ldapgroupstore.java

uPortal是开放源码的Portal门户产品

/**
 * Copyright (c) 2002 The JA-SIG Collaborative.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the JA-SIG Collaborative
 *    (http://www.jasig.org/)."
 *
 * THIS SOFTWARE IS PROVIDED BY THE JA-SIG COLLABORATIVE "AS IS" AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE JA-SIG COLLABORATIVE OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

package org.jasig.portal.groups.ldap;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;

import org.jasig.portal.EntityIdentifier;
import org.jasig.portal.groups.EntityGroupImpl;
import org.jasig.portal.groups.EntityImpl;
import org.jasig.portal.groups.GroupsException;
import org.jasig.portal.groups.IEntity;
import org.jasig.portal.groups.IEntityGroup;
import org.jasig.portal.groups.IEntityGroupStore;
import org.jasig.portal.groups.IEntitySearcher;
import org.jasig.portal.groups.IEntityStore;
import org.jasig.portal.groups.IGroupMember;
import org.jasig.portal.groups.ILockableEntityGroup;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.portal.utils.ResourceLoader;
import org.jasig.portal.utils.SmartCache;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/**
 * LDAPGroupStore.
 * @author Alex Vidgor
 * @version $Revision: 1.14.2.3 $
 */
public class LDAPGroupStore implements IEntityGroupStore, IEntityStore, IEntitySearcher {
    private static final Log log = LogFactory.getLog(LDAPGroupStore.class);
  protected String url;
  protected String logonid;
  protected String logonpassword;
  protected String keyfield;
  protected String namefield;
  protected String usercontext="";
  protected HashMap groups;
  protected SmartCache contexts;
  protected SmartCache personkeys;
  protected static Class iperson = org.jasig.portal.security.IPerson.class;
  protected static Class group = org.jasig.portal.groups.IEntityGroup.class;
  protected static short ELEMENT_NODE = Node.ELEMENT_NODE;

  public LDAPGroupStore() {
    Document config = null;
    try{
      config = ResourceLoader.getResourceAsDocument(this.getClass(),"/properties/groups/LDAPGroupStoreConfig.xml");
    }
    catch(Exception rme){
      throw new RuntimeException("LDAPGroupStore: Unable to find configuration configuration document");
    }
    init(config);
  }

  public LDAPGroupStore(Document config){
    init(config);
  }

  protected void init(Document config){
    this.groups = new HashMap();
    this.contexts = new SmartCache(120);
    config.normalize();
    int refreshminutes = 120;
    Element root = config.getDocumentElement();
    NodeList nl = root.getElementsByTagName("config");
    if (nl.getLength() == 1){
      Element conf = (Element) nl.item(0);
      Node cc = conf.getFirstChild();
      //NodeList cl= conf.getF.getChildNodes();
      //for(int i=0; i<cl.getLength(); i++){
      while (cc!=null){
        if(cc.getNodeType()==ELEMENT_NODE){
          Element c = (Element) cc;
          c.normalize();
          Node t = c.getFirstChild();
          if(t!=null && t.getNodeType()==Node.TEXT_NODE){
            String name = c.getNodeName();
            String text = ((Text) t).getData();
            //System.out.println(name+" = "+text);
            if (name.equals("url")){
              url = text;
            }
            else if (name.equals("logonid")){
              logonid = text;
            }
            else if (name.equals("logonpassword")){
              logonpassword = text;
            }
            else if (name.equals("keyfield")){
              keyfield = text;
            }
            else if (name.equals("namefield")){
              namefield = text;
            }
            else if (name.equals("usercontext")){
              usercontext = text;
            }
            else if (name.equals("refresh-minutes")){
              try{
                 refreshminutes = Integer.parseInt(text);
              }
              catch(Exception e){}
            }
          }
        }
        cc = cc.getNextSibling();
      }
    }
    else{
      throw new RuntimeException("LDAPGroupStore: config file must contain one config element");
    }

    this.personkeys = new SmartCache(refreshminutes*60);

    NodeList gl = root.getChildNodes();
    for (int j=0; j<gl.getLength(); j++){
      if(gl.item(j).getNodeType() == ELEMENT_NODE){
        Element g = (Element) gl.item(j);
        if (g.getNodeName().equals("group")){
          GroupShadow shadow = processXmlGroupRecursive(g);
          groups.put(shadow.key,shadow);
        }
      }
    }

  }

  protected String[] getPersonKeys(String groupKey){
    String[] r= (String[]) personkeys.get(groupKey);
    if(r==null){
      GroupShadow shadow = (GroupShadow) groups.get(groupKey);
      if (shadow.entities!=null){
        r = shadow.entities.getPersonKeys();
      }
      else {
        r = new String[0];
      }
      personkeys.put(groupKey,r);
    }
    return r;
  }

  protected GroupShadow processXmlGroupRecursive(Element groupElem){
    GroupShadow shadow = new GroupShadow();
    shadow.key = groupElem.getAttribute("key");
    shadow.name = groupElem.getAttribute("name");
    //System.out.println("Loading configuration for group "+shadow.name);
    ArrayList subgroups = new ArrayList();
    NodeList nl = groupElem.getChildNodes();
    for(int i = 0; i<nl.getLength(); i++){
      if (nl.item(i).getNodeType()==ELEMENT_NODE){
        Element e = (Element) nl.item(i);
        if(e.getNodeName().equals("group")){
          GroupShadow sub = processXmlGroupRecursive(e);
          subgroups.add(sub);
          groups.put(sub.key,sub);
        }
        else if(e.getNodeName().equals("entity-set")){
          shadow.entities = new EntitySet(e);
        }
        else if(e.getNodeName().equals("description")){
          e.normalize();
          Text t= (Text) e.getFirstChild();
          if (t!=null){
            shadow.description = t.getData();
          }
        }
      }
    }
    shadow.subgroups = (GroupShadow[]) subgroups.toArray(new GroupShadow[0]);
    return shadow;
  }

  protected class GroupShadow{
    protected String key;
    protected String name;
    protected String description;
    protected GroupShadow[] subgroups;
    protected EntitySet entities;
  }

  protected class EntitySet{
    public static final int FILTER=1;
    public static final int UNION=2;
    public static final int DIFFERENCE=3;
    public static final int INTERSECTION=4;
    public static final int SUBTRACT=5;
    public static final int ATTRIBUTES=6;

    protected int type;
    protected String filter;
    protected Attributes attributes;
    protected EntitySet[] subsets;

    protected EntitySet(Element entityset){
      entityset.normalize();
      Node n = entityset.getFirstChild();
      while (n.getNodeType()!=Node.ELEMENT_NODE){
        n = n.getNextSibling();
      }
      Element e = (Element) n;
      String type = e.getNodeName();
      boolean collectSubsets = false;
      if (type.equals("filter")){
        this.type = FILTER;
        filter = e.getAttribute("string");
      }
      else if (type.equals("attributes")){
        this.type = ATTRIBUTES;
        attributes = new BasicAttributes();
        NodeList atts = e.getChildNodes();
        for (int i=0; i< atts.getLength(); i++){
          if (atts.item(i).getNodeType() == ELEMENT_NODE){
            Element a = (Element) atts.item(i);
            attributes.put(a.getAttribute("name"),a.getAttribute("value"));
          }
        }
      }
      else if (type.equals("union")){
        this.type = UNION;
        collectSubsets = true;
      }
      else if (type.equals("intersection")){
        this.type = INTERSECTION;
        collectSubsets = true;
      }
      else if (type.equals("difference")){
        this.type = DIFFERENCE;
        collectSubsets = true;
      }
      else if (type.equals("subtract")){
        this.type = SUBTRACT;
        collectSubsets = true;
      }

      if(collectSubsets){
        ArrayList subs = new ArrayList();
        NodeList nl = e.getChildNodes();
        for (int i=0; i < nl.getLength(); i++){
          if (nl.item(i).getNodeType() == Node.ELEMENT_NODE){
            EntitySet subset = new EntitySet((Element)nl.item(i));
            subs.add(subset);
          }
        }
        subsets = (EntitySet[]) subs.toArray(new EntitySet[0]);
      }
    }

    protected String[] getPersonKeys(){
      ArrayList keys = new ArrayList();
      //System.out.println("Loading keys!!");
      String[] subkeys;
      switch (type){
        case FILTER:
          //System.out.println("Performing ldap query!!");
          DirContext context = getConnection();
          NamingEnumeration userlist = null;
          SearchControls sc = new SearchControls();
          sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
          sc.setReturningAttributes(new String[] {keyfield});
          try {
            userlist = context.search(usercontext,filter,sc);
          } catch (NamingException nex) {
            log.error("LDAPGroupStore: Unable to perform filter "+filter);
            log.error(nex);
          }
          processLdapResults(userlist,keys);
          break;
        case ATTRIBUTES:
          //System.out.println("Performing ldap attribute query!!");
          DirContext context2 = getConnection();
          NamingEnumeration userlist2 = null;
          try {
            userlist2 = context2.search(usercontext,attributes,new String[] {keyfield});
          } catch (NamingException nex) {
            log.error("LDAPGroupStore: Unable to perform attribute search");
            log.error(nex);
          }
          processLdapResults(userlist2,keys);
          break;
        case UNION:
          for(int i=0; i<subsets.length; i++){
            subkeys = subsets[i].getPersonKeys();
            for(int j=0;j<subkeys.length;j++){
              String key =  subkeys[j];
              if(!keys.contains(key)){
                keys.add(key);
              }
            }
          }
          break;
        case INTERSECTION:
          if (subsets.length > 0){
            // load initial keys from first entity set
            String[] interkeys = subsets[0].getPersonKeys();
            // now set non-recurring keys to null
            for(int m=1;m<subsets.length;m++){
              subkeys = subsets[m].getPersonKeys();
              for (int n=0; n < interkeys.length; n++){
                if (interkeys[n] !=null){
                  boolean remove=true;
                  for (int o=0; o<subkeys.length; o++){