| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. The ASF licenses this file to You |
| * under the Apache License, Version 2.0 (the "License"); you may not |
| * use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. For additional information regarding |
| * copyright in this work, please see the NOTICE file in the top level |
| * directory of this distribution. |
| */ |
| package org.apache.roller.weblogger.ui.core.security; |
| |
| import org.apache.roller.weblogger.WebloggerException; |
| import org.apache.roller.weblogger.business.UserManager; |
| import org.apache.roller.weblogger.business.Weblogger; |
| import org.apache.roller.weblogger.business.WebloggerFactory; |
| import org.apache.roller.weblogger.pojos.User; |
| import org.springframework.dao.DataRetrievalFailureException; |
| import org.springframework.ldap.core.DirContextOperations; |
| import org.springframework.security.core.GrantedAuthority; |
| import org.springframework.security.core.authority.SimpleGrantedAuthority; |
| import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; |
| import org.springframework.security.core.userdetails.UsernameNotFoundException; |
| import org.springframework.util.Assert; |
| |
| import java.util.Collection; |
| import java.util.List; |
| import java.util.ArrayList; |
| |
| |
| /** |
| * @author Elias Torres (<a href="mailto:eliast@us.ibm.com">eliast@us.ibm.com</a>) |
| */ |
| public class AuthoritiesPopulator implements LdapAuthoritiesPopulator { |
| |
| /** A default role which will be assigned to all authenticated users if set */ |
| private GrantedAuthority defaultRole = null; |
| |
| |
| /* (non-Javadoc) |
| * @see org.springframework.security.ldap.LdapAuthoritiesPopulator#getGrantedAuthorities(org.springframework.ldap.core.DirContextOperations, String) |
| */ |
| public Collection<GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) { |
| |
| // This check is probably unnecessary. |
| if (userData == null) { |
| throw new IllegalArgumentException("The userData argument should not be null at this point."); |
| } |
| |
| User user; |
| List<String> roles = new ArrayList<String>(); |
| try { |
| Weblogger roller = WebloggerFactory.getWeblogger(); |
| UserManager umgr = roller.getUserManager(); |
| user = umgr.getUserByUserName(username, Boolean.TRUE); |
| if (user != null) { |
| roles = umgr.getRoles(user); |
| } |
| } catch (WebloggerException ex) { |
| throw new DataRetrievalFailureException("ERROR in user lookup", ex); |
| } |
| |
| int roleCount = roles.size() + (defaultRole != null ? 1 : 0); |
| List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(roleCount); |
| for (String role : roles) { |
| authorities.add(new SimpleGrantedAuthority(role)); |
| } |
| |
| if (defaultRole != null) { |
| authorities.add(defaultRole); |
| } |
| |
| if (authorities.size() == 0) { |
| // TODO: This doesn't seem like the right type of exception to throw here, but retained it, fixed the message |
| throw new UsernameNotFoundException("User " + username + " has no roles granted and there is no default role set."); |
| } |
| |
| return authorities; |
| } |
| |
| /** |
| * The default role which will be assigned to all users. |
| * |
| * @param defaultRole the role name, including any desired prefix. |
| */ |
| public void setDefaultRole(String defaultRole) { |
| Assert.notNull(defaultRole, "The defaultRole property cannot be set to null"); |
| this.defaultRole = new SimpleGrantedAuthority(defaultRole); |
| } |
| } |