portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Orciuch" <mark_orci...@ngsltd.com>
Subject RE: cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/util MetaData.java
Date Tue, 22 Oct 2002 20:40:13 GMT
Please note that call to URLDecoder.decode(url,"UTF-8") on line 85 in
org.apache.jetspeed.services.ldap.LDAPURL introduces JDK 1.4 dependency
(i.e. this class will not compile with JDK 1.2 and 1.3).

Best regards,

Mark C. Orciuch
Next Generation Solutions, Ltd.
e-Mail: mark_orciuch@ngsltd.com
web: http://www.ngsltd.com


> -----Original Message-----
> From: taylor@apache.org [mailto:taylor@apache.org]
> Sent: Monday, October 21, 2002 5:31 PM
> To: jakarta-jetspeed-cvs@apache.org
> Subject: cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/util
> MetaData.java
>
>
> taylor      2002/10/21 15:31:16
>
>   Modified:    src/java/org/apache/jetspeed/modules/actions/controllers
>                         MultiColumnControllerAction.java
>                src/java/org/apache/jetspeed/modules/actions/portlets
>                         CustomizeSetAction.java
>                src/java/org/apache/jetspeed/util MetaData.java
>   Added:       src/java/org/apache/jetspeed/om/security/ldap
>                         BaseLDAPObject.java LDAPGroup.java
>                         LDAPPermission.java LDAPRole.java LDAPUser.java
>                src/java/org/apache/jetspeed/services/ldap Connector.java
>                         LDAPService.java LDAPURL.java
>                src/java/org/apache/jetspeed/services/security/ldap
>                         LDAPAuthentication.java LDAPGroupManagement.java
>                         LDAPPermissionManagement.java
>                         LDAPRoleManagement.java LDAPUserManagement.java
>                         UnixCrypt.java
>   Log:
>   - initial implementation of LDAP Security Service from Ender KILICOGLU
>   - added Apache license
>   - started running CheckStyle, still have a ways to go, but
> thought I'd get it and secure in cvs
>
>   This is new code (to me) and not thoroughly tested.
>   Beware that I will be cleaning up the code over the next few
> days with CheckStyle and running it against the Jetspeed Security
> unit tests.
>
>   Revision  Changes    Path
>   1.22      +5 -8
> jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/cont
> rollers/MultiColumnControllerAction.java
>
>   Index: MultiColumnControllerAction.java
>   ===================================================================
>   RCS file:
> /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/ac
> tions/controllers/MultiColumnControllerAction.java,v
>   retrieving revision 1.21
>   retrieving revision 1.22
>   diff -u -r1.21 -r1.22
>   --- MultiColumnControllerAction.java	27 Sep 2002
> 17:02:08 -0000	1.21
>   +++ MultiColumnControllerAction.java	21 Oct 2002
> 22:31:14 -0000	1.22
>   @@ -55,7 +55,6 @@
>    package org.apache.jetspeed.modules.actions.controllers;
>
>    // Jetspeed stuff
>   -import org.apache.jetspeed.om.profile.Profile;
>    import org.apache.jetspeed.om.registry.PortletEntry;
>    import org.apache.jetspeed.om.profile.IdentityElement;
>    import org.apache.jetspeed.om.profile.Entry;
>   @@ -71,8 +70,6 @@
>    import org.apache.jetspeed.portal.PortletController;
>    import org.apache.jetspeed.services.rundata.JetspeedRunData;
>    import org.apache.jetspeed.services.Registry;
>   -import org.apache.jetspeed.util.template.JetspeedLink;
>   -import org.apache.jetspeed.util.template.JetspeedLinkFactory;
>    import org.apache.jetspeed.services.statemanager.SessionState;
>    import org.apache.jetspeed.modules.actions.controls.Customize;
>
>   @@ -382,7 +379,7 @@
>        public void doSave(RunData data, Context context)
>        {
>            // get the customization state for this page
>   -        SessionState customizationState =
> ((JetspeedRunData)data).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> data).getPageSessionState();
>
>            // update the changes made here to the profile being edited
>            List[] columns = (List[])
> customizationState.getAttribute("customize-columns");
>   @@ -469,7 +466,7 @@
>        public void doLeft(RunData data, Context context)
>        {
>            // get the customization state for this page
>   -        SessionState customizationState =
> ((JetspeedRunData)data).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> data).getPageSessionState();
>
>            List[] columns = (List[])
> customizationState.getAttribute("customize-columns");
>            int col = data.getParameters().getInt("col", -1);
>   @@ -488,7 +485,7 @@
>        public void doRight(RunData data, Context context)
>        {
>            // get the customization state for this page
>   -        SessionState customizationState =
> ((JetspeedRunData)data).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> data).getPageSessionState();
>
>            List[] columns = (List[])
> customizationState.getAttribute("customize-columns");
>            int col = data.getParameters().getInt("col", -1);
>   @@ -507,7 +504,7 @@
>        public void doUp(RunData data, Context context)
>        {
>            // get the customization state for this page
>   -        SessionState customizationState =
> ((JetspeedRunData)data).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> data).getPageSessionState();
>
>            List[] columns = (List[])
> customizationState.getAttribute("customize-columns");
>            int col = data.getParameters().getInt("col", -1);
>   @@ -526,7 +523,7 @@
>        public void doDown(RunData data, Context context)
>        {
>            // get the customization state for this page
>   -        SessionState customizationState =
> ((JetspeedRunData)data).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> data).getPageSessionState();
>
>            List[] columns = (List[])
> customizationState.getAttribute("customize-columns");
>            int col = data.getParameters().getInt("col", -1);
>
>
>
>   1.32      +31 -25
> jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/port
> lets/CustomizeSetAction.java
>
>   Index: CustomizeSetAction.java
>   ===================================================================
>   RCS file:
> /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/ac
> tions/portlets/CustomizeSetAction.java,v
>   retrieving revision 1.31
>   retrieving revision 1.32
>   diff -u -r1.31 -r1.32
>   --- CustomizeSetAction.java	27 Sep 2002 17:02:20 -0000	1.31
>   +++ CustomizeSetAction.java	21 Oct 2002 22:31:14 -0000	1.32
>   @@ -205,8 +205,11 @@
>
>            // get the customization state for this page
>            String customizedPaneName = (String)
> customizationState.getAttribute("customize-paneName");
>   -        if (customizedPaneName == null) customizedPaneName = "*";
>   -
>   +        if (customizedPaneName == null)
>   +        {
>   +            customizedPaneName = "*";
>   +        }
>   +
>            // generic context stuff
>            context.put("panename", customizedPaneName);
>            context.put("skin", set.getPortletConfig().getPortletSkin());
>   @@ -277,8 +280,8 @@
>                {
>                    //System.out.println("Clearing session variables");
>                    start = 0;
>   -
> PortletSessionState.clearAttribute(rundata,USER_SELECTIONS);
>   -
> PortletSessionState.clearAttribute(rundata,PORTLET_LIST);
>   +                PortletSessionState.clearAttribute(rundata,
> USER_SELECTIONS);
>   +                PortletSessionState.clearAttribute(rundata,
> PORTLET_LIST);
>                }
>
>                ArrayList allPortlets = new ArrayList();
>   @@ -420,7 +423,10 @@
>                size = Integer.parseInt(portlet.getPortletConfig()
>                                               .getInitParameter("size"));
>            }
>   -        catch (Exception e){}
>   +        catch (Exception e)
>   +        {
>   +            Log.debug("CustomizeSetAction: Init param 'size'
> not parsed");
>   +        }
>            return size;
>        }
>
>   @@ -429,7 +435,7 @@
>        {
>            //((JetspeedRunData)rundata).setCustomized(null);
>            //rundata.setScreenTemplate("Home");
>   -        SessionState customizationState =
> ((JetspeedRunData)rundata).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> rundata).getPageSessionState();
>            customizationState.setAttribute("customize-mode", "layout");
>        }
>
>   @@ -487,7 +493,7 @@
>                }
>            }
>
>   -        SessionState customizationState =
> ((JetspeedRunData)rundata).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> rundata).getPageSessionState();
>            customizationState.setAttribute("customize-mode", "layout");
>        }
>
>   @@ -506,7 +512,7 @@
>           {
>               duri = link.setTemplate("Customize").
>                   addQueryData("start", String.valueOf(queryStart)).
>   -               addQueryData("mtype",mtype);
>   +               addQueryData("mtype", mtype);
>           }
>           JetspeedLinkFactory.putInstance(link);
>           rundata.setRedirectURI(duri.toString());
>   @@ -528,7 +534,7 @@
>           {
>               duri = link.setTemplate("Customize").
>                   addQueryData("start", String.valueOf(queryStart)).
>   -               addQueryData("mtype",mtype);
>   +               addQueryData("mtype", mtype);
>           }
>           JetspeedLinkFactory.putInstance(link);
>           rundata.setRedirectURI(duri.toString());
>   @@ -549,29 +555,29 @@
>           //System.out.println("start = "+start+" size = "+size);
>           //System.out.println("pnames = "+rundata.getParameters());
>           Map userSelections = getUserSelections(rundata);
>   -       List portlets =
> (List)PortletSessionState.getAttribute(rundata, PORTLET_LIST, null);
>   +       List portlets = (List)
> PortletSessionState.getAttribute(rundata, PORTLET_LIST, null);
>           if (portlets != null)
>           {
>               int end = Math.min(start + size, portlets.size());
>   -           int pnames_index = 0;
>   +           int pnamesIndex = 0;
>               //Go through all the portlets on this page and
> figure out which ones have been
>               //checked and which ones unchecked and accordingly
> update the userSelectionMap
>   -           for (int portlet_index = start; portlet_index <
> end; portlet_index++)
>   +           for (int portletIndex = start; portletIndex < end;
> portletIndex++)
>               {
>   -               PortletEntry entry =
> (PortletEntry)portlets.get(portlet_index);
>   -               if (pnames != null &&
>   -                   pnames_index < pnames.length &&
>   -                   pnames[pnames_index].equals(entry.getName()))
>   +               PortletEntry entry = (PortletEntry)
> portlets.get(portletIndex);
>   +               if (pnames != null
>   +                   && pnamesIndex < pnames.length
>   +                   && pnames[pnamesIndex].equals(entry.getName()))
>                   {
>                        userSelections.put(entry.getName(), entry);
>   -                    pnames_index++;
>   +                    pnamesIndex++;
>                   }
>                   else
>                   {
>                        userSelections.remove(entry.getName());
>                   }
>               }
>   -
> PortletSessionState.setAttribute(rundata,USER_SELECTIONS,userSelections);
>   +           PortletSessionState.setAttribute(rundata,
> USER_SELECTIONS, userSelections);
>               /*
>               Iterator it = userSelections.keySet().iterator();
>               System.out.print("User Selections: ");
>   @@ -662,7 +668,7 @@
>            }
>            //
> --------------------------------------------------------------------------
>
>   -        SessionState customizationState =
> ((JetspeedRunData)rundata).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> rundata).getPageSessionState();
>            customizationState.setAttribute("customize-mode", "layout");
>
>            /**
>   @@ -704,7 +710,7 @@
>                  portlets.addReference(ref);
>                }
>            }
>   -        SessionState customizationState =
> ((JetspeedRunData)rundata).getPageSessionState();
>   +        SessionState customizationState = ((JetspeedRunData)
> rundata).getPageSessionState();
>            customizationState.setAttribute("customize-mode", "layout");
>        }
>
>   @@ -965,17 +971,17 @@
>                    });
>            //this is used only by maintainUserSelection - which
> does not need the
>            //portlet list to be regenrated
>   -        PortletSessionState.setAttribute(data,PORTLET_LIST,list);
>   +        PortletSessionState.setAttribute(data, PORTLET_LIST, list);
>            return list;
>        }
>
>        public static Map getUserSelections(RunData data)
>        {
>   -        Map userSelections =
> (Map)PortletSessionState.getAttribute(data, USER_SELECTIONS, null);
>   +        Map userSelections = (Map)
> PortletSessionState.getAttribute(data, USER_SELECTIONS, null);
>            if (userSelections == null)
>            {
>                userSelections = new HashMap();
>   -
> PortletSessionState.setAttribute(data,USER_SELECTIONS,userSelections);
>   +            PortletSessionState.setAttribute(data,
> USER_SELECTIONS, userSelections);
>            }
>            return userSelections;
>        }
>   @@ -1123,7 +1129,7 @@
>            }
>            else
>            {
>   -            duri =
> link.setTemplate("Customize").addQueryData("start",
> "0").addQueryData("mtype",mtype);
>   +            duri =
> link.setTemplate("Customize").addQueryData("start",
> "0").addQueryData("mtype", mtype);
>            }
>            JetspeedLinkFactory.putInstance(link);
>            rundata.setRedirectURI(duri.toString());
>
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/ldap/Bas
> eLDAPObject.java
>
>   Index: BaseLDAPObject.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.om.security.ldap;
>
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import java.util.Vector;
>   import java.util.Hashtable;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>   /**
>    * The Base LDAP Object extending DirContext.
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender Kilicoglu</a>
>    * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
>    *
>    * @version $Id: BaseLDAPObject.java,v 1.1 2002/10/21 22:31:15
> taylor Exp $
>    */
>
>   public class BaseLDAPObject implements DirContext
>   {
>     protected LDAPURL ldapurl;
>     protected boolean updated = false;
>     protected String Name;
>     protected String Id;
>     protected Attributes myAttrs;
>     protected boolean isNew = false;
>     protected BasicAttributes rmAttrs= new BasicAttributes();
>     /**
>     * Updated Function
>     *
>     * Return State of updated property
>     *
>     * @return boolean updated property value
>     */
>     public boolean getupdated(){
>       return this.updated;
>     }
>     /**
>     * ID Function
>     *
>     * Return Value of ID property
>     *
>     * @return String ID property value
>     */
>     public String getId() {
>       return Id;
>     }
>     /**
>     * ID Function
>     *
>     * Set Value of ID property
>     *
>     * @param Id ID property value
>     */
>     public void setId(String Id) {
>       this.Id = Id;
>     }
>     public String getName() {
>       return Name;
>     }
>     public void setName(String Name) {
>   //     throw new java.lang.UnsupportedOperationException();
>     }
>     public LDAPURL getldapurl(){
>       return ldapurl;
>     }
>     public boolean getIsNew() {
>       return isNew;
>     }
>
>   //UTIL Funcs
>     protected void setutil(String field, String value){
>       myAttrs.remove(field);
>       myAttrs.put(field,value);
>       updated = true;
>     }
>     protected String getutil(String field){
>       if (myAttrs.get(field) == null){
>         return new String("");
>       }
>       else {
>         try{
>           return myAttrs.get(field).getAll().next().toString();
>         } catch (NamingException e) {
>             return new String("");
>         }
>       }
>     }
>     protected Vector getutil(String field,boolean empty){
>       Vector values= null;
>       String temp;
>       if (empty){
>         values =new Vector();
>       }
>
>       if (!(myAttrs.get(field) == null)){
>         try{
>           for(NamingEnumeration enum =
> myAttrs.get(field).getAll(); enum.hasMore(); )
>           {
>             temp= (String)enum.nextElement();
>             if (null!= temp){
>               values.add(temp);
>             }
>           }
>         } catch (NamingException e) {
>         }
>       }
>       return values;
>     }
>     public Attributes getAttributes(String name) throws NamingException {
>       if (! name.equals("")) {
>           throw new NameNotFoundException();
>       }
>       return myAttrs;
>     }
>
>       public Attributes getAttributes(Name name) throws NamingException {
>   	return getAttributes(name.toString());
>       }
>
>       public Attributes getAttributes(String name, String[] ids)
>   	throws NamingException {
>   	if (! name.equals("")) {
>   	    throw new NameNotFoundException();
>   	}
>
>   	Attributes answer = new BasicAttributes(true);
>   	Attribute target;
>   	for (int i = 0; i < ids.length; i++) {
>   	    target = myAttrs.get(ids[i]);
>   	    if (target != null) {
>   		answer.put(target);
>   	    }
>   	}
>   	return answer;
>       }
>
>       public Attributes getAttributes(Name name, String[] ids)
>   	throws NamingException {
>   	return getAttributes(name.toString(), ids);
>       }
>
>       public String toString() {
>   	return ldapurl.getUrl();
>       }
>
>   // not used for this example
>
>       public Object lookup(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public String getNameInNamespace() throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Object lookup(String name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void bind(Name name, Object obj) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void bind(String name, Object obj) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void rebind(Name name, Object obj) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void rebind(String name, Object obj) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void unbind(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void unbind(String name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void rename(Name oldName, Name newName) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void rename(String oldName, String newName) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration list(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration list(String name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration listBindings(Name name) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public NamingEnumeration listBindings(String name) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public void destroySubcontext(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public void destroySubcontext(String name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Context createSubcontext(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Context createSubcontext(String name) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Object lookupLink(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Object lookupLink(String name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public NameParser getNameParser(Name name) throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public NameParser getNameParser(String name) throws
> NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public String composeName(String name, String prefix)
>   	    throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public Name composeName(Name name, Name prefix)
>   	    throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>
>       public Object addToEnvironment(String propName, Object propVal)
>   	throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Object removeFromEnvironment(String propName)
>   	throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public Hashtable getEnvironment() throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>       public void close() throws NamingException {
>   	throw new OperationNotSupportedException();
>       }
>   // -- DirContext
>       public void modifyAttributes(Name name, int mod_op,
> Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void modifyAttributes(String name, int mod_op,
> Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void modifyAttributes(Name name, ModificationItem[] mods)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void modifyAttributes(String name, ModificationItem[] mods)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void bind(Name name, Object obj, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public void bind(String name, Object obj, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void rebind(Name name, Object obj, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public void rebind(String name, Object obj, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public DirContext createSubcontext(Name name, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public DirContext createSubcontext(String name, Attributes attrs)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public DirContext getSchema(Name name) throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public DirContext getSchema(String name) throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public DirContext getSchemaClassDefinition(Name name)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public DirContext getSchemaClassDefinition(String name)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration search(Name name,
>   				    Attributes matchingAttributes,
>   				    String[] attributesToReturn)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration search(String name,
>   				    Attributes matchingAttributes,
>   				    String[] attributesToReturn)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration search(Name name,
>   				    Attributes matchingAttributes)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>       public NamingEnumeration search(String name,
>   				    Attributes matchingAttributes)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>       public NamingEnumeration search(Name name,
>   				    String filter,
>   				    SearchControls cons)
>   	    throws NamingException  {
>   	throw new OperationNotSupportedException();
>       }
>
>     public NamingEnumeration search(String name,
>                                     String filter,
>                                     SearchControls cons)
>             throws NamingException  {
>         throw new OperationNotSupportedException();
>     }
>
>     public NamingEnumeration search(Name name,
>                                     String filterExpr,
>                                     Object[] filterArgs,
>                                     SearchControls cons)
>             throws NamingException  {
>         throw new OperationNotSupportedException();
>     }
>
>     public NamingEnumeration search(String name,
>                                     String filterExpr,
>                                     Object[] filterArgs,
>                                     SearchControls cons)
>             throws NamingException  {
>         throw new OperationNotSupportedException();
>     }
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/ldap/LDA
> PGroup.java
>
>   Index: LDAPGroup.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.om.security.ldap;
>
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>   import java.util.Vector;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import java.util.Hashtable;
>   import java.util.Vector;
>   import org.apache.jetspeed.om.security.Group;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPGroup.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPGroup extends BaseLDAPObject implements Group {
>     private String Name;
>     public LDAPGroup(String Name,boolean isNew) {
>       if (isNew){
>         this.Name = Name;
>         myAttrs = new BasicAttributes();
>         myAttrs.put("uid",Name);
>         myAttrs.put("groupname",Name);
>         Attribute oc = new BasicAttribute("objectclass");
>         oc.add("jetspeedgroup");
>         myAttrs.put(oc);
>         ldapurl =
> JetspeedLDAP.buildURL("uid="+Name+",ou=groups,ou=jetspeed");
>         isNew = true;
>       }else{
>         ldapurl
> =JetspeedLDAP.buildURL("uid="+Name+",ou=groups,ou=jetspeed");
>         myAttrs =  JetspeedLDAP.read(ldapurl);
>         this.Name = getutil("groupname");
>       }
>     }
>      public LDAPGroup(LDAPURL ldapurl) {
>       this.ldapurl = ldapurl;
>       myAttrs =  JetspeedLDAP.read(ldapurl);
>       this.Name = getutil("groupname");
>     }
>     //UPDATE
>      public boolean update(boolean create){
>       if (JetspeedLDAP.exists(ldapurl)){
>         JetspeedLDAP.deleteAttrs(ldapurl,rmAttrs);
>         JetspeedLDAP.updateEntry(ldapurl,myAttrs);
>       }else{
>         if (create){
>           JetspeedLDAP.addEntry(ldapurl,myAttrs);
>         }else {
>           return false;
>         }
>       }
>       return true;
>     }
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/ldap/LDA
> PPermission.java
>
>   Index: LDAPPermission.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.om.security.ldap;
>
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>   import java.util.Vector;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import java.util.Hashtable;
>   import java.util.Vector;
>   import org.apache.jetspeed.om.security.Permission;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPPermission.java,v 1.1 2002/10/21 22:31:15
> taylor Exp $
>    *
>    */
>   public class LDAPPermission extends BaseLDAPObject implements
> Permission {
>     private String Name;
>     public LDAPPermission(String Name,boolean isNew) {
>       if (isNew){
>         this.Name = Name;
>         myAttrs = new BasicAttributes();
>         myAttrs.put("uid",Name);
>         myAttrs.put("permissionname",Name);
>         Attribute oc = new BasicAttribute("objectclass");
>         oc.add("jetspeedpermission");
>         myAttrs.put(oc);
>         ldapurl =
> JetspeedLDAP.buildURL("uid="+Name+",ou=permissions,ou=jetspeed");
>         isNew = true;
>       }else{
>         ldapurl
> =JetspeedLDAP.buildURL("uid="+Name+",ou=permissions,ou=jetspeed");
>         myAttrs =  JetspeedLDAP.read(ldapurl);
>         this.Name = getutil("permissionname");
>       }
>     }
>      public LDAPPermission(LDAPURL ldapurl) {
>       this.ldapurl = ldapurl;
>       myAttrs =  JetspeedLDAP.read(ldapurl);
>       this.Name = getutil("permissionname");
>     }
>     //UPDATE
>      public boolean update(boolean create){
>       if (JetspeedLDAP.exists(ldapurl)){
>         JetspeedLDAP.deleteAttrs(ldapurl,rmAttrs);
>         JetspeedLDAP.updateEntry(ldapurl,myAttrs);
>       }else{
>         if (create){
>           JetspeedLDAP.addEntry(ldapurl,myAttrs);
>         }else {
>           return false;
>         }
>       }
>       return true;
>     }
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/ldap/LDA
> PRole.java
>
>   Index: LDAPRole.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.om.security.ldap;
>
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>   import java.util.Vector;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import java.util.Hashtable;
>   import java.util.Vector;
>
>   import org.apache.jetspeed.om.security.Role;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPRole.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPRole extends BaseLDAPObject implements Role {
>
>     private Vector rolepermissions;
>     public LDAPRole(String Name, boolean isNew) {
>       if (isNew){
>         rolepermissions = new Vector();
>         this.Name = Name;
>         myAttrs = new BasicAttributes();
>         myAttrs.put("uid",Name);
>         myAttrs.put("rolename",Name);
>         Attribute oc = new BasicAttribute("objectclass");
>         oc.add("jetspeedrole");
>         myAttrs.put(oc);
>         ldapurl =
> JetspeedLDAP.buildURL("uid="+Name+",ou=roles,ou=jetspeed");
>         isNew = true;
>       }else{
>         ldapurl =
> JetspeedLDAP.buildURL("uid="+Name+",ou=roles,ou=jetspeed");
>         myAttrs =  JetspeedLDAP.read(ldapurl);
>         this.Name = getutil("rolename");
>         this.rolepermissions = getutil("rolepermissions",true);
>       }
>     }
>     public LDAPRole(LDAPURL ldapurl) {
>       this.ldapurl = ldapurl;
>       myAttrs =  JetspeedLDAP.read(ldapurl);
>       this.Name = getutil("rolename");
>       this.rolepermissions = getutil("rolepermissions",true);
>     }
>
>   //RolePermissions
>     public Vector getrolepermissions(){
>       return rolepermissions;
>     }
>     public void addrolepermissions(String rolepermission){
>       if (!(permissionexist(rolepermission))){
>         rolepermissions.add(rolepermission);
>         myAttrs.get("rolepermissions").add(rolepermission);
>       }
>     }
>     public void removerolepermissions(String rolepermission){
>       myAttrs.get("rolepermissions").remove((Object)(rolepermission));
>     }
>     public boolean permissionexist(String permission){
>       if (rolepermissions.indexOf(permission)!= -1){
>         return true;
>       }
>       return false;
>     }
>   //UPDATE
>      public boolean update(boolean create){
>       if (JetspeedLDAP.exists(ldapurl)){
>         JetspeedLDAP.deleteAttrs(ldapurl,rmAttrs);
>         JetspeedLDAP.updateEntry(ldapurl,myAttrs);
>       }else{
>         if (create){
>           JetspeedLDAP.addEntry(ldapurl,myAttrs);
>         }else {
>           return false;
>         }
>       }
>       return true;
>     }
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/om/security/ldap/LDA
> PUser.java
>
>   Index: LDAPUser.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.om.security.ldap;
>
>   import org.apache.jetspeed.services.JetspeedUserManagement;
>   import org.apache.jetspeed.services.JetspeedAuthentication;
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.turbine.om.security.User;
>   import java.io.ByteArrayOutputStream;
>   import java.io.PrintWriter;
>   import java.util.Vector;
>   import java.util.Enumeration;
>   import java.util.Date;
>   import java.util.Hashtable;
>   import javax.servlet.http.HttpSessionBindingEvent;
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.util.ObjectUtils;
>   import org.apache.jetspeed.services.resources.JetspeedResources;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.security.ldap.UnixCrypt;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPUser.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPUser extends BaseLDAPObject implements JetspeedUser {
>
>       /** The date on which the user account was created. */
>       private Date createDate = null;
>       /** The date on which the user last accessed the application. */
>       private Date lastAccessDate = null;
>
>       private Date passwordChanged = null;
>
>       /** This is data that will survive a servlet engine restart. */
>       private Hashtable permStorage = null;
>
>       /** This is data that will not survive a servlet engine restart. */
>       private Hashtable tempStorage = null;
>
>       protected String name = "";
>
>       protected boolean isNew = false;
>
>      private Vector grouprole= null;
>      public LDAPUser(){
>       isNew = true;
>      }
>       /**
>        * Constructor.
>        * Create a new User and set the createDate.
>        */
>       public LDAPUser(String UserName, boolean isNew)
>       {
>         createDate = new Date();
>         tempStorage = new Hashtable(10);
>         permStorage = new Hashtable(10);
>         grouprole = new Vector();
>         setHasLoggedIn(Boolean.FALSE);
>         if (isNew){
>             setDisabled(false);
>             setUserName(UserName);
>             myAttrs = new BasicAttributes();
>             myAttrs.put("uid",UserName);
>             Attribute oc = new BasicAttribute("objectclass");
>             oc.add("jetspeeduser");
>             myAttrs.put(oc);
>             ldapurl =
> JetspeedLDAP.buildURL("uid="+UserName+",ou=users,ou=jetspeed");
>             isNew = true;
>         }else{
>           ldapurl
> =JetspeedLDAP.buildURL("uid="+UserName+",ou=users,ou=jetspeed");
>           myAttrs =  JetspeedLDAP.read(ldapurl);
>           setName(getutil("name"));
>           setEmail(getutil("mail"));
>           setLastName(getutil("sn"));
>           setUserName(UserName);
>           this.grouprole = getutil("usergrouprole",true);
>         }
>       }
>     public LDAPUser(LDAPURL ldapurl){
>       createDate = new Date();
>       tempStorage = new Hashtable(10);
>       permStorage = new Hashtable(10);
>       setHasLoggedIn(Boolean.FALSE);
>       grouprole = new Vector();
>       this.ldapurl = ldapurl;
>       myAttrs =  JetspeedLDAP.read(ldapurl);
>       Log.debug("in LDAPUser:");
>       setUserName(getutil("uid"));
>       setEmail(getutil("mail"));
>       setLastName(getutil("sn"));
>       setName(getutil("name"));
>       setConfirmed(getutil("confirm"));
>       try{
>         setPassword(new String ((byte[])
> myAttrs.get("userPassword").getAll().nextElement()));
>       }catch (Exception e){
>       }
>        this.grouprole = getutil("usergrouprole",true);
>     }
>      public boolean update(boolean create){
>
> setutil("userPassword","{crypt}"+UnixCrypt.crypt((String)getPerm(U
> ser.PASSWORD)));
>       setutil("mail",(String)getPerm(User.EMAIL));
>       if (JetspeedLDAP.exists(ldapurl)){
>         JetspeedLDAP.deleteAttrs(ldapurl,rmAttrs);
>         JetspeedLDAP.updateEntry(ldapurl,myAttrs);
>       }else{
>         if (create){
>           ldapurl =
> JetspeedLDAP.buildURL("uid="+(String)getPerm(User.USERNAME)+",ou=u
> sers,ou=jetspeed");
>           setutil("uid",(String)getPerm(User.USERNAME));
>           JetspeedLDAP.addEntry(ldapurl,myAttrs);
>         }else {
>           return false;
>         }
>       }
>       return true;
>     }
>       //role group
>     //role group
>     public Vector getgrouprole(){
>       return this.grouprole;
>     }
>     public void addgrouprole(String groupname, String rolename){
>       grouprole.add(groupname+","+rolename);
>     }
>     public void removegroup(String groupname){
>       String grouprolestr;
>       for (Enumeration enum =
> grouprole.elements();enum.hasMoreElements();){
>         grouprolestr = (String)enum.nextElement();
>         if (grouprolestr.startsWith(groupname+",")){
>           grouprole.remove(grouprolestr);
>         }
>       }
>     }
>     public void removegrouprole(String groupname,String rolename){
>       String grouprolestr;
>       for (Enumeration enum =
> grouprole.elements();enum.hasMoreElements();){
>         grouprolestr = (String)enum.nextElement();
>         if (grouprolestr.equalsIgnoreCase(groupname+","+rolename)){
>           grouprole.remove(grouprolestr);
>         }
>       }
>     }
>       /**
>         * Returns the primary principle for this User, the user id.
>         *
>         * @return the user id.
>         */
>       public String getUserId()
>       {
>           String tmp = null;
>           try
>           {
>               tmp = (String) getPerm (JetspeedUser.USER_ID);
>               if ( tmp.length() == 0 )
>               {
>                   tmp = null;
>               }
>           }
>           catch (Exception e)
>           {
>           }
>           return tmp;
>       }
>
>       public void setUserId(String id)
>       {
>           if (getUserId() == null)
>           {
>               setPerm(JetspeedUser.USER_ID, id);
>           }
>       }
>       /**
>        * Gets the access counter for a user during a session.
>        *
>        * @return The access counter for the user for the session.
>        */
>       public int getAccessCounterForSession()
>       {
>           try
>           {
>               return ((Integer)
> getTemp(User.SESSION_ACCESS_COUNTER)).intValue();
>           }
>           catch (Exception e)
>           {
>               return 0;
>           }
>       }
>
>       /**
>        * Gets the access counter for a user from perm storage.
>        *
>        * @return The access counter for the user.
>        */
>       public int getAccessCounter()
>       {
>           try
>           {
>               return ((Integer) getPerm(User.ACCESS_COUNTER)).intValue();
>           }
>           catch (Exception e)
>           {
>               return 0;
>           }
>       }
>
>       /**
>        * Gets the create date for this User.  This is the time at which
>        * the user object was created.
>        *
>        * @return A Java Date with the date of creation for the user.
>        */
>       public java.util.Date getCreateDate()
>       {
>           return createDate;
>       }
>
>       /**
>        * Gets the last access date for this User.  This is the last time
>        * that the user object was referenced.
>        *
>        * @return A Java Date with the last access date for the user.
>        */
>       public java.util.Date getLastAccessDate()
>       {
>           if (lastAccessDate == null)
>           {
>               setLastAccessDate();
>           }
>           return lastAccessDate;
>       }
>
>       /**
>        * Get last login date/time for this user.
>        *
>        * @return A Java Date with the last login date for the user.
>        */
>       public java.util.Date getLastLogin()
>       {
>           return (java.util.Date) getPerm(User.LAST_LOGIN);
>       }
>
>       /**
>        * Get password for this user.
>        *
>        * @return A String with the password for the user.
>        */
>       public String getPassword()
>       {
>           return (String) getPerm(User.PASSWORD);
>       }
>
>       /**
>        * Get an object from permanent storage.
>        *
>        * @param name The object's name.
>        * @return An Object with the given name.
>        */
>       public Object getPerm(String name)
>       {
>           return permStorage.get(name);
>       }
>
>       /**
>        * Get an object from permanent storage; return default if value
>        * is null.
>        *
>        * @param name The object's name.
>        * @param def A default value to return.
>        * @return An Object with the given name.
>        */
>       public Object getPerm(String name, Object def)
>       {
>           try
>           {
>               Object val = permStorage.get (name);
>               return (val == null ? def : val);
>           }
>           catch (Exception e)
>           {
>               return def;
>           }
>       }
>
>       /**
>        * This should only be used in the case where we want to save the
>        * data to the database.
>        *
>        * @return A Hashtable.
>        */
>       public Hashtable getPermStorage()
>       {
>           if (this.permStorage == null)
>           {
>               this.permStorage = new Hashtable();
>           }
>           return this.permStorage;
>       }
>
>       /**
>        * Get an object from temporary storage.
>        *
>        * @param name The object's name.
>        * @return An Object with the given name.
>        */
>       public Object getTemp(String name)
>       {
>           return tempStorage.get(name);
>       }
>
>       /**
>        * Get an object from temporary storage; return default if value
>        * is null.
>        *
>        * @param name The object's name.
>        * @param def A default value to return.
>        * @return An Object with the given name.
>        */
>       public Object getTemp(String name, Object def)
>       {
>           Object val;
>           try
>           {
>               val = tempStorage.get(name);
>               if (val == null)
>               {
>                   val = def;
>               }
>           }
>           catch (Exception e)
>           {
>               val = def;
>           }
>           return val;
>       }
>
>       /**
>        * Returns the username for this user.  If this is defined, then
>        * the user is considered logged in.
>        *
>        * @return A String with the username.
>        */
>       public String getUserName()
>       {
>           String tmp = null;
>           try
>           {
>               tmp = (String) getPerm (User.USERNAME);
>               if ( tmp.length() == 0 )
>               {
>                   tmp = null;
>               }
>           }
>           catch (Exception e)
>           {
>           }
>           return tmp;
>       }
>
>       /**
>        * Returns the first name for this user.  If this is defined, then
>        * the user is considered logged in.
>        *
>        * @return A String with the user's first name.
>        */
>       public String getFirstName()
>       {
>           String tmp = null;
>           try
>           {
>               tmp = (String) getPerm (User.FIRST_NAME);
>               if (tmp.length() == 0)
>               {
>                   tmp = null;
>               }
>           }
>           catch (Exception e)
>           {
>           }
>           return tmp;
>       }
>
>       /**
>        * Returns the last name for this user.  If this is defined, then
>        * the user is considered logged in.
>        *
>        * @return A String with the user's last name.
>        */
>       public String getLastName()
>       {
>           String tmp = null;
>           try
>           {
>               tmp = (String) getPerm (User.LAST_NAME);
>               if (tmp.length() == 0)
>                   tmp = null;
>           }
>           catch (Exception e)
>           {
>           }
>           return tmp;
>       }
>
>       /**
>        * The user is considered logged in if they have not timed out.
>        *
>        * @return Whether the user has logged in.
>        */
>       public boolean hasLoggedIn()
>       {
>           Boolean loggedIn = getHasLoggedIn();
>           return (loggedIn != null && loggedIn.booleanValue());
>       }
>
>       /**
>        * Returns the email address for this user.
>        *
>        * @return A String with the user's email address.
>        */
>       public String getEmail()
>       {
>           return (String)getPerm(User.EMAIL);
>       }
>
>       /**
>        * Increments the permanent hit counter for the user.
>        */
>       public void incrementAccessCounter()
>       {
>           setAccessCounter(getAccessCounter() + 1);
>       }
>
>       /**
>        * Increments the session hit counter for the user.
>        */
>       public void incrementAccessCounterForSession()
>       {
>           setAccessCounterForSession(getAccessCounterForSession() + 1);
>       }
>
>       /**
>        * Remove an object from temporary storage and return the object.
>        *
>        * @param name The name of the object to remove.
>        * @return An Object.
>        */
>       public Object removeTemp(String name)
>       {
>           return tempStorage.remove(name);
>       }
>
>       /**
>        * Sets the access counter for a user, saved in perm storage.
>        *
>        * @param cnt The new count.
>        */
>       public void setAccessCounter(int cnt)
>       {
>           setPerm(User.ACCESS_COUNTER, new Integer(cnt));
>       }
>
>       /**
>        * Sets the session access counter for a user, saved in temp
>        * storage.
>        *
>        * @param cnt The new count.
>        */
>       public void setAccessCounterForSession(int cnt)
>       {
>           setTemp(User.SESSION_ACCESS_COUNTER, new Integer(cnt));
>       }
>
>       /**
>        * Sets the last access date for this User. This is the last time
>        * that the user object was referenced.
>        */
>       public void setLastAccessDate()
>       {
>           lastAccessDate = new java.util.Date();
>       }
>
>       /**
>        * Sets the create date for this User. This is the time at which
>        * the user object was created.
>        *
>        * @param date The create date.
>        */
>       public void setCreateDate(java.util.Date date)
>       {
>           createDate = date;
>       }
>
>       /**
>        * Set last login date/time.
>        *
>        * @param date The last login date.
>        */
>       public void setLastLogin(java.util.Date date)
>       {
>           setPerm(User.LAST_LOGIN, date);
>       }
>
>       /**
>        * Set password.
>        *
>        * @param password The new password.
>        */
>       public void setPassword(String password)
>       {
>            setPerm(User.PASSWORD, password);
>       }
>
>       /**
>        * Put an object into permanent storage. If the value is null,
>        * it will convert that to a "" because the underlying storage
>        * mechanism within TurbineUser is currently a Hashtable and
>        * null is not a valid value.
>        *
>        * @param name The object's name.
>        * @param value The object.
>        */
>       public void setPerm(String name, Object value)
>       {
>           ObjectUtils.safeAddToHashtable(getPermStorage(), name, value);
>       }
>
>       /**
>        * This should only be used in the case where we want to save the
>        * data to the database.
>        *
>        * @param stuff A Hashtable.
>        */
>       public void setPermStorage(Hashtable stuff)
>       {
>           this.permStorage = stuff;
>       }
>
>       /**
>        * This should only be used in the case where we want to save the
>        * data to the database.
>        *
>        * @return A Hashtable.
>        */
>       public Hashtable getTempStorage()
>       {
>           if (this.tempStorage == null)
>           {
>               this.tempStorage = new Hashtable();
>           }
>           return this.tempStorage;
>       }
>
>       /**
>        * This should only be used in the case where we want to save the
>        * data to the database.
>        *
>        * @param storage A Hashtable.
>        */
>       public void setTempStorage(Hashtable storage)
>       {
>           this.tempStorage = storage;
>       }
>
>       /**
>        * This gets whether or not someone has logged in.  hasLoggedIn()
>        * returns this value as a boolean.  This is private because you
>        * should use hasLoggedIn() instead.
>        *
>        * @return True if someone has logged in.
>        */
>       private Boolean getHasLoggedIn()
>       {
>           return (Boolean) getTemp (User.HAS_LOGGED_IN);
>       }
>
>       /**
>        * This sets whether or not someone has logged in.  hasLoggedIn()
>        * returns this value.
>        *
>        * @param value Whether someone has logged in or not.
>        */
>       public void setHasLoggedIn (Boolean value)
>       {
>           setTemp (User.HAS_LOGGED_IN, value);
>       }
>
>       /**
>        * Put an object into temporary storage. If the value is null,
>        * it will convert that to a "" because the underlying storage
>        * mechanism within TurbineUser is currently a Hashtable and
>        * null is not a valid value.
>        *
>        * @param name The object's name.
>        * @param value The object.
>        */
>       public void setTemp(String name, Object value)
>       {
>           ObjectUtils.safeAddToHashtable(tempStorage, name, value);
>       }
>
>       /**
>        * Sets the username for this user.
>        *
>        * @param username The user's username.
>        */
>       public void setUserName(String username)
>       {
>           setPerm (User.USERNAME, username);
>       }
>
>       /**
>        * Sets the first name for this user.
>        *
>        * @param firstName User's first name.
>        */
>       public void setFirstName(String firstName)
>       {
>           setPerm(User.FIRST_NAME, firstName);
>       }
>
>       /**
>        * Sets the last name for this user.
>        *
>        * @param lastName User's last name.
>        */
>       public void setLastName(String lastName)
>       {
>           setPerm(User.LAST_NAME, lastName);
>       }
>
>
>       /**
>        * Sets the email address.
>        *
>        * @param address The email address.
>        */
>       public void setEmail(String address)
>       {
>           setPerm(User.EMAIL, address);
>       }
>
>       /**
>        * This method reports whether or not the user has been confirmed
>        * in the system by checking the User.CONFIRM_VALUE
>        * column in the users record to see if it is equal to
>        * User.CONFIRM_DATA.
>        *
>        * @return True if the user has been confirmed.
>        */
>       public boolean isConfirmed()
>       {
>           String value = getConfirmed();
>           return (value != null && value.equals(User.CONFIRM_DATA));
>       }
>
>       /**
>        * Sets the confirmation value. The value should
>        * be either a random string or User.CONFIRM_DATA
>        *
>        * @param value The confirmation key value.
>        */
>       public void setConfirmed(String value)
>       {
>           String val = "";
>           if (value != null)
>           {
>               val = value;
>           }
>           setPerm(User.CONFIRM_VALUE, val);
>       }
>
>       /**
>        * Gets the confirmation value.
>        *
>        * @return status The confirmation value for this User
>        */
>       public String getConfirmed()
>       {
>           return (String)getPerm(User.CONFIRM_VALUE);
>       }
>
>       /**
>        * Updates the last login date in the database.
>        *
>        * @exception Exception, a generic exception.
>        */
>       public void updateLastLogin()
>           throws Exception
>       {
>           setPerm( User.LAST_LOGIN, new java.util.Date() );
>       }
>
>       /**
>        * Implement this method if you wish to be notified when the User
>        * has been Bound to the session.
>        *
>        * @param hsbe The HttpSessionBindingEvent.
>        */
>       public void valueBound(HttpSessionBindingEvent hsbe)
>       {
>           // Currently we have no need for this method.
>       }
>
>       /**
>        * Implement this method if you wish to be notified when the User
>        * has been Unbound from the session.
>        *
>        * @param hsbe The HttpSessionBindingEvent.
>        */
>       public void valueUnbound(HttpSessionBindingEvent hsbe)
>       {
>
>           try
>           {
>               java.util.Date now = new java.util.Date();
>               //System.out.println("*********** value unbound
> ********************: " + now.toString());
>               if (this.hasLoggedIn())
>               {
>                   if (
> JetspeedResources.getBoolean("automatic.logout.save", false) )
>                   {
>                       JetspeedUserManagement.saveUser(this);
>                   }
>                   JetspeedAuthentication.logout();
>               }
>
>           }
>           catch ( Exception e )
>           {
>               Log.error("TurbineUser.valueUnbound(): " +
> e.getMessage(), e);
>
>               // To prevent messages being lost in case the logging system
>               // goes away before sessions get unbound on servlet
> container
>               // shutdown, print the stcktrace to the container's console.
>               ByteArrayOutputStream ostr = new ByteArrayOutputStream();
>               e.printStackTrace(new PrintWriter(ostr,true));
>               String stackTrace = ostr.toString();
>               System.out.println(stackTrace);
>           }
>       }
>
>
>       /**
>        * Saves this object to the data store.
>        */
>       public void save()
>           throws Exception
>       {
>           if (this.isNew())
>           {
>               JetspeedUserManagement.saveUser(this);
>           }
>           else
>           {
>               JetspeedUserManagement.addUser(this);
>           }
>       }
>
>       /**
>        * Returns the disabled status for the user
>        *
>        * @return True when the account is disabled
>        */
>       public boolean getDisabled()
>       {
>           boolean disabled = false;
>           try
>           {
>               String tmp = (String) getPerm (JetspeedUser.DISABLED);
>               if ( tmp != null && tmp.length() > 0 )
>               {
>                   if (tmp.equalsIgnoreCase("T"))
>                       disabled = true;
>               }
>           }
>           catch (Exception e)
>           {
>           }
>           return disabled;
>       }
>
>       public void setDisabled(boolean disabled)
>       {
>           setPerm(JetspeedUser.DISABLED, (disabled) ? "T" : "F");
>       }
>
>       public String getName()
>       {
>           return name;
>       }
>
>       public void setName(String name)
>       {
>           this.name = name;
>       }
>
>       public boolean isNew()
>       {
>           return isNew;
>       }
>
>       void setNew(boolean isNew)
>       {
>           this.isNew = isNew;
>       }
>
>       /**
>        * Returns the date of last password change
>        *
>        * @return date
>        */
>       public Date getPasswordChanged()
>       {
>           return this.passwordChanged;
>       }
>
>       /**
>        * Sets the date of last password change
>        *
>        * @param value  Date
>        */
>       public void setPasswordChanged(Date value)
>       {
>           this.passwordChanged = value;
>       }
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/ldap/Connector.java
>
>   Index: Connector.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.ldap;
>
>   import java.util.Properties;
>
>   /**
>    *
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: Connector.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public interface Connector
>   {
>
>       public abstract boolean connectionFailed(LDAPURL ldapurl);
>
>       public abstract Properties referralConnection(Properties
> properties, LDAPURL ldapurl, boolean flag);
>   }
>
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/ldap/LDAPSe
> rvice.java
>
>   Index: LDAPService.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.ldap;
>
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>   import org.apache.turbine.util.Log;
>   import javax.servlet.ServletConfig;
>   import org.apache.turbine.services.servlet.TurbineServlet;
>   import java.util.*;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPService.java,v 1.1 2002/10/21 22:31:15
> taylor Exp $
>    *
>    */
>   public class LDAPService extends TurbineBaseService
>   {
>       public static String SERVICE_NAME = "ldap";
>       private static final String DEFAULT_ATTR[] = {
>           "objectclass"
>       };
>       public static final int BASE = 0;
>       public static final int ONE = 1;
>       public static final int SUB = 2;
>       public static final int DEFAULT_PORT = 389;
>       public static final int DEFAULT_SSLPORT = 636;
>       public static final int DEFAULT_LIMIT = 0;
>       public static final int DEFAULT_TIMEOUT = 0;
>       public static final int DEFAULT_VERSION = 3;
>       private static String DEFAULT_CTX =
> "com.sun.jndi.ldap.LdapCtxFactory";
>
>       private Hashtable connections;
>       private Connector connector;
>       private int limit;
>       private int timeout;
>       private int version;
>       private String host;
>       private int port;
>       private int sslport;
>       private String basedn;
>       private String managerdn;
>       private String password;
>       private String managerlogin;
>       private int batchsize;
>       private String securityAuthentication;
>       private String securityProtocol;
>       private String socketFactory;
>       private String saslclientpckgs;
>       private String jndiprovider;
>       private boolean anonymousBind;
>       private String listFilter;
>       private String attributesList[];
>       private NameParser parser;
>       private boolean showOpAttributes;
>       private Properties env;
>       /**
>        * Main Connection Function
>        *
>        * Make first connection and store it in connections.
>        *
>        * @param url <code>LDAPURL</code> which locate server to connect.
>        * @return boolean true if success else false.
>        */
>       private boolean mainConnect(LDAPURL url)
>       {
>           setDefaultEnv();
>           String base = url.getBase();
>           env.put("java.naming.provider.url", base);
>           try
>           {
>               DirContext ctx = new InitialDirContext(env);
>               connections.put(basedn, ctx);
>               if(parser == null)
>                   parser = ctx.getNameParser("");
>               return true;
>           }
>           catch(NamingException e)
>           {
>               Log.error ("LDAP Service: Failed to connect to " +
> url.getUrl(), e);
>           }
>           return false;
>       }
>       /**
>        * Connection Function
>        *
>        * tries to connect given <code>LDAPURL</code>.
>        *
>        * @param url <code>LDAPURL</code> which locate server to connect.
>        * @return DirContext connection context object.
>        */
>       public DirContext connect(LDAPURL url)
>       {
>           String base = url.getBase();
>           DirContext ctx = (DirContext)connections.get(base);
>           if(ctx != null)
>               return ctx;
>           setDefaultEnv();
>           env.put("java.naming.provider.url", base);
>           do
>           {
>               try
>               {
>                   ctx = new InitialDirContext(env);
>                   connections.put(base, ctx);
>                   return ctx;
>               }
>               catch(AuthenticationException e)
>               {
>                   Log.error ("LDAP Service: Authentication error:
> " + base, e);
>                   if(connector == null)
>                       return null;
>                   Properties pr =
> connector.referralConnection(env, url, anonymousBind);
>                   if(pr != null)
>                   {
>                       env = pr;
>                       continue;
>                   }
>               }
>               catch(CommunicationException e)
>               {
>                   Log.error("LDAP Service: Communication error: "
> + base, e);
>                   if(connector == null)
>                       return null;
>                   if(connector.connectionFailed(url))
>                   {
>                       resetConnection(url);
>                       continue;
>                   }
>               }
>               catch(NamingException e)
>               {
>                   Log.error("LDAP Service:Failed to connect to "
> + base, e);
>               }
>               return ctx;
>           } while(true);
>       }
>       /**
>        * Reset Given Connection Function
>        *
>        * tries to connect given <code>LDAPURL</code>.
>        *
>        * @param url <code>LDAPURL</code> which locate server to connect.
>        *
>        */
>       private void resetConnection(LDAPURL url)
>       {
>           connections.remove(url.getBase());
>       }
>        /**
>        * Set Default Environment
>        *
>        * Fill properties necessary to connect.
>        *
>        */
>       private void setDefaultEnv()
>       {
>           showOpAttributes = attributesList != null;
>           env.put("java.naming.referral", "ignore");
>           env.put("java.naming.batchsize", String.valueOf(batchsize));
>           if(anonymousBind)
>           {
>               env.remove("java.naming.security.principal");
>               env.remove("java.naming.security.credentials");
>           } else
>           {
>               env.put("java.naming.security.principal", managerdn);
>               env.put("java.naming.security.credentials", password);
>           }
>           env.put("java.naming.security.authentication",
> securityAuthentication);
>           if(saslclientpckgs  != null)
>               env.put("javax.security.sasl.client.pkgs", saslclientpckgs);
>           else
>               env.remove("javax.security.sasl.client.pkgs");
>           env.put("java.naming.ldap.derefAliases", "never");
>           env.put("java.naming.ldap.deleteRDN", "true" );
>           env.put("java.naming.ldap.version", String.valueOf(version));
>           if( securityProtocol != null)
>           {
>               env.put("java.naming.security.protocol", securityProtocol);
>               if(securityProtocol.equalsIgnoreCase("ssl"))
>                   env.put("java.naming.ldap.factory.socket",
> socketFactory );
>           } else
>           {
>               env.remove("java.naming.security.protocol");
>               env.remove("java.naming.ldap.factory.socket");
>           }
>   //            env.put("com.sun.jndi.ldap.trace.ber", System.err);
>           env.put("java.naming.factory.initial", (Object)(jndiprovider));
>       }
>        /**
>        * Disconnection Function
>        *
>        * tries to disconnect all connection.
>        *
>        * @return boolean true if success else false.
>        */
>
>       public boolean disconnect()
>       {
>           DirContext ctx = null;
>           for(Enumeration enum = connections.elements();
> enum.hasMoreElements();)
>               try
>               {
>                   ctx = (DirContext)enum.nextElement();
>                   ctx.close();
>               }
>               catch(NamingException e)
>               {
>                   Log.error("LDAP Service: Disconnect failed", e);
>               }
>
>           connections.clear();
>           return true;
>       }
>
>       /**
>        * Delete Atrribute Function
>        *
>        * Delete given attribute for given <code>LDAPURL</code>.
>        *
>        * @param url object affected.
>        * @param at Atribute to delete
>        * @return boolean true if success else false.
>        */
>
>       public boolean deleteAttribute(LDAPURL url, Attribute at)
>       {
>           try
>           {
>               ModificationItem mods[] = new ModificationItem[1];
>               mods[0] = new ModificationItem(3, at);
>               return modifyAttribute(url, mods);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to delete '" +
> at.getID() + "' attribute for " + url.getUrl(), e);
>           }
>           return false;
>       }
>        /**
>        * Add Attribute Function
>        *
>        * add given attribute to given <code>LDAPURL</code>.
>        *
>        * @param url object affected.
>        * @param at Atribute to add
>        * @return boolean true if success else false.
>        */
>       public boolean addAttribute(LDAPURL url, Attribute at)
>       {
>           try
>           {
>               ModificationItem mods[] = new ModificationItem[1];
>               mods[0] = new ModificationItem(1, at);
>               return modifyAttribute(url, mods);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to add '" +
> at.getID() + "' attribute for " + url.getUrl(), e);
>           }
>           return false;
>       }
>       /**
>        * Add entry Function
>        *
>        * tries to add object with given <code>LDAPURL</code> and
>        * with given attributes.
>        *
>        * @param url object to create.
>        * @param at Atributes to add
>        * @return boolean true if success else false.
>        */
>       public boolean addEntry(LDAPURL url, Attributes at)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.createSubcontext(url.getDN(), at);
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return addEntry(myurl, at);
>           }
>           catch(NamingException e)
>           {
>               Log.debug ("LDAP Service: Failed to add new entry "
> + url.getDN(), e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Query existense of an Object Function
>        *
>        * tries to locate given <code>LDAPURL</code>.
>        *
>        * @param url object affected.
>        * @return boolean true if exist else false.
>        */
>       public boolean exists(LDAPURL url)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               NamingEnumeration results = search(ctx,
> url.getDN(), "(objectclass=*)", DEFAULT_ATTR, 0, false);
>               return true;
>           }
>           catch(NameNotFoundException _ex)
>           {
>               return false;
>           }
>           catch(NamingException _ex)
>           {
>               return false;
>           }
>       }
>       /**
>        * Compare Function
>        *
>        * Compare given <code>LDAPURL</code>s.
>        *
>        * @param srcUrl object affected.
>        * @param dstUrl object affected.
>        * @return int 0 same host+DN, 1 same DN,2 child,3 no relation.
>        */
>       public int compare(LDAPURL srcUrl, LDAPURL dstUrl)
>       {
>           if(!srcUrl.sameHosts(dstUrl))
>               return 0;
>           Name src = parse(srcUrl.getDN());
>           Name dst = parse(dstUrl.getDN());
>           if(dst.compareTo(src) == 0)
>               return 1;
>           if(dst.startsWith(src))
>               return 2;
>           Name prefix = src.getPrefix(src.size() - 1);
>           return dst.compareTo(prefix) != 0 ? 0 : 3;
>       }
>       /**
>        * Import Function
>        *
>        * Import given <code>LDAPURL</code> to another dn.
>        *
>        * @param url object to import.
>        * @param dn Dn of new object.
>        * @param entry attributes.
>        * @param type 0 addnew, 1 update, 2 sync.
>        * @return int 1 success, 0 unknown type,-1 failure.
>        */
>       public int importEntry(LDAPURL url, String dn, Attributes
> entry, int type)
>       {
>           boolean rs = false;
>           LDAPURL myurl = new LDAPURL(url.getHost(), url.getPort(), dn);
>           if(type == 0)
>               rs = addEntry(myurl, entry);
>           else
>           if(type == 1)
>               rs = updateEntry(myurl, entry);
>           else
>           if(type == 2)
>               rs = synchEntry(myurl, entry);
>           else
>               return 0;
>           return !rs ? -1 : 1;
>       }
>       /**
>        * Modify Function
>        *
>        * Modify given <code>LDAPURL</code> with fiven modification items.
>        *
>        * @param url object to modify.
>        * @param mods Modification items.
>        * @exception NamingException
>        * @return boolean true if success else false.
>        */
>       private boolean modifyAttribute(LDAPURL url,
> ModificationItem mods[])
>           throws NamingException
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.modifyAttributes(url.getDN(), mods);
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return modifyAttribute(myurl, mods);
>           }
>           return true;
>       }
>       /**
>        * Build LDAPURL Function
>        *
>        * Build <code>LDAPURL</code> with given DN.
>        *
>        * @param DN DN value for object.
>        * @return LDAPURL build with given DN.
>        */
>       public LDAPURL buildURL(String DN){
>         return new LDAPURL(host,port,DN + "," + basedn);
>       }
>       /**
>        * Read Attributes Function
>        *
>        * Return attributes for given <code>LDAPURL</code>.
>        *
>        * @param url object to read attributes.
>        * @return Attributes attributes for given url.
>        */
>       public Attributes read(LDAPURL url)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return null;
>           Attributes attrs = null;
>           try
>           {
>               if(showOpAttributes)
>                   attrs = ctx.getAttributes(url.getDN(), attributesList);
>               else
>                   attrs = ctx.getAttributes(url.getDN());
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               if(myurl.getDN().length() == 0)
>                   myurl.setDN(url.getDN());
>               return read(myurl);
>           }
>           catch(CommunicationException e)
>           {
>               if(connector == null)
>               {
>                   Log.debug("LDAP Service: Communication error :
> " + url.getBase(), e);
>                   return null;
>               }
>               if(connector.connectionFailed(url))
>                   resetConnection(url);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to read entry " +
> url.getDN(), e);
>               return null;
>           }
>           return attrs;
>       }
>       /**
>        * Rename Entry Function
>        *
>        * Rename given <code>LDAPURL</code> with given DN.
>        *
>        * @param url object to modify.
>        * @param newDN DN value for new object.
>        * @return boolean true if success else false.
>        */
>       public boolean renameEntry(LDAPURL url, String newDN)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.rename(url.getDN(), newDN);
>           }
>           catch(ReferralException e)
>           {
>               Log.debug("LDAP Service: Failed to rename entry.
> (not supported for referrals)", e);
>               return false;
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to rename entry " +
> url.getDN(), e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Sync Entry Function
>        *
>        * Sync given <code>LDAPURL</code> with given atrributes.
>        *
>        * @param url object to sync.
>        * @param ats Modification items.
>        * @return boolean true if success else false.
>        */
>       public boolean synchEntry(LDAPURL url, Attributes ats)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.modifyAttributes(url.getDN(), 2, ats);
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return synchEntry(url, ats);
>           }
>           catch(NameNotFoundException _ex)
>           {
>               try
>               {
>                   ctx.createSubcontext(url.getDN(), ats);
>               }
>               catch(NamingException _ex2)
>               {
>                   return false;
>               }
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to synchronize entries", e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Delete Attributes Function
>        *
>        * Delete Attributes for given <code>LDAPURL</code>.
>        *
>        * @param url object to modify.
>        * @param ats Attributes to delete.
>        * @return boolean true if success else false.
>        */
>       public boolean deleteAttrs(LDAPURL url, Attributes ats)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.modifyAttributes(url.getDN(), 3, ats);
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return synchEntry(url, ats);
>           }
>           catch(NameNotFoundException _ex)
>           {
>               try
>               {
>                   ctx.createSubcontext(url.getDN(), ats);
>               }
>               catch(NamingException _ex2)
>               {
>                   return false;
>               }
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to delete Attributes", e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Delete Entry Function
>        *
>        * Delete given <code>LDAPURL</code>.
>        *
>        * @param url object to delete.
>        * @return boolean true if success else false.
>        */
>       public boolean deleteEntry(LDAPURL url)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.destroySubcontext(url.getDN());
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return deleteEntry(myurl);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to delete entry " +
> url.getDN(), e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Find Entry Name Function
>        *
>        * Return entry name for given <code>LDAPURL</code>.
>        *
>        * @param url object to modify.
>        * @return LDAPURL real entry DN.
>        */
>       public LDAPURL findEntryName(LDAPURL url)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return null;
>           Name name = parse(url.getDN());
>           String base = name.getPrefix(name.size() - 1).toString();
>           String dn = url.getDN();
>           String rdn = name.get(name.size() - 1).toString();
>           int i = 1;
>           boolean foundName = true;
>           while(foundName)
>               try
>               {
>                   NamingEnumeration results = search(ctx, dn,
> "(objectclass=*)", DEFAULT_ATTR, 0, false);
>                   results.close();
>                   if(i == 1)
>                       rdn = rdn + " copy";
>                   else
>                   if(i == 2)
>                       rdn = rdn + " " + i;
>                   else
>                   if(i >= 3)
>                       rdn = rdn.substring(0, rdn.length() - 1) + i;
>                   dn = rdn + ", " + base;
>                   i++;
>               }
>               catch(NameNotFoundException _ex)
>               {
>                   foundName = false;
>                   return new LDAPURL(url.getHost(), url.getPort(), dn);
>               }
>               catch(NamingException _ex)
>               {
>                   return null;
>               }
>           return null;
>       }
>       /**
>        * Delete Tree Function
>        *
>        * Delete record with all child node <code>LDAPURL</code>.
>        *
>        * @param url object to modify.
>        * @return boolean true if success else false.
>        */
>       public boolean deleteTree(LDAPURL url)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           String entryDN = null;
>           LDAPURL myurl = null;
>           String baseDN = url.getDN();
>           try
>           {
>               for(NamingEnumeration results = search(ctx, baseDN,
> "(objectclass=*)", DEFAULT_ATTR, 1, false); results.hasMore();)
>               {
>                   SearchResult si = (SearchResult)results.next();
>                   entryDN = getFixedDN(si.getName(), baseDN);
>                   myurl = new LDAPURL(url.getHost(),
> url.getPort(), entryDN);
>                   if(!deleteTree(myurl))
>                   {
>                       results.close();
>                       return false;
>                   }
>               }
>
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Delete tree failed", e);
>               return false;
>           }
>           return deleteEntry(url);
>       }
>       /**
>        * Transfer Function
>        *
>        * Transfer given <code>LDAPURL</code> to other
> <code>LDAPURL</code>.
>        *
>        * @param fromUrl object to transfer.
>        * @param toUrl target object.
>        * @param delete delete after transfer.
>        * @param replace replace if exist.
>        * @param withChildren transfer with childs.
>        * @return boolean true if success else false.
>        */
>
>       public boolean transfer(LDAPURL fromUrl, LDAPURL toUrl,
> boolean delete, boolean replace, boolean withChildren)
>       {
>           LDAPURL dstUrl = toUrl;
>           int rc = compare(fromUrl, toUrl);
>           if(rc == 1)
>               dstUrl = findEntryName(dstUrl);
>           if(withChildren)
>               return transferTreeSub(fromUrl, dstUrl, delete, replace);
>           else
>               return transferEntry(fromUrl, dstUrl, delete, replace);
>       }
>       /**
>        * Transfer with updates Function
>        *
>        * Transfer updated <code>LDAPURL</code> with given
> modification items
>        * to other <code>LDAPURL</code>.
>        *
>        * @param fromUrl object to transfer.
>        * @param toUrl target object.
>        * @param delete delete after transfer.
>        * @param replace replace if exist.
>        * @param ats attributes to update.
>        * @return boolean true if success else false.
>        */
>       public boolean transferEntry(LDAPURL fromUrl, Attributes
> ats, LDAPURL toUrl, boolean delete, boolean replace)
>       {
>           if(delete && !deleteEntry(fromUrl))
>               return false;
>           if(updateEntry(toUrl, ats, replace))
>               return true;
>           if(delete)
>               addEntry(fromUrl, ats);
>           return false;
>       }
>       /**
>        * Transfer without updates Function
>        *
>        * Transfer <code>LDAPURL</code> to other <code>LDAPURL</code>.
>        *
>        * @param fromUrl object to transfer.
>        * @param toUrl target object.
>        * @param delete delete after transfer.
>        * @param replace replace if exist.
>        * @return boolean true if success else false.
>        */
>
>       public boolean transferEntry(LDAPURL fromUrl, LDAPURL
> toUrl, boolean delete, boolean replace)
>       {
>           Attributes ats = read(fromUrl);
>           if(ats == null)
>               return false;
>           else
>               return transferEntry(fromUrl, ats, toUrl, delete, replace);
>       }
>       /**
>        * Transfer Tree Function
>        *
>        * Transfer <code>LDAPURL</code> with all child to other
> <code>LDAPURL</code>.
>        *
>        * @param fromUrl object to transfer.
>        * @param toUrl target object.
>        * @param delete delete after transfer.
>        * @param replace replace if exist.
>        * @return boolean true if success else false.
>        */
>
>       private boolean transferTreeSub(LDAPURL fromUrl, LDAPURL
> toUrl, boolean delete, boolean replace)
>       {
>           DirContext ctx = connect(fromUrl);
>           if(ctx == null)
>               return false;
>           Attributes ats = read(fromUrl);
>           if(ats == null)
>               return false;
>           String srcDN = fromUrl.getDN();
>           String dstDN = toUrl.getDN();
>           boolean createdBase = false;
>           boolean rc = false;
>           boolean moreReferrals = true;
>           while(moreReferrals)
>               try
>               {
>                   NamingEnumeration results = search(ctx, srcDN,
> "(objectclass=*)", DEFAULT_ATTR, 1, false);
>                   if(!results.hasMore())
>                   {
>                       if(!transferEntry(fromUrl, ats, toUrl,
> delete, replace))
>                           return false;
>                   } else
>                   {
>                       String name = null;
>                       if(!createdBase)
>                       {
>                           if(!updateEntry(toUrl, ats, replace))
>                               return false;
>                           createdBase = true;
>                       }
>                       LDAPURL srcUrl;
>                       LDAPURL dstUrl;
>                       for(; results.hasMore();
> transferTreeSub(srcUrl, dstUrl, delete, replace))
>                       {
>                           SearchResult si = (SearchResult)results.next();
>                           name = fixName(si.getName());
>                           String tmpSrcDN = getDN(name, srcDN);
>                           srcUrl = new LDAPURL(fromUrl.getHost(),
> fromUrl.getPort(), tmpSrcDN);
>                           String tmpDstDN = getDN(name, dstDN);
>                           dstUrl = new LDAPURL(toUrl.getHost(),
> toUrl.getPort(), tmpDstDN);
>                       }
>
>                       if(delete && !deleteEntry(fromUrl))
>                           return false;
>                   }
>                   moreReferrals = false;
>               }
>               catch(ReferralException e)
>               {
>                   if(delete)
>                   {
>                       moreReferrals = false;
>                   } else
>                   {
>                       if(!createdBase)
>                       {
>                           if(!updateEntry(toUrl, ats, replace))
>                               return false;
>                           createdBase = true;
>                       }
>                       LDAPURL srcUrl = getReferralUrl(e);
>                       String tmpDstDN = getName(srcUrl.getDN()) +
> ", " + dstDN;
>                       LDAPURL dstUrl = new
> LDAPURL(toUrl.getHost(), toUrl.getPort(), tmpDstDN);
>                       boolean rs = transferTreeSub(srcUrl,
> dstUrl, delete, replace);
>                       if(!rs)
>                           return false;
>                       moreReferrals = e.skipReferral();
>                       try
>                       {
>                           ctx = (DirContext)e.getReferralContext();
>                       }
>                       catch(NamingException _ex) { }
>                   }
>               }
>               catch(NamingException e)
>               {
>                   Log.debug("LDAP Service: Transfer Tree failed", e);
>                   return false;
>               }
>           return true;
>       }
>       /**
>        * Update Atribute Function
>        *
>        * Update an attribute for given <code>LDAPURL</code>.
>        *
>        * @param url object to update.
>        * @param at atrribute to update.
>        * @return boolean true if success else false.
>        */
>       public boolean updateAttribute(LDAPURL url, Attribute at)
>       {
>           try
>           {
>               ModificationItem mods[] = new ModificationItem[1];
>               mods[0] = new ModificationItem(2, at);
>               return modifyAttribute(url, mods);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to update '" +
> at.getID() + "' attribute for " + url.getUrl(), e);
>           }
>           return false;
>       }
>       /**
>        * Update Atributes Function
>        *
>        * Update attributes for given <code>LDAPURL</code>.
>        *
>        * @param url object to update.
>        * @param at atrributes to update.
>        * @return boolean true if success else false.
>        */
>
>       public boolean updateEntry(LDAPURL url, Attributes at)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           try
>           {
>               ctx.modifyAttributes(url.getDN(), 2, at);
>           }
>           catch(ReferralException e)
>           {
>               LDAPURL myurl = getReferralUrl(e);
>               return updateEntry(myurl, at);
>           }
>           catch(NamingException e)
>           {
>               Log.debug("LDAP Service: Failed to update entry " +
> url.getDN(), e);
>               return false;
>           }
>           return true;
>       }
>       /**
>        * Update Entry Function
>        *
>        * Update attributes for given <code>LDAPURL</code>.
>        *
>        * @param url object to update.
>        * @param ats atrributes to update.
>        * @param replace replace if exist.
>        * @return boolean true if success else false.
>        */
>
>       public boolean updateEntry(LDAPURL url, Attributes ats,
> boolean replace)
>       {
>           return replace ? synchEntry(url, ats) : addEntry(url, ats);
>       }
>       /**
>        * Search Function
>        *
>        * Search objects for given Base DN and filter.
>        *
>        * @param ctx directory context.
>        * @param dn Base search DN.
>        * @param filter Search filter.
>        * @param attribs attributes to receive.
>        * @param type search scope 1 Subscope, else 0.
>        * @exception NamingException
>        * @return NamingEnumeration Results.
>        */
>       private NamingEnumeration search(DirContext ctx, String dn,
> String filter, String attribs[], int type)
>           throws NamingException
>       {
>           return search(ctx, dn, filter, attribs, type, true);
>       }
>       /**
>        * Search Function
>        *
>        * Search objects for given Base DN and filter.
>        *
>        * @param ctx directory context.
>        * @param dn Base search DN.
>        * @param filter Search filter.
>        * @param attribs attributes to receive.
>        * @param type search scope 2 Subscope, else 1.
>        * @param setLimits enable limits.
>        * @exception NamingException
>        * @return NamingEnumeration Results.
>        */
>       private NamingEnumeration search(DirContext ctx, String dn,
> String filter, String attribs[], int type, boolean setLimits)
>           throws NamingException
>       {
>           SearchControls constraints = new SearchControls();
>           constraints.setSearchScope(type);
>           constraints.setReturningAttributes(attribs);
>           if(setLimits)
>           {
>               constraints.setCountLimit(limit);
>               constraints.setTimeLimit(timeout);
>           }
>           NamingEnumeration results = ctx.search(dn, filter, constraints);
>           return results;
>       }
>       /**
>        * Search Function
>        *
>        * Search objects for given BaseURL and filter.
>        *
>        * @param url Base URL .
>        * @param filter Search filter.
>        * @param attribs attributes to receive.
>        * @param subTreeScope true subtree else false.
>        * @return Vector Results.
>        */
>       public Vector search(LDAPURL url, String filter, String
> attribs[], boolean subTreeScope)
>       {
>           Vector results = new Vector();
>           String attrs[] = new String[attribs.length + 1];
>           attrs[0] = "objectclass";
>           System.arraycopy(attribs, 0, attrs, 1, attribs.length);
>           int scope = subTreeScope ? 2 : 1;
>           subSearch(url, filter, attrs, scope, results);
>           return results;
>       }
>       /**
>        * Search Function
>        *
>        * Search objects for given BaseURL and filter.
>        *
>        * @param url Base URL .
>        * @param filter Search filter.
>        * @param attribs attributes to receive.
>        * @param scope true subtree else false.
>        * @param rs Result
>        * @return boolean true if success else false.
>        */
>
>       private boolean subSearch(LDAPURL url, String filter,
> String attribs[], int scope, Vector rs)
>       {
>           DirContext ctx = connect(url);
>           if(ctx == null)
>               return false;
>           String entryDN = null;
>           Attributes at = null;
>           Attribute a = null;
>           LDAPURL myurl = null;
>           int subscope = 0;
>           String baseDN = url.getDN();
>           boolean moreReferrals = true;
>           while(moreReferrals)
>               try
>               {
>                   Vector vl;
>                   for(NamingEnumeration results = search(ctx,
> baseDN, filter, attribs, scope); results.hasMore(); rs.addElement(vl))
>                   {
>                       SearchResult si = (SearchResult)results.next();
>                       vl = new Vector(attribs.length);
>                       entryDN = getFixedDN(si.getName(), baseDN);
>                       myurl = new LDAPURL(url.getHost(),
> url.getPort(), entryDN);
>                       vl.addElement(myurl);
>                       at = si.getAttributes();
>                       for(int i = 1; i < attribs.length; i++)
>                       {
>                           a = at.get(attribs[i]);
>                           if(a == null)
>                           {
>                               vl.addElement("N/A");
>                           } else
>                           {
>                               Object v = a.get();
>                               if(v instanceof byte[])
>                                   vl.addElement(v);
>                               else
>                                   vl.addElement(a.get().toString());
>                           }
>                       }
>                   }
>                   moreReferrals = false;
>               }
>               catch(ReferralException e)
>               {
>                   myurl = getReferralUrl(e);
>                   subscope = scope != 1 ? scope : 0;
>                   boolean error = subSearch(myurl, filter,
> attribs, subscope, rs);
>                   if(!error)
>                       return error;
>                   moreReferrals = e.skipReferral();
>                   try
>                   {
>                       ctx = (DirContext)e.getReferralContext();
>                   }
>                   catch(NamingException _ex) { }
>               }
>               catch(NamingException e)
>               {
>                   Log.debug("LDAP Service: Search failed", e);
>                   return false;
>               }
>           return true;
>       }
>
>       /**
>        * Get value Function
>        *
>        * Return value for attribute value pair.
>        *
>        * @param attrvalue input.
>        * @return String Value.
>        */
>
>       public String removeAttrName(String attrvalue) {
>         StringTokenizer token = new StringTokenizer(attrvalue,"=");
>         if (token.countTokens()==2) {
>           token.nextToken();
>           return token.nextToken();
>         }
>         else {
>           return attrvalue;
>         }
>       }
>       /**
>        * Return full DN Function
>        *
>        * Add Base DN to given DN.
>        *
>        * @param rdn full DN.
>        * @param base Base DN.
>        * @return String DN.
>        */
>
>       private String getFixedDN(String rdn, String base)
>       {
>           return getDN(fixName(rdn), base);
>       }
>       /**
>        * Return Name Function
>        *
>        * Return name for given DN.
>        *
>        * @param dn DN.
>        * @return String Name.
>        */
>
>       public String getName(String dn)
>       {
>           try
>           {
>               Name nm = parser.parse(dn);
>               return nm.get(nm.size() - 1).toString();
>           }
>           catch(NamingException _ex)
>           {
>               return null;
>           }
>       }
>       /**
>        * Fix Name Function
>        *
>        * Fix chars .
>        *
>        * @param name Name to fix.
>        * @return String Fixed name.
>        */
>
>       private String fixName(String name)
>       {
>           if(name.length() > 0 && name.charAt(0) == '"')
>           {
>               int size = name.length() - 1;
>               StringBuffer buf = new StringBuffer();
>               for(int i = 1; i < size; i++)
>               {
>                   if(name.charAt(i) == '/')
>                       buf.append("\\");
>                   buf.append(name.charAt(i));
>               }
>
>               return buf.toString();
>           } else
>           {
>               return name;
>           }
>       }
>       /**
>        * Return full DN Function
>        *
>        * Add Base DN to given DN.
>        *
>        * @param rdn DN.
>        * @param base Base DN.
>        * @return String full DN.
>        */
>
>       private String getDN(String rdn, String base)
>       {
>           if(rdn.length() == 0)
>               return base;
>           if(base.length() == 0)
>               return rdn;
>           else
>               return rdn + ", " + base;
>       }
>        /**
>        * Return Name Function
>        *
>        * Add Base DN to given DN.
>        *
>        * @param dn full DN.
>        * @return Name Name for given DN.
>        */
>
>       public Name parse(String dn)
>       {
>           try
>           {
>               return parser.parse(dn);
>           }
>           catch(NamingException _ex)
>           {
>               return null;
>           }
>       }
>       /**
>        * Get Referral URL Function
>        *
>        * Return <code>LDAPURL</code> extracted from exception.
>        *
>        * @param e Exception to extract.
>        * @return LDAPURL referrral URL.
>        */
>
>       public LDAPURL getReferralUrl(ReferralException e)
>       {
>           String url = (String)e.getReferralInfo();
>           try
>           {
>               return new LDAPURL(url);
>           }
>           catch(Exception ex)
>           {
>               Log.debug("Invalid url: " + ex.getMessage() + " " + url);
>           }
>           return null;
>       }
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Service Init
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception InitializationException if the service fails
> to initialize
>        */
>
>       public void init( ServletConfig conf ) throws
> InitializationException
>       {
>           connections = new Hashtable();
>           connector = null;
>           parser = null;
>           env = new Properties();
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(SERVICE_NAME);
>           this.host = serviceConf.getString("host");
>           this.port = serviceConf.getInt("port",DEFAULT_PORT);
>           this.sslport = serviceConf.getInt("sslport",DEFAULT_SSLPORT);
>           this.limit = serviceConf.getInt("limit",DEFAULT_LIMIT);
>           this.timeout = serviceConf.getInt("timeout",DEFAULT_TIMEOUT);
>           this.version = serviceConf.getInt("version",DEFAULT_VERSION);
>           this.listFilter =
> repair(serviceConf.getString("listfilter","(objectclass=*)"));
>           this.basedn = repair(serviceConf.getString("basedn"));
>           this.managerdn = repair(serviceConf.getString("managerdn"));
>           this.password = serviceConf.getString("password");
>           this.attributesList =
> getList(serviceConf.getString("attributeslist")," ");
>           this.showOpAttributes =
> serviceConf.getBoolean("showopattributes",false);
>           this.anonymousBind =
> serviceConf.getBoolean("anonymousbind",false);
>           this.securityAuthentication =
> serviceConf.getString("securityauthentication","simple");
>           this.securityProtocol =
> serviceConf.getString("securityprotocol");
>           this.socketFactory = serviceConf.getString("socketfactory");
>           this.jndiprovider =
> serviceConf.getString("jndiprovider",DEFAULT_CTX);
>           this.saslclientpckgs = serviceConf.getString("saslclientpckgs");
>           mainConnect(new LDAPURL(host,port,basedn));
>           setInit(true);
>       }
>       /**
>        * This is the late initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception InitializationException if the service fails
> to initialize
>        */
>       public void init() throws InitializationException
>       {
>           while( !getInit() )
>           {
>               //Not yet...
>               try
>               {
>                   Thread.sleep( 500 );
>               }
>               catch (InterruptedException ie )
>               {
>                   Log.error( ie );
>               }
>           }
>       }
>       /**
>        * Repair Given Parameter Function
>        *
>        * Repair String read from config.
>        *
>        * @param value String to repair.
>        * @return String Repaired String.
>        */
>       private String repair(String value){
>           value = value.replace('/', '=');
>           value = value.replace('%', ',');
>           return value;
>       }
>       /**
>        * Tokenizer Wrapper Function
>        *
>        * Tokenize given string with given parameter.
>        *
>        * @param value String to repair.
>        * @param separator separator
>        * @return String Result.
>        */
>       private String[] getList(String value, String separator)
>       {
>           if(value == null)
>               return null;
>           StringTokenizer tokens = new StringTokenizer(value, separator);
>           String at[] = new String[tokens.countTokens()];
>           for(int i = 0; tokens.hasMoreTokens(); i++)
>               at[i] = tokens.nextToken();
>           return at;
>       }
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/ldap/LDAPURL.java
>
>   Index: LDAPURL.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.ldap;
>
>   import java.net.MalformedURLException;
>   import java.net.URLDecoder;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPURL.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPURL
>   {
>
>       private String host;
>       private int port;
>       private String dn;
>       private String base;
>
>       public LDAPURL()
>       {
>           host = dn = base = null;
>           port = 389;
>       }
>
>       public LDAPURL(String url)
>           throws MalformedURLException
>       {
>           try
>           {
>               url = URLDecoder.decode(url,"UTF-8");
>           }
>           catch(Exception e)
>           {
>               throw new MalformedURLException(e.getMessage());
>           }
>           int p1 = url.indexOf("://");
>           if(p1 == -1)
>               throw new MalformedURLException("Missing '[protocol]://'");
>           String protocol = url.substring(0, p1);
>           p1 += 3;
>           int p2 = url.indexOf(47, p1);
>           String base = null;
>           if(p2 == -1)
>           {
>               base = url.substring(p1);
>               parseHostPort(base);
>               dn = "";
>           } else
>           {
>               base = url.substring(p1, p2);
>               p2++;
>               dn = url.substring(p2);
>               int p3 = dn.indexOf(63);
>               if(p3 != -1)
>                   dn = dn.substring(0, p3);
>               parseHostPort(base);
>           }
>       }
>
>       public LDAPURL(String host, int port, String dn)
>       {
>           this.host = host;
>           this.port = port;
>           this.dn = dn;
>       }
>
>       public static String encode(String toEncode)
>       {
>           StringBuffer encoded = new StringBuffer(toEncode.length() + 10);
>           for(int currPos = 0; currPos < toEncode.length(); currPos++)
>           {
>               char currChar = toEncode.charAt(currPos);
>               if(currChar >= 'a' && currChar <= 'z' || currChar
> >= 'A' && currChar <= 'Z' || currChar >= '0' && currChar <= '9'
> || "$-_.+!*'(),".indexOf(currChar) > 0)
>               {
>                   encoded.append(currChar);
>               } else
>               {
>                   encoded.append("%");
>                   encoded.append(hexChar((currChar & 0xf0) >> 4));
>                   encoded.append(hexChar(currChar & 0xf));
>               }
>           }
>
>           return encoded.toString();
>       }
>
>       public String getBase()
>       {
>           if(base == null)
>               base = "ldap://" + host + ":" + port;
>           return base;
>       }
>
>       public String getDN()
>       {
>           return dn;
>       }
>
>       public String getEncodedUrl()
>       {
>           return getBase() + "/" + encode(dn);
>       }
>
>       public String getHost()
>       {
>           return host;
>       }
>
>       public int getPort()
>       {
>           return port;
>       }
>
>       public String getUrl()
>       {
>           return getBase() + "/" + dn;
>       }
>
>       private static char hexChar(int hexValue)
>       {
>           if(hexValue < 0 || hexValue > 15)
>               return 'x';
>           if(hexValue < 10)
>               return (char)(hexValue + 48);
>           else
>               return (char)((hexValue - 10) + 97);
>       }
>
>       private void parseHostPort(String str)
>           throws MalformedURLException
>       {
>           int p1 = str.indexOf(58);
>           if(p1 == -1)
>           {
>               host = str;
>               port = 389;
>           } else
>           {
>               host = str.substring(0, p1);
>               String pp = str.substring(p1 + 1);
>               try
>               {
>                   port = Integer.parseInt(pp);
>               }
>               catch(NumberFormatException _ex)
>               {
>                   throw new MalformedURLException("Invalid port
> number: " + pp);
>               }
>           }
>       }
>
>       public boolean sameHosts(LDAPURL url)
>       {
>           return getHost().equalsIgnoreCase(url.getHost()) &&
> getPort() == url.getPort();
>       }
>
>       public void setDN(String dn)
>       {
>           this.dn = dn;
>       }
>
>       public void setHost(String host)
>       {
>           this.host = host;
>           base = null;
>       }
>
>       public void setPort(int port)
>       {
>           this.port = port;
>           base = null;
>       }
>
>       public static String toUrl(String host, int port, String
> dn, boolean ssl)
>       {
>           StringBuffer msg = new StringBuffer();
>           msg.append(ssl ? "ldaps://" : "ldap://");
>           msg.append(host);
>           if(ssl && port != 636 || !ssl && port != 389)
>           {
>               msg.append(":");
>               msg.append(String.valueOf(port));
>           }
>           msg.append("/");
>           msg.append(dn);
>           return msg.toString();
>       }
>   }
>
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/LDAPAuthentication.java
>
>   Index: LDAPAuthentication.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   import javax.servlet.ServletConfig;
>
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>
>   import org.apache.jetspeed.services.security.PortalAuthentication;
>   import org.apache.jetspeed.services.security.LoginException;
>
>   import org.apache.jetspeed.services.JetspeedSecurity;
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.jetspeed.om.security.JetspeedUserFactory;
>   import org.apache.jetspeed.om.security.UserNamePrincipal;
>
>   import org.apache.jetspeed.services.JetspeedUserManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityService;
>   import org.apache.jetspeed.services.security.LoginException;
>   import org.apache.jetspeed.services.security.FailedLoginException;
>   import org.apache.jetspeed.services.security.UnknownUserException;
>   import org.apache.jetspeed.services.security.UserException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityCache;
>   import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
>   import org.apache.jetspeed.services.rundata.JetspeedRunData;
>   import org.apache.turbine.services.rundata.RunDataService;
>
>   //openisp
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import org.apache.jetspeed.om.security.ldap.LDAPUser;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPAuthentication.java,v 1.1 2002/10/21
> 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPAuthentication extends    TurbineBaseService
>                                       implements PortalAuthentication
>   {
>       /** The JetspeedRunData Service. */
>       private JetspeedRunDataService runDataService = null;
>
>       private final static String CONFIG_ANONYMOUS_USER =
> "user.anonymous";
>       String anonymousUser = "anon";
>       private final static String CACHING_ENABLE = "caching.enable";
>       private boolean cachingEnable = true;
>       /**
>        * Given a public credential(username) and private
> credential(password),
>        * perform authentication. If authentication succeeds, a
> <code>JetspeedUser</code>
>        * is returned representing the authenticated subject.
>        *
>        * @param username a public credential of the subject to be
> authenticated.
>        * @param password a private credentialof the subject to be
> authenticated.
>        * @return a <code>JetspeedUser</code> object representing
> the authenticated subject.
>        * @exception LoginException when general security provider failure.
>        * @exception FailedLoginException when the authentication failed.
>        * @exception AccountExpiredException when the subject's
> account is expired.
>        * @exception CredentialExpiredException when the subject's
> credential is expired.
>        */
>       public JetspeedUser login(String username, String password)
>           throws LoginException
>       {
>           JetspeedUser user = null;
>           BasicAttributes attr= new BasicAttributes();
>           String[] attrs = {"ou","userPassword","uid","mail"};
>           String dN = null;
>
>           username = JetspeedSecurity.convertUserName(username);
>           password = JetspeedSecurity.convertPassword(password);
>
>           try
>           {
>               user = JetspeedUserManagement.getUser(new
> UserNamePrincipal(username));
>           }
>           catch (UnknownUserException e)
>           {
>               throw new FailedLoginException(e.toString());
>           }
>           catch (JetspeedSecurityException e)
>           {
>               throw new LoginException(e.toString());
>           }
>
>           if(!UnixCrypt.matches(user.getPassword().substring(7),password))
>           {
>               throw new FailedLoginException("Credential
> authentication failure");
>           }
>
>           // Mark the user as being logged in.
>           user.setHasLoggedIn(new Boolean(true));
>
>           // Set the last_login date in the database.
>           try
>           {
>               user.updateLastLogin();
>               putUserIntoContext(user);
>              if (cachingEnable)
>               {
>                   JetspeedSecurityCache.load(username);
>               }
>           }
>           catch (Exception e)
>           {
>               putUserIntoContext(JetspeedSecurity.getAnonymousUser());
>               throw new LoginException("Failed to update last login ", e);
>           }
>
>           return user;
>
>       }
>       /**
>        * Automatically authenticates and retrieves the portal
> anonymous user.
>        *
>        * @return a <code>JetspeedUser</code> object representing
> the authenticated subject.
>        * @exception LoginException if the authentication fails.
>        */
>       public JetspeedUser getAnonymousUser()
>           throws LoginException
>       {
>           JetspeedUser user = null;
>           try
>           {
>               user = JetspeedUserManagement.getUser(new
> UserNamePrincipal(anonymousUser));
>               user.setHasLoggedIn(new Boolean(false));
>               putUserIntoContext(user);
>               if (cachingEnable)
>               {
>                JetspeedSecurityCache.load(user.getUserName());
>               }
>
>           }
>           catch (JetspeedSecurityException e)
>           {
>               throw new LoginException("Failed to get anonymous
> user: " + e);
>           }
>           return user;
>       }
>
>       /**
>        * Logout the <code>JetspeedUser</code>.
>        *
>        * The logout procedure my may include removing/destroying
>        * <code>Principal</code> and <code>Credential</code> information
>        * if relevant to the security provider.
>        *
>        * @exception LoginException if the logout fails.
>        */
>       public void logout()
>           throws LoginException
>       {
>           try
>           {
>                //if (cachingEnable)
>                //{
>                //
> JetspeedSecurityCache.unload(getUserFromContext().getUserName());
>                //}
>               getAnonymousUser();
>           }
>           catch (Exception e)
>           {
>               throw new LoginException("Exception logging user out ", e );
>           }
>       }
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception throws a <code>InitializationException</code>
> if the service
>        * fails to initialize
>        */
>       public synchronized void init(ServletConfig conf)
>           throws InitializationException
>       {
>           if (getInit()) return;
>           super.init(conf);
>
>           // get configuration parameters from Jetspeed Resources
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(JetspeedSecurityService.SERVICE_NAME);
>
>           anonymousUser =
> serviceConf.getString(CONFIG_ANONYMOUS_USER, anonymousUser);
>           cachingEnable = serviceConf.getBoolean( CACHING_ENABLE,
> cachingEnable );
>
>           this.runDataService =
>               (JetspeedRunDataService)TurbineServices.getInstance()
>                   .getService(RunDataService.SERVICE_NAME);
>
>
>           setInit(true);
>        }
>
>
> //////////////////////////////////////////////////////////////////
> //////////
>
>       protected JetspeedRunData getRunData()
>       {
>           JetspeedRunData rundata = null;
>           if (this.runDataService != null)
>           {
>               rundata = this.runDataService.getCurrentRunData();
>           }
>           return rundata;
>       }
>
>       protected JetspeedUser getUserFromContext()
>       {
>           JetspeedRunData rundata = getRunData();
>           JetspeedUser user = null;
>           if (rundata != null)
>           {
>               user = (JetspeedUser)rundata.getUser();
>           }
>           return user;
>       }
>
>       protected JetspeedRunData putUserIntoContext(JetspeedUser user)
>       {
>           JetspeedRunData rundata = getRunData();
>           if (rundata != null)
>           {
>               rundata.setUser(user);
>               rundata.save();
>           }
>           return rundata;
>       }
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/LDAPGroupManagement.java
>
>   Index: LDAPGroupManagement.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   import java.util.Iterator;
>   import java.util.Vector;
>   import java.util.HashMap;
>   import java.util.Enumeration;
>   import java.util.StringTokenizer;
>
>   import javax.servlet.ServletConfig;
>   //openisp
>   import javax.naming.*;
>   import javax.naming.directory.*;
>
>   import org.apache.jetspeed.om.security.ldap.LDAPGroup;
>   import org.apache.jetspeed.om.security.ldap.LDAPUser;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>   // Jetspeed Security
>   import org.apache.jetspeed.services.security.GroupManagement;
>
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.jetspeed.om.security.BaseJetspeedUser;
>   import org.apache.jetspeed.om.security.BaseJetspeedGroup;
>   import org.apache.jetspeed.om.security.Group;
>   import org.apache.jetspeed.om.security.Role;
>
>   import org.apache.jetspeed.services.JetspeedSecurity;
>   import org.apache.jetspeed.services.security.UserManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityService;
>   import org.apache.jetspeed.om.security.UserNamePrincipal;
>
>   // Jetspeed Security Exceptions
>   import org.apache.jetspeed.services.security.GroupException;
>   import org.apache.jetspeed.services.security.UnknownUserException;
>   import org.apache.jetspeed.services.security.NotUniqueUserException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityException;
>
>   import org.apache.jetspeed.services.PsmlManager;
>
>   // Profile
>   import org.apache.jetspeed.om.profile.Profile;
>   import org.apache.jetspeed.om.profile.BaseProfile;
>   import org.apache.jetspeed.services.Profiler;
>   import org.apache.jetspeed.om.profile.ProfileException;
>
>   // Rundata
>   import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
>   import org.apache.jetspeed.services.rundata.JetspeedRunData;
>   import org.apache.turbine.services.rundata.RunDataService;
>
>   // Turbine
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPGroupManagement.java,v 1.1 2002/10/21
> 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPGroupManagement extends TurbineBaseService
>                                      implements GroupManagement
>   {
>       private JetspeedRunDataService runDataService = null;
>
>       private final static String CONFIG_DEFAULT_ROLE = "role.default";
>       String defaultRole = "user";
>       private final static String CASCADE_DELETE =
> "programmatic.cascade.delete";
>       private final static boolean DEFAULT_CASCADE_DELETE = true;
>       private boolean cascadeDelete;
>       String[] attrs = {"ou","uid"};
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Group Management Interfaces
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Retrieves all <code>Group</code>s for a given username principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param username a user principal identity to be retrieved.
>        * @return Iterator over all groups associated to the user
> principal.
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getGroups(String username)
>           throws JetspeedSecurityException
>       {
>           StringTokenizer st;
>           LDAPUser user;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new GroupException("Failed to Retrieve User: ", e);
>           }
>           Vector groups= new Vector();
>           try
>           {
>             for (Enumeration enum =
> user.getgrouprole().elements() ;enum.hasMoreElements() ;){
>               st = new StringTokenizer((String)enum.nextElement(),",");
>               groups.add(new LDAPGroup(st.nextToken(),false));
>             }
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to retrieve groups ", e);
>           }
>           return groups.iterator();
>       }
>       /**
>        * Retrieves all <code>Group</code>s.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @return Iterator over all groups.
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getGroups()
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector groups = new Vector();
>           Vector userurls;
>           try
>           {
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=groups, ou=jetspeed"),
>
> "(objectclass=jetspeedgroup)",attrs,true);
>             if (userurls.size() > 0){
>               for (Enumeration enum =
> userurls.elements();enum.hasMoreElements() ;){
>                 groups.add(new LDAPGroup((LDAPURL)
> (((Vector)enum.nextElement()).firstElement())));
>               }
>             } else {
>               throw new UnknownUserException("No groups ");
>             }
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to retrieve groups ", e);
>           }
>           return groups.iterator();
>       }
>
>       /**
>        * Adds a <code>Group</code> into permanent storage.
>        *
>        * The security service can throw a
> <code>NotUniqueEntityException</code> when the public
>        * credentials fail to meet the security provider-specific
> unique constraints.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception NotUniqueEntityException when the public
> credentials fail to meet
>        *                                   the security
> provider-specific unique constraints.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void addGroup(Group group)
>           throws JetspeedSecurityException
>       {
>           if(groupExists(group.getName()))
>           {
>               throw new GroupException("The group '" +
>                   group.getName() + "' already exists");
>           }
>           try
>           {
>             new LDAPGroup(group.getName(),true).update(true);
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to create group '" +
>                   group.getName() + "'", e);
>           }
>
>           try
>           {
>               addDefaultGroupPSML(group);
>           }
>           catch (Exception e)
>           {
>               try
>               {
>                   removeGroup(group.getName());
>               }
>               catch (Exception e2)
>               {
>               }
>               throw new GroupException("failed to add default
> PSML for Group resource", e);
>           }
>
>       }
>       protected void addDefaultGroupPSML(Group group)
>           throws GroupException
>       {
>           try
>           {
>               JetspeedRunDataService runDataService =
>                  (JetspeedRunDataService)TurbineServices.getInstance()
>                      .getService(RunDataService.SERVICE_NAME);
>               JetspeedRunData rundata =
> runDataService.getCurrentRunData();
>               Profile profile = new BaseProfile();
>               profile.setGroup(group);
>               profile.setMediaType("html");
>               Profiler.createProfile(rundata, profile);
>           }
>           catch (ProfileException e)
>           {
>               try
>               {
>                   removeGroup(group.getName());
>               }
>               catch(Exception e2)
>               {
>               }
>               throw new GroupException("Failed to create Group PSML", e);
>           }
>       }
>       /**
>        * Saves a <code>Group</code> into permanent storage.
>        *
>        * The security service can throw a
> <code>NotUniqueEntityException</code> when the public
>        * credentials fail to meet the security provider-specific
> unique constraints.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void saveGroup(Group group)
>           throws JetspeedSecurityException
>       {
>           if(!groupExists(group.getName()))
>           {
>               throw new GroupException("The group '" +
>                   group.getName() + "' doesn't exists");
>           }
>
>           try
>           {
>            }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to create group '" +
>                   group.getName() + "'", e);
>           }
>
>       }
>
>       /**
>        * Removes a <code>Group</code> from the permanent store.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param groupname the principal identity of the group to
> be retrieved.
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void removeGroup(String groupname)
>           throws JetspeedSecurityException
>       {
>           try
>           {
>               LDAPGroup group = new LDAPGroup(groupname, false);
>               JetspeedLDAP.deleteEntry(group.getldapurl());
>               if(cascadeDelete)
>               {
>               }
>               PsmlManager.removeGroupDocuments(group);
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to remove group '" +
>                   groupname + "'", e);
>           }
>
>       }
>
>       /**
>        * Join a user to a group.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception GroupException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void joinGroup(String username, String groupname)
>           throws JetspeedSecurityException
>       {
>           LDAPUser user;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new GroupException("Failed to Retrieve User: ", e);
>           }
>           try
>           {
>             user.addgrouprole(groupname,defaultRole);
>             user.update(false);
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to add group info ", e);
>           }
>       }
>
>       /**
>        * Unjoin a user from a group.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception GroupException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void unjoinGroup(String username, String groupname)
>           throws JetspeedSecurityException
>       {
>           LDAPUser user;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new GroupException("Failed to Retrieve User: ", e);
>           }
>           try
>           {
>             user.removegroup(groupname);
>             user.update(false);
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to add group info ", e);
>           }
>       }
>
>       /**
>        * Checks for the relationship of user in a group. Returns
> true when the user is in the given group.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception GroupException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public boolean inGroup(String username, String groupname)
>           throws JetspeedSecurityException
>       {
>           StringTokenizer st;
>           LDAPUser user;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new GroupException("Failed to Retrieve User: ", e);
>           }
>           Vector groups= new Vector();
>           try
>           {
>             for (Enumeration enum =
> user.getgrouprole().elements() ;enum.hasMoreElements() ;){
>               st = new StringTokenizer((String)enum.nextElement(),",");
>               if (st.nextToken().equalsIgnoreCase(groupname)){
>                 return true;
>               }
>             }
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to retrieve groups ", e);
>           }
>           return false;
>       }
>
>
>       /**
>        * Retrieves a single <code>Group</code> for a given
> groupname principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param groupname a group principal identity to be retrieved.
>        * @return Group the group record retrieved.
>        * @exception GroupException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Group getGroup(String groupname)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>
>           LDAPGroup group;
>           Vector userurls;
>           try
>           {
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=groups, ou=jetspeed"),
>                                           "(&(uid="+
> groupname+")(objectclass=jetspeedgroup))",attrs,true);
>             if (userurls.size() == 1){
>                 return new LDAPGroup((LDAPURL)
> ((Vector)userurls.elementAt(0)).firstElement());
>             }else if(userurls.size() > 1){
>               throw new GroupException("Multiple groups with same name");
>             }
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to retrieve groups ", e);
>           }
>           throw new GroupException("Unknown group '" + groupname + "'");
>
>       }
>
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Internal
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       protected JetspeedRunData getRunData()
>        {
>            JetspeedRunData rundata = null;
>            if (this.runDataService != null)
>            {
>                rundata = this.runDataService.getCurrentRunData();
>            }
>            return rundata;
>        }
>
>       /**
>        * Check whether a specified group exists.
>        *
>        * The login name is used for looking up the account.
>        *
>        * @param groupName the name of the group to check for existence.
>        * @return true if the specified account exists
>        * @throws GroupException if there was a general db access error
>        *
>        */
>       protected boolean groupExists(String groupName)
>           throws GroupException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector userurls;
>           try
>           {
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=groups, ou=jetspeed"),
>                                           "(&(uid="+
> groupName+")(objectclass=jetspeedgroup))",attrs,true);
>             if (userurls.size() > 0){
>               return true;
>             }
>           }
>           catch(Exception e)
>           {
>               throw new GroupException("Failed to retrieve groups ", e);
>           }
>           return false;
>       }
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Service Init
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception throws a <code>InitializationException</code>
> if the service
>        * fails to initialize
>        */
>       public synchronized void init(ServletConfig conf)
>           throws InitializationException
>       {
>           if (getInit()) return;
>           super.init(conf);
>
>           // get configuration parameters from Jetspeed Resources
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(JetspeedSecurityService.SERVICE_NAME);
>
>           this.runDataService =
>              (JetspeedRunDataService)TurbineServices.getInstance()
>                  .getService(RunDataService.SERVICE_NAME);
>
>           defaultRole =
> serviceConf.getString(CONFIG_DEFAULT_ROLE, defaultRole);
>           cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
> DEFAULT_CASCADE_DELETE );
>
>           setInit(true);
>        }
>
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/LDAPPermissionManagement.java
>
>   Index: LDAPPermissionManagement.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   import java.util.Iterator;
>   import java.util.Vector;
>   import java.util.HashMap;
>   import java.util.Enumeration;
>   import javax.servlet.ServletConfig;
>
>
>   // Jetspeed Security
>   import org.apache.jetspeed.services.security.PermissionManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityCache;
>   import org.apache.jetspeed.services.security.CachedAcl;
>
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.jetspeed.om.security.BaseJetspeedUser;
>   import org.apache.jetspeed.om.security.Role;
>   import org.apache.jetspeed.om.security.Permission;
>
>   import org.apache.jetspeed.services.JetspeedSecurity;
>   import org.apache.jetspeed.services.security.UserManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityService;
>   import org.apache.jetspeed.om.security.UserNamePrincipal;
>   import org.apache.jetspeed.om.security.BaseJetspeedPermission;
>
>   // Jetspeed Security Exceptions
>   import org.apache.jetspeed.services.security.PermissionException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityException;
>
>   import org.apache.jetspeed.services.PsmlManager;
>
>   //openisp
>   import javax.naming.*;
>   import javax.naming.directory.*;
>
>   import org.apache.jetspeed.om.security.ldap.LDAPPermission;
>   import org.apache.jetspeed.om.security.ldap.LDAPUser;
>   import org.apache.jetspeed.om.security.ldap.LDAPRole;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>
>   // Rundata
>   import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
>   import org.apache.jetspeed.services.rundata.JetspeedRunData;
>   import org.apache.turbine.services.rundata.RunDataService;
>
>   // Turbine
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPPermissionManagement.java,v 1.1 2002/10/21
> 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPPermissionManagement  extends TurbineBaseService
>                                      implements PermissionManagement
>   {
>       private JetspeedRunDataService runDataService = null;
>       private final static String CASCADE_DELETE =
> "programmatic.cascade.delete";
>       private final static boolean DEFAULT_CASCADE_DELETE = true;
>       private boolean cascadeDelete;
>       private final static String CACHING_ENABLE = "caching.enable";
>       private boolean cachingEnable = true;
>       String[] attrs = {"ou","uid"};
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Permission Management Interfaces
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Retrieves all <code>Permission</code>s for a given
> rolename principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param rolename a role name identity to be retrieved.
>        * @return Iterator over all permissions associated to the
> role principal.
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getPermissions(String rolename)
>           throws JetspeedSecurityException
>       {
>           Vector perms = new Vector();
>           BasicAttributes attr= new BasicAttributes();
>           LDAPRole role;
>           LDAPPermission permission;
>           Vector userurls;
>          try
>           {
>               if (cachingEnable)
>               {
>                   Iterator iterator =
> JetspeedSecurityCache.getPermissions(rolename);
>                   if (iterator != null)
>                   {
>                       return iterator;
>                   }
>               }
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles, ou=jetspeed"),
>                                           "(&(uid="+
> rolename+")(objectclass=jetspeedrole))",attrs,true);
>             if (userurls.size() > 0){
>                 role = new LDAPRole((LDAPURL)
> ((Vector)userurls.elementAt(0)).firstElement());
>
>               for (Enumeration enum=
> role.getrolepermissions().elements();enum.hasMoreElements();){
>                   permission = new
> LDAPPermission((String)enum.nextElement(),false);
>                   perms.add(permission);
>               }
>             }
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Failed to retrieve
> permissions ", e);
>           }
>
>           return perms.iterator();
>       }
>       /**
>        * Retrieves all <code>Permission</code>s.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @return Iterator over all permissions.
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getPermissions()
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector permissions = new Vector();
>           Vector permissionurls;
>           try
>           {
>               permissionurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles,
> ou=jetspeed"),"(objectclass=jetspeedrole)",attrs,true);
>             if (permissionurls.size() > 0){
>               for (Enumeration enum =
> permissionurls.elements();enum.hasMoreElements() ;){
>                 permissions.add(new LDAPRole((LDAPURL)
> (((Vector)enum.nextElement()).firstElement())));
>               }
>             } else {
>               throw new PermissionException("No permission ");
>             }
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Failed to retrieve
> permissions ", e);
>           }
>           return permissions.iterator();
>
>
>       }
>       /**
>        * Adds a <code>Permission</code> into permanent storage.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void addPermission(Permission permission)
>           throws JetspeedSecurityException
>       {
>           if(permissionExists(permission.getName()))
>           {
>               throw new PermissionException("The permission '" +
>                   permission.getName() + "' already exists");
>           }
>           try
>           {
>             new LDAPPermission(permission.getName(),true).update(true) ;
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Failed to create
> permission '" +
>                   permission.getName() + "'", e);
>           }
>       }
>
>       /**
>        * Saves a <code>Permission</code> into permanent storage.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void savePermission(Permission permission)
>           throws JetspeedSecurityException
>       {
>       }
>
>       /**
>        * Removes a <code>Permission</code> from the permanent store.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param permissionName the principal identity of the
> permission to be retrieved.
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void removePermission(String permissionName)
>           throws JetspeedSecurityException
>       {
>           try
>           {
>               LDAPPermission permission = new
> LDAPPermission(permissionName,false);
>               JetspeedLDAP.deleteEntry(permission.getldapurl());
>               if(cascadeDelete)
>               {
>               }
>               if (cachingEnable)
>               {
>
> JetspeedSecurityCache.removeAllPermissions(permissionName);
>               }
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Failed to remove
> permission '" +
>                   permissionName + "'", e);
>           }
>       }
>
>        /**
>        * Grants a permission to a role.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param roleName grant a permission to this role.
>        * @param permissionName the permission to grant to the role.
>        * @exception PermissionException when the security
> provider has a general failure retrieving permissions.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void grantPermission(String roleName, String permissionName)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           LDAPRole role;
>           LDAPPermission permission;
>          try
>           {
>               role = (LDAPRole)JetspeedSecurity.getRole(roleName);
>               permission =
> (LDAPPermission)JetspeedSecurity.getPermission(permissionName);
>               role.addrolepermissions(permissionName);
>               role.update(false);
>               if (cachingEnable)
>               {
>
> JetspeedSecurityCache.addPermission(roleName,permission);
>               }
>
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Grant permission '"
> + permissionName + "' to role '" + roleName + "' failed: ", e);
>           }
>       }
>
>       /**
>        * Revokes a permission from a role.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param roleName grant a permission to this role.
>        * @param permissionName the permission to grant to the role.
>        * @exception PermissionException when the security
> provider has a general failure retrieving permissions.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void revokePermission(String roleName, String permissionName)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           LDAPRole role;
>           Vector userurls;
>          try
>           {
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles, ou=jetspeed"),
>                                           "(&(uid="+
> roleName+")(objectclass=jetspeedrole))",attrs,true);
>             if (userurls.size() > 0){
>               role = new LDAPRole((LDAPURL)
> ((Vector)userurls.elementAt(0)).firstElement());
>               role.getrolepermissions().remove(permissionName);
>               role.update(false);
>               if (cachingEnable)
>               {
>
> JetspeedSecurityCache.removePermission(roleName, permissionName);
>               }
>             }
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Revoke permission '"
> + permissionName + "' to role '" + roleName + "' failed: ", e);
>          }
>
>       }
>
>       /**
>        * Checks for the relationship of role has a permission.
> Returns true when the role has the given permission.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param roleName grant a permission to this role.
>        * @param permissionName the permission to grant to the role.
>        * @exception PermissionException when the security
> provider has a general failure retrieving permissions.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public boolean hasPermission(String roleName, String permissionName)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           LDAPRole role;
>           Vector userurls;
>          try
>           {
>               if (cachingEnable)
>               {
>                   return
> JetspeedSecurityCache.hasPermission(roleName, permissionName);
>               }
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles, ou=jetspeed"),
>                                           "(&(uid="+
> roleName+")(objectclass=jetspeedrole))",attrs,true);
>             if (userurls.size() > 0){
>               role = new LDAPRole((LDAPURL)
> ((Vector)userurls.elementAt(0)).firstElement());
>               return role.permissionexist(permissionName);
>             }
>
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Grant permission '"
> + permissionName + "' to role '" + roleName + "' failed: ", e);
>           }
>           return false;
>       }
>
>       /**
>        * Retrieves a single <code>Permission</code> for a given
> permissionName principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param permissionName a permission principal identity to
> be retrieved.
>        * @return Permission the permission record retrieved.
>        * @exception PermissionException when the security
> provider has a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Permission getPermission(String permissionName)
>           throws JetspeedSecurityException
>       {
>         if (permissionExists(permissionName)){
>           return new LDAPPermission(permissionName,false);
>         }else {
>           throw new PermissionException("Unknown permission '" +
> permissionName + "'");
>         }
>       }
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Internal
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       protected JetspeedRunData getRunData()
>        {
>            JetspeedRunData rundata = null;
>            if (this.runDataService != null)
>            {
>                rundata = this.runDataService.getCurrentRunData();
>            }
>            return rundata;
>        }
>
>       /**
>        * Check whether a specified permission exists.
>        *
>        * The login name is used for looking up the account.
>        *
>        * @param permissionName the name of the permission to
> check for existence.
>        * @return true if the specified account exists
>        * @throws PermissionException if there was a general db
> access error
>        *
>        */
>       protected boolean permissionExists(String permissionName)
>           throws PermissionException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector permissionurls;
>           try
>           {
>               permissionurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=permissions, ou=jetspeed"),
>                                           "(&(uid="+
> permissionName+")(objectclass=jetspeedpermission))",attrs,true);
>             if (permissionurls.size() > 0){
>               return true;
>             }
>           }
>           catch(Exception e)
>           {
>               throw new PermissionException("Failed to retrieve
> permission ", e);
>           }
>           return false;
>       }
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Service Init
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception throws a <code>InitializationException</code>
> if the service
>        * fails to initialize
>        */
>       public synchronized void init(ServletConfig conf)
>           throws InitializationException
>       {
>           if (getInit()) return;
>
>           super.init(conf);
>
>           // get configuration parameters from Jetspeed Resources
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(JetspeedSecurityService.SERVICE_NAME);
>
>           this.runDataService =
>              (JetspeedRunDataService)TurbineServices.getInstance()
>                  .getService(RunDataService.SERVICE_NAME);
>
>           cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
> DEFAULT_CASCADE_DELETE );
>           cachingEnable = serviceConf.getBoolean( CACHING_ENABLE,
> cachingEnable );
>           setInit(true);
>        }
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/LDAPRoleManagement.java
>
>   Index: LDAPRoleManagement.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   import java.util.Iterator;
>   import java.util.Vector;
>   import java.util.HashMap;
>   import java.util.Enumeration;
>   import java.util.StringTokenizer;
>
>   import javax.servlet.ServletConfig;
>   //openisp
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import org.apache.jetspeed.om.security.ldap.LDAPUser;
>   import org.apache.jetspeed.om.security.ldap.LDAPRole;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>   // Jetspeed Security
>   import org.apache.jetspeed.services.security.RoleManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityCache;
>   import org.apache.jetspeed.services.security.CachedAcl;
>
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.jetspeed.om.security.BaseJetspeedUser;
>   //import org.apache.jetspeed.om.security.BaseJetspeedRole;
>   import org.apache.jetspeed.om.security.Group;
>   import org.apache.jetspeed.om.security.Role;
>
>   import org.apache.jetspeed.services.JetspeedSecurity;
>   import org.apache.jetspeed.services.security.UserManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityService;
>   import org.apache.jetspeed.om.security.UserNamePrincipal;
>
>   // Jetspeed Security Exceptions
>   import org.apache.jetspeed.services.security.RoleException;
>   import org.apache.jetspeed.services.security.UnknownUserException;
>   import org.apache.jetspeed.services.security.NotUniqueUserException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityException;
>
>   import org.apache.jetspeed.services.PsmlManager;
>
>   // Profile
>   import org.apache.jetspeed.om.profile.Profile;
>   import org.apache.jetspeed.om.profile.BaseProfile;
>   import org.apache.jetspeed.services.Profiler;
>   import org.apache.jetspeed.om.profile.ProfileException;
>
>   // Rundata
>   import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
>   import org.apache.jetspeed.services.rundata.JetspeedRunData;
>   import org.apache.turbine.services.rundata.RunDataService;
>
>   // Turbine
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPRoleManagement.java,v 1.1 2002/10/21
> 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPRoleManagement extends TurbineBaseService
>                                      implements RoleManagement
>   {
>       private JetspeedRunDataService runDataService = null;
>       private final static String CASCADE_DELETE =
> "programmatic.cascade.delete";
>       private final static boolean DEFAULT_CASCADE_DELETE = true;
>       private boolean cascadeDelete;
>       private final static String CACHING_ENABLE = "caching.enable";
>       private boolean cachingEnable = true;
>       String[] attrs = {"ou","uid"};
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Role Management Interfaces
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Retrieves all <code>Role</code>s for a given username principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param username a user principal identity to be retrieved.
>        * @return Iterator over all roles associated to the user principal.
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getRoles(String username)
>           throws JetspeedSecurityException
>       {
>           StringTokenizer st;
>           LDAPUser user;
>           try
>           {
>               if (cachingEnable)
>               {
>                   Iterator result =
> JetspeedSecurityCache.getRoles(username);
>                   if (null != result)
>                   {
>                       return result;
>                   }
>               }
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new RoleException("Failed to Retrieve User: ", e);
>           }
>           Vector roles= new Vector();
>           try
>           {
>             for (Enumeration enum =
> user.getgrouprole().elements() ;enum.hasMoreElements() ;){
>               st = new StringTokenizer((String)enum.nextElement(),",");
>               st.nextToken();
>               roles.add(new LDAPRole(st.nextToken(),false));
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to retrieve groups ", e);
>           }
>           return roles.iterator();
>
>       }
>       /**
>        * Retrieves all <code>Role</code>s.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @return Iterator over all roles.
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getRoles()
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector roles = new Vector();
>           Vector roleurls;
>           try
>           {
>               roleurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles,
> ou=jetspeed"),"(objectclass=jetspeedrole)",attrs,true);
>             if (roleurls.size() > 0){
>               for (Enumeration enum =
> roleurls.elements();enum.hasMoreElements() ;){
>                 roles.add(new LDAPRole((LDAPURL)
> (((Vector)enum.nextElement()).firstElement())));
>               }
>             } else {
>               throw new UnknownUserException("No role ");
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to retrieve roles ", e);
>           }
>           return roles.iterator();
>
>       }
>       /**
>        * Adds a <code>Role</code> into permanent storage.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void addRole(Role role)
>           throws JetspeedSecurityException
>       {
>           if(roleExists(role.getName()))
>           {
>               throw new RoleException("The role '" +
>                   role.getName() + "' already exists");
>           }
>           try
>           {
>             new LDAPRole(role.getName(),true).update(true) ;
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to create role '" +
>                   role.getName() + "'", e);
>           }
>
>           try
>           {
>               addDefaultRolePSML(role);
>           }
>           catch (Exception e)
>           {
>               try
>               {
>                   removeRole(role.getName());
>               }
>               catch (Exception e2)
>               {
>               }
>               throw new RoleException("failed to add default PSML
> for Role resource", e);
>           }
>       }
>       protected void addDefaultRolePSML(Role role)
>           throws RoleException
>       {
>           try
>           {
>               JetspeedRunDataService runDataService =
>                  (JetspeedRunDataService)TurbineServices.getInstance()
>                      .getService(RunDataService.SERVICE_NAME);
>               JetspeedRunData rundata =
> runDataService.getCurrentRunData();
>               Profile profile = new BaseProfile();
>               profile.setRole(role);
>               profile.setMediaType("html");
>               Profiler.createProfile(rundata, profile);
>           }
>           catch (ProfileException e)
>           {
>               try
>               {
>                   removeRole(role.getName());
>               }
>               catch(Exception e2)
>               {
>               }
>               throw new RoleException("Failed to create Role PSML", e);
>           }
>       }
>
>       /**
>        * Saves a <code>Role</code> into permanent storage.
>        *
>        * The security service can throw a
> <code>NotUniqueEntityException</code> when the public
>        * credentials fail to meet the security provider-specific
> unique constraints.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void saveRole(Role role)
>           throws JetspeedSecurityException
>       {
>           if(!roleExists(role.getName()))
>           {
>               throw new RoleException("The role '" +
>                   role.getName() + "' doesn't exists");
>           }
>
>           try
>           {
>
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to create role '" +
>                   role.getName() + "'", e);
>           }
>
>       }
>       /**
>        * Removes a <code>Role</code> from the permanent store.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param rolename the principal identity of the role to be
> retrieved.
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void removeRole(String rolename)
>           throws JetspeedSecurityException
>       {
>           try
>           {
>               LDAPRole role = new LDAPRole(rolename,false);
>               JetspeedLDAP.deleteEntry(role.getldapurl());
>               PsmlManager.removeRoleDocuments(role);
>               if(cascadeDelete)
>               {
>               }
>               if (cachingEnable)
>               {
>                   JetspeedSecurityCache.removeAllRoles(rolename);
>               }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to remove group '" +
>                   rolename + "'", e);
>           }
>
>       }
>       /**
>        * Grants a role to a user.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception RoleException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void grantRole(String username, String rolename)
>           throws JetspeedSecurityException
>       {
>           LDAPUser user;
>           LDAPRole role;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>               role = (LDAPRole)JetspeedSecurity.getRole(rolename);
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new RoleException("Failed to Retrieve User or
> Role: ", e);
>           }
>           try
>           {
>             user.addgrouprole(JetspeedSecurity.JETSPEED_GROUP,rolename);
>             user.update(false);
>             if (cachingEnable)
>             {
>                 JetspeedSecurityCache.addRole(username, role);
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to add role info ", e);
>           }
>
>       }
>
>       /**
>        * Revokes a role from a user.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception RoleException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void revokeRole(String username, String rolename)
>           throws JetspeedSecurityException
>       {
>           LDAPUser user;
>           try
>           {
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new RoleException("Failed to Retrieve User: ", e);
>           }
>           try
>           {
>
> user.removegrouprole(JetspeedSecurity.JETSPEED_GROUP,rolename);
>             user.update(false);
>             if (cachingEnable)
>             {
>                 JetspeedSecurityCache.removeRole(username, rolename);
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to add role info ", e);
>           }
>       }
>
>       /**
>        * Checks for the relationship of user has a role. Returns
> true when the user has the given role.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception RoleException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public boolean hasRole(String username, String rolename)
>           throws JetspeedSecurityException
>       {
>           StringTokenizer st;
>           LDAPUser user;
>           try
>           {
>               if (cachingEnable)
>               {
>                   CachedAcl acl = JetspeedSecurityCache.getAcl(username);
>                   if (null != acl)
>                   {
>                       return acl.hasRole(rolename);
>                   }
>               }
>               user = (LDAPUser)JetspeedSecurity.getUser(new
> UserNamePrincipal(username));
>           }
>           catch(JetspeedSecurityException e)
>           {
>               throw new RoleException("Failed to Retrieve User: ", e);
>           }
>           try
>           {
>             for (Enumeration enum =
> user.getgrouprole().elements() ;enum.hasMoreElements() ;){
>               st = new StringTokenizer((String)enum.nextElement(),",");
>               st.nextToken();
>               if (st.nextToken().equalsIgnoreCase(rolename)){
>                 return true;
>               }
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to retrieve roles ", e);
>           }
>           return false;
>       }
>
>
>       /**
>        * Retrieves a single <code>Role</code> for a given
> rolename principal.
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param rolename a role principal identity to be retrieved.
>        * @return Role the role record retrieved.
>        * @exception RoleException when the security provider has
> a general failure.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Role getRole(String rolename)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector roleurls;
>           try
>           {
>               roleurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles, ou=jetspeed"),
>                                           "(&(uid="+
> rolename+")(objectclass=jetspeedrole))",attrs,true);
>             if (roleurls.size() == 1){
>                 return new LDAPRole((LDAPURL)
> ((Vector)roleurls.elementAt(0)).firstElement());
>             }else if(roleurls.size() > 1){
>               throw new RoleException("Multiple roles with same name");
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to retrieve roles ", e);
>           }
>           throw new RoleException("Unknown role '" + rolename + "'");
>       }
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Internal
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       protected JetspeedRunData getRunData()
>        {
>            JetspeedRunData rundata = null;
>            if (this.runDataService != null)
>            {
>                rundata = this.runDataService.getCurrentRunData();
>            }
>            return rundata;
>        }
>
>       /**
>        * Check whether a specified role exists.
>        *
>        * The login name is used for looking up the account.
>        *
>        * @param roleName the name of the role to check for existence.
>        * @return true if the specified account exists
>        * @throws RoleException if there was a general db access error
>        *
>        */
>       protected boolean roleExists(String roleName)
>           throws RoleException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector roleurls;
>           try
>           {
>               roleurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=roles, ou=jetspeed"),
>                                           "(&(uid="+
> roleName+")(objectclass=jetspeedrole))",attrs,true);
>             if (roleurls.size() > 0){
>               return true;
>             }
>           }
>           catch(Exception e)
>           {
>               throw new RoleException("Failed to retrieve roles ", e);
>           }
>           return false;
>       }
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Service Init
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception throws a <code>InitializationException</code>
> if the service
>        * fails to initialize
>        */
>       public synchronized void init(ServletConfig conf)
>           throws InitializationException
>       {
>           if (getInit()) return;
>
>           super.init(conf);
>
>           // get configuration parameters from Jetspeed Resources
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(JetspeedSecurityService.SERVICE_NAME);
>
>           this.runDataService =
>              (JetspeedRunDataService)TurbineServices.getInstance()
>                  .getService(RunDataService.SERVICE_NAME);
>
>           cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE,
> DEFAULT_CASCADE_DELETE );
>           cachingEnable = serviceConf.getBoolean( CACHING_ENABLE,
> cachingEnable );
>           setInit(true);
>        }
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/LDAPUserManagement.java
>
>   Index: LDAPUserManagement.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   // Turbine
>   import org.apache.turbine.util.Log;
>   import org.apache.turbine.services.TurbineBaseService;
>   import org.apache.turbine.services.TurbineServices;
>   import org.apache.turbine.services.InitializationException;
>   import org.apache.turbine.services.resources.ResourceService;
>
>   // Jetspeed Security
>   import org.apache.jetspeed.om.security.ldap.LDAPUser;
>   import org.apache.jetspeed.services.JetspeedLDAP;
>   import org.apache.jetspeed.services.ldap.LDAPURL;
>
>   import org.apache.jetspeed.om.security.JetspeedUser;
>   import org.apache.jetspeed.om.security.UserNamePrincipal;
>   import org.apache.jetspeed.om.security.UserIdPrincipal;
>
>   import org.apache.jetspeed.services.JetspeedSecurity;
>   import org.apache.jetspeed.services.Profiler;
>   import org.apache.jetspeed.services.PsmlManager;
>   import org.apache.jetspeed.services.security.UserManagement;
>   import org.apache.jetspeed.services.security.JetspeedSecurityService;
>
>   import org.apache.jetspeed.services.security.CredentialsManagement;
>   import org.apache.jetspeed.services.security.UserException;
>   import org.apache.jetspeed.services.security.UnknownUserException;
>   import org.apache.jetspeed.services.security.NotUniqueUserException;
>   import org.apache.jetspeed.services.security.JetspeedSecurityException;
>   import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
>   import org.apache.jetspeed.services.rundata.JetspeedRunData;
>   import org.apache.turbine.services.rundata.RunDataService;
>   import org.apache.jetspeed.services.resources.JetspeedResources;
>
>   import org.apache.jetspeed.om.profile.BaseProfile;
>   import org.apache.jetspeed.om.profile.Profile;
>
>   import java.security.Principal;
>   import java.util.Iterator;
>   import javax.servlet.ServletConfig;
>   import javax.naming.*;
>   import javax.naming.directory.*;
>   import java.util.Vector;
>   import java.util.Enumeration;
>
>   /**
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: LDAPUserManagement.java,v 1.1 2002/10/21
> 22:31:15 taylor Exp $
>    *
>    */
>   public class LDAPUserManagement extends TurbineBaseService
>                                      implements UserManagement,
>                                                 CredentialsManagement
>   {
>       private final static String CONFIG_SECURE_PASSWORDS_KEY =
> "secure.passwords";
>       private final static String
> CONFIG_SECURE_PASSWORDS_ALGORITHM = "secure.passwords.algorithm";
>
>       boolean securePasswords = false;
>       String passwordsAlgorithm = "SHA";
>
>       private final static String CONFIG_NEWUSER_ROLES     =
> "newuser.roles";
>       private final static String [] DEFAULT_CONFIG_NEWUSER_ROLES =
>       { "user" };
>
>       String roles[] = null;
>
>       String[] attrs = {"ou","userPassword","uid","mail"};
>
>
>       /** The JetspeedRunData Service. */
>       private JetspeedRunDataService runDataService = null;
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // User Management Interfaces
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Retrieves a <code>JetspeedUser</code> given the primary
> principle.
>        * The principal can be any valid Jetspeed Security Principal:
>        *   <code>org.apache.jetspeed.om.security.UserNamePrincipal</code>
>        *   <code>org.apache.jetspeed.om.security.UserIdPrincipal</code>
>        *
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param principal a principal identity to be retrieved.
>        * @return a <code>JetspeedUser</code> associated to the
> principal identity.
>        * @exception UserException when the security provider has
> a general failure retrieving a user.
>        * @exception UnknownUserException when the security
> provider cannot match
>        *            the principal identity to a user.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public JetspeedUser getUser(Principal principal)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector userurls = new Vector();
>           LDAPUser user = null;
>             try{
>
>               userurls =
> JetspeedLDAP.search(JetspeedLDAP.buildURL("ou=users,ou=jetspeed"),
>
> "(&(uid="+principal.getName()+")(objectclass=jetspeeduser))",attrs,true);
>             }catch (Exception e){
>               throw new UserException("Failed to retrieve user '" +
>                   principal.getName() + "'", e);
>             }
>             if (userurls.size() == 1){
>                 user = new LDAPUser((LDAPURL)
> ((Vector)userurls.elementAt(0)).firstElement());
>                 return user;
>             }else if(userurls.size() > 1){
>               throw new UserException(
>                   "Multiple Users with same username '" +
> principal.getName() + "'");
>             } else {
>               throw new UnknownUserException("Unknown user '" +
> principal.getName() + "'");
>             }
>       }
>     /**
>        * Retrieves a collection of all <code>JetspeedUser</code>s.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @return a collection of <code>JetspeedUser</code> entities.
>        * @exception UserException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getUsers()
>           throws JetspeedSecurityException
>       {
>           return null;
>       }
>       /**
>        * Retrieves a collection of <code>JetspeedUser</code>s
> filtered by a security
>        * provider-specific query string. For example SQL, OQL, JDOQL.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @return a collection of <code>JetspeedUser</code> entities.
>        * @exception UserException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public Iterator getUsers(String filter)
>           throws JetspeedSecurityException
>       {
>           return null;
>       }
>
>       /**
>        * Saves a <code>JetspeedUser</code>'s attributes into
> permanent storage.
>        * The user's account is required to exist in the storage.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception UserException when the security provider has
> a general failure retrieving users.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void saveUser(JetspeedUser user)
>           throws JetspeedSecurityException
>       {
>           if(!accountExists(user, true))
>           {
>               throw new UnknownUserException("Cannot save user '"
> + user.getUserName() +
>                                              "', User doesn't exist");
>           }
>           try
>           {
>             ((LDAPUser)user).update(false);
>           }
>           catch(Exception e)
>           {
>               throw new UserException("Failed to save user object ", e);
>           }
>
>       }
>       /**
>        * Adds a <code>JetspeedUser</code> into permanent storage.
>        * The security service can throw a
> <code>NotUniqueUserException</code> when the public
>        * credentials fail to meet the security provider-specific
> unique constraints.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @exception UserException when the security provider has
> a general failure retrieving users.
>        * @exception NotUniqueUserException when the public
> credentials fail to meet
>        *                                   the security
> provider-specific unique constraints.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void addUser(JetspeedUser user)
>           throws JetspeedSecurityException
>       {
>         ((LDAPUser)user).update(true);
>       }
>
>       /*
>        * A default PSML page is added for the user, and the
> Jetspeed default roles
>        * are assigned to the new user.
>        *
>        * @param user The new user.
>        * @throws
>        */
>       protected void addDefaultPSML(JetspeedUser user)
>           throws JetspeedSecurityException
>       {
>           for (int ix = 0; ix < roles.length; ix++)
>           {
>               try
>               {
>                   JetspeedSecurity.grantRole(user.getUserName(),
>                         JetspeedSecurity.getRole(roles[ix]).getName());
>               }
>               catch(Exception e)
>               {
>                   Log.error("Could not grant role: " + roles[ix]
> + " to user " + user.getUserName(), e);
>               }
>           }
>           try
>           {
>               JetspeedRunData rundata = getRunData();
>               if (rundata != null)
>               {
>                   Profile profile = new BaseProfile();
>                   profile.setUser(user);
>                   profile.setMediaType("html");
>                   Profiler.createProfile(getRunData(), profile);
>               }
>           }
>           catch (Exception e)
>           {
>               removeUser(new UserNamePrincipal(user.getUserName()));
>               throw new UserException("Failed to create profile
> for new user ", e);
>           }
>       }
>       /**
>        * Removes a <code>JetspeedUser</code> from the permanent store.
>        * The security service may optionally check the current
> user context
>        * to determine if the requestor has permission to perform
> this action.
>        *
>        * @param principal the principal identity to be retrieved.
>        * @exception UserException when the security provider has
> a general failure retrieving a user.
>        * @exception UnknownUserException when the security
> provider cannot match
>        *            the principal identity to a user.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void removeUser(Principal principal)
>           throws JetspeedSecurityException
>       {
>           BasicAttributes attr= new BasicAttributes();
>           Vector userurls = new Vector();
>           LDAPUser user = (LDAPUser)getUser(principal);
>           try
>           {
>               JetspeedLDAP.deleteEntry(user.getldapurl());
>               PsmlManager.removeUserDocuments(user);
>           }
>           catch(Exception e)
>           {
>               throw new UserException("Failed to remove account '" +
>                   user.getUserName() + "'", e);
>           }
>
>       }
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Credentials Management
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Allows for a user to change their own password.
>        *
>        * @param user the JetspeedUser to change password
>        * @param oldPassword the current password supplied by the user.
>        * @param newPassword the current password requested by the user.
>        * @exception UserException when the security provider has
> a general failure retrieving a user.
>        * @exception UnknownUserException when the security
> provider cannot match
>        *            the principal identity to a user.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void changePassword( JetspeedUser user,
>                                   String oldPassword,
>                                   String newPassword )
>           throws JetspeedSecurityException
>       {
>           oldPassword = JetspeedSecurity.convertPassword(oldPassword);
>           newPassword = JetspeedSecurity.convertPassword(newPassword);
>
>           if(!accountExists(user))
>           {
>               throw new UnknownUserException("The account '" +
>                   user.getUserName() + "' does not exist");
>           }
>           if(!UnixCrypt.matches(user.getPassword(),oldPassword))
>           {
>               throw new UserException(
>                  "The supplied old password for '" + user.getUserName() +
>                   "' was incorrect");
>           }
>           user.setPassword(newPassword);
>           // save the changes in the database immediately, to
> prevent the password
>           // being 'reverted' to the old value if the user data
> is lost somehow
>           // before it is saved at session's expiry.
>           saveUser(user);
>       }
>       /**
>        * Forcibly sets new password for a User.
>        *
>        * Provides an administrator the ability to change the forgotten or
>        * compromised passwords. Certain implementatations of this feature
>        * would require administrative level access to the authenticating
>        * server / program.
>        *
>        * @param user the user to change the password for.
>        * @param password the new password.
>        * @exception UserException when the security provider has
> a general failure retrieving a user.
>        * @exception UnknownUserException when the security
> provider cannot match
>        *            the principal identity to a user.
>        * @exception InsufficientPrivilegeException when the
> requestor is denied due to insufficient privilege
>        */
>       public void forcePassword( JetspeedUser user, String password )
>           throws JetspeedSecurityException
>       {
>           if(!accountExists(user))
>           {
>               throw new UnknownUserException("The account '" +
>                   user.getUserName() + "' does not exist");
>           }
>           user.setPassword(password);
>           // save the changes in the database immediately, to prevent the
>           // password being 'reverted' to the old value if the user data
>           // is lost somehow before it is saved at session's expiry.
>           saveUser(user);
>       }
>       /**
>        * This method provides client-side encryption of passwords.
>        *
>        * If <code>secure.passwords</code> are enabled in
> JetspeedSecurity properties,
>        * the password will be encrypted, if not, it will be
> returned unchanged.
>        * The <code>secure.passwords.algorithm</code> property can be used
>        * to chose which digest algorithm should be used for performing the
>        * encryption. <code>SHA</code> is used by default.
>        *
>        * @param password the password to process
>        * @return processed password
>        */
>       public String encryptPassword( String password )
>           throws JetspeedSecurityException
>       {
>           if (securePasswords == false)
>           {
>               return password;
>           }
>           if(password == null)
>           {
>               return null;
>           }
>           return "{crypt}" + UnixCrypt.crypt(password);
>       }
>
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Service Init
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>
>       /**
>        * This is the early initialization method called by the
>        * Turbine <code>Service</code> framework
>        * @param conf The <code>ServletConfig</code>
>        * @exception throws a <code>InitializationException</code>
> if the service
>        * fails to initialize
>        */
>       public synchronized void init(ServletConfig conf)
>           throws InitializationException
>       {
>           if (getInit()) return;
>
>           super.init(conf);
>
>           // get configuration parameters from Jetspeed Resources
>           ResourceService serviceConf =
> ((TurbineServices)TurbineServices.getInstance())
>
> .getResources(JetspeedSecurityService.SERVICE_NAME);
>
>           securePasswords =
> serviceConf.getBoolean(CONFIG_SECURE_PASSWORDS_KEY,
>                                                     securePasswords);
>           passwordsAlgorithm =
> serviceConf.getString(CONFIG_SECURE_PASSWORDS_ALGORITHM,
>                                                      passwordsAlgorithm);
>
>          try
>           {
>               roles = serviceConf.getStringArray(CONFIG_NEWUSER_ROLES);
>           }
>           catch (Exception e)
>           {}
>
>           if (null == roles || roles.length == 0)
>           {
>               roles = DEFAULT_CONFIG_NEWUSER_ROLES;
>           }
>
>           this.runDataService =
>              (JetspeedRunDataService)TurbineServices.getInstance()
>                  .getService(RunDataService.SERVICE_NAME);
>
>           setInit(true);
>        }
>
> //////////////////////////////////////////////////////////////////
> /////////
>       // Internal
>
> //////////////////////////////////////////////////////////////////
> /////////
>
>       /**
>        * Check whether a specified user's account exists.
>        *
>        * The login name is used for looking up the account.
>        *
>        * @param user the user to be checked.
>        * @param checkUniqueId make sure that we aren't
> overwriting another user with different id
>        * @return true if the specified account exists
>        * @throws UserException if there was a general db access error
>        *
>        */
>       protected boolean accountExists( JetspeedUser user )
>           throws UserException
>       {
>           return accountExists(user, false);
>       }
>
>       protected boolean accountExists( JetspeedUser user, boolean
> checkUniqueId )
>           throws UserException
>       {
>         UserNamePrincipal principal = new
> UserNamePrincipal(user.getUserName());
>         try{
>           getUser(principal);
>           return true;
>         }catch (Exception e){
>           return false;
>         }
>       }
>
>       protected JetspeedRunData getRunData()
>        {
>            JetspeedRunData rundata = null;
>            if (this.runDataService != null)
>            {
>                rundata = this.runDataService.getCurrentRunData();
>            }
>            return rundata;
>        }
>
>
>   }
>
>
>   1.1
> jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/ld
> ap/UnixCrypt.java
>
>   Index: UnixCrypt.java
>   ===================================================================
>   /* ====================================================================
>    * The Apache Software License, Version 1.1
>    *
>    * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
>    * reserved.
>    *
>    * Redistribution and use in source and binary forms, with or without
>    * modification, are permitted provided that the following conditions
>    * are met:
>    *
>    * 1. Redistributions of source code must retain the above copyright
>    *    notice, this list of conditions and the following disclaimer.
>    *
>    * 2. Redistributions in binary form must reproduce the above copyright
>    *    notice, this list of conditions and the following disclaimer in
>    *    the documentation and/or other materials provided with the
>    *    distribution.
>    *
>    * 3. The end-user documentation included with the redistribution,
>    *    if any, must include the following acknowledgment:
>    *       "This product includes software developed by the
>    *        Apache Software Foundation (http://www.apache.org/)."
>    *    Alternately, this acknowledgment may appear in the
> software itself,
>    *    if and wherever such third-party acknowledgments normally appear.
>    *
>    * 4. The names "Apache" and "Apache Software Foundation" and
>    *     "Apache Jetspeed" must not be used to endorse or promote products
>    *    derived from this software without prior written permission. For
>    *    written permission, please contact apache@apache.org.
>    *
>    * 5. Products derived from this software may not be called "Apache" or
>    *    "Apache Jetspeed", nor may "Apache" appear in their name, without
>    *    prior written permission of the Apache Software Foundation.
>    *
>    * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
>    * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
>    * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
>    * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
>    * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>    * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>    * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>    * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>    * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
>    * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
>    * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>    * SUCH DAMAGE.
>    * ====================================================================
>    *
>    * This software consists of voluntary contributions made by many
>    * individuals on behalf of the Apache Software Foundation.  For more
>    * information on the Apache Software Foundation, please see
>    * <http://www.apache.org/>.
>    */
>
>   package org.apache.jetspeed.services.security.ldap;
>
>   import java.util.Random;
>
>   /**
>    * Unix crypt algorithm implementation.
>    *
>    * NOTE: Ender, was there a license associated with this code ?
>    *       Since I don't see one, Im going to assume its ok to
> check this in.
>    *
>    * @author <a href="mailto:ender@kilicoglu.nom.tr">Ender KILICOGLU</a>
>    * @version $Id: UnixCrypt.java,v 1.1 2002/10/21 22:31:15 taylor Exp $
>    *
>    */
>   public class UnixCrypt
>   {
>
>       private static final char saltChars[] =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"
> .toCharArray();
>       private static final int ITERATIONS = 16;
>       private static final int con_salt[] = {
>           0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
>           0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
>           0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
>           0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
>           0, 0, 0, 0, 0, 0, 0, 1, 2, 3,
>           4, 5, 6, 7, 8, 9, 10, 11, 5, 6,
>           7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
>           17, 18, 19, 20, 21, 22, 23, 24, 25, 26,
>           27, 28, 29, 30, 31, 32, 33, 34, 35, 36,
>           37, 32, 33, 34, 35, 36, 37, 38, 39, 40,
>           41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
>           51, 52, 53, 54, 55, 56, 57, 58, 59, 60,
>           61, 62, 63, 0, 0, 0, 0, 0
>       };
>       private static final boolean shifts2[] = {
>           false, false, true, true, true, true, true, true, false, true,
>           true, true, true, true, true, false
>       };
>       private static final int skb[][] = {
>           {
>               0, 16, 0x20000000, 0x20000010, 0x10000, 0x10010,
> 0x20010000, 0x20010010, 2048, 2064,
>               0x20000800, 0x20000810, 0x10800, 0x10810,
> 0x20010800, 0x20010810, 32, 48, 0x20000020, 0x20000030,
>               0x10020, 0x10030, 0x20010020, 0x20010030, 2080,
> 2096, 0x20000820, 0x20000830, 0x10820, 0x10830,
>               0x20010820, 0x20010830, 0x80000, 0x80010,
> 0x20080000, 0x20080010, 0x90000, 0x90010, 0x20090000, 0x20090010,
>               0x80800, 0x80810, 0x20080800, 0x20080810, 0x90800,
> 0x90810, 0x20090800, 0x20090810, 0x80020, 0x80030,
>               0x20080020, 0x20080030, 0x90020, 0x90030,
> 0x20090020, 0x20090030, 0x80820, 0x80830, 0x20080820, 0x20080830,
>               0x90820, 0x90830, 0x20090820, 0x20090830
>           }, {
>               0, 0x2000000, 8192, 0x2002000, 0x200000, 0x2200000,
> 0x202000, 0x2202000, 4, 0x2000004,
>               8196, 0x2002004, 0x200004, 0x2200004, 0x202004,
> 0x2202004, 1024, 0x2000400, 9216, 0x2002400,
>               0x200400, 0x2200400, 0x202400, 0x2202400, 1028,
> 0x2000404, 9220, 0x2002404, 0x200404, 0x2200404,
>               0x202404, 0x2202404, 0x10000000, 0x12000000,
> 0x10002000, 0x12002000, 0x10200000, 0x12200000, 0x10202000, 0x12202000,
>               0x10000004, 0x12000004, 0x10002004, 0x12002004,
> 0x10200004, 0x12200004, 0x10202004, 0x12202004, 0x10000400, 0x12000400,
>               0x10002400, 0x12002400, 0x10200400, 0x12200400,
> 0x10202400, 0x12202400, 0x10000404, 0x12000404, 0x10002404, 0x12002404,
>               0x10200404, 0x12200404, 0x10202404, 0x12202404
>           }, {
>               0, 1, 0x40000, 0x40001, 0x1000000, 0x1000001,
> 0x1040000, 0x1040001, 2, 3,
>               0x40002, 0x40003, 0x1000002, 0x1000003, 0x1040002,
> 0x1040003, 512, 513, 0x40200, 0x40201,
>               0x1000200, 0x1000201, 0x1040200, 0x1040201, 514,
> 515, 0x40202, 0x40203, 0x1000202, 0x1000203,
>               0x1040202, 0x1040203, 0x8000000, 0x8000001,
> 0x8040000, 0x8040001, 0x9000000, 0x9000001, 0x9040000, 0x9040001,
>               0x8000002, 0x8000003, 0x8040002, 0x8040003,
> 0x9000002, 0x9000003, 0x9040002, 0x9040003, 0x8000200, 0x8000201,
>               0x8040200, 0x8040201, 0x9000200, 0x9000201,
> 0x9040200, 0x9040201, 0x8000202, 0x8000203, 0x8040202, 0x8040203,
>               0x9000202, 0x9000203, 0x9040202, 0x9040203
>           }, {
>               0, 0x100000, 256, 0x100100, 8, 0x100008, 264,
> 0x100108, 4096, 0x101000,
>               4352, 0x101100, 4104, 0x101008, 4360, 0x101108,
> 0x4000000, 0x4100000, 0x4000100, 0x4100100,
>               0x4000008, 0x4100008, 0x4000108, 0x4100108,
> 0x4001000, 0x4101000, 0x4001100, 0x4101100, 0x4001008, 0x4101008,
>               0x4001108, 0x4101108, 0x20000, 0x120000, 0x20100,
> 0x120100, 0x20008, 0x120008, 0x20108, 0x120108,
>               0x21000, 0x121000, 0x21100, 0x121100, 0x21008,
> 0x121008, 0x21108, 0x121108, 0x4020000, 0x4120000,
>               0x4020100, 0x4120100, 0x4020008, 0x4120008,
> 0x4020108, 0x4120108, 0x4021000, 0x4121000, 0x4021100, 0x4121100,
>               0x4021008, 0x4121008, 0x4021108, 0x4121108
>           }, {
>               0, 0x10000000, 0x10000, 0x10010000, 4, 0x10000004,
> 0x10004, 0x10010004, 0x20000000, 0x30000000,
>               0x20010000, 0x30010000, 0x20000004, 0x30000004,
> 0x20010004, 0x30010004, 0x100000, 0x10100000, 0x110000, 0x10110000,
>               0x100004, 0x10100004, 0x110004, 0x10110004,
> 0x20100000, 0x30100000, 0x20110000, 0x30110000, 0x20100004, 0x30100004,
>               0x20110004, 0x30110004, 4096, 0x10001000, 0x11000,
> 0x10011000, 4100, 0x10001004, 0x11004, 0x10011004,
>               0x20001000, 0x30001000, 0x20011000, 0x30011000,
> 0x20001004, 0x30001004, 0x20011004, 0x30011004, 0x101000, 0x10101000,
>               0x111000, 0x10111000, 0x101004, 0x10101004,
> 0x111004, 0x10111004, 0x20101000, 0x30101000, 0x20111000, 0x30111000,
>               0x20101004, 0x30101004, 0x20111004, 0x30111004
>           }, {
>               0, 0x8000000, 8, 0x8000008, 1024, 0x8000400, 1032,
> 0x8000408, 0x20000, 0x8020000,
>               0x20008, 0x8020008, 0x20400, 0x8020400, 0x20408,
> 0x8020408, 1, 0x8000001, 9, 0x8000009,
>               1025, 0x8000401, 1033, 0x8000409, 0x20001,
> 0x8020001, 0x20009, 0x8020009, 0x20401, 0x8020401,
>               0x20409, 0x8020409, 0x2000000, 0xa000000,
> 0x2000008, 0xa000008, 0x2000400, 0xa000400, 0x2000408, 0xa000408,
>               0x2020000, 0xa020000, 0x2020008, 0xa020008,
> 0x2020400, 0xa020400, 0x2020408, 0xa020408, 0x2000001, 0xa000001,
>               0x2000009, 0xa000009, 0x2000401, 0xa000401,
> 0x2000409, 0xa000409, 0x2020001, 0xa020001, 0x2020009, 0xa020009,
>               0x2020401, 0xa020401, 0x2020409, 0xa020409
>           }, {
>               0, 256, 0x80000, 0x80100, 0x1000000, 0x1000100,
> 0x1080000, 0x1080100, 16, 272,
>               0x80010, 0x80110, 0x1000010, 0x1000110, 0x1080010,
> 0x1080110, 0x200000, 0x200100, 0x280000, 0x280100,
>               0x1200000, 0x1200100, 0x1280000, 0x1280100,
> 0x200010, 0x200110, 0x280010, 0x280110, 0x1200010, 0x1200110,
>               0x1280010, 0x1280110, 512, 768, 0x80200, 0x80300,
> 0x1000200, 0x1000300, 0x1080200, 0x1080300,
>               528, 784, 0x80210, 0x80310, 0x1000210, 0x1000310,
> 0x1080210, 0x1080310, 0x200200, 0x200300,
>               0x280200, 0x280300, 0x1200200, 0x1200300,
> 0x1280200, 0x1280300, 0x200210, 0x200310, 0x280210, 0x280310,
>               0x1200210, 0x1200310, 0x1280210, 0x1280310
>           }, {
>               0, 0x4000000, 0x40000, 0x4040000, 2, 0x4000002,
> 0x40002, 0x4040002, 8192, 0x4002000,
>               0x42000, 0x4042000, 8194, 0x4002002, 0x42002,
> 0x4042002, 32, 0x4000020, 0x40020, 0x4040020,
>               34, 0x4000022, 0x40022, 0x4040022, 8224, 0x4002020,
> 0x42020, 0x4042020, 8226, 0x4002022,
>               0x42022, 0x4042022, 2048, 0x4000800, 0x40800,
> 0x4040800, 2050, 0x4000802, 0x40802, 0x4040802,
>               10240, 0x4002800, 0x42800, 0x4042800, 10242,
> 0x4002802, 0x42802, 0x4042802, 2080, 0x4000820,
>               0x40820, 0x4040820, 2082, 0x4000822, 0x40822,
> 0x4040822, 10272, 0x4002820, 0x42820, 0x4042820,
>               10274, 0x4002822, 0x42822, 0x4042822
>           }
>       };
>       private static final int SPtrans[][] = {
>           {
>               0x820200, 0x20000, 0x80800000, 0x80820200,
> 0x800000, 0x80020200, 0x80020000, 0x80800000, 0x80020200, 0x820200,
>               0x820000, 0x80000200, 0x80800200, 0x800000, 0,
> 0x80020000, 0x20000, 0x80000000, 0x800200, 0x20200,
>               0x80820200, 0x820000, 0x80000200, 0x800200,
> 0x80000000, 512, 0x20200, 0x80820000, 512, 0x80800200,
>               0x80820000, 0, 0, 0x80820200, 0x800200, 0x80020000,
> 0x820200, 0x20000, 0x80000200, 0x800200,
>               0x80820000, 512, 0x20200, 0x80800000, 0x80020200,
> 0x80000000, 0x80800000, 0x820000, 0x80820200, 0x20200,
>               0x820000, 0x80800200, 0x800000, 0x80000200,
> 0x80020000, 0, 0x20000, 0x800000, 0x80800200, 0x820200,
>               0x80000000, 0x80820000, 512, 0x80020200
>           }, {
>               0x10042004, 0, 0x42000, 0x10040000, 0x10000004,
> 8196, 0x10002000, 0x42000, 8192, 0x10040004,
>               4, 0x10002000, 0x40004, 0x10042000, 0x10040000, 4,
> 0x40000, 0x10002004, 0x10040004, 8192,
>               0x42004, 0x10000000, 0, 0x40004, 0x10002004,
> 0x42004, 0x10042000, 0x10000004, 0x10000000, 0x40000,
>               8196, 0x10042004, 0x40004, 0x10042000, 0x10002000,
> 0x42004, 0x10042004, 0x40004, 0x10000004, 0,
>               0x10000000, 8196, 0x40000, 0x10040004, 8192,
> 0x10000000, 0x42004, 0x10002004, 0x10042000, 8192,
>               0, 0x10000004, 4, 0x10042004, 0x42000, 0x10040000,
> 0x10040004, 0x40000, 8196, 0x10002000,
>               0x10002004, 4, 0x10040000, 0x42000
>           }, {
>               0x41000000, 0x1010040, 64, 0x41000040, 0x40010000,
> 0x1000000, 0x41000040, 0x10040, 0x1000040, 0x10000,
>               0x1010000, 0x40000000, 0x41010040, 0x40000040,
> 0x40000000, 0x41010000, 0, 0x40010000, 0x1010040, 64,
>               0x40000040, 0x41010040, 0x10000, 0x41000000,
> 0x41010000, 0x1000040, 0x40010040, 0x1010000, 0x10040, 0,
>               0x1000000, 0x40010040, 0x1010040, 64, 0x40000000,
> 0x10000, 0x40000040, 0x40010000, 0x1010000, 0x41000040,
>               0, 0x1010040, 0x10040, 0x41010000, 0x40010000,
> 0x1000000, 0x41010040, 0x40000000, 0x40010040, 0x41000000,
>               0x1000000, 0x41010040, 0x10000, 0x1000040,
> 0x41000040, 0x10040, 0x1000040, 0, 0x41010000, 0x40000040,
>               0x41000000, 0x40010040, 64, 0x1010000
>           }, {
>               0x100402, 0x4000400, 2, 0x4100402, 0, 0x4100000,
> 0x4000402, 0x100002, 0x4100400, 0x4000002,
>               0x4000000, 1026, 0x4000002, 0x100402, 0x100000,
> 0x4000000, 0x4100002, 0x100400, 1024, 2,
>               0x100400, 0x4000402, 0x4100000, 1024, 1026, 0,
> 0x100002, 0x4100400, 0x4000400, 0x4100002,
>               0x4100402, 0x100000, 0x4100002, 1026, 0x100000,
> 0x4000002, 0x100400, 0x4000400, 2, 0x4100000,
>               0x4000402, 0, 1024, 0x100002, 0, 0x4100002,
> 0x4100400, 1024, 0x4000000, 0x4100402,
>               0x100402, 0x100000, 0x4100402, 2, 0x4000400,
> 0x100402, 0x100002, 0x100400, 0x4100000, 0x4000402,
>               1026, 0x4000000, 0x4000002, 0x4100400
>           }, {
>               0x2000000, 16384, 256, 0x2004108, 0x2004008,
> 0x2000100, 16648, 0x2004000, 16384, 8,
>               0x2000008, 16640, 0x2000108, 0x2004008, 0x2004100,
> 0, 16640, 0x2000000, 16392, 264,
>               0x2000100, 16648, 0, 0x2000008, 8, 0x2000108,
> 0x2004108, 16392, 0x2004000, 256,
>               264, 0x2004100, 0x2004100, 0x2000108, 16392,
> 0x2004000, 16384, 8, 0x2000008, 0x2000100,
>               0x2000000, 16640, 0x2004108, 0, 16648, 0x2000000,
> 256, 16392, 0x2000108, 256,
>               0, 0x2004108, 0x2004008, 0x2004100, 264, 16384,
> 16640, 0x2004008, 0x2000100, 264,
>               8, 16648, 0x2004000, 0x2000008
>           }, {
>               0x20000010, 0x80010, 0, 0x20080800, 0x80010, 2048,
> 0x20000810, 0x80000, 2064, 0x20080810,
>               0x80800, 0x20000000, 0x20000800, 0x20000010,
> 0x20080000, 0x80810, 0x80000, 0x20000810, 0x20080010, 0,
>               2048, 16, 0x20080800, 0x20080010, 0x20080810,
> 0x20080000, 0x20000000, 2064, 16, 0x80800,
>               0x80810, 0x20000800, 2064, 0x20000000, 0x20000800,
> 0x80810, 0x20080800, 0x80010, 0, 0x20000800,
>               0x20000000, 2048, 0x20080010, 0x80000, 0x80010,
> 0x20080810, 0x80800, 16, 0x20080810, 0x80800,
>               0x80000, 0x20000810, 0x20000010, 0x20080000,
> 0x80810, 0, 2048, 0x20000010, 0x20000810, 0x20080800,
>               0x20080000, 2064, 16, 0x20080010
>           }, {
>               4096, 128, 0x400080, 0x400001, 0x401081, 4097,
> 4224, 0, 0x400000, 0x400081,
>               129, 0x401000, 1, 0x401080, 0x401000, 129,
> 0x400081, 4096, 4097, 0x401081,
>               0, 0x400080, 0x400001, 4224, 0x401001, 4225,
> 0x401080, 1, 4225, 0x401001,
>               128, 0x400000, 4225, 0x401000, 0x401001, 129, 4096,
> 128, 0x400000, 0x401001,
>               0x400081, 4225, 4224, 0, 128, 0x400001, 1,
> 0x400080, 0, 0x400081,
>               0x400080, 4224, 129, 4096, 0x401081, 0x400000,
> 0x401080, 1, 4097, 0x401081,
>               0x400001, 0x401080, 0x401000, 4097
>           }, {
>               0x8200020, 0x8208000, 32800, 0, 0x8008000,
> 0x200020, 0x8200000, 0x8208020, 32, 0x8000000,
>               0x208000, 32800, 0x208020, 0x8008020, 0x8000020,
> 0x8200000, 32768, 0x208020, 0x200020, 0x8008000,
>               0x8208020, 0x8000020, 0, 0x208000, 0x8000000,
> 0x200000, 0x8008020, 0x8200020, 0x200000, 32768,
>               0x8208000, 32, 0x200000, 32768, 0x8000020,
> 0x8208020, 32800, 0x8000000, 0, 0x208000,
>               0x8200020, 0x8008020, 0x8008000, 0x200020,
> 0x8208000, 32, 0x200020, 0x8008000, 0x8208020, 0x200000,
>               0x8200000, 0x8000020, 0x208000, 32800, 0x8008020,
> 0x8200000, 32, 0x8208000, 0x208020, 0,
>               0x8000000, 0x8200020, 32768, 0x208020
>           }
>       };
>       private static final int cov_2char[] = {
>           46, 47, 48, 49, 50, 51, 52, 53, 54, 55,
>           56, 57, 65, 66, 67, 68, 69, 70, 71, 72,
>           73, 74, 75, 76, 77, 78, 79, 80, 81, 82,
>           83, 84, 85, 86, 87, 88, 89, 90, 97, 98,
>           99, 100, 101, 102, 103, 104, 105, 106, 107, 108,
>           109, 110, 111, 112, 113, 114, 115, 116, 117, 118,
>           119, 120, 121, 122
>       };
>
>       private UnixCrypt()
>       {
>       }
>
>       private static final int D_ENCRYPT(int L, int R, int S, int
> E0, int E1, int s[])
>       {
>           int v = R ^ R >>> 16;
>           int u = v & E0;
>           v &= E1;
>           u = u ^ u << 16 ^ R ^ s[S];
>           int t = v ^ v << 16 ^ R ^ s[S + 1];
>           t = t >>> 4 | t << 28;
>           L ^= SPtrans[1][t & 0x3f] | SPtrans[3][t >>> 8 & 0x3f]
> | SPtrans[5][t >>> 16 & 0x3f] | SPtrans[7][t >>> 24 & 0x3f] |
> SPtrans[0][u & 0x3f] | SPtrans[2][u >>> 8 & 0x3f] | SPtrans[4][u
> >>> 16 & 0x3f] | SPtrans[6][u >>> 24 & 0x3f];
>           return L;
>       }
>
>       private static final int HPERM_OP(int a, int n, int m)
>       {
>           int t = (a << 16 - n ^ a) & m;
>           a = a ^ t ^ t >>> 16 - n;
>           return a;
>       }
>
>       private static final void PERM_OP(int a, int b, int n, int
> m, int results[])
>       {
>           int t = (a >>> n ^ b) & m;
>           a ^= t << n;
>           b ^= t;
>           results[0] = a;
>           results[1] = b;
>       }
>
>       private static final int[] body(int schedule[], int Eswap0,
> int Eswap1)
>       {
>           int left = 0;
>           int right = 0;
>           int t = 0;
>           for(int j = 0; j < 25; j++)
>           {
>               for(int i = 0; i < 32; i += 4)
>               {
>                   left = D_ENCRYPT(left, right, i, Eswap0,
> Eswap1, schedule);
>                   right = D_ENCRYPT(right, left, i + 2, Eswap0,
> Eswap1, schedule);
>               }
>
>               t = left;
>               left = right;
>               right = t;
>           }
>
>           t = right;
>           right = left >>> 1 | left << 31;
>           left = t >>> 1 | t << 31;
>           left &= 0xffffffff;
>           right &= 0xffffffff;
>           int results[] = new int[2];
>           PERM_OP(right, left, 1, 0x55555555, results);
>           right = results[0];
>           left = results[1];
>           PERM_OP(left, right, 8, 0xff00ff, results);
>           left = results[0];
>           right = results[1];
>           PERM_OP(right, left, 2, 0x33333333, results);
>           right = results[0];
>           left = results[1];
>           PERM_OP(left, right, 16, 65535, results);
>           left = results[0];
>           right = results[1];
>           PERM_OP(right, left, 4, 0xf0f0f0f, results);
>           right = results[0];
>           left = results[1];
>           int out[] = new int[2];
>           out[0] = left;
>           out[1] = right;
>           return out;
>       }
>
>       private static final int byteToUnsigned(byte b)
>       {
>           int value = b;
>           return value < 0 ? value + 256 : value;
>       }
>
>       public static final String crypt(String original)
>       {
>           Random randomGenerator = new Random();
>           int numSaltChars = saltChars.length;
>           String salt = "" +
> saltChars[Math.abs(randomGenerator.nextInt()) % numSaltChars] +
> saltChars[Math.abs(randomGenerator.nextInt()) % numSaltChars];
>           return crypt(salt, original);
>       }
>
>       public static final String crypt(String salt, String original)
>       {
>           for(; salt.length() < 2; salt = salt + "A");
>           StringBuffer buffer = new StringBuffer("             ");
>           char charZero = salt.charAt(0);
>           char charOne = salt.charAt(1);
>           buffer.setCharAt(0, charZero);
>           buffer.setCharAt(1, charOne);
>           int Eswap0 = con_salt[charZero];
>           int Eswap1 = con_salt[charOne] << 4;
>           byte key[] = new byte[8];
>           for(int i = 0; i < key.length; i++)
>               key[i] = 0;
>
>           for(int i = 0; i < key.length && i < original.length(); i++)
>           {
>               int iChar = original.charAt(i);
>               key[i] = (byte)(iChar << 1);
>           }
>
>           int schedule[] = des_set_key(key);
>           int out[] = body(schedule, Eswap0, Eswap1);
>           byte b[] = new byte[9];
>           intToFourBytes(out[0], b, 0);
>           intToFourBytes(out[1], b, 4);
>           b[8] = 0;
>           int i = 2;
>           int y = 0;
>           int u = 128;
>           for(; i < 13; i++)
>           {
>               int j = 0;
>               int c = 0;
>               for(; j < 6; j++)
>               {
>                   c <<= 1;
>                   if((b[y] & u) != 0)
>                       c |= 0x1;
>                   u >>>= 1;
>                   if(u == 0)
>                   {
>                       y++;
>                       u = 128;
>                   }
>                   buffer.setCharAt(i, (char)cov_2char[c]);
>               }
>
>           }
>
>           return buffer.toString();
>       }
>
>       private static int[] des_set_key(byte key[])
>       {
>           int schedule[] = new int[32];
>           int c = fourBytesToInt(key, 0);
>           int d = fourBytesToInt(key, 4);
>           int results[] = new int[2];
>           PERM_OP(d, c, 4, 0xf0f0f0f, results);
>           d = results[0];
>           c = results[1];
>           c = HPERM_OP(c, -2, 0xcccc0000);
>           d = HPERM_OP(d, -2, 0xcccc0000);
>           PERM_OP(d, c, 1, 0x55555555, results);
>           d = results[0];
>           c = results[1];
>           PERM_OP(c, d, 8, 0xff00ff, results);
>           c = results[0];
>           d = results[1];
>           PERM_OP(d, c, 1, 0x55555555, results);
>           d = results[0];
>           c = results[1];
>           d = (d & 0xff) << 16 | d & 0xff00 | (d & 0xff0000) >>>
> 16 | (c & 0xf0000000) >>> 4;
>           c &= 0xfffffff;
>           int j = 0;
>           for(int i = 0; i < 16; i++)
>           {
>               if(shifts2[i])
>               {
>                   c = c >>> 2 | c << 26;
>                   d = d >>> 2 | d << 26;
>               } else
>               {
>                   c = c >>> 1 | c << 27;
>                   d = d >>> 1 | d << 27;
>               }
>               c &= 0xfffffff;
>               d &= 0xfffffff;
>               int s = skb[0][c & 0x3f] | skb[1][c >>> 6 & 0x3 | c
> >>> 7 & 0x3c] | skb[2][c >>> 13 & 0xf | c >>> 14 & 0x30] |
> skb[3][c >>> 20 & 0x1 | c >>> 21 & 0x6 | c >>> 22 & 0x38];
>               int t = skb[4][d & 0x3f] | skb[5][d >>> 7 & 0x3 | d
> >>> 8 & 0x3c] | skb[6][d >>> 15 & 0x3f] | skb[7][d >>> 21 & 0xf |
> d >>> 22 & 0x30];
>               schedule[j++] = (t << 16 | s & 0xffff) & 0xffffffff;
>               s = s >>> 16 | t & 0xffff0000;
>               s = s << 4 | s >>> 28;
>               schedule[j++] = s & 0xffffffff;
>           }
>
>           return schedule;
>       }
>
>       private static int fourBytesToInt(byte b[], int offset)
>       {
>           int value = byteToUnsigned(b[offset++]);
>           value |= byteToUnsigned(b[offset++]) << 8;
>           value |= byteToUnsigned(b[offset++]) << 16;
>           value |= byteToUnsigned(b[offset++]) << 24;
>           return value;
>       }
>
>       private static final void intToFourBytes(int iValue, byte
> b[], int offset)
>       {
>           b[offset++] = (byte)(iValue & 0xff);
>           b[offset++] = (byte)(iValue >>> 8 & 0xff);
>           b[offset++] = (byte)(iValue >>> 16 & 0xff);
>           b[offset++] = (byte)(iValue >>> 24 & 0xff);
>       }
>
>       public static final boolean matches(String
> encryptedPassword, String enteredPassword)
>       {
>           String salt = encryptedPassword.substring(0, 3);
>           String newCrypt = crypt(salt, enteredPassword);
>           return newCrypt.equals(encryptedPassword);
>       }
>
>   }
>
>
>
>   1.10      +2 -2
> jakarta-jetspeed/src/java/org/apache/jetspeed/util/MetaData.java
>
>   Index: MetaData.java
>   ===================================================================
>   RCS file:
> /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/util/MetaD
> ata.java,v
>   retrieving revision 1.9
>   retrieving revision 1.10
>   diff -u -r1.9 -r1.10
>   --- MetaData.java	26 Sep 2002 17:35:59 -0000	1.9
>   +++ MetaData.java	21 Oct 2002 22:31:15 -0000	1.10
>   @@ -297,7 +297,7 @@
>        public void merge(MetaData meta)
>        {
>            Map map = meta.getProperties();
>   -        Hashtable params = (Hashtable)map;
>   +        Hashtable params = (Hashtable) map;
>            Enumeration en = params.keys();
>
>            while (en.hasMoreElements())
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:jetspeed-dev-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message