View Javadoc

1   /*
2    * Copyright 2004-2006 the Seasar Foundation and the Others.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 
13   * either express or implied. See the License for the specific language
14   * governing permissions and limitations under the License.
15   */
16  package com.isenshi.util.extlib;
17  
18  import java.security.Principal;
19  import java.util.Hashtable;
20  import java.util.Iterator;
21  import java.util.List;
22  import java.util.Properties;
23  import java.util.Vector;
24  
25  import net.sf.ehcache.Cache;
26  
27  import org.apache.slide.common.NamespaceAccessToken;
28  import org.apache.slide.common.ServiceAccessException;
29  import org.apache.slide.common.ServiceInitializationFailedException;
30  import org.apache.slide.common.ServiceParameterErrorException;
31  import org.apache.slide.common.ServiceParameterMissingException;
32  import org.apache.slide.common.Uri;
33  import org.apache.slide.content.NodeProperty;
34  import org.apache.slide.content.NodeRevisionDescriptor;
35  import org.apache.slide.content.NodeRevisionNumber;
36  import org.apache.slide.content.RevisionDescriptorNotFoundException;
37  import org.apache.slide.store.txjndi.JNDIPrincipalStore;
38  import org.apache.slide.structure.ObjectNode;
39  import org.apache.slide.structure.ObjectNotFoundException;
40  import org.apache.slide.structure.SubjectNode;
41  import org.seasar.framework.container.S2Container;
42  import org.seasar.framework.container.factory.SingletonS2ContainerFactory;
43  import org.seasar.tuigwaa.security.DirectoryService;
44  import org.seasar.tuigwaa.security.DirectoryUtils;
45  import org.seasar.tuigwaa.security.auth.TgwRole;
46  import org.seasar.tuigwaa.security.auth.TgwUser;
47  
48  
49  /***
50   * @author someda
51   */
52  public class TgwJNDIPrincipalStore extends JNDIPrincipalStore {
53  
54  	private DirectoryService service;	
55  
56  	private static final String RESOURCE_TYPE_COLLECTION = "<collection/>";
57  	private static final String RESOURCE_TYPE_PRINCIPAL = "<collection/><principal/>";
58  	
59  	private String userStoreName;
60  	private String roleStoreName;
61  	
62  	private String userSearchBase;
63  	private String userPrefix;
64  	private String roleSearchBase;
65  	private String rolePrefix;
66  	private String searchBase;
67  	
68  	private boolean roleUserPrefixOnly = false;
69  	
70  	private static final String NAMESPACE_DAV = NodeProperty.DEFAULT_NAMESPACE; // DAV:
71  	
72  	public TgwJNDIPrincipalStore(){
73  	
74  		S2Container s2container = SingletonS2ContainerFactory.getContainer();
75  		service = (DirectoryService) s2container.getComponent(DirectoryService.class);
76  		Properties ldapProperties = (Properties) s2container.getComponent("ldapsetting");		
77  		
78  		userSearchBase = ldapProperties.getProperty(DirectoryService.USER_SUFFIX);
79  		userPrefix = ldapProperties.getProperty(DirectoryService.USER_PREFIX);
80  		roleSearchBase = ldapProperties.getProperty(DirectoryService.ROLE_SUFFIX);
81  		rolePrefix = ldapProperties.getProperty(DirectoryService.ROLE_PREFIX);				
82  		searchBase = ldapProperties.getProperty(DirectoryService.BASE_DN);
83  		
84  		String prefixOnly = ldapProperties.getProperty(DirectoryService.ROLE_USER_PREFIXONLY);		
85  		if(prefixOnly != null && !"".equals(prefixOnly)){
86  			roleUserPrefixOnly = Boolean.valueOf(prefixOnly).booleanValue();
87  		}
88  	}
89  		
90  	public void initialize(NamespaceAccessToken token) throws ServiceInitializationFailedException{
91  		// does not need to call super#initialize, because any super class does nothing
92  //		super.initialize(token);		
93  		userStoreName = token.getNamespaceConfig().getUsersPath();
94  		roleStoreName = token.getNamespaceConfig().getRolesPath();
95  	}
96  	
97  	// super class method uses cache, so overrides that to disable cache
98  	public NodeRevisionDescriptor retrieveRevisionDescriptor(Uri uri, NodeRevisionNumber revisionNumber) 
99  		throws ServiceAccessException, RevisionDescriptorNotFoundException {						
100 		return getRevisionDescriptor(uri);
101 	}
102 	
103 	// super class method uses cache, so overrides that to disable cache
104 	public ObjectNode retrieveObject(Uri uri) throws ServiceAccessException, ObjectNotFoundException {
105 		return getObject(uri);
106 	}
107 	
108 	public void setParameters(Hashtable parameters) 
109 		throws ServiceParameterErrorException,ServiceParameterMissingException {
110 		// do nothing, this file doesn't need any parameters from Domain.xml
111 	}
112 
113 	protected SubjectNode getObject(Uri uri)
114 		throws ObjectNotFoundException, ServiceAccessException {
115 
116 		String currentUri = uri.toString();		
117 		boolean isUserStore = (currentUri.indexOf(userStoreName) != -1);
118 		boolean isRoleStore = (currentUri.indexOf(roleStoreName) != -1);
119 		
120         Uri parentUri = uri.getParentUri();
121 		String objectName = getObjectNameFromUri(uri);		
122 		
123 		Vector parentBindings = new Vector();
124 		Vector childBindings = new Vector();		
125 		
126 		if ( !uri.toString().equals( "/" ) ) {
127 			parentBindings.add(new ObjectNode.Binding(objectName, parentUri.toString()));
128 		}
129 		
130 		if(uri.isStoreRoot()){
131 				
132 			List list = null;
133 			if(isRoleStore){				
134 				list = service.getRoles();
135 			}else if(isUserStore){				
136 				list = service.getUsers();				
137 			}
138 			
139 			if(list != null){
140 				for(Iterator i=list.iterator();i.hasNext();){
141 					Principal principal = (Principal) i.next();
142 					childBindings.add(new ObjectNode.Binding(principal.getName(),uri.toString() + "/" + principal.getName()));					
143 				}				
144 			}			
145 		}else{
146 						
147 			boolean isExist = false;						
148 			if(isRoleStore){
149 				if(service.getRole(DirectoryUtils.getAbsoluteDN(objectName,rolePrefix,roleSearchBase,searchBase)) != null)
150 					isExist = true;				
151 			}else if(isUserStore){
152 				if(service.getUser(DirectoryUtils.getAbsoluteDN(objectName,userPrefix,userSearchBase,searchBase)) != null)
153 					isExist = true;				
154 			}
155 
156 			if(!isExist)
157 				throw new ObjectNotFoundException(uri);
158 		}
159 		
160 		SubjectNode node = new SubjectNode(currentUri,childBindings,parentBindings,new Vector());
161 		// Workaround for bug in ObjectNode.validate()
162 		node.setUri(currentUri);
163 		
164 		return node;
165 	}
166 	
167 	protected NodeRevisionDescriptor getRevisionDescriptor(Uri uri)
168 		throws RevisionDescriptorNotFoundException, ServiceAccessException {				
169 		
170 		String currentUri = uri.toString();		
171 		boolean isUserStore = (currentUri.indexOf(userStoreName) != -1);
172 		boolean isRoleStore = (currentUri.indexOf(roleStoreName) != -1);
173 		
174 		String objectName = getObjectNameFromUri(uri);
175 		Hashtable props = new Hashtable();
176 		
177 		NodeProperty resourceType = null;
178 		if ( !uri.isStoreRoot() ){
179 			resourceType = new NodeProperty("resourcetype",RESOURCE_TYPE_PRINCIPAL,NAMESPACE_DAV,"",false);			
180 		}else{
181 			resourceType = new NodeProperty("resourcetype",RESOURCE_TYPE_COLLECTION,NAMESPACE_DAV,"",false);			
182 		}
183 		
184 		NodeProperty displayName = new NodeProperty("displayname",objectName,NAMESPACE_DAV,"",false);
185 		
186 		props.put("DAV:resourcetype",resourceType);
187 		props.put("DAV:displayname",displayName);
188 		
189 		if(!uri.isStoreRoot()){
190 		
191 			if(isRoleStore){				
192 				TgwRole role = service.getRole(DirectoryUtils.getAbsoluteDN(objectName,rolePrefix,roleSearchBase,searchBase));
193 				if(role == null)
194 					throw new RevisionDescriptorNotFoundException(currentUri);
195 								
196 				String[] users = role.getUsers();
197 				StringBuffer buf = new StringBuffer();
198 				
199 				for(int i=0;i<users.length;i++){
200 					String ldapName = null;
201 					if(roleUserPrefixOnly){
202 						ldapName = users[i];
203 					}else{
204 						ldapName = parseLdapName(users[i]);
205 					}
206 					buf.append("<D:href xmlns:D='DAV:'>");
207 					buf.append(userStoreName + "/" + ldapName);
208 					buf.append("</D:href>");															
209 				}				
210 				NodeProperty groupMemberSet = new NodeProperty("group-member-set",buf.toString(),NAMESPACE_DAV);
211 				props.put("DAV:group-member-set",groupMemberSet);
212 				
213 				NodeProperty ldapCn = new NodeProperty(rolePrefix,role.getName(),LDAP_NAMESPACE);
214 				props.put(LDAP_NAMESPACE + rolePrefix, ldapCn);								
215 				
216 			}else if(isUserStore){
217 				
218 				TgwUser user = service.getUser(DirectoryUtils.getAbsoluteDN(objectName,userPrefix,userSearchBase,searchBase));
219 				if(user == null)
220 					throw new RevisionDescriptorNotFoundException(currentUri);
221 				
222 				NodeProperty ldapUid = new NodeProperty(userPrefix,user.getName(),LDAP_NAMESPACE);
223 				props.put(LDAP_NAMESPACE + userPrefix, ldapUid);				
224 			}
225 		}
226 				
227 		NodeRevisionDescriptor descriptor = 
228 			new NodeRevisionDescriptor(new NodeRevisionNumber(1,0),"main",new Vector(),props);				
229 		
230 		return descriptor;	
231 	}	
232 
233 	// ----- [Start] cache related methods, all do nothing -----
234 	
235 	protected synchronized void addRefreshee( Uri uri, int refreshType ) {	
236 	}
237 	
238 	protected Cache getCache(){
239 		return null;
240 	}
241 	
242 	protected void refreshCache(){
243 	}
244 	
245 	
246 }