/hudson-core/src/main/java/hudson/security/DeferredCreationLdapAuthoritiesPopulator.java

http://github.com/hudson/hudson · Java · 157 lines · 64 code · 22 blank · 71 comment · 2 complexity · 66f1e9da1d4441d0df823ee0874b9f08 MD5 · raw file

  1. /*
  2. * The MIT License
  3. *
  4. * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi
  5. *
  6. * Permission is hereby granted, free of charge, to any person obtaining a copy
  7. * of this software and associated documentation files (the "Software"), to deal
  8. * in the Software without restriction, including without limitation the rights
  9. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  10. * copies of the Software, and to permit persons to whom the Software is
  11. * furnished to do so, subject to the following conditions:
  12. *
  13. * The above copyright notice and this permission notice shall be included in
  14. * all copies or substantial portions of the Software.
  15. *
  16. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  17. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  18. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  19. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  20. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  21. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  22. * THE SOFTWARE.
  23. */
  24. /**
  25. *
  26. */
  27. package hudson.security;
  28. import org.acegisecurity.GrantedAuthority;
  29. import org.acegisecurity.ldap.InitialDirContextFactory;
  30. import org.acegisecurity.ldap.LdapDataAccessException;
  31. import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
  32. import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
  33. import org.acegisecurity.userdetails.ldap.LdapUserDetails;
  34. import hudson.security.SecurityRealm.SecurityComponents;
  35. /**
  36. * Implementation of {@link LdapAuthoritiesPopulator} that defers creation of a
  37. * {@link DefaultLdapAuthoritiesPopulator} until one is needed. This is done to
  38. * ensure that the groupSearchBase property can be set.
  39. *
  40. * @author justinedelson
  41. * @deprecated as of 1.280
  42. * {@link SecurityComponents} are now created after {@link SecurityRealm} is created, so
  43. * the initialization order issue that this code was trying to address no longer exists.
  44. */
  45. public class DeferredCreationLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
  46. /**
  47. * A default role which will be assigned to all authenticated users if set.
  48. */
  49. private String defaultRole = null;
  50. /**
  51. * An initial context factory is only required if searching for groups is
  52. * required.
  53. */
  54. private InitialDirContextFactory initialDirContextFactory = null;
  55. /**
  56. * Controls used to determine whether group searches should be performed
  57. * over the full sub-tree from the base DN.
  58. */
  59. private boolean searchSubtree = false;
  60. /**
  61. * The ID of the attribute which contains the role name for a group
  62. */
  63. private String groupRoleAttribute = "cn";
  64. /**
  65. * The base DN from which the search for group membership should be
  66. * performed
  67. */
  68. private String groupSearchBase = null;
  69. /**
  70. * The pattern to be used for the user search. {0} is the user's DN
  71. */
  72. private String groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={0}))";
  73. private String rolePrefix = "ROLE_";
  74. private boolean convertToUpperCase = true;
  75. /**
  76. * Constructor.
  77. *
  78. * @param initialDirContextFactory
  79. * supplies the contexts used to search for user roles.
  80. * @param groupSearchBase
  81. * if this is an empty string the search will be performed from
  82. * the root DN of the context factory.
  83. */
  84. public DeferredCreationLdapAuthoritiesPopulator(
  85. InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
  86. this.setInitialDirContextFactory(initialDirContextFactory);
  87. this.setGroupSearchBase(groupSearchBase);
  88. }
  89. public GrantedAuthority[] getGrantedAuthorities(LdapUserDetails userDetails)
  90. throws LdapDataAccessException {
  91. return create().getGrantedAuthorities(userDetails);
  92. }
  93. public void setConvertToUpperCase(boolean convertToUpperCase) {
  94. this.convertToUpperCase = convertToUpperCase;
  95. }
  96. public void setDefaultRole(String defaultRole) {
  97. this.defaultRole = defaultRole;
  98. }
  99. public void setGroupRoleAttribute(String groupRoleAttribute) {
  100. this.groupRoleAttribute = groupRoleAttribute;
  101. }
  102. public void setGroupSearchBase(String groupSearchBase) {
  103. this.groupSearchBase = groupSearchBase;
  104. }
  105. public void setGroupSearchFilter(String groupSearchFilter) {
  106. this.groupSearchFilter = groupSearchFilter;
  107. }
  108. public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
  109. this.initialDirContextFactory = initialDirContextFactory;
  110. }
  111. public void setRolePrefix(String rolePrefix) {
  112. this.rolePrefix = rolePrefix;
  113. }
  114. public void setSearchSubtree(boolean searchSubtree) {
  115. this.searchSubtree = searchSubtree;
  116. }
  117. /**
  118. * Create a new DefaultLdapAuthoritiesPopulator object.
  119. *
  120. * @return a DefaultLdapAuthoritiesPopulator.
  121. */
  122. private DefaultLdapAuthoritiesPopulator create() {
  123. DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
  124. initialDirContextFactory, groupSearchBase);
  125. populator.setConvertToUpperCase(convertToUpperCase);
  126. if (defaultRole != null) {
  127. populator.setDefaultRole(defaultRole);
  128. }
  129. populator.setGroupRoleAttribute(groupRoleAttribute);
  130. populator.setGroupSearchFilter(groupSearchFilter);
  131. populator.setRolePrefix(rolePrefix);
  132. populator.setSearchSubtree(searchSubtree);
  133. return populator;
  134. }
  135. }