Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java (revision 368161) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java (working copy) @@ -19,8 +19,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.jetspeed.security.GroupPrincipal; +import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.impl.GroupPrincipalImpl; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; +import org.apache.jetspeed.security.spi.SecurityMappingHandler; /** *

@@ -39,6 +42,12 @@ /** The group principal for gpUid2. */ private GroupPrincipal gp2; + + /** The role principal for gpUid1. */ + private RolePrincipal ro1; + + /** The role principal for gpUid2. */ + private RolePrincipal ro2; /** * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#setUp() @@ -50,6 +59,12 @@ gp2 = new GroupPrincipalImpl(gpUid2); LdapDataHelper.seedGroupData(gpUid1); LdapDataHelper.seedGroupData(gpUid2); + + ro1 = new RolePrincipalImpl(roleUid1); + ro2 = new RolePrincipalImpl(roleUid2); + LdapDataHelper.seedRoleData(roleUid1); + LdapDataHelper.seedRoleData(roleUid2); + LdapDataHelper.seedUserData(uid1, password); LdapDataHelper.seedUserData(uid2, password); } @@ -67,28 +82,32 @@ } /** + * Adds 2 users to a group and checks their presence in the group + * * @throws Exception */ public void testGetUserPrincipalsInGroup() throws Exception { - secHandler.setUserPrincipalInGroup(uid1, gp1.getFullPath()); - secHandler.setUserPrincipalInGroup(uid2, gp1.getFullPath()); + secHandler.setUserPrincipalInGroup(uid1, gp1.getName()); + secHandler.setUserPrincipalInGroup(uid2, gp1.getName()); - String fullPathName = new GroupPrincipalImpl(gpUid1).getFullPath(); + String fullPathName = new GroupPrincipalImpl(gpUid1).getName(); logger.debug("Group full path name from testGetUserPrincipalsInGroup()[" + fullPathName + "]"); assertEquals("The user should have been in two groups.", 2, secHandler.getUserPrincipalsInGroup(fullPathName) .size()); } /** + * Adds 1 user to 2 groups, and checks its presence in both groups * @throws Exception */ public void testSetUserPrincipalInGroup() throws Exception { - secHandler.setUserPrincipalInGroup(uid1, gp1.getFullPath()); - secHandler.setUserPrincipalInGroup(uid1, gp2.getFullPath()); + secHandler.setUserPrincipalInGroup(uid1, gp1.getName()); + secHandler.setUserPrincipalInGroup(uid1, gp2.getName()); assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size()); + } /** @@ -96,15 +115,15 @@ */ public void testRemoveUserPrincipalInGroup() throws Exception { - secHandler.setUserPrincipalInGroup(uid1, gp1.getFullPath()); - secHandler.setUserPrincipalInGroup(uid1, gp2.getFullPath()); + secHandler.setUserPrincipalInGroup(uid1, gp1.getName()); + secHandler.setUserPrincipalInGroup(uid1, gp2.getName()); assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size()); - secHandler.removeUserPrincipalInGroup(uid1, gp1.getFullPath()); + secHandler.removeUserPrincipalInGroup(uid1, gp1.getName()); assertEquals("The user should have been in one groups.", 1, secHandler.getGroupPrincipals(uid1).size()); - secHandler.removeUserPrincipalInGroup(uid1, gp2.getFullPath()); + secHandler.removeUserPrincipalInGroup(uid1, gp2.getName()); assertEquals("The user should have been in two groups.", 0, secHandler.getGroupPrincipals(uid1).size()); } @@ -143,4 +162,86 @@ e instanceof SecurityException); } } + + /** + * Adds 2 users to a group and checks their presence in the group + * + * @throws Exception + */ + public void testGetUserPrincipalsInRole() throws Exception + { + secHandler.setUserPrincipalInRole(uid1, ro1.getName()); + secHandler.setUserPrincipalInRole(uid2, ro1.getName()); + + String fullPathName = new RolePrincipalImpl(roleUid1).getName(); + logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]"); + assertEquals("The user should have been in two roles.", 2, secHandler.getUserPrincipalsInRole(fullPathName) + .size()); + } + + /** + * Adds 1 user to 2 roles, and checks its presence in both roles + * @throws Exception + */ + public void testSetUserPrincipalInRole() throws Exception + { + secHandler.setUserPrincipalInRole(uid1, ro1.getName()); + secHandler.setUserPrincipalInRole(uid1, ro2.getName()); + + assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size()); + + } + + /** + * @throws Exception + */ + public void testRemoveUserPrincipalInRole() throws Exception + { + secHandler.setUserPrincipalInRole(uid1, ro1.getName()); + secHandler.setUserPrincipalInRole(uid1, ro2.getName()); + + assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size()); + + secHandler.removeUserPrincipalInRole(uid1, ro1.getName()); + assertEquals("The user should have been in one roles.", 1, secHandler.getRolePrincipals(uid1).size()); + + secHandler.removeUserPrincipalInRole(uid1, ro2.getName()); + assertEquals("The user should have been in two roles.", 0, secHandler.getRolePrincipals(uid1).size()); + } + + /** + * @throws Exception + */ + public void testSetUserPrincipalInRoleForNonExistantUser() throws Exception + { + try + { + secHandler.setUserPrincipalInRole(Integer.toString(rand.nextInt()), roleUid1); + fail("Trying to associate a role with a non-existant user should have thrown a SecurityException."); + + } + catch (Exception e) + { + assertTrue("Trying to associate a role with a non-existant user should have thrown a SecurityException.", + e instanceof SecurityException); + } + } + + /** + * @throws Exception + */ + public void testSetUserPrincipalInRoleForNonExistantRole() throws Exception + { + try + { + secHandler.setUserPrincipalInRole(uid1, Integer.toString(rand.nextInt())); + fail("Trying to associate a user with a non-existant role should have thrown a SecurityException."); + + } + catch (Exception e) + { + assertTrue("Trying to associate a user with a non-existant role should have thrown a SecurityException.", + e instanceof SecurityException); + } + } } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java (revision 368161) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java (working copy) @@ -14,26 +14,29 @@ */ package org.apache.jetspeed.security.spi.ldap; +import java.util.Random; + import junit.framework.TestCase; import org.apache.jetspeed.security.spi.CredentialHandler; import org.apache.jetspeed.security.spi.GroupSecurityHandler; +import org.apache.jetspeed.security.spi.RoleSecurityHandler; import org.apache.jetspeed.security.spi.SecurityMappingHandler; import org.apache.jetspeed.security.spi.UserSecurityHandler; import org.apache.jetspeed.security.spi.impl.LdapCredentialHandler; import org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler; +import org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler; import org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler; import org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler; import org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig; import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl; import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao; +import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl; -import java.util.Random; - /** *

* Abstract test case for LDAP providers. @@ -53,6 +56,9 @@ /** The {@link GroupSecurityHandler}. */ GroupSecurityHandler grHandler; + /** The {@link RoleSecurityHandler}. */ + RoleSecurityHandler roleHandler; + /** The {@link SecurityMappingHandler}. */ SecurityMappingHandler secHandler; @@ -64,6 +70,9 @@ /** The {@link LdapGroupDao}. */ LdapPrincipalDao ldapGroupDao; + + /** The {@link LdapGroupDao}. */ + LdapPrincipalDao ldapRoleDao; /** Random seed. */ Random rand = new Random(System.currentTimeMillis()); @@ -73,7 +82,13 @@ /** Group uid. */ protected String gpUid2; + + /** Role uid. */ + protected String roleUid1; + /** Role uid. */ + protected String roleUid2; + /** User uid. */ protected String uid1; @@ -101,12 +116,18 @@ uid2 = Integer.toString(rand.nextInt()); ldapGroupDao = new LdapGroupDaoImpl(ldapConfig); + ldapRoleDao = new LdapRoleDaoImpl(ldapConfig); grHandler = new LdapGroupSecurityHandler(ldapGroupDao); + roleHandler = new LdapRoleSecurityHandler(ldapRoleDao); LdapDataHelper.setGroupSecurityHandler(grHandler); + LdapDataHelper.setRoleSecurityHandler(roleHandler); gpUid1 = Integer.toString(rand.nextInt()); gpUid2 = Integer.toString(rand.nextInt()); - secHandler = new LdapSecurityMappingHandler(ldapPrincipalDao, ldapGroupDao); + roleUid1 = Integer.toString(rand.nextInt()); + roleUid2 = Integer.toString(rand.nextInt()); + + secHandler = new LdapSecurityMappingHandler(ldapPrincipalDao, ldapGroupDao, ldapRoleDao); } /** Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/LdapDataHelper.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/LdapDataHelper.java (revision 368161) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/org/apache/jetspeed/security/spi/ldap/LdapDataHelper.java (working copy) @@ -15,11 +15,14 @@ package org.apache.jetspeed.security.spi.ldap; import org.apache.jetspeed.security.GroupPrincipal; +import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.UserPrincipal; import org.apache.jetspeed.security.impl.GroupPrincipalImpl; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; import org.apache.jetspeed.security.impl.UserPrincipalImpl; import org.apache.jetspeed.security.spi.CredentialHandler; import org.apache.jetspeed.security.spi.GroupSecurityHandler; +import org.apache.jetspeed.security.spi.RoleSecurityHandler; import org.apache.jetspeed.security.spi.UserSecurityHandler; /** @@ -40,6 +43,9 @@ /** The {@link GroupSecurityHandler}. */ private static GroupSecurityHandler grHandler; + /** The {@link RoleSecurityHandler}. */ + private static RoleSecurityHandler roleHandler; + public static void seedUserData(String uid, String password) throws Exception { UserPrincipal up = new UserPrincipalImpl(uid); @@ -53,6 +59,12 @@ grHandler.setGroupPrincipal(gp); } + public static void seedRoleData(String roleUid) throws Exception + { + RolePrincipal rp = new RolePrincipalImpl(roleUid); + roleHandler.setRolePrincipal(rp); + } + public static void removeUserData(String uid) throws Exception { UserPrincipal up = new UserPrincipalImpl(uid); @@ -65,6 +77,12 @@ grHandler.removeGroupPrincipal(gp); } + public static void removeRoleData(String roleUid) throws Exception + { + RolePrincipal rp = new RolePrincipalImpl(roleUid); + roleHandler.removeRolePrincipal(rp); + } + public static void setUserSecurityHandler(UserSecurityHandler userHandlerVar) { userHandler = userHandlerVar; @@ -79,4 +97,9 @@ { grHandler = grHandlerVar; } + + public static void setRoleSecurityHandler(RoleSecurityHandler roleHandlerVar) + { + roleHandler = roleHandlerVar; + } } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/JETSPEED-INF/ldap/ldap.properties =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/JETSPEED-INF/ldap/ldap.properties (revision 368161) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/test/JETSPEED-INF/ldap/ldap.properties (working copy) @@ -6,5 +6,6 @@ org.apache.jetspeed.ldap.rootPassword=secret org.apache.jetspeed.ldap.rootContext=o\=sevenSeas org.apache.jetspeed.ldap.defaultDnSuffix= -org.apache.jetspeed.ldap.ou.users=users -org.apache.jetspeed.ldap.ou.groups=groups \ No newline at end of file +org.apache.jetspeed.ldap.ou.users=people +org.apache.jetspeed.ldap.ou.groups=groups +org.apache.jetspeed.ldap.ou.roles=roles \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java (working copy) @@ -298,8 +298,7 @@ "addUserToGroup(java.lang.String, java.lang.String)"); // Get the group principal to add to user. - Principal groupPrincipal = groupSecurityHandler - .getGroupPrincipal(groupFullPathName); + GroupPrincipal groupPrincipal = groupSecurityHandler.getGroupPrincipal(groupFullPathName); if (null == groupPrincipal) { throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName)); } @@ -309,13 +308,11 @@ throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); } // Get the user groups. - Set groupPrincipals = securityMappingHandler - .getGroupPrincipals(username); + Set groupPrincipals = securityMappingHandler.getGroupPrincipals(username); // Add group to user. if (!groupPrincipals.contains(groupPrincipal)) { - securityMappingHandler.setUserPrincipalInGroup(username, - groupFullPathName); + securityMappingHandler.setUserPrincipalInGroup(username,groupFullPathName); } } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java (working copy) @@ -287,7 +287,7 @@ // Add role to user. if (!rolePrincipals.contains(rolePrincipal)) { - securityMappingHandler.setRolePrincipal(username, roleFullPathName); + securityMappingHandler.setUserPrincipalInRole(username, roleFullPathName); } } @@ -310,7 +310,7 @@ Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); if (null != rolePrincipal) { - securityMappingHandler.removeRolePrincipal(username, roleFullPathName); + securityMappingHandler.removeUserPrincipalInRole(username, roleFullPathName); } } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java (working copy) @@ -15,6 +15,11 @@ */ package org.apache.jetspeed.security.spi.impl.ldap; +import java.util.Hashtable; + +import javax.naming.AuthenticationException; +import javax.naming.Context; +import javax.naming.InitialContext; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.Attribute; @@ -39,7 +44,7 @@ /** The password attribute. */ private static final String PASSWORD_ATTR_NAME = "userPassword"; - + /** *

* Default constructor. @@ -64,7 +69,7 @@ public LdapUserCredentialDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException { super(ldapConfig); - } + } /** *

@@ -97,13 +102,27 @@ * @param uid The uid. * @param password The password. * @throws SecurityException Throws a {@link SecurityException}. - */ + */ public boolean authenticate(final String uid, final String password) throws SecurityException { validateUid(uid); validatePassword(password); - String savedPassword = String.valueOf(getPassword(uid)); - return (savedPassword.equals(password)); + try { + Hashtable env = this.ctx.getEnvironment(); + String savedPassword = String.valueOf(getPassword(uid)); + String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS); + String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL); + env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + ",ou=" + getUsersOu() + "," + getRootContext()); + env.put(Context.SECURITY_CREDENTIALS,password); + InitialContext ctx = new InitialContext(env); + env.put(Context.SECURITY_PRINCIPAL,oldUsername); + env.put(Context.SECURITY_CREDENTIALS,oldCredential); + return true; + } catch (AuthenticationException e) { + return false; + } catch (NamingException e) { + throw new SecurityException(e); + } } /** @@ -162,7 +181,8 @@ Attributes userAttributes = getFirstUser(results); - return convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes)); + char[] rawPassword = convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes)); + return rawPassword; } /** @@ -250,4 +270,8 @@ { return "jetspeed-2-user"; } + + protected String getEntryPrefix() { + return "uid"; + } } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java (working copy) @@ -58,6 +58,9 @@ /** The groups ou. */ private String groupsOu; + + /** The roles ou. */ + private String rolesOu; /** The ldap properties. */ private PropertiesConfiguration props = null; @@ -74,7 +77,7 @@ * @param gou The groups organization unit. */ public LdapBindingConfig(String factory, String name, String port, String suffix, String context, String dn, - String password, String uou, String gou) + String password, String uou, String goups,String roles) { try { @@ -86,7 +89,8 @@ rootDn = dn; rootPassword = password; usersOu = uou; - groupsOu = gou; + groupsOu = goups; + rolesOu = roles; new InitLdapSchema(this); } catch (SecurityException se) @@ -119,6 +123,7 @@ rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword"); usersOu = props.getString("org.apache.jetspeed.ldap.ou.users"); groupsOu = props.getString("org.apache.jetspeed.ldap.ou.groups"); + rolesOu = props.getString("org.apache.jetspeed.ldap.ou.roles"); new InitLdapSchema(this); } catch (ConfigurationException ce) @@ -278,4 +283,12 @@ { this.usersOu = usersOu; } + + public String getRolesOu() { + return rolesOu; + } + + public void setRolesOu(String rolesOu) { + this.rolesOu = rolesOu; + } } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java (working copy) @@ -17,9 +17,11 @@ import java.security.Principal; +import javax.naming.NamingException; import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttribute; import javax.naming.directory.BasicAttributes; +import javax.naming.directory.DirContext; import org.apache.commons.lang.StringUtils; import org.apache.jetspeed.security.SecurityException; @@ -36,7 +38,7 @@ public class LdapGroupDaoImpl extends LdapPrincipalDaoImpl { - /** + /** *

* Default constructor. *

@@ -79,6 +81,7 @@ classes.add("jetspeed-2-group"); attrs.put(classes); attrs.put("uid", principalUid); + attrs.put("cn", principalUid); attrs.put("ou", getGroupsOu()); return attrs; } @@ -124,4 +127,10 @@ { return "jetspeed-2-group"; } + + protected String getEntryPrefix() { + return "cn"; + } + + } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java (working copy) @@ -116,4 +116,9 @@ return attrs; } + protected String getEntryPrefix() { + // TODO Auto-generated method stub + return null; + } + } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDao.java (working copy) @@ -51,6 +51,29 @@ /** *

+ * Add a user to a group. + *

+ * + * @param userPrincipalUid The user principal. + * @param rolePrincipalUid The role principal. + * @throws SecurityException A {@link SecurityException}. + */ + void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException; + + /** + *

+ * Remove a user from a group. + *

+ * + * @param userPrincipalUid The user principal. + * @param rolePrincipalUid The role principal. + * @throws SecurityException A {@link SecurityException}. + */ + void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException; + + + /** + *

* Return an array of the group principal UIDS that belong to a specific user. *

* @@ -59,6 +82,17 @@ * @throws SecurityException A {@link SecurityException}. */ String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException; + + /** + *

+ * Return an array of the role principal UIDS that belong to a specific user. + *

+ * + * @param userPrincipalUid The user principal uid. + * @return The array of group uids asociated with this user + * @throws SecurityException A {@link SecurityException}. + */ + String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException; /** *

@@ -70,4 +104,50 @@ * @throws SecurityException A {@link SecurityException}. */ String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException; + + /** + *

+ * Return an array of the user principal uids that belong to a role. + *

+ * + * @param rolePrincipalUid The role uid. + * @return The array of user uids asociated with this group + * @throws SecurityException A {@link SecurityException}. + */ + String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException; + + /** + *

+ * Return an array of the role principal UIDS that belong to a specific group. + *

+ * + * @param groupPrincipalUid The group principal uid. + * @return The array of role uids asociated with this user + * @throws SecurityException A {@link SecurityException}. + */ + String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException; + + /** + *

+ * Add a role to a group. + *

+ * + * @param groupPrincipalUid The group principal. + * @param rolePrincipalUid The role principal. + * @throws SecurityException A {@link SecurityException}. + */ + void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException; + + /** + *

+ * Remove a role from a group. + *

+ * + * @param groupPrincipalUid The group principal. + * @param rolePrincipalUid The role principal. + * @throws SecurityException A {@link SecurityException}. + */ + void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException; + + } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java (working copy) @@ -33,7 +33,9 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.jetspeed.security.GroupPrincipal; import org.apache.jetspeed.security.SecurityException; +import org.apache.jetspeed.security.impl.GroupPrincipalImpl; import org.apache.jetspeed.security.impl.UserPrincipalImpl; /** @@ -48,6 +50,9 @@ /** The group attribute name. */ private static final String GROUP_ATTR_NAME = "j2-group"; + /** The role attribute name. */ + private static final String ROLE_ATTR_NAME = "j2-role"; + /** *

* Default constructor. @@ -120,9 +125,58 @@ { modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE); } + + /** + * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String, + * java.lang.String) + */ + public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException + { + modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); + } /** *

+ * Replace or delete the role attribute. + *

+ * + * @param userPrincipalUid + * @param rolePrincipalUid + * @param operationType whether to replace or remove the specified user group from the user + * @throws SecurityException A {@link SecurityException}. + */ + private void modifyUserRole(String userPrincipalUid, String rolePrincipalUid, int operationType) + throws SecurityException + { + validateUid(userPrincipalUid); + validateUid(rolePrincipalUid); + String userDn = lookupByUid(userPrincipalUid); + + try + { + String rdn = getSubcontextName(userDn); + Attributes attrs = new BasicAttributes(false); + + attrs.put("j2-role", rolePrincipalUid); + ctx.modifyAttributes(rdn, operationType, attrs); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + + /** + * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String, + * java.lang.String) + */ + public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException + { + modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); + } + + /** + *

* A template method for defining the attributes for a particular LDAP class. *

* @@ -223,9 +277,91 @@ throw new SecurityException(e); } } + + /** + *

+ * Return an array of the roles that belong to a group. + *

+ * + * @param groupPrincipalUid The group principal uid. + * @return The array of user uids asociated with this group + * @throws SecurityException A {@link SecurityException}. + */ + public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException + { + validateUid(groupPrincipalUid); + SearchControls cons = setSearchControls(); + NamingEnumeration results; + try + { + List userPrincipalUids = new ArrayList(); + results = searchRolesByGroup(groupPrincipalUid, cons); + while (results.hasMore()) + { + SearchResult result = (SearchResult) results.next(); + Attributes answer = result.getAttributes(); + userPrincipalUids.addAll(getAttributes(getAttribute(ROLE_ATTR_NAME, answer))); + } + return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + /** + * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String, + * java.lang.String) + */ + public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException + { + modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE); + } + + /** *

+ * Replace or delete the user group attribute. + *

+ * + * @param userPrincipalUid + * @param groupPrincipalUid + * @param operationType whether to replace or remove the specified user group from the user + * @throws SecurityException A {@link SecurityException}. + */ + private void modifyGroupRole(String groupPrincipalUid, String rolePrincipalUid, int operationType) + throws SecurityException + { + validateUid(groupPrincipalUid); + validateUid(rolePrincipalUid); + String userDn = lookupGroupByUid(groupPrincipalUid); + try + { + String rdn = getSubcontextName(userDn); + Attributes attrs = new BasicAttributes(false); + + attrs.put("j2-role", rolePrincipalUid); + ctx.modifyAttributes(rdn, operationType, attrs); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + + /** + * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String, + * java.lang.String) + */ + public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException + { + modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE); + } + + + /** + *

* Search user by group. *

* @@ -237,19 +373,102 @@ private NamingEnumeration searchUserByGroup(final String groupPrincipalUid, SearchControls cons) throws NamingException { - String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() - + "))"; + String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))"; if (logger.isDebugEnabled()) { logger.debug("query[" + query + "]"); } - NamingEnumeration searchResults = ((DirContext) ctx).search("", "(&(" + GROUP_ATTR_NAME + "=" - + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))", cons); + NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons); return searchResults; } /** + *

+ * Search user by group. + *

+ * + * @param groupPrincipalUid + * @param cons + * @return + * @throws NamingException A {@link NamingException}. + */ + private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons) + throws NamingException + { + String query = "(&(" + UID_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + "jetspeed-2-group" + "))"; + if (logger.isDebugEnabled()) + { + logger.debug("query[" + query + "]"); + } + NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons); + + return searchResults; + } + + + + + /** + *

+ * Return an array of the user principal UIDS that belong to a group. + *

+ * + * @param groupPrincipalUid The group principal uid. + * @return The array of user uids asociated with this group + * @throws SecurityException A {@link SecurityException}. + */ + public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException + { + validateUid(rolePrincipalUid); + SearchControls cons = setSearchControls(); + NamingEnumeration results; + try + { + List userPrincipalUids = new ArrayList(); + results = searchUserByRole(rolePrincipalUid, cons); + while (results.hasMore()) + { + SearchResult result = (SearchResult) results.next(); + Attributes answer = result.getAttributes(); + + userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer))); + } + return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + + /** + *

+ * Search user by group. + *

+ * + * @param groupPrincipalUid + * @param cons + * @return + * @throws NamingException A {@link NamingException}. + */ + private NamingEnumeration searchUserByRole(final String rolePrincipalUid, SearchControls cons) + throws NamingException + { + + String query = "(&(" + ROLE_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + getObjectClass() + + "))"; + if (logger.isDebugEnabled()) + { + logger.debug("query[" + query + "]"); + } + NamingEnumeration searchResults = ((DirContext) ctx).search("", query, cons); + + return searchResults; + } + + + /** * @param userPrincipalUid * @return the array of group uids asociated with this user * @throws SecurityException @@ -293,11 +512,56 @@ return (String[]) uids.toArray(new String[uids.size()]); } + /** + * @param userPrincipalUid + * @return the array of group uids asociated with this user + * @throws SecurityException + */ + public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException + { + validateUid(userPrincipalUid); + SearchControls cons = setSearchControls(); + NamingEnumeration results; + try + { + results = searchByWildcardedUid(userPrincipalUid, cons); + return getRoles(results, userPrincipalUid); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + + /** + *

+ * Get the groups. + *

+ * * @param results + * @param uid * @return * @throws NamingException */ + private String[] getRoles(final NamingEnumeration results, final String uid) throws NamingException + { + if (!results.hasMore()) + { + throw new NamingException("Could not find any user with uid[" + uid + "]"); + } + + Attributes userAttributes = getFirstUser(results); + + List uids = getAttributes(getAttribute(ROLE_ATTR_NAME, userAttributes)); + return (String[]) uids.toArray(new String[uids.size()]); + } + + /** + * @param results + * @return + * @throws NamingException + */ private Attributes getFirstUser(NamingEnumeration results) throws NamingException { SearchResult result = (SearchResult) results.next(); @@ -324,4 +588,8 @@ } return uids; } + + protected String getEntryPrefix() { + return "uid"; + } } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java (working copy) @@ -197,9 +197,57 @@ throw new SecurityException(e); } } + + /** + *

+ * Searches the LDAP server for the group with the specified uid attribute. + *

+ * + * @return the user's DN + */ + public String lookupGroupByUid(final String uid) throws SecurityException + { + validateUid(uid); + try + { + SearchControls cons = setSearchControls(); + NamingEnumeration searchResults = searchGroupByWildcardedUid(uid, cons); + + return getFirstDnForUid(searchResults); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + /** *

+ * Searches the LDAP server for the role with the specified uid attribute. + *

+ * + * @return the user's DN + */ + public String lookupRoleByUid(final String uid) throws SecurityException + { + validateUid(uid); + + try + { + SearchControls cons = setSearchControls(); + NamingEnumeration searchResults = searchRoleByWildcardedUid(uid, cons); + + return getFirstDnForUid(searchResults); + } + catch (NamingException e) + { + throw new SecurityException(e); + } + } + + /** + *

* Gets the first matching user for the given uid. *

* @@ -257,9 +305,47 @@ return searchResults; } + + /** + *

+ * Search uid by wild card. + *

+ * + * @param filter The filter. + * @param cons The {@link SearchControls} + * @return The {@link NamingEnumeration} + * @throws NamingException Throws a {@link NamingEnumeration}. + */ + protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException + { + String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass=" + + "jetspeed-2-group" + "))"; + NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons); + return searchResults; + } + /** *

+ * Search uid by wild card. + *

+ * + * @param filter The filter. + * @param cons The {@link SearchControls} + * @return The {@link NamingEnumeration} + * @throws NamingException Throws a {@link NamingEnumeration}. + */ + protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException + { + String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass=" + + "jetspeed-2-role" + "))"; + NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons); + + return searchResults; + } + + /** + *

* Returns the default suffix dn. *

* @@ -281,6 +367,18 @@ { return this.ldapBindingConfig.getGroupsOu(); } + + /** + *

+ * Returns the roles . + *

+ * + * @return The rolesOu. + */ + protected String getRolesOu() + { + return this.ldapBindingConfig.getRolesOu(); + } /** *

@@ -314,4 +412,17 @@ * @return a String containing the LDAP object class name. */ protected abstract String getObjectClass(); + + + /** + *

+ * A template method that returns the LDAP entry prefix of the concrete DAO. + *

+ * + * TODO : this should be in spring config + * + * @return a String containing the LDAP entry prefix name. + */ + protected abstract String getEntryPrefix(); + } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java (working copy) @@ -33,6 +33,7 @@ import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.UserPrincipal; import org.apache.jetspeed.security.impl.GroupPrincipalImpl; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; import org.apache.jetspeed.security.impl.UserPrincipalImpl; /** @@ -46,7 +47,7 @@ private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class); /** The uid attribute name. */ - protected static final String UID_ATTR_NAME = "uid"; + protected String UID_ATTR_NAME = "uid"; /** *

@@ -101,7 +102,7 @@ Attributes attrs = defineLdapAttributes(principalUid); try { - String userDn = "uid=" + principalUid + getDnSuffix(); + String userDn = getEntryPrefix() + "=" + principalUid + getDnSuffix(); ctx.createSubcontext(userDn, attrs); if (logger.isDebugEnabled()) { @@ -169,6 +170,10 @@ { ldapAcceptableName = convertUidWithoutSlashes(GroupPrincipalImpl.getPrincipalNameFromFullPath(fullPath)); } + else if (fullPath.indexOf(GroupPrincipal.PREFS_ROLE_ROOT) >= 0) + { + ldapAcceptableName = convertUidWithoutSlashes(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPath)); + } if (logger.isErrorEnabled()) { logger.debug("Ldap acceptable name:" + ldapAcceptableName); @@ -260,6 +265,7 @@ Principal principal = makePrincipal(uid); principals.add(principal); + } } Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java (revision 0) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java (revision 0) @@ -0,0 +1,134 @@ +/* + * Copyright 2000-2001,2004 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jetspeed.security.spi.impl.ldap; + +import java.security.Principal; + +import javax.naming.directory.Attributes; +import javax.naming.directory.BasicAttribute; +import javax.naming.directory.BasicAttributes; + +import org.apache.commons.lang.StringUtils; +import org.apache.jetspeed.security.SecurityException; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; + +/** + *

+ * DAO for handling group objects. + *

+ * + * @author Mike Long , David Le Strat + */ +public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl +{ + + protected String UID_ATTR_NAME = "cn"; + + /** + *

+ * Default constructor. + *

+ * + * @throws SecurityException A {@link SecurityException}. + */ + public LdapRoleDaoImpl() throws SecurityException + { + super(); + } + + /** + *

+ * Initializes the dao. + *

+ * + * @param ldapConfig Holds the ldap binding configuration. + * @throws SecurityException A {@link SecurityException}. + */ + public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException + { + super(ldapConfig); + } + + /** + *

+ * A template method for defining the attributes for a particular LDAP class. + *

+ * + * @param principalUid The principal uid. + * @return The LDAP attributes object for the particular class. + */ + protected Attributes defineLdapAttributes(final String principalUid) + { + Attributes attrs = new BasicAttributes(true); + BasicAttribute classes = new BasicAttribute("objectclass"); + + classes.add("top"); + classes.add("uidObject"); + classes.add("jetspeed-2-role"); + attrs.put(classes); + attrs.put("uid", principalUid); + attrs.put("cn", principalUid); + attrs.put("ou", getRolesOu()); + return attrs; + } + + /** + * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix() + */ + protected String getDnSuffix() + { + String suffix = ""; + if (!StringUtils.isEmpty(getRolesOu())) + { + suffix += ",ou=" + getRolesOu(); + } + if (!StringUtils.isEmpty(getDefaultDnSuffix())) + { + suffix += getDefaultDnSuffix(); + } + return suffix; + } + + /** + *

+ * Creates a GroupPrincipal object. + *

+ * + * @param principalUid The principal uid. + * @return A group principal object. + */ + protected Principal makePrincipal(String principalUid) + { + return new RolePrincipalImpl(principalUid); + } + + /** + *

+ * A template method that returns the LDAP object class of the concrete DAO. + *

+ * + * @return A String containing the LDAP object class name. + */ + protected String getObjectClass() + { + return "jetspeed-2-role"; + } + + protected String getEntryPrefix() { + return "cn"; + } +} \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java (working copy) @@ -15,7 +15,9 @@ package org.apache.jetspeed.security.spi.impl; import java.security.Principal; +import java.util.Collection; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; import java.util.prefs.Preferences; @@ -25,14 +27,19 @@ import org.apache.commons.logging.LogFactory; import org.apache.jetspeed.security.GroupPrincipal; import org.apache.jetspeed.security.HierarchyResolver; +import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.UserPrincipal; import org.apache.jetspeed.security.impl.GeneralizationHierarchyResolver; import org.apache.jetspeed.security.impl.GroupPrincipalImpl; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; import org.apache.jetspeed.security.impl.UserPrincipalImpl; +import org.apache.jetspeed.security.om.InternalGroupPrincipal; +import org.apache.jetspeed.security.om.InternalUserPrincipal; import org.apache.jetspeed.security.spi.SecurityMappingHandler; import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl; import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao; +import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao; import org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl; @@ -47,6 +54,8 @@ private LdapUserPrincipalDao userDao; private LdapPrincipalDao groupDao; + + private LdapPrincipalDao roleDao; /** The logger. */ private static final Log LOG = LogFactory.getLog(LdapSecurityMappingHandler.class); @@ -61,10 +70,11 @@ * @param userDao * @param groupDao */ - public LdapSecurityMappingHandler(LdapUserPrincipalDao userDao, LdapPrincipalDao groupDao) + public LdapSecurityMappingHandler(LdapUserPrincipalDao userDao, LdapPrincipalDao groupDao,LdapPrincipalDao roleDao) { this.userDao = userDao; this.groupDao = groupDao; + this.roleDao = roleDao; } /** @@ -75,6 +85,7 @@ { this.userDao = new LdapUserPrincipalDaoImpl(); this.groupDao = new LdapGroupDaoImpl(); + this.roleDao = new LdapRoleDaoImpl(); } /** @@ -115,23 +126,42 @@ public Set getRolePrincipals(String username) { Set rolePrincipals = new HashSet(); + String[] roles; + try + { + roles = userDao.getRoleUidsForUser(username); + for (int i = 0; i < roles.length; i++) + { + createResolvedRolePrincipalSet(username, rolePrincipals, roles, i); + } + } + catch (SecurityException e) + { + LOG.error(e); + } return rolePrincipals; + } /** - * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRolePrincipal(java.lang.String, + * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInRole(java.lang.String, * java.lang.String) */ - public void setRolePrincipal(String username, String roleFullPathName) throws SecurityException + public void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException { + verifyUserAndRoleExist(username, roleFullPathName); + addRoleToUser(username, roleFullPathName); } /** - * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeRolePrincipal(java.lang.String, + * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInRole(java.lang.String, * java.lang.String) */ - public void removeRolePrincipal(String username, String roleFullPathName) throws SecurityException + public void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException { + //TODO: check if this is ok + verifyUserAndRoleExist(username, roleFullPathName); + removeUserFromRole(username, roleFullPathName); } /** @@ -139,8 +169,22 @@ */ public Set getRolePrincipalsInGroup(String groupFullPathName) { - Set rolePrincipals = new HashSet(); - return rolePrincipals; + Set rolePrincipalsInGroup = new HashSet(); + String[] roles; + try + { + //TODO: see if we can't use the groupDao here + roles = userDao.getRolesForGroup(groupFullPathName); + for (int i = 0; i < roles.length; i++) + { + createResolvedRolePrincipalSet(groupFullPathName, rolePrincipalsInGroup, roles, i); + } + } + catch (SecurityException e) + { + LOG.error(e); + } + return rolePrincipalsInGroup; } /** @@ -149,6 +193,8 @@ */ public void setRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException { + verifyGroupAndRoleExist(groupFullPathName, roleFullPathName); + addRoleToGroup(groupFullPathName, roleFullPathName); } /** @@ -157,9 +203,12 @@ */ public void removeRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException { + verifyGroupAndRoleExist(groupFullPathName, roleFullPathName); + removeRoleFromGroup(groupFullPathName, roleFullPathName); } - /** + + /** * This method returns the set of group principals associated with a user. * * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#getGroupPrincipals(java.lang.String) @@ -198,7 +247,17 @@ */ public Set getUserPrincipalsInRole(String roleFullPathName) { - Set userPrincipals = new HashSet(); + //TODO: Check that this is correct + Set userPrincipals = new HashSet(); + String[] fullPaths = {roleFullPathName}; + try + { + getUserPrincipalsInRole(userPrincipals, fullPaths); + } + catch (SecurityException e) + { + LOG.error(e); + } return userPrincipals; } @@ -212,9 +271,15 @@ */ public Set getUserPrincipalsInGroup(String groupFullPathName) { - Set userPrincipals = new HashSet(); - Preferences preferences = Preferences.userRoot().node(groupFullPathName); - String[] fullPaths = groupHierarchyResolver.resolve(preferences); + Set userPrincipals = new HashSet(); + + //TODO: Check that this is correct + String[] fullPaths = {groupFullPathName}; + +// Preferences preferences = Preferences.userRoot().node( +// GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName)); +// String[] fullPaths = groupHierarchyResolver.resolve(preferences); +// try { getUserPrincipalsInGroup(userPrincipals, fullPaths); @@ -247,6 +312,28 @@ } } } + + /** + *

+ * Gets the user principals in groups. + *

+ * + * @param userPrincipals + * @param fullPaths + * @throws SecurityException A {@link SecurityException}. + */ + private void getUserPrincipalsInRole(Set userPrincipals, String[] fullPaths) throws SecurityException + { + for (int i = 0; i < fullPaths.length; i++) + { + String[] usersInRole = userDao.getUserUidsForRole(fullPaths[i]); + for (int y = 0; y < usersInRole.length; y++) + { + Principal userPrincipal = new UserPrincipalImpl(usersInRole[y]); + userPrincipals.add(userPrincipal); + } + } + } /** * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInGroup(java.lang.String, @@ -267,12 +354,26 @@ verifyUserAndGroupExist(username, groupFullPathName); removeUserFromGroup(username, groupFullPathName); } - /** * @param username * @param groupFullPathName * @throws SecurityException */ + private void verifyGroupAndRoleExist(String groupFullPathName, String roleFullPathName) throws SecurityException + { + GroupPrincipal group = getGroup(groupFullPathName); + RolePrincipal role = getRole(roleFullPathName); + if ((null == group) && (null == role)) + { + throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST); + } + } + + /** + * @param username + * @param groupFullPathName + * @throws SecurityException + */ private void verifyUserAndGroupExist(String username, String groupFullPathName) throws SecurityException { UserPrincipal user = getUser(username); @@ -281,6 +382,21 @@ { throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST); } + } + + /** + * @param username + * @param groupFullPathName + * @throws SecurityException + */ + private void verifyUserAndRoleExist(String username, String roleFullPathName) throws SecurityException + { + UserPrincipal user = getUser(username); + RolePrincipal role = getRole(roleFullPathName); + if ((null == user) && (null == role)) + { + throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST); + } } /** @@ -294,7 +410,7 @@ LOG.debug("Group [" + i + "] for user[" + username + "] is [" + groups[i] + "]"); GroupPrincipal group = new GroupPrincipalImpl(groups[i]); - Preferences preferences = Preferences.userRoot().node(group.getName()); + Preferences preferences = Preferences.userRoot().node(group.getFullPath()); LOG.debug("Group name:" + group.getName()); String[] fullPaths = groupHierarchyResolver.resolve(preferences); for (int n = 0; n < fullPaths.length; n++) @@ -307,6 +423,29 @@ /** * @param username + * @param groupPrincipals + * @param groups + * @param i + */ + private void createResolvedRolePrincipalSet(String username, Set rolePrincipals, String[] roles, int i) + { + LOG.debug("Group [" + i + "] for user[" + username + "] is [" + roles[i] + "]"); + + RolePrincipal role = new RolePrincipalImpl(roles[i]); + Preferences preferences = Preferences.userRoot().node(role.getFullPath()); + LOG.debug("Group name:" + role.getName()); + String[] fullPaths = roleHierarchyResolver.resolve(preferences); + for (int n = 0; n < fullPaths.length; n++) + { + LOG.debug("Group [" + i + "] for user[" + username + "] is [" + + RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]) + "]"); + rolePrincipals.add(new RolePrincipalImpl(RolePrincipalImpl.getPrincipalNameFromFullPath(fullPaths[n]))); + } + } + + + /** + * @param username * @param groupFullPathName * @throws SecurityException */ @@ -314,6 +453,22 @@ { userDao.removeGroup(username, groupFullPathName); } + + /** + * @param username + * @param groupFullPathName + * @throws SecurityException + */ + private void removeUserFromRole(String username, String roleFullPathName) throws SecurityException + { + userDao.removeRole(username, roleFullPathName); + } + + private void removeRoleFromGroup(String groupFullPathName, String roleFullPathName)throws SecurityException + { + userDao.removeRoleFromGroup(groupFullPathName,roleFullPathName); + } + /** * @param uid @@ -352,6 +507,26 @@ } /** + * @param uid + * @return + * @throws SecurityException A {@link SecurityException}. + */ + private RolePrincipal getRole(String uid) throws SecurityException + { + Principal[] role = roleDao.find(uid, RolePrincipal.PREFS_ROLE_ROOT); + + if (role.length == 1) + + { + return (RolePrincipal) role[0]; + } + else + { + throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(uid)); + } + } + + /** * @param username * @param groupFullPathName * @throws SecurityException A {@link SecurityException}. @@ -361,4 +536,25 @@ userDao.addGroup(username, groupFullPathName); } + /** + * @param username + * @param groupFullPathName + * @throws SecurityException A {@link SecurityException}. + */ + private void addRoleToUser(String username, String roleFullPathName) throws SecurityException + { + userDao.addRole(username, roleFullPathName); + } + + /** + * @param username + * @param groupFullPathName + * @throws SecurityException A {@link SecurityException}. + */ + private void addRoleToGroup(String groupFullPathName, String roleFullPathName) throws SecurityException + { + userDao.addRoleToGroup(groupFullPathName, roleFullPathName); + } + + } \ No newline at end of file Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapGroupSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapGroupSecurityHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapGroupSecurityHandler.java (working copy) @@ -68,7 +68,7 @@ /** * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipal(java.lang.String) */ - public Principal getGroupPrincipal(String groupPrincipalUid) + public GroupPrincipal getGroupPrincipal(String groupPrincipalUid) { String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(groupPrincipalUid); verifyGroupId(groupUidWithoutSlashes); Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultSecurityMappingHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultSecurityMappingHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultSecurityMappingHandler.java (working copy) @@ -146,10 +146,10 @@ } /** - * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setRolePrincipal(java.lang.String, + * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#setUserPrincipalInRole(java.lang.String, * java.lang.String) */ - public void setRolePrincipal(String username, String roleFullPathName) throws SecurityException + public void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException { InternalUserPrincipal internalUser = commonQueries.getInternalUserPrincipal(username); boolean isMappingOnly = false; @@ -174,10 +174,10 @@ } /** - * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeRolePrincipal(java.lang.String, + * @see org.apache.jetspeed.security.spi.SecurityMappingHandler#removeUserPrincipalInRole(java.lang.String, * java.lang.String) */ - public void removeRolePrincipal(String username, String roleFullPathName) throws SecurityException + public void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException { boolean isMappingOnly = false; // Check is the record is used for mapping only. Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultGroupSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultGroupSecurityHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultGroupSecurityHandler.java (working copy) @@ -51,7 +51,7 @@ /** * @see org.apache.jetspeed.security.spi.GroupSecurityHandler#getGroupPrincipal(java.lang.String) */ - public Principal getGroupPrincipal(String groupFullPathName) + public GroupPrincipal getGroupPrincipal(String groupFullPathName) { GroupPrincipal groupPrincipal = null; InternalGroupPrincipal internalGroup = commonQueries Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapRoleSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapRoleSecurityHandler.java (revision 0) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapRoleSecurityHandler.java (revision 0) @@ -0,0 +1,147 @@ +package org.apache.jetspeed.security.spi.impl; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.naming.NamingException; + +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.jetspeed.security.GroupPrincipal; +import org.apache.jetspeed.security.RolePrincipal; +import org.apache.jetspeed.security.SecurityException; +import org.apache.jetspeed.security.impl.GroupPrincipalImpl; +import org.apache.jetspeed.security.impl.RolePrincipalImpl; +import org.apache.jetspeed.security.spi.RoleSecurityHandler; +import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl; +import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao; + +public class LdapRoleSecurityHandler implements RoleSecurityHandler { + + /** The logger. */ + private static final Log logger = LogFactory.getLog(LdapRoleSecurityHandler.class); + + /** The {@link LdapPrincipalDao}. */ + private LdapPrincipalDao ldap; + + /** + * @param ldap The {@link LdapPrincipalDao}. + */ + public LdapRoleSecurityHandler(LdapPrincipalDao ldap) + { + this.ldap = ldap; + } + + /** + *

+ * Default constructor. + *

+ * + * @throws NamingException A {@link NamingException}. + * @throws SecurityException A {@link SecurityException}. + */ + public LdapRoleSecurityHandler() throws NamingException, SecurityException + { + this(new LdapRoleDaoImpl()); + } + + public RolePrincipal getRolePrincipal(String roleFullPathName) { + String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(roleFullPathName); + verifyRoleId(roleUidWithoutSlashes); + try + { + String dn = ldap.lookupByUid(roleUidWithoutSlashes); + + if (!StringUtils.isEmpty(dn)) + { + return new RolePrincipalImpl(roleFullPathName); + } + } + catch (SecurityException e) + { + logSecurityException(e, roleFullPathName); + } + return null; + } + + public void setRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException { + verifyRolePrincipal(rolePrincipal); + + String fullPath = rolePrincipal.getFullPath(); + String groupUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath); + if (getRolePrincipal(groupUidWithoutSlashes) == null) + { + ldap.create(groupUidWithoutSlashes); + } + } + + public void removeRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException { + verifyRolePrincipal(rolePrincipal); + + String fullPath = rolePrincipal.getFullPath(); + String roleUidWithoutSlashes = ldap.convertUidToLdapAcceptableName(fullPath); + + ldap.delete(roleUidWithoutSlashes); + } + + public List getRolePrincipals(String filter) { + try + { + return Arrays.asList(ldap.find(filter, RolePrincipal.PREFS_ROLE_ROOT)); + } + catch (SecurityException e) + { + logSecurityException(e, filter); + } + return new ArrayList(); + } + + /** + *

+ * Verify that the group uid is valid. + *

+ * + * @param groupPrincipalUid The group uid. + */ + private void verifyRoleId(String rolePrincipalUid) + { + if (StringUtils.isEmpty(rolePrincipalUid)) + { + throw new IllegalArgumentException("The roleId cannot be null or empty."); + } + } + + /** + *

+ * Log the security exception. + *

+ * + * @param e The {@link SecurityException}. + * @param groupPrincipalUid The group principal uid. + */ + private void logSecurityException(SecurityException e, String groupPrincipalUid) + { + if (logger.isErrorEnabled()) + { + logger.error("An LDAP error has occurred for groupId:" + groupPrincipalUid, e); + } + } + + /** + *

+ * Verify that the group principal is valid. + *

+ * + * @param groupPrincipal The group principal. + */ + private void verifyRolePrincipal(RolePrincipal rolePrincipal) + { + if (rolePrincipal == null) + { + throw new IllegalArgumentException("The RolePrincipal cannot be null or empty."); + } + } +} Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultRoleSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultRoleSecurityHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultRoleSecurityHandler.java (working copy) @@ -51,7 +51,7 @@ /** * @see org.apache.jetspeed.security.spi.RoleSecurityHandler#getRolePrincipal(java.lang.String) */ - public Principal getRolePrincipal(String roleFullPathName) + public RolePrincipal getRolePrincipal(String roleFullPathName) { RolePrincipal rolePrincipal = null; InternalRolePrincipal internalRole = commonQueries Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java (working copy) @@ -93,7 +93,7 @@ * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be * thrown if the user does not exist. */ - void setRolePrincipal(String username, String roleFullPathName) throws SecurityException; + void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException; /** *

@@ -109,7 +109,7 @@ * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be * thrown if the user does not exist. */ - void removeRolePrincipal(String username, String roleFullPathName) throws SecurityException; + void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException; /** *

Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java (working copy) @@ -46,7 +46,7 @@ * @param groupFullPathName The group full path name. * @return The Principal

*/ - Principal getGroupPrincipal(String groupFullPathName); + GroupPrincipal getGroupPrincipal(String groupFullPathName); /** *

Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java (revision 368461) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java (working copy) @@ -47,7 +47,7 @@ * @param roleFullPathName The role full path name. * @return The Principal

*/ - Principal getRolePrincipal(String roleFullPathName); + RolePrincipal getRolePrincipal(String roleFullPathName); /** *

Index: C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/etc/security-spi-ldap.xml =================================================================== --- C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/etc/security-spi-ldap.xml (revision 368161) +++ C:/JAVADEV/PROJECTS/Eclipse/WEBSERVICE/JetSpeedSource/components/security/etc/security-spi-ldap.xml (working copy) @@ -38,6 +38,9 @@ users groups + + roles +