[seam-commits] Seam SVN: r7741 - trunk/src/main/org/jboss/seam/security/management.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Sat Mar 29 04:52:22 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-03-29 04:52:22 -0400 (Sat, 29 Mar 2008)
New Revision: 7741
Modified:
trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
Log:
enable/disable users
Modified: trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-03-28 21:35:42 UTC (rev 7740)
+++ trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-03-29 08:52:22 UTC (rev 7741)
@@ -16,6 +16,8 @@
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
@@ -36,6 +38,10 @@
@BypassInterceptors
public class LdapIdentityStore implements IdentityStore, Serializable
{
+ // constants for LDAP syntax 1.3.6.1.4.1.1466.115.121.1.7 (boolean)
+ private static final String LDAP_BOOLEAN_TRUE = "TRUE";
+ private static final String LDAP_BOOLEAN_FALSE = "FALSE";
+
protected FeatureSet featureSet = new FeatureSet(FeatureSet.FEATURE_ALL);
private String serverAddress = "localhost";
@@ -68,6 +74,8 @@
private String fullNameAttribute = "cn";
+ private String enabledAttribute = null;
+
private String roleNameAttribute = "cn";
private String objectClassAttribute = "objectClass";
@@ -241,6 +249,16 @@
this.fullNameAttribute = fullNameAttribute;
}
+ public String getEnabledAttribute()
+ {
+ return enabledAttribute;
+ }
+
+ public void setEnabledAttribute(String enabledAttribute)
+ {
+ this.enabledAttribute = enabledAttribute;
+ }
+
public String getObjectClassAttribute()
{
return objectClassAttribute;
@@ -329,16 +347,43 @@
{
String securityPrincipal = getUserDN(username);
+ InitialLdapContext ctx = null;
try
{
- InitialLdapContext ctx = initialiseContext(securityPrincipal, password);
- ctx.close();
+ ctx = initialiseContext(securityPrincipal, password);
+
+ if (getEnabledAttribute() != null)
+ {
+ Attributes attribs = ctx.getAttributes(securityPrincipal, new String[] { getEnabledAttribute() });
+ Attribute enabledAttrib = attribs.get( getEnabledAttribute() );
+ if (enabledAttrib != null)
+ {
+ for (int r = 0; r < enabledAttrib.size(); r++)
+ {
+ Object value = enabledAttrib.get(r);
+ if (LDAP_BOOLEAN_TRUE.equals(value)) return true;
+ }
+ }
+ return false;
+ }
+
return true;
}
catch (NamingException ex)
{
throw new IdentityManagementException("Authentication error", ex);
}
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean changePassword(String name, String password)
@@ -362,11 +407,8 @@
roleClass.add(objectClass);
}
- BasicAttribute roleName = new BasicAttribute(getRoleNameAttribute());
- roleName.add(role);
-
roleAttribs.put(roleClass);
- roleAttribs.put(roleName);
+ roleAttribs.put(new BasicAttribute(getRoleNameAttribute(), role));
String roleDN = String.format("%s=%s,%s", getRoleNameAttribute(), role, getRoleContextDN() );
ctx.createSubcontext(roleDN, roleAttribs);
@@ -377,6 +419,17 @@
{
throw new IdentityManagementException("Failed to create role", ex);
}
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean createUser(String username, String password, String firstname, String lastname)
@@ -394,37 +447,30 @@
userClass.add(objectClass);
}
- BasicAttribute usernameAttrib = new BasicAttribute(getUserNameAttribute());
- usernameAttrib.add(username);
-
- BasicAttribute passwordAttrib = new BasicAttribute(getUserPasswordAttribute());
- passwordAttrib.add(PasswordHash.generateHash(password));
-
userAttribs.put(userClass);
- userAttribs.put(usernameAttrib);
- userAttribs.put(passwordAttrib);
+ userAttribs.put(new BasicAttribute(getUserNameAttribute(), username));
+ userAttribs.put(new BasicAttribute(getUserPasswordAttribute(), password));
if (getFirstNameAttribute() != null && firstname != null)
{
- BasicAttribute firstNameAttrib = new BasicAttribute(getFirstNameAttribute());
- firstNameAttrib.add(firstname);
- userAttribs.put(firstNameAttrib);
+ userAttribs.put(new BasicAttribute(getFirstNameAttribute(), firstname));
}
if (getLastNameAttribute() != null && lastname != null)
{
- BasicAttribute lastNameAttrib = new BasicAttribute(getLastNameAttribute());
- lastNameAttrib.add(lastname);
- userAttribs.put(lastNameAttrib);
+ userAttribs.put(new BasicAttribute(getLastNameAttribute(), lastname));
}
if (getFullNameAttribute() != null && firstname != null && lastname != null)
{
- BasicAttribute fullNameAttrib = new BasicAttribute(getFullNameAttribute());
- fullNameAttrib.add(firstname + " " + lastname);
- userAttribs.put(fullNameAttrib);
+ userAttribs.put(new BasicAttribute(getFullNameAttribute(), firstname + " " + lastname));
}
+ if (getEnabledAttribute() != null)
+ {
+ userAttribs.put(new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE));
+ }
+
String userDN = String.format("%s=%s,%s", getUserNameAttribute(), username, getUserContextDN() );
ctx.createSubcontext(userDN, userAttribs);
@@ -434,6 +480,17 @@
{
throw new IdentityManagementException("Failed to create user", ex);
}
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean createUser(String username, String password)
@@ -456,6 +513,17 @@
{
throw new IdentityManagementException("Failed to delete role", ex);
}
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean roleExists(String role)
@@ -527,24 +595,123 @@
{
throw new IdentityManagementException("Failed to delete user", ex);
}
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean isUserEnabled(String name)
{
- // TODO implement this somehow
- return true;
+ if (getEnabledAttribute() == null) return true;
+
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = initialiseContext();
+
+ String userDN = getUserDN(name);
+ Attributes attribs = ctx.getAttributes(userDN, new String[] { getEnabledAttribute() });
+ Attribute enabledAttrib = attribs.get( getEnabledAttribute() );
+ if (enabledAttrib != null)
+ {
+ for (int r = 0; r < enabledAttrib.size(); r++)
+ {
+ Object value = enabledAttrib.get(r);
+ if (LDAP_BOOLEAN_TRUE.equals(value)) return true;
+ }
+ }
+
+ return false;
+ }
+ catch (NamingException ex)
+ {
+ throw new IdentityManagementException("Failed to delete user", ex);
+ }
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean disableUser(String name)
{
- // TODO Auto-generated method stub
- return false;
+ if (getEnabledAttribute() == null) return false;
+
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = initialiseContext();
+
+ String userDN = getUserDN(name);
+ BasicAttribute enabledAttrib = new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_FALSE);
+ ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, enabledAttrib);
+
+ ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
+ return true;
+ }
+ catch (NamingException ex)
+ {
+ throw new IdentityManagementException("Failed to disable user", ex);
+ }
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public boolean enableUser(String name)
{
- // TODO Auto-generated method stub
- return false;
+ if (getEnabledAttribute() == null) return false;
+
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = initialiseContext();
+
+ String userDN = getUserDN(name);
+ BasicAttribute enabledAttrib = new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE);
+ ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, enabledAttrib);
+
+ ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
+ return true;
+ }
+ catch (NamingException ex)
+ {
+ throw new IdentityManagementException("Failed to disable user", ex);
+ }
+ finally
+ {
+ if (ctx != null)
+ {
+ try
+ {
+ ctx.close();
+ }
+ catch (NamingException ex) {}
+ }
+ }
}
public List<String> getGrantedRoles(String name)
More information about the seam-commits
mailing list