diff options
Diffstat (limited to 'source/com/c2kernel/lookup/LDAPRoleManager.java')
| -rwxr-xr-x | source/com/c2kernel/lookup/LDAPRoleManager.java | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/source/com/c2kernel/lookup/LDAPRoleManager.java b/source/com/c2kernel/lookup/LDAPRoleManager.java new file mode 100755 index 0000000..a9b6b23 --- /dev/null +++ b/source/com/c2kernel/lookup/LDAPRoleManager.java @@ -0,0 +1,199 @@ +package com.c2kernel.lookup;
+
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import com.c2kernel.common.ObjectAlreadyExistsException;
+import com.c2kernel.common.ObjectCannotBeUpdated;
+import com.c2kernel.common.ObjectNotFoundException;
+import com.c2kernel.utils.Logger;
+import com.novell.ldap.*;
+
+/**************************************************************************
+ *
+ * $Revision: 1.1 $
+ * $Date: 2005/04/26 06:48:12 $
+ *
+ * Copyright (C) 2003 CERN - European Organization for Nuclear Research
+ * All rights reserved.
+ **************************************************************************/
+
+// public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
+public class LDAPRoleManager {
+
+ /**
+ *
+ */
+ LDAPLookup mLdap;
+ private String mRolePath;
+ private String mEntityPath;
+
+ public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
+ super();
+ this.mLdap = ldap;
+ this.mRolePath = rolePath;
+ this.mEntityPath = entityPath;
+ }
+
+ //NOTE: A role must have at LEAST 1 userDN, cannot be empty...
+ //Creates a cristalRole
+ //CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
+ public RolePath createRole(String roleName, boolean jobList)
+ throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
+ {
+
+ // create the role
+ RolePath rolePath = new RolePath(roleName, jobList);
+ String roleDN = rolePath.getFullDN();
+ LDAPEntry roleNode;
+ try
+ {
+ roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
+ throw new ObjectAlreadyExistsException();
+ } catch (ObjectNotFoundException ex) { }
+
+ //create CristalRole if it does not exist
+ roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
+ try {
+ LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
+ } catch (LDAPException e) {
+ throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
+ }
+ return rolePath;
+
+
+ }
+ public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
+ try {
+ LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
+ } catch (LDAPException ex) {
+ throw new ObjectCannotBeUpdated("Could not remove role");
+ }
+ }
+
+ protected void addRole(AgentPath agent, RolePath role)
+ throws ObjectCannotBeUpdated, ObjectNotFoundException
+ {
+ LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+ //add memberDN to uniqueMember if it is not yet a member
+ if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
+ LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
+ else
+ throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
+ }
+
+ protected void removeRole(AgentPath agent, RolePath role)
+ throws ObjectCannotBeUpdated, ObjectNotFoundException
+ {
+ LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+ if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
+ LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
+ else
+ throw new ObjectCannotBeUpdated("Agent did not have that role");
+ }
+
+ protected boolean hasRole(AgentPath agent, RolePath role) {
+ String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";
+ LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+ searchCons.setBatchSize(0);
+ searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+ Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+ return roles.hasMoreElements();
+ }
+
+ protected AgentPath[] getAgents(RolePath role)
+ throws ObjectNotFoundException
+ {
+ //get the roleDN entry, and its uniqueMember entry pointing to
+ LDAPEntry roleEntry;
+ try {
+ roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
+ } catch (ObjectNotFoundException e) {
+ throw new ObjectNotFoundException("Role does not exist", "");
+ }
+
+ String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
+ ArrayList agents = new ArrayList();
+ for (int i=0; i<res.length; i++)
+ {
+ String userDN = res[i];
+ try {
+ LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN);
+ AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
+ agents.add(path);
+ } catch (ObjectNotFoundException ex) {
+ Logger.error("Agent "+res[i]+" does not exist");
+ } catch (InvalidEntityPathException ex) {
+ Logger.error("Agent "+res[i]+" is not a valid entity");
+ }
+ }
+ AgentPath[] usersList = new AgentPath[0];
+ usersList = (AgentPath[])agents.toArray(usersList);
+ return usersList;
+ }
+
+ //returns the role/s of a user
+ protected RolePath[] getRoles(AgentPath agentPath)
+ {
+ //search the mDomainPath tree uniqueMember=userDN
+ //filter = objectclass=cristalrole AND uniqueMember=userDN
+ String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";
+ LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+ searchCons.setBatchSize(0);
+ searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+ Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+ ArrayList roleList = new ArrayList();
+
+ while(roles.hasMoreElements())
+ {
+ RolePath path = (RolePath) roles.nextElement();
+ roleList.add(path);
+ }
+ RolePath[] roleArr = new RolePath[roleList.size()];
+ roleArr = (RolePath[])roleList.toArray(roleArr);
+ return roleArr;
+ }
+
+ /**
+ * Utility for looking up a login name
+ *
+ * @param ld
+ * @param agentName
+ * @param baseDN
+ * @return
+ * @throws ObjectNotFoundException
+ */
+ public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
+ {
+ //search to get the userDN equivalent of the userID
+ LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+ searchCons.setBatchSize(0);
+ searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+ String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
+ Enumeration res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+ if (!res.hasMoreElements())
+ throw new ObjectNotFoundException("Agent not found");
+ Path result = (Path)res.nextElement();
+ if (result instanceof AgentPath)
+ return (AgentPath)result;
+ else
+ throw new ObjectNotFoundException("Entry was not an Agent");
+ }
+
+ public RolePath getRolePath(String roleName) throws ObjectNotFoundException
+ {
+ LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
+ searchCons.setBatchSize(0);
+ searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
+ String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
+ Enumeration res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
+ if (!res.hasMoreElements())
+ throw new ObjectNotFoundException("Role not found");
+ Path result = (Path)res.nextElement();
+ if (result instanceof RolePath)
+ return (RolePath)result;
+ else
+ throw new ObjectNotFoundException("Entry was not a Role");
+ }
+
+}
|