ACLLDAPConnector


1   /*
2    * Copyright 2002 by
3    * <a HREF="http://www.coridan.com">Coridan</a>
4    * <a HREF="mailto: support@coridan.com ">support@coridan.com</a>
5    *
6    * The contents of this file are subject to the Mozilla Public License Version
7    * 1.1 (the "License"); you may not use this file except in compliance with the
8    * License.  You may obtain a copy of the License at
9    * http://www.mozilla.org/MPL/
10   *
11   * Software distributed under the License is distributed on an "AS IS" basis,
12   * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13   * for the specific language governing rights and limitations under the
14   * License.
15   *
16   * The Original Code is "MantaRay" (TM).
17   *
18   * The Initial Developer of the Original Code is Shirley Sasson.
19   * Portions created by the Initial Developer are Copyright (C) 2006
20   * Coridan Inc.  All Rights Reserved.
21   *
22   * Contributor(s): all the names of the contributors are added in the source
23   * code where applicable.
24   *
25   * Alternatively, the contents of this file may be used under the terms of the
26   * LGPL license (the "GNU LESSER GENERAL PUBLIC LICENSE"), in which case the
27   * provisions of LGPL are applicable instead of those above.  If you wish to
28   * allow use of your version of this file only under the terms of the LGPL
29   * License and not to allow others to use your version of this file under
30   * the MPL, indicate your decision by deleting the provisions above and
31   * replace them with the notice and other provisions required by the LGPL.
32   * If you do not delete the provisions above, a recipient may use your version
33   * of this file under either the MPL or the GNU LESSER GENERAL PUBLIC LICENSE.
34  
35   *
36   * This library is free software; you can redistribute it and/or modify it
37   * under the terms of the MPL as stated above or under the terms of the GNU
38   * Lesser General Public License as published by the Free Software Foundation;
39   * either version 2.1 of the License, or any later version.
40   *
41   * This library is distributed in the hope that it will be useful, but WITHOUT
42   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
43   * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
44   * License for more details.
45   */
46  
47  package org.mr.kernel.security.impl.ldap;
48  
49  import org.mr.MantaAgent;
50  
51  import org.mr.kernel.security.authorization.AuthorizationValue;
52  import org.mr.kernel.security.authorization.WhiteListKeyEntry;
53  import org.mr.kernel.security.authorization.PermissionKeyEntry;
54  import org.mr.kernel.security.authorization.ACLKeyEntry;
55  import org.mr.kernel.security.impl.ACLStorageConnector;
56  import org.mr.kernel.security.MantaSecurityException;
57  import org.mr.kernel.security.SecurityConfigurationPaths;
58  import org.apache.commons.logging.Log;
59  import org.apache.commons.logging.LogFactory;
60  
61  /**
62   * This class is an LDAP implementation of {@link org.mr.kernel.security.impl.ACLStorageConnector}.
63   *
64   * @version 1.0
65   * @since Mar 22, 2006
66   * @author Shirley Sasson
67   *
68   */
69  public class ACLLDAPConnector implements ACLStorageConnector, SecurityConfigurationPaths {
70      private String   _pathToUsers;
71      private String   _pathToWhiteList;
72      private String   _groupAttributeName;
73      private String   _userRDNattributeName;
74      private String   _whiteListRDNattributeName;
75      private LDAPActions _ldapActions;
76      private Log _logger;
77  
78      /**
79       * Constructs a new instance of ACLLDAPConnector.
80       *
81       */
82      public ACLLDAPConnector(String   configurationName) throws MantaSecurityException {
83          _pathToUsers = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS);
84          if (_pathToUsers == null){
85              if (getLogger().isErrorEnabled())
86                  getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS);
87              throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS);
88          }
89  
90          _pathToWhiteList = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST);
91          if (_pathToWhiteList == null){
92              if (getLogger().isErrorEnabled())
93                  getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST);
94              throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST);
95          }
96  
97          _groupAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE);
98          if (_groupAttributeName == null){
99              if (getLogger().isErrorEnabled())
100                 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE);
101             throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE);
102         }
103 
104         _userRDNattributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME);
105         if (_userRDNattributeName == null){
106             if (getLogger().isErrorEnabled())
107                 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME);
108             throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME);
109         }
110 
111         _whiteListRDNattributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME);
112         if (_whiteListRDNattributeName == null){
113             if (getLogger().isErrorEnabled())
114                 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME);
115             throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME);
116         }
117 
118         _ldapActions = new LDAPActions(configurationName);
119     }
120 
121     /**
122      * This method is used to check whether the given ACLKeyEntry represents an authorized entry in the
123      * ACL storage.
124      *
125      * @param keyEntry
126      *          the entry to authorize with the ACL storage
127      * @return an AuthorizationValue object holding the authorization information
128      */
129     public AuthorizationValue isAuthorized(ACLKeyEntry keyEntry) throws MantaSecurityException {
130         if (keyEntry instanceof PermissionKeyEntry){
131             PermissionKeyEntry permissionsEntry = (PermissionKeyEntry) keyEntry;
132             return isAuthorized(permissionsEntry);
133         }
134         else if (keyEntry instanceof WhiteListKeyEntry){
135             WhiteListKeyEntry whiteListEntry = (WhiteListKeyEntry) keyEntry;
136             return isAuthorized(whiteListEntry);
137         }
138         return null;
139     }
140 
141     /**
142      * This method is used to retrieve the group of user from the ACL storage.
143      *
144      * @param username
145      *          the user to search its group
146      * @return the group of the user
147      */
148     public String   getGroupOfUser(String   username) throws MantaSecurityException {
149         if (getLogger().isDebugEnabled())
150             getLogger().debug("[getGroupOfUser] Getting attribute with name " + _groupAttributeName + " from " + _userRDNattributeName + "=" + username + "," + _pathToUsers);
151         LDAPDN entry = new LDAPDN(_userRDNattributeName + "=" + username + "," + _pathToUsers);
152         return _ldapActions.getAttribute(entry, _groupAttributeName);
153     }
154 
155     private AuthorizationValue isAuthorized(PermissionKeyEntry entry) throws MantaSecurityException {
156         LDAPDN searchBase = LDAPUtilities.buildPermissionPath(entry.getPermission(), entry.getPrincipal());
157         String   permissionEntryType = searchBase.getFirstEntry().getName();
158         String   permissionName = searchBase.getFirstEntry().getValue();
159         if (getLogger().isDebugEnabled())
160             getLogger().debug("[isAuthorized] Searching for entry " + permissionEntryType + "=" + permissionName + " in " + searchBase);
161         boolean found = _ldapActions.isExistEntry(searchBase);
162         if (found)
163             return new AuthorizationValue(found);
164         else
165             return null;
166     }
167 
168     private AuthorizationValue isAuthorized(WhiteListKeyEntry whiteListEntry) throws MantaSecurityException {
169         if (getLogger().isDebugEnabled())
170             getLogger().debug("[isAuthorized] Searching for entry " + _whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostAddress() + " in " + _pathToWhiteList);
171         LDAPDN firstTry = new LDAPDN(_whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostAddress() + "," + _pathToWhiteList);
172         boolean found = _ldapActions.isExistEntry(firstTry);
173 
174         if (!found){
175             if (getLogger().isDebugEnabled())
176                 getLogger().debug("[isAuthorized] Searching for entry " + _whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostName() + " in " + _pathToWhiteList);
177             LDAPDN secondTry = new LDAPDN(_whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostName() + "," + _pathToWhiteList);
178             found = _ldapActions.isExistEntry(secondTry);
179         }
180 
181         if (found)
182             return new AuthorizationValue(found);
183         else
184             return null;
185     }
186 
187     /**
188      * Returns the instance of the logger for this class
189      *
190      * @return the instance of the logger
191      */
192     public Log getLogger(){
193         if (_logger == null){
194             _logger = LogFactory.getLog(getClass().getName());
195         }
196         return _logger;
197     }
198 }
199
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags