com.atlassian.crowd.directory
Class SpringLDAPConnector

java.lang.Object
  com.atlassian.crowd.directory.SpringLDAPConnector

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

Direct Known Subclasses:

RFC2307Directory, RFC4519Directory

public abstract class SpringLDAPConnector
extends java.lang.Object
implements LDAPDirectory

Field Summary

protected AttributeValuesHolder	attributes
protected org.springframework.ldap.core.ContextSource	contextSource
protected org.springframework.ldap.transaction.compensating.manager.ContextSourceTransactionManager	contextSourceTransactionManager
static int	DEFAULT_PAGE_SIZE
protected com.atlassian.event.api.EventPublisher	eventPublisher
protected LDAPPropertiesMapper	ldapPropertiesMapper
protected LDAPQueryTranslater	ldapQueryTranslater
protected org.springframework.ldap.core.LdapTemplate	ldapTemplate
protected Converter	nameConverter
protected SearchDN	searchDN

Constructor Summary

SpringLDAPConnector(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)

Method Summary

protected void	addDefaultSnToUserAttributes(javax.naming.directory.Attributes attrs, java.lang.String defaultSnValue) A default install of many directory servers (inc.
protected void	addDefaultValueToUserAttributesForAttribute(java.lang.String attributeName, javax.naming.directory.Attributes attrs, java.lang.String defaultValue)
Group	addGroup(GroupTemplate group) Adds a group to the directory store.
LDAPUserWithAttributes	addUser(UserTemplate user, PasswordCredential credential) Adds a user to LDAP.
protected javax.naming.ldap.LdapName	asLdapGroupName(java.lang.String dn, java.lang.String groupName) Convenience method to convert group DN to LdapName, throwing a GNFE with the supplied group name if unable to construct the LdapName.
protected <T extends LDAPDirectoryEntity> javax.naming.ldap.LdapName	asLdapName(java.lang.String dn, java.lang.String entityName, java.lang.Class<T> entityClass) This method is required to wrap DN's into LdapNames as spring-ldap doesn't correctly handle operations with String dn arguments.
protected javax.naming.ldap.LdapName	asLdapUserName(java.lang.String dn, java.lang.String userName) Convenience method to convert user DN to LdapName, throwing a GNFE with the supplied user name if unable to construct the LdapName.
User	authenticate(java.lang.String name, PasswordCredential credential) Authenticates a user with the directory store.
protected abstract java.lang.Object	encodePassword(java.lang.String unencodedPassword) Given an plain-text password, encodes/encrypts it according to the settings required by the particular directory connector.
<T extends LDAPDirectoryEntity> T	findEntityByDN(java.lang.String dn, java.lang.Class<T> entityClass) Finds a directory entity (principal, group or role) by their distinguished name.
protected <T extends LDAPDirectoryEntity> T	findEntityByDN(java.lang.String dn, java.lang.String baseDN, java.lang.String filter, org.springframework.ldap.core.ContextMapper contextMapper, java.lang.Class<T> entityClass)
LDAPGroupWithAttributes	findGroupByName(java.lang.String name) Finds the group that matches the supplied name.
protected LDAPGroupWithAttributes	findGroupByNameAndType(java.lang.String name, GroupType groupType)
LDAPGroupWithAttributes	findGroupWithAttributesByName(java.lang.String name) Finds the group that matches the supplied name.
LDAPUserWithAttributes	findUserByName(java.lang.String name) Finds the user that matches the supplied name.
LDAPUserWithAttributes	findUserWithAttributesByName(java.lang.String name) Finds the user that matches the supplied name.
boolean	getAttributeAsBoolean(java.lang.String name, boolean defaultValue)
long	getAttributeAsLong(java.lang.String name, long defaultValue)
protected java.util.Map<java.lang.String,java.lang.String>	getBaseEnvironmentProperties() Returns the properties used to set up the Ldap ContextSource.
org.springframework.ldap.core.ContextSource	getContextSource() Exposed so that delegated directories can get a handle on the underlying LDAP context.
protected java.util.List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected java.util.List<AttributeMapper>	getCustomUserAttributeMappers()
long	getDirectoryId() Gets the internal unique directoryId of the directory store.
protected Encoder	getEncoder() Returns an Encoder that escapes LDAP special characters for use in object names and in DNs.
org.springframework.ldap.core.ContextMapper	getGroupContextMapper(GroupType groupType) Returns a ContextMapper ready to translate LDAP objects into Groups and fetches all member objects.
protected java.lang.String	getInitialGroupMemberDN() Returns the default container member DN.
java.util.Set<java.lang.String>	getKeys() Gets all the keys of the attributes.
LDAPPropertiesMapper	getLdapPropertiesMapper()
protected javax.naming.directory.Attributes	getNewGroupAttributes(Group group)
protected void	getNewGroupDirectorySpecificAttributes(Group group, javax.naming.directory.Attributes attributes) Populates attributes object with directory-specific attributes.
protected javax.naming.directory.Attributes	getNewUserAttributes(User user, PasswordCredential credential) Translates the User into LDAP attributes, in preparation for creating a new user.
protected void	getNewUserDirectorySpecificAttributes(User user, javax.naming.directory.Attributes attributes) Populates attributes object with directory-specific attributes.
SearchDN	getSearchDN()
protected java.lang.String	getStandardisedDN(javax.naming.Name dn)
protected javax.naming.directory.SearchControls	getSubTreeSearchControl()
org.springframework.ldap.core.ContextMapper	getUserContextMapper() Returns a ContextMapper that can transform a Context into a User.
java.lang.String	getValue(java.lang.String name) Returns any value associated with the given key, returns null if there is no value.
java.util.Set<java.lang.String>	getValues(java.lang.String name) Get all the values associated with a given key.
boolean	isEmpty()
boolean	isRolesDisabled() Expose whether the directory has roles disabled.
protected org.springframework.ldap.core.CollectingNameClassPairCallbackHandler	pageSearchResults(javax.naming.Name baseDN, java.lang.String filter, org.springframework.ldap.core.ContextMapper contextMapper, javax.naming.directory.SearchControls searchControls, org.springframework.ldap.core.DirContextProcessor ldapRequestControls, int maxResults) Performs a paged results search on an LDAP directory server searching using the LDAP paged results control option to fetch results in chunks rather than all at once.
protected java.util.List<LDAPGroupWithAttributes>	postprocessGroups(java.util.List<LDAPGroupWithAttributes> groups) Perform any post-processing on groups.
void	removeGroup(java.lang.String name) Removes the group that matches the supplied name.
void	removeGroupAttributes(java.lang.String groupName, java.lang.String attributeName) Removes all the values for a single attribute key for a group.
void	removeUser(java.lang.String name) Removes the user that matches the supplied name.
void	removeUserAttributes(java.lang.String username, java.lang.String attributeName) Removes all the values for a single attribute key for a user.
Group	renameGroup(java.lang.String oldName, java.lang.String newName) Renames a group.
User	renameUser(java.lang.String oldName, java.lang.String newName) Renames a user.
protected java.util.List	searchEntities(javax.naming.Name baseDN, java.lang.String filter, org.springframework.ldap.core.ContextMapper contextMapper, int startIndex, int maxResults) Executes a search with paging if paged results is supported.
protected java.util.List	searchEntitiesWithRequestControls(javax.naming.Name baseDN, java.lang.String filter, org.springframework.ldap.core.ContextMapper contextMapper, javax.naming.directory.SearchControls searchControls, org.springframework.ldap.core.DirContextProcessor ldapRequestControls, int startIndex, int maxResults)
protected java.util.List<LDAPGroupWithAttributes>	searchGroupObjects(EntityQuery query)
protected java.util.List<LDAPGroupWithAttributes>	searchGroupObjectsOfSpecifiedGroupType(EntityQuery query) This method expects that the query contains a non-null groupType in the entityDescriptor.
<T> java.util.List<T>	searchGroupRelationships(MembershipQuery<T> query) Searches for membership information.
protected abstract <T> java.util.List<T>	searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query) Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).
<T> java.util.List<T>	searchGroups(EntityQuery<T> query) Searches for groups that match the supplied query criteria.
protected java.util.List<LDAPUserWithAttributes>	searchUserObjects(EntityQuery query)
<T> java.util.List<T>	searchUsers(EntityQuery<T> query) Searches for users that match the supplied query criteria.
void	setAttributes(java.util.Map<java.lang.String,java.lang.String> attributes) Called by the DirectoryInstanceLoader after constructing an InternalDirectory.
void	setDirectoryId(long id) Called by the DirectoryInstanceLoader after constructing an InternalDirectory.
void	storeGroupAttributes(java.lang.String groupName, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> attributes) Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.
void	storeUserAttributes(java.lang.String username, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> attributes) Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.
boolean	supportsInactiveAccounts() Storing active/inactive flag for users in LDAP is currently not supported.
boolean	supportsNestedGroups() Allows us to only display nested-group related UI for directories that support it.
void	testConnection() Test if a connection to the directory server can be established.
protected <T extends LDAPDirectoryEntity> java.lang.RuntimeException	typedEntityNotFoundException(java.lang.String name, java.lang.Class<T> entityClass)
Group	updateGroup(GroupTemplate group) Updates the group.
User	updateUser(UserTemplate user) Updates the user.
void	updateUserCredential(java.lang.String name, PasswordCredential credential) Updates the password for a user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

addGroupToGroup, addUserToGroup, getDescriptiveName, isGroupDirectGroupMember, isUserDirectGroupMember, removeGroupFromGroup, removeUserFromGroup

Field Detail

DEFAULT_PAGE_SIZE

public static final int DEFAULT_PAGE_SIZE

See Also:

Constant Field Values

attributes

protected volatile AttributeValuesHolder attributes

ldapTemplate

protected volatile org.springframework.ldap.core.LdapTemplate ldapTemplate

contextSource

protected volatile org.springframework.ldap.core.ContextSource contextSource

nameConverter

protected volatile Converter nameConverter

searchDN

protected volatile SearchDN searchDN

ldapPropertiesMapper

protected volatile LDAPPropertiesMapper ldapPropertiesMapper

contextSourceTransactionManager

protected volatile org.springframework.ldap.transaction.compensating.manager.ContextSourceTransactionManager contextSourceTransactionManager

ldapQueryTranslater

protected final LDAPQueryTranslater ldapQueryTranslater

eventPublisher

protected final com.atlassian.event.api.EventPublisher eventPublisher

Constructor Detail

SpringLDAPConnector

public SpringLDAPConnector(LDAPQueryTranslater ldapQueryTranslater,
                           com.atlassian.event.api.EventPublisher eventPublisher,
                           InstanceFactory instanceFactory)

Method Detail

getDirectoryId

public long getDirectoryId()

Description copied from interface: RemoteDirectory

Gets the internal unique directoryId of the directory store.

Specified by:

getDirectoryId in interface RemoteDirectory

Returns:

The directoryId.

setDirectoryId

public void setDirectoryId(long id)

Called by the DirectoryInstanceLoader after constructing an InternalDirectory.

Specified by:

setDirectoryId in interface RemoteDirectory

Parameters:

id - The unique id of the Directory stored in the database.

setAttributes

public void setAttributes(java.util.Map<java.lang.String,java.lang.String> attributes)

Called by the DirectoryInstanceLoader after constructing an InternalDirectory.

Specified by:

setAttributes in interface RemoteDirectory

Parameters:

attributes - attributes map.

getContextSource

public org.springframework.ldap.core.ContextSource getContextSource()

Exposed so that delegated directories can get a handle on the underlying LDAP context.

Returns:

ContextSource.

getLdapPropertiesMapper

public LDAPPropertiesMapper getLdapPropertiesMapper()

getValues

public java.util.Set<java.lang.String> getValues(java.lang.String name)

Description copied from interface: Attributes

Get all the values associated with a given key. Duplicate values are not allowed, and this should be enforced case-insensitively to match the behaviour of LDAP servers. Will return null if the key does not exist.

Specified by:

getValues in interface Attributes

Parameters:

name - the key to retrieve the values for

Returns:

the values associated with the given key, or null if the key does not exist.

getValue

public java.lang.String getValue(java.lang.String name)

Description copied from interface: Attributes

Returns any value associated with the given key, returns null if there is no value.

Specified by:

getValue in interface Attributes

Parameters:

name - the key to retrieve the value for

Returns:

any value associated with the given key, or null if there is no value

isEmpty

public boolean isEmpty()

Specified by:

isEmpty in interface Attributes

Returns:

true if there are no attributes

getAttributeAsLong

public long getAttributeAsLong(java.lang.String name,
                               long defaultValue)

getAttributeAsBoolean

public boolean getAttributeAsBoolean(java.lang.String name,
                                     boolean defaultValue)

getKeys

public java.util.Set<java.lang.String> getKeys()

Description copied from interface: Attributes

Gets all the keys of the attributes. Warning: case-insensitive keys are currently no enforced, however this is the case for LDAP, so this may be implemented in the future.

Specified by:

getKeys in interface Attributes

Returns:

a set of all the keys.

getSearchDN

public SearchDN getSearchDN()

getSubTreeSearchControl

protected javax.naming.directory.SearchControls getSubTreeSearchControl()

getEncoder

protected Encoder getEncoder()

Returns an Encoder that escapes LDAP special characters for use in object names and in DNs.

Returns:

an Encoder that escapes LDAP special characters for use in object names and in DNs.

getBaseEnvironmentProperties

protected java.util.Map<java.lang.String,java.lang.String> getBaseEnvironmentProperties()

Returns the properties used to set up the Ldap ContextSource.

Returns:

the properties used to set up the Ldap ContextSource.

pageSearchResults

protected org.springframework.ldap.core.CollectingNameClassPairCallbackHandler pageSearchResults(javax.naming.Name baseDN,
                                                                                                 java.lang.String filter,
                                                                                                 org.springframework.ldap.core.ContextMapper contextMapper,
                                                                                                 javax.naming.directory.SearchControls searchControls,
                                                                                                 org.springframework.ldap.core.DirContextProcessor ldapRequestControls,
                                                                                                 int maxResults)
                                                                                          throws OperationFailedException

Performs a paged results search on an LDAP directory server searching using the LDAP paged results control option to fetch results in chunks rather than all at once.

Parameters:

baseDN - The DN to beging the search from.

filter - The search filter.

contextMapper - Maps from LDAP search results into objects such as Groups.

searchControls - The LDAP search scope type.

ldapRequestControls - Any LDAP request controls (set to null if you do not need additional request controls for the search).

maxResults - maximum number of results to return. Set to -1 if no result limiting is desired (WARNING: doing so is obviously a hazard).

Returns:

The search results.

Throws:

OperationFailedException - Search failed due to a communication error to the remote directory

searchEntities

protected java.util.List searchEntities(javax.naming.Name baseDN,
                                        java.lang.String filter,
                                        org.springframework.ldap.core.ContextMapper contextMapper,
                                        int startIndex,
                                        int maxResults)
                                 throws OperationFailedException

Executes a search with paging if paged results is supported.

Parameters:

baseDN - base DN of search.

filter - encoded LDAP search filter.

contextMapper - directory context to object mapper.

startIndex - index to start at. Set to 0 to start from the first result.

maxResults - maximum number of results to return. Set to -1 if no result limiting is desired (WARNING: doing so is obviously a hazard).

Returns:

list of entities of type corresponding to the contextMapper's output.

Throws:

OperationFailedException - a Communication error occurred when trying to talk to a remote directory

searchEntitiesWithRequestControls

protected java.util.List searchEntitiesWithRequestControls(javax.naming.Name baseDN,
                                                           java.lang.String filter,
                                                           org.springframework.ldap.core.ContextMapper contextMapper,
                                                           javax.naming.directory.SearchControls searchControls,
                                                           org.springframework.ldap.core.DirContextProcessor ldapRequestControls,
                                                           int startIndex,
                                                           int maxResults)
                                                    throws OperationFailedException

Throws:

OperationFailedException

getUserContextMapper

public org.springframework.ldap.core.ContextMapper getUserContextMapper()

Returns a ContextMapper that can transform a Context into a User.

Returns:

a ContextMapper that can transform a Context into a User.

getCustomUserAttributeMappers

protected java.util.List<AttributeMapper> getCustomUserAttributeMappers()

Returns:

a collection of custom attribbute mappers. By default just return an empty list.

getGroupContextMapper

public org.springframework.ldap.core.ContextMapper getGroupContextMapper(GroupType groupType)

Returns a ContextMapper ready to translate LDAP objects into Groups and fetches all member objects.

Parameters:

groupType - the GroupType

Returns:

a ContextMapper ready to translate LDAP objects into Groups and fetches all member objects

getCustomGroupAttributeMappers

protected java.util.List<AttributeMapper> getCustomGroupAttributeMappers()

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

findUserByName

public LDAPUserWithAttributes findUserByName(java.lang.String name)
                                      throws UserNotFoundException,
                                             OperationFailedException

Description copied from interface: RemoteDirectory

Finds the user that matches the supplied name.

Specified by:

findUserByName in interface RemoteDirectory

Parameters:

name - the name of the user (username).

Returns:

user entity.

Throws:

UserNotFoundException - a user with the supplied name does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

findUserWithAttributesByName

public LDAPUserWithAttributes findUserWithAttributesByName(java.lang.String name)
                                                    throws UserNotFoundException,
                                                           OperationFailedException

Description copied from interface: RemoteDirectory

Finds the user that matches the supplied name.

Specified by:

findUserWithAttributesByName in interface RemoteDirectory

Parameters:

name - the name of the user (username).

Returns:

user entity with attributes.

Throws:

UserNotFoundException - a user with the supplied name does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

searchUserObjects

protected java.util.List<LDAPUserWithAttributes> searchUserObjects(EntityQuery query)
                                                            throws OperationFailedException,
                                                                   java.lang.IllegalArgumentException

Throws:

OperationFailedException

java.lang.IllegalArgumentException

removeUser

public void removeUser(java.lang.String name)
                throws UserNotFoundException,
                       OperationFailedException

Description copied from interface: RemoteDirectory

Removes the user that matches the supplied name.

Specified by:

removeUser in interface RemoteDirectory

Parameters:

name - The name of the user (username).

Throws:

UserNotFoundException - The user does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

updateUserCredential

public void updateUserCredential(java.lang.String name,
                                 PasswordCredential credential)
                          throws InvalidCredentialException,
                                 UserNotFoundException,
                                 OperationFailedException

Description copied from interface: RemoteDirectory

Updates the password for a user.

Specified by:

updateUserCredential in interface RemoteDirectory

Parameters:

name - The name of the user (username).

credential - The new credential (password).

Throws:

InvalidCredentialException - The supplied credential is invalid.

UserNotFoundException - The user does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

renameUser

public User renameUser(java.lang.String oldName,
                       java.lang.String newName)
                throws UserNotFoundException,
                       InvalidUserException,
                       OperationFailedException

Description copied from interface: RemoteDirectory

Renames a user.

Specified by:

renameUser in interface RemoteDirectory

Parameters:

oldName - name of existing user.

newName - desired name of user.

Returns:

renamed user.

Throws:

UserNotFoundException - if the user with the existing name does not exist.

InvalidUserException - if the new username is invalid.

OperationFailedException - if the underlying directory implementation failed to execute the operation.

storeUserAttributes

public void storeUserAttributes(java.lang.String username,
                                java.util.Map<java.lang.String,java.util.Set<java.lang.String>> attributes)
                         throws UserNotFoundException,
                                OperationFailedException

Description copied from interface: RemoteDirectory

Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing

Attributes with values of empty sets are not added (these attributes are effectively removed).

Specified by:

storeUserAttributes in interface RemoteDirectory

Parameters:

username - name of user to update.

attributes - new or updated attributes (attributes that don't need changing should not appear in this Map).

Throws:

UserNotFoundException - user with supplied username does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeUserAttributes

public void removeUserAttributes(java.lang.String username,
                                 java.lang.String attributeName)
                          throws UserNotFoundException,
                                 OperationFailedException

Description copied from interface: RemoteDirectory

Removes all the values for a single attribute key for a user. If the attribute key does not exist nothing will happen.

Specified by:

removeUserAttributes in interface RemoteDirectory

Parameters:

username - name of the user to update.

attributeName - name of attribute to remove.

Throws:

UserNotFoundException - user with supplied username does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

getNewUserAttributes

protected javax.naming.directory.Attributes getNewUserAttributes(User user,
                                                                 PasswordCredential credential)
                                                          throws InvalidCredentialException,
                                                                 org.springframework.ldap.NamingException

Translates the User into LDAP attributes, in preparation for creating a new user.

Parameters:

user - The user object to translate into LDAP attributes

credential - raw password.

Returns:

An Attributes object populated with directory-specific information.

Throws:

InvalidCredentialException - The password, if supplied, was invalid in some manner.

org.springframework.ldap.NamingException - If the User could not be translated to an Attributes

getNewUserDirectorySpecificAttributes

protected void getNewUserDirectorySpecificAttributes(User user,
                                                     javax.naming.directory.Attributes attributes)

Populates attributes object with directory-specific attributes. Overrider of this method can take advantage of the default group attributes mapping logic in {#getNewUserAttributes(User)}. Note that the attribute values supplied here will be used raw. This entails that overrider is responsible for supplying values in a format supported by the directory. In some directory implementations, for example, a blank string ("") is considered illegal. Overrider thus would have to make sure the method does not generate a value as such.

Parameters:

user - (potential) source of information that needs to be added.

attributes - attributes to add directory-specific information to.

addUser

public LDAPUserWithAttributes addUser(UserTemplate user,
                                      PasswordCredential credential)
                               throws InvalidUserException,
                                      InvalidCredentialException,
                                      OperationFailedException

Adds a user to LDAP.

If the displayName on the user is blank, then the

Specified by:

addUser in interface RemoteDirectory

Parameters:

user - template of the user to add.

credential - password.

Returns:

LDAP user retrieved from LDAP after successfully adding the user to LDAP.

Throws:

InvalidUserException - if the user to create was deemed invalid by the LDAP server or already exists.

InvalidCredentialException - if the password credential was deemed invalid by the password encoder.

OperationFailedException - if we were unable to add the user to LDAP.

addDefaultSnToUserAttributes

protected void addDefaultSnToUserAttributes(javax.naming.directory.Attributes attrs,
                                            java.lang.String defaultSnValue)

A default install of many directory servers (inc. Sun DSEE 6.2 and Apache DS 1.0.2) requires the following to be set before user creation is allowed: objectClass -> inetorgperson cn -> sn -> If a call is being made from an external system (eg JIRA), the user is created with the bare minimum of attributes, then later updated. We need to make sure to add sn if it's not present in the information provided.

Parameters:

attrs - The LDAP user attributes to be checked and potentially updated.

defaultSnValue - default lastname/surname value

addDefaultValueToUserAttributesForAttribute

protected void addDefaultValueToUserAttributesForAttribute(java.lang.String attributeName,
                                                           javax.naming.directory.Attributes attrs,
                                                           java.lang.String defaultValue)

findEntityByDN

public <T extends LDAPDirectoryEntity> T findEntityByDN(java.lang.String dn,
                                                        java.lang.Class<T> entityClass)
                                             throws UserNotFoundException,
                                                    GroupNotFoundException,
                                                    OperationFailedException

Description copied from interface: LDAPDirectory

Finds a directory entity (principal, group or role) by their distinguished name.

The object class of an entity is used to determine the entity type.

If an object represents both a group and role, then the object is mapped to a group.

Specified by:

findEntityByDN in interface LDAPDirectory

Parameters:

dn - standardised disinguished name.

entityClass - class of the entity to find (either LDAPUserWithAttributes or LDAPGroupWithAttributes).

Returns:

directory entity corresponding to DN.

Throws:

UserNotFoundException - if a user does not exist at the specified DN or the DN does not exist in the directory. This will also be thrown if the entity DOES exist but does not match the base DN or object filter for the entity type.

GroupNotFoundException - if a user does not exist at the specified DN or the DN does not exist in the directory. This will also be thrown if the entity DOES exist but does not match the base DN or object filter for the entity type.

OperationFailedException - if underlying directory implementation failed to execute the operation.

typedEntityNotFoundException

protected <T extends LDAPDirectoryEntity> java.lang.RuntimeException typedEntityNotFoundException(java.lang.String name,
                                                                                                  java.lang.Class<T> entityClass)
                                                           throws UserNotFoundException,
                                                                  GroupNotFoundException

Throws:

UserNotFoundException

GroupNotFoundException

findEntityByDN

protected <T extends LDAPDirectoryEntity> T findEntityByDN(java.lang.String dn,
                                                           java.lang.String baseDN,
                                                           java.lang.String filter,
                                                           org.springframework.ldap.core.ContextMapper contextMapper,
                                                           java.lang.Class<T> entityClass)
                                                throws UserNotFoundException,
                                                       GroupNotFoundException,
                                                       OperationFailedException

Throws:

UserNotFoundException

GroupNotFoundException

OperationFailedException

updateUser

public User updateUser(UserTemplate user)
                throws UserNotFoundException,
                       OperationFailedException

Description copied from interface: RemoteDirectory

Updates the user.

Specified by:

updateUser in interface RemoteDirectory

Parameters:

user - The user to update.

Returns:

the updated user retrieved from the underlying store.

Throws:

UserNotFoundException - the user does not exist in the directory store.

OperationFailedException - underlying directory implementation failed to execute the operation.

searchUsers

public <T> java.util.List<T> searchUsers(EntityQuery<T> query)
                              throws OperationFailedException

Description copied from interface: RemoteDirectory

Searches for users that match the supplied query criteria.

Specified by:

searchUsers in interface RemoteDirectory

Parameters:

query - EntityQuery for Entity.USER.

Returns:

List<User> or List<String> of users/usernames matching the search criteria. An empty List will be returned if no users matching the criteria are found.

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation

authenticate

public User authenticate(java.lang.String name,
                         PasswordCredential credential)
                  throws InvalidAuthenticationException,
                         UserNotFoundException,
                         OperationFailedException

Description copied from interface: RemoteDirectory

Authenticates a user with the directory store.

Specified by:

authenticate in interface RemoteDirectory

Parameters:

name - The name of the user (username).

credential - The supplied credentials (password).

Returns:

The populated user if the authentication is valid.

Throws:

InvalidAuthenticationException - Authentication with the provided credentials failed.

UserNotFoundException - The user wth the supplied name does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

findGroupByName

public LDAPGroupWithAttributes findGroupByName(java.lang.String name)
                                        throws GroupNotFoundException,
                                               OperationFailedException

Description copied from interface: RemoteDirectory

Finds the group that matches the supplied name.

Specified by:

findGroupByName in interface RemoteDirectory

Parameters:

name - the name of the group.

Returns:

group entity.

Throws:

GroupNotFoundException - a group with the supplied name does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

findGroupWithAttributesByName

public LDAPGroupWithAttributes findGroupWithAttributesByName(java.lang.String name)
                                                      throws GroupNotFoundException,
                                                             OperationFailedException

Description copied from interface: RemoteDirectory

Finds the group that matches the supplied name.

Specified by:

findGroupWithAttributesByName in interface RemoteDirectory

Parameters:

name - the name of the group.

Returns:

group entity with attributes.

Throws:

GroupNotFoundException - a group with the supplied name does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

findGroupByNameAndType

protected LDAPGroupWithAttributes findGroupByNameAndType(java.lang.String name,
                                                         GroupType groupType)
                                                  throws GroupNotFoundException,
                                                         OperationFailedException

Throws:

GroupNotFoundException

OperationFailedException

searchGroupObjectsOfSpecifiedGroupType

protected java.util.List<LDAPGroupWithAttributes> searchGroupObjectsOfSpecifiedGroupType(EntityQuery query)
                                                                                  throws OperationFailedException

This method expects that the query contains a non-null groupType in the entityDescriptor.

Parameters:

query - search query.

Returns:

list of results.

Throws:

OperationFailedException - represents a Communication error when trying to talk to a remote directory

searchGroupObjects

protected java.util.List<LDAPGroupWithAttributes> searchGroupObjects(EntityQuery query)
                                                              throws OperationFailedException

Throws:

OperationFailedException

searchGroups

public <T> java.util.List<T> searchGroups(EntityQuery<T> query)
                               throws OperationFailedException

Description copied from interface: RemoteDirectory

Searches for groups that match the supplied query criteria.

Specified by:

searchGroups in interface RemoteDirectory

Parameters:

query - EntityQuery for Entity.GROUP.

Returns:

List or List of groups/groupnames matching the search criteria. An empty List will be returned if no groups matching the criteria are found.

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation

postprocessGroups

protected java.util.List<LDAPGroupWithAttributes> postprocessGroups(java.util.List<LDAPGroupWithAttributes> groups)

Perform any post-processing on groups.

Parameters:

groups - to post-process

Returns:

list of groups that have been processed if required

getNewGroupAttributes

protected javax.naming.directory.Attributes getNewGroupAttributes(Group group)
                                                           throws org.springframework.ldap.NamingException

Throws:

org.springframework.ldap.NamingException

getNewGroupDirectorySpecificAttributes

protected void getNewGroupDirectorySpecificAttributes(Group group,
                                                      javax.naming.directory.Attributes attributes)

Populates attributes object with directory-specific attributes. Overrider of this method can take advantage of the default group attributes mapping logic in {#getNewGroupAttributes(Group)}. Note that the attribute values supplied here will be used raw. This entails that overrider is responsible for supplying values in a format supported by the directory. In some directory implementations, for example, a blank string ("") is considered illegal. Overrider thus would have to make sure the method does not generate a value as such.

Parameters:

group - (potential) source of information that needs to be added.

attributes - attributes to add directory-specific information to.

getInitialGroupMemberDN

protected java.lang.String getInitialGroupMemberDN()

Returns the default container member DN.

If this method returns null or blank string, no member DN will be added.

Returns:

empty member.

addGroup

public Group addGroup(GroupTemplate group)
               throws InvalidGroupException,
                      OperationFailedException

Description copied from interface: RemoteDirectory

Adds a group to the directory store.

Specified by:

addGroup in interface RemoteDirectory

Parameters:

group - template of the group to add.

Returns:

the added group retrieved from the underlying store.

Throws:

InvalidGroupException - The supplied group is invalid.

OperationFailedException - underlying directory implementation failed to execute the operation.

updateGroup

public Group updateGroup(GroupTemplate group)
                  throws GroupNotFoundException,
                         OperationFailedException

Description copied from interface: RemoteDirectory

Updates the group.

Specified by:

updateGroup in interface RemoteDirectory

Parameters:

group - The group to update.

Returns:

the updated group retrieved from the underlying store.

Throws:

GroupNotFoundException - the group does not exist in the directory store.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeGroup

public void removeGroup(java.lang.String name)
                 throws GroupNotFoundException,
                        OperationFailedException

Description copied from interface: RemoteDirectory

Removes the group that matches the supplied name.

Specified by:

removeGroup in interface RemoteDirectory

Parameters:

name - The name of the group.

Throws:

GroupNotFoundException - The group does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

renameGroup

public Group renameGroup(java.lang.String oldName,
                         java.lang.String newName)
                  throws GroupNotFoundException,
                         InvalidGroupException,
                         OperationFailedException

Description copied from interface: RemoteDirectory

Renames a group.

Specified by:

renameGroup in interface RemoteDirectory

Parameters:

oldName - name of existing group.

newName - desired name of group.

Returns:

renamed group.

Throws:

GroupNotFoundException - if the group with the existing name does not exist.

InvalidGroupException - if the new groupname is invalid or already exists in the directory.

OperationFailedException - if the underlying directory implementation failed to execute the operation.

storeGroupAttributes

public void storeGroupAttributes(java.lang.String groupName,
                                 java.util.Map<java.lang.String,java.util.Set<java.lang.String>> attributes)
                          throws GroupNotFoundException,
                                 OperationFailedException

Description copied from interface: RemoteDirectory

Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing

Attributes with values of empty sets are not added (these attributes are effectively removed).

Specified by:

storeGroupAttributes in interface RemoteDirectory

Parameters:

groupName - name of group to update.

attributes - new or updated attributes (attributes that don't need changing should not appear in this Map).

Throws:

GroupNotFoundException - group with supplied groupName does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeGroupAttributes

public void removeGroupAttributes(java.lang.String groupName,
                                  java.lang.String attributeName)
                           throws GroupNotFoundException,
                                  OperationFailedException

Description copied from interface: RemoteDirectory

Removes all the values for a single attribute key for a group.

Specified by:

removeGroupAttributes in interface RemoteDirectory

Parameters:

groupName - name of the group to update.

attributeName - name of attribute to remove.

Throws:

GroupNotFoundException - group with supplied groupName does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

searchGroupRelationships

public <T> java.util.List<T> searchGroupRelationships(MembershipQuery<T> query)
                                           throws OperationFailedException

Description copied from interface: RemoteDirectory

Searches for membership information.

Specified by:

searchGroupRelationships in interface RemoteDirectory

Parameters:

query - query for memberships.

Returns:

a List of Users or Groups or Strings depending on the query criteria. An empty List if there are no results.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

searchGroupRelationshipsWithGroupTypeSpecified

protected abstract <T> java.util.List<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)
                                                                             throws OperationFailedException

Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Parameters:

query - membership query with all GroupType's not null.

Returns:

list of members or memberships depending on the query.

Throws:

OperationFailedException - if the operation failed due to a communication error with the remote directory, or if the query is invalid

encodePassword

protected abstract java.lang.Object encodePassword(java.lang.String unencodedPassword)
                                            throws InvalidCredentialException

Given an plain-text password, encodes/encrypts it according to the settings required by the particular directory connector. Return type should be either String or byte[].

Parameters:

unencodedPassword - The password to be transformed

Returns:

An encoded password, suitable for passing to the directory.

Throws:

InvalidCredentialException - If the password could not be converted.

supportsNestedGroups

public boolean supportsNestedGroups()

Description copied from interface: RemoteDirectory

Allows us to only display nested-group related UI for directories that support it.

Specified by:

supportsNestedGroups in interface RemoteDirectory

Returns:

true if the directory can handle having a group added to a group.

isRolesDisabled

public boolean isRolesDisabled()

Description copied from interface: RemoteDirectory

Expose whether the directory has roles disabled. Always true for directory that don't allow disabling.

Specified by:

isRolesDisabled in interface RemoteDirectory

Returns:

true if the directory has roles manually disabled.

testConnection

public void testConnection()
                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Test if a connection to the directory server can be established.

Specified by:

testConnection in interface RemoteDirectory

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

getStandardisedDN

protected java.lang.String getStandardisedDN(javax.naming.Name dn)
                                      throws OperationFailedException

Throws:

OperationFailedException

asLdapName

protected <T extends LDAPDirectoryEntity> javax.naming.ldap.LdapName asLdapName(java.lang.String dn,
                                                                                java.lang.String entityName,
                                                                                java.lang.Class<T> entityClass)
                                         throws UserNotFoundException,
                                                GroupNotFoundException

This method is required to wrap DN's into LdapNames as spring-ldap doesn't correctly handle operations with String dn arguments.

This mainly affects the escaping of slashes in DNs.

The resulting javax.naming.Name is not designed to be used for caching or comparisons, rather, it is to be used for direct calls into spring-ldap's ldapTemplate.

Parameters:

dn - string version of DN.

entityName - used if NotFoundException needs to be thrown.

entityClass - in case there is a problem converting the dn into an LdapName a NotFoundException of this type (group/user) will be thrown. Must implement User or Group, otherwise an IllegalArgumentException will be thrown.

Returns:

LdapName for use with spring-ldap.

Throws:

UserNotFoundException - unable to construct LdapName for User.

GroupNotFoundException - unable to construct LdapName for Group.

asLdapGroupName

protected javax.naming.ldap.LdapName asLdapGroupName(java.lang.String dn,
                                                     java.lang.String groupName)
                                              throws GroupNotFoundException

Convenience method to convert group DN to LdapName, throwing a GNFE with the supplied group name if unable to construct the LdapName.

Parameters:

dn - DN of the Group.

groupName - for GNFE exception.

Returns:

LdapName for DN.

Throws:

GroupNotFoundException - unable to construct LdapName.

asLdapUserName

protected javax.naming.ldap.LdapName asLdapUserName(java.lang.String dn,
                                                    java.lang.String userName)
                                             throws UserNotFoundException

Convenience method to convert user DN to LdapName, throwing a GNFE with the supplied user name if unable to construct the LdapName.

Parameters:

dn - DN of the User.

userName - for GNFE exception.

Returns:

LdapName for DN.

Throws:

UserNotFoundException - unable to construct LdapName.

supportsInactiveAccounts

public boolean supportsInactiveAccounts()

Storing active/inactive flag for users in LDAP is currently not supported.

Specified by:

supportsInactiveAccounts in interface RemoteDirectory

Returns:

false