PropUtil.getProperties( getAttributes( le, GlobalIds.PROPS ) ) ); |
| if ( IS_RFC2307 ) |
| { |
| entity.setGidNumber( getAttribute( le, GlobalIds.GID_NUMBER ) ); |
| } |
| entity.setOccupants( getAttributes( le, SchemaConstants.ROLE_OCCUPANT_AT ) ); |
| return entity; |
| } |
| |
| |
| private String getDn( String name, String contextId ) |
| { |
| return SchemaConstants.CN_AT + "=" + name + "," + getRootDn( contextId, GlobalIds.ROLE_ROOT ); |
| } |
| |
| |
| @Override |
| public String getDn( Role entity ) |
| { |
| return this.getDn( entity.getName(), entity.getContextId() ); |
| } |
| |
| |
| @Override |
| public Role getEntity( Role entity ) throws FinderException |
| { |
| return this.getRole( entity ); |
| } |
| } |