com.atlassian.crowd.directory
Class RFC4519Directory

java.lang.Object
  com.atlassian.crowd.directory.SpringLDAPConnector
      com.atlassian.crowd.directory.RFC4519Directory

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

Direct Known Subclasses:

ApacheDS, MicrosoftActiveDirectory, NovelleDirectory, OpenLDAP, SunONE

public abstract class RFC4519Directory
extends SpringLDAPConnector

Read-write, nesting-aware implementation of RFC4519 user-group membership interactions.

A user is a member of a group if either: - the DN of user is present in the collection of member attribute values of the group - the user has a memberOf attribute which contains the DN of the group (must be enabled via LDAPPropertiesMapper)

See Also:

RFC2307GidNumberMapper, RFC2307MemberUidMapper

Field Summary

Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN

Constructor Summary

RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)

Method Summary

void	addGroupToGroup(String childGroup, String parentGroup) Adds a group as a member of a parent group.
void	addUserToGroup(String username, String groupName) Adds a user as a member of a group.
Iterable<LdapName>	findDirectMembersOfGroup(LdapName groupDn)
protected List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected List<AttributeMapper>	getCustomUserAttributeMappers()
protected List<AttributeMapper>	getMemberDnMappers()
Iterable<Membership>	getMemberships() Get an iterable view of the available group memberships.
boolean	isGroupDirectGroupMember(String childGroup, String parentGroup) Determines if a group is a direct member of another group.
boolean	isUserDirectGroupMember(String username, String groupName) Determines if a user is a direct member of a group.
void	removeGroupFromGroup(String childGroup, String parentGroup) Removes a group as a member of a parent group.
void	removeUserFromGroup(String username, String groupName) Removes a user as a member of a group.
protected <T> Iterable<T>	searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query) Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, encodePassword, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getBaseEnvironmentProperties, getContextSource, getDirectoryId, getGroupContextMapper, getInitialGroupMemberDN, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewGroupDirectorySpecificAttributes, getNewUserAttributes, getNewUserDirectorySpecificAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControls, getUserContextMapper, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, postprocessGroups, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsInactiveAccounts, supportsNestedGroups, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

getDescriptiveName

Constructor Detail

RFC4519Directory

public RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater,
                        com.atlassian.event.api.EventPublisher eventPublisher,
                        InstanceFactory instanceFactory)

Method Detail

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()

Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class SpringLDAPConnector

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers()

Overrides:

getCustomUserAttributeMappers in class SpringLDAPConnector

Returns:

a collection of custom attribute mappers. By default just return an empty list.

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException

Description copied from interface: RemoteDirectory

Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

username - name of user.

groupName - name of group.

Returns:

true iff the user is a direct member of the group.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(String childGroup,
                                        String parentGroup)
                                 throws OperationFailedException

Description copied from interface: RemoteDirectory

Determines if a group is a direct member of another group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

childGroup - name of child group.

parentGroup - name of parent group.

Returns:

true iff the childGroup is a direct member of the parentGroup.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws GroupNotFoundException,
                           OperationFailedException,
                           UserNotFoundException

Description copied from interface: RemoteDirectory

Adds a user as a member of a group. This means that all user members of childGroup will appear as members of parentGroup to querying applications.

Parameters:

username - The user that will become a member of groupName

groupName - The group that will gain a new member.

Throws:

GroupNotFoundException - If the group cannot be found.

OperationFailedException - underlying directory implementation failed to execute the operation.

UserNotFoundException - If the user cannot be found.

addGroupToGroup

public void addGroupToGroup(String childGroup,
                            String parentGroup)
                     throws GroupNotFoundException,
                            InvalidMembershipException,
                            OperationFailedException

Description copied from interface: RemoteDirectory

Adds a group as a member of a parent group.

Parameters:

childGroup - The group that will become a member of parentGroup

parentGroup - The group that will gain a new member

Throws:

GroupNotFoundException - One or both of the groups cannot be found.

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws UserNotFoundException,
                                GroupNotFoundException,
                                MembershipNotFoundException,
                                OperationFailedException

Description copied from interface: RemoteDirectory

Removes a user as a member of a group.

Parameters:

username - The user that will be removed from parentGroup

groupName - The group that will lose the member.

Throws:

UserNotFoundException - If the user cannot be found.

GroupNotFoundException - If the group cannot be found.

MembershipNotFoundException - if the user is not a direct member of the group.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeGroupFromGroup

public void removeGroupFromGroup(String childGroup,
                                 String parentGroup)
                          throws GroupNotFoundException,
                                 MembershipNotFoundException,
                                 InvalidMembershipException,
                                 OperationFailedException

Description copied from interface: RemoteDirectory

Removes a group as a member of a parent group.

Parameters:

childGroup - The group that will be removed from parentGroup

parentGroup - The group that will lose the member.

Throws:

GroupNotFoundException - One or both of the groups cannot be found.

MembershipNotFoundException - if the childGroup is not a direct member of the parentGroup.

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

OperationFailedException - underlying directory implementation failed to execute the operation.

getMemberships

public Iterable<Membership> getMemberships()
                                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.

If there is a failure in the underlying retrieval, the iterator may throw Membership.MembershipIterationException at runtime.

If the directory does not have a bulk call interface then a typical implementation would be:

 return new DirectoryMembershipsIterable(this);
 
 

Returns:

an iterable view of the available group memberships

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation

searchGroupRelationshipsWithGroupTypeSpecified

protected <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)
                                                              throws OperationFailedException

Description copied from class: SpringLDAPConnector

Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Specified by:

searchGroupRelationshipsWithGroupTypeSpecified in class SpringLDAPConnector

Parameters:

query - membership query with all GroupType's not null.

Returns:

list of members or memberships depending on the query.

Throws:

OperationFailedException - if the operation failed due to a communication error with the remote directory, or if the query is invalid

findDirectMembersOfGroup

public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
                                            throws OperationFailedException

Throws:

OperationFailedException