1 46 47 package org.mr.kernel.security.impl.ldap.management; 48 49 import org.mr.MantaAgent; 50 import org.mr.kernel.security.*; 51 import org.mr.core.configuration.ConfigurationElement; 52 53 import javax.jms.JMSSecurityException ; 54 import javax.naming.directory.Attributes ; 55 import javax.naming.directory.Attribute ; 56 import javax.naming.NamingException ; 57 import javax.management.NotCompliantMBeanException ; 58 import java.util.*; 59 60 import org.mr.kernel.security.impl.*; 61 import org.mr.kernel.security.impl.management.*; 62 import org.mr.kernel.security.impl.management.jmx.SecurityManagementJMX; 63 import org.mr.kernel.security.impl.ldap.*; 64 import org.mr.kernel.security.SecurityActionTypes; 65 import org.apache.commons.logging.Log; 66 import org.apache.commons.logging.LogFactory; 67 import org.mr.kernel.security.authorization.permissions.*; 68 import org.mr.kernel.security.authorization.permissions.management.SpecificGroupPermission; 69 import org.mr.kernel.security.authorization.permissions.management.SpecificQueuePermission; 70 import org.mr.kernel.security.authorization.permissions.management.SpecificTopicPermission; 71 import org.mr.kernel.security.authorization.permissions.management.SpecificUserPermission; 72 import org.mr.kernel.security.authorization.PermissionFactory; 73 import org.mr.kernel.security.authorization.PermissionKeyEntry; 74 import org.mr.kernel.security.authorization.AuthorizationValue; 75 76 84 public class ACLLDAPManagement implements ACLManagement, SecurityConfigurationPaths, SecurityActionTypes, LDAPConstants, SecurityConstants { 85 86 private MantaAuthorization _authorization; 87 private String _pathToGroups; 88 private String _pathToUsers; 89 private String _pathToWhiteList; 90 private String _pathToTopics; 91 private String _pathToQueues; 92 private String _groupAttributeName; 93 private String _userRDNAttributeName; 94 private String _groupRDNAttributeName; 95 private String _whiteListRDNAttributeName; 96 private String _topicRDNAttributeName; 97 private String _queueRDNAttributeName; 98 private ArrayList _configurableUserAttributes; 99 private ArrayList _configurableGroupAttributes; 100 private ArrayList _configurableDefaultAttributes; 101 private LDAPActions _ldapActions; 102 private String _configurationName; 103 private Log _logger; 104 105 112 public ACLLDAPManagement(String configurationName) throws MantaSecurityException { 113 init(configurationName); 114 _configurationName = configurationName; 115 _ldapActions = new LDAPActions(configurationName); 116 } 117 118 130 public void createPrincipal(SessionID sessionID, MantaPrincipal principal) throws PrincipalAlreadyExistsException, PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 131 if (principal == null){ 132 if (getLogger().isErrorEnabled()) 133 getLogger().error("[createPrincipal] Invalid argument: Principal"); 134 throw new MantaSecurityException("Invalid argument: Principal"); 135 } 136 137 if (principal instanceof UserPrincipal){ 138 UserPrincipal user = (UserPrincipal) principal; 139 createUserPrincipal(sessionID, user); 140 } 141 else if (principal instanceof GroupPrincipal){ 142 GroupPrincipal group = (GroupPrincipal) principal; 143 createGroupPrincipal(sessionID, group); 144 } 145 } 146 147 158 public void renamePrincipal(SessionID sessionID, MantaPrincipal principal, String newName) throws PrincipalNotFoundException, PrincipalAlreadyExistsException, MantaSecurityException, JMSSecurityException { 159 if (principal == null){ 160 if (getLogger().isErrorEnabled()) 161 getLogger().error("[renamePrincipal] Invalid argument: Principal"); 162 throw new MantaSecurityException("Invalid argument: Principal"); 163 } 164 if (newName == null || "".equals(newName)){ 165 if (getLogger().isErrorEnabled()) 166 getLogger().error("[renamePrincipal] Invalid argument: New name for principal"); 167 throw new MantaSecurityException("Invalid argument: New name for principal"); 168 } 169 170 if (principal instanceof UserPrincipal){ 171 UserPrincipal user = (UserPrincipal) principal; 172 renameUser(sessionID, user, newName); 173 } 174 else if (principal instanceof GroupPrincipal){ 175 GroupPrincipal group = (GroupPrincipal) principal; 176 renameGroup(sessionID, group, newName); 177 } 178 } 179 180 191 public void setUserGroup(SessionID sessionID, UserPrincipal user, String groupName) throws PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 192 if (user == null){ 193 if (getLogger().isErrorEnabled()) 194 getLogger().error("[setUserGroup] Invalid argument: User principal"); 195 throw new MantaSecurityException("Invalid argument: User principal"); 196 } 197 if (groupName == null || "".equals(groupName)){ 198 if (getLogger().isErrorEnabled()) 199 getLogger().error("[setUserGroup] Invalid argument: Group name"); 200 throw new MantaSecurityException("Invalid argument: Group name"); 201 } 202 203 _authorization.authorize(sessionID, ACTION_SET_GROUP_FOR_USER, user.getName()); 205 if (getLogger().isDebugEnabled()) 206 getLogger().debug("[setUserGroup] Authorization granted: action = " + ACTION_SET_GROUP_FOR_USER + ", param = " + user.getName()); 207 208 String pathToGroup = _groupRDNAttributeName + "=" + groupName + "," + _pathToGroups; 210 boolean isGroupExists = _ldapActions.isExistEntry(new LDAPDN(pathToGroup)); 211 if (!isGroupExists) 212 throw new PrincipalNotFoundException(new GroupPrincipal(groupName)); 213 214 Map attributes = new HashMap(); 215 String pathToEntry = _userRDNAttributeName + "=" + user.getName() + "," + _pathToUsers; 216 LDAPDN entry = new LDAPDN(pathToEntry); 217 attributes.put(_groupAttributeName, groupName); 218 219 if (getLogger().isDebugEnabled()) 220 getLogger().debug("[setUserGroup] Setting " + _groupAttributeName + " attribute of " + entry.getPath() + " to be " + groupName); 221 try { 222 _ldapActions.setAttributes(entry, attributes); 223 } 224 catch (EntryNotFoundException e) { 225 if (getLogger().isErrorEnabled()) 226 getLogger().error("[setUserGroup] " + e.getMessage()); 227 throw new PrincipalNotFoundException(user); 228 } 229 } 230 231 242 public void setUserPassword(SessionID sessionID, UserPrincipal user, String password) throws PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 243 if (user == null){ 244 if (getLogger().isErrorEnabled()) 245 getLogger().error("[setUserPassword] Invalid argument: User principal"); 246 throw new MantaSecurityException("Invalid argument: User principal"); 247 } 248 if (password == null || "".equals(password)){ 249 if (getLogger().isErrorEnabled()) 250 getLogger().error("[setUserPassword] Invalid argument: Password"); 251 throw new MantaSecurityException("Invalid argument: Password"); 252 } 253 254 _authorization.authorize(sessionID, ACTION_SET_PASSWORD_FOR_USER, user.getName()); 256 if (getLogger().isDebugEnabled()) 257 getLogger().debug("[setUserPassword] Authorization granted: action = " + ACTION_SET_PASSWORD_FOR_USER + ", param = " + user.getName()); 258 259 Map attributes = new HashMap(); 260 String pathToEntry = _userRDNAttributeName + "=" + user.getName() + "," + _pathToUsers; 261 LDAPDN entry = new LDAPDN(pathToEntry); 262 263 attributes.put(ATTRIBUTE_USER_PASSWORD, LDAPUtilities.crypt(password)); 265 266 if (getLogger().isDebugEnabled()) 267 getLogger().debug("[setUserPassword] Setting " + ATTRIBUTE_USER_PASSWORD + " attribute of " + pathToEntry); 268 try { 269 _ldapActions.setAttributes(entry, attributes); 270 } 271 catch (EntryNotFoundException e) { 272 if (getLogger().isErrorEnabled()) 273 getLogger().error("[setUserPassword] " + e.getMessage()); 274 throw new PrincipalNotFoundException(user); 275 } 276 } 277 278 288 public void createPermission(SessionID sessionID, MantaPermission permission, MantaPrincipal principal) throws PrincipalNotFoundException, PermissionAlreadyExistsException, MantaSecurityException, JMSSecurityException { 289 if (permission == null){ 290 if (getLogger().isErrorEnabled()) 291 getLogger().error("[createPermission] Invalid argument: Permission"); 292 throw new MantaSecurityException("Invalid argument: Permission"); 293 } 294 if (principal == null){ 295 if (getLogger().isErrorEnabled()) 296 getLogger().error("[createPermission] Invalid argument: Principal"); 297 throw new MantaSecurityException("Invalid argument: Principal"); 298 } 299 300 301 if (principal instanceof UserPrincipal){ 302 _authorization.authorize(sessionID, ACTION_CREATE_PERMISSIONS_FOR_USER, principal.getName()); 304 if (getLogger().isDebugEnabled()) 305 getLogger().debug("[createPermission] Authorization granted: action = " + ACTION_CREATE_PERMISSIONS_FOR_USER + ", param = " + principal.getName()); 306 307 String pathToUser = _userRDNAttributeName + "=" + principal.getName() + "," + _pathToUsers; 309 boolean isUserExists = _ldapActions.isExistEntry(new LDAPDN(pathToUser)); 310 if (!isUserExists) 311 throw new PrincipalNotFoundException((UserPrincipal) principal); 312 } 313 else if (principal instanceof GroupPrincipal){ 314 _authorization.authorize(sessionID, ACTION_CREATE_PERMISSIONS_FOR_GROUP, principal.getName()); 316 if (getLogger().isDebugEnabled()) 317 getLogger().debug("[createPermission] Authorization granted: action = " + ACTION_CREATE_PERMISSIONS_FOR_GROUP + " param = " + principal.getName()); 318 319 String pathToGroup = _groupRDNAttributeName + "=" + principal.getName() + "," + _pathToGroups; 321 boolean isGroupExists = _ldapActions.isExistEntry(new LDAPDN(pathToGroup)); 322 if (!isGroupExists) 323 throw new PrincipalNotFoundException((GroupPrincipal) principal); 324 } 325 326 LDAPDN permissionDN = LDAPUtilities.buildPermissionPath(permission, principal); 327 328 if (getLogger().isDebugEnabled()) 329 getLogger().debug("[createPermission] Adding permission " + permissionDN.getPath()); 330 try { 331 recursiveAdd(permissionDN, setAttributesForAdd(_configurableDefaultAttributes, null)); 332 } 333 catch (EntryAlreadyExistsException e){ 334 if (getLogger().isErrorEnabled()) 335 getLogger().error("[createPermission] " + e.getMessage()); 336 if (principal instanceof UserPrincipal) 337 throw new PermissionAlreadyExistsException(permission, (UserPrincipal) principal); 338 else if (principal instanceof GroupPrincipal) 339 throw new PermissionAlreadyExistsException(permission, (GroupPrincipal) principal); 340 } 341 catch (PropertyNotFoundException pnfe){ 342 if (getLogger().isErrorEnabled()) 343 getLogger().error("[createPermission] " + pnfe.getMessage()); 344 } 345 } 346 347 348 358 public Collection getPermissionsForPrincipal(SessionID sessionID, MantaPrincipal principal) throws PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 359 if (principal == null){ 360 if (getLogger().isErrorEnabled()) 361 getLogger().error("[getPermissionsForPrincipal] Invalid argument: Principal"); 362 throw new MantaSecurityException("Invalid argument: Principal"); 363 } 364 365 if (principal instanceof UserPrincipal){ 366 _authorization.authorize(sessionID, ACTION_READ_PERMISSIONS_FOR_USER, principal.getName()); 368 if (getLogger().isDebugEnabled()) 369 getLogger().debug("[getPermissionsForPrincipal] Authorization granted: action = " + ACTION_READ_PERMISSIONS_FOR_USER + ", param = " + principal.getName()); 370 371 String pathToUser = _userRDNAttributeName + "=" + principal.getName() + "," + _pathToUsers; 373 boolean isUserExists = _ldapActions.isExistEntry(new LDAPDN(pathToUser)); 374 if (!isUserExists) 375 throw new PrincipalNotFoundException((UserPrincipal) principal); 376 } 377 else if (principal instanceof GroupPrincipal){ 378 _authorization.authorize(sessionID, ACTION_READ_PERMISSIONS_FOR_GROUP, principal.getName()); 380 if (getLogger().isDebugEnabled()) 381 getLogger().debug("[getPermissionsForPrincipal] Authorization granted: action = " + ACTION_READ_PERMISSIONS_FOR_GROUP + ", param = " + principal.getName()); 382 383 String pathToGroup = _groupRDNAttributeName + "=" + principal.getName() + "," + _pathToGroups; 385 boolean isGroupExists = _ldapActions.isExistEntry(new LDAPDN(pathToGroup)); 386 if (!isGroupExists) 387 throw new PrincipalNotFoundException((GroupPrincipal) principal); 388 } 389 390 if (getLogger().isDebugEnabled()) 391 getLogger().debug("[getPermissionsForPrincipal] Reading collection of all users"); 392 Collection users = getUsers(sessionID); 393 394 if (getLogger().isDebugEnabled()) 395 getLogger().debug("[getPermissionsForPrincipal] Reading collection of all groups"); 396 Collection groups = getGroups(sessionID); 397 398 if (getLogger().isDebugEnabled()) 399 getLogger().debug("[getPermissionsForPrincipal] Reading collection of all topics"); 400 Collection topics = getTopics(); 401 402 if (getLogger().isDebugEnabled()) 403 getLogger().debug("[getPermissionsForPrincipal] Reading collection of all queues"); 404 Collection queues = getQueues(); 405 406 if (getLogger().isDebugEnabled()) 407 getLogger().debug("[getPermissionsForPrincipal] Reading list of all configured permissions"); 408 List permissions = new ArrayList(); 409 PermissionFactory factory = PermissionFactory.getInstance(); 410 List availablePermissions = factory.getAvailablePermissions(); 411 ACLStorageConnector ldap = ACLStorageConnectorFactory.getInstance().getACLStorageConnector(_configurationName); 412 413 for (int i=0 ; i<availablePermissions.size() ; i++){ 414 String permissionName = (String ) availablePermissions.get(i); 415 MantaPermission permission = factory.getPermission(permissionName); 416 if (permission instanceof SpecificUserPermission){ 417 Iterator iter = users.iterator(); 418 while (iter.hasNext()){ 419 String username = (String ) iter.next(); 420 SpecificUserPermission specificUserPermission = (SpecificUserPermission) permission; 421 specificUserPermission.setParameter(username); 422 if (checkPermission(specificUserPermission, principal, ldap)) 423 permissions.add(permission); 424 } 425 } 426 else if (permission instanceof SpecificGroupPermission){ 427 Iterator iter = groups.iterator(); 428 while (iter.hasNext()){ 429 String groupName = (String ) iter.next(); 430 SpecificGroupPermission specificGroupPermission = (SpecificGroupPermission) permission; 431 specificGroupPermission.setParameter(groupName); 432 if (checkPermission(specificGroupPermission, principal, ldap)) 433 permissions.add(permission); 434 } 435 } 436 else if (permission instanceof SpecificTopicPermission){ 437 Iterator iter = topics.iterator(); 438 while (iter.hasNext()){ 439 String topicName = (String ) iter.next(); 440 SpecificTopicPermission specificTopicPermission = (SpecificTopicPermission) permission; 441 specificTopicPermission.setParameter(topicName); 442 if (checkPermission(specificTopicPermission, principal, ldap)) 443 permissions.add(permission); 444 } 445 } 446 else if (permission instanceof SpecificQueuePermission){ 447 Iterator iter = queues.iterator(); 448 while (iter.hasNext()){ 449 String queueName = (String ) iter.next(); 450 SpecificQueuePermission specificQueuePermission = (SpecificQueuePermission) permission; 451 specificQueuePermission.setParameter(queueName); 452 if (checkPermission(specificQueuePermission, principal, ldap)) 453 permissions.add(permission); 454 } 455 } 456 else { 457 if (checkPermission(permission, principal, ldap)) 458 permissions.add(permission); 459 } 460 } 461 return permissions; 462 } 463 464 475 public void deletePrincipal(SessionID sessionID, MantaPrincipal principal) throws PrincipalNotFoundException, GroupNotEmptyException, MantaSecurityException, JMSSecurityException { 476 if (principal == null){ 477 if (getLogger().isErrorEnabled()) 478 getLogger().error("[deletePrincipal] Invalid argument: Principal"); 479 throw new MantaSecurityException("Invalid argument: Principal"); 480 } 481 482 if (principal instanceof UserPrincipal){ 483 UserPrincipal user = (UserPrincipal) principal; 484 485 _authorization.authorize(sessionID, ACTION_DELETE_USER, user.getName()); 488 if (getLogger().isDebugEnabled()) 489 getLogger().debug("[deletePrincipal] Authorization granted: action = " + ACTION_DELETE_USER + ", param = " + user.getName()); 490 491 _authorization.authorize(sessionID, ACTION_DELETE_PERMISSIONS_FOR_USER, user.getName()); 493 if (getLogger().isDebugEnabled()) 494 getLogger().debug("[deletePrincipal] Authorization granted: action = " + ACTION_DELETE_PERMISSIONS_FOR_USER + ", param = " + user.getName()); 495 496 if (getLogger().isDebugEnabled()) 498 getLogger().debug("[deletePrincipal] Deleting user: " + user); 499 deleteUser(user); 500 501 if (getLogger().isDebugEnabled()) 502 getLogger().debug("[deletePrincipal] Deleting permissions for user: " + user); 503 deletePermissionsForPrincipal(sessionID, user); 504 } 506 else if (principal instanceof GroupPrincipal){ 507 GroupPrincipal group = (GroupPrincipal) principal; 508 509 Collection usersInGroup = getUsers(sessionID, _groupAttributeName, group.getName()); 511 if (usersInGroup.size() > 0){ 512 if (getLogger().isErrorEnabled()) 513 getLogger().error("[deletePrincipal] Group " + group + " not empty"); 514 throw new GroupNotEmptyException(group, usersInGroup); 515 } 516 517 _authorization.authorize(sessionID, ACTION_DELETE_GROUP, group.getName()); 520 if (getLogger().isDebugEnabled()) 521 getLogger().debug("[deletePrincipal] Authorization granted: action = " + ACTION_DELETE_GROUP + ", param = " + group.getName()); 522 523 _authorization.authorize(sessionID, ACTION_DELETE_PERMISSIONS_FOR_GROUP, group.getName()); 525 if (getLogger().isDebugEnabled()) 526 getLogger().debug("[deletePrincipal] Authorization granted: action = " + ACTION_DELETE_PERMISSIONS_FOR_GROUP + ", param = " + group.getName()); 527 528 if (getLogger().isDebugEnabled()) 530 getLogger().debug("[deletePrincipal] Deleting group: " + group); 531 deleteGroup(group); 532 533 if (getLogger().isDebugEnabled()) 534 getLogger().debug("[deletePrincipal] Deleting permissions for group: " + group); 535 deletePermissionsForPrincipal(sessionID, group); 536 } 538 } 539 540 550 public void deletePermission(SessionID sessionID, MantaPermission permission, MantaPrincipal principal) throws PermissionNotFoundException, MantaSecurityException, JMSSecurityException { 551 if (permission == null){ 552 if (getLogger().isErrorEnabled()) 553 getLogger().error("[deletePermission] Invalid argument: Permission"); 554 throw new MantaSecurityException("Invalid argument: Permission"); 555 } 556 if (principal == null){ 557 if (getLogger().isErrorEnabled()) 558 getLogger().error("[deletePermission] Invalid argument: Principal"); 559 throw new MantaSecurityException("Invalid argument: Principal"); 560 } 561 562 if (principal instanceof UserPrincipal){ 564 if (getLogger().isDebugEnabled()) 565 getLogger().debug("[deletePermission] Authorization granted: action = " + ACTION_DELETE_PERMISSIONS_FOR_USER + ", param = " + principal.getName()); 566 _authorization.authorize(sessionID, ACTION_DELETE_PERMISSIONS_FOR_USER, principal.getName()); 567 } 568 else if (principal instanceof GroupPrincipal){ 569 if (getLogger().isDebugEnabled()) 570 getLogger().debug("[deletePermission] Authorization granted: action = " + ACTION_DELETE_PERMISSIONS_FOR_GROUP + ", param = " + principal.getName()); 571 _authorization.authorize(sessionID, ACTION_DELETE_PERMISSIONS_FOR_GROUP, principal.getName()); 572 } 573 574 LDAPDN permissionDN = LDAPUtilities.buildPermissionPath(permission, principal); 575 if (getLogger().isDebugEnabled()) 576 getLogger().debug("[deletePermission] Deleting permission: " + permissionDN); 577 578 try { 579 recursiveDelete(permissionDN); 580 } 581 catch (EntryNotFoundException e) { 582 if (getLogger().isErrorEnabled()) 583 getLogger().error("[deletePermission] " + e.getMessage()); 584 if (principal instanceof UserPrincipal) 585 throw new PermissionNotFoundException(permission, (UserPrincipal) principal); 586 else if (principal instanceof GroupPrincipal) 587 throw new PermissionNotFoundException(permission, (GroupPrincipal) principal); 588 } 589 } 590 591 601 public void createWhiteListEntry(SessionID sessionID, String whiteListEntry) throws WhiteListEntryAlreadyExistsException, MantaSecurityException, JMSSecurityException { 602 if (whiteListEntry == null){ 603 if (getLogger().isErrorEnabled()) 604 getLogger().error("[createWhiteListEntry] Invalid argument: White List Entry"); 605 throw new MantaSecurityException("Invalid argument: White List Entry"); 606 } 607 608 _authorization.authorize(sessionID, ACTION_CREATE_WHITE_LIST_ENTRY); 610 if (getLogger().isDebugEnabled()) 611 getLogger().debug("[createWhiteListEntry] Authorization granted: action = " + ACTION_CREATE_WHITE_LIST_ENTRY); 612 613 String strPathToEntry = _whiteListRDNAttributeName + "=" + whiteListEntry + "," + _pathToWhiteList; 614 LDAPDN entry = new LDAPDN(strPathToEntry); 615 616 if (getLogger().isDebugEnabled()) 617 getLogger().debug("[createWhiteListEntry] Adding white list entry: " + entry); 618 try { 619 recursiveAdd(entry, setAttributesForAdd(_configurableDefaultAttributes, null)); 620 } 621 catch (EntryAlreadyExistsException e){ 622 if (getLogger().isErrorEnabled()) 623 getLogger().error("[createWhiteListEntry] " + e.getMessage()); 624 throw new WhiteListEntryAlreadyExistsException(whiteListEntry); 625 } 626 catch (PropertyNotFoundException pnfe){ 627 if (getLogger().isErrorEnabled()) 628 getLogger().error("[createWhiteListEntry] " + pnfe.getMessage()); 629 } 630 } 631 632 642 public void deleteWhiteListEntry(SessionID sessionID, String whiteListEntry) throws WhiteListEntryNotFoundException, MantaSecurityException, JMSSecurityException { 643 if (whiteListEntry == null){ 644 if (getLogger().isErrorEnabled()) 645 getLogger().error("[deleteWhiteListEntry] Invalid argument: White List Entry"); 646 throw new MantaSecurityException("Invalid argument: White List Entry"); 647 } 648 649 _authorization.authorize(sessionID, ACTION_DELETE_WHITE_LIST_ENTRY); 651 if (getLogger().isDebugEnabled()) 652 getLogger().debug("[deleteWhiteListEntry] Authorization granted: action = " + ACTION_DELETE_WHITE_LIST_ENTRY); 653 654 String strPathToEntry = _whiteListRDNAttributeName + "=" + whiteListEntry + "," + _pathToWhiteList; 655 656 if (getLogger().isDebugEnabled()) 657 getLogger().debug("[deleteWhiteListEntry] Deleting white list entry: " + strPathToEntry); 658 LDAPDN entry = new LDAPDN(strPathToEntry); 659 660 try { 661 recursiveDelete(entry); 662 } 663 catch (EntryNotFoundException e) { 664 if (getLogger().isErrorEnabled()) 665 getLogger().error("[deleteWhiteListEntry] " + e.getMessage()); 666 throw new WhiteListEntryNotFoundException(whiteListEntry); 667 } 668 } 669 670 679 public Collection getUsers(SessionID sessionID) throws MantaSecurityException, JMSSecurityException { 680 _authorization.authorize(sessionID, ACTION_LIST_USERS); 681 if (getLogger().isDebugEnabled()) 682 getLogger().debug("[getUsers] Authorization granted: action = " + ACTION_LIST_USERS); 683 684 if (getLogger().isDebugEnabled()) 685 getLogger().debug("[getUsers] Getting entries of name " + _userRDNAttributeName + " from " + _pathToUsers); 686 return getEntries(_pathToUsers, _userRDNAttributeName); 687 } 688 689 698 public Collection getGroups(SessionID sessionID) throws MantaSecurityException, JMSSecurityException { 699 _authorization.authorize(sessionID, ACTION_LIST_GROUPS); 700 if (getLogger().isDebugEnabled()) 701 getLogger().debug("[getGroups] Authorization granted: action = " + ACTION_LIST_GROUPS); 702 703 if (getLogger().isDebugEnabled()) 704 getLogger().debug("[getGroups] Getting entries of name " + _groupRDNAttributeName + " from " + _pathToGroups); 705 return getEntries(_pathToGroups, _groupRDNAttributeName); 706 } 707 708 717 public Collection getWhiteList(SessionID sessionID) throws MantaSecurityException, JMSSecurityException { 718 _authorization.authorize(sessionID, ACTION_LIST_WHITE_LIST); 719 if (getLogger().isDebugEnabled()) 720 getLogger().debug("[getWhiteList] Authorization granted: action = " + ACTION_LIST_WHITE_LIST); 721 722 if (getLogger().isDebugEnabled()) 723 getLogger().debug("[getWhiteList] Getting entries of name " + _whiteListRDNAttributeName + " from " + _pathToWhiteList); 724 return getEntries(_pathToWhiteList, _whiteListRDNAttributeName); 725 } 726 727 733 public Object getManagedObject(){ 734 Object managedObj = null; 735 try { 736 managedObj = new SecurityManagementJMX(this); 737 } 738 catch (NotCompliantMBeanException e){ 739 if (getLogger().isErrorEnabled()) 740 getLogger().error("[getManagedObject] " + e.getMessage()); 741 } 742 return managedObj; 743 } 744 745 750 public Log getLogger(){ 751 if (_logger == null){ 752 _logger = LogFactory.getLog(getClass().getName()); 753 } 754 return _logger; 755 } 756 757 private void init(String configurationName) throws MantaSecurityException { 758 String authorizationImplementationClass = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(AUTHORIZATION_IMPLEMENTING_CLASS); 759 if (authorizationImplementationClass == null){ 760 if (getLogger().isErrorEnabled()) 761 getLogger().error("[init] Unable to find configuration parameter: " + AUTHORIZATION_IMPLEMENTING_CLASS); 762 throw new MantaSecurityException("Unable to find configuration parameter: " + AUTHORIZATION_IMPLEMENTING_CLASS); 763 } 764 765 try { 766 _authorization = (MantaAuthorization) Class.forName(authorizationImplementationClass).newInstance(); 767 if (getLogger().isDebugEnabled()) 768 getLogger().debug("[init] Class " + authorizationImplementationClass + " was instantiated"); 769 } 770 catch (Exception e){ 771 if (getLogger().isErrorEnabled()) 772 getLogger().error("[init] Unable to instantiate authorization imlementing class"); 773 throw new MantaSecurityException("Unable to instantiate authorization imlementing class"); 774 } 775 776 _pathToGroups = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_GROUPS); 777 if (_pathToGroups == null){ 778 if (getLogger().isErrorEnabled()) 779 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_GROUPS); 780 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_GROUPS); 781 } 782 783 _pathToUsers = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 784 if (_pathToUsers == null){ 785 if (getLogger().isErrorEnabled()) 786 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 787 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_USERS); 788 } 789 790 _pathToWhiteList = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 791 if (_pathToWhiteList == null){ 792 if (getLogger().isErrorEnabled()) 793 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 794 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_WHITE_LIST); 795 } 796 797 _pathToTopics = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_TOPICS); 798 if (_pathToTopics == null){ 799 if (getLogger().isErrorEnabled()) 800 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_TOPICS); 801 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_TOPICS); 802 } 803 804 _pathToQueues = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_QUEUES); 805 if (_pathToQueues == null){ 806 if (getLogger().isErrorEnabled()) 807 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_QUEUES); 808 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + PATH_TO_QUEUES); 809 } 810 811 _groupAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 812 if (_groupAttributeName == null){ 813 if (getLogger().isErrorEnabled()) 814 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 815 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_OF_USER_ATTRIBUTE); 816 } 817 818 _groupRDNAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_RDN_ATTRIBUTE_NAME); 819 if (_groupRDNAttributeName == null){ 820 if (getLogger().isErrorEnabled()) 821 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_RDN_ATTRIBUTE_NAME); 822 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_RDN_ATTRIBUTE_NAME); 823 } 824 825 _userRDNAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 826 if (_userRDNAttributeName == null){ 827 if (getLogger().isErrorEnabled()) 828 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 829 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_RDN_ATTRIBUTE_NAME); 830 } 831 832 _whiteListRDNAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 833 if (_whiteListRDNAttributeName == null){ 834 if (getLogger().isErrorEnabled()) 835 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 836 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + WHITE_LIST_RDN_ATTRIBUTE_NAME); 837 } 838 839 _topicRDNAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + TOPIC_RDN_ATTRIBUTE_NAME); 840 if (_topicRDNAttributeName == null){ 841 if (getLogger().isErrorEnabled()) 842 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + TOPIC_RDN_ATTRIBUTE_NAME); 843 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + TOPIC_RDN_ATTRIBUTE_NAME); 844 } 845 846 _queueRDNAttributeName = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL_CONFIGURATIONS + "." + configurationName + "." + QUEUE_RDN_ATTRIBUTE_NAME); 847 if (_queueRDNAttributeName == null){ 848 if (getLogger().isErrorEnabled()) 849 getLogger().error("[init] Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + QUEUE_RDN_ATTRIBUTE_NAME); 850 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL_CONFIGURATIONS + "." + configurationName + "." + QUEUE_RDN_ATTRIBUTE_NAME); 851 } 852 853 _configurableGroupAttributes = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getConfigurationElements(ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_ATTRIBUTES); 854 if (_configurableGroupAttributes == null){ 855 if (getLogger().isErrorEnabled()) 856 getLogger().error("[init] Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_ATTRIBUTES); 857 throw new MantaSecurityException("Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + GROUP_ATTRIBUTES); 858 } 859 860 _configurableUserAttributes = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getConfigurationElements(ACL_CONFIGURATIONS + "." + configurationName + "." + USER_ATTRIBUTES); 861 if (_configurableUserAttributes == null){ 862 if (getLogger().isErrorEnabled()) 863 getLogger().error("[init] Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_ATTRIBUTES); 864 throw new MantaSecurityException("Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + USER_ATTRIBUTES); 865 } 866 867 _configurableDefaultAttributes = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getConfigurationElements(ACL_CONFIGURATIONS + "." + configurationName + "." + DEFAULT_ATTRIBUTES); 868 if (_configurableDefaultAttributes == null){ 869 if (getLogger().isErrorEnabled()) 870 getLogger().error("[init] Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + DEFAULT_ATTRIBUTES); 871 throw new MantaSecurityException("Unable to find configuration element: " + ACL_CONFIGURATIONS + "." + configurationName + "." + DEFAULT_ATTRIBUTES); 872 } 873 } 874 875 private void createUserPrincipal(SessionID sessionID, UserPrincipal user) throws PrincipalAlreadyExistsException, PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 876 if (user.getName() == null || "".equals(user.getName())){ 877 if (getLogger().isErrorEnabled()) 878 getLogger().error("[createUserPrincipal] Username not found in argument"); 879 throw new MantaSecurityException("Username not found in argument"); 880 } 881 882 String groupName = (String ) user.getProperty(PROPERTY_USER_GROUP); 884 if (groupName == null){ 885 if (getLogger().isErrorEnabled()) 886 getLogger().error("[createUserPrincipal] Unable to find property " + PROPERTY_USER_GROUP + " in user object to create"); 887 throw new MantaSecurityException("Unable to find property " + PROPERTY_USER_GROUP + " in user object to create"); 888 } 889 890 String pathToGroup = _groupRDNAttributeName + "=" + groupName + "," + _pathToGroups; 892 boolean isGroupExist = _ldapActions.isExistEntry(new LDAPDN(pathToGroup)); 893 if (!isGroupExist){ 894 throw new PrincipalNotFoundException(new GroupPrincipal(groupName)); 895 } 896 897 898 boolean encryptPassword = true; 900 Boolean isDirty = (Boolean ) user.getProperty(PROPERTY_IS_DIRTY_RECORD); 901 if (isDirty != null && isDirty.booleanValue()) 902 encryptPassword = false; 903 if (encryptPassword){ 904 if (getLogger().isDebugEnabled()) 905 getLogger().debug("[createUserPrincipal] Encrypting password"); 906 String password = LDAPUtilities.crypt((String )user.getProperty(PROPERTY_USER_PASSWORD)); 907 user.setProperty(PROPERTY_USER_PASSWORD, password); 908 } 909 910 _authorization.authorize(sessionID, ACTION_CREATE_USER_IN_GROUP, user.getProperty(PROPERTY_USER_GROUP)); 911 if (getLogger().isDebugEnabled()) 912 getLogger().debug("[createUserPrincipal] Authorization granted: action = " + ACTION_CREATE_USER_IN_GROUP + ", param = " + user.getProperty(PROPERTY_USER_GROUP)); 913 914 Map attributes; 915 try { 916 if (getLogger().isDebugEnabled()) 917 getLogger().debug("[createUserPrincipal] Creating attributes map for user"); 918 attributes = new HashMap(setAttributesForAdd(_configurableUserAttributes, user.getProperties())); 919 } 920 catch (PropertyNotFoundException pnfe){ 921 if (getLogger().isErrorEnabled()) 922 getLogger().error("[createUserPrincipal] Unable to find property " + pnfe.getProperty() + " in user object to create"); 923 throw new MantaSecurityException("Unable to find property " + pnfe.getProperty() + " in user object to create"); 924 } 925 926 String strPathToPrincipal = _userRDNAttributeName + "=" + user.getName() + "," + _pathToUsers; 927 928 if (getLogger().isDebugEnabled()) 929 getLogger().debug("[createUserPrincipal] Adding principal: " + strPathToPrincipal); 930 LDAPDN entry = new LDAPDN(strPathToPrincipal); 931 try { 932 recursiveAdd(entry, attributes); 933 } 934 catch (EntryAlreadyExistsException e) { 935 if (getLogger().isErrorEnabled()) 936 getLogger().error("[createUserPrincipal] " + e.getMessage()); 937 throw new PrincipalAlreadyExistsException(user); 938 } 939 } 940 941 private void createGroupPrincipal(SessionID sessionID, GroupPrincipal group) throws PrincipalAlreadyExistsException, MantaSecurityException, JMSSecurityException { 942 if (group.getName() == null || "".equals(group.getName())){ 943 if (getLogger().isErrorEnabled()) 944 getLogger().error("[createGroupPrincipal] Group name not found in argument"); 945 throw new MantaSecurityException("Group name not found in argument"); 946 } 947 948 _authorization.authorize(sessionID, ACTION_CREATE_GROUP); 950 if (getLogger().isDebugEnabled()) 951 getLogger().debug("[createGroupPrincipal] Authorization granted: action = " + ACTION_CREATE_GROUP); 952 953 Map attributes; 954 try { 955 if (getLogger().isDebugEnabled()) 956 getLogger().debug("[createUserPrincipal] Creating attributes map for group"); 957 attributes = new HashMap(setAttributesForAdd(_configurableGroupAttributes, group.getProperties())); 958 } 959 catch (PropertyNotFoundException pnfe){ 960 if (getLogger().isErrorEnabled()) 961 getLogger().error("[createGroupPrincipal] Unable to find property " + pnfe.getProperty() + " in group object to create"); 962 throw new MantaSecurityException("Unable to find property " + pnfe.getProperty() + " in group object to create"); 963 } 964 String strPathToPrincipal = _groupRDNAttributeName + "=" + group.getName() + "," + _pathToGroups; 965 LDAPDN entry = new LDAPDN(strPathToPrincipal); 966 967 if (getLogger().isDebugEnabled()) 968 getLogger().debug("[createGroupPrincipal] Adding principal: " + strPathToPrincipal); 969 try { 970 recursiveAdd(entry, attributes); 971 } 972 catch (EntryAlreadyExistsException e) { 973 if (getLogger().isErrorEnabled()) 974 getLogger().error("[createGroupPrincipal] " + e.getMessage()); 975 throw new PrincipalAlreadyExistsException(group); 976 } 977 } 978 979 private void renameUser(SessionID sessionID, UserPrincipal user, String newName) throws PrincipalNotFoundException, PrincipalAlreadyExistsException, MantaSecurityException, JMSSecurityException { 980 _authorization.authorize(sessionID, ACTION_RENAME_USER, user.getName()); 982 if (getLogger().isDebugEnabled()) 983 getLogger().debug("[renameUser] Authorization granted: action = " + ACTION_RENAME_USER + ", param = " + user.getName()); 984 985 if (getLogger().isDebugEnabled()) 987 getLogger().debug("[renameUser] Copying user " + user + " with its attributes to new user " + newName); 988 copyPrincipalWithAttributes(sessionID, user, newName); 989 990 if (getLogger().isDebugEnabled()) 991 getLogger().debug("[renameUser] Copying permissions of user " + user + " to user " + newName); 992 copyPrincipalPermissions(sessionID, user, newName); 993 994 try { 995 if (getLogger().isDebugEnabled()) 996 getLogger().debug("[renameUser] Deleting user " + user); 997 deletePrincipal(sessionID, user); 998 } 999 catch (GroupNotEmptyException e) { 1000 if (getLogger().isErrorEnabled()) 1001 getLogger().error("[renameUser] " + e.getMessage()); 1002 } 1003 } 1005 1006 private void renameGroup(SessionID sessionID, GroupPrincipal group, String newName) throws PrincipalNotFoundException, PrincipalAlreadyExistsException, MantaSecurityException, JMSSecurityException { 1007 _authorization.authorize(sessionID, ACTION_RENAME_GROUP, group.getName()); 1009 if (getLogger().isDebugEnabled()) 1010 getLogger().debug("[renameGroup] Authorization granted: action = " + ACTION_RENAME_GROUP + ", param = " + group.getName()); 1011 1012 if (getLogger().isDebugEnabled()) 1014 getLogger().debug("[renameGroup] Copying group " + group + " with its attributes to new group " + newName); 1015 copyPrincipalWithAttributes(sessionID, group, newName); 1016 1017 if (getLogger().isDebugEnabled()) 1018 getLogger().debug("[renameGroup] Modifying group name to " + newName + " for all users that belong to group " + group); 1019 renameGroupAttributeInAllUsers(sessionID, group, newName); 1020 1021 if (getLogger().isDebugEnabled()) 1022 getLogger().debug("[renameGroup] Copying permissions of group " + group + " to group " + newName); 1023 copyPrincipalPermissions(sessionID, group, newName); 1024 1025 try { 1026 if (getLogger().isDebugEnabled()) 1027 getLogger().debug("[renameGroup] Deleting group " + group); 1028 deletePrincipal(sessionID, group); 1029 } 1030 catch (GroupNotEmptyException e) { 1031 if (getLogger().isErrorEnabled()) 1032 getLogger().error("[renameGroup] " + e.getMessage()); 1033 } 1034 } 1036 1037 private void deleteUser(UserPrincipal user) throws PrincipalNotFoundException, MantaSecurityException { 1038 String strPathToUser = _userRDNAttributeName + "=" + user.getName() + "," + _pathToUsers; 1039 1040 if (getLogger().isDebugEnabled()) 1041 getLogger().debug("[deleteUser] Deleting user: " + strPathToUser); 1042 LDAPDN entry = new LDAPDN(strPathToUser); 1043 try { 1044 recursiveDelete(entry); 1045 } 1046 catch (EntryNotFoundException enfe){ 1047 if (getLogger().isErrorEnabled()) 1048 getLogger().error("[deleteUser] " + enfe.getMessage()); 1049 throw new PrincipalNotFoundException(user); 1050 } 1051 } 1052 1053 private void deleteGroup(GroupPrincipal group) throws PrincipalNotFoundException, MantaSecurityException { 1054 String strPathToGroup = _groupRDNAttributeName + "=" + group.getName() + "," + _pathToGroups; 1055 LDAPDN entry = new LDAPDN(strPathToGroup); 1056 1057 if (getLogger().isDebugEnabled()) 1058 getLogger().debug("[deleteGroup] Deleting group: " + strPathToGroup); 1059 try { 1060 recursiveDelete(entry); 1061 } 1062 catch (EntryNotFoundException enfe){ 1063 if (getLogger().isErrorEnabled()) 1064 getLogger().error("[deleteGroup] " + enfe.getMessage()); 1065 throw new PrincipalNotFoundException(group); 1066 } 1067 } 1068 1069 private void deletePermissionsForPrincipal(SessionID sessionID, MantaPrincipal princiapl) throws PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 1070 if (getLogger().isDebugEnabled()) 1071 getLogger().debug("[deletePermissionsForPrincipal] Getting list of permissions for principal " + princiapl); 1072 Collection permissionsForUser = getPermissionsForPrincipal(sessionID, princiapl); 1073 1074 Iterator iter = permissionsForUser.iterator(); 1075 while (iter.hasNext()){ 1076 MantaPermission p = (MantaPermission) iter.next(); 1077 1078 if (getLogger().isDebugEnabled()) 1079 getLogger().debug("[deletePermissionsForPrincipal] Deleting permission " + p + " for principal " + princiapl); 1080 1081 try { 1082 deletePermission(sessionID, p, princiapl); 1083 } 1084 catch (PermissionNotFoundException e) { 1085 if (getLogger().isErrorEnabled()) 1086 getLogger().error("[deletePermissionsForPrincipal] " + e.getMessage()); 1087 } 1088 } 1089 } 1090 1091 private Map setAttributesForAdd(ArrayList configurableAttributes, Map properties) throws PropertyNotFoundException, MantaSecurityException { 1095 Map attributes = new HashMap(); 1096 ConfigurationElement element = (ConfigurationElement) configurableAttributes.get(0); 1097 1098 if (getLogger().isDebugEnabled()) 1099 getLogger().debug("[setAttributesForAdd] Getting list of config params under " + element.getName()); 1100 1101 ArrayList subElements = element.getSubConfigurationElements(); 1102 for (int i=0 ; i<subElements.size() ; i++){ 1103 ConfigurationElement current = (ConfigurationElement) subElements.get(i); 1104 String name = current.getName(); 1105 String value = current.getValue(); 1106 1107 if (value != null){ 1108 boolean placeHoldersFound = false; 1109 String withoutPlaceholders = LDAPUtilities.removePlaceHolders(value, '$'); 1110 if (!value.equals(withoutPlaceholders)) 1111 placeHoldersFound = true; 1112 if (placeHoldersFound){ 1113 if (properties.containsKey(withoutPlaceholders)){ 1114 if (getLogger().isDebugEnabled()) 1115 getLogger().debug("[setAttributesForAdd] Adding " + name + " = " + properties.get(withoutPlaceholders) + " to the attributes map"); 1116 attributes.put(name, properties.get(withoutPlaceholders)); 1117 } 1118 else { 1119 if (getLogger().isErrorEnabled()) 1120 getLogger().error("[setAttributesForAdd] Property " + withoutPlaceholders + " not found"); 1121 throw new PropertyNotFoundException(withoutPlaceholders); 1122 } 1123 } 1124 else { 1125 if (getLogger().isDebugEnabled()) 1126 getLogger().debug("[setAttributesForAdd] Adding " + name + " = " + value + " to the attributes map"); 1127 attributes.put(name, value); 1128 } 1129 } 1130 } 1131 return attributes; 1132 } 1133 1134 private Map buildMapFromAttributes(ArrayList configurableAttributes, Attributes attributes) throws MantaSecurityException { 1135 Map props = new HashMap(); 1136 ConfigurationElement element = (ConfigurationElement) configurableAttributes.get(0); 1137 if (getLogger().isDebugEnabled()) 1138 getLogger().debug("[buildMapFromAttributes] Getting list of config params under " + element.getName()); 1139 1140 ArrayList subElements = element.getSubConfigurationElements(); 1141 for (int i=0 ; i<subElements.size() ; i++){ 1142 ConfigurationElement current = (ConfigurationElement) subElements.get(i); 1143 String name = current.getName(); 1144 String value = current.getValue(); 1145 if (value != null){ 1146 Attribute attr = attributes.get(name); 1147 if (attr != null){ 1148 boolean placeHoldersFound = false; 1149 String withoutPlaceholders = LDAPUtilities.removePlaceHolders(value, '$'); 1150 if (!value.equals(withoutPlaceholders)) 1151 placeHoldersFound = true; 1152 if (placeHoldersFound){ 1153 try { 1154 if (getLogger().isDebugEnabled()) 1155 getLogger().debug("[buildMapFromAttributes] Adding " + withoutPlaceholders + " = " + attr.get(0).toString() + " to the attributes map"); 1156 props.put(withoutPlaceholders, attr.get(0)); 1157 } 1158 catch (NamingException e) { 1159 if (getLogger().isErrorEnabled()) 1160 getLogger().error("[buildMapFromAttributes] Error occured while reading LDAP attributes"); 1161 throw new MantaSecurityException("Error occured while reading LDAP attributes"); 1162 } 1163 } 1164 else { 1165 if (getLogger().isDebugEnabled()) 1166 getLogger().debug("[buildMapFromAttributes] Adding " + name + " = " + value + " to the attributes map"); 1167 props.put(name, value); 1168 } 1169 } 1170 } 1171 } 1172 props.put(PROPERTY_IS_DIRTY_RECORD, Boolean.valueOf(true)); 1176 return props; 1177 } 1178 1179 private Collection getTopics() throws MantaSecurityException { 1180 return getEntries(_pathToTopics, _topicRDNAttributeName); 1181 } 1182 1183 private Collection getQueues() throws MantaSecurityException { 1184 return getEntries(_pathToQueues, _queueRDNAttributeName); 1185 } 1186 1187 private Collection getEntries(String path, String objectRDNAttributeName) throws MantaSecurityException { 1188 Collection entries = new ArrayList(); 1189 try { 1190 Collection ldapEntries = _ldapActions.getEntries(new LDAPDN(path)); 1191 Iterator iter = ldapEntries.iterator(); 1192 while (iter.hasNext()){ 1193 String entry = (String ) iter.next(); 1194 if (entry != null){ 1195 String key = objectRDNAttributeName + "="; 1196 int indexOfObjectEntryName = entry.indexOf(key); 1197 if (indexOfObjectEntryName != -1){ 1198 if (getLogger().isDebugEnabled()) 1199 getLogger().debug("[getEntries] Adding " + entry.substring(indexOfObjectEntryName+key.length()) + " to the list of entries"); 1200 entries.add(entry.substring(indexOfObjectEntryName+key.length())); 1201 } 1202 } 1203 } 1204 } 1205 catch (EntryNotFoundException enfe){ 1206 if (getLogger().isErrorEnabled()) 1207 getLogger().error("[getEntries] " + enfe.getMessage()); 1208 throw new MantaSecurityException("Unable to find entries under " + path); 1209 } 1210 return entries; 1211 } 1212 1213 private Collection getEntries(String path, String objectName, String attributeName, String attributeValue) throws MantaSecurityException { 1214 Collection entries = new ArrayList(); 1215 try { 1216 Collection ldapEntries = _ldapActions.getEntries(new LDAPDN(path), attributeName, attributeValue); 1217 Iterator iter = ldapEntries.iterator(); 1218 while (iter.hasNext()){ 1219 String entry = (String ) iter.next(); 1220 if (entry != null){ 1221 String key = objectName + "="; 1222 int indexOfObjectEntryName = entry.indexOf(key); 1223 if (indexOfObjectEntryName != -1){ 1224 if (getLogger().isDebugEnabled()) 1225 getLogger().debug("[getEntries] Adding " + entry.substring(indexOfObjectEntryName+key.length()) + " to the list of entries"); 1226 entries.add(entry.substring(indexOfObjectEntryName+key.length())); 1227 } 1228 } 1229 } 1230 } 1231 catch (EntryNotFoundException enfe){ 1232 if (getLogger().isErrorEnabled()) 1233 getLogger().error("[getEntries] " + enfe.getMessage()); 1234 throw new MantaSecurityException("Unable to find entries under " + path); 1235 } 1236 return entries; 1237 } 1238 1239 private boolean checkPermission(MantaPermission permission, MantaPrincipal principal, ACLStorageConnector ldap) throws MantaSecurityException { 1240 PermissionKeyEntry permissionsEntry = new PermissionKeyEntry(principal, permission); 1241 AuthorizationValue authorizationValue = ldap.isAuthorized(permissionsEntry); 1242 if (authorizationValue != null && authorizationValue.isAuthorized()){ 1243 if (getLogger().isDebugEnabled()) 1244 getLogger().debug("[checkPermission] Permission " + permission + " found for principal " + principal); 1245 return true; 1246 } 1247 else 1248 return false; 1249 } 1250 1251 private void recursiveAdd(LDAPDN entry, Map attributes) throws MantaSecurityException, EntryAlreadyExistsException { 1252 if (!_ldapActions.isExistEntry(entry.getParentDN())) 1254 recursiveAdd(entry.getParentDN(), attributes); 1255 1256 if (getLogger().isDebugEnabled()) 1257 getLogger().debug("[recursiveAdd] Adding entry " + entry); 1258 _ldapActions.addEntry(entry, attributes); 1259 } 1260 1261 private void recursiveDelete(LDAPDN entry) throws MantaSecurityException, EntryNotFoundException { 1262 Collection c = _ldapActions.getEntries(entry); 1264 Iterator iter = c.iterator(); 1265 while (iter.hasNext()){ 1266 String current = (String ) iter.next(); 1267 recursiveDelete(new LDAPDN(current + "," + entry.getPath())); 1268 } 1269 if (getLogger().isDebugEnabled()) 1271 getLogger().debug("[recursiveDelete] Deleting entry " + entry); 1272 _ldapActions.deleteEntry(entry); 1273 } 1274 1275 private void renameGroupAttributeInAllUsers(SessionID sessionID, GroupPrincipal group, String newName) throws MantaSecurityException, JMSSecurityException { 1276 if (getLogger().isDebugEnabled()) 1277 getLogger().debug("Calling getUsers(" + sessionID + ", " + _groupAttributeName + ", " + group.getName() + ")"); 1278 Collection users = getUsers(sessionID, _groupAttributeName, group.getName()); 1279 1280 Iterator iter = users.iterator(); 1281 while (iter.hasNext()){ 1282 String user = (String ) iter.next(); 1283 1284 try { 1286 _authorization.authorize(sessionID, ACTION_SET_GROUP_FOR_USER, user); 1287 if (getLogger().isDebugEnabled()) 1288 getLogger().debug("[renameGroupAttributeInAllUsers] Authorization granted: action = " + ACTION_SET_GROUP_FOR_USER + ", param = " + user); 1289 } 1290 catch (JMSSecurityException e) { 1291 if (getLogger().isInfoEnabled()) 1292 getLogger().info("[renameGroupAttributeInAllUsers] No permission to set group of user " + user); 1293 continue; 1294 } 1295 1296 Map attributes = new HashMap(); 1297 String pathToEntry = _userRDNAttributeName + "=" + user + "," + _pathToUsers; 1298 LDAPDN entry = new LDAPDN(pathToEntry); 1299 attributes.put(_groupAttributeName, newName); 1300 try { 1301 if (getLogger().isDebugEnabled()) 1302 getLogger().debug("[renameGroupAttributeInAllUsers] Setting group attribute for " + entry.getPath()); 1303 _ldapActions.setAttributes(entry, attributes); 1304 } 1305 catch (EntryNotFoundException e) { 1306 if (getLogger().isErrorEnabled()) 1307 getLogger().error("[renameGroupAttributeInAllUsers] " + e.getMessage()); 1308 } 1309 } 1310 1311 } 1312 1313 private void copyPrincipalWithAttributes(SessionID sessionID, MantaPrincipal principal, String newName) throws PrincipalNotFoundException, PrincipalAlreadyExistsException, MantaSecurityException, JMSSecurityException { 1314 if (principal instanceof UserPrincipal){ 1315 UserPrincipal user = (UserPrincipal) principal; 1316 1317 try { 1318 if (getLogger().isDebugEnabled()) 1320 getLogger().debug("[copyPrincipalWithAttributes] Reading attributes of user " + user); 1321 LDAPDN entry = new LDAPDN( _userRDNAttributeName + "=" + user.getName() + "," + _pathToUsers); 1322 Attributes oldUserAttributes = _ldapActions.getAttributes(entry); 1323 Map oldUserProperties = buildMapFromAttributes(_configurableUserAttributes, oldUserAttributes); 1324 1325 UserPrincipal newUser = new UserPrincipal(newName); 1327 newUser.setProperties(oldUserProperties); 1328 newUser.setProperty(PROPERTY_USER_UID, newName); 1329 1330 if (getLogger().isDebugEnabled()) 1331 getLogger().debug("[copyPrincipalWithAttributes] Creating new user " + newUser); 1332 createPrincipal(sessionID, newUser); 1333 } 1334 catch (EntryNotFoundException enfe){ 1335 if (getLogger().isErrorEnabled()) 1336 getLogger().error("[copyPrincipalWithAttributes] " + enfe.getMessage()); 1337 throw new PrincipalNotFoundException(user); 1338 } 1339 } 1340 else if (principal instanceof GroupPrincipal){ 1341 GroupPrincipal group = (GroupPrincipal) principal; 1342 1343 try { 1344 if (getLogger().isDebugEnabled()) 1346 getLogger().debug("[copyPrincipalWithAttributes] Reading attributes of group " + group); 1347 LDAPDN entry = new LDAPDN(_groupRDNAttributeName + "=" + group.getName() + "," + _pathToGroups); 1348 Attributes oldGroupAttributes = _ldapActions.getAttributes(entry); 1349 Map oldGroupProperties = buildMapFromAttributes(_configurableGroupAttributes, oldGroupAttributes); 1350 1351 GroupPrincipal newGroup = new GroupPrincipal(newName); 1353 newGroup.setProperties(oldGroupProperties); 1354 1355 if (getLogger().isDebugEnabled()) 1356 getLogger().debug("[copyPrincipalWithAttributes] Creating new group " + newGroup); 1357 createPrincipal(sessionID, newGroup); 1358 } 1359 catch (EntryNotFoundException enfe){ 1360 if (getLogger().isErrorEnabled()) 1361 getLogger().error("[copyPrincipalWithAttributes] " + enfe.getMessage()); 1362 throw new PrincipalNotFoundException(group); 1363 } 1364 } 1365 } 1366 1367 private void copyPrincipalPermissions(SessionID sessionID, MantaPrincipal principal, String newName) throws PrincipalNotFoundException, MantaSecurityException, JMSSecurityException { 1368 if (principal instanceof UserPrincipal){ 1369 UserPrincipal user = (UserPrincipal) principal; 1370 1371 UserPrincipal newUser = new UserPrincipal(newName); 1373 if (getLogger().isDebugEnabled()) 1374 getLogger().debug("[copyPrincipalPermissions] Reading permissions of user " + user); 1375 Collection permissionsForUser = getPermissionsForPrincipal(sessionID, user); 1376 1377 Iterator iter = permissionsForUser.iterator(); 1378 while (iter.hasNext()){ 1379 MantaPermission p = (MantaPermission) iter.next(); 1380 try { 1381 if (getLogger().isDebugEnabled()) 1382 getLogger().debug("[copyPrincipalPermissions] Creating permission " + p + " for user " + newUser); 1383 createPermission(sessionID, p, newUser); 1384 } 1385 catch (PermissionAlreadyExistsException e) { 1386 if (getLogger().isErrorEnabled()) 1387 getLogger().error("[copyPrincipalPermissions] " + e.getMessage()); 1388 } 1389 } 1390 } 1391 else if (principal instanceof GroupPrincipal){ 1392 GroupPrincipal group = (GroupPrincipal) principal; 1393 1394 GroupPrincipal newGroup = new GroupPrincipal(newName); 1396 1397 if (getLogger().isDebugEnabled()) 1398 getLogger().debug("[copyPrincipalPermissions] Reading permissions of group " + group); 1399 Collection permissionsForUser = getPermissionsForPrincipal(sessionID, group); 1400 1401 Iterator iter = permissionsForUser.iterator(); 1402 while (iter.hasNext()){ 1403 MantaPermission p = (MantaPermission) iter.next(); 1404 try { 1405 if (getLogger().isDebugEnabled()) 1406 getLogger().debug("[copyPrincipalPermissions] Creating permission " + p + " for group " + newGroup); 1407 createPermission(sessionID, p, newGroup); 1408 } 1409 catch (PermissionAlreadyExistsException e) { 1410 if (getLogger().isErrorEnabled()) 1411 getLogger().error("[copyPrincipalPermissions] " + e.getMessage()); 1412 } 1413 } 1414 } 1415 } 1416 1417 private Collection getUsers(SessionID sessionID, String attributeName, String attributeValue) throws MantaSecurityException, JMSSecurityException { 1418 _authorization.authorize(sessionID, ACTION_LIST_USERS); 1419 if (getLogger().isDebugEnabled()) 1420 getLogger().debug("[getUsers] Authorization granted: action = " + ACTION_LIST_USERS); 1421 1422 if (getLogger().isDebugEnabled()) 1423 getLogger().debug("[getUsers] Getting entries with relative distinguished name attribute " + _userRDNAttributeName + " that also has attribute " + attributeName + "=" + attributeValue + " from " + _pathToUsers); 1424 return getEntries(_pathToUsers, _userRDNAttributeName, attributeName, attributeValue); 1425 } 1426} 1427 | Popular Tags |