portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r450369 [2/3] - in /portals/jetspeed-2/trunk: components/security-schema/src/main/schema/ components/security/etc/ components/security/src/java/org/apache/jetspeed/security/spi/impl/ components/security/src/java/org/apache/jetspeed/security...
Date Wed, 27 Sep 2006 07:49:19 GMT
Modified: portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java?view=diff&rev=450369&r1=450368&r2=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java (original)
+++ portals/jetspeed-2/trunk/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java Wed Sep 27 00:49:17 2006
@@ -15,14 +15,12 @@
  */
 package org.apache.jetspeed.security.spi.impl.ldap;
 
-import java.util.List;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.List;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
@@ -30,12 +28,9 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.security.GroupPrincipal;
 import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
 /**
@@ -47,11 +42,7 @@
     /** The logger. */
     private static final Log logger = LogFactory.getLog(LdapUserPrincipalDaoImpl.class);
 
-    /** The group attribute name. */
-    private static final String GROUP_ATTR_NAME = "j2-group";
-
-    /** The role attribute name. */    
-    private static final String ROLE_ATTR_NAME = "j2-role";
+    private LdapMembershipDao membership;
 
     /**
      * <p>
@@ -62,7 +53,8 @@
      */
     public LdapUserPrincipalDaoImpl() throws SecurityException
     {
-        super();
+    	super();
+    	membership=new LdapMemberShipDaoImpl();
     }
 
     /**
@@ -75,7 +67,8 @@
      */
     public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
     {
-        super(ldapConfig);
+    	super(ldapConfig);
+    	membership=new LdapMemberShipDaoImpl(ldapConfig);
     }
 
     /**
@@ -84,7 +77,11 @@
      */
     public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-        modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))	
+    		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	
     }
 
     /**
@@ -97,25 +94,70 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyUserGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
+    private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        String userDn = lookupByUid(userPrincipalUid);
+        
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
+        userDn+="," + getRootContext();
+        try
+        {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
+        		groupPrincipalUid+="," + getGroupFilterBase();
+        	groupPrincipalUid+="," + getRootContext();
+        	
+            String rdn = getSubcontextName(groupPrincipalUid);
+            Attributes attrs = new BasicAttributes(false);
+            attrs.put(getGroupMembershipAttribute(), userDn);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+    
+    /**
+     * <p>
+     * Replace or delete the user group attribute.
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param groupPrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        validateUid(groupPrincipalUid);
+        
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
         try
         {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
+        		groupPrincipalUid+="," + getGroupFilterBase();
+        	groupPrincipalUid+="," + getRootContext();
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-group", groupPrincipalUid);
+            attrs.put(getUserGroupMembershipAttribute(), groupPrincipalUid);
+            logger.debug("modifying attrs on " + rdn + " with : " + attrs);
             ctx.modifyAttributes(rdn, operationType, attrs);
+            
         }
         catch (NamingException e)
         {
             throw new SecurityException(e);
         }
-    }
+    }    
 
     /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
@@ -123,7 +165,11 @@
      */
     public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-        modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))
+    		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	
     }
     
     /**
@@ -132,12 +178,16 @@
      */
     public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     }
 
     /**
      * <p>
      * Replace or delete the role attribute.
+     * 
      * </p>
      * 
      * @param userPrincipalUid
@@ -145,7 +195,7 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyUserRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+    private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(userPrincipalUid);
@@ -154,10 +204,15 @@
         
         try
         {
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	rolePrincipalUid+="," + getRootContext();
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-role", rolePrincipalUid);
+            attrs.put(getUserRoleMembershipAttribute(), rolePrincipalUid);
             ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
@@ -167,12 +222,51 @@
     }
 
     /**
+     * <p>
+     * Replace or delete the role attribute.
+     * 
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param rolePrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        validateUid(rolePrincipalUid);
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext();
+        
+        try
+        {
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
+            String rdn = getSubcontextName(rolePrincipalUid);
+            Attributes attrs = new BasicAttributes(false);
+
+            attrs.put(getRoleMembershipAttribute(), userDn);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }    
+    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
      *      java.lang.String)
      */
     public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     }    
 
     /**
@@ -188,18 +282,12 @@
         Attributes attrs = new BasicAttributes(true);
         BasicAttribute classes = new BasicAttribute("objectclass");
 
-        classes.add("top");
-        classes.add("person");
-        classes.add("uidObject");
-        classes.add("organizationalPerson");
-        classes.add("inetorgperson");
-        classes.add("jetspeed-2-user");
+        for (int i=0;i<getObjectClasses().length;i++)
+        	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
         attrs.put("cn", principalUid);
-        attrs.put("uid", principalUid);
         attrs.put("sn", principalUid);
-        attrs.put("ou", getUsersOu());
-
+        attrs.put(getEntryPrefix(), principalUid);
         return attrs;
     }
 
@@ -208,16 +296,8 @@
      */
     protected String getDnSuffix()
     {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getUsersOu()))
-        {
-            suffix += ",ou=" + getUsersOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
+
+        return this.getUserFilterBase();
     }
 
     /**
@@ -234,90 +314,16 @@
     }
 
     /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return a String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-user";
-    }
-
-    /**
-     * <p>
-     * Return an array of the user principal UIDS that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
-    {
-        validateUid(groupPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            List userPrincipalUids = new ArrayList();
-            results = searchUserByGroup(groupPrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
-
-                userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
-    
-    /**
-     * <p>
-     * Return an array of the roles that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
-    {
-        validateUid(groupPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            List userPrincipalUids = new ArrayList();
-            results = searchRolesByGroup(groupPrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
-
-                userPrincipalUids.addAll(getAttributes(getAttribute(ROLE_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
-    
-    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
      *      java.lang.String)
      */
     public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+        
     }
 
     /**
@@ -330,7 +336,7 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyGroupRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+    private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(groupPrincipalUid);
@@ -338,10 +344,15 @@
         String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-role", rolePrincipalUid);
+            attrs.put(getRoleGroupMembershipForRoleAttribute(), rolePrincipalUid);
             ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
@@ -349,247 +360,202 @@
             throw new SecurityException(e);
         }
     }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
-     *      java.lang.String)
-     */
-    public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
-    {
-        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
-    }        
     
-
     /**
      * <p>
-     * Search user by group.
-     * </p>
-     * 
-     * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
-     */
-    private NamingEnumeration searchUserByGroup(final String groupPrincipalUid, SearchControls cons)
-            throws NamingException
-    {
-        String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-
-        return searchResults;
-    }
-
-    /**
-     * <p>
-     * Search user by group.
+     * Replace or delete the user group attribute.
      * </p>
      * 
+     * @param userPrincipalUid
      * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
-     */
-    private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
-            throws NamingException
-    {
-        String query = "(&(" + UID_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + "jetspeed-2-group" + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-
-        return searchResults;
-    }
-    
-
-    
-    
-    /**
-     * <p>
-     * Return an array of the user principal UIDS that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
+     * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+    private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
     {
+        validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
+        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-            List userPrincipalUids = new ArrayList();
-            results = searchUserByRole(rolePrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
-
-                userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
-
-    /**
-     * <p>
-     * Search user by group.
-     * </p>
-     * 
-     * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
-     */
-    private NamingEnumeration searchUserByRole(final String rolePrincipalUid, SearchControls cons)
-            throws NamingException
-    {
-
-        String query = "(&(" + ROLE_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + getObjectClass()
-                + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", query, cons);
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
+            String rdn = getSubcontextName(userDn);
+            Attributes attrs = new BasicAttributes(false);
 
-        return searchResults;
-    }
-    
-    
-    /**
-     * @param userPrincipalUid
-     * @return the array of group uids asociated with this user
-     * @throws SecurityException
-     */
-    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
-    {
-        validateUid(userPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            results = searchByWildcardedUid(userPrincipalUid, cons);
-            return getGroups(results, userPrincipalUid);
+            attrs.put(getGroupMembershipForRoleAttribute(), rolePrincipalUid);
+            ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
         {
             throw new SecurityException(e);
         }
-    }
+    }    
 
     /**
-     * <p>
-     * Get the groups.
-     * </p>
-     * 
-     * @param results
-     * @param uid
-     * @return
-     * @throws NamingException
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+     *      java.lang.String)
      */
-    private String[] getGroups(final NamingEnumeration results, final String uid) throws NamingException
+    public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        if (!results.hasMore())
-        {
-            throw new NamingException("Could not find any user with uid[" + uid + "]");
-        }
-
-        Attributes userAttributes = getFirstUser(results);
-
-        List uids = getAttributes(getAttribute(GROUP_ATTR_NAME, userAttributes));
-        return (String[]) uids.toArray(new String[uids.size()]);
-    }
-
+        
+    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+        
+    }        
     
-    /**
-     * @param userPrincipalUid
-     * @return the array of group uids asociated with this user
-     * @throws SecurityException
-     */
-    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
-    {
-        validateUid(userPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            results = searchByWildcardedUid(userPrincipalUid, cons);
-            return getRoles(results, userPrincipalUid);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
 
-    /**
-     * <p>
-     * Get the groups.
-     * </p>
-     * 
-     * @param results
-     * @param uid
-     * @return
-     * @throws NamingException
-     */
-    private String[] getRoles(final NamingEnumeration results, final String uid) throws NamingException
-    {
-        if (!results.hasMore())
-        {
-            throw new NamingException("Could not find any user with uid[" + uid + "]");
-        }
+	protected String getEntryPrefix() {
+		return this.getUserIdAttribute();
+	}
 
-        Attributes userAttributes = getFirstUser(results);
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
 
-        List uids = getAttributes(getAttribute(ROLE_ATTR_NAME, userAttributes));
-        return (String[]) uids.toArray(new String[uids.size()]);
-    }    
-    
-    /**
-     * @param results
-     * @return
-     * @throws NamingException
-     */
-    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
-    {
-        SearchResult result = (SearchResult) results.next();
-        Attributes answer = result.getAttributes();
+	    /**
+	     * 
+	     * Return the list of group IDs for a particular user
+	     * 
+	     * @param userPrincipalUid
+	     * @return the array of group uids asociated with this user
+	     * @throws SecurityException
+	     */
+	    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
+	    {
+	        validateUid(userPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
+	        	}
+	        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
+	        	
+	        	
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }
+
+	/**
+	 * <p>
+	 * Return an array of the roles that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
+	{
+	    {
+	        validateUid(groupPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals("")) { 
+	            	return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
+	        	}
+	        	return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }	    
+	}
 
-        return answer;
-    }
+	    
+	    /**
+	     * 
+	     * Returns the role IDs for a particular user
+	     * 
+	     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
+	     * 
+	     * @param userPrincipalUid
+	     * @return the array of group uids asociated with this user
+	     * @throws SecurityException
+	     */
+	    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+	    {
+	        validateUid(userPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
+	        	}
+	        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }
+
+	/**
+	 * <p>
+	 * Return an array of the user principal UIDS that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
+	{
+		
+	    validateUid(groupPrincipalUid);
+	    SearchControls cons = setSearchControls();
+	    try
+	    {
+	    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	        	return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
+	    	}
+	    	return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
+	    }
+	    catch (NamingException e)
+	    {
+	        throw new SecurityException(e);
+	    }
+	}
 
-    /**
-     * @param attr
-     * @return
-     * @throws NamingException
-     */
-    private List getAttributes(Attribute attr) throws NamingException
-    {
-        List uids = new ArrayList();
-        if (attr != null)
-        {
-            Enumeration groupUidEnum = attr.getAll();
-            while (groupUidEnum.hasMoreElements())
-            {
-                uids.add(groupUidEnum.nextElement());
-            }
-        }
-        return uids;
-    }
-    
-	protected String getEntryPrefix() {
-		return "uid";
+	/**
+	 * <p>
+	 * Return an array of the user principal UIDS that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+	{
+	    validateUid(rolePrincipalUid);
+	    SearchControls cons = setSearchControls();
+	    try
+	    {
+	    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	            return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
+	    	}
+	    	return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
+	    }
+	    catch (NamingException e)
+	    {
+	        throw new SecurityException(e);
+	    }
 	}
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}	
 }

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif Wed Sep 27 00:49:17 2006
@@ -0,0 +1,231 @@
+#
+# filters
+#   USER FILTER
+#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
+#
+#   GROUP FILTER
+#   (objectclass=groupofuniquenames)
+#
+#   ROLE FILTER
+#
+#   (objectclass=nsroledefinition)
+#
+#
+#
+#
+
+
+dn: o=sevenSeas
+aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
+aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
+  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
+aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
+o: Company2
+objectClass: top
+objectClass: organization
+creatorsname: cn=directory manager
+
+
+dn: ou=OrgUnit1,o=sevenSeas
+ou: OrgUnit1
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group2
+
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+uniqueMember: cn=Role3,ou=Roles,ou=OrgUnit1
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=admin,ou=Roles,ou=OrgUnit1
+userPassword: admin
+sn: admin
+cn: admin admin

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties Wed Sep 27 00:49:17 2006
@@ -0,0 +1,59 @@
+# Ldap Configuration.
+
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=10389
+org.apache.jetspeed.ldap.rootDn=uid\=admin\,ou\=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+#org.apache.jetspeed.ldap.defaultDnSuffix=
+#org.apache.jetspeed.ldap.ou.users=people
+#org.apache.jetspeed.ldap.ou.groups=groups
+#org.apache.jetspeed.ldap.ou.roles=roles
+
+# define the filters needed to search for roles/groups/users
+#org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
+org.apache.jetspeed.ldap.RoleFilter=(objectClass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=organization)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)
+
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=uniqueMember
+
+# define the way group membership occurs 
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,organization
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->  
+  <!-- Security SPI: RoleSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
+    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+  </bean>
+  
+  <!-- Security SPI: GroupSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+
+  
+  <!-- Security SPI: SecurityMappingHandler -->
+  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
+  >	
+  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
+  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
+  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+
+  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  </bean>
+  
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: LdapUserCredentialDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: LdapPrincipalDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: CredentialHandler -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
+  >       
+       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
+  </bean>
+  
+  <!-- Security SPI: UserSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
+  </bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>10389</value></constructor-arg>
+      <!-- The LDAP server default dn suffix. -->
+      <constructor-arg index="3"><value></value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="5"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="6"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+		<!-- 
+      <constructor-arg index="7"><value>(&amp;(objectclass=ldapsubentry) (objectclass=nsroledefinition))</value></constructor-arg>
+       -->
+       <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectClass=organization)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value>uniqueMember</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,organization</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
+</bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+  	   init-method="init"
+  >  	   
+  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
+		name="SecurityCommonQueries" >
+		<property name="proxyInterfaces">
+			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+		</property>
+		<property name="target">
+			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+		</property>
+		<property name="transactionAttributes">
+			<props>				
+				<prop key="remove*">PROPAGATION_REQUIRED</prop>
+				<prop key="set*">PROPAGATION_REQUIRED</prop>
+				<prop key="*">PROPAGATION_SUPPORTS</prop>
+			</props>
+		</property>
+   </bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif Wed Sep 27 00:49:17 2006
@@ -0,0 +1,197 @@
+# Sample LDIF file for populating an OpenLDAP
+
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin admin
+

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties Wed Sep 27 00:49:17 2006
@@ -0,0 +1,59 @@
+# Ldap Configuration.
+
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn\=Manager\,o\=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+#org.apache.jetspeed.ldap.defaultDnSuffix=
+#org.apache.jetspeed.ldap.ou.users=people
+#org.apache.jetspeed.ldap.ou.groups=groups
+#org.apache.jetspeed.ldap.ou.roles=roles
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->  
+  <!-- Security SPI: RoleSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
+    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+  </bean>
+  
+  <!-- Security SPI: GroupSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+
+  
+  <!-- Security SPI: SecurityMappingHandler -->
+  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
+  >	
+  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
+  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
+  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+
+  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  </bean>
+  
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: LdapUserCredentialDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: LdapPrincipalDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: CredentialHandler -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
+  >       
+       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
+  </bean>
+  
+  <!-- Security SPI: UserSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
+  </bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server default dn suffix. -->
+      <constructor-arg index="3"><value></value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="5"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="6"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(&amp;(objectclass=inetorgperson)(objectclass=organizationalPerson))</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
+  </bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml Wed Sep 27 00:49:17 2006
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+  	   init-method="init"
+  >  	   
+  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
+		name="SecurityCommonQueries" >
+		<property name="proxyInterfaces">
+			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+		</property>
+		<property name="target">
+			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+		</property>
+		<property name="transactionAttributes">
+			<props>				
+				<prop key="remove*">PROPAGATION_REQUIRED</prop>
+				<prop key="set*">PROPAGATION_REQUIRED</prop>
+				<prop key="*">PROPAGATION_SUPPORTS</prop>
+			</props>
+		</property>
+   </bean>
+
+</beans>

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif Wed Sep 27 00:49:17 2006
@@ -0,0 +1,199 @@
+#
+# filters
+#   USER FILTER
+#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
+#
+#   GROUP FILTER
+#   (objectclass=groupofuniquenames)
+#
+#   ROLE FILTER
+#
+#   (objectclass=nsroledefinition)
+#
+#
+#
+#
+
+
+dn: o=sevenSeas
+aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
+aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
+  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
+aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
+o: sevenSeas
+objectClass: top
+objectClass: organization
+creatorsname: cn=directory manager
+
+
+dn: cn=Group1,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group1
+
+
+dn: cn=Group2,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+cn: Group2
+
+
+dn: cn=Group3,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group3
+
+
+dn: ou=OrgUnit1,o=sevenSeas
+ou: OrgUnit1
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: admin
+
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+nsroledn: cn=Role1,o=sevenSeas
+nsrole: cn=role1,o=sevenSeas
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+nsroledn: cn=admin,o=sevenSeas
+nsrole: cn=admin,o=sevenSeas
+sn: admin
+cn: admin admin
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2s

Added: portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties?view=auto&rev=450369
==============================================================================
--- portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties (added)
+++ portals/jetspeed-2/trunk/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties Wed Sep 27 00:49:17 2006
@@ -0,0 +1,48 @@
+# Ldap Configuration.
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Directory Manager
+org.apache.jetspeed.ldap.rootPassword=adminmanager
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
+
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs for users
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=nsroledn
+
+# define the way group membership occurs for users
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs for roles 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,ldapsubentry\,nsroledefinition\,nssimpleroledefinition\,nsmanagedroledefinition
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupofuniquenames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message