1 46 47 package org.mr.kernel.security.impl.ldap; 48 49 import org.mr.MantaAgent; 50 51 import org.mr.kernel.security.authorization.AuthorizationValue; 52 import org.mr.kernel.security.authorization.WhiteListKeyEntry; 53 import org.mr.kernel.security.authorization.PermissionKeyEntry; 54 import org.mr.kernel.security.authorization.ACLKeyEntry; 55 import org.mr.kernel.security.impl.ACLStorageConnector; 56 import org.mr.kernel.security.MantaSecurityException; 57 import org.mr.kernel.security.SecurityConfigurationPaths; 58 import org.apache.commons.logging.Log; 59 import org.apache.commons.logging.LogFactory; 60 61 69 public class ACLLDAPConnector implements ACLStorageConnector, SecurityConfigurationPaths { 70 private String _pathToUsers; 71 private String _pathToWhiteList; 72 private String _groupAttributeName; 73 private String _userRDNattributeName; 74 private String _whiteListRDNattributeName; 75 private LDAPActions _ldapActions; 76 private Log _logger; 77 78 82 public ACLLDAPConnector(String configurationName) throws MantaSecurityException { 83 _pathToUsers = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 84 if (_pathToUsers == null){ 85 if (getLogger().isErrorEnabled()) 86 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 87 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 88 } 89 90 _pathToWhiteList = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 91 if (_pathToWhiteList == null){ 92 if (getLogger().isErrorEnabled()) 93 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 94 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 95 } 96 97 _groupAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 98 if (_groupAttributeName == null){ 99 if (getLogger().isErrorEnabled()) 100 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 101 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 102 } 103 104 _userRDNattributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 105 if (_userRDNattributeName == null){ 106 if (getLogger().isErrorEnabled()) 107 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 108 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 109 } 110 111 _whiteListRDNattributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 112 if (_whiteListRDNattributeName == null){ 113 if (getLogger().isErrorEnabled()) 114 getLogger().error("[ACLLDAPConnector] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 115 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 116 } 117 118 _ldapActions = new LDAPActions(configurationName); 119 } 120 121 129 public AuthorizationValue isAuthorized(ACLKeyEntry keyEntry) throws MantaSecurityException { 130 if (keyEntry instanceof PermissionKeyEntry){ 131 PermissionKeyEntry permissionsEntry = (PermissionKeyEntry) keyEntry; 132 return isAuthorized(permissionsEntry); 133 } 134 else if (keyEntry instanceof WhiteListKeyEntry){ 135 WhiteListKeyEntry whiteListEntry = (WhiteListKeyEntry) keyEntry; 136 return isAuthorized(whiteListEntry); 137 } 138 return null; 139 } 140 141 148 public String getGroupOfUser(String username) throws MantaSecurityException { 149 if (getLogger().isDebugEnabled()) 150 getLogger().debug("[getGroupOfUser] Getting attribute with name " + _groupAttributeName + " from " + _userRDNattributeName + "=" + username + "," + _pathToUsers); 151 LDAPDN entry = new LDAPDN(_userRDNattributeName + "=" + username + "," + _pathToUsers); 152 return _ldapActions.getAttribute(entry, _groupAttributeName); 153 } 154 155 private AuthorizationValue isAuthorized(PermissionKeyEntry entry) throws MantaSecurityException { 156 LDAPDN searchBase = LDAPUtilities.buildPermissionPath(entry.getPermission(), entry.getPrincipal()); 157 String permissionEntryType = searchBase.getFirstEntry().getName(); 158 String permissionName = searchBase.getFirstEntry().getValue(); 159 if (getLogger().isDebugEnabled()) 160 getLogger().debug("[isAuthorized] Searching for entry " + permissionEntryType + "=" + permissionName + " in " + searchBase); 161 boolean found = _ldapActions.isExistEntry(searchBase); 162 if (found) 163 return new AuthorizationValue(found); 164 else 165 return null; 166 } 167 168 private AuthorizationValue isAuthorized(WhiteListKeyEntry whiteListEntry) throws MantaSecurityException { 169 if (getLogger().isDebugEnabled()) 170 getLogger().debug("[isAuthorized] Searching for entry " + _whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostAddress() + " in " + _pathToWhiteList); 171 LDAPDN firstTry = new LDAPDN(_whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostAddress() + "," + _pathToWhiteList); 172 boolean found = _ldapActions.isExistEntry(firstTry); 173 174 if (!found){ 175 if (getLogger().isDebugEnabled()) 176 getLogger().debug("[isAuthorized] Searching for entry " + _whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostName() + " in " + _pathToWhiteList); 177 LDAPDN secondTry = new LDAPDN(_whiteListRDNattributeName + "=" + whiteListEntry.getIP().getHostName() + "," + _pathToWhiteList); 178 found = _ldapActions.isExistEntry(secondTry); 179 } 180 181 if (found) 182 return new AuthorizationValue(found); 183 else 184 return null; 185 } 186 187 192 public Log getLogger(){ 193 if (_logger == null){ 194 _logger = LogFactory.getLog(getClass().getName()); 195 } 196 return _logger; 197 } 198 } 199 | Popular Tags |