org.exist.security
Class LDAPSecurityManager

java.lang.Object
  org.exist.security.LDAPSecurityManager

All Implemented Interfaces:

SecurityManager

public class LDAPSecurityManager

extends java.lang.Object

implements SecurityManager

Note: A lot of this code is "borrowed" from Tomcat's JNDIRealm.java

Author:

R. Alexander Milowski

Field Summary

protected java.lang.String	connectionURL
protected javax.naming.directory.DirContext	context
protected java.lang.String	contextFactory
protected java.lang.String	gidNumberAttr
protected java.lang.String	groupBase
protected java.util.Map	groupByIdCache
protected java.lang.String	groupByIdPattern
protected java.text.MessageFormat	groupByIdPatternFormat
protected java.util.Map	groupByNameCache
protected java.lang.String	groupByNamePattern
protected java.text.MessageFormat	groupByNamePatternFormat
protected java.lang.String	groupClassName
protected java.lang.String	groupNameAttr
protected ExistPDP	pdp
protected java.lang.String	uidAttr
protected java.lang.String	uidNumberAttr
protected java.lang.String	userBase
protected java.util.Map	userByIdCache
protected java.lang.String	userByIdPattern
protected java.text.MessageFormat	userByIdPatternFormat
protected java.util.Map	userByNameCache
protected java.lang.String	userByNamePattern The message format used to form the distinguished name of a user, with "{0}" marking the spot where the specified username goes.
protected java.text.MessageFormat	userByNamePatternFormat
protected java.lang.String	userClassName
protected java.lang.String	userPasswordAttr

Fields inherited from interface org.exist.security.SecurityManager

ACL_FILE, DBA_GROUP, DBA_USER, GUEST_GROUP, GUEST_USER, SYSTEM_USER

Constructor Summary

LDAPSecurityManager()
Creates a new instance of LDAPSecurityManager

Method Summary

void	addGroup(java.lang.String name)
void	attach(BrokerPool pool, DBBroker sysBroker)
void	deleteUser(java.lang.String name)
void	deleteUser(User user)
int	getCollectionDefaultPerms()
protected java.util.Hashtable	getDirectoryEnvironment()
Group	getGroup(int gid)
Group	getGroup(java.lang.String name)
protected Group	getGroupById(javax.naming.directory.DirContext context, int gid)
protected Group	getGroupByName(javax.naming.directory.DirContext context, java.lang.String name)
java.lang.String[]	getGroups()
ExistPDP	getPDP()
int	getResourceDefaultPerms()
protected User	getUser(javax.naming.directory.DirContext context, java.lang.String dn)
User	getUser(int uid)
User	getUser(java.lang.String name)
protected User	getUserById(javax.naming.directory.DirContext context, int uid)
protected User	getUserByName(javax.naming.directory.DirContext context, java.lang.String username)
User[]	getUsers()
boolean	hasAdminPrivileges(User user)
boolean	hasGroup(java.lang.String name)
boolean	hasUser(java.lang.String name)
boolean	isXACMLEnabled()
protected User	newUserFromAttributes(javax.naming.directory.DirContext context, javax.naming.directory.Attributes attrs)
void	setGroupByIdPattern(java.lang.String pattern)
void	setGroupByNamePattern(java.lang.String pattern)
void	setUser(User user)
void	setUserByIdPattern(java.lang.String pattern)
void	setUserByNamePattern(java.lang.String pattern) Set the message format pattern for selecting users in this Realm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

userByNameCache

protected java.util.Map userByNameCache

userByIdCache

protected java.util.Map userByIdCache

groupByNameCache

protected java.util.Map groupByNameCache

groupByIdCache

protected java.util.Map groupByIdCache

contextFactory

protected java.lang.String contextFactory

connectionURL

protected java.lang.String connectionURL

userPasswordAttr

protected java.lang.String userPasswordAttr

uidAttr

protected java.lang.String uidAttr

uidNumberAttr

protected java.lang.String uidNumberAttr

gidNumberAttr

protected java.lang.String gidNumberAttr

groupNameAttr

protected java.lang.String groupNameAttr

groupClassName

protected java.lang.String groupClassName

userClassName

protected java.lang.String userClassName

userBase

protected java.lang.String userBase

groupBase

protected java.lang.String groupBase

context

protected javax.naming.directory.DirContext context

userByNamePattern

protected java.lang.String userByNamePattern

The message format used to form the distinguished name of a user, with "{0}" marking the spot where the specified username goes.

userByIdPattern

protected java.lang.String userByIdPattern

userByNamePatternFormat

protected java.text.MessageFormat userByNamePatternFormat

userByIdPatternFormat

protected java.text.MessageFormat userByIdPatternFormat

groupByIdPattern

protected java.lang.String groupByIdPattern

groupByNamePattern

protected java.lang.String groupByNamePattern

groupByIdPatternFormat

protected java.text.MessageFormat groupByIdPatternFormat

groupByNamePatternFormat

protected java.text.MessageFormat groupByNamePatternFormat

pdp

protected ExistPDP pdp

Constructor Detail

LDAPSecurityManager

public LDAPSecurityManager()

Creates a new instance of LDAPSecurityManager

Method Detail

setUserByNamePattern

public void setUserByNamePattern(java.lang.String pattern)

Set the message format pattern for selecting users in this Realm. This may be one simple pattern, or multiple patterns to be tried, separated by parentheses. (for example, either "cn={0}", or "(cn={0})(cn={0},o=myorg)" Full LDAP search strings are also supported, but only the "OR", "|" syntax, so "(|(cn={0})(cn={0},o=myorg))" is also valid. Complex search strings with &, etc are NOT supported.

setUserByIdPattern

public void setUserByIdPattern(java.lang.String pattern)

setGroupByIdPattern

public void setGroupByIdPattern(java.lang.String pattern)

setGroupByNamePattern

public void setGroupByNamePattern(java.lang.String pattern)

getDirectoryEnvironment

protected java.util.Hashtable getDirectoryEnvironment()

attach

public void attach(BrokerPool pool,
                   DBBroker sysBroker)

Specified by:

attach in interface SecurityManager

getUserByName

protected User getUserByName(javax.naming.directory.DirContext context,
                             java.lang.String username)
                      throws javax.naming.NamingException

Throws:

javax.naming.NamingException

getUserById

protected User getUserById(javax.naming.directory.DirContext context,
                           int uid)
                    throws javax.naming.NamingException

Throws:

javax.naming.NamingException

getGroupById

protected Group getGroupById(javax.naming.directory.DirContext context,
                             int gid)
                      throws javax.naming.NamingException

Throws:

javax.naming.NamingException

getGroupByName

protected Group getGroupByName(javax.naming.directory.DirContext context,
                               java.lang.String name)
                        throws javax.naming.NamingException

Throws:

javax.naming.NamingException

newUserFromAttributes

protected User newUserFromAttributes(javax.naming.directory.DirContext context,
                                     javax.naming.directory.Attributes attrs)
                              throws javax.naming.NamingException

Throws:

javax.naming.NamingException

getUser

protected User getUser(javax.naming.directory.DirContext context,
                       java.lang.String dn)
                throws javax.naming.NamingException

Throws:

javax.naming.NamingException

addGroup

public void addGroup(java.lang.String name)

Specified by:

addGroup in interface SecurityManager

deleteUser

public void deleteUser(java.lang.String name)
                throws PermissionDeniedException

Specified by:

deleteUser in interface SecurityManager

Throws:

PermissionDeniedException

deleteUser

public void deleteUser(User user)
                throws PermissionDeniedException

Specified by:

deleteUser in interface SecurityManager

Throws:

PermissionDeniedException

getCollectionDefaultPerms

public int getCollectionDefaultPerms()

Specified by:

getCollectionDefaultPerms in interface SecurityManager

getGroup

public Group getGroup(int gid)

Specified by:

getGroup in interface SecurityManager

getGroup

public Group getGroup(java.lang.String name)

Specified by:

getGroup in interface SecurityManager

getGroups

public java.lang.String[] getGroups()

Specified by:

getGroups in interface SecurityManager

isXACMLEnabled

public boolean isXACMLEnabled()

Specified by:

isXACMLEnabled in interface SecurityManager

getPDP

public ExistPDP getPDP()

Specified by:

getPDP in interface SecurityManager

getResourceDefaultPerms

public int getResourceDefaultPerms()

Specified by:

getResourceDefaultPerms in interface SecurityManager

getUser

public User getUser(int uid)

Specified by:

getUser in interface SecurityManager

getUser

public User getUser(java.lang.String name)

Specified by:

getUser in interface SecurityManager

getUsers

public User[] getUsers()

Specified by:

getUsers in interface SecurityManager

hasAdminPrivileges

public boolean hasAdminPrivileges(User user)

Specified by:

hasAdminPrivileges in interface SecurityManager

hasUser

public boolean hasUser(java.lang.String name)

Specified by:

hasUser in interface SecurityManager

hasGroup

public boolean hasGroup(java.lang.String name)

Specified by:

hasGroup in interface SecurityManager

setUser

public void setUser(User user)

Specified by:

setUser in interface SecurityManager