portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject svn commit: r483771 [2/5] - in /portals/jetspeed-2/trunk/components/security: etc/ src/java/org/apache/jetspeed/security/spi/impl/ src/java/org/apache/jetspeed/security/spi/impl/ldap/ src/test/JETSPEED-INF/directory/config/apacheds/ src/test/JETSPEED-I...
Date Fri, 08 Dec 2006 01:47:33 GMT
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java?view=diff&rev=483771&r1=483770&r2=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java Thu Dec  7 17:47:28 2006
@@ -1,480 +1,472 @@
-package org.apache.jetspeed.security.spi.impl.ldap;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.naming.Name;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-import javax.naming.ldap.LdapName;
-*/
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.impl.UserPrincipalImpl;
-
-
-public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao {
-
-	public LdapMemberShipDaoImpl() throws SecurityException {
-		super();
-	}
-	
-	public LdapMemberShipDaoImpl(LdapBindingConfig config) throws SecurityException {
-		super(config);
-	}	
-
-	/** The logger. */
-    private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByGroup(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException {
-		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
-		String query = "(&(" + getGroupMembershipAttribute() + "=" + subfilter + ")" + getGroupFilter()  + ")";
-		
-	    if (logger.isDebugEnabled())
-	    {
-	        logger.debug("query[" + query + "]");
-	    }
-
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-        Name name = new LdapName(getGroupFilterBase());
-	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
-*/
-	   List groupPrincipalUids = new ArrayList();
-/*       
-	    while (searchResults.hasMore())
-	    {
-	        SearchResult result = (SearchResult) searchResults.next();
-	        Attributes answer = result.getAttributes();
-	
-	        groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer)));
-	    }
-*/        
-	    return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]);
-	
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchGroupMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
-		NamingEnumeration searchResults = searchByWildcardedUid(userPrincipalUid, cons);
-	    
-	    if (!searchResults.hasMore())
-	    {
-	        throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
-	    }
-	
-	    Attributes userAttributes = getFirstUser(searchResults);
-	    List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes));
-	    return (String[]) uids.toArray(new String[uids.size()]);
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByRole(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException {
-		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
-		String query = "(&(" + getRoleMembershipAttribute() + "=" + subfilter + ")" + getRoleFilter()  + ")";
-		
-	    if (logger.isDebugEnabled())
-	    {
-	        logger.debug("query[" + query + "]");
-	    }
-
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-	    Name name = new LdapName(getRoleFilterBase()) ;
-	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
-*/	
-	    List rolePrincipalUids = new ArrayList();
-/*        
-	     while (searchResults.hasMore())
-	     {
-	    	 
-	         SearchResult result = (SearchResult) searchResults.next();
-	         Attributes answer = result.getAttributes();
-	
-	         rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
-	     }
-*/         
-	     return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchRoleMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
-	
-		NamingEnumeration results = searchByWildcardedUid(userPrincipalUid, cons);
-	
-		if (!results.hasMore())
-		{
-		    throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
-		}
-		
-		Attributes userAttributes = getFirstUser(results);
-		List newAttrs = new ArrayList();
-		Attribute attr = getAttribute(getUserRoleMembershipAttribute(), userAttributes);
-		 List attrs = getAttributes(attr);
-		        Iterator it = attrs.iterator();
-		        while(it.hasNext()) {
-		        	String cnfull = (String)it.next();
-		        	String cn = extractCn(cnfull);
-		        	newAttrs.add(cn);
-		        }
-		//List uids = getAttributes(attr);
-		return (String[]) newAttrs.toArray(new String[newAttrs.size()]);
-	}
-
-//	/**
-//	 * <p>
-//	 * Search user by group.
-//	 * </p>
-//	 * 
-//	 * @param groupPrincipalUid
-//	 * @param cons
-//	 * @return
-//	 * @throws NamingException A {@link NamingException}.
-//	 */
-//	private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
-//	        throws NamingException
-//	{
-//	    String query = "(&(cn=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
-//	
-//	    if (logger.isDebugEnabled())
-//	    {
-//	        logger.debug("query[" + query + "]");
-//	    }
-//	    NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-//	
-//	    return searchResults;
-//	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByGroup(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchUsersFromGroupByGroup(final String groupPrincipalUid, SearchControls cons)
-	        throws NamingException
-	{
-	
-		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
-	    
-		if (logger.isDebugEnabled())
-	    {
-	        logger.debug("query[" + query + "]");
-	    }
-	    
-	    ArrayList userPrincipalUids=new ArrayList();
-	    
-	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
-		
-	    while (results.hasMore())
-	    {
-	        SearchResult result = (SearchResult) results.next();
-	        Attributes answer = result.getAttributes();
-	        
-	        List newAttrs = new ArrayList();
-	        
-	        Attribute userPrincipalUid = getAttribute(getGroupMembershipAttribute(), answer);
-	        List attrs = getAttributes(userPrincipalUid);
-	        Iterator it = attrs.iterator();
-	        while(it.hasNext()) {
-	        	String uidfull = (String)it.next();
-	        	String uid = extractUid(uidfull);
-	        	if (uidfull.indexOf(getUserFilterBase())!=-1)
-	        		newAttrs.add(uid);
-	        }
-	        userPrincipalUids.addAll(newAttrs);
-	    }
-	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchUsersFromGroupByUser(final String groupPrincipalUid, SearchControls cons)
-	        throws NamingException
-	{
-		
-		String subfilter = getGroupIdAttribute() + "=" 	+  getGroupFilterBase(); 
-	    if (getGroupFilterBase()!=null && !getGroupFilterBase().equals("")) subfilter+="," + getGroupFilterBase();
-	    subfilter+="," + getRootContext();
-		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
-	    if (logger.isDebugEnabled())
-	    {
-	        logger.debug("query[" + query + "]");
-	    }
-	    NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-	
-	    ArrayList userPrincipalUids = new ArrayList();
-	    
-	    while (results.hasMore())
-	    {
-	        SearchResult result = (SearchResult) results.next();
-	        Attributes answer = result.getAttributes();
-	
-	        userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
-	    }
-	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-	}
-	
-	public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
-			SearchControls cons) throws NamingException {
-
-		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter()
-				+ ")";
-
-		if (logger.isDebugEnabled()) {
-			logger.debug("query[" + query + "]");
-		}
-
-		ArrayList rolePrincipalUids = new ArrayList();
-
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-
-		while (results.hasMore()) {
-			SearchResult result = (SearchResult) results.next();
-			Attributes answer = result.getAttributes();
-
-			List newAttrs = new ArrayList();
-
-			Attribute userPrincipalUid = getAttribute(
-					getGroupMembershipForRoleAttribute(), answer);
-			List attrs = getAttributes(userPrincipalUid);
-			Iterator it = attrs.iterator();
-			while (it.hasNext()) {
-				String uidfull = (String) it.next();
-				String uid = extractUid(uidfull);
-				if (uidfull.indexOf(getRoleFilterBase())!=-1)
-					newAttrs.add(uid);
-			}
-			rolePrincipalUids.addAll(newAttrs);
-		}
-		return (String[]) rolePrincipalUids
-				.toArray(new String[rolePrincipalUids.size()]);
-	}
-
-	/*
-	 * (non-Javadoc)
-	 * 
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String,
-	 *      javax.naming.directory.SearchControls)
-	 */
-	public String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
-			SearchControls cons) throws NamingException {
-
-		String subfilter = getGroupIdAttribute() + "=" + groupPrincipalUid;
-		if (getGroupFilterBase() != null && !getGroupFilterBase().equals(""))
-			subfilter += "," + getGroupFilterBase() + "," + getRootContext();
-		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "="
-				+ subfilter + ")" + getUserFilter() + ")";
-		if (logger.isDebugEnabled()) {
-			logger.debug("query[" + query + "]");
-		}
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-
-		ArrayList userPrincipalUids = new ArrayList();
-
-		while (results.hasMore()) {
-			SearchResult result = (SearchResult) results.next();
-			Attributes answer = result.getAttributes();
-
-			userPrincipalUids
-					.addAll(getAttributes(getAttribute("uid", answer)));
-		}
-		return (String[]) userPrincipalUids
-				.toArray(new String[userPrincipalUids.size()]);
-	}	
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByRole(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchUsersFromRoleByRole(final String rolePrincipalUid, SearchControls cons)
-	        throws NamingException
-	{
-	
-		String query = "(&(" + getRoleIdAttribute() + "=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
-	    
-		if (logger.isDebugEnabled())
-	    {
-	        logger.debug("query[" + query + "]");
-	    }
-	    
-	    ArrayList userPrincipalUids=new ArrayList();
-	    
-	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
-		
-	    while (results.hasMore())
-	    {
-	        SearchResult result = (SearchResult) results.next();
-	        Attributes answer = result.getAttributes();
-	        
-	        //List cUserPrincipalUid = getAttributes(getAttribute(getRoleMembershipAttribute(), answer));
-	        //TODO: better implementtion
-	        List newAttrs = new ArrayList();
-	        
-	        Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer);
-	        List attrs = getAttributes(userPrincipalUid);
-	        Iterator it = attrs.iterator();
-	        while(it.hasNext()) {
-	        	String uidfull = (String)it.next();
-	        	String uid = extractUid(uidfull);
-	        	newAttrs.add(uid);
-	        }
-	        userPrincipalUids.addAll(newAttrs);
-
-	        
-	        //userPrincipalUids.addAll(cUserPrincipalUid);
-	    }
-	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-	}
-
-	/* (non-Javadoc)
-	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByUser(java.lang.String, javax.naming.directory.SearchControls)
-	 */
-	public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
-	throws NamingException
-	{
-	
-		//TODO: rename params / vars !!!
-		String subfilter = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-		if (getRoleFilterBase()!=null && !getRoleFilterBase().equals("")) subfilter+="," + getRoleFilterBase();
-		subfilter+="," + getRootContext();
-		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
-		if (logger.isDebugEnabled())
-		{
-		    logger.debug("query[" + query + "]");
-		}
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-		
-		ArrayList userPrincipalUids = new ArrayList();
-		
-		while (results.hasMore())
-		{
-		    SearchResult result = (SearchResult) results.next();
-		    Attributes answer = result.getAttributes();
-		
-		    userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
-		}
-		return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-	}
-	
-
-    /**
-     * @param attr
-     * @return
-     * @throws NamingException
-     */
-    protected List getAttributes(Attribute attr) throws NamingException
-    {
-        List uids = new ArrayList();
-        if (attr != null)
-        {
-            Enumeration groupUidEnum = attr.getAll();
-            while (groupUidEnum.hasMoreElements())
-            {
-                uids.add(groupUidEnum.nextElement());
-            }
-        }
-        return uids;
-    }	
-
-    /**
-     * @param results
-     * @return
-     * @throws NamingException
-     */
-    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
-    {
-        SearchResult result = (SearchResult) results.next();
-        Attributes answer = result.getAttributes();
-
-        return answer;
-    }
-    
-	protected String getEntryPrefix() {
-		return "uid";
-	}
-
-	protected String getSearchSuffix() {
-		return this.getUserFilter();
-	}
-
-	/**
-	 * <p>
-	 * A template method for defining the attributes for a particular LDAP class.
-	 * </p>
-	 * 
-	 * @param principalUid The principal uid.
-	 * @return the LDAP attributes object for the particular class.
-	 */
-	protected Attributes defineLdapAttributes(final String principalUid)
-	{
-	    Attributes attrs = new BasicAttributes(true);
-	    BasicAttribute classes = new BasicAttribute("objectclass");
-	
-	    classes.add("top");
-	    classes.add("person");
-	    classes.add("organizationalPerson");
-	    classes.add("inetorgperson");
-	    attrs.put(classes);
-	    attrs.put("cn", principalUid);
-	    attrs.put("sn", principalUid);
-	
-	    return attrs;
-	}
-
-	/**
-	     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-	     */
-	    protected String getDnSuffix()
-	    {
-	        return this.getUserFilterBase();
-	    }
-
-	/**
-	 * <p>
-	 * Creates a GroupPrincipal object.
-	 * </p>
-	 * 
-	 * @param principalUid The principal uid.
-	 * @return A group principal object.
-	 */
-	protected Principal makePrincipal(String principalUid)
-	{
-	    return new UserPrincipalImpl(principalUid);
-	}    
-	
-	private String extractUid(String ldapName) {
-		if (ldapName.indexOf(",")!=-1)
-			return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.indexOf(","));
-		return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.length());
-	}
-	
-	private String extractCn(String ldapName) {
-		if (ldapName.indexOf(",")!=-1)
-			return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.indexOf(","));
-		return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.length());
-	}
-	
-	protected String[] getObjectClasses() {
-		return this.getUserObjectClasses();
-	}
-	
-	
-}
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
+
+
+public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao {
+
+	/** The logger. */
+	private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
+
+	public LdapMemberShipDaoImpl() throws SecurityException {
+		super();
+	}
+	
+	public LdapMemberShipDaoImpl(LdapBindingConfig config) throws SecurityException {
+		super(config);
+	}	
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		
+		String query = "(&(" + getGroupMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getGroupFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    cons.setSearchScope(getSearchScope());
+        String groupFilterBase = getGroupFilterBase();
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(groupFilterBase,query , cons);	    
+
+	   List groupPrincipalUids = new ArrayList();
+	    while (searchResults.hasMore())
+	    {
+	        SearchResult result = (SearchResult) searchResults.next();
+	        Attributes answer = result.getAttributes();
+	        groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer)));
+	    }
+	    return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]);
+	
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		NamingEnumeration searchResults = searchByWildcardedUid(userPrincipalUid, cons);
+	    
+	    if (!searchResults.hasMore())
+	    {
+	        throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+	    }
+	    
+		Attributes userAttributes = getFirstUser(searchResults);
+		List groupUids = new ArrayList();
+		Attribute attr = getAttribute(getUserGroupMembershipAttribute(), userAttributes);
+		 List attrs = getAttributes(attr);
+		        Iterator it = attrs.iterator();
+		        while(it.hasNext()) {
+		        	String cnfull = (String)it.next();
+		        	if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) {
+			        	String cn = extractLdapAttr(cnfull,getRoleUidAttribute());
+			        	groupUids.add(cn);
+		        	}
+		        }
+	    //List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes),getGroupFilterBase());
+	    return (String[]) groupUids.toArray(new String[groupUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException {
+
+		String query = "(&(" + getRoleMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getRoleFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);
+	    List rolePrincipalUids = new ArrayList();
+	     while (searchResults.hasMore())
+	     {
+	    	 
+	         SearchResult result = (SearchResult) searchResults.next();
+	         Attributes answer = result.getAttributes();
+	         rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
+	     }
+	     return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+	
+		NamingEnumeration results = searchByWildcardedUid(userPrincipalUid, cons);
+	
+		if (!results.hasMore())
+		{
+		    throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+		}
+		
+		Attributes userAttributes = getFirstUser(results);
+		List newAttrs = new ArrayList();
+		Attribute attr = getAttribute(getUserRoleMembershipAttribute(), userAttributes);
+		 List attrs = getAttributes(attr);
+		        Iterator it = attrs.iterator();
+		        while(it.hasNext()) {
+		        	String cnfull = (String)it.next();
+		        	if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) {
+			        	String cn = extractLdapAttr(cnfull,getRoleUidAttribute());
+			        	newAttrs.add(cn);
+		        	}
+		        }
+		return (String[]) newAttrs.toArray(new String[newAttrs.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByGroup(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+	    
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getGroupFilterBase(),query , cons);	    
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        List newAttrs = new ArrayList();
+	        
+	        Attribute userPrincipalUid = getAttribute(getGroupMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	if (!StringUtils.isEmpty(uidfull)) {
+		        	if (uidfull.toLowerCase().indexOf(getUserFilterBase().toLowerCase())!=-1) {
+			        	String uid = extractLdapAttr(uidfull,getUserIdAttribute());
+		        		newAttrs.add(uid);
+		        	}
+	        	}
+	        }
+	        userPrincipalUids.addAll(newAttrs);
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByUser(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+		
+		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getUserFilter() + ")";
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);	    
+
+	    ArrayList userPrincipalUids = new ArrayList();
+	    
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer)));
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+	
+	public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+
+		ArrayList rolePrincipalUids = new ArrayList();
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration groups = ((DirContext) ctx).search(getGroupFilterBase(),query , cons);	    
+
+		while (groups.hasMore()) {
+			SearchResult group = (SearchResult) groups.next();
+			Attributes groupAttributes = group.getAttributes();
+
+			Attribute rolesFromGroup = getAttribute(getGroupMembershipForRoleAttribute(), groupAttributes);
+			List roleDNs = getAttributes(rolesFromGroup,getRoleFilterBase());
+			Iterator it = roleDNs.iterator();
+			while (it.hasNext()) {
+				String roleDN = (String) it.next();
+				if (!StringUtils.isEmpty(roleDN)) {
+					String roleId = extractLdapAttr(roleDN,getRoleUidAttribute());
+					if (roleId!=null) {
+						NamingEnumeration rolesResults = searchRoleByWildcardedUid(roleId, cons);
+						if (rolesResults.hasMore())
+							if(rolesResults.nextElement()!=null)
+								rolePrincipalUids.add(roleId);
+					}
+				}
+			}
+		}
+		return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String,
+	 *      javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getRoleFilter() + ")";
+		
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+		
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);	    
+
+		ArrayList rolePrincipalUids = new ArrayList();
+
+		while (results.hasMore()) {
+			SearchResult result = (SearchResult) results.next();
+			Attributes answer = result.getAttributes();
+			rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
+		}
+		return (String[]) rolePrincipalUids
+				.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByRole(final String rolePrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getRoleIdAttribute() + "=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);	    
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	if (!StringUtils.isEmpty(uidfull)) {	        	
+		        	String uid = extractLdapAttr(uidfull,getUserIdAttribute());
+		        	userPrincipalUids.add(uid);
+	        	}
+	        }
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
+	throws NamingException
+	{
+	
+		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + getRoleDN(rolePrincipalUid) + ")" + getUserFilter() + ")";
+		if (logger.isDebugEnabled())
+		{
+		    logger.debug("query[" + query + "]");
+		}
+	    
+		cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);	    
+
+		ArrayList userPrincipalUids = new ArrayList();
+		
+		while (results.hasMore())
+		{
+		    SearchResult result = (SearchResult) results.next();
+		    Attributes answer = result.getAttributes();
+		    userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer)));
+		}
+		return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+    /**
+     * @param attr
+     * @return
+     * @throws NamingException
+     */
+    protected List getAttributes(Attribute attr) throws NamingException
+    {
+    	return getAttributes(attr, null);
+    }
+    /**
+     * @param attr
+     * @return
+     * @throws NamingException
+     */
+    protected List getAttributes(Attribute attr,String filter) throws NamingException
+    {
+        List uids = new ArrayList();
+        if (attr != null)
+        {
+            Enumeration groupUidEnum = attr.getAll();
+            while (groupUidEnum.hasMoreElements())
+            {
+            	String groupDN = (String)groupUidEnum.nextElement();
+            	if (filter==null) {
+            		uids.add(groupDN);
+            	} else if (filter!=null && groupDN.toLowerCase().indexOf(filter.toLowerCase())!=-1) {
+            		uids.add(groupDN);
+            	}
+            }
+        }
+        return uids;
+    }	
+
+    /**
+     * @param results
+     * @return
+     * @throws NamingException
+     */
+    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
+    {
+        SearchResult result = (SearchResult) results.next();
+        Attributes answer = result.getAttributes();
+
+        return answer;
+    }
+    
+
+
+	/**
+	 * <p>
+	 * A template method for defining the attributes for a particular LDAP class.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return the LDAP attributes object for the particular class.
+	 */
+	protected Attributes defineLdapAttributes(final String principalUid)
+	{
+	    Attributes attrs = new BasicAttributes(true);
+	    BasicAttribute classes = new BasicAttribute("objectclass");
+	
+	    classes.add("top");
+	    classes.add("person");
+	    classes.add("organizationalPerson");
+	    classes.add("inetorgperson");
+	    attrs.put(classes);
+	    attrs.put("cn", principalUid);
+	    attrs.put("sn", principalUid);
+	
+	    return attrs;
+	}
+
+	/**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+     */
+    protected String getDnSuffix()
+    {
+        return this.getUserFilterBase();
+    }
+
+	/**
+	 * <p>
+	 * Creates a GroupPrincipal object.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return A group principal object.
+	 */
+	protected Principal makePrincipal(String principalUid)
+	{
+	    return new UserPrincipalImpl(principalUid);
+	}    
+	
+	private String extractLdapAttr(String dn,String ldapAttrName) {
+
+		String dnLowerCase = dn.toLowerCase();
+		String ldapAttrNameLowerCase = ldapAttrName.toLowerCase();
+		
+		if (dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")==-1)
+			return null;
+		
+		if (dn.indexOf(",")!=-1 && dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")!=-1)
+			return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.indexOf(","));
+		return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.length());
+	}
+
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}
+	
+	protected String getUidAttributeForPrincipal() {
+		return this.getUserUidAttribute();
+	}
+
+	protected String[] getAttributes() {
+		return getUserAttributes();
+	}
+
+	protected String getEntryPrefix() {
+		return "uid";
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}	
+}

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java?view=diff&rev=483771&r1=483770&r2=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java Thu Dec  7 17:47:28 2006
@@ -27,6 +27,7 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.GroupPrincipal;
@@ -98,10 +99,14 @@
     public void create(final String principalUid) throws SecurityException
     {
         Attributes attrs = defineLdapAttributes(principalUid);
+        logger.debug("creating principal with " + attrs);
         try
         {
-            String userDn = getEntryPrefix() + "=" + principalUid;
-            if (getDnSuffix()!=null && !getDnSuffix().equals("")) userDn+="," + getDnSuffix();// + ',' + getDefaultSearchBase();
+        	String userDn = getEntryPrefix() + "=" + principalUid;
+            if (!StringUtils.isEmpty(getDnSuffix())) 
+            		userDn+="," + getDnSuffix();
+
+            logger.debug("userDn = " + userDn);
             
             ctx.createSubcontext(userDn, attrs);
             if (logger.isDebugEnabled())
@@ -125,6 +130,16 @@
     protected abstract String getDnSuffix();
 
     /**
+     * <p>
+     * Builds the dn suffix.
+     * </p>
+     * 
+     * @return The dn suffix.
+     */
+    protected abstract String getUidAttributeForPrincipal();
+
+    
+    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao#delete(java.lang.String)
      */
     public void delete(final String principalUid) throws SecurityException
@@ -140,6 +155,8 @@
         try
         {
             rdn = getSubcontextName(dn);
+            if(!StringUtils.isEmpty(getSearchDomain()))
+            	rdn+="," + getSearchDomain();
             ctx.destroySubcontext(rdn);
         }
         catch (NamingException e)
@@ -261,7 +278,7 @@
         {
             Attributes atts = searchResult.getAttributes();
 
-            String uid = (String) getAttribute(getEntryPrefix(), atts).getAll().next();
+            String uid = (String) getAttribute(getUidAttributeForPrincipal(), atts).getAll().next();
             Principal principal = makePrincipal(uid);
 
             principals.add(principal);
@@ -281,7 +298,7 @@
         {
             Attribute attr = (Attribute) ae.next();
 
-            if (attr.getID().equals(attributeName))
+            if (attr.getID().equalsIgnoreCase(attributeName))
             {
                 return attr;
             }
@@ -291,6 +308,53 @@
     
 	protected String getSearchDomain() {
 		return this.getUserFilterBase();
-	}    
+	}
+
+	protected String[] parseAttr(String attr, String replace) {
+		attr = StringUtils.replace(attr, "{u}", replace);
+		return StringUtils.split(attr,"=");
+	}
+
+	protected String getGroupDN(String groupPrincipalUid) {
+		return getGroupDN(groupPrincipalUid,true);
+	}
+
+	protected String getGroupDN(String groupPrincipalUid, boolean includeBaseDN) {
+		String groupDN = getGroupIdAttribute() + "=" + groupPrincipalUid;
+		if (!StringUtils.isEmpty(getGroupFilterBase()))
+			groupDN += "," + getGroupFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext()))
+			groupDN += "," + getRootContext();
+		return groupDN;
+	}	
+
+	protected String getRoleDN(String rolePrincipalUid) {
+		return getRoleDN(rolePrincipalUid,true);
+	}
+	
+	protected String getRoleDN(String rolePrincipalUid, boolean includeBaseDN) {
+		String roleDN = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+		if (!StringUtils.isEmpty(getRoleFilterBase())) 
+			roleDN+="," + getRoleFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext())) 
+			roleDN+="," + getRootContext();
+		return roleDN;
+	}    	
+
+	protected String getUserDN(String userPrincipalUid) {
+		return getUserDN(userPrincipalUid,true);
+	}
+	
+	protected String getUserDN(String userPrincipalUid, boolean includeBaseDN) {
+		String userDN = getUserIdAttribute() + "=" + userPrincipalUid;
+		if (!StringUtils.isEmpty(getUserFilterBase()))
+			userDN += "," + getUserFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext()))
+			userDN += "," + getRootContext();
+		return userDN;
+	}	
+
+
+
 
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java?view=diff&rev=483771&r1=483770&r2=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java Thu Dec  7 17:47:28 2006
@@ -1,120 +1,134 @@
-/*
- * Copyright 2000-2001,2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.security.spi.impl.ldap;
-
-import java.security.Principal;
-
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-
-import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.impl.RolePrincipalImpl;
-
-/**
- * <p>
- * DAO for handling group objects.
- * </p>
- * 
- * @author Davy De Waele
- */
-public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
-{
-
-    /**
-     * <p>
-     * Default constructor.
-     * </p>
-     * 
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public LdapRoleDaoImpl() throws SecurityException
-    {
-        super();
-    }
-
-    /**
-     * <p>
-     * Initializes the dao.
-     * </p>
-     * 
-     * @param ldapConfig Holds the ldap binding configuration.
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
-    {
-        super(ldapConfig);
-    }
-
-    /**
-     * <p>
-     * A template method for defining the attributes for a particular LDAP class.
-     * </p>
-     * 
-     * @param principalUid The principal uid.
-     * @return The LDAP attributes object for the particular class.
-     */
-    protected Attributes defineLdapAttributes(final String principalUid)
-    {
-        Attributes attrs = new BasicAttributes(true);
-        BasicAttribute classes = new BasicAttribute("objectclass");
-
-        for (int i=0;i<getObjectClasses().length;i++)
-        	classes.add(getObjectClasses()[i]);
-        attrs.put(classes);
-        attrs.put(getEntryPrefix(), principalUid);
-        return attrs;
-    }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-     */
-    protected String getDnSuffix()
-    {
-        return this.getRoleFilterBase();
-    }
-
-    /**
-     * <p>
-     * Creates a GroupPrincipal object.
-     * </p>
-     * 
-     * @param principalUid The principal uid.
-     * @return A group principal object.
-     */
-    protected Principal makePrincipal(String principalUid)
-    {
-        return new RolePrincipalImpl(principalUid);
-    }
-
-	protected String getEntryPrefix() {
-		return this.getRoleIdAttribute();
-	}
-	
-	protected String getSearchSuffix() {
-		return this.getRoleFilter();
-	}
-
-	protected String getSearchDomain() {
-		return this.getRoleFilterBase();
-	}	
-
-	protected String[] getObjectClasses() {
-		return this.getRoleObjectClasses();
-	}
-	
-	
-}
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * <p>
+ * DAO for handling group objects.
+ * </p>
+ * 
+ * @author Davy De Waele
+ */
+public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
+{
+
+    /**
+     * <p>
+     * Default constructor.
+     * </p>
+     * 
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl() throws SecurityException
+    {
+        super();
+    }
+
+    /**
+     * <p>
+     * Initializes the dao.
+     * </p>
+     * 
+     * @param ldapConfig Holds the ldap binding configuration.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
+    {
+        super(ldapConfig);
+    }
+
+    /**
+     * <p>
+     * A template method for defining the attributes for a particular LDAP class.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return The LDAP attributes object for the particular class.
+     */
+    protected Attributes defineLdapAttributes(final String principalUid)
+    {
+        Attributes attrs = new BasicAttributes(true);
+        BasicAttribute classes = new BasicAttribute("objectclass");
+
+        for (int i=0;i<getObjectClasses().length;i++)
+        	classes.add(getObjectClasses()[i]);
+        attrs.put(classes);
+        attrs.put(getEntryPrefix(), principalUid);
+        if(!StringUtils.isEmpty(getRoleObjectRequiredAttributeClasses()))
+        	attrs.put(getRoleObjectRequiredAttributeClasses(), "");
+        for (int i=0;i<getAttributes().length;i++)
+        	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
+        return attrs;
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+     */
+    protected String getDnSuffix()
+    {
+        return this.getRoleFilterBase();
+    }
+
+    /**
+     * <p>
+     * Creates a GroupPrincipal object.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return A group principal object.
+     */
+    protected Principal makePrincipal(String principalUid)
+    {
+        return new RolePrincipalImpl(principalUid);
+    }
+
+	protected String getEntryPrefix() {
+		return this.getRoleIdAttribute();
+	}
+	
+	protected String getSearchSuffix() {
+		return this.getRoleFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getRoleFilterBase();
+	}	
+
+	protected String[] getObjectClasses() {
+		return this.getRoleObjectClasses();
+	}
+
+	protected String getUidAttributeForPrincipal() {
+		return this.getRoleUidAttribute();
+	}
+
+	protected String[] getAttributes() {
+		return getRoleAttributes();
+	}
+	
+	
+}
+

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java?view=diff&rev=483771&r1=483770&r2=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java Thu Dec  7 17:47:28 2006
@@ -29,8 +29,10 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.i18n.KeyedMessage;
 import org.apache.jetspeed.security.SecurityException;
 
 /**
@@ -43,7 +45,6 @@
     private static final Log logger = LogFactory.getLog(LdapUserCredentialDaoImpl.class);
 
     /** The password attribute. */ 
-    private static final String PASSWORD_ATTR_NAME = "userPassword";
     
     /**
      * <p>
@@ -80,7 +81,9 @@
     {
         validateUid(uid);
         validatePassword(password);
+        logger.debug("changePassword for " + uid + " with " + password);
         String userDn = lookupByUid(uid);
+        logger.debug("userDn = " + userDn);
         try
         {
             setPassword(userDn, password);
@@ -110,12 +113,25 @@
         try
         {
 			Hashtable env = this.ctx.getEnvironment();
-			String savedPassword = String.valueOf(getPassword(uid));
+			//String savedPassword = String.valueOf(getPassword(uid));
 			String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
 			String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
-			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + "," + getUserFilterBase() + "," + getRootContext());
+			
+			
+			String principal = getEntryPrefix() + "=" + uid;
+			
+			if (!StringUtils.isEmpty(getUserFilterBase()))
+				principal+="," + getUserFilterBase();
+			if (!StringUtils.isEmpty(getRootContext()))
+				principal+="," + getRootContext();
+			
+			if (lookupByUid(uid)==null)
+				throw new SecurityException(new KeyedMessage("User " + uid + " not found"));
+			
+			
+			env.put(Context.SECURITY_PRINCIPAL,principal);
 			env.put(Context.SECURITY_CREDENTIALS,password);
-			InitialContext ctx = new InitialContext(env);
+			new InitialContext(env);
 			env.put(Context.SECURITY_PRINCIPAL,oldUsername);
 			env.put(Context.SECURITY_CREDENTIALS,oldCredential);
 			return true;
@@ -160,10 +176,14 @@
      */
     private void setPassword(final String userDn, final String password) throws NamingException
     {
+    	logger.debug("setPassword userDn = " + userDn);
         String rdn = getSubcontextName(userDn);
+        if (!StringUtils.isEmpty(getUserFilterBase()))
+        	rdn+="," + getUserFilterBase();
+        logger.debug("setPassword rdn = " + rdn);
         Attributes attrs = new BasicAttributes(false);
 
-        attrs.put("userPassword", password);
+        attrs.put(getUserPasswordAttribute(), password);
         ctx.modifyAttributes(rdn, DirContext.REPLACE_ATTRIBUTE, attrs);
     }
 
@@ -179,14 +199,14 @@
      */
     private char[] getPassword(final NamingEnumeration results, final String uid) throws NamingException
     {
-        if (!results.hasMore())
+    	if (!results.hasMore())
         {
             throw new NamingException("Could not find any user with uid[" + uid + "]");
         }
 
         Attributes userAttributes = getFirstUser(results);
 
-        char[] rawPassword = convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+        char[] rawPassword = convertRawPassword(getAttribute(getUserPasswordAttribute(), userAttributes));
         return rawPassword;
     }
 
@@ -264,20 +284,8 @@
         return answer;
     }
 
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-user";
-    }
-
 	protected String getEntryPrefix() {
-		return "uid";
+		return this.getUserIdAttribute();
 	}
 	
 	protected String getSearchSuffix() {
@@ -290,6 +298,10 @@
 	
 	protected String[] getObjectClasses() {
 		return this.getUserObjectClasses();
+	}
+
+	protected String[] getAttributes() {
+		return this.getUserAttributes();
 	}
 	
 }

Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java?view=diff&rev=483771&r1=483770&r2=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java Thu Dec  7 17:47:28 2006
@@ -16,20 +16,15 @@
 package org.apache.jetspeed.security.spi.impl.ldap;
 
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
 
-import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
@@ -39,9 +34,6 @@
  */
 public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao
 {
-    /** The logger. */
-    private static final Log logger = LogFactory.getLog(LdapUserPrincipalDaoImpl.class);
-
     private LdapMembershipDao membership;
 
     /**
@@ -77,7 +69,7 @@
      */
     public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))	
+    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))	
     		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -99,21 +91,14 @@
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
-        userDn+="," + getRootContext();
+
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
-        	
-        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
-        		groupPrincipalUid+="," + getGroupFilterBase();
-        	groupPrincipalUid+="," + getRootContext();
         	
-            String rdn = getSubcontextName(groupPrincipalUid);
             Attributes attrs = new BasicAttributes(false);
-            attrs.put(getGroupMembershipAttribute(), userDn);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid));
+            
+            ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -121,7 +106,9 @@
         }
     }
     
-    /**
+
+
+	/**
      * <p>
      * Replace or delete the user group attribute.
      * </p>
@@ -136,21 +123,13 @@
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
+    	
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
-        	
-        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
-        		groupPrincipalUid+="," + getGroupFilterBase();
-        	groupPrincipalUid+="," + getRootContext();
-            String rdn = getSubcontextName(userDn);
-            Attributes attrs = new BasicAttributes(false);
+        	Attributes attrs = new BasicAttributes(false);
+            attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid));
 
-            attrs.put(getUserGroupMembershipAttribute(), groupPrincipalUid);
-            logger.debug("modifying attrs on " + rdn + " with : " + attrs);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
             
         }
         catch (NamingException e)
@@ -165,7 +144,7 @@
      */
     public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
     		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
@@ -178,7 +157,7 @@
      */
     public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
     		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -200,20 +179,13 @@
     {
         validateUid(userPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupByUid(userPrincipalUid);
-        
+ 
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	rolePrincipalUid+="," + getRootContext();
-            String rdn = getSubcontextName(userDn);
-            Attributes attrs = new BasicAttributes(false);
+        	Attributes attrs = new BasicAttributes(false);
+            attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid));
 
-            attrs.put(getUserRoleMembershipAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -237,33 +209,28 @@
     {
         validateUid(userPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext();
         
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(rolePrincipalUid);
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid));
 
-            attrs.put(getRoleMembershipAttribute(), userDn);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
             throw new SecurityException(e);
         }
     }    
-    /**
+
+
+	/**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
      *      java.lang.String)
      */
     public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
     		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
@@ -285,20 +252,16 @@
         for (int i=0;i<getObjectClasses().length;i++)
         	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
-        attrs.put("cn", principalUid);
-        attrs.put("sn", principalUid);
+
+        for (int i=0;i<getAttributes().length;i++)
+        	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
+        
         attrs.put(getEntryPrefix(), principalUid);
+        
         return attrs;
     }
+    
 
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-     */
-    protected String getDnSuffix()
-    {
-
-        return this.getUserFilterBase();
-    }
 
     /**
      * <p>
@@ -319,7 +282,7 @@
      */
     public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
     		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -341,19 +304,13 @@
     {
         validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(userDn);
+
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid));
 
-            attrs.put(getRoleGroupMembershipForRoleAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -376,19 +333,12 @@
     {
         validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid));
 
-            attrs.put(getGroupMembershipForRoleAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -403,48 +353,39 @@
     public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
         
-    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
     		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
         
     }        
-    
 
-	protected String getEntryPrefix() {
-		return this.getUserIdAttribute();
-	}
-
-	protected String getSearchSuffix() {
-		return this.getUserFilter();
-	}
-
-	    /**
-	     * 
-	     * Return the list of group IDs for a particular user
-	     * 
-	     * @param userPrincipalUid
-	     * @return the array of group uids asociated with this user
-	     * @throws SecurityException
-	     */
-	    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
-	    {
-	        validateUid(userPrincipalUid);
-	        SearchControls cons = setSearchControls();
-	        try
-	        {
-	        	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
-	        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
-	        	}
-	        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
-	        	
-	        	
-	        }
-	        catch (NamingException e)
-	        {
-	            throw new SecurityException(e);
-	        }
-	    }
+    /**
+     * 
+     * Return the list of group IDs for a particular user
+     * 
+     * @param userPrincipalUid
+     * @return the array of group uids asociated with this user
+     * @throws SecurityException
+     */
+    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        SearchControls cons = setSearchControls();
+        try
+        {
+        	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { 
+        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
+        	}
+        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
+        	
+        	
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
 
 	/**
 	 * <p>
@@ -462,7 +403,7 @@
 	        SearchControls cons = setSearchControls();
 	        try
 	        {
-	        	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals("")) { 
+	        	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) { 
 	            	return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
 	        	}
 	        	return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
@@ -475,32 +416,32 @@
 	}
 
 	    
-	    /**
-	     * 
-	     * Returns the role IDs for a particular user
-	     * 
-	     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
-	     * 
-	     * @param userPrincipalUid
-	     * @return the array of group uids asociated with this user
-	     * @throws SecurityException
-	     */
-	    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
-	    {
-	        validateUid(userPrincipalUid);
-	        SearchControls cons = setSearchControls();
-	        try
-	        {
-	        	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
-	            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
-	        	}
-	        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
-	        }
-	        catch (NamingException e)
-	        {
-	            throw new SecurityException(e);
-	        }
-	    }
+    /**
+     * 
+     * Returns the role IDs for a particular user
+     * 
+     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
+     * 
+     * @param userPrincipalUid
+     * @return the array of group uids asociated with this user
+     * @throws SecurityException
+     */
+    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        SearchControls cons = setSearchControls();
+        try
+        {
+        	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { 
+            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
+        	}
+        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
 
 	/**
 	 * <p>
@@ -518,7 +459,7 @@
 	    SearchControls cons = setSearchControls();
 	    try
 	    {
-	    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { 
 	        	return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
 	    	}
 	    	return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
@@ -544,7 +485,7 @@
 	    SearchControls cons = setSearchControls();
 	    try
 	    {
-	    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { 
 	            return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
 	    	}
 	    	return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
@@ -558,4 +499,25 @@
 	protected String[] getObjectClasses() {
 		return this.getUserObjectClasses();
 	}	
+	
+	protected String[] getAttributes() {
+		return this.getUserAttributes();
+	}	
+	
+	protected String getUidAttributeForPrincipal() {
+		return this.getUserUidAttribute();
+	}
+
+	protected String getEntryPrefix() {
+		return this.getUserIdAttribute();
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	protected String getDnSuffix() {
+        return this.getUserFilterBase();
+    }
+	
 }

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif?view=auto&rev=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif Thu Dec  7 17:47:28 2006
@@ -0,0 +1,210 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin_group,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager_group,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=adminuser,o=sevenSeas
+cn: admin
+
+dn: cn=manager,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: manager
+
+dn: cn=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: cn=adminuser,o=sevenSeas
+uid: adminuser
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
+

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml?view=auto&rev=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml Thu Dec  7 17:47:28 2006
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>10389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value></value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>

Propchange: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif?view=auto&rev=483771
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif Thu Dec  7 17:47:28 2006
@@ -0,0 +1,154 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+
+dn: ou=People,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: People
+
+dn: uid=OrgUnit1User1,ou=People,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=Group1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin_group,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager_group,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: admin
+
+dn: cn=manager,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: manager
+
+dn: uid=admin,ou=People,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+member: cn=admin,o=sevenSeas
+sn: admin
+cn: admin
+



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message