[portal-commits] JBoss Portal SVN: r6334 - in trunk: identity/src/main/org/jboss/portal/identity/auth and 1 other directory.

Author: bdaw Date: 2007-02-19 09:17:19 -0500 (Mon, 19 Feb 2007) New Revision: 6334 Added: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPExtLoginModule.java trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPLoginModule.java Removed: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapExtLoginModule.java trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapLoginModule.java Modified: trunk/core/src/resources/portal-core-sar/conf/login-config.xml Log: - correct class naming Modified: trunk/core/src/resources/portal-core-sar/conf/login-config.xml =================================================================== --- trunk/core/src/resources/portal-core-sar/conf/login-config.xml 2007-02-19 13:37:02 UTC (rev 6333) +++ trunk/core/src/resources/portal-core-sar/conf/login-config.xml 2007-02-19 14:17:19 UTC (rev 6334) @@ -61,7 +61,7 @@ but it will inject role defined in "additionalRole". For obvious reasons this is designed to use with portal identity modules configured with DB and not LDAP--> <!--There is also SynchronizingLdapLoginModule which provide the same set of options on top of JBossSX LdapLoginModule--> - <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLdapExtLoginModule" flag="required"> + <!--<login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule" flag="required"> <module-option name="synchronizeIdentity">true</module-option> <module-option name="synchronizeRoles">false</module-option> <module-option name="additionalRole">Authenticated</module-option> Copied: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPExtLoginModule.java (from rev 6333, trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapExtLoginModule.java) =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPExtLoginModule.java (rev 0) +++ trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPExtLoginModule.java 2007-02-19 14:17:19 UTC (rev 6334) @@ -0,0 +1,335 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.portal.identity.auth; + +import org.jboss.security.auth.spi.LdapExtLoginModule; +import org.jboss.portal.identity.UserModule; +import org.jboss.portal.identity.RoleModule; +import org.jboss.portal.identity.MembershipModule; +import org.jboss.portal.identity.User; +import org.jboss.portal.identity.Role; +import org.jboss.portal.identity.IdentityException; +import org.jboss.portal.common.transaction.Transactions; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; +import javax.security.auth.callback.CallbackHandler; +import javax.naming.InitialContext; +import javax.transaction.TransactionManager; +import java.util.Map; +import java.util.Set; +import java.util.HashSet; +import java.util.Enumeration; +import java.security.acl.Group; +import java.security.Principal; + +/** + * @author <a href="mailto:boleslaw dot dawidowicz at redhat anotherdot com">Boleslaw Dawidowicz</a> + * @version $Revision: 0.1 $ + */ +public class SynchronizingLDAPExtLoginModule extends LdapExtLoginModule +{ + protected String additionalRole; + protected String defaultAssignedRole; + protected String synchronizeIdentity; + protected String synchronizeRoles; + protected String userModuleJNDIName; + protected String roleModuleJNDIName; + protected String membershipModuleJNDIName; + + + private UserModule userModule; + private RoleModule roleModule; + private MembershipModule membershipModule; + + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) + { + super.initialize(subject, callbackHandler, sharedState, options); + + + // Get data + userModuleJNDIName = (String)options.get("userModuleJNDIName"); + roleModuleJNDIName = (String)options.get("roleModuleJNDIName"); + membershipModuleJNDIName = (String)options.get("membershipModuleJNDIName"); + additionalRole = (String)options.get("additionalRole"); + synchronizeIdentity = (String)options.get("synchronizeIdentity"); + synchronizeRoles = (String)options.get("synchronizeRoles"); + defaultAssignedRole = (String)options.get("defaultAssignedRole"); + + // Some info + log.trace("additionalRole = " + additionalRole); + log.trace("userModuleJNDIName = " + userModuleJNDIName); + log.trace("roleModuleJNDIName = " + roleModuleJNDIName); + log.trace("membershipModuleJNDIName = " + membershipModuleJNDIName); + log.trace("synchronizeIdentity = " + synchronizeIdentity); + log.trace("synchronizeRoles = " + synchronizeRoles); + log.trace("defaultAssignedRole = " + defaultAssignedRole); + } + + protected UserModule getUserModule() throws Exception + { + if (userModule == null) + { + userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName); + } + if (userModule == null) + { + throw new IdentityException("Cannot obtain UserModule using JNDI name:" + userModuleJNDIName); + } + + return userModule; + } + + protected RoleModule getRoleModule() throws Exception + { + + if (roleModule == null) + { + roleModule = (RoleModule)new InitialContext().lookup(roleModuleJNDIName); + } + if (roleModule == null) + { + throw new IdentityException("Cannot obtain RoleModule using JNDI name:" + roleModuleJNDIName); + } + return roleModule; + } + + protected MembershipModule getMembershipModule() throws Exception + { + + if (membershipModule == null) + { + membershipModule = (MembershipModule)new InitialContext().lookup(membershipModuleJNDIName); + } + if (membershipModule == null) + { + throw new IdentityException("Cannot obtain MembershipModule using JNDI name:" + membershipModuleJNDIName); + } + return membershipModule; + } + + + protected boolean validatePassword(String string, String string1) + { + boolean validate = super.validatePassword(string, string1); + + if (validate && isSynchronizeIdentity()) + { + try + { + performSynchronization(getUsername(), string); + } + catch (Throwable e) + { + log.warn("Failed to sychronize identity of user: " + string, e); + } + } + + return validate; + } + + protected Group[] getRoleSets() throws LoginException + { + Group[] rolesGroup = super.getRoleSets(); + if (additionalRole != null) + { + try + { + for (int i = 0; i < rolesGroup.length; i++) + { + Group group = rolesGroup[i]; + if (group.getName().equals("Roles")) + { + group.addMember(createIdentity(additionalRole)); + } + } + } + catch (Exception e) + { + //just a try + log.error("Error when adding additional role: ", e); + } + } + return rolesGroup; + } + + /** Subclass to use the PortalPrincipal to make the username easier to retrieve by the portal. */ + protected Principal createIdentity(String username) throws Exception + { + return new UserPrincipal(username); + } + + private void performSynchronization(final String name, final String password) throws Exception + { + final Group[] group = super.getRoleSets(); + + log.debug("$$Synchronizing user: " + name); + + if (log.isDebugEnabled()) + { + for (int i = 0; i < group.length; i++) + { + Group group1 = group[i]; + log.debug("$$Role Group: " + group1.getName()); + Enumeration xx = group1.members(); + while (xx.hasMoreElements()) + { + Principal o = (Principal)xx.nextElement(); + log.debug("$$Principal in group: " + o.getName() + "; " + o.toString()); + + } + } + } + try + { + TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); + Transactions.required(tm, new Transactions.Runnable() + { + public Object run() throws Exception + { + try + { + + + User user = null; + //check if user exist + try + { + + user = getUserModule().findUserByUserName(name); + + //synchronize password from LDAP to DB + if (!user.validatePassword(password)) + { + user.updatePassword(password); + } + } + catch (Exception e) + { + // nothing as user can simply not exist + } + + //if not try to synchronize it + if (user == null) + { + user = getUserModule().createUser(name, password); + } + + Set rolesToAssign = new HashSet(); + + //now check and try synchronize all the roles + if (isSynchronizeRoles()) + { + + //based on code implementation its just one SimpleGroup called "Roles" + Group roleGroup = group[0]; + Enumeration en = roleGroup.members(); + while (en.hasMoreElements()) + { + Principal p = (Principal)en.nextElement(); + String roleName = p.getName(); + log.debug("$$Processing role principal object related to current user: " + roleName); + //check if such role is present + + Role role = null; + try + { + role = getRoleModule().findRoleByName(roleName); + } + catch (Exception e) + { + // + } + + if (role == null) + { + try + { + role = getRoleModule().createRole(roleName, roleName); + } + catch (Throwable e) + { + log.warn("Error when trying to synchronize role: " + roleName, e); + continue; + } + } + + rolesToAssign.add(role); + } + } + + if (defaultAssignedRole != null) + { + try + { + rolesToAssign.add(getRoleModule().findRoleByName(defaultAssignedRole)); + } + catch(Exception e) + { + // + log.warn("Cannot find defaultAssignedRole: " + defaultAssignedRole, e); + } + } + + if (rolesToAssign.size() > 0) + { + getMembershipModule().assignRoles(user, rolesToAssign); + } + + return null; + + } + catch (Exception e) + { + throw new LoginException(e.toString()); + } + } + }); + } + catch (Exception e) + { + Throwable cause = e.getCause(); + throw new LoginException(cause.toString()); + } + } + + protected boolean isSynchronizeIdentity() + { + if (synchronizeIdentity != null && synchronizeIdentity.equalsIgnoreCase("false")) + { + return Boolean.FALSE.booleanValue(); + } + return Boolean.TRUE.booleanValue(); + } + + protected boolean isSynchronizeRoles() + { + if (synchronizeRoles != null && synchronizeRoles.equalsIgnoreCase("false")) + { + return Boolean.FALSE.booleanValue(); + } + return Boolean.TRUE.booleanValue(); + } + + +} Copied: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPLoginModule.java (from rev 6333, trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapLoginModule.java) =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPLoginModule.java (rev 0) +++ trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPLoginModule.java 2007-02-19 14:17:19 UTC (rev 6334) @@ -0,0 +1,335 @@ +/* +* JBoss, a division of Red Hat +* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated +* by the @authors tag. See the copyright.txt in the distribution for a +* full listing of individual contributors. +* +* This is free software; you can redistribute it and/or modify it +* under the terms of the GNU Lesser General Public License as +* published by the Free Software Foundation; either version 2.1 of +* the License, or (at your option) any later version. +* +* This software is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +* Lesser General Public License for more details. +* +* You should have received a copy of the GNU Lesser General Public +* License along with this software; if not, write to the Free +* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA +* 02110-1301 USA, or see the FSF site: http://www.fsf.org. +*/ + +package org.jboss.portal.identity.auth; + +import org.jboss.security.auth.spi.LdapLoginModule; +import org.jboss.portal.identity.UserModule; +import org.jboss.portal.identity.RoleModule; +import org.jboss.portal.identity.MembershipModule; +import org.jboss.portal.identity.IdentityException; +import org.jboss.portal.identity.User; +import org.jboss.portal.identity.Role; +import org.jboss.portal.common.transaction.Transactions; + +import javax.security.auth.Subject; +import javax.security.auth.login.LoginException; +import javax.security.auth.callback.CallbackHandler; +import javax.naming.InitialContext; +import javax.transaction.TransactionManager; +import java.util.Map; +import java.util.Enumeration; +import java.util.Set; +import java.util.HashSet; +import java.security.acl.Group; +import java.security.Principal; + +/** + * @author <a href="mailto:boleslaw dot dawidowicz at redhat anotherdot com">Boleslaw Dawidowicz</a> + * @version $Revision: 0.1 $ + */ +public class SynchronizingLDAPLoginModule extends LdapLoginModule +{ + protected String additionalRole; + protected String defaultAssignedRole; + protected String synchronizeIdentity; + protected String synchronizeRoles; + protected String userModuleJNDIName; + protected String roleModuleJNDIName; + protected String membershipModuleJNDIName; + + + private UserModule userModule; + private RoleModule roleModule; + private MembershipModule membershipModule; + + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) + { + super.initialize(subject, callbackHandler, sharedState, options); + + + // Get data + userModuleJNDIName = (String)options.get("userModuleJNDIName"); + roleModuleJNDIName = (String)options.get("roleModuleJNDIName"); + membershipModuleJNDIName = (String)options.get("membershipModuleJNDIName"); + additionalRole = (String)options.get("additionalRole"); + synchronizeIdentity = (String)options.get("synchronizeIdentity"); + synchronizeRoles = (String)options.get("synchronizeRoles"); + defaultAssignedRole = (String)options.get("defaultAssignedRole"); + + // Some info + log.trace("additionalRole = " + additionalRole); + log.trace("userModuleJNDIName = " + userModuleJNDIName); + log.trace("roleModuleJNDIName = " + roleModuleJNDIName); + log.trace("membershipModuleJNDIName = " + membershipModuleJNDIName); + log.trace("synchronizeIdentity = " + synchronizeIdentity); + log.trace("synchronizeRoles = " + synchronizeRoles); + log.trace("defaultAssignedRole = " + defaultAssignedRole); + } + + protected UserModule getUserModule() throws Exception + { + if (userModule == null) + { + userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName); + } + if (userModule == null) + { + throw new IdentityException("Cannot obtain UserModule using JNDI name:" + userModuleJNDIName); + } + + return userModule; + } + + protected RoleModule getRoleModule() throws Exception + { + + if (roleModule == null) + { + roleModule = (RoleModule)new InitialContext().lookup(roleModuleJNDIName); + } + if (roleModule == null) + { + throw new IdentityException("Cannot obtain RoleModule using JNDI name:" + roleModuleJNDIName); + } + return roleModule; + } + + protected MembershipModule getMembershipModule() throws Exception + { + + if (membershipModule == null) + { + membershipModule = (MembershipModule)new InitialContext().lookup(membershipModuleJNDIName); + } + if (membershipModule == null) + { + throw new IdentityException("Cannot obtain MembershipModule using JNDI name:" + membershipModuleJNDIName); + } + return membershipModule; + } + + + protected boolean validatePassword(String string, String string1) + { + boolean validate = super.validatePassword(string, string1); + + if (validate && isSynchronizeIdentity()) + { + try + { + performSynchronization(getUsername(), string); + } + catch (Throwable e) + { + log.warn("Failed to sychronize identity of user: " + string, e); + } + } + + return validate; + } + + protected Group[] getRoleSets() throws LoginException + { + Group[] rolesGroup = super.getRoleSets(); + if (additionalRole != null) + { + try + { + for (int i = 0; i < rolesGroup.length; i++) + { + Group group = rolesGroup[i]; + if (group.getName().equals("Roles")) + { + group.addMember(createIdentity(additionalRole)); + } + } + } + catch (Exception e) + { + //just a try + log.error("Error when adding additional role: ", e); + } + } + return rolesGroup; + } + + /** Subclass to use the PortalPrincipal to make the username easier to retrieve by the portal. */ + protected Principal createIdentity(String username) throws Exception + { + return new UserPrincipal(username); + } + + private void performSynchronization(final String name, final String password) throws Exception + { + final Group[] group = super.getRoleSets(); + + log.debug("$$Synchronizing user: " + name); + + if (log.isDebugEnabled()) + { + for (int i = 0; i < group.length; i++) + { + Group group1 = group[i]; + log.debug("$$Role Group: " + group1.getName()); + Enumeration xx = group1.members(); + while (xx.hasMoreElements()) + { + Principal o = (Principal)xx.nextElement(); + log.debug("$$Principal in group: " + o.getName() + "; " + o.toString()); + + } + } + } + try + { + TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); + Transactions.required(tm, new Transactions.Runnable() + { + public Object run() throws Exception + { + try + { + + + User user = null; + //check if user exist + try + { + + user = getUserModule().findUserByUserName(name); + + //synchronize password from LDAP to DB + if (!user.validatePassword(password)) + { + user.updatePassword(password); + } + } + catch (Exception e) + { + // nothing as user can simply not exist + } + + //if not try to synchronize it + if (user == null) + { + user = getUserModule().createUser(name, password); + } + + Set rolesToAssign = new HashSet(); + + //now check and try synchronize all the roles + if (isSynchronizeRoles()) + { + + //based on code implementation its just one SimpleGroup called "Roles" + Group roleGroup = group[0]; + Enumeration en = roleGroup.members(); + while (en.hasMoreElements()) + { + Principal p = (Principal)en.nextElement(); + String roleName = p.getName(); + log.debug("$$Processing role principal object related to current user: " + roleName); + //check if such role is present + + Role role = null; + try + { + role = getRoleModule().findRoleByName(roleName); + } + catch (Exception e) + { + // + } + + if (role == null) + { + try + { + role = getRoleModule().createRole(roleName, roleName); + } + catch (Throwable e) + { + log.warn("Error when trying to synchronize role: " + roleName, e); + continue; + } + } + + rolesToAssign.add(role); + } + } + + if (defaultAssignedRole != null) + { + try + { + rolesToAssign.add(getRoleModule().findRoleByName(defaultAssignedRole)); + } + catch(Exception e) + { + // + log.warn("Cannot find defaultAssignedRole: " + defaultAssignedRole, e); + } + } + + if (rolesToAssign.size() > 0) + { + getMembershipModule().assignRoles(user, rolesToAssign); + } + + return null; + + } + catch (Exception e) + { + throw new LoginException(e.toString()); + } + } + }); + } + catch (Exception e) + { + Throwable cause = e.getCause(); + throw new LoginException(cause.toString()); + } + } + + protected boolean isSynchronizeIdentity() + { + if (synchronizeIdentity != null && synchronizeIdentity.equalsIgnoreCase("false")) + { + return Boolean.FALSE.booleanValue(); + } + return Boolean.TRUE.booleanValue(); + } + + protected boolean isSynchronizeRoles() + { + if (synchronizeRoles != null && synchronizeRoles.equalsIgnoreCase("false")) + { + return Boolean.FALSE.booleanValue(); + } + return Boolean.TRUE.booleanValue(); + } + + +} Deleted: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapExtLoginModule.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapExtLoginModule.java 2007-02-19 13:37:02 UTC (rev 6333) +++ trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapExtLoginModule.java 2007-02-19 14:17:19 UTC (rev 6334) @@ -1,335 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ - -package org.jboss.portal.identity.auth; - -import org.jboss.security.auth.spi.LdapExtLoginModule; -import org.jboss.portal.identity.UserModule; -import org.jboss.portal.identity.RoleModule; -import org.jboss.portal.identity.MembershipModule; -import org.jboss.portal.identity.User; -import org.jboss.portal.identity.Role; -import org.jboss.portal.identity.IdentityException; -import org.jboss.portal.common.transaction.Transactions; - -import javax.security.auth.Subject; -import javax.security.auth.login.LoginException; -import javax.security.auth.callback.CallbackHandler; -import javax.naming.InitialContext; -import javax.transaction.TransactionManager; -import java.util.Map; -import java.util.Set; -import java.util.HashSet; -import java.util.Enumeration; -import java.security.acl.Group; -import java.security.Principal; - -/** - * @author <a href="mailto:boleslaw dot dawidowicz at redhat anotherdot com">Boleslaw Dawidowicz</a> - * @version $Revision: 0.1 $ - */ -public class SynchronizingLdapExtLoginModule extends LdapExtLoginModule -{ - protected String additionalRole; - protected String defaultAssignedRole; - protected String synchronizeIdentity; - protected String synchronizeRoles; - protected String userModuleJNDIName; - protected String roleModuleJNDIName; - protected String membershipModuleJNDIName; - - - private UserModule userModule; - private RoleModule roleModule; - private MembershipModule membershipModule; - - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - super.initialize(subject, callbackHandler, sharedState, options); - - - // Get data - userModuleJNDIName = (String)options.get("userModuleJNDIName"); - roleModuleJNDIName = (String)options.get("roleModuleJNDIName"); - membershipModuleJNDIName = (String)options.get("membershipModuleJNDIName"); - additionalRole = (String)options.get("additionalRole"); - synchronizeIdentity = (String)options.get("synchronizeIdentity"); - synchronizeRoles = (String)options.get("synchronizeRoles"); - defaultAssignedRole = (String)options.get("defaultAssignedRole"); - - // Some info - log.trace("additionalRole = " + additionalRole); - log.trace("userModuleJNDIName = " + userModuleJNDIName); - log.trace("roleModuleJNDIName = " + roleModuleJNDIName); - log.trace("membershipModuleJNDIName = " + membershipModuleJNDIName); - log.trace("synchronizeIdentity = " + synchronizeIdentity); - log.trace("synchronizeRoles = " + synchronizeRoles); - log.trace("defaultAssignedRole = " + defaultAssignedRole); - } - - protected UserModule getUserModule() throws Exception - { - if (userModule == null) - { - userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName); - } - if (userModule == null) - { - throw new IdentityException("Cannot obtain UserModule using JNDI name:" + userModuleJNDIName); - } - - return userModule; - } - - protected RoleModule getRoleModule() throws Exception - { - - if (roleModule == null) - { - roleModule = (RoleModule)new InitialContext().lookup(roleModuleJNDIName); - } - if (roleModule == null) - { - throw new IdentityException("Cannot obtain RoleModule using JNDI name:" + roleModuleJNDIName); - } - return roleModule; - } - - protected MembershipModule getMembershipModule() throws Exception - { - - if (membershipModule == null) - { - membershipModule = (MembershipModule)new InitialContext().lookup(membershipModuleJNDIName); - } - if (membershipModule == null) - { - throw new IdentityException("Cannot obtain MembershipModule using JNDI name:" + membershipModuleJNDIName); - } - return membershipModule; - } - - - protected boolean validatePassword(String string, String string1) - { - boolean validate = super.validatePassword(string, string1); - - if (validate && isSynchronizeIdentity()) - { - try - { - performSynchronization(getUsername(), string); - } - catch (Throwable e) - { - log.warn("Failed to sychronize identity of user: " + string, e); - } - } - - return validate; - } - - protected Group[] getRoleSets() throws LoginException - { - Group[] rolesGroup = super.getRoleSets(); - if (additionalRole != null) - { - try - { - for (int i = 0; i < rolesGroup.length; i++) - { - Group group = rolesGroup[i]; - if (group.getName().equals("Roles")) - { - group.addMember(createIdentity(additionalRole)); - } - } - } - catch (Exception e) - { - //just a try - log.error("Error when adding additional role: ", e); - } - } - return rolesGroup; - } - - /** Subclass to use the PortalPrincipal to make the username easier to retrieve by the portal. */ - protected Principal createIdentity(String username) throws Exception - { - return new UserPrincipal(username); - } - - private void performSynchronization(final String name, final String password) throws Exception - { - final Group[] group = super.getRoleSets(); - - log.debug("$$Synchronizing user: " + name); - - if (log.isDebugEnabled()) - { - for (int i = 0; i < group.length; i++) - { - Group group1 = group[i]; - log.debug("$$Role Group: " + group1.getName()); - Enumeration xx = group1.members(); - while (xx.hasMoreElements()) - { - Principal o = (Principal)xx.nextElement(); - log.debug("$$Principal in group: " + o.getName() + "; " + o.toString()); - - } - } - } - try - { - TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); - Transactions.required(tm, new Transactions.Runnable() - { - public Object run() throws Exception - { - try - { - - - User user = null; - //check if user exist - try - { - - user = getUserModule().findUserByUserName(name); - - //synchronize password from LDAP to DB - if (!user.validatePassword(password)) - { - user.updatePassword(password); - } - } - catch (Exception e) - { - // nothing as user can simply not exist - } - - //if not try to synchronize it - if (user == null) - { - user = getUserModule().createUser(name, password); - } - - Set rolesToAssign = new HashSet(); - - //now check and try synchronize all the roles - if (isSynchronizeRoles()) - { - - //based on code implementation its just one SimpleGroup called "Roles" - Group roleGroup = group[0]; - Enumeration en = roleGroup.members(); - while (en.hasMoreElements()) - { - Principal p = (Principal)en.nextElement(); - String roleName = p.getName(); - log.debug("$$Processing role principal object related to current user: " + roleName); - //check if such role is present - - Role role = null; - try - { - role = getRoleModule().findRoleByName(roleName); - } - catch (Exception e) - { - // - } - - if (role == null) - { - try - { - role = getRoleModule().createRole(roleName, roleName); - } - catch (Throwable e) - { - log.warn("Error when trying to synchronize role: " + roleName, e); - continue; - } - } - - rolesToAssign.add(role); - } - } - - if (defaultAssignedRole != null) - { - try - { - rolesToAssign.add(getRoleModule().findRoleByName(defaultAssignedRole)); - } - catch(Exception e) - { - // - log.warn("Cannot find defaultAssignedRole: " + defaultAssignedRole, e); - } - } - - if (rolesToAssign.size() > 0) - { - getMembershipModule().assignRoles(user, rolesToAssign); - } - - return null; - - } - catch (Exception e) - { - throw new LoginException(e.toString()); - } - } - }); - } - catch (Exception e) - { - Throwable cause = e.getCause(); - throw new LoginException(cause.toString()); - } - } - - protected boolean isSynchronizeIdentity() - { - if (synchronizeIdentity != null && synchronizeIdentity.equalsIgnoreCase("false")) - { - return Boolean.FALSE.booleanValue(); - } - return Boolean.TRUE.booleanValue(); - } - - protected boolean isSynchronizeRoles() - { - if (synchronizeRoles != null && synchronizeRoles.equalsIgnoreCase("false")) - { - return Boolean.FALSE.booleanValue(); - } - return Boolean.TRUE.booleanValue(); - } - - -} Deleted: trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapLoginModule.java =================================================================== --- trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapLoginModule.java 2007-02-19 13:37:02 UTC (rev 6333) +++ trunk/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLdapLoginModule.java 2007-02-19 14:17:19 UTC (rev 6334) @@ -1,335 +0,0 @@ -/* -* JBoss, a division of Red Hat -* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated -* by the @authors tag. See the copyright.txt in the distribution for a -* full listing of individual contributors. -* -* This is free software; you can redistribute it and/or modify it -* under the terms of the GNU Lesser General Public License as -* published by the Free Software Foundation; either version 2.1 of -* the License, or (at your option) any later version. -* -* This software is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public -* License along with this software; if not, write to the Free -* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA -* 02110-1301 USA, or see the FSF site: http://www.fsf.org. -*/ - -package org.jboss.portal.identity.auth; - -import org.jboss.security.auth.spi.LdapLoginModule; -import org.jboss.portal.identity.UserModule; -import org.jboss.portal.identity.RoleModule; -import org.jboss.portal.identity.MembershipModule; -import org.jboss.portal.identity.IdentityException; -import org.jboss.portal.identity.User; -import org.jboss.portal.identity.Role; -import org.jboss.portal.common.transaction.Transactions; - -import javax.security.auth.Subject; -import javax.security.auth.login.LoginException; -import javax.security.auth.callback.CallbackHandler; -import javax.naming.InitialContext; -import javax.transaction.TransactionManager; -import java.util.Map; -import java.util.Enumeration; -import java.util.Set; -import java.util.HashSet; -import java.security.acl.Group; -import java.security.Principal; - -/** - * @author <a href="mailto:boleslaw dot dawidowicz at redhat anotherdot com">Boleslaw Dawidowicz</a> - * @version $Revision: 0.1 $ - */ -public class SynchronizingLdapLoginModule extends LdapLoginModule -{ - protected String additionalRole; - protected String defaultAssignedRole; - protected String synchronizeIdentity; - protected String synchronizeRoles; - protected String userModuleJNDIName; - protected String roleModuleJNDIName; - protected String membershipModuleJNDIName; - - - private UserModule userModule; - private RoleModule roleModule; - private MembershipModule membershipModule; - - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) - { - super.initialize(subject, callbackHandler, sharedState, options); - - - // Get data - userModuleJNDIName = (String)options.get("userModuleJNDIName"); - roleModuleJNDIName = (String)options.get("roleModuleJNDIName"); - membershipModuleJNDIName = (String)options.get("membershipModuleJNDIName"); - additionalRole = (String)options.get("additionalRole"); - synchronizeIdentity = (String)options.get("synchronizeIdentity"); - synchronizeRoles = (String)options.get("synchronizeRoles"); - defaultAssignedRole = (String)options.get("defaultAssignedRole"); - - // Some info - log.trace("additionalRole = " + additionalRole); - log.trace("userModuleJNDIName = " + userModuleJNDIName); - log.trace("roleModuleJNDIName = " + roleModuleJNDIName); - log.trace("membershipModuleJNDIName = " + membershipModuleJNDIName); - log.trace("synchronizeIdentity = " + synchronizeIdentity); - log.trace("synchronizeRoles = " + synchronizeRoles); - log.trace("defaultAssignedRole = " + defaultAssignedRole); - } - - protected UserModule getUserModule() throws Exception - { - if (userModule == null) - { - userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName); - } - if (userModule == null) - { - throw new IdentityException("Cannot obtain UserModule using JNDI name:" + userModuleJNDIName); - } - - return userModule; - } - - protected RoleModule getRoleModule() throws Exception - { - - if (roleModule == null) - { - roleModule = (RoleModule)new InitialContext().lookup(roleModuleJNDIName); - } - if (roleModule == null) - { - throw new IdentityException("Cannot obtain RoleModule using JNDI name:" + roleModuleJNDIName); - } - return roleModule; - } - - protected MembershipModule getMembershipModule() throws Exception - { - - if (membershipModule == null) - { - membershipModule = (MembershipModule)new InitialContext().lookup(membershipModuleJNDIName); - } - if (membershipModule == null) - { - throw new IdentityException("Cannot obtain MembershipModule using JNDI name:" + membershipModuleJNDIName); - } - return membershipModule; - } - - - protected boolean validatePassword(String string, String string1) - { - boolean validate = super.validatePassword(string, string1); - - if (validate && isSynchronizeIdentity()) - { - try - { - performSynchronization(getUsername(), string); - } - catch (Throwable e) - { - log.warn("Failed to sychronize identity of user: " + string, e); - } - } - - return validate; - } - - protected Group[] getRoleSets() throws LoginException - { - Group[] rolesGroup = super.getRoleSets(); - if (additionalRole != null) - { - try - { - for (int i = 0; i < rolesGroup.length; i++) - { - Group group = rolesGroup[i]; - if (group.getName().equals("Roles")) - { - group.addMember(createIdentity(additionalRole)); - } - } - } - catch (Exception e) - { - //just a try - log.error("Error when adding additional role: ", e); - } - } - return rolesGroup; - } - - /** Subclass to use the PortalPrincipal to make the username easier to retrieve by the portal. */ - protected Principal createIdentity(String username) throws Exception - { - return new UserPrincipal(username); - } - - private void performSynchronization(final String name, final String password) throws Exception - { - final Group[] group = super.getRoleSets(); - - log.debug("$$Synchronizing user: " + name); - - if (log.isDebugEnabled()) - { - for (int i = 0; i < group.length; i++) - { - Group group1 = group[i]; - log.debug("$$Role Group: " + group1.getName()); - Enumeration xx = group1.members(); - while (xx.hasMoreElements()) - { - Principal o = (Principal)xx.nextElement(); - log.debug("$$Principal in group: " + o.getName() + "; " + o.toString()); - - } - } - } - try - { - TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager"); - Transactions.required(tm, new Transactions.Runnable() - { - public Object run() throws Exception - { - try - { - - - User user = null; - //check if user exist - try - { - - user = getUserModule().findUserByUserName(name); - - //synchronize password from LDAP to DB - if (!user.validatePassword(password)) - { - user.updatePassword(password); - } - } - catch (Exception e) - { - // nothing as user can simply not exist - } - - //if not try to synchronize it - if (user == null) - { - user = getUserModule().createUser(name, password); - } - - Set rolesToAssign = new HashSet(); - - //now check and try synchronize all the roles - if (isSynchronizeRoles()) - { - - //based on code implementation its just one SimpleGroup called "Roles" - Group roleGroup = group[0]; - Enumeration en = roleGroup.members(); - while (en.hasMoreElements()) - { - Principal p = (Principal)en.nextElement(); - String roleName = p.getName(); - log.debug("$$Processing role principal object related to current user: " + roleName); - //check if such role is present - - Role role = null; - try - { - role = getRoleModule().findRoleByName(roleName); - } - catch (Exception e) - { - // - } - - if (role == null) - { - try - { - role = getRoleModule().createRole(roleName, roleName); - } - catch (Throwable e) - { - log.warn("Error when trying to synchronize role: " + roleName, e); - continue; - } - } - - rolesToAssign.add(role); - } - } - - if (defaultAssignedRole != null) - { - try - { - rolesToAssign.add(getRoleModule().findRoleByName(defaultAssignedRole)); - } - catch(Exception e) - { - // - log.warn("Cannot find defaultAssignedRole: " + defaultAssignedRole, e); - } - } - - if (rolesToAssign.size() > 0) - { - getMembershipModule().assignRoles(user, rolesToAssign); - } - - return null; - - } - catch (Exception e) - { - throw new LoginException(e.toString()); - } - } - }); - } - catch (Exception e) - { - Throwable cause = e.getCause(); - throw new LoginException(cause.toString()); - } - } - - protected boolean isSynchronizeIdentity() - { - if (synchronizeIdentity != null && synchronizeIdentity.equalsIgnoreCase("false")) - { - return Boolean.FALSE.booleanValue(); - } - return Boolean.TRUE.booleanValue(); - } - - protected boolean isSynchronizeRoles() - { - if (synchronizeRoles != null && synchronizeRoles.equalsIgnoreCase("false")) - { - return Boolean.FALSE.booleanValue(); - } - return Boolean.TRUE.booleanValue(); - } - - -}