JNDIBasicAuthorizationModule


1   /* ===============================================================================
2    *
3    * Part of the InfoGlue Content Management Platform (www.infoglue.org)
4    *
5    * ===============================================================================
6    *
7    *  Copyright (C)
8    * 
9    * This program is free software; you can redistribute it and/or modify it under
10   * the terms of the GNU General Public License version 2, as published by the
11   * Free Software Foundation. See the file LICENSE.html for more information.
12   * 
13   * This program is distributed in the hope that it will be useful, but WITHOUT
14   * ANY WARRANTY, including the implied warranty of MERCHANTABILITY or FITNESS
15   * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
16   * 
17   * You should have received a copy of the GNU General Public License along with
18   * this program; if not, write to the Free Software Foundation, Inc. / 59 Temple
19   * Place, Suite 330 / Boston, MA 02111-1307 / USA.
20   *
21   * ===============================================================================
22   */
23  
24  package org.infoglue.cms.security;
25  
26  import java.io.Serializable  ;
27  import java.util.ArrayList  ;
28  import java.util.Collection  ;
29  import java.util.HashMap  ;
30  import java.util.Hashtable  ;
31  import java.util.Iterator  ;
32  import java.util.List  ;
33  import java.util.Map  ;
34  import java.util.Properties  ;
35  
36  import javax.naming.Context  ;
37  import javax.naming.InitialContext  ;
38  import javax.naming.NamingEnumeration  ;
39  import javax.naming.NamingException  ;
40  import javax.naming.directory.Attribute  ;
41  import javax.naming.directory.Attributes  ;
42  import javax.naming.directory.DirContext  ;
43  import javax.naming.directory.InitialDirContext  ;
44  import javax.naming.directory.SearchControls  ;
45  import javax.naming.directory.SearchResult  ;
46  import javax.naming.ldap.Control  ;
47  import javax.naming.ldap.HasControls  ;
48  import javax.naming.ldap.InitialLdapContext  ;
49  import javax.naming.ldap.LdapContext  ;
50  import javax.naming.ldap.PagedResultsControl  ;
51  import javax.naming.ldap.PagedResultsResponseControl  ;
52  import javax.naming.ldap.SortControl  ;
53  
54  import org.apache.log4j.Logger;
55  import org.infoglue.cms.entities.management.GroupVO;
56  import org.infoglue.cms.entities.management.LanguageVO;
57  import org.infoglue.cms.entities.management.RoleVO;
58  import org.infoglue.cms.entities.management.SystemUserVO;
59  import org.infoglue.cms.exception.Bug;
60  import org.infoglue.cms.exception.SystemException;
61  import org.infoglue.cms.util.CmsPropertyHandler;
62  import org.infoglue.deliver.util.CacheController;
63  
64  /**
65   * @author Mattias Bogeblad
66   *
67   * This authentication module authenticates an user against the ordinary infoglue database.
68   */
69  
70  public class JNDIBasicAuthorizationModule implements AuthorizationModule, Serializable  
71  {
72      private final static Logger logger = Logger.getLogger(JNDIBasicAuthorizationModule.class.getName());
73  
74      protected Properties   extraProperties = null;
75      
76      /**
77       * Gets is the implementing class can update as well as read 
78       */
79      
80      public boolean getSupportUpdate() 
81      {
82          return false;
83      }
84      
85      /**
86       * Gets is the implementing class can delete as well as read 
87       */
88      
89      public boolean getSupportDelete()
90      {
91          return false;
92      }
93      
94      /**
95       * Gets is the implementing class can create as well as read 
96       */
97      
98      public boolean getSupportCreate()
99      {
100         return false;
101     }
102     
103     /**
104      * This method gets a Context - either by an anonymous bind or a real bind
105      */
106     
107     public DirContext   getContext() throws Exception  
108     {
109         String   connectionURL        = this.extraProperties.getProperty("connectionURL");
110         String   ldapVersion          = this.extraProperties.getProperty("ldapVersion");
111         String   socketFactory        = this.extraProperties.getProperty("socketFactory");
112         String   authenticationMethod = this.extraProperties.getProperty("authenticationMethod");
113         String   connectionName       = this.extraProperties.getProperty("connectionName");
114         String   connectionPassword   = this.extraProperties.getProperty("connectionPassword");
115 
116         // Create a Hashtable object.
117         Hashtable   env = new Hashtable  ();
118         
119         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
120 
121         env.put(Context.PROVIDER_URL, connectionURL);
122         if(ldapVersion != null && !ldapVersion.equals("3"))
123             env.put("java.naming.ldap.version", ldapVersion);       
124         else
125             env.put("java.naming.ldap.version", "3"); 
126         
127         if(socketFactory != null && !socketFactory.equals(""))
128             env.put("java.naming.ldap.factory.socket", "org.infoglue.cms.security.DummySSLSocketFactory");
129         
130         if(authenticationMethod != null && authenticationMethod.equals("none"))
131         {
132             env.put(Context.SECURITY_AUTHENTICATION, "none");
133         }
134         else
135         {
136             env.put(Context.SECURITY_AUTHENTICATION, "simple");
137             env.put(Context.SECURITY_PRINCIPAL, connectionName);
138             env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
139         }
140                 
141         DirContext   ctx = new InitialDirContext  (env); 
142         
143         return ctx;
144     }
145 
146     /**
147      * This method gets a Context - either by an anonymous bind or a real bind
148      */
149     
150     public DirContext   getContext(Control  [] controls) throws Exception  
151     {
152         String   connectionURL        = this.extraProperties.getProperty("connectionURL");
153         String   ldapVersion          = this.extraProperties.getProperty("ldapVersion");
154         String   socketFactory        = this.extraProperties.getProperty("socketFactory");
155         String   authenticationMethod = this.extraProperties.getProperty("authenticationMethod");
156         String   connectionName       = this.extraProperties.getProperty("connectionName");
157         String   connectionPassword   = this.extraProperties.getProperty("connectionPassword");
158 
159         // Create a Hashtable object.
160         Hashtable   env = new Hashtable  ();
161         
162         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
163 
164         env.put(Context.PROVIDER_URL, connectionURL);
165         if(ldapVersion != null && !ldapVersion.equals("3"))
166             env.put("java.naming.ldap.version", ldapVersion);       
167         else
168             env.put("java.naming.ldap.version", "3"); 
169         
170         if(socketFactory != null && !socketFactory.equals(""))
171             env.put("java.naming.ldap.factory.socket", "org.infoglue.cms.security.DummySSLSocketFactory");
172         
173         if(authenticationMethod != null && authenticationMethod.equals("none"))
174         {
175             env.put(Context.SECURITY_AUTHENTICATION, "none");
176         }
177         else
178         {
179             env.put(Context.SECURITY_AUTHENTICATION, "simple");
180             env.put(Context.SECURITY_PRINCIPAL, connectionName);
181             env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
182         }
183                 
184         DirContext   ctx = new InitialLdapContext  (env, controls); 
185         
186         return ctx;
187     }
188 
189     /**
190      * Gets an authorized InfoGluePrincipal 
191      */
192     
193     public InfoGluePrincipal getAuthorizedInfoGluePrincipal(String   userName) throws Exception  
194     {
195         InfoGluePrincipal infogluePrincipal = null;
196         
197         String   administratorUserName = CmsPropertyHandler.getAdministratorUserName();
198         String   administratorEmail    = CmsPropertyHandler.getAdministratorEmail();
199         //String administratorUserName = CmsPropertyHandler.getProperty("administratorUserName");
200         //String administratorEmail      = CmsPropertyHandler.getProperty("administratorEmail");
201         
202         final boolean isAdministrator = userName.equalsIgnoreCase(administratorUserName) ? true : false;
203         if(isAdministrator)
204         {
205             infogluePrincipal = new InfoGluePrincipal(userName, "System", "Administrator", administratorEmail, new ArrayList  (), new ArrayList  (), isAdministrator, this);
206         }
207         else
208         {   
209             DirContext   ctx = getContext();
210             
211             Map   userAttributes = getUserAttributes(userName, ctx);
212             List   roles = getRoles(userName, ctx);
213             List   groups = getGroups(userName, ctx);
214             
215             infogluePrincipal = new InfoGluePrincipal(userName, (String  )userAttributes.get("firstName"), (String  )userAttributes.get("lastName"), (String  )userAttributes.get("mail"), roles, groups, isAdministrator, this);
216             
217             ctx.close();
218         }
219         
220         return infogluePrincipal;
221     }
222 
223     /**
224      * Gets an authorized InfoGlueRole.
225      */
226     
227     public InfoGlueRole getAuthorizedInfoGlueRole(String   roleName) throws Exception  
228     {
229         InfoGlueRole role = null;
230         
231         DirContext   ctx = getContext();
232         
233         role = getAuthorizedInfoGlueRole(roleName, ctx);
234         
235         ctx.close();
236         
237         return role;
238     }
239     
240     /**
241      * Gets an authorized InfoGlueRole.
242      */
243     
244     public InfoGlueRole getAuthorizedInfoGlueRole(String   roleName, DirContext   ctx) throws Exception  
245     {
246         logger.info("\n\n\n ---------- getAuthorizedInfoGlueRole starting ---------\n\n\n");
247         
248         InfoGlueRole infoglueRole = null;
249 
250         String   roleBase             = this.extraProperties.getProperty("roleBase").toLowerCase().trim();
251         String   rolesFilter          = this.extraProperties.getProperty("rolesFilter");
252         String   rolesAttributeFilter = this.extraProperties.getProperty("rolesAttributesFilter");
253         String   roleNameAttribute    = this.extraProperties.getProperty("roleNameAttribute");
254         String   roleSearchScope      = this.extraProperties.getProperty("roleSearchScope");
255 
256         try 
257         {
258             logger.info("Connected...");
259 
260             String   baseDN = roleBase;
261             String   searchFilter = "(cn=" + roleName + ")";
262             if(roleName.indexOf("cn=") > -1)
263                 searchFilter = "(" + roleName + ")";
264                 
265             logger.info("searchFilter:" + searchFilter);
266             logger.info("roleSearchScope:" + roleSearchScope);
267             
268             String   rolesAttribute = "distinguishedName";
269             if(rolesAttributeFilter != null && rolesAttributeFilter.length() > 0)
270                 rolesAttribute = rolesAttributeFilter;
271     
272             String  [] attrID = rolesAttribute.split(",");
273             logger.info("attrID:" + attrID);
274             
275             SearchControls   ctls = new SearchControls  (); 
276 
277             int roleSearchScopeInt = SearchControls.SUBTREE_SCOPE;
278             if(roleSearchScope != null && roleSearchScope.equalsIgnoreCase("ONELEVEL_SCOPE"))
279                 roleSearchScopeInt = SearchControls.ONELEVEL_SCOPE;
280             else if(roleSearchScope != null && roleSearchScope.equalsIgnoreCase("OBJECT_SCOPE"))
281                 roleSearchScopeInt = SearchControls.OBJECT_SCOPE;
282                 
283             ctls.setSearchScope(roleSearchScopeInt);
284             ctls.setReturningAttributes(attrID);
285     
286             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
287 
288             if(!answer.hasMore())
289                 throw new Exception  ("The was no groups found in the JNDI Data Source.");
290         
291             logger.info("-----------------------\n");
292             while (answer.hasMore()) 
293             {
294                 SearchResult   sr = (SearchResult  )answer.next();
295                 logger.info("Role:" + sr.toString() + "\n");
296                 
297                 Attributes   attributes = sr.getAttributes();
298                 logger.info("attributes:" + attributes.toString());
299                 logger.info("roleNameAttribute:" + roleNameAttribute);
300                 Attribute   attribute = attributes.get(roleNameAttribute);
301                 logger.info("attribute:" + attribute.toString());
302                 NamingEnumeration   allEnum = attribute.getAll();
303                 while(allEnum.hasMore())
304                 {
305                     String   roleNameCandidate = (String  )allEnum.next();
306                     logger.info("roleNameCandidate:" + roleNameCandidate);
307                     
308                     infoglueRole = new InfoGlueRole(roleNameCandidate, "Not available from JNDI-source", this);
309                 }
310                 
311             } 
312             logger.info("-----------------------\n");
313         }
314         catch (Exception   e) 
315         {
316             logger.info("Could not find Role: " + e.getMessage());
317         }
318 
319         return infoglueRole;
320     }
321 
322     /**
323      * Gets an authorized InfoGlueGroup.
324      */
325     
326     public InfoGlueGroup getAuthorizedInfoGlueGroup(String   groupName) throws Exception  
327     {
328         InfoGlueGroup group = null;
329         
330         DirContext   ctx = getContext();
331         
332         group = getAuthorizedInfoGlueGroup(groupName, ctx);
333         
334         ctx.close();
335         
336         return group;
337     }
338     
339     /**
340      * Gets an authorized InfoGlueGroup.
341      */
342     
343     public InfoGlueGroup getAuthorizedInfoGlueGroup(String   groupName, DirContext   ctx) throws Exception  
344     {
345         logger.info("\n\n\n ---------- getAuthorizedInfoGlueGroup starting ---------\n\n\n");
346         
347         InfoGlueGroup infoglueGroup = null;
348 
349         String   groupBase            = this.extraProperties.getProperty("groupBase").toLowerCase().trim();
350         String   groupsFilter             = this.extraProperties.getProperty("groupsFilter");
351         String   groupsAttributeFilter = this.extraProperties.getProperty("groupsAttributesFilter");
352         String   groupNameAttribute   = this.extraProperties.getProperty("groupNameAttribute");
353         String   groupSearchScope         = this.extraProperties.getProperty("groupSearchScope");
354 
355         try 
356         {
357             logger.info("Connected...");
358 
359             String   baseDN = groupBase;
360             String   searchFilter = "(cn=" + groupName + ")";
361             if(groupName.indexOf("cn=") > -1)
362                 searchFilter = "(" + groupName + ")";
363                 
364             logger.info("searchFilter:" + searchFilter);
365             logger.info("baseDN:" + baseDN);
366             logger.info("groupSearchScope:" + groupSearchScope);
367             
368             String   groupsAttribute = "distinguishedName";
369             if(groupsAttributeFilter != null && groupsAttributeFilter.length() > 0)
370                 groupsAttribute = groupsAttributeFilter;
371     
372             String  [] attrID = groupsAttribute.split(",");
373             logger.info("attrID:" + attrID);
374             
375             SearchControls   ctls = new SearchControls  (); 
376 
377             int groupSearchScopeInt = SearchControls.SUBTREE_SCOPE;
378             if(groupSearchScope != null && groupSearchScope.equalsIgnoreCase("ONELEVEL_SCOPE"))
379                 groupSearchScopeInt = SearchControls.ONELEVEL_SCOPE;
380             else if(groupSearchScope != null && groupSearchScope.equalsIgnoreCase("OBJECT_SCOPE"))
381                 groupSearchScopeInt = SearchControls.OBJECT_SCOPE;
382                 
383             ctls.setSearchScope(groupSearchScopeInt);
384             ctls.setReturningAttributes(attrID);
385     
386             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
387 
388             if(!answer.hasMore())
389             {
390                 throw new Exception  ("The was no groups found in the JNDI Data Source.");
391             }
392             
393             logger.info("-----------------------\n");
394             while (answer.hasMore()) 
395             {
396                 SearchResult   sr = (SearchResult  )answer.next();
397                 logger.info("Group:" + sr.toString() + "\n");
398                 
399                 Attributes   attributes = sr.getAttributes();
400                 logger.info("attributes:" + attributes.toString());
401                 logger.info("groupNameAttribute:" + groupNameAttribute);
402                 Attribute   attribute = attributes.get(groupNameAttribute);
403                 logger.info("attribute:" + attribute.toString());
404                 NamingEnumeration   allEnum = attribute.getAll();
405                 while(allEnum.hasMore())
406                 {
407                     String   groupNameCandidate = (String  )allEnum.next();
408                     logger.info("groupNameCandidate:" + groupNameCandidate);
409                     
410                     infoglueGroup = new InfoGlueGroup(groupNameCandidate, "Not available from JNDI-source", this);
411                 }
412                 
413             } 
414             logger.info("-----------------------\n");
415         }
416         catch (Exception   e) 
417         {
418             logger.info("Could not find Group: " + e.getMessage());
419         }
420 
421         return infoglueGroup;
422     }
423 
424     /**
425      * This method gets a users roles
426      */
427     
428     public List   authorizeUser(String   userName) throws Exception  
429     {
430         return getRoles(userName);
431     }
432 
433 
434     /**
435      * Returns an attribute set which this user has. 
436      *
437      * @param context The directory context we are searching
438      * @param user The User to be checked
439      *
440      * @exception NamingException if a directory server error occurs
441      */
442     
443     protected Map   getUserAttributes(String   userName) throws NamingException  , Exception  
444     {
445         Map   attributes = null;
446         
447         DirContext   ctx = getContext();
448         attributes = getUserAttributes(userName, getContext());
449         
450         ctx.close();
451         
452         return attributes;
453     }
454     
455     /**
456      * Returns an attribute set which this user has. 
457      *
458      * @param context The directory context we are searching
459      * @param user The User to be checked
460      *
461      * @exception NamingException if a directory server error occurs
462      */
463     
464     protected Map   getUserAttributes(String   userName, DirContext   ctx) throws NamingException  , Exception  
465     {
466         logger.info("userName:" + userName);
467         
468         Map   userAttributes = new HashMap  ();
469         
470         String   roleBase             = this.extraProperties.getProperty("roleBase");
471         String   userBase             = this.extraProperties.getProperty("userBase");
472         String   userSearch           = this.extraProperties.getProperty("userSearch");
473         String   userAttributesFilter = this.extraProperties.getProperty("userAttributesFilter");
474         
475         String   userNameAttributeFilter  = this.extraProperties.getProperty("userNameAttributeFilter", "name");
476         String   userFirstNameAttributeFilter = this.extraProperties.getProperty("userFirstNameAttributeFilter", "givenName");
477         String   userLastNameAttributeFilter  = this.extraProperties.getProperty("userLastNameAttributeFilter", "sn");
478         String   userMailAttributeFilter  = this.extraProperties.getProperty("userMailAttributeFilter", "mail");
479         String   memberOfAttributeFilter  = this.extraProperties.getProperty("memberOfAttributeFilter", "memberOf");
480         String   roleFilter               = this.extraProperties.getProperty("roleFilter", "InfoGlue");
481                 
482         try 
483         {
484             String   baseDN = userBase;
485             
486             String   anonymousUserName = CmsPropertyHandler.getAnonymousUser();
487             if(userName.equals(anonymousUserName))
488             {
489                 baseDN = this.extraProperties.getProperty("anonymousUserBase");
490             }
491 
492             String   searchFilter = "(CN=" + userName +")";
493             if(userSearch != null && userSearch.length() > 0)
494                 searchFilter = userSearch.replaceAll("\\{1\\}", userName);
495             
496             String   attributesFilter = "name, givenName, sn, mail, memberOf";
497             if(userAttributesFilter != null && userAttributesFilter.length() > 0)
498                 attributesFilter = userAttributesFilter;
499             
500             String  [] attrID = attributesFilter.split(",");
501             String  [] userMailAttributeFilterAttributeId = userMailAttributeFilter.split(",");
502             
503             logger.info("baseDN:" + baseDN);
504             logger.info("searchFilter:" + searchFilter);
505             logger.info("attrID" + attrID);
506                         
507             SearchControls   ctls = new SearchControls  (); 
508             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
509             ctls.setReturningAttributes(attrID);
510             
511             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
512             if(!answer.hasMore())
513                 throw new Exception  ("The user with userName=" + userName + " was not found in the JNDI Data Source.");
514                 
515             while (answer.hasMore()) 
516             {
517                 SearchResult   sr = (SearchResult  )answer.next();
518                 logger.info("Person:" + sr.toString() + "\n");
519                 Attributes   attributes = sr.getAttributes();
520                 logger.info("attributes:" + attributes + "\n");
521                 
522                 for(int i=0; i<attrID.length; i++)
523                 {
524                     logger.info("attrID[i]:" + attrID[i]);
525                     Attribute   attribute = attributes.get(attrID[i]);
526                     if(attribute == null && !attrID[i].equals("mail"))
527                     {
528                         throw new Exception  ("The attribute " + attrID[i] + " was not found among the user attributes. [" + attributes + "]");
529                     }
530                     
531                     if(attribute != null)
532                     {
533                         logger.info("attribute:" + attribute.toString());
534                         NamingEnumeration   allEnum = attribute.getAll();
535                         while(allEnum.hasMore())
536                         {
537                             String   value = (String  )allEnum.next();
538                             logger.info("value:" + value);
539                             userAttributes.put(attrID[i], value);
540                         }
541                     }
542                 }   
543                 
544                 Attribute   userNameAttribute = attributes.get(userNameAttributeFilter);
545                 logger.info("userNameAttribute:" + userNameAttribute.toString());
546                 Attribute   userFirstNameAttribute = attributes.get(userFirstNameAttributeFilter);
547                 logger.info("userFirstNameAttribute:" + userFirstNameAttribute.toString());
548                 Attribute   userLastNameAttribute = attributes.get(userLastNameAttributeFilter);
549                 logger.info("userLastNameAttribute:" + userLastNameAttribute.toString());
550                 
551                 Attribute   userMailAttribute = null;
552                 for(int i=0; i<userMailAttributeFilterAttributeId.length; i++)
553                 {
554                     userMailAttribute = attributes.get(userMailAttributeFilterAttributeId[i]);
555                     if(userMailAttribute != null)
556                         break;
557                 }
558                 
559                 //Attribute userMailAttribute = attributes.get(userMailAttributeFilter);
560                 logger.info("userMailAttribute:" + userMailAttribute.toString());
561                 
562                 userAttributes.put("firstName", userFirstNameAttribute.get().toString());
563                 userAttributes.put("lastName", userLastNameAttribute.get().toString());
564                 userAttributes.put("mail", userMailAttribute.get().toString());
565                 //userAttributes.put("firstName", userFirstNameAttribute);
566                 //Attribute memberOfAttribute = attributes.get(memberOfAttributeFilter);
567                 //logger.info("memberOfAttribute:" + memberOfAttribute.toString());
568 
569             } 
570         }
571         catch (Exception   e) 
572         {
573             logger.warn(e);
574             throw e;
575         }
576 
577         return userAttributes;
578     }
579 
580     /**
581      * Return a List of roles associated with the given User. Any
582      * roles present in the user's directory entry are supplemented by
583      * a directory search. If no roles are associated with this user,
584      * a zero-length List is returned.
585      *
586      * @param context The directory context we are searching
587      * @param user The User to be checked
588      *
589      * @exception NamingException if a directory server error occurs
590      */
591     
592     protected List   getRoles(String   userName) throws NamingException  , Exception   
593     {
594         List   roles = null;
595         
596         DirContext   ctx = getContext();
597         
598         roles = getRoles(userName, ctx);
599     
600         ctx.close();
601         
602         return roles;
603     }
604     
605     /**
606      * Return a List of roles associated with the given User. Any
607      * roles present in the user's directory entry are supplemented by
608      * a directory search. If no roles are associated with this user,
609      * a zero-length List is returned.
610      *
611      * @param context The directory context we are searching
612      * @param user The User to be checked
613      *
614      * @exception NamingException if a directory server error occurs
615      */
616     
617     protected List   getRoles(String   userName, DirContext   ctx) throws NamingException  , Exception   
618     {
619         logger.info("**************************************************");
620         logger.info("*In JNDI version                                *");
621         logger.info("**************************************************");
622         logger.info("userName:" + userName);
623         
624         List   roles = new ArrayList  ();
625         List   allRoles = getRoles(ctx);
626 
627         String   roleBase             = this.extraProperties.getProperty("roleBase").toLowerCase().trim();
628         String   userBase             = this.extraProperties.getProperty("userBase").toLowerCase().trim();
629         String   userSearch           = this.extraProperties.getProperty("userSearch");
630         String   memberOfAttribute    = this.extraProperties.getProperty("memberOfAttributeFilter");
631         String   rolesAttributeFilter = this.extraProperties.getProperty("rolesAttributesFilter");
632         String   roleNameAttribute    = this.extraProperties.getProperty("roleNameAttribute");
633         String   roleFilter           = this.extraProperties.getProperty("roleFilter", "InfoGlue");
634         String   removeRoleBaseDN     = this.extraProperties.getProperty("removeRoleBaseDN", "true");
635         
636         try 
637         {
638             String   baseDN = userBase;
639             
640             String   anonymousUserName = CmsPropertyHandler.getAnonymousUser();
641             if(userName.equals(anonymousUserName))
642             {
643                 baseDN = this.extraProperties.getProperty("anonymousUserBase");
644             }
645 
646             String   searchFilter = "(CN=" + userName +")";
647             if(userSearch != null && userSearch.length() > 0)
648                 searchFilter = userSearch.replaceAll("\\{1\\}", userName);
649             searchFilter = searchFilter.toLowerCase().trim();
650             
651             String   memberOfAttributeFilter = "memberOf";
652             if(memberOfAttribute != null && memberOfAttribute.length() > 0)
653                 memberOfAttributeFilter = memberOfAttribute;
654             memberOfAttributeFilter = memberOfAttributeFilter.toLowerCase().trim();
655             
656             String  [] attrID = memberOfAttributeFilter.split(",");
657             
658             String   rolesAttribute = "distinguishedName";
659             if(rolesAttributeFilter != null && rolesAttributeFilter.length() > 0)
660                 rolesAttribute = rolesAttributeFilter;
661             rolesAttribute = rolesAttribute.toLowerCase().trim();
662 
663             logger.info("baseDN:" + baseDN);
664             logger.info("searchFilter:" + searchFilter);
665             logger.info("attrID" + attrID);
666             logger.info("roleBase:" + roleBase);
667 
668             SearchControls   ctls = new SearchControls  (); 
669             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
670             ctls.setReturningAttributes(attrID);
671             
672             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
673             if(!answer.hasMore())
674                 throw new Exception  ("The user with userName=" + userName + " was not found in the JNDI Data Source.");
675             
676             while (answer.hasMore()) 
677             {
678                 SearchResult   sr = (SearchResult  )answer.next();
679                 logger.info("Person:" + sr.toString() + "\n");
680                 Attributes   attributes = sr.getAttributes();
681                 
682                 Attribute   attribute = attributes.get(memberOfAttributeFilter);
683                 logger.info("..................attribute:" + attribute.toString());
684                 NamingEnumeration   allEnum = attribute.getAll();
685                 while(allEnum.hasMore())
686                 {
687                     Object   roleNameObject = allEnum.next();
688                     
689                     String   fullRoleName = roleNameObject.toString().toLowerCase().trim();
690                     String   roleName = fullRoleName;
691                     logger.info("roleName:" + fullRoleName);
692                     
693                     logger.info("indexOf:" + fullRoleName.indexOf(roleBase));
694                     if(roleBase != null && fullRoleName.indexOf(roleBase) > -1 && removeRoleBaseDN.equals("true"))
695                     {
696                         roleName = roleName.substring(0, roleName.indexOf(roleBase));
697                         roleName = roleName.substring(0, roleName.lastIndexOf(","));
698                     }
699                     else
700                     {
701                         continue;
702                     }
703                     
704                     logger.info("roleNameAttribute:" + roleNameAttribute);
705                     logger.info("roleName:" + roleName);
706                     logger.info("indexOf:" + roleName.indexOf(roleNameAttribute));
707                     
708                     if(roleNameAttribute != null && roleName.indexOf(roleNameAttribute) > -1)
709                     {
710                         roleName = roleName.substring(roleName.indexOf(roleNameAttribute) + roleNameAttribute.length() + 1);
711                     }
712                     
713                     logger.info("*****************************");
714                     logger.info("roleName:" + roleName);
715                     logger.info("roleBase:" + roleBase);
716                     logger.info("*****************************");
717                     
718                     if(roleFilter.equalsIgnoreCase("*") || roleName.indexOf(roleFilter) > -1)
719                     {
720                         InfoGlueRole infoGlueRole = getAuthorizedInfoGlueRole(roleName, ctx);
721                         if(allRoles.contains(infoGlueRole))
722                         {
723                             //InfoGlueRole infoGlueRole = new InfoGlueRole(roleName, "Not available from JNDI-source");
724                             logger.info("Adding role.................:" + fullRoleName);
725                             roles.add(infoGlueRole);
726                         }
727                     }
728                 }
729                 
730             } 
731         }
732         catch (Exception   e) 
733         {
734             logger.warn("Could not find Group for empID: " + userName + e);
735             throw e;
736         }
737 
738         return roles;
739     }
740 
741     
742     /**
743      * Return a List of roles associated with the given User. Any
744      * roles present in the user's directory entry are supplemented by
745      * a directory search. If no roles are associated with this user,
746      * a zero-length List is returned.
747      *
748      * @param context The directory context we are searching
749      * @param user The User to be checked
750      *
751      * @exception NamingException if a directory server error occurs
752      */
753     
754     protected List   getGroups(String   userName) throws NamingException  , Exception   
755     {
756         List   groups = null;
757         
758         DirContext   ctx = getContext();
759         
760         groups = getGroups(userName, ctx);
761         
762         ctx.close();
763         
764         return groups;
765     }
766     
767     /**
768      * Return a List of roles associated with the given User. Any
769      * roles present in the user's directory entry are supplemented by
770      * a directory search. If no roles are associated with this user,
771      * a zero-length List is returned.
772      *
773      * @param context The directory context we are searching
774      * @param user The User to be checked
775      *
776      * @exception NamingException if a directory server error occurs
777      */
778     
779     protected List   getGroups(String   userName, DirContext   ctx) throws NamingException  , Exception   
780     {
781         logger.info("**************************************************");
782         logger.info("*In JNDI version                                 *");
783         logger.info("**************************************************");
784         logger.info("userName:" + userName);
785         
786         List   groups = new ArrayList  ();
787         List   allGroups = getGroups(ctx);
788         
789         String   groupBase            = this.extraProperties.getProperty("groupBase").toLowerCase().trim();;
790         String   userBase             = this.extraProperties.getProperty("userBase").toLowerCase().trim();;
791         String   userSearch           = this.extraProperties.getProperty("userSearch");
792         String   memberOfAttribute    = this.extraProperties.getProperty("memberOfAttributeFilter");
793         String   groupsAttributeFilter = this.extraProperties.getProperty("groupsAttributesFilter");
794         String   groupNameAttribute   = this.extraProperties.getProperty("groupNameAttribute");
795         String   groupFilter          = this.extraProperties.getProperty("groupFilter", "InfoGlue");
796         String   removeGroupBaseDN    = this.extraProperties.getProperty("removeGroupBaseDN", "true");
797 
798         logger.info("groupBase:" + groupBase);
799         logger.info("userBase:" + userBase);
800         
801         try 
802         {
803             String   baseDN = userBase;
804             
805             String   anonymousUserName = CmsPropertyHandler.getAnonymousUser();
806             if(userName.equals(anonymousUserName))
807             {
808                 baseDN = this.extraProperties.getProperty("anonymousUserBase");
809             }
810 
811             String   searchFilter = "(CN=" + userName +")";
812             if(userSearch != null && userSearch.length() > 0)
813                 searchFilter = userSearch.replaceAll("\\{1\\}", userName);
814             
815             String   memberOfAttributeFilter = "memberOf";
816             if(memberOfAttribute != null && memberOfAttribute.length() > 0)
817                 memberOfAttributeFilter = memberOfAttribute;
818             memberOfAttributeFilter = memberOfAttributeFilter.toLowerCase().trim();
819             
820             String  [] attrID = memberOfAttributeFilter.split(",");
821             
822             String   groupsAttribute = "distinguishedName";
823             if(groupsAttributeFilter != null && groupsAttributeFilter.length() > 0)
824                 groupsAttribute = groupsAttributeFilter;
825             groupsAttribute = groupsAttribute.toLowerCase().trim();
826             
827             logger.info("baseDN:" + baseDN);
828             logger.info("searchFilter:" + searchFilter);
829             logger.info("attrID" + attrID);
830             
831             SearchControls   ctls = new SearchControls  (); 
832             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
833             ctls.setReturningAttributes(attrID);
834             
835             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
836             if(!answer.hasMore())
837                 throw new Exception  ("The user with userName=" + userName + " was not found in the JNDI Data Source.");
838                 
839             while (answer.hasMore()) 
840             {
841                 SearchResult   sr = (SearchResult  )answer.next();
842                 logger.info("Person:" + sr.toString() + "\n");
843                 Attributes   attributes = sr.getAttributes();
844                 
845                 Attribute   attribute = attributes.get(memberOfAttributeFilter);
846                 logger.info("..................attribute:" + attribute.toString());
847                 NamingEnumeration   allEnum = attribute.getAll();
848                 while(allEnum.hasMore())
849                 {
850                     Object   groupNameObject = allEnum.next();
851                     
852                     String   fullGroupName = groupNameObject.toString().toLowerCase().trim();
853                     String   groupName = fullGroupName;
854                     logger.info("groupName:" + groupName);
855                     logger.info("groupBase:" + groupBase);
856                     logger.info("indexOf:" + groupName.indexOf(groupBase));
857                     if(groupBase != null && fullGroupName.indexOf(groupBase) > -1 && removeGroupBaseDN.equals("true"))
858                     {
859                         groupName = groupName.substring(0, groupName.indexOf(groupBase));
860                         groupName = groupName.substring(0, groupName.lastIndexOf(","));
861                     }
862                     else
863                     {
864                         continue;
865                     }
866 
867                     logger.info("groupNameAttribute:" + groupNameAttribute);
868                     logger.info("groupName:" + groupName);
869                     logger.info("indexOf:" + groupName.indexOf(groupNameAttribute));
870                     if(groupNameAttribute != null && groupName.indexOf(groupNameAttribute) > -1)
871                     {
872                         groupName = groupName.substring(groupName.indexOf(groupNameAttribute) + groupNameAttribute.length() + 1);
873                     }
874                     
875                     logger.info("groupName:" + groupName);
876                     if(groupFilter.equalsIgnoreCase("*") || groupName.indexOf(groupFilter) > -1)
877                     {
878                         InfoGlueGroup infoGlueGroup = getAuthorizedInfoGlueGroup(groupName, ctx);
879                         if(allGroups.contains(infoGlueGroup))
880                         {
881                             logger.info("Adding group.................:" + groupName);
882                             groups.add(infoGlueGroup);
883                         }
884                     }
885                 }
886                 
887             } 
888         }
889         catch (Exception   e) 
890         {
891             logger.info("Could not find Group for empID: " +userName +e);
892             throw e;
893         }
894 
895         return groups;
896     }
897     
898     
899     /**
900      * This method returns a list of all roles available to InfoGlue.
901      */
902     public List   getRoles() throws Exception  
903     {
904         List   roles = null;
905         
906         DirContext   ctx = getContext();
907         
908         roles = getRoles(ctx);
909         
910         ctx.close();
911 
912         return roles;
913     }
914     /**
915      * This method gets a list of roles
916      */
917     
918     public List   getRoles(DirContext   ctx) throws Exception  
919     {
920         logger.info("getRoles start....");
921 
922         String   roleCacheTimeout = this.extraProperties.getProperty("roleCacheTimeout", "1800");
923 
924         String   key = "allRoles";
925         List   roles = (List  )CacheController.getCachedObjectFromAdvancedCache("JNDIAuthorizationCache", key, new Integer  (roleCacheTimeout).intValue());
926         if(roles != null)
927             return roles;
928         
929         roles = new ArrayList  ();
930 
931         //List roles = new ArrayList();
932 
933         String   roleBase             = this.extraProperties.getProperty("roleBase");
934         String   rolesFilter          = this.extraProperties.getProperty("rolesFilter");
935         String   rolesAttributeFilter = this.extraProperties.getProperty("rolesAttributesFilter");
936         String   roleNameAttribute    = this.extraProperties.getProperty("roleNameAttribute");
937         String   roleSearchScope      = this.extraProperties.getProperty("roleSearchScope");
938 
939         try 
940         {
941             logger.info("Connected...");
942 
943             String   baseDN = roleBase;
944             String   searchFilter = "(cn=InfoGlue*)";
945             if(rolesFilter != null && rolesFilter.length() > 0)
946                 searchFilter = rolesFilter;
947             
948             logger.info("searchFilter:" + searchFilter);
949             logger.info("roleSearchScope:" + roleSearchScope);
950             logger.info("rolesAttributeFilter:" + rolesAttributeFilter);
951             
952             String   rolesAttribute = "distinguishedName";
953             if(rolesAttributeFilter != null && rolesAttributeFilter.length() > 0)
954                 rolesAttribute = rolesAttributeFilter;
955     
956             String  [] attrID = rolesAttribute.split(",");
957             logger.info("attrID:" + attrID);
958             
959             SearchControls   ctls = new SearchControls  (); 
960 
961             int roleSearchScopeInt = SearchControls.SUBTREE_SCOPE;
962             if(roleSearchScope != null && roleSearchScope.equalsIgnoreCase("ONELEVEL_SCOPE"))
963                 roleSearchScopeInt = SearchControls.ONELEVEL_SCOPE;
964             else if(roleSearchScope != null && roleSearchScope.equalsIgnoreCase("OBJECT_SCOPE"))
965                 roleSearchScopeInt = SearchControls.OBJECT_SCOPE;
966                 
967             ctls.setSearchScope(roleSearchScopeInt);
968             ctls.setReturningAttributes(attrID);
969     
970             NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
971             
972             if(!answer.hasMore())
973                 throw new Exception  ("The was no groups found in the JNDI Data Source.");
974         
975             logger.info("-----------------------\n");
976             while (answer.hasMore()) 
977             {
978                 SearchResult   sr = (SearchResult  )answer.next();
979                 logger.info("Group:" + sr.toString() + "\n");
980                 
981                 Attributes   attributes = sr.getAttributes();
982                 logger.info("attributes:" + attributes.toString());
983                 logger.info("roleNameAttribute:" + roleNameAttribute);
984                 Attribute   attribute = attributes.get(roleNameAttribute);
985                 logger.info("attribute:" + attribute.toString());
986                 NamingEnumeration   allEnum = attribute.getAll();
987                 while(allEnum.hasMore())
988                 {
989                     String   groupName = (String  )allEnum.next();
990                     logger.info("groupName:" + groupName);
991                     
992                     InfoGlueRole infoGlueRole = new InfoGlueRole(groupName, "Not available from JNDI-source", this);
993                     roles.add(infoGlueRole);
994                 }
995                 
996             } 
997             logger.info("-----------------------\n");
998         }
999         catch (Exception   e) 
1000        {
1001            logger.info("Could not find Roles: " + e.getMessage());
1002        }
1003        logger.info("getRoles end....");
1004
1005        if(roles != null)
1006            CacheController.cacheObjectInAdvancedCache("JNDIAuthorizationCache", key, roles, null, false);
1007
1008        return roles;
1009    }
1010
1011    /**
1012     * This method gets a list of users
1013     */
1014    
1015    public List   getUsers() throws Exception  
1016    {
1017        logger.info("*******************");
1018        logger.info("* getUsers start  *");
1019        logger.info("*******************");
1020        
1021        String   userCacheTimeout = this.extraProperties.getProperty("userCacheTimeout", "1800");
1022
1023        String   key = "allUsers";
1024        List   users = (List  )CacheController.getCachedObjectFromAdvancedCache("JNDIAuthorizationCache", key, new Integer  (userCacheTimeout).intValue());
1025        if(users != null)
1026            return users;
1027        
1028        users = new ArrayList  ();
1029        
1030        String   roleBase                 = this.extraProperties.getProperty("roleBase");
1031        String   groupBase                = this.extraProperties.getProperty("groupBase");
1032        String   userBase                 = this.extraProperties.getProperty("userBase");
1033        String   userListSearch           = this.extraProperties.getProperty("userListSearch");
1034        String   userAttributesFilter     = this.extraProperties.getProperty("userAttributesFilter");
1035        String   userNameAttributeFilter  = this.extraProperties.getProperty("userNameAttributeFilter", "name");
1036        String   userFirstNameAttributeFilter = this.extraProperties.getProperty("userFirstNameAttributeFilter", "givenName");
1037        String   userLastNameAttributeFilter  = this.extraProperties.getProperty("userLastNameAttributeFilter", "sn");
1038        String   userMailAttributeFilter  = this.extraProperties.getProperty("userMailAttributeFilter", "mail");
1039        String   memberOfAttributeFilter  = this.extraProperties.getProperty("memberOfAttributeFilter", "memberOf");
1040        String   roleFilter               = this.extraProperties.getProperty("roleFilter", "InfoGlue");
1041        String   roleNameAttribute        = this.extraProperties.getProperty("roleNameAttribute");
1042        String   userSearchScope          = this.extraProperties.getProperty("userSearchScope");
1043        String   removeGroupBaseDN        = this.extraProperties.getProperty("removeGroupBaseDN", "true");
1044        String   removeRoleBaseDN         = this.extraProperties.getProperty("removeRoleBaseDN", "true");
1045
1046        try 
1047        {
1048            DirContext   ctx = getContext();
1049             
1050            String   baseDN = userBase;
1051            String   searchFilter = "(CN=*)";
1052            if(userListSearch != null && userListSearch.length() > 0)
1053                searchFilter = userListSearch;
1054            
1055            String   attributesFilter = "name, givenName, sn, mail, memberOf";
1056            if(userAttributesFilter != null && userAttributesFilter.length() > 0)
1057                attributesFilter = userAttributesFilter;
1058                        
1059            String  [] attrID = attributesFilter.split(",");
1060            String  [] userMailAttributeFilterAttributeId = userMailAttributeFilter.split(",");
1061            
1062            logger.info("attributesFilter:" + attributesFilter);
1063            logger.info("userMailAttributeFilterAttributeId:" + userMailAttributeFilterAttributeId);
1064            logger.info("baseDN:" + baseDN);
1065            logger.info("searchFilter:" + searchFilter);
1066            //logger.info("attrID" + attrID);
1067                        
1068            SearchControls   ctls = new SearchControls  (); 
1069
1070            int userSearchScopeInt = SearchControls.SUBTREE_SCOPE;
1071            if(userSearchScope != null && userSearchScope.equalsIgnoreCase("ONELEVEL_SCOPE"))
1072                userSearchScopeInt = SearchControls.ONELEVEL_SCOPE;
1073            else if(userSearchScope != null && userSearchScope.equalsIgnoreCase("OBJECT_SCOPE"))
1074                userSearchScopeInt = SearchControls.OBJECT_SCOPE;
1075                
1076            ctls.setSearchScope(userSearchScopeInt);
1077            ctls.setReturningAttributes(attrID);
1078
1079            NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
1080
1081            if(!answer.hasMore())
1082                throw new Exception  ("The was no users found in the JNDI Data Source.");
1083        
1084            while (answer.hasMore()) 
1085            {
1086                try
1087                {
1088                    SearchResult   sr = (SearchResult  )answer.next();
1089                    logger.info("Person:" + sr.toString() + "\n");
1090                    
1091                    Attributes   attributes = sr.getAttributes();
1092                    logger.info("attributes:" + attributes.toString());
1093                    Attribute   userNameAttribute = attributes.get(userNameAttributeFilter);
1094                    Attribute   userFirstNameAttribute = attributes.get(userFirstNameAttributeFilter);
1095                    Attribute   userLastNameAttribute = attributes.get(userLastNameAttributeFilter);
1096                    
1097                    Attribute   userMailAttribute = null;
1098                    for(int i=0; i<userMailAttributeFilterAttributeId.length; i++)
1099                    {
1100                        userMailAttribute = attributes.get(userMailAttributeFilterAttributeId[i]);
1101                        if(userMailAttribute != null)
1102                            break;
1103                    }
1104                    
1105                    Attribute   memberOfAttribute = attributes.get(memberOfAttributeFilter);
1106                    Attribute   memberOfGroupsAttribute = attributes.get(memberOfAttributeFilter);
1107                    
1108                    if(userFirstNameAttribute == null || userLastNameAttribute == null || userMailAttribute == null)
1109                        throw new SystemException("The user " + userNameAttribute + " did not have firstName, lastName or email attribute which InfoGlue requires");
1110                        
1111                    logger.info("userNameAttribute:" + userNameAttribute.toString());
1112                    logger.info("userFirstNameAttribute:" + userFirstNameAttribute.toString());
1113                    logger.info("userLastNameAttribute:" + userLastNameAttribute.toString());
1114                    logger.info("userMailAttribute:" + userMailAttribute.toString());
1115                    
1116                    List   roles = new ArrayList  ();
1117                    List   groups = new ArrayList  ();
1118
1119                    if(memberOfAttribute != null)
1120                    {
1121                        logger.info("memberOfAttribute:" + memberOfAttribute.toString());
1122                    
1123                        NamingEnumeration   allEnum = memberOfAttribute.getAll();
1124                        while(allEnum.hasMore())
1125                        {
1126                            String   roleName = (String  )allEnum.next();
1127                            logger.info("groupName:" + roleName);
1128                            logger.info("roleBase:" + roleBase);
1129                            if(roleBase != null && roleName.indexOf(roleBase) > -1 && removeRoleBaseDN.equals("true"))
1130                            {
1131                                roleName = roleName.substring(0, roleName.indexOf(roleBase));
1132                                roleName = roleName.substring(0, roleName.lastIndexOf(","));
1133                            }
1134                            
1135                            logger.info("roleName:" + roleName);
1136                            if(roleFilter.equalsIgnoreCase("*") || roleName.indexOf(roleFilter) > -1)
1137                            {
1138                                logger.info("roleNameAttribute:" + roleNameAttribute);
1139                                logger.info("groupName:" + roleName);
1140                                logger.info("indexOf:" + roleName.indexOf(roleNameAttribute));
1141                                if(roleNameAttribute != null && roleName.indexOf(roleNameAttribute) > -1)
1142                                {
1143                                    roleName = roleName.substring(roleName.indexOf(roleNameAttribute) + roleNameAttribute.length() + 1);
1144                                }
1145                                
1146                                InfoGlueRole infoGlueRole = new InfoGlueRole(roleName, "Not available from JNDI-source", this);
1147                                roles.add(infoGlueRole);
1148                            }
1149                        }
1150                    }
1151                    else
1152                    {
1153                        logger.info("No memberOfAttribute named :" + memberOfAttributeFilter + " was found.");
1154                    }
1155
1156                    if(memberOfGroupsAttribute != null)
1157                    {
1158                        NamingEnumeration   allGroupsEnum = memberOfGroupsAttribute.getAll();
1159                        while(allGroupsEnum.hasMore())
1160                        {
1161                            String   groupName = (String  )allGroupsEnum.next();
1162                            logger.info("groupName:" + groupName);
1163                            logger.info("groupBase:" + groupBase);
1164                            if(groupBase != null && groupName.indexOf(groupBase) > -1 && removeGroupBaseDN.equals("true"))
1165                            {
1166                                groupName = groupName.substring(0, groupName.indexOf(groupBase));
1167                                groupName = groupName.substring(0, groupName.lastIndexOf(","));
1168                            }
1169                            
1170                            logger.info("groupName:" + groupName);
1171                            if(roleFilter.equalsIgnoreCase("*") || groupName.indexOf(roleFilter) > -1)
1172                            {
1173                                logger.info("roleNameAttribute:" + roleNameAttribute);
1174                                logger.info("groupName:" + groupName);
1175                                logger.info("indexOf:" + groupName.indexOf(roleNameAttribute));
1176                                if(roleNameAttribute != null && groupName.indexOf(roleNameAttribute) > -1)
1177                                {
1178                                    groupName = groupName.substring(groupName.indexOf(roleNameAttribute) + roleNameAttribute.length() + 1);
1179                                }
1180                                
1181                                InfoGlueGroup infoGlueGroup = new InfoGlueGroup(groupName, "Not available from JNDI-source", this);
1182                                groups.add(infoGlueGroup);
1183                            }
1184                        }
1185                    }
1186                    else
1187                    {
1188                        logger.info("No memberOfGroupsAttribute named :" + memberOfAttributeFilter + " was found.");
1189                    }
1190
1191                    InfoGluePrincipal infoGluePrincipal = new InfoGluePrincipal(userNameAttribute.get().toString(), userFirstNameAttribute.get().toString(), userLastNameAttribute.get().toString(), userMailAttribute.get().toString(), roles, groups, false, this);
1192                    users.add(infoGluePrincipal);
1193                }
1194                catch(Exception   e)
1195                {
1196                    logger.warn("An error occurred when we tried to read user: " + e.getMessage(), e);
1197                }
1198            } 
1199            ctx.close();
1200        }
1201        catch (Exception   e) 
1202        {
1203            logger.warn("Could not find Groups: " + e.getMessage(), e);
1204        }
1205        logger.info("getUsers end...");
1206
1207        if(users != null)
1208            CacheController.cacheObjectInAdvancedCache("JNDIAuthorizationCache", key, users, null, false);
1209        
1210        return users;
1211    }
1212    
1213    public List   getFilteredUsers(String   firstName, String   lastName, String   userName, String   email, String  [] roleIds) throws SystemException, Bug
1214    {
1215        List   users = new ArrayList  ();
1216        //TODO      
1217        return users;
1218    }
1219
1220    /* (non-Javadoc)
1221     * @see org.infoglue.cms.security.AuthorizationModule#getRoleUsers(java.lang.String)
1222     */
1223    public List   getUsers(String   roleName) throws Exception  
1224    {
1225        return getRoleUsers(roleName);
1226    }
1227
1228    
1229    public List   getRoleUsers(String   roleName) throws Exception  
1230    {
1231        List   users = null;
1232        
1233        DirContext   ctx = getContext();
1234        
1235        users = getRoleUsers(roleName, ctx);
1236        
1237        ctx.close();
1238        
1239        return users;
1240    }
1241    
1242    public List   getRoleUsers(String   roleName, DirContext   ctx) throws Exception  
1243    {
1244        List   users = new ArrayList  ();
1245        
1246        String   roleBase             = this.extraProperties.getProperty("roleBase").toLowerCase().trim();
1247        String   rolesFilter          = this.extraProperties.getProperty("rolesFilter");
1248        String   rolesAttributeFilter = this.extraProperties.getProperty("rolesAttributesFilter");
1249        String   roleNameAttribute    = this.extraProperties.getProperty("roleNameAttribute");
1250        String   usersAttributeFilter = this.extraProperties.getProperty("usersAttributesFilter");
1251        String   userNameAttribute    = this.extraProperties.getProperty("userNameAttributeFilter");
1252        String   userBase             = this.extraProperties.getProperty("userBase").toLowerCase().trim();
1253        String   removeUserBaseDN     = this.extraProperties.getProperty("removeUserBaseDN", "true");
1254        
1255        try 
1256        {
1257            logger.info("roleName:" + roleName);
1258
1259            String   baseDN = roleBase;
1260            String   searchFilter = "(cn=" + roleName + ")";
1261            if(roleName.indexOf("cn=") > -1)
1262                searchFilter = "(" + roleName + ")";
1263
1264            logger.info("searchFilter:" + searchFilter);
1265            logger.info("baseDN:" + baseDN);
1266            
1267            String   rolesAttribute = "distinguishedName";
1268            if(rolesAttributeFilter != null && rolesAttributeFilter.length() > 0)
1269                rolesAttribute = rolesAttributeFilter;
1270    
1271            String  [] attrID = rolesAttribute.split(",");
1272
1273            logger.info("Before search...");
1274
1275            SearchControls   ctls = new SearchControls  (); 
1276            ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
1277            ctls.setReturningAttributes(attrID);
1278    
1279            NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
1280
1281            logger.info("After search...");
1282
1283            if(!answer.hasMore())
1284                throw new Exception  ("The was no roles found in the JNDI Data Source.");
1285        
1286            while (answer.hasMore()) 
1287            {
1288                SearchResult   sr = (SearchResult  )answer.next();
1289                logger.info("Role:" + sr.toString() + "\n");
1290                
1291                Attributes   attributes = sr.getAttributes();
1292                logger.info("attributes:" + attributes.toString());
1293                logger.info("roleNameAttribute:" + roleNameAttribute);
1294                Attribute   attribute = attributes.get(roleNameAttribute);
1295                logger.info("attribute:" + attribute.toString());
1296                NamingEnumeration   allEnum = attribute.getAll();
1297                while(allEnum.hasMore())
1298                {
1299                    String   roleNameCandidate = (String  )allEnum.next();
1300                    logger.info("roleNameCandidate:" + roleNameCandidate);
1301                    
1302                    if(roleNameCandidate.equals(roleName))
1303                    {
1304                        Attribute   usersAttribute = attributes.get(usersAttributeFilter);
1305                        logger.info("usersAttribute:" + usersAttribute.toString());
1306                        
1307                        NamingEnumeration   allUsersEnum = usersAttribute.getAll();
1308                        while(allUsersEnum.hasMore())
1309                        {
1310                            String   userName = (String  )allUsersEnum.next();
1311                            logger.info("userName:" + userName);
1312                            logger.info("userBase:" + userBase);
1313                            
1314                            if(roleBase != null && userName.indexOf(userBase) > -1 && removeUserBaseDN.equals("true"))
1315                            {
1316                                userName = userName.substring(0, userName.indexOf(userBase));
1317                                userName = userName.substring(0, userName.lastIndexOf(","));
1318                            }
1319                            
1320                            logger.info("userNameAttribute:" + userNameAttribute);
1321                            logger.info("userName:" + userName);
1322                            logger.info("indexOf:" + userName.indexOf(userNameAttribute));
1323
1324                            if(roleNameAttribute != null && userName.indexOf(userNameAttribute) > -1)
1325                            {
1326                                userName = userName.substring(userName.indexOf(userNameAttribute) + userNameAttribute.length() + 1);
1327                            }
1328                            
1329                            if(userName.indexOf("cn=") > -1)
1330                                userName = userName.substring(userName.indexOf("cn=") + 3);
1331                            
1332                            //InfoGluePrincipal infoGluePrincipal = this.getAuthorizedInfoGluePrincipal(userName, false, ctx):
1333                            InfoGluePrincipal infoGluePrincipal = new InfoGluePrincipal(userName, "", "", "", new ArrayList  (), new ArrayList  (), false, this);
1334                            users.add(infoGluePrincipal);
1335                        }
1336                    }
1337                }
1338                
1339            } 
1340        }
1341        catch (Exception   e) 
1342        {
1343            logger.info("Could not find users for role: " + e.getMessage());
1344        }
1345        logger.info("--------------------END---------------------");
1346
1347        return users;
1348    }
1349
1350    
1351    public Properties   getExtraProperties()
1352    {
1353        return this.extraProperties;
1354    }
1355
1356    public void setExtraProperties(Properties   properties)
1357    {
1358        this.extraProperties = properties;
1359    }
1360
1361    public void setTransactionObject(Object   transactionObject)
1362    {
1363    }
1364
1365    public Object   getTransactionObject()
1366    {
1367        return null;
1368    }
1369
1370    
1371    /**
1372     * This method returns a list of all groups available to InfoGlue.
1373     */
1374    public List   getGroups() throws Exception  
1375    {
1376        List   groups = null;
1377        
1378        DirContext   ctx = getContext();
1379        
1380        groups = getGroups(ctx);
1381        
1382        ctx.close();
1383
1384        return groups;
1385    }
1386    
1387    /**
1388     * This method returns a list of all groups available to InfoGlue.
1389     */
1390    public List   getGroups(DirContext   ctx) throws Exception  
1391    {
1392        logger.info("getGroups start....");
1393
1394        String   groupCacheTimeout = this.extraProperties.getProperty("groupCacheTimeout", "1800");
1395
1396        String   key = "allGroups";
1397        List   groups = (List  )CacheController.getCachedObjectFromAdvancedCache("JNDIAuthorizationCache", key, new Integer  (groupCacheTimeout).intValue());
1398        if(groups != null)
1399            return groups;
1400        
1401        groups = new ArrayList  ();
1402        //List groups = new ArrayList();
1403        
1404        String   groupBase            = this.extraProperties.getProperty("groupBase");
1405        String   groupsFilter         = this.extraProperties.getProperty("groupsFilter");
1406        String   groupsAttributeFilter= this.extraProperties.getProperty("groupsAttributesFilter");
1407        String   groupNameAttribute   = this.extraProperties.getProperty("groupNameAttribute");
1408        String   groupSearchScope     = this.extraProperties.getProperty("groupSearchScope");
1409        
1410        try 
1411        {
1412            String   baseDN = groupBase;
1413            String   searchFilter = "(cn=InfoGlue*)";
1414            if(groupsFilter != null && groupsFilter.length() > 0)
1415                searchFilter = groupsFilter;
1416            
1417            logger.info("searchFilter:" + searchFilter);
1418            logger.info("groupSearchScope:" + groupSearchScope);
1419            
1420            String   groupsAttribute = "distinguishedName";
1421            if(groupsAttributeFilter != null && groupsAttributeFilter.length() > 0)
1422                groupsAttribute = groupsAttributeFilter;
1423    
1424            String  [] attrID = groupsAttribute.split(",");
1425            logger.info("attrID:" + attrID);
1426            
1427            SearchControls   ctls = new SearchControls  (); 
1428
1429            int groupSearchScopeInt = SearchControls.SUBTREE_SCOPE;
1430            if(groupSearchScope != null && groupSearchScope.equalsIgnoreCase("ONELEVEL_SCOPE"))
1431                groupSearchScopeInt = SearchControls.ONELEVEL_SCOPE;
1432            else if(groupSearchScope != null && groupSearchScope.equalsIgnoreCase("OBJECT_SCOPE"))
1433                groupSearchScopeInt = SearchControls.OBJECT_SCOPE;
1434                
1435            ctls.setSearchScope(groupSearchScopeInt);
1436            ctls.setReturningAttributes(attrID);
1437    
1438            NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
1439
1440            if(!answer.hasMore())
1441                throw new Exception  ("The was no groups found in the JNDI Data Source.");
1442        
1443            logger.info("-----------------------\n");
1444            while (answer.hasMore()) 
1445            {
1446                SearchResult   sr = (SearchResult  )answer.next();
1447                logger.info("Group:" + sr.toString() + "\n");
1448                
1449                Attributes   attributes = sr.getAttributes();
1450                logger.info("attributes:" + attributes.toString());
1451                logger.info("groupNameAttribute:" + groupNameAttribute);
1452                Attribute   attribute = attributes.get(groupNameAttribute);
1453                logger.info("attribute:" + attribute.toString());
1454                NamingEnumeration   allEnum = attribute.getAll();
1455                while(allEnum.hasMore())
1456                {
1457                    String   groupName = (String  )allEnum.next();
1458                    logger.info("groupName:" + groupName);
1459                    
1460                    InfoGlueGroup infoGlueGroup = new InfoGlueGroup(groupName, "Not available from JNDI-source", this);
1461                    groups.add(infoGlueGroup);
1462                }
1463                
1464            } 
1465            logger.info("-----------------------\n");
1466        }
1467        catch (Exception   e) 
1468        {
1469            logger.info("Could not find Groups: " + e.getMessage());
1470        }
1471        logger.info("getRoles end....");
1472
1473        if(groups != null)
1474            CacheController.cacheObjectInAdvancedCache("JNDIAuthorizationCache", key, groups, null, false);
1475
1476        return groups;
1477    }
1478
1479
1480    /** 
1481     * Gets a list of users which is memebers of the given group
1482     */
1483    public List   getGroupUsers(String   groupName) throws Exception  
1484    {
1485        List   users = null;
1486        
1487        DirContext   ctx = getContext();
1488        
1489        users = getGroupUsers(groupName, ctx);
1490        
1491        ctx.close();
1492    
1493        return users;
1494    }
1495
1496    /** 
1497     * Gets a list of users which is memebers of the given group
1498     */
1499    public List   getGroupUsers(String   groupName, DirContext   ctx) throws Exception  
1500    {
1501        logger.info("--------getGroupUsers(String groupName) start---------------");
1502        List   users = new ArrayList  ();
1503
1504        String   groupBase            = this.extraProperties.getProperty("groupBase");
1505        String   groupsFilter         = this.extraProperties.getProperty("groupsFilter");
1506        String   groupsAttributeFilter= this.extraProperties.getProperty("groupsAttributesFilter");
1507        String   groupNameAttribute   = this.extraProperties.getProperty("groupNameAttribute");
1508        String   usersAttributeFilter = this.extraProperties.getProperty("usersAttributesFilter");
1509        String   userNameAttribute    = this.extraProperties.getProperty("userNameAttributeFilter");
1510        String   userBase             = this.extraProperties.getProperty("userBase");
1511        String   removeUserBaseDN     = this.extraProperties.getProperty("removeUserBaseDN", "true");
1512        
1513        
1514        try 
1515        {
1516            String   baseDN = groupBase;
1517            String   searchFilter = "(cn=InfoGlue*)";
1518            if(groupsFilter != null && groupsFilter.length() > 0)
1519                searchFilter = groupsFilter;
1520            
1521            String   groupsAttribute = "distinguishedName";
1522            if(groupsAttributeFilter != null && groupsAttributeFilter.length() > 0)
1523                groupsAttribute = groupsAttributeFilter;
1524    
1525            String  [] attrID = groupsAttribute.split(",");
1526            
1527            SearchControls   ctls = new SearchControls  (); 
1528            ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
1529            ctls.setReturningAttributes(attrID);
1530    
1531            NamingEnumeration   answer = ctx.search(baseDN, searchFilter, ctls); 
1532
1533            if(!answer.hasMore())
1534                throw new Exception  ("The was no groups found in the JNDI Data Source.");
1535        
1536            while (answer.hasMore()) 
1537            {
1538                SearchResult   sr = (SearchResult  )answer.next();
1539                logger.info("Group:" + sr.toString() + "\n");
1540                
1541                Attributes   attributes = sr.getAttributes();
1542                logger.info("attributes:" + attributes.toString());
1543                logger.info("groupNameAttribute:" + groupNameAttribute);
1544                Attribute   attribute = attributes.get(groupNameAttribute);
1545                logger.info("attribute:" + attribute.toString());
1546                NamingEnumeration   allEnum = attribute.getAll();
1547                while(allEnum.hasMore())
1548                {
1549                    String   foundGroupName = (String  )allEnum.next();
1550                    logger.info("foundGroupName:" + foundGroupName);
1551                    
1552                    logger.info(foundGroupName + "=" + groupName);
1553                    if(foundGroupName.equals(groupName))
1554                    {
1555                        Attribute   usersAttribute = attributes.get(usersAttributeFilter);
1556                        logger.info("usersAttribute:" + usersAttribute.toString());
1557                        
1558                        List   groups = new ArrayList  ();
1559                        NamingEnumeration   allUsersEnum = usersAttribute.getAll();
1560                        while(allUsersEnum.hasMore())
1561                        {
1562                            String   userName = (String  )allUsersEnum.next();
1563                            logger.info("userName:" + userName);
1564                            logger.info("userBase:" + userBase);
1565                            
1566                            if(groupBase != null && userName.indexOf(userBase) > -1 && removeUserBaseDN.equals("true"))
1567                            {
1568                                userName = userName.substring(0, userName.indexOf(userBase));
1569                                userName = userName.substring(0, userName.lastIndexOf(","));
1570                            }
1571                            
1572                            logger.info("userNameAttribute:" + userNameAttribute);
1573                            logger.info("groupName:" + userName);
1574                            logger.info("indexOf:" + userName.indexOf(userNameAttribute));
1575                            if(groupNameAttribute != null && userName.indexOf(userNameAttribute) > -1)
1576                            {
1577                                userName = userName.substring(userName.indexOf(userNameAttribute) + userNameAttribute.length() + 1);
1578                            }
1579                            
1580                            InfoGluePrincipal infoGluePrincipal = new InfoGluePrincipal(userName, "", "", "", new ArrayList  (), new ArrayList  (), false, this);
1581                            users.add(infoGluePrincipal);
1582                        }
1583                        
1584                        //InfoGlueRole infoGlueRole = new InfoGlueRole(groupName, "Not available from JNDI-source");
1585                        //users.add(infoGluePrincipal);
1586                    }
1587                }
1588                
1589            } 
1590
1591        }
1592        catch (Exception   e) 
1593        {
1594            logger.info("Could not find Groups: " + e.getMessage());
1595        }
1596        logger.info("--------------------END---------------------");
1597
1598        return users;
1599    }
1600
1601    
1602    public void createInfoGluePrincipal(SystemUserVO systemUserVO) throws Exception  
1603    {
1604        throw new SystemException("The JNDI BASIC Authorization module does not support creation of users yet...");
1605    }
1606
1607    public void updateInfoGluePrincipalPassword(String   userName) throws Exception   
1608    {
1609        throw new SystemException("The JNDI BASIC Authorization module does not support updates of users yet...");
1610    }
1611
1612    public void updateInfoGluePrincipalPassword(String   userName, String   oldPassword, String   newPassword) throws Exception  
1613    {
1614        throw new SystemException("The JNDI BASIC Authorization module does not support updates of user password yet...");
1615    }
1616    
1617    public void deleteInfoGluePrincipal(String   userName) throws Exception  
1618    {
1619        throw new SystemException("The JNDI BASIC Authorization module does not support deletion of users yet...");
1620    }
1621    
1622    public void createInfoGlueRole(RoleVO roleVO) throws Exception  
1623    {
1624        throw new SystemException("The JNDI BASIC Authorization module does not support creation of users yet...");
1625    }
1626
1627    public void updateInfoGlueRole(RoleVO roleVO, String  [] userNames) throws Exception  
1628    {
1629    }
1630
1631    public void deleteInfoGlueRole(String   roleName) throws Exception  
1632    {
1633        throw new SystemException("The JNDI BASIC Authorization module does not support deletion of roles yet...");
1634    }
1635
1636    public void updateInfoGluePrincipal(SystemUserVO systemUserVO, String  [] roleNames, String  [] groupNames) throws Exception  
1637    {
1638    }
1639
1640    public void createInfoGlueGroup(GroupVO groupVO) throws Exception  
1641    {
1642        throw new SystemException("The JNDI BASIC Authorization module does not support creation of groups yet...");        
1643    }
1644
1645    public void updateInfoGlueGroup(GroupVO roleVO, String  [] userNames) throws Exception  
1646    {
1647    }
1648
1649    public void deleteInfoGlueGroup(String   groupName) throws Exception  
1650    {
1651        throw new SystemException("The JNDI BASIC Authorization module does not support deletion of groups yet...");        
1652    }
1653
1654
1655}
1656
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags