[jboss-svn-commits] JBoss Portal SVN: r5653 - in trunk: common/src/main/org/jboss/portal/common/util identity identity/src/main/org/jboss/portal/identity2 identity/src/main/org/jboss/portal/identity2/config identity/src/main/org/jboss/portal/identity2/ldap identity/src/main/org/jboss/portal/test/identity/ldap test/src/etc/identityconfig test/src/etc/ldap/ldif
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Nov 14 19:24:26 EST 2006
Author: bdaw
Date: 2006-11-14 19:23:20 -0500 (Tue, 14 Nov 2006)
New Revision: 5653
Added:
trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticRoleMembershipModuleImpl.java
trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticRoleMembershipModuleTestCase.java
Modified:
trunk/common/src/main/org/jboss/portal/common/util/Tools.java
trunk/identity/build.xml
trunk/identity/src/main/org/jboss/portal/identity2/IdentityConfiguration.java
trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleConfigurationImpl.java
trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleIdentityConfigurationFactory.java
trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPRoleModuleImpl.java
trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticGroupMembershipModuleImpl.java
trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserImpl.java
trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserModuleImpl.java
trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticGroupMembershipModuleTestCase.java
trunk/test/src/etc/identityconfig/opends-config.xml
trunk/test/src/etc/identityconfig/rhds-config.xml
trunk/test/src/etc/ldap/ldif/initial-tests-qa.ldif
Log:
- MembershipModule implementation for static roles in ldap
- password encoding supprt in ldap
- tests
Modified: trunk/common/src/main/org/jboss/portal/common/util/Tools.java
===================================================================
--- trunk/common/src/main/org/jboss/portal/common/util/Tools.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/common/src/main/org/jboss/portal/common/util/Tools.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -63,6 +63,7 @@
/**
* @author <a href="mailto:julien at jboss.org">Julien Viet</a>
* @author <a href="mailto:theute at jboss.org">Thomas Heute</a>
+ * @author <a href="mailto:boleslaw dot dawidowicz at jboss.com">Boleslaw Dawidowicz</a>
* @version $Revision$
*/
public class Tools
@@ -571,6 +572,48 @@
}
/**
+ * Computes a hash with specified algorighm and returns the result as a string in hexadecimal format
+ *
+ * @param text
+ * @param algorithm
+ * @param encoding
+ * @return
+ * @throws NoSuchAlgorithmException
+ */
+ public static String hashAndEncodeString(String text, String algorithm, String encoding) throws NoSuchAlgorithmException
+ {
+ // arguments check
+ if (text == null)
+ {
+ throw new NullPointerException("null text");
+ }
+ if (algorithm == null)
+ {
+ throw new NullPointerException("null algorithm");
+ }
+ if (encoding == null)
+ {
+ throw new NullPointerException("null encoding");
+ }
+
+ MessageDigest md = MessageDigest.getInstance(algorithm);
+ md.update(text.getBytes());
+ byte[] encoded = md.digest();
+
+ if ("hex".equals(encoding))
+ {
+ return toHexString(encoded);
+ }
+ //TODO: add base64 support here
+ else
+ {
+ throw new IllegalArgumentException("Not supported encoding: " + encoding);
+ }
+
+ }
+
+
+ /**
* Returns a string in the hexadecimal format.
*
* @param bytes the converted bytes
Modified: trunk/identity/build.xml
===================================================================
--- trunk/identity/build.xml 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/build.xml 2006-11-15 00:23:20 UTC (rev 5653)
@@ -389,6 +389,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPSimpleUserModuleTestCase"/>
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPSimpleRoleModuleTestCase"/>
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPStaticGroupMembershipModuleTestCase"/>
+ <test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPStaticRoleMembershipModuleTestCase"/>
</x-test>
@@ -446,6 +447,7 @@
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPSimpleUserModuleTestCase"/>
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPSimpleRoleModuleTestCase"/>
<test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPStaticGroupMembershipModuleTestCase"/>
+ <test todir="${test.reports}" name="org.jboss.portal.test.identity.ldap.LDAPStaticRoleMembershipModuleTestCase"/>
</x-test>
Modified: trunk/identity/src/main/org/jboss/portal/identity2/IdentityConfiguration.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/IdentityConfiguration.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/IdentityConfiguration.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -22,7 +22,7 @@
package org.jboss.portal.identity2;
import java.util.Map;
-import java.util.List;
+import java.util.Set;
/**
* @author <a href="mailto:boleslaw dot dawidowicz at jboss.org">Boleslaw Dawidowicz</a>
@@ -30,6 +30,12 @@
*/
public interface IdentityConfiguration
{
+
+ //TODO: isMembershipAttributeRequired
+ //TODO: memebershipAttributeEmptyValue
+ //TODO: options for secured connection to ldap
+ //TODO: let decide if has should be in hex or base64
+
public static final String GROUP_COMMON = "common";
public static final String GROUP_CONNECTION = "connection";
@@ -56,25 +62,30 @@
public static final String USER_UID_ATTRIBUTE_ID = "uidAttributeID";
+ public static final String USER_PASSWORD_ATTRIBUTE_ID = "passwordAttributeID";
+
public static final String ROLE_CONTAINER_DN = "roleContainerDN";
public static final String ROLE_RID_ATTRIBUTE_ID = "ridAttributeID";
public static final String ROLE_DISPLAY_NAME_ATTRIBUTE_ID = "roleDisplayNameAttributeID";
- public static final String ROLE_MEMBER_ATTRIBUTE_ID = "roleMemberAttributeID";
+ public static final String MEMBERSHIP_ATTRIBUTE_ID = "membershipAttributeID";
- public static final String MEMBERSHIP_UID_ATTRIBUTE_IS_DN = "memberAttributeIsDN";
+ public static final String MEMBERSHIP_ATTRIBUTE_IS_DN = "membershipAttributeIsDN";
+ public static final String HASH_ALGORITHM = "hashAlgorithm";
+ public static final String HASH_ENCODING = "hashEncoding";
- public List getValues(String optionGroup, String option);
+ public Set getValues(String optionGroup, String option);
+
public String getValue(String optionGroup, String option);
public String getValue(String option);
- public void setValues(String optionGroup, String option, List values);
+ public void setValues(String optionGroup, String option, Set values);
public void addValue(String optionGroup, String option, String value);
Modified: trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleConfigurationImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleConfigurationImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleConfigurationImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -31,7 +31,7 @@
import org.jboss.xb.binding.UnmarshallerFactory;
import java.util.Map;
-import java.util.List;
+import java.util.Set;
import java.net.URL;
import java.io.InputStream;
@@ -122,7 +122,7 @@
- public List getValues(String optionGroup, String option)
+ public Set getValues(String optionGroup, String option)
{
if (optionGroup == null)
{
@@ -137,7 +137,7 @@
Map group = (Map)data.get(optionGroup);
if (group.containsKey(option))
{
- return (List)group.get(option);
+ return (Set)group.get(option);
}
}
return null;
@@ -158,10 +158,10 @@
Map group = (Map)data.get(optionGroup);
if (group.containsKey(option))
{
- List values = (List)group.get(option);
+ Set values = (Set)group.get(option);
if (values.size() > 0)
{
- return (String)values.get(0);
+ return (String)values.toArray()[0];
}
}
}
@@ -179,17 +179,17 @@
Map group = (Map)data.get(GROUP_COMMON);
if (group.containsKey(option))
{
- List values = (List)group.get(option);
+ Set values = (Set)group.get(option);
if (values.size() > 0)
{
- return (String)values.get(0);
+ return (String)values.toArray()[0];
}
}
}
return null;
}
- public void setValues(String optionGroup, String option, List values)
+ public void setValues(String optionGroup, String option, Set values)
{
if (optionGroup == null)
{
@@ -228,7 +228,7 @@
Map group = (Map)data.get(optionGroup);
if (group.containsKey(option))
{
- ((List)group.get(option)).add(value);
+ ((Set)group.get(option)).add(value);
}
}
}
Modified: trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleIdentityConfigurationFactory.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleIdentityConfigurationFactory.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/config/SimpleIdentityConfigurationFactory.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -27,8 +27,8 @@
import java.util.HashMap;
import java.util.Map;
-import java.util.List;
-import java.util.LinkedList;
+import java.util.Set;
+import java.util.HashSet;
/**
* @author <a href="mailto:boleslaw dot dawidowicz at jboss.org">Boleslaw Dawidowicz</a>
@@ -62,9 +62,9 @@
//return list for option values
if ("option".equals(localName))
{
- return new LinkedList();
+ return new HashSet();
}
- if (root instanceof List)
+ if (root instanceof Set)
{
if ("value".equals(localName))
{
@@ -76,7 +76,7 @@
public void addChild(Object parent, Object child, UnmarshallingContext nav, String nsURI, String localName)
{
- if (child instanceof List && parent instanceof Map)
+ if (child instanceof Set && parent instanceof Map)
{
if ("option".equals(localName))
{
@@ -101,7 +101,7 @@
this.currentGroupName = value;
}
}
- if(object instanceof List)
+ if(object instanceof Set)
{
if ("name".equals(localName))
{
@@ -109,7 +109,7 @@
}
if ("value".equals(localName))
{
- List option = (List)object;
+ Set option = (Set)object;
option.add(value);
}
}
Modified: trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPRoleModuleImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPRoleModuleImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPRoleModuleImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -28,6 +28,7 @@
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.RoleModule;
import org.jboss.portal.identity.User;
+import org.jboss.portal.identity.NoSuchUserException;
import org.jboss.portal.identity2.IdentityContext;
import org.jboss.portal.identity2.MembershipModule;
import org.jboss.portal.identity2.IdentityConfiguration;
@@ -214,7 +215,7 @@
String attributeName = (String)it1.next();
log.debug("adding attribute: " + attributeName);
Attribute attr = new BasicAttribute(attributeName);
- List attributeValues = (List)attributesToAdd.get(attributeName);
+ Set attributeValues = (Set)attributesToAdd.get(attributeName);
//values
for (Iterator it2 = attributeValues.iterator(); it2.hasNext();)
@@ -419,6 +420,49 @@
return ldapr;
}
+ /**
+ * method not belonging to UserModule interface - ldap specific.
+ *
+ */
+ public Role findRoleByDN(String dn) throws IdentityException, IllegalArgumentException
+ {
+ try
+ {
+ log.debug("findRoleByDN(): DN = " + dn);
+
+ if (dn == null)
+ {
+ throw new IdentityException("Role dn canot be null");
+ }
+
+ /*SearchControls controls = new SearchControls();
+ controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+ String filter = getUidAttributeID().concat("=").concat(userName);
+ log.debug("Search filter: " + filter);*/
+ //DirContext ctx = (DirContext)getConnectionContext().createInitialContext().lookup(dn);
+ Attributes attrs = getConnectionContext().createInitialContext().getAttributes(dn);
+
+ if (attrs == null)
+ {
+ throw new IdentityException("Can't find user entry with DN: " + dn);
+ }
+
+ return createRoleInstance(attrs, dn);
+
+ }
+ catch (NoSuchElementException e)
+ {
+ log.debug("No user found with dn: " + dn, e);
+ }
+ catch (NamingException e)
+ {
+ throw new IdentityException("User search failed.", e);
+ }
+ return null;
+
+ }
+
//**************************
//*** Getter and Setters
//**************************
@@ -464,7 +508,12 @@
public String getContainerDN() throws IdentityException
{
- return getIdentityConfiguration().getValue(IdentityConfiguration.ROLE_CONTAINER_DN);
+ String cont = getIdentityConfiguration().getValue(IdentityConfiguration.ROLE_CONTAINER_DN);
+ if (cont == null)
+ {
+ throw new IdentityException("Configuration option missing: " + IdentityConfiguration.ROLE_CONTAINER_DN);
+ }
+ return cont;
}
/*public void setContainerDN(String containerDN)
Modified: trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticGroupMembershipModuleImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticGroupMembershipModuleImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticGroupMembershipModuleImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -166,7 +166,7 @@
}
-
+ //TODO: move this search to RoleModule
SearchControls controls = new SearchControls();
//TODO: let to search roles with different scopes
controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
@@ -319,6 +319,7 @@
try
{
LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ //TODO: check option and add value as name - not DN
member.add(user.getDn());
}
catch (ClassCastException e)
@@ -386,6 +387,8 @@
try
{
+
+ //TODO: move this search to RoleModule
SearchControls controls = new SearchControls();
//TODO: let to search roles with different scopes
controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
@@ -424,7 +427,8 @@
//and replace attributes
Attributes newAttrs = new BasicAttributes(true);
- newAttrs.put(getMemberAttributeID(), attr);
+ //newAttrs.put(getMemberAttributeID(), attr);
+ newAttrs.put(attr);
getConnectionContext().createInitialContext().modifyAttributes(roleDN, DirContext.REPLACE_ATTRIBUTE, newAttrs);
}
else
@@ -458,7 +462,6 @@
}
- throw new UnsupportedOperationException("Not yet implemented");
}
//TODO:don't forget to add this....
@@ -554,7 +557,7 @@
public String getMemberAttributeID() throws IdentityException
{
- String uid = getIdentityConfiguration().getValue(IdentityConfiguration.ROLE_MEMBER_ATTRIBUTE_ID);
+ String uid = getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_ID);
if (uid == null)
{
return "member";
@@ -569,12 +572,12 @@
public boolean isUidAttributeIsDN() throws IdentityException
{
- if (getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_UID_ATTRIBUTE_IS_DN) == null)
+ if (getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_IS_DN) == null)
{
return true;
}
- return getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_UID_ATTRIBUTE_IS_DN).equals("true");
+ return getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_IS_DN).equals("true");
}
/*public void setUidAttributeIsDN(boolean uidAttributeIsDN)
Added: trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticRoleMembershipModuleImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticRoleMembershipModuleImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPStaticRoleMembershipModuleImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -0,0 +1,582 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.portal.identity2.ldap;
+
+import org.jboss.portal.jems.as.system.AbstractJBossService;
+import org.jboss.portal.identity2.MembershipModule;
+import org.jboss.portal.identity2.IdentityContext;
+import org.jboss.portal.identity2.IdentityConfiguration;
+import org.jboss.portal.identity2.ldap.helper.LDAPTools;
+import org.jboss.portal.common.util.JNDI;
+import org.jboss.portal.common.util.Tools;
+import org.jboss.portal.identity.IdentityException;
+import org.jboss.portal.identity.User;
+import org.jboss.portal.identity.Role;
+
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.ModificationItem;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Iterator;
+import java.util.LinkedList;
+
+/**
+ * @author <a href="mailto:boleslaw.dawidowicz at jboss.org">Boleslaw Dawidowicz</a>
+ * @version $Revision: 1.1 $
+ */
+public class LDAPStaticRoleMembershipModuleImpl extends AbstractJBossService implements MembershipModule
+{
+
+ private LDAPConnectionContext connectionContext;
+
+ private LDAPUserModuleImpl userModule;
+
+ private LDAPRoleModuleImpl roleModule;
+
+ private IdentityContext identityContext;
+
+ private IdentityConfiguration identityConfiguration;
+
+
+ //private LDAPMembershipStrategy membershipStrategy;
+
+ private String jndiName;
+
+ protected JNDI.Binding jndiBinding;
+
+
+ /** DN under which roles should be searched. Used only when obtaining roles having only User DN. */
+ /*private String roleCtxDN;*/
+
+
+
+ /** Name of attribute in role entry that point to belonging user */
+ //private String uidAttributeID;
+
+
+ /** If the uidAttributeID in Role entry keeps full DN of a user or just a name */
+ //private boolean uidAttributeIsDN;
+
+
+ protected void startService() throws Exception
+ {
+
+ //
+ if (jndiName != null)
+ {
+ jndiBinding = new JNDI.Binding(jndiName, this);
+ jndiBinding.bind();
+ }
+
+ if (identityContext == null)
+ {
+ throw new IdentityException("Cannot register module in context - missing reference");
+ }
+ else
+ {
+ identityContext.register(this, IdentityContext.MEMBERSHIP_MODULE);
+ }
+
+
+
+ }
+
+
+ protected void stopService() throws Exception
+ {
+ if (jndiBinding != null)
+ {
+ jndiBinding.unbind();
+ jndiBinding = null;
+ }
+
+ if (identityContext == null)
+ {
+ log.error("Cannot unregister module in context - missing reference");
+ }
+ else
+ {
+ identityContext.unregister(IdentityContext.MEMBERSHIP_MODULE);
+ }
+
+ }
+
+ public Set getRoles(User user) throws IdentityException
+ {
+ if (user == null)
+ {
+ throw new IllegalArgumentException("User cannot be null");
+ }
+
+ LDAPUserImpl ldapUser = null;
+
+ if (user instanceof LDAPUserImpl)
+ {
+ ldapUser = (LDAPUserImpl)user;
+ }
+ else
+ {
+ throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPUserImpl objects");
+ }
+
+ Set roles = new HashSet();
+
+ try
+ {
+ log.debug("findRoles(): role = " + ldapUser.getDn());
+
+ if (ldapUser.getUserName() == null)
+ {
+ throw new IdentityException("Role name canot be null");
+ }
+
+ //obtain Role entry attributes from directory
+ Attributes attrs = getConnectionContext().createInitialContext().getAttributes(ldapUser.getDn());
+
+ log.debug("User attributes: " + attrs);
+ if (attrs == null )
+ {
+ throw new IdentityException("Cannot find User with DN: " + ldapUser.getDn());
+ }
+
+ Attribute memberOfAttribute = attrs.get(getMemberAttributeID());
+
+ //if there are no members
+ if (memberOfAttribute == null)
+ {
+ return roles;
+ }
+
+ //iterate over user names belonging to this role
+ NamingEnumeration values = memberOfAttribute.getAll();
+ while (values.hasMoreElements())
+ {
+ String value = values.nextElement().toString();
+ String name = value;
+
+ try
+ {
+ //if user is pointed as DN get only it's name
+ if (!isUidAttributeIsDN())
+ {
+ name = LDAPTools.stripDnToName(name);
+ roles.add(getRoleModule().findRoleByName(name));
+ }
+ else
+ {
+ roles.add(getRoleModule().findRoleByDN(name));
+ }
+ }
+ catch(IdentityException ie)
+ {
+ log.error("Failed to find role: " + name + "/" + value, ie);
+
+ }
+ }
+ }
+ catch (NamingException e)
+ {
+ throw new IdentityException("Resolving User Roles failed.", e);
+ }
+
+ return roles;
+
+ }
+
+ public Set getUsers(Role role) throws IdentityException
+ {
+ if (role == null)
+ {
+ throw new IllegalArgumentException("Role cannot be null");
+ }
+
+ LDAPRoleImpl ldapRole = null;
+
+ if (role instanceof LDAPRoleImpl)
+ {
+ ldapRole = (LDAPRoleImpl)role;
+ }
+ else
+ {
+ throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPRoleImpl objects");
+ }
+
+ //throw new UnsupportedOperationException("Not yet implemented");
+
+ Set users = new HashSet();
+ try
+ {
+
+ log.debug("getUsers(): user DN = " + ldapRole.getDn());
+
+ String memberOfName = "";
+
+ if (isUidAttributeIsDN())
+ {
+ memberOfName = ldapRole.getDn();
+ }
+ else
+ {
+ memberOfName = ldapRole.getId().toString();
+ }
+
+
+ //TODO: move this search to UserModule
+ SearchControls controls = new SearchControls();
+
+ controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ controls.setReturningObjFlag(true);
+
+ String filter = getMemberAttributeID().concat("=").concat(memberOfName);
+ log.debug("Search filter: " + filter);
+
+
+ NamingEnumeration results = getConnectionContext().createInitialContext().search(getUserContainerDN(), filter, controls);
+ List sr = Tools.toList(results);
+
+
+ for (Iterator iterator = sr.iterator(); iterator.hasNext();)
+ {
+ SearchResult res = (SearchResult)iterator.next();
+ DirContext ctx = (DirContext)res.getObject();
+ users.add(getUserModule().createUserInstance(res.getAttributes(),ctx.getNameInNamespace()));
+ }
+
+
+
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to resolve role users: " + ldapRole.getId().toString(), e);
+ }
+
+ return users;
+
+ }
+
+ public void assignUsers(Role role, Set users) throws IdentityException
+ {
+ if (role == null)
+ {
+ throw new IllegalArgumentException("Role cannot be null");
+ }
+
+ LDAPRoleImpl ldapRole = null;
+
+ if (role instanceof LDAPRoleImpl)
+ {
+ ldapRole = (LDAPRoleImpl)role;
+ }
+ else
+ {
+ throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPRoleImpl objects");
+ }
+
+
+ //First build a list of user DNs to add
+ List userDNsToAdd = new LinkedList();
+
+ for (Iterator iterator = users.iterator(); iterator.hasNext();)
+ {
+ try
+ {
+ LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ userDNsToAdd.add(user.getDn());
+ }
+ catch(ClassCastException e)
+ {
+ throw new IdentityException("Only can add LDAPUserImpl objects", e);
+ }
+ }
+
+ String memberOfName=null;
+
+ //Find all the users that currently contain role as member (need to remove role from some of them)
+ if (isUidAttributeIsDN())
+ {
+ memberOfName = ldapRole.getDn();
+ }
+ else
+ {
+ memberOfName = ldapRole.getId().toString();
+ }
+
+
+ try
+ {
+ //TODO:move this search to user module
+ SearchControls controls = new SearchControls();
+
+ controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ controls.setReturningObjFlag(true);
+
+ String filter = getMemberAttributeID().concat("=").concat(memberOfName);
+ log.debug("Search filter: " + filter);
+
+
+ NamingEnumeration results = getConnectionContext().createInitialContext().search(getUserContainerDN(), filter, controls);
+ List sr = Tools.toList(results);
+ //iterate over users that contain a role
+ for (Iterator iterator = sr.iterator(); iterator.hasNext();)
+ {
+ SearchResult res = (SearchResult)iterator.next();
+ DirContext ctx = (DirContext)res.getObject();
+ String userDN = ctx.getNameInNamespace();
+ //if user is one which we want to add
+ if (userDNsToAdd.contains(userDN))
+ {
+ //we do nothing but mark this user as added
+ userDNsToAdd.remove(userDN);
+ continue;
+ }
+ //if it's not on the list we need to remove role from it
+ else
+ {
+ Attribute attr = res.getAttributes().get(getMemberAttributeID());
+
+ attr.remove(memberOfName);
+
+ //and replace attributes
+ Attributes newAttrs = new BasicAttributes(true);
+ //newAttrs.put(getMemberAttributeID(), attr);
+ newAttrs.put(attr);
+
+ getConnectionContext().createInitialContext().modifyAttributes(userDN, DirContext.REPLACE_ATTRIBUTE, newAttrs);
+
+ //and mark this role as done
+ userDNsToAdd.remove(userDN);
+ }
+ }
+
+ //now iterate over roles that left to process
+ for (Iterator iterator = userDNsToAdd.iterator(); iterator.hasNext();)
+ {
+ String userDN = (String)iterator.next();
+
+ //changes to make
+ ModificationItem[] mods = new ModificationItem[1];
+ mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
+ new BasicAttribute(getMemberAttributeID(), memberOfName));
+ // Perform the requested modifications on the named object
+ getConnectionContext().createInitialContext().modifyAttributes(userDN, mods);
+ }
+
+ //and that should be all...
+ }
+ catch (NamingException e)
+ {
+ throw new IdentityException("Failed to assign users", e);
+ }
+ }
+
+ public void assignRoles(User user, Set roles) throws IdentityException
+ {
+ if (user == null)
+ {
+ throw new IllegalArgumentException("User cannot be null");
+ }
+
+ LDAPUserImpl ldapUser = null;
+
+ if (user instanceof LDAPUserImpl)
+ {
+ ldapUser = (LDAPUserImpl)user;
+ }
+ else
+ {
+ throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPUserImpl objects");
+ }
+
+
+ //TODO: handle assignemnt of 0 roles (empty set) that must remove all the existing assignments
+
+ try
+ {
+ log.debug("findRoles(): user = " + ldapUser.getDn());
+
+ if (ldapUser.getUserName() == null)
+ {
+ throw new IdentityException("User name canot be null");
+ }
+
+ //construct new member attribute values
+ Attributes attrs = new BasicAttributes(true);
+
+ Attribute member = new BasicAttribute(getMemberAttributeID());
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ try
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ member.add(role.getDn());
+ }
+ catch (ClassCastException e)
+ {
+ throw new IdentityException("Only can add LDAPRoleImpl objects", e);
+ }
+ }
+ attrs.put(member);
+
+ getConnectionContext().createInitialContext().modifyAttributes(ldapUser.getDn(), DirContext.REPLACE_ATTRIBUTE, attrs);
+ }
+ catch (NamingException e)
+ {
+ throw new IdentityException("Failed to change Role members", e);
+ }
+
+ }
+
+ //TODO:don't forget to add this....
+ public Set findRoleMembers(String roleName, int offset, int limit, String userNameFilter) throws IdentityException
+ {
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+
+
+ //************************************
+ //******* Getters and Setters ********
+ //************************************
+
+ public LDAPConnectionContext getConnectionContext() throws IdentityException
+ {
+
+ if (connectionContext == null)
+ {
+ try
+ {
+ this.connectionContext = (LDAPConnectionContext)identityContext.getObject(IdentityContext.CONNECTION_CONTEXT);
+ }
+ catch (ClassCastException e)
+ {
+ throw new IdentityException("Not supported object as part of the context", e);
+ }
+ }
+ return connectionContext;
+ }
+
+ public IdentityConfiguration getIdentityConfiguration() throws IdentityException
+ {
+ if (identityConfiguration == null)
+ {
+ this.identityConfiguration = (IdentityConfiguration)identityContext.getObject(IdentityContext.IDENTITY_CONFIGURATION);
+ }
+ return identityConfiguration;
+ }
+
+ public LDAPUserModuleImpl getUserModule() throws IdentityException
+ {
+
+ if (userModule == null)
+ {
+ try
+ {
+ this.userModule = (LDAPUserModuleImpl)identityContext.getObject(IdentityContext.USER_MODULE);
+ }
+ catch (ClassCastException e)
+ {
+ throw new IdentityException("Not supported object as part of the context - must be LDAPUserModuleImpl", e);
+ }
+ }
+ return userModule;
+ }
+
+ public LDAPRoleModuleImpl getRoleModule() throws IdentityException
+ {
+
+ if (roleModule == null)
+ {
+ try
+ {
+ this.roleModule = (LDAPRoleModuleImpl)identityContext.getObject(IdentityContext.ROLE_MODULE);
+ }
+ catch (ClassCastException e)
+ {
+ throw new IdentityException("Not supported object as part of the context", e);
+ }
+ }
+ return roleModule;
+ }
+
+ public IdentityContext getIdentityContext()
+ {
+ return identityContext;
+ }
+
+ public void setIdentityContext(IdentityContext identityContext)
+ {
+ this.identityContext = identityContext;
+ }
+
+ public String getJndiName()
+ {
+ return jndiName;
+ }
+
+ public void setJndiName(String jndiName)
+ {
+ this.jndiName = jndiName;
+ }
+
+ public String getMemberAttributeID() throws IdentityException
+ {
+ String uid = getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_ID);
+ if (uid == null)
+ {
+ return "memberOf";
+ }
+ return uid;
+ }
+
+ /*public void setUidAttributeID(String uidAttributeID)
+ {
+ this.uidAttributeID = uidAttributeID;
+ }*/
+
+ public boolean isUidAttributeIsDN() throws IdentityException
+ {
+ if (getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_IS_DN) == null)
+ {
+ return true;
+ }
+
+ return getIdentityConfiguration().getValue(IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_IS_DN).equals("true");
+ }
+
+ /*public void setUidAttributeIsDN(boolean uidAttributeIsDN)
+ {
+ this.uidAttributeIsDN = uidAttributeIsDN;
+ }*/
+
+ public String getUserContainerDN() throws IdentityException
+ {
+ return getIdentityConfiguration().getValue(IdentityConfiguration.USER_CONTAINER_DN);
+ }
+}
Modified: trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -27,9 +27,12 @@
import org.jboss.portal.identity.User;
import org.jboss.portal.identity2.UserProfileModule;
import org.jboss.portal.identity2.IdentityContext;
+import org.jboss.portal.identity2.IdentityConfiguration;
+import org.jboss.portal.common.util.Tools;
import java.util.Date;
import java.util.Locale;
+import java.security.NoSuchAlgorithmException;
/**
* @author <a href="mailto:boleslaw.dawidowicz at jboss.org">Boleslaw Dawidowicz</a>
@@ -37,7 +40,9 @@
*/
public class LDAPUserImpl implements User
{
- //TODO:this is just to make a fasade and implement old User interface
+ private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(LDAPUserImpl.class);
+
+ //TODO:this is to enable user act like a fasade to identity modules calls
IdentityContext identityContext;
//TODO:validatePassowrd method to handle different enc.
@@ -49,6 +54,8 @@
//In ldap implementation
private String id;
+ private String password;
+
//private String userName;
private LDAPUserImpl()
@@ -56,7 +63,15 @@
}
- public LDAPUserImpl(String dn, IdentityContext context) throws IdentityException
+ /**
+ * Creates a ldap user implementation instance
+ *
+ * @param dn
+ * @param context
+ * @param password - should contain already encrypted password from ldap
+ * @throws IdentityException
+ */
+ public LDAPUserImpl(String dn, IdentityContext context, String password) throws IdentityException
{
if (dn == null)
{
@@ -68,7 +83,14 @@
{
throw new IllegalArgumentException("IdentityContext can't be null");
}
+
+ if (password == null)
+ {
+ throw new IllegalArgumentException("Password can't be null");
+ }
+
this.identityContext = context;
+ this.password = password;
}
public boolean getEnabled()
@@ -83,12 +105,45 @@
public void updatePassword(String password)
{
- throw new UnsupportedOperationException("Not yet implemented");
+ //TODO: somehow update the password to ldap?
+ String algorithm = getHashAlgorightm();
+ if (algorithm == null)
+ {
+ this.password = password;
+ }
+ else
+ {
+ try
+ {
+ this.password = Tools.hashAndEncodeString(password,algorithm, getHashEncoding());
+ }
+ catch(Exception e)
+ {
+ log.error("Cannot update the password",e);
+ }
+ }
}
public boolean validatePassword(String password)
{
- throw new UnsupportedOperationException("Not yet implemented");
+
+ String algorithm = getHashAlgorightm();
+ if (algorithm == null)
+ {
+ return this.password.equals(password);
+ }
+ else
+ {
+ try
+ {
+ return this.password.equals(Tools.hashAndEncodeString(password,algorithm, getHashEncoding()));
+ }
+ catch(NoSuchAlgorithmException e)
+ {
+ log.error("Cannot validate the password",e);
+ }
+ return false;
+ }
}
public ProfileMap getProfile()
@@ -232,4 +287,38 @@
{
this.id = userName;
}
+
+ private IdentityConfiguration getIdentityConfiguration() throws IdentityException
+ {
+ return (IdentityConfiguration)identityContext.getObject(IdentityContext.IDENTITY_CONFIGURATION);
+ }
+
+ private String getHashAlgorightm()
+ {
+ try
+ {
+ return getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ALGORITHM);
+ }
+ catch(Exception e)
+ {
+ return null;
+ }
+ }
+
+ private String getHashEncoding()
+ {
+ try
+ {
+ String enc = getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ENCODING);
+ if (enc != null)
+ {
+ return enc;
+ }
+ }
+ catch(Exception e)
+ {
+ //nothing
+ }
+ return "hex";
+ }
}
Modified: trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserModuleImpl.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserModuleImpl.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/identity2/ldap/LDAPUserModuleImpl.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -50,6 +50,7 @@
import java.util.HashSet;
import java.util.Map;
import java.util.Iterator;
+import java.security.NoSuchAlgorithmException;
/**
* Simple implementation of UserModule for LDAP support. Search of users is limited to one place * containerField - DN
@@ -234,7 +235,7 @@
}
- //TODO:how to properly store password? encoding and let specify the method?
+
public User createUser(String userName, String password, String realEmail) throws IdentityException, IllegalArgumentException
{
//TODO:handle email parameter
@@ -268,7 +269,7 @@
String attributeName = (String)it1.next();
log.debug("adding attribute: " + attributeName);
Attribute attr = new BasicAttribute(attributeName);
- List attributeValues = (List)attributesToAdd.get(attributeName);
+ Set attributeValues = (Set)attributesToAdd.get(attributeName);
//values
for (Iterator it2 = attributeValues.iterator(); it2.hasNext();)
@@ -280,9 +281,17 @@
attrs.put(attr);
}
- //TODO: correctly store password... encode it and choose the method?
- //TODO: make password attribute name configurable?
- attrs.put("userpassword", password);
+ String algorithm = getHashAlgorightm();
+ if (algorithm == null)
+ {
+ attrs.put(getPasswordAttributeId(), password);
+ }
+ else
+ {
+ attrs.put(getPasswordAttributeId(), Tools.hashAndEncodeString(password,algorithm, getHashEncoding()));
+ }
+
+ attrs.put(getPasswordAttributeId(), password);
//
String dn = getUidAttributeID().concat("=").concat(userName);
@@ -290,6 +299,10 @@
log.debug("creating ldap entry for: " + dn + "; " + attrs);
ctx.createSubcontext(dn, attrs);
}
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new IdentityException("Failed to create user", e);
+ }
catch (NamingException e)
{
throw new IdentityException("Failed to create user", e);
@@ -429,12 +442,16 @@
{
throw new IdentityException("LDAP entry doesn't contain proper attribute:" + getUidAttributeID());
}
- //ldapu = new LDAPUserImpl(uida.getID().concat("=").concat((String)uida.get()) + "," + getContainerDN(),identityContext);
- ldapu = new LDAPUserImpl(dn,identityContext);
- ldapu.setId((String)uida.get());
- //TODO:handle password
+ Attribute passwd = attrs.get(getPasswordAttributeId());
+ if (passwd == null)
+ {
+ throw new IdentityException("LDAP entry doesn't contain proper attribute:" + getPasswordAttributeId());
+ }
+ ldapu = new LDAPUserImpl(dn,identityContext, passwd.get().toString());
+ ldapu.setId(uida.get().toString());
+
log.debug("user uid: " + ldapu.getId());
log.debug("user dn: " + ldapu.getDn());
@@ -472,6 +489,28 @@
return uid;
}
+ private String getHashAlgorightm()
+ {
+ try
+ {
+ return getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ALGORITHM);
+ }
+ catch(Exception e)
+ {
+ return null;
+ }
+ }
+
+ public String getHashEncoding() throws IdentityException
+ {
+ String enc = getIdentityConfiguration().getValue(IdentityConfiguration.HASH_ENCODING);
+ if (enc == null)
+ {
+ return "hex";
+ }
+ return enc;
+ }
+
/*public void setUidAttributeID(String uidAttributeID)
{
this.uidAttributeID = uidAttributeID;
@@ -503,9 +542,30 @@
public String getContainerDN() throws IdentityException
{
- return getIdentityConfiguration().getValue(IdentityConfiguration.USER_CONTAINER_DN);
+ String cont = getIdentityConfiguration().getValue(IdentityConfiguration.USER_CONTAINER_DN);
+ if (cont == null)
+ {
+ throw new IdentityException("Configuration option missing: " + IdentityConfiguration.USER_CONTAINER_DN);
+ }
+ return cont;
}
+ public String getPasswordAttributeId() throws IdentityException
+ {
+ String passwd = getIdentityConfiguration().getValue(IdentityConfiguration.USER_PASSWORD_ATTRIBUTE_ID);
+ if (passwd == null)
+ {
+ return "userPassword";
+ }
+ else
+ {
+ return passwd;
+ }
+
+ }
+
+
+
/*public void setContainerDN(String containerDN)
{
this.containerDN = containerDN;
Modified: trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticGroupMembershipModuleTestCase.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticGroupMembershipModuleTestCase.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticGroupMembershipModuleTestCase.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -205,8 +205,8 @@
public void testAssignUsers() throws Exception
{
Set users = new HashSet();
- users.add((LDAPUserImpl)userModule.findUserByUserName("jduke1"));
- users.add((LDAPUserImpl)userModule.findUserByUserName("jduke4"));
+ users.add(userModule.findUserByUserName("jduke3"));
+ users.add(userModule.findUserByUserName("jduke4"));
LDAPRoleImpl role = (LDAPRoleImpl)roleModule.findRoleByName("Echo1");
membershipModule.assignUsers(role,users);
@@ -222,8 +222,13 @@
names.add(user.getDn());
}
- assertTrue(names.contains("uid=jduke1,ou=People," + suffix));
+ assertTrue(names.contains("uid=jduke3,ou=People," + suffix));
assertTrue(names.contains("uid=jduke4,ou=People," + suffix));
+
+ /*membershipModule.assignUsers(role,new HashSet());
+ users = membershipModule.getUsers(role);
+
+ assertEquals(0, users.size());*/
}
Added: trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticRoleMembershipModuleTestCase.java
===================================================================
--- trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticRoleMembershipModuleTestCase.java 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/identity/src/main/org/jboss/portal/test/identity/ldap/LDAPStaticRoleMembershipModuleTestCase.java 2006-11-15 00:23:20 UTC (rev 5653)
@@ -0,0 +1,313 @@
+/*
+* JBoss, a division of Red Hat
+* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.portal.test.identity.ldap;
+
+import junit.framework.TestSuite;
+import org.jboss.portal.identity.UserModule;
+import org.jboss.portal.identity.RoleModule;
+import org.jboss.portal.identity2.MembershipModule;
+import org.jboss.portal.identity2.IdentityContextImpl;
+import org.jboss.portal.identity2.IdentityConfiguration;
+import org.jboss.portal.identity2.ldap.LDAPConnectionContext;
+import org.jboss.portal.identity2.ldap.LDAPUserModuleImpl;
+import org.jboss.portal.identity2.ldap.LDAPRoleModuleImpl;
+import org.jboss.portal.identity2.ldap.LDAPRoleImpl;
+import org.jboss.portal.identity2.ldap.LDAPUserImpl;
+import org.jboss.portal.identity2.ldap.LDAPStaticRoleMembershipModuleImpl;
+import org.jboss.portal.identity2.config.SimpleConfigurationImpl;
+import org.jboss.portal.test.framework.TestRuntimeContext;
+import org.jboss.portal.test.identity.MembershipStrategyTest;
+
+import java.util.Set;
+import java.util.List;
+import java.util.LinkedList;
+import java.util.Iterator;
+import java.util.HashSet;
+
+/**
+ * @author <a href="mailto:boleslaw.dawidowicz at jboss.org">Boleslaw Dawidowicz</a>
+ * @version $Revision: 1.1 $
+ */
+public class LDAPStaticRoleMembershipModuleTestCase extends LDAPMembershipModuleTestCase
+{
+
+ private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(LDAPStaticRoleMembershipModuleTestCase.class);
+
+ public static TestSuite suite() throws Exception
+ {
+ return createTestSuite(LDAPStaticRoleMembershipModuleTestCase.class);
+ }
+
+ private UserModule userModule;
+
+ private RoleModule roleModule;
+
+ private MembershipModule membershipModule;
+
+ private String suffix;
+
+ public void setUp() throws Exception
+ {
+ runtimeContext = new TestRuntimeContext("org/jboss/portal/test/identity/ldap-beans.xml");
+ runtimeContext.addBean("LDAPTestBean", this);
+
+ IdentityContextImpl context = new IdentityContextImpl();
+ context.start();
+ identityContext = context;
+
+ SimpleConfigurationImpl configuration = new SimpleConfigurationImpl();
+ configuration.setIdentityContext(identityContext);
+ configuration.setConfigFile(getDirectoryServerConfigParameter().getConfigFile());
+ configuration.start();
+
+ //provide small configuration change to use another branch of ldap tree
+ Set values = new HashSet();
+ values.add("ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com");
+ configuration.setValues(IdentityConfiguration.GROUP_COMMON,IdentityConfiguration.ROLE_CONTAINER_DN, values);
+ values = new HashSet();
+ values.add("ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com");
+ configuration.setValues(IdentityConfiguration.GROUP_COMMON,IdentityConfiguration.USER_CONTAINER_DN, values);
+ values = new HashSet();
+ values.add("memberOf");
+ configuration.setValues(IdentityConfiguration.GROUP_COMMON,IdentityConfiguration.MEMBERSHIP_ATTRIBUTE_ID, values);
+
+ LDAPConnectionContext connection = new LDAPConnectionContext();
+ connection.setIdentityContext(identityContext);
+ connection.start();
+
+ LDAPUserModuleImpl userModule = new LDAPUserModuleImpl();
+ userModule.setIdentityContext(identityContext);
+
+ //userModule.setContainerDN("ou=People,dc=jboss,dc=org");
+ //userModule.setUidAttributeID("uid");
+
+ userModule.start();
+ this.userModule = userModule;
+
+ LDAPRoleModuleImpl roleModule = new LDAPRoleModuleImpl();
+ roleModule.setIdentityContext(identityContext);
+ //roleModule.setContainerDN("ou=Roles,dc=jboss,dc=org");
+ //roleModule.setRidAttributeID("cn");
+ roleModule.start();
+ this.roleModule = roleModule;
+
+ LDAPStaticRoleMembershipModuleImpl membership = new LDAPStaticRoleMembershipModuleImpl();
+ membership.setIdentityContext(identityContext);
+ //membership.setUidAttributeID("member");
+ //membership.setUidAttributeIsDN(true);
+ membership.start();
+ this.membershipModule = membership;
+
+ mstc = new MembershipStrategyTest();
+ mstc.setContext(this);
+ mstc.setMembershipModule(membership);
+ mstc.setUserModule(userModule);
+ mstc.setRoleModule(roleModule);
+
+ suffix = getDirectoryServerConfigParameter().getCleanUpDN();
+
+
+ super.setUp();
+ }
+
+ //TODO:extend this
+ public void testGetUsers() throws Exception
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)roleModule.findRoleByName("Echo");
+ Set users = membershipModule.getUsers(role);
+ assertEquals(3, users.size());
+
+ List names = new LinkedList();
+
+ for (Iterator iterator = users.iterator(); iterator.hasNext();)
+ {
+ LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ names.add(user.getDn());
+ }
+ assertTrue(names.contains("uid=jduke,ou=People,o=example2," + suffix));
+ assertTrue(names.contains("uid=jduke1,ou=People,o=example2," + suffix));
+ assertTrue(names.contains("uid=jduke2,ou=People,o=example2," + suffix));
+
+ role = (LDAPRoleImpl)roleModule.findRoleByName("Echo1");
+ users = membershipModule.getUsers(role);
+ assertEquals(2, users.size());
+
+ names = new LinkedList();
+
+ for (Iterator iterator = users.iterator(); iterator.hasNext();)
+ {
+ LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ names.add(user.getDn());
+ }
+ assertTrue(names.contains("uid=jduke1,ou=People,o=example2," + suffix));
+ assertTrue(names.contains("uid=jduke2,ou=People,o=example2," + suffix));
+
+ role = (LDAPRoleImpl)roleModule.findRoleByName("TheDuke");
+ users = membershipModule.getUsers(role);
+ assertEquals(1, users.size());
+
+ names = new LinkedList();
+
+ for (Iterator iterator = users.iterator(); iterator.hasNext();)
+ {
+ LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ names.add(user.getDn());
+ }
+ assertTrue(names.contains("uid=jduke2,ou=People,o=example2," + suffix));
+
+ role = (LDAPRoleImpl)roleModule.findRoleByName("EmptyRole");
+ users = membershipModule.getUsers(role);
+ assertEquals(0, users.size());
+
+ }
+
+ //TODO:extend this
+ public void testGetRoles() throws Exception
+ {
+ LDAPUserImpl user = (LDAPUserImpl)userModule.findUserByUserName("jduke");
+ Set roles = membershipModule.getRoles(user);
+ assertEquals(1, roles.size());
+
+ List roleNames = new LinkedList();
+
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ roleNames.add(role.getDn());
+ }
+ assertTrue(roleNames.contains("cn=Echo,ou=Roles,o=example2," + suffix));
+
+ user = (LDAPUserImpl)userModule.findUserByUserName("jduke1");
+ roles = membershipModule.getRoles(user);
+ assertEquals(2, roles.size());
+
+ roleNames = new LinkedList();
+
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ roleNames.add(role.getDn());
+ }
+ assertTrue(roleNames.contains("cn=Echo,ou=Roles,o=example2," + suffix));
+ assertTrue(roleNames.contains("cn=Echo1,ou=Roles,o=example2," + suffix));
+
+ user = (LDAPUserImpl)userModule.findUserByUserName("jduke2");
+ roles = membershipModule.getRoles(user);
+ assertEquals(3, roles.size());
+
+ roleNames = new LinkedList();
+
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ roleNames.add(role.getDn());
+ }
+ assertTrue(roleNames.contains("cn=Echo,ou=Roles,o=example2," + suffix));
+ assertTrue(roleNames.contains("cn=Echo1,ou=Roles,o=example2," + suffix));
+ assertTrue(roleNames.contains("cn=TheDuke,ou=Roles,o=example2," + suffix));
+
+ user = (LDAPUserImpl)userModule.findUserByUserName("jduke3");
+ roles = membershipModule.getRoles(user);
+ assertEquals(0, roles.size());
+
+ }
+
+
+ //TODO:extend this
+ public void testAssignRoles() throws Exception
+ {
+ Set roles = new HashSet();
+ roles.add(roleModule.findRoleByName("Echo"));
+ roles.add(roleModule.findRoleByName("TheDuke"));
+ LDAPUserImpl user = (LDAPUserImpl)userModule.findUserByUserName("jduke");
+ LDAPUserImpl user1 = (LDAPUserImpl)userModule.findUserByUserName("jduke4");
+ membershipModule.assignRoles(user,roles);
+ membershipModule.assignRoles(user1,roles);
+
+ roles = membershipModule.getRoles(user);
+
+ assertEquals(2, roles.size());
+
+ List names = new LinkedList();
+
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ names.add(role.getDn());
+ }
+
+ assertTrue(names.contains("cn=Echo,ou=Roles,o=example2," + suffix));
+ assertTrue(names.contains("cn=TheDuke,ou=Roles,o=example2," + suffix));
+
+ roles = membershipModule.getRoles(user1);
+
+ assertEquals(2, roles.size());
+
+ names = new LinkedList();
+
+ for (Iterator iterator = roles.iterator(); iterator.hasNext();)
+ {
+ LDAPRoleImpl role = (LDAPRoleImpl)iterator.next();
+ names.add(role.getDn());
+ }
+
+ assertTrue(names.contains("cn=Echo,ou=Roles,o=example2," + suffix));
+ assertTrue(names.contains("cn=TheDuke,ou=Roles,o=example2," + suffix));
+
+ membershipModule.assignRoles(user1,new HashSet());
+ roles = membershipModule.getRoles(user1);
+
+ assertEquals(0, roles.size());
+
+ }
+
+
+ //TODO:extend this
+ public void testAssignUsers() throws Exception
+ {
+ Set users = new HashSet();
+ users.add(userModule.findUserByUserName("jduke3"));
+ users.add(userModule.findUserByUserName("jduke4"));
+ LDAPRoleImpl role = (LDAPRoleImpl)roleModule.findRoleByName("Echo1");
+ membershipModule.assignUsers(role,users);
+
+ users = membershipModule.getUsers(role);
+
+ assertEquals(2, users.size());
+
+ List names = new LinkedList();
+
+ for (Iterator iterator = users.iterator(); iterator.hasNext();)
+ {
+ LDAPUserImpl user = (LDAPUserImpl)iterator.next();
+ names.add(user.getDn());
+ }
+
+ assertTrue(names.contains("uid=jduke3,ou=People,o=example2," + suffix));
+ assertTrue(names.contains("uid=jduke4,ou=People,o=example2," + suffix));
+
+ membershipModule.assignUsers(role,new HashSet());
+ users = membershipModule.getUsers(role);
+
+ assertEquals(0, users.size());
+ }
+}
Modified: trunk/test/src/etc/identityconfig/opends-config.xml
===================================================================
--- trunk/test/src/etc/identityconfig/opends-config.xml 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/test/src/etc/identityconfig/opends-config.xml 2006-11-15 00:23:20 UTC (rev 5653)
@@ -56,6 +56,18 @@
<value>uid</value>
</option>
<option>
+ <name>passwordAttributeID</name>
+ <value>userPassword</value>
+ </option>
+ <option>
+ <name>hashAlgorithm</name>
+ <value>MD5</value>
+ </option>
+ <option>
+ <name>hashEncoding</name>
+ <value>hex</value>
+ </option>
+ <option>
<name>roleContainerDN</name>
<value>ou=Roles,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</value>
</option>
@@ -68,11 +80,11 @@
<value>cn</value>
</option>
<option>
- <name>roleMemberAttributeID</name>
+ <name>membershipAttributeID</name>
<value>member</value>
</option>
<option>
- <name>memberAttributeIsDN</name>
+ <name>membershipAttributeIsDN</name>
<value>true</value>
</option>
</option-group>
Modified: trunk/test/src/etc/identityconfig/rhds-config.xml
===================================================================
--- trunk/test/src/etc/identityconfig/rhds-config.xml 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/test/src/etc/identityconfig/rhds-config.xml 2006-11-15 00:23:20 UTC (rev 5653)
@@ -56,6 +56,18 @@
<value>uid</value>
</option>
<option>
+ <name>passwordAttributeID</name>
+ <value>userPassword</value>
+ </option>
+ <option>
+ <name>hashAlgorithm</name>
+ <value>MD5</value>
+ </option>
+ <option>
+ <name>hashEncoding</name>
+ <value>hex</value>
+ </option>
+ <option>
<name>roleContainerDN</name>
<value>ou=Roles,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com</value>
</option>
@@ -68,11 +80,11 @@
<value>cn</value>
</option>
<option>
- <name>roleMemberAttributeID</name>
+ <name>membershipAttributeID</name>
<value>member</value>
</option>
<option>
- <name>memberAttributeIsDN</name>
+ <name>membershipAttributeIsDN</name>
<value>true</value>
</option>
</option-group>
Modified: trunk/test/src/etc/ldap/ldif/initial-tests-qa.ldif
===================================================================
--- trunk/test/src/etc/ldap/ldif/initial-tests-qa.ldif 2006-11-15 00:00:33 UTC (rev 5652)
+++ trunk/test/src/etc/ldap/ldif/initial-tests-qa.ldif 2006-11-15 00:23:20 UTC (rev 5653)
@@ -23,7 +23,6 @@
objectclass: top
objectclass: inetOrgPerson
objectclass: person
-objectclass: inetUser
uid: jduke1
cn: Java Duke1
sn: Duke1
@@ -34,7 +33,6 @@
objectclass: top
objectclass: inetOrgPerson
objectclass: person
-objectclass: inetUser
uid: jduke2
cn: Java Duke2
sn: Duke2
@@ -44,7 +42,6 @@
objectclass: top
objectclass: inetOrgPerson
objectclass: person
-objectclass: inetUser
uid: jduke3
cn: Java Duke3
sn: Duke3
@@ -54,7 +51,6 @@
objectclass: top
objectclass: inetOrgPerson
objectclass: person
-objectclass: inetUser
uid: jduke4
cn: Java Duke4
sn: Duke4
@@ -88,6 +84,101 @@
objectClass: top
cn: TheDuke
description: TheDuke role context
-member: uid=jduke,ou=People,dc=jboss,dc=org
+member: uid=jduke,ou=People,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+# tree2
+dn: o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: organization
+o: example2
+
+dn: ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: People
+
+dn: uid=jduke,ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: inetUser
+uid: jduke
+cn: Java Duke
+sn: Duke
+userPassword: theduke
+memberOf: cn=Echo,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+
+dn: uid=jduke1,ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: inetUser
+uid: jduke1
+cn: Java Duke1
+sn: Duke1
+userPassword: theduke
+memberOf: cn=Echo,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+memberOf: cn=Echo1,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+
+
+dn: uid=jduke2,ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: inetUser
+uid: jduke2
+cn: Java Duke2
+sn: Duke2
+userPassword: theduke
+memberOf: cn=Echo,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+memberOf: cn=Echo1,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+memberOf: cn=TheDuke,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+
+
+dn: uid=jduke3,ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: inetUser
+uid: jduke3
+cn: Java Duke3
+sn: Duke3
+userPassword: theduke
+
+dn: uid=jduke4,ou=People,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: inetOrgPerson
+objectclass: inetUser
+uid: jduke4
+cn: Java Duke4
+sn: Duke4
+userPassword: theduke
+
+dn: ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: cn=Echo,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectClass: top
+objectClass: organizationalRole
+cn: Echo
+description: the JBossAdmin group
+
+dn: cn=Echo1,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectClass: top
+objectClass: organizationalRole
+cn: Echo1
+description: the JBossAdmin group 2
+
+
+dn: cn=TheDuke,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectClass: top
+objectClass: organizationalRole
+cn: TheDuke
+description: TheDuke role context
+
+dn: cn=EmptyRole,ou=Roles,o=example2,dc=testsuite,dc=portal,dc=qa,dc=atl,dc=jboss,dc=com
+objectClass: top
+objectClass: organizationalRole
+cn: EmptyRole
+description: EmptyRole role context
+
+
More information about the jboss-svn-commits
mailing list