/hudson-core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java
Java | 157 lines | 64 code | 22 blank | 71 comment | 2 complexity | 66f1e9da1d4441d0df823ee0874b9f08 MD5 | raw file
1/* 2 * The MIT License 3 * 4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24/** 25 * 26 */ 27package hudson.security; 28 29import org.acegisecurity.GrantedAuthority; 30import org.acegisecurity.ldap.InitialDirContextFactory; 31import org.acegisecurity.ldap.LdapDataAccessException; 32import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator; 33import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator; 34import org.acegisecurity.userdetails.ldap.LdapUserDetails; 35import hudson.security.SecurityRealm.SecurityComponents; 36 37/** 38 * Implementation of {@link LdapAuthoritiesPopulator} that defers creation of a 39 * {@link DefaultLdapAuthoritiesPopulator} until one is needed. This is done to 40 * ensure that the groupSearchBase property can be set. 41 * 42 * @author justinedelson 43 * @deprecated as of 1.280 44 * {@link SecurityComponents} are now created after {@link SecurityRealm} is created, so 45 * the initialization order issue that this code was trying to address no longer exists. 46 */ 47public class DeferredCreationLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator { 48 49 /** 50 * A default role which will be assigned to all authenticated users if set. 51 */ 52 private String defaultRole = null; 53 54 /** 55 * An initial context factory is only required if searching for groups is 56 * required. 57 */ 58 private InitialDirContextFactory initialDirContextFactory = null; 59 60 /** 61 * Controls used to determine whether group searches should be performed 62 * over the full sub-tree from the base DN. 63 */ 64 private boolean searchSubtree = false; 65 66 /** 67 * The ID of the attribute which contains the role name for a group 68 */ 69 private String groupRoleAttribute = "cn"; 70 71 /** 72 * The base DN from which the search for group membership should be 73 * performed 74 */ 75 private String groupSearchBase = null; 76 77 /** 78 * The pattern to be used for the user search. {0} is the user's DN 79 */ 80 private String groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={0}))"; 81 82 private String rolePrefix = "ROLE_"; 83 84 private boolean convertToUpperCase = true; 85 86 /** 87 * Constructor. 88 * 89 * @param initialDirContextFactory 90 * supplies the contexts used to search for user roles. 91 * @param groupSearchBase 92 * if this is an empty string the search will be performed from 93 * the root DN of the context factory. 94 */ 95 public DeferredCreationLdapAuthoritiesPopulator( 96 InitialDirContextFactory initialDirContextFactory, String groupSearchBase) { 97 this.setInitialDirContextFactory(initialDirContextFactory); 98 this.setGroupSearchBase(groupSearchBase); 99 } 100 101 public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails) 102 throws LdapDataAccessException { 103 return create().getGrantedAuthorities(userDetails); 104 } 105 106 public void setConvertToUpperCase(boolean convertToUpperCase) { 107 this.convertToUpperCase = convertToUpperCase; 108 } 109 110 public void setDefaultRole(String defaultRole) { 111 this.defaultRole = defaultRole; 112 } 113 114 public void setGroupRoleAttribute(String groupRoleAttribute) { 115 this.groupRoleAttribute = groupRoleAttribute; 116 } 117 118 public void setGroupSearchBase(String groupSearchBase) { 119 this.groupSearchBase = groupSearchBase; 120 } 121 122 public void setGroupSearchFilter(String groupSearchFilter) { 123 this.groupSearchFilter = groupSearchFilter; 124 } 125 126 public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) { 127 this.initialDirContextFactory = initialDirContextFactory; 128 } 129 130 public void setRolePrefix(String rolePrefix) { 131 this.rolePrefix = rolePrefix; 132 } 133 134 public void setSearchSubtree(boolean searchSubtree) { 135 this.searchSubtree = searchSubtree; 136 } 137 138 /** 139 * Create a new DefaultLdapAuthoritiesPopulator object. 140 * 141 * @return a DefaultLdapAuthoritiesPopulator. 142 */ 143 private DefaultLdapAuthoritiesPopulator create() { 144 DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator( 145 initialDirContextFactory, groupSearchBase); 146 populator.setConvertToUpperCase(convertToUpperCase); 147 if (defaultRole != null) { 148 populator.setDefaultRole(defaultRole); 149 } 150 populator.setGroupRoleAttribute(groupRoleAttribute); 151 populator.setGroupSearchFilter(groupSearchFilter); 152 populator.setRolePrefix(rolePrefix); 153 populator.setSearchSubtree(searchSubtree); 154 return populator; 155 } 156 157}