KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > activemq > security > LDAPAuthorizationMap


1 /**
2  *
3  * Licensed to the Apache Software Foundation (ASF) under one or more
4  * contributor license agreements. See the NOTICE file distributed with
5  * this work for additional information regarding copyright ownership.
6  * The ASF licenses this file to You under the Apache License, Version 2.0
7  * (the "License"); you may not use this file except in compliance with
8  * the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */
18 package org.apache.activemq.security;
19
20 import java.text.MessageFormat JavaDoc;
21 import java.util.HashSet JavaDoc;
22 import java.util.Hashtable JavaDoc;
23 import java.util.Iterator JavaDoc;
24 import java.util.Map JavaDoc;
25 import java.util.Set JavaDoc;
26
27 import javax.naming.Context JavaDoc;
28 import javax.naming.NamingEnumeration JavaDoc;
29 import javax.naming.NamingException JavaDoc;
30 import javax.naming.directory.Attribute JavaDoc;
31 import javax.naming.directory.Attributes JavaDoc;
32 import javax.naming.directory.DirContext JavaDoc;
33 import javax.naming.directory.InitialDirContext JavaDoc;
34 import javax.naming.directory.SearchControls JavaDoc;
35 import javax.naming.directory.SearchResult JavaDoc;
36
37 import org.apache.activemq.command.ActiveMQDestination;
38 import org.apache.activemq.jaas.GroupPrincipal;
39 import org.apache.activemq.jaas.LDAPLoginModule;
40 import org.apache.commons.logging.Log;
41 import org.apache.commons.logging.LogFactory;
42
43 /**
44  * An {@link AuthorizationMap} which uses LDAP
45  *
46  * @org.apache.xbean.XBean
47  *
48  * @author ngcutura
49  */
50 public class LDAPAuthorizationMap implements AuthorizationMap {
51
52     private static Log log = LogFactory.getLog(LDAPLoginModule.class);
53
54     public static final String JavaDoc INITIAL_CONTEXT_FACTORY = "initialContextFactory";
55     public static final String JavaDoc CONNECTION_URL = "connectionURL";
56     public static final String JavaDoc CONNECTION_USERNAME = "connectionUsername";
57     public static final String JavaDoc CONNECTION_PASSWORD = "connectionPassword";
58     public static final String JavaDoc CONNECTION_PROTOCOL = "connectionProtocol";
59     public static final String JavaDoc AUTHENTICATION = "authentication";
60
61     public static final String JavaDoc TOPIC_SEARCH_MATCHING = "topicSearchMatching";
62     public static final String JavaDoc TOPIC_SEARCH_SUBTREE = "topicSearchSubtree";
63     public static final String JavaDoc QUEUE_SEARCH_MATCHING = "queueSearchMatching";
64     public static final String JavaDoc QUEUE_SEARCH_SUBTREE = "queueSearchSubtree";
65
66     public static final String JavaDoc ADMIN_BASE = "adminBase";
67     public static final String JavaDoc ADMIN_ATTRIBUTE = "adminAttribute";
68     public static final String JavaDoc READ_BASE = "readBase";
69     public static final String JavaDoc READ_ATTRIBUTE = "readAttribute";
70     public static final String JavaDoc WRITE_BASE = "writeBAse";
71     public static final String JavaDoc WRITE_ATTRIBUTE = "writeAttribute";
72
73     private String JavaDoc initialContextFactory;
74     private String JavaDoc connectionURL;
75     private String JavaDoc connectionUsername;
76     private String JavaDoc connectionPassword;
77     private String JavaDoc connectionProtocol;
78     private String JavaDoc authentication;
79
80     private DirContext JavaDoc context;
81
82     private MessageFormat JavaDoc topicSearchMatchingFormat;
83     private MessageFormat JavaDoc queueSearchMatchingFormat;
84
85     private boolean topicSearchSubtreeBool = true;
86     private boolean queueSearchSubtreeBool = true;
87
88     private String JavaDoc adminBase;
89     private String JavaDoc adminAttribute;
90     private String JavaDoc readBase;
91     private String JavaDoc readAttribute;
92     private String JavaDoc writeBase;
93     private String JavaDoc writeAttribute;
94
95     public LDAPAuthorizationMap() {
96         // lets setup some sensible defaults
97 initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
98         connectionURL = "ldap://localhost:10389";
99         connectionUsername = "uid=admin,ou=system";
100         connectionPassword = "secret";
101         connectionProtocol = "s";
102         authentication = "simple";
103
104         topicSearchMatchingFormat = new MessageFormat JavaDoc("uid={0},ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com");
105         queueSearchMatchingFormat = new MessageFormat JavaDoc("uid={0},ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com");
106
107         adminBase = "(cn=admin)";
108         adminAttribute = "uniqueMember";
109         readBase = "(cn=read)";
110         readAttribute = "uniqueMember";
111         writeBase = "(cn=write)";
112         writeAttribute = "uniqueMember";
113     }
114
115     public LDAPAuthorizationMap(Map JavaDoc options) {
116         initialContextFactory = (String JavaDoc) options.get(INITIAL_CONTEXT_FACTORY);
117         connectionURL = (String JavaDoc) options.get(CONNECTION_URL);
118         connectionUsername = (String JavaDoc) options.get(CONNECTION_USERNAME);
119         connectionPassword = (String JavaDoc) options.get(CONNECTION_PASSWORD);
120         connectionProtocol = (String JavaDoc) options.get(CONNECTION_PROTOCOL);
121         authentication = (String JavaDoc) options.get(AUTHENTICATION);
122
123         adminBase = (String JavaDoc) options.get(ADMIN_BASE);
124         adminAttribute = (String JavaDoc) options.get(ADMIN_ATTRIBUTE);
125         readBase = (String JavaDoc) options.get(READ_BASE);
126         readAttribute = (String JavaDoc) options.get(READ_ATTRIBUTE);
127         writeBase = (String JavaDoc) options.get(WRITE_BASE);
128         writeAttribute = (String JavaDoc) options.get(WRITE_ATTRIBUTE);
129
130         String JavaDoc topicSearchMatching = (String JavaDoc) options.get(TOPIC_SEARCH_MATCHING);
131         String JavaDoc topicSearchSubtree = (String JavaDoc) options.get(TOPIC_SEARCH_SUBTREE);
132         String JavaDoc queueSearchMatching = (String JavaDoc) options.get(QUEUE_SEARCH_MATCHING);
133         String JavaDoc queueSearchSubtree = (String JavaDoc) options.get(QUEUE_SEARCH_SUBTREE);
134         topicSearchMatchingFormat = new MessageFormat JavaDoc(topicSearchMatching);
135         queueSearchMatchingFormat = new MessageFormat JavaDoc(queueSearchMatching);
136         topicSearchSubtreeBool = new Boolean JavaDoc(topicSearchSubtree).booleanValue();
137         queueSearchSubtreeBool = new Boolean JavaDoc(queueSearchSubtree).booleanValue();
138     }
139
140     public Set JavaDoc getTempDestinationAdminACLs() {
141         //TODO insert implementation
142
143         return null;
144     }
145     
146     public Set JavaDoc getTempDestinationReadACLs() {
147         // TODO insert implementation
148 return null;
149     }
150     
151     public Set JavaDoc getTempDestinationWriteACLs() {
152         // TODO insert implementation
153 return null;
154     }
155     
156     public Set JavaDoc getAdminACLs(ActiveMQDestination destination) {
157         return getACLs(destination, adminBase, adminAttribute);
158     }
159
160     public Set JavaDoc getReadACLs(ActiveMQDestination destination) {
161         return getACLs(destination, readBase, readAttribute);
162     }
163
164     public Set JavaDoc getWriteACLs(ActiveMQDestination destination) {
165         return getACLs(destination, writeBase, writeAttribute);
166     }
167
168     // Properties
169 // -------------------------------------------------------------------------
170
171     public String JavaDoc getAdminAttribute() {
172         return adminAttribute;
173     }
174
175     public void setAdminAttribute(String JavaDoc adminAttribute) {
176         this.adminAttribute = adminAttribute;
177     }
178
179     public String JavaDoc getAdminBase() {
180         return adminBase;
181     }
182
183     public void setAdminBase(String JavaDoc adminBase) {
184         this.adminBase = adminBase;
185     }
186
187     public String JavaDoc getAuthentication() {
188         return authentication;
189     }
190
191     public void setAuthentication(String JavaDoc authentication) {
192         this.authentication = authentication;
193     }
194
195     public String JavaDoc getConnectionPassword() {
196         return connectionPassword;
197     }
198
199     public void setConnectionPassword(String JavaDoc connectionPassword) {
200         this.connectionPassword = connectionPassword;
201     }
202
203     public String JavaDoc getConnectionProtocol() {
204         return connectionProtocol;
205     }
206
207     public void setConnectionProtocol(String JavaDoc connectionProtocol) {
208         this.connectionProtocol = connectionProtocol;
209     }
210
211     public String JavaDoc getConnectionURL() {
212         return connectionURL;
213     }
214
215     public void setConnectionURL(String JavaDoc connectionURL) {
216         this.connectionURL = connectionURL;
217     }
218
219     public String JavaDoc getConnectionUsername() {
220         return connectionUsername;
221     }
222
223     public void setConnectionUsername(String JavaDoc connectionUsername) {
224         this.connectionUsername = connectionUsername;
225     }
226
227     public DirContext JavaDoc getContext() {
228         return context;
229     }
230
231     public void setContext(DirContext JavaDoc context) {
232         this.context = context;
233     }
234
235     public String JavaDoc getInitialContextFactory() {
236         return initialContextFactory;
237     }
238
239     public void setInitialContextFactory(String JavaDoc initialContextFactory) {
240         this.initialContextFactory = initialContextFactory;
241     }
242
243     public MessageFormat JavaDoc getQueueSearchMatchingFormat() {
244         return queueSearchMatchingFormat;
245     }
246
247     public void setQueueSearchMatchingFormat(MessageFormat JavaDoc queueSearchMatchingFormat) {
248         this.queueSearchMatchingFormat = queueSearchMatchingFormat;
249     }
250
251     public boolean isQueueSearchSubtreeBool() {
252         return queueSearchSubtreeBool;
253     }
254
255     public void setQueueSearchSubtreeBool(boolean queueSearchSubtreeBool) {
256         this.queueSearchSubtreeBool = queueSearchSubtreeBool;
257     }
258
259     public String JavaDoc getReadAttribute() {
260         return readAttribute;
261     }
262
263     public void setReadAttribute(String JavaDoc readAttribute) {
264         this.readAttribute = readAttribute;
265     }
266
267     public String JavaDoc getReadBase() {
268         return readBase;
269     }
270
271     public void setReadBase(String JavaDoc readBase) {
272         this.readBase = readBase;
273     }
274
275     public MessageFormat JavaDoc getTopicSearchMatchingFormat() {
276         return topicSearchMatchingFormat;
277     }
278
279     public void setTopicSearchMatchingFormat(MessageFormat JavaDoc topicSearchMatchingFormat) {
280         this.topicSearchMatchingFormat = topicSearchMatchingFormat;
281     }
282
283     public boolean isTopicSearchSubtreeBool() {
284         return topicSearchSubtreeBool;
285     }
286
287     public void setTopicSearchSubtreeBool(boolean topicSearchSubtreeBool) {
288         this.topicSearchSubtreeBool = topicSearchSubtreeBool;
289     }
290
291     public String JavaDoc getWriteAttribute() {
292         return writeAttribute;
293     }
294
295     public void setWriteAttribute(String JavaDoc writeAttribute) {
296         this.writeAttribute = writeAttribute;
297     }
298
299     public String JavaDoc getWriteBase() {
300         return writeBase;
301     }
302
303     public void setWriteBase(String JavaDoc writeBase) {
304         this.writeBase = writeBase;
305     }
306
307     // Implementation methods
308 // -------------------------------------------------------------------------
309 protected Set JavaDoc getACLs(ActiveMQDestination destination, String JavaDoc roleBase, String JavaDoc roleAttribute) {
310         try {
311             context = open();
312         }
313         catch (NamingException JavaDoc e) {
314             log.error(e);
315             return new HashSet JavaDoc();
316         }
317
318         // if ((destination.getDestinationType() &
319 // (ActiveMQDestination.QUEUE_TYPE | ActiveMQDestination.TOPIC_TYPE)) !=
320 // 0)
321 // return new HashSet();
322
323         String JavaDoc destinationBase = "";
324         SearchControls JavaDoc constraints = new SearchControls JavaDoc();
325
326         if ((destination.getDestinationType() & ActiveMQDestination.QUEUE_TYPE) == ActiveMQDestination.QUEUE_TYPE) {
327             destinationBase = queueSearchMatchingFormat.format(new String JavaDoc[] { destination.getPhysicalName() });
328             if (queueSearchSubtreeBool) {
329                 constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
330             }
331             else {
332                 constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
333             }
334         }
335         if ((destination.getDestinationType() & ActiveMQDestination.TOPIC_TYPE) == ActiveMQDestination.TOPIC_TYPE) {
336             destinationBase = topicSearchMatchingFormat.format(new String JavaDoc[] { destination.getPhysicalName() });
337             if (topicSearchSubtreeBool) {
338                 constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
339             }
340             else {
341                 constraints.setSearchScope(SearchControls.ONELEVEL_SCOPE);
342             }
343         }
344
345         constraints.setReturningAttributes(new String JavaDoc[] { roleAttribute });
346
347         try {
348             Set JavaDoc roles = new HashSet JavaDoc();
349             Set JavaDoc acls = new HashSet JavaDoc();
350             NamingEnumeration JavaDoc results = context.search(destinationBase, roleBase, constraints);
351             while (results.hasMore()) {
352                 SearchResult JavaDoc result = (SearchResult JavaDoc) results.next();
353                 Attributes JavaDoc attrs = result.getAttributes();
354                 if (attrs == null) {
355                     continue;
356                 }
357                 acls = addAttributeValues(roleAttribute, attrs, acls);
358             }
359             for (Iterator JavaDoc iter = acls.iterator(); iter.hasNext();) {
360                 String JavaDoc roleName = (String JavaDoc) iter.next();
361                 roles.add(new GroupPrincipal(roleName));
362             }
363             return roles;
364         }
365         catch (NamingException JavaDoc e) {
366             log.error(e);
367             return new HashSet JavaDoc();
368         }
369     }
370
371     protected Set JavaDoc addAttributeValues(String JavaDoc attrId, Attributes JavaDoc attrs, Set JavaDoc values) throws NamingException JavaDoc {
372         if (attrId == null || attrs == null) {
373             return values;
374         }
375         if (values == null) {
376             values = new HashSet JavaDoc();
377         }
378         Attribute JavaDoc attr = attrs.get(attrId);
379         if (attr == null) {
380             return (values);
381         }
382         NamingEnumeration JavaDoc e = attr.getAll();
383         while (e.hasMore()) {
384             String JavaDoc value = (String JavaDoc) e.next();
385             values.add(value);
386         }
387         return values;
388     }
389
390     protected DirContext JavaDoc open() throws NamingException JavaDoc {
391         if (context != null) {
392             return context;
393         }
394
395         try {
396             Hashtable JavaDoc env = new Hashtable JavaDoc();
397             env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
398             if (connectionUsername != null || !"".equals(connectionUsername)) {
399                 env.put(Context.SECURITY_PRINCIPAL, connectionUsername);
400             }
401             if (connectionPassword != null || !"".equals(connectionPassword)) {
402                 env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
403             }
404             env.put(Context.SECURITY_PROTOCOL, connectionProtocol);
405             env.put(Context.PROVIDER_URL, connectionURL);
406             env.put(Context.SECURITY_AUTHENTICATION, authentication);
407             context = new InitialDirContext JavaDoc(env);
408
409         }
410         catch (NamingException JavaDoc e) {
411             log.error(e);
412             throw e;
413         }
414         return context;
415     }
416
417 }
418
Popular Tags