ldaprolemanagement.java

来自「jetspeed源代码」· Java 代码 · 共 576 行 · 第 1/2 页

     */
    public void removeRole(String roleName)
        throws JetspeedSecurityException
    {
        try
        {
            LDAPRole role = new LDAPRole(roleName, false);
            JetspeedLDAP.deleteEntry(role.getldapurl());
            PsmlManager.removeRoleDocuments(role);

            if(cascadeDelete)
            {
            }

            if (cachingEnable)
            {
                JetspeedSecurityCache.removeAllRoles(roleName);
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to remove group '" +
                roleName + "'", e);
        }
    }

    /**
     * Grants a role to a user.
     *
     * The security service may optionally check the current user context
     * to determine if the requestor has permission to perform this action.
     *
     * @exception RoleException when the security provider has a general failure retrieving users.
     * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
     */
	public void grantRole(String username, String roleName)
		throws JetspeedSecurityException
	{
		grantRole(username, roleName, JetspeedSecurity.JETSPEED_GROUP);
	}
	
    public void grantRole(String username, String roleName, String groupName)
        throws JetspeedSecurityException
    {
        LDAPUser user;
        LDAPRole role;
        try
        {
            user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
            role = (LDAPRole)JetspeedSecurity.getRole(roleName);
        }
        catch(JetspeedSecurityException e)

        {
            throw new RoleException("Failed to Retrieve User or Role: ", e);
        }

        try
        {
            user.addGroupRole(groupName, roleName);
            user.update(false);

            if (cachingEnable)
            {
                JetspeedSecurityCache.addRole(username, role);
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to add role info ", e);
        }
    }

    /**
     * Revokes a role from a user.
     *
     * The security service may optionally check the current user context
     * to determine if the requestor has permission to perform this action.
     *
     * @exception RoleException when the security provider has a general failure retrieving users.
     * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
     */
	public void revokeRole(String username, String rolename)
		throws JetspeedSecurityException
	{
		revokeRole(username, rolename, JetspeedSecurity.JETSPEED_GROUP);
	}

    public void revokeRole(String username, String rolename, String groupname)
        throws JetspeedSecurityException
    {
        LDAPUser user;

        try
        {
            user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
        }
        catch(JetspeedSecurityException e)
        {
            throw new RoleException("Failed to Retrieve User: ", e);
        }

        try
        {
            user.removeGroupRole(groupname, rolename);
            user.update(false);

            if (cachingEnable)
            {
                JetspeedSecurityCache.removeRole(username, rolename, groupname);
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to add role info ", e);
        }
    }

    /**
     * Checks for the relationship of user has a role. Returns true when the user has the given role.
     *
     * The security service may optionally check the current user context
     * to determine if the requestor has permission to perform this action.
     *
     * @exception RoleException when the security provider has a general failure retrieving users.
     * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
     */
	public boolean hasRole(String username, String roleName)
		throws JetspeedSecurityException
	{
		return hasRole(username, roleName, JetspeedSecurity.JETSPEED_GROUP);
	}
	
    public boolean hasRole(String username, String roleName, String groupName)
        throws JetspeedSecurityException
    {
        StringTokenizer st;
        LDAPUser user;
        try
        {
            if (cachingEnable)
            {
                CachedAcl acl = JetspeedSecurityCache.getAcl(username);
                if (null != acl)
                {
                    return acl.hasRole(roleName, groupName);
                }
            }
            user = (LDAPUser)JetspeedSecurity.getUser(new UserNamePrincipal(username));
        }
        catch(JetspeedSecurityException e)
        {
            throw new RoleException("Failed to Retrieve User: ", e);
        }
        try
        {
            for (Enumeration enum = user.getGroupRoles().elements(); enum.hasMoreElements();)
            {
                st = new StringTokenizer((String)enum.nextElement(),",");
                String gn = st.nextToken();
                String rn = st.nextToken();
                if (rn.equalsIgnoreCase(roleName) && gn.equalsIgnoreCase(groupName))
                {
                    return true;
                }
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to retrieve roles ", e);
        }
        return false;
    }

    /**
     * Retrieves a single <code>Role</code> for a given roleName principal.
     *
     * The security service may optionally check the current user context
     * to determine if the requestor has permission to perform this action.
     *
     * @param roleName a role principal identity to be retrieved.
     * @return Role the role record retrieved.
     * @exception RoleException when the security provider has a general failure.
     * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
     */
    public Role getRole(String roleName)
        throws JetspeedSecurityException
    {
        Vector roleurls;

        try
        {
            roleurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles"),
                       "(&(uid=" + roleName + ")(objectclass=jetspeedrole))", ATTRS, true);

            if (roleurls.size() == 1)
            {
                return new LDAPRole((LDAPURL) ((Vector)roleurls.elementAt(0)).firstElement());
            }
            else if(roleurls.size() > 1)
            {
                throw new RoleException("Multiple roles with same name");
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to retrieve roles ", e);
        }
        throw new RoleException("Unknown role '" + roleName + "'");
    }

    ///////////////////////////////////////////////////////////////////////////
    // Internal
    ///////////////////////////////////////////////////////////////////////////

    protected JetspeedRunData getRunData()
    {
        JetspeedRunData rundata = null;
        if (this.runDataService != null)
        {
            rundata = this.runDataService.getCurrentRunData();
        }
        return rundata;
    }

    /**
     * Check whether a specified role exists.
     *
     * The login name is used for looking up the account.
     *
     * @param roleName the name of the role to check for existence.
     * @return true if the specified account exists
     * @throws RoleException if there was a general db access error
     *
     */
    protected boolean roleExists(String roleName)
        throws RoleException
    {
        Vector roleurls;

        try
        {
            roleurls = JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles"),
                                        "(&(uid=" + roleName + ")(objectclass=jetspeedrole))", ATTRS, true);
            if (roleurls.size() > 0)
            {
                return true;
            }
        }
        catch(Exception e)
        {
            throw new RoleException("Failed to retrieve roles ", e);
        }
        return false;
    }

    ///////////////////////////////////////////////////////////////////////////
    // Service Init
    ///////////////////////////////////////////////////////////////////////////

    /**
     * This is the early initialization method called by the
     * Turbine <code>Service</code> framework
     * @param conf The <code>ServletConfig</code>
     * @exception throws a <code>InitializationException</code> if the service
     * fails to initialize
     */
    public synchronized void init(ServletConfig conf)
        throws InitializationException
    {
        if (getInit()) return;

        super.init(conf);

        // get configuration parameters from Jetspeed Resources
        ResourceService serviceConf = ((TurbineServices)TurbineServices.getInstance())
                                                     .getResources(JetspeedSecurityService.SERVICE_NAME);

        this.runDataService =
           (JetspeedRunDataService)TurbineServices.getInstance()
               .getService(RunDataService.SERVICE_NAME);

        cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
        cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, DEFAULT_CACHING_ENABLE );
        setInit(true);
     }

}