1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz;
21
22
23 import org.apache.directory.server.constants.ServerDNConstants;
24 import org.apache.directory.server.core.DefaultDirectoryService;
25 import org.apache.directory.server.core.DirectoryService;
26 import org.apache.directory.server.core.integ.DirectoryServiceFactory;
27 import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
28 import org.apache.directory.server.core.subtree.SubentryInterceptor;
29 import org.apache.directory.shared.ldap.constants.SchemaConstants;
30 import org.apache.directory.shared.ldap.name.LdapDN;
31
32 import javax.naming.Name;
33 import javax.naming.NamingException;
34 import javax.naming.directory.Attribute;
35 import javax.naming.directory.Attributes;
36 import javax.naming.directory.BasicAttribute;
37 import javax.naming.directory.BasicAttributes;
38 import javax.naming.directory.DirContext;
39 import javax.naming.directory.InitialDirContext;
40 import javax.naming.ldap.LdapContext;
41 import java.util.Hashtable;
42
43
44
45
46
47
48
49
50
51 public class AutzIntegUtils
52 {
53 public static DirectoryService service;
54
55
56 public static class ServiceFactory implements DirectoryServiceFactory
57 {
58 public DirectoryService newInstance()
59 {
60 DefaultDirectoryService service = new DefaultDirectoryService();
61 service.setAccessControlEnabled( true );
62 service.getChangeLog().setEnabled( true );
63 AutzIntegUtils.service = service;
64 return service;
65 }
66 }
67
68
69 public static class DefaultServiceFactory implements DirectoryServiceFactory
70 {
71 public DirectoryService newInstance()
72 {
73 DefaultDirectoryService service = new DefaultDirectoryService();
74 service.setAccessControlEnabled( false );
75 service.getChangeLog().setEnabled( true );
76 AutzIntegUtils.service = service;
77 return service;
78 }
79 }
80
81
82
83
84
85
86
87
88
89
90
91
92 public static DirContext getContextAsAdmin() throws Exception
93 {
94 return getSystemContext( service );
95 }
96
97
98
99
100
101
102
103
104
105
106
107 @SuppressWarnings("unchecked")
108 public static DirContext getContextAsAdmin( String dn ) throws Exception
109 {
110 LdapContext sysRoot = getSystemContext( service );
111 Hashtable<String,Object> env = ( Hashtable<String,Object> ) sysRoot.getEnvironment().clone();
112 env.put( DirContext.PROVIDER_URL, dn );
113 env.put( DirContext.SECURITY_AUTHENTICATION, "simple" );
114 env.put( DirContext.SECURITY_PRINCIPAL, "uid=admin, ou=system" );
115 env.put( DirContext.SECURITY_CREDENTIALS, "secret" );
116 env.put( DirContext.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
117 env.put( DirectoryService.JNDI_KEY, service );
118 return new InitialDirContext( env );
119 }
120
121
122
123
124
125
126
127
128
129
130
131
132 public static Name createGroup( String cn, String firstMemberDn ) throws Exception
133 {
134 DirContext adminCtx = getContextAsAdmin();
135 Attributes group = new BasicAttributes( "cn", cn, true );
136 Attribute objectClass = new BasicAttribute( "objectClass" );
137 group.put( objectClass );
138 objectClass.add( "top" );
139 objectClass.add( "groupOfUniqueNames" );
140 group.put( "uniqueMember", firstMemberDn );
141 adminCtx.createSubcontext( "cn=" + cn + ",ou=groups", group );
142 return new LdapDN( "cn=" + cn + ",ou=groups,ou=system" );
143 }
144
145
146
147
148
149
150
151
152
153 public static void deleteUser( String uid ) throws Exception
154 {
155 DirContext adminCtx = getContextAsAdmin();
156 adminCtx.destroySubcontext( "uid=" + uid + ",ou=users" );
157 }
158
159
160
161
162
163
164
165
166
167
168
169
170 public static Name createUser( String uid, String password ) throws Exception
171 {
172 DirContext adminCtx = getContextAsAdmin();
173 Attributes user = new BasicAttributes( "uid", uid, true );
174 user.put( "userPassword", password );
175 Attribute objectClass = new BasicAttribute( "objectClass" );
176 user.put( objectClass );
177 objectClass.add( "top" );
178 objectClass.add( "person" );
179 objectClass.add( "organizationalPerson" );
180 objectClass.add( "inetOrgPerson" );
181 user.put( "sn", uid );
182 user.put( "cn", uid );
183 adminCtx.createSubcontext( "uid=" + uid + ",ou=users", user );
184 return new LdapDN( "uid=" + uid + ",ou=users,ou=system" );
185 }
186
187
188
189
190
191
192
193
194
195
196
197 public static Name createGroup( String groupName ) throws Exception
198 {
199 DirContext adminCtx = getContextAsAdmin();
200 Attributes group = new BasicAttributes( true );
201 Attribute objectClass = new BasicAttribute( "objectClass" );
202 group.put( objectClass );
203 objectClass.add( "top" );
204 objectClass.add( "groupOfUniqueNames" );
205
206
207 group.put( "uniqueMember", "uid=admin, ou=system" );
208 adminCtx.createSubcontext( "cn=" + groupName + ",ou=groups", group );
209 return new LdapDN( "cn=" + groupName + ",ou=groups,ou=system" );
210 }
211
212
213
214
215
216
217
218
219
220
221 public static void addUserToGroup( String userUid, String groupCn ) throws Exception
222 {
223 DirContext adminCtx = getContextAsAdmin();
224 Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
225 adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.ADD_ATTRIBUTE, changes );
226 }
227
228
229
230
231
232
233
234
235
236 public static void removeUserFromGroup( String userUid, String groupCn ) throws Exception
237 {
238 DirContext adminCtx = getContextAsAdmin();
239 Attributes changes = new BasicAttributes( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system", true );
240 adminCtx.modifyAttributes( "cn=" + groupCn + ",ou=groups", DirContext.REMOVE_ATTRIBUTE, changes );
241 }
242
243
244
245
246
247
248
249
250
251
252 public static DirContext getContextAs( Name user, String password ) throws Exception
253 {
254 return getContextAs( user, password, ServerDNConstants.SYSTEM_DN );
255 }
256
257
258
259
260
261
262
263
264
265
266
267 @SuppressWarnings("unchecked")
268 public static DirContext getContextAs( Name user, String password, String dn ) throws Exception
269 {
270 LdapContext sysRoot = getSystemContext( service );
271 Hashtable<String,Object> env = ( Hashtable<String,Object> ) sysRoot.getEnvironment().clone();
272 env.put( DirContext.PROVIDER_URL, dn );
273 env.put( DirContext.SECURITY_AUTHENTICATION, "simple" );
274 env.put( DirContext.SECURITY_PRINCIPAL, user.toString() );
275 env.put( DirContext.SECURITY_CREDENTIALS, password );
276 env.put( DirContext.INITIAL_CONTEXT_FACTORY, "org.apache.directory.server.core.jndi.CoreContextFactory" );
277 env.put( DirectoryService.JNDI_KEY, service );
278 return new InitialDirContext( env );
279 }
280
281
282 public static void deleteAccessControlSubentry( String cn ) throws Exception
283 {
284 DirContext adminCtx = getContextAsAdmin();
285 adminCtx.destroySubcontext( "cn=" + cn );
286 }
287
288
289
290
291
292
293
294
295
296
297 public static void createAccessControlSubentry( String cn, String aciItem ) throws Exception
298 {
299 createAccessControlSubentry( cn, "{}", aciItem );
300 }
301
302
303
304
305
306
307
308
309
310
311
312 public static void createAccessControlSubentry( String cn, String subtree, String aciItem ) throws Exception
313 {
314 DirContext adminCtx = getContextAsAdmin();
315
316
317 Attributes ap = adminCtx.getAttributes( "", new String[]
318 { "administrativeRole" } );
319 Attribute administrativeRole = ap.get( "administrativeRole" );
320 if ( administrativeRole == null || !administrativeRole.contains( SubentryInterceptor.AC_AREA ) )
321 {
322 Attributes changes = new BasicAttributes( "administrativeRole", SubentryInterceptor.AC_AREA, true );
323 adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
324 }
325
326
327 Attributes subentry = new BasicAttributes( "cn", cn, true );
328 Attribute objectClass = new BasicAttribute( "objectClass" );
329 subentry.put( objectClass );
330 objectClass.add( "top" );
331 objectClass.add( SchemaConstants.SUBENTRY_OC );
332 objectClass.add( "accessControlSubentry" );
333 subentry.put( "subtreeSpecification", subtree );
334 subentry.put( "prescriptiveACI", aciItem );
335 adminCtx.createSubcontext( "cn=" + cn, subentry );
336 }
337
338
339
340
341
342
343
344
345
346
347 public static void addEntryACI( Name rdn, String aciItem ) throws Exception
348 {
349 DirContext adminCtx = getContextAsAdmin();
350
351
352 Attributes changes = new BasicAttributes( "entryACI", aciItem, true );
353 adminCtx.modifyAttributes( rdn, DirContext.ADD_ATTRIBUTE, changes );
354 }
355
356
357
358
359
360
361
362
363 public static void addSubentryACI( String aciItem ) throws Exception
364 {
365 DirContext adminCtx = getContextAsAdmin();
366
367
368 Attributes changes = new BasicAttributes( "subentryACI", aciItem, true );
369 adminCtx.modifyAttributes( "", DirContext.ADD_ATTRIBUTE, changes );
370 }
371
372
373
374
375
376
377
378
379
380
381 public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
382 {
383 DirContext adminCtx = getContextAsAdmin();
384 Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
385 adminCtx.modifyAttributes( "cn=" + cn, DirContext.REPLACE_ATTRIBUTE, changes );
386 }
387
388 public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
389 {
390 DirContext adminCtx = getContextAsAdmin();
391 Attributes changes = new BasicAttributes( "prescriptiveACI", aciItem, true );
392 adminCtx.modifyAttributes( "cn=" + cn, DirContext.ADD_ATTRIBUTE, changes );
393 }
394 }