PageRenderTime 27ms CodeModel.GetById 18ms app.highlight 7ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java

http://github.com/hudson/hudson
Java | 157 lines | 64 code | 22 blank | 71 comment | 2 complexity | 66f1e9da1d4441d0df823ee0874b9f08 MD5 | raw file
  1/*
  2 * The MIT License
  3 * 
  4 * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
  5 * 
  6 * Permission is hereby granted, free of charge, to any person obtaining a copy
  7 * of this software and associated documentation files (the "Software"), to deal
  8 * in the Software without restriction, including without limitation the rights
  9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 10 * copies of the Software, and to permit persons to whom the Software is
 11 * furnished to do so, subject to the following conditions:
 12 * 
 13 * The above copyright notice and this permission notice shall be included in
 14 * all copies or substantial portions of the Software.
 15 * 
 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 22 * THE SOFTWARE.
 23 */
 24/**
 25 * 
 26 */
 27package hudson.security;
 28
 29import org.acegisecurity.GrantedAuthority;
 30import org.acegisecurity.ldap.InitialDirContextFactory;
 31import org.acegisecurity.ldap.LdapDataAccessException;
 32import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
 33import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
 34import org.acegisecurity.userdetails.ldap.LdapUserDetails;
 35import hudson.security.SecurityRealm.SecurityComponents;
 36
 37/**
 38 * Implementation of {@link LdapAuthoritiesPopulator} that defers creation of a
 39 * {@link DefaultLdapAuthoritiesPopulator} until one is needed. This is done to
 40 * ensure that the groupSearchBase property can be set.
 41 * 
 42 * @author justinedelson
 43 * @deprecated as of 1.280
 44 *      {@link SecurityComponents} are now created after {@link SecurityRealm} is created, so
 45 *      the initialization order issue that this code was trying to address no longer exists.
 46 */
 47public class DeferredCreationLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 48
 49    /**
 50     * A default role which will be assigned to all authenticated users if set.
 51     */
 52    private String defaultRole = null;
 53
 54    /**
 55     * An initial context factory is only required if searching for groups is
 56     * required.
 57     */
 58    private InitialDirContextFactory initialDirContextFactory = null;
 59
 60    /**
 61     * Controls used to determine whether group searches should be performed
 62     * over the full sub-tree from the base DN.
 63     */
 64    private boolean searchSubtree = false;
 65
 66    /**
 67     * The ID of the attribute which contains the role name for a group
 68     */
 69    private String groupRoleAttribute = "cn";
 70
 71    /**
 72     * The base DN from which the search for group membership should be
 73     * performed
 74     */
 75    private String groupSearchBase = null;
 76
 77    /**
 78     * The pattern to be used for the user search. {0} is the user's DN
 79     */
 80    private String groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={0}))";
 81
 82    private String rolePrefix = "ROLE_";
 83
 84    private boolean convertToUpperCase = true;
 85
 86    /**
 87     * Constructor.
 88     * 
 89     * @param initialDirContextFactory
 90     *            supplies the contexts used to search for user roles.
 91     * @param groupSearchBase
 92     *            if this is an empty string the search will be performed from
 93     *            the root DN of the context factory.
 94     */
 95    public DeferredCreationLdapAuthoritiesPopulator(
 96            InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
 97        this.setInitialDirContextFactory(initialDirContextFactory);
 98        this.setGroupSearchBase(groupSearchBase);
 99    }
100
101    public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails)
102            throws LdapDataAccessException {
103        return create().getGrantedAuthorities(userDetails);
104    }
105
106    public void setConvertToUpperCase(boolean convertToUpperCase) {
107        this.convertToUpperCase = convertToUpperCase;
108    }
109
110    public void setDefaultRole(String defaultRole) {
111        this.defaultRole = defaultRole;
112    }
113
114    public void setGroupRoleAttribute(String groupRoleAttribute) {
115        this.groupRoleAttribute = groupRoleAttribute;
116    }
117
118    public void setGroupSearchBase(String groupSearchBase) {
119        this.groupSearchBase = groupSearchBase;
120    }
121
122    public void setGroupSearchFilter(String groupSearchFilter) {
123        this.groupSearchFilter = groupSearchFilter;
124    }
125
126    public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
127        this.initialDirContextFactory = initialDirContextFactory;
128    }
129
130    public void setRolePrefix(String rolePrefix) {
131        this.rolePrefix = rolePrefix;
132    }
133
134    public void setSearchSubtree(boolean searchSubtree) {
135        this.searchSubtree = searchSubtree;
136    }
137
138    /**
139     * Create a new DefaultLdapAuthoritiesPopulator object.
140     * 
141     * @return a DefaultLdapAuthoritiesPopulator.
142     */
143    private DefaultLdapAuthoritiesPopulator create() {
144        DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
145                initialDirContextFactory, groupSearchBase);
146        populator.setConvertToUpperCase(convertToUpperCase);
147        if (defaultRole != null) {
148            populator.setDefaultRole(defaultRole);
149        }
150        populator.setGroupRoleAttribute(groupRoleAttribute);
151        populator.setGroupSearchFilter(groupSearchFilter);
152        populator.setRolePrefix(rolePrefix);
153        populator.setSearchSubtree(searchSubtree);
154        return populator;
155    }
156
157}