com.atlassian.crowd.directory
Class RFC4519Directory

java.lang.Object
  com.atlassian.crowd.directory.SpringLDAPConnector
      com.atlassian.crowd.directory.RFC4519Directory

All Implemented Interfaces:

LDAPDirectory, RemoteDirectory, Attributes

Direct Known Subclasses:

ApacheDS, MicrosoftActiveDirectory, NovelleDirectory, OpenLDAP, SunONE

public abstract class RFC4519Directory
extends SpringLDAPConnector

Read-write, nesting-aware implementation of RFC4519 user-group membership interactions.

A user is a member of a group if either: - the DN of user is present in the collection of member attribute values of the group - the user has a memberOf attribute which contains the DN of the group (must be enabled via LDAPPropertiesMapper)

See Also:

RFC2307GidNumberMapper, RFC2307MemberUidMapper

Field Summary

Fields inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

attributes, contextSource, contextSourceTransactionManager, DEFAULT_PAGE_SIZE, eventPublisher, ldapPropertiesMapper, ldapQueryTranslater, ldapTemplate, nameConverter, searchDN

Constructor Summary

RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater, com.atlassian.event.api.EventPublisher eventPublisher, InstanceFactory instanceFactory)

Method Summary

protected void	addDnToGroup(String dn, LDAPGroupWithAttributes group)
void	addGroupToGroup(String childGroup, String parentGroup) Adds a group as a member of a parent group.
void	addUserToGroup(String username, String groupName) Adds a user as a member of a group.
Iterable<LdapName>	findDirectMembersOfGroup(LdapName groupDn) This method is not part of RemoteDirectory's contract.
protected Iterable<String>	findGroupMembershipNames(MembershipQuery<String> query)
protected List<? extends LDAPGroupWithAttributes>	findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
protected <T> List<T>	findGroupMembershipsOfUserViaMemberOf(String username, int startIndex, int maxResults, com.atlassian.crowd.directory.RFC4519Directory.LookupByDn<T> mapper)
protected List<LDAPUserWithAttributes>	findUserMembersOfGroupViaMemberDN(String groupName, GroupType groupType, int startIndex, int maxResults)
protected Iterable<LDAPUserWithAttributes>	findUserMembersOfGroupViaMemberOf(String groupName, GroupType groupType, int startIndex, int maxResults)
protected List<AttributeMapper>	getCustomGroupAttributeMappers() As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).
protected List<AttributeMapper>	getCustomUserAttributeMappers()
protected static LdapName	getLdapName(LDAPDirectoryEntity entity)
protected List<AttributeMapper>	getMemberDnMappers()
Iterable<Membership>	getMemberships() Get an iterable view of the available group memberships.
protected boolean	isDnDirectGroupMember(String memberDN, LDAPGroupWithAttributes parentGroup)
boolean	isGroupDirectGroupMember(String childGroup, String parentGroup) Determines if a group is a direct member of another group.
boolean	isUserDirectGroupMember(String username, String groupName) Determines if a user is a direct member of a group.
protected void	removeDnFromGroup(String dn, LDAPGroupWithAttributes group)
void	removeGroupFromGroup(String childGroup, String parentGroup) Removes a group as a member of a parent group.
void	removeUserFromGroup(String username, String groupName) Removes a user as a member of a group.
protected <T> Iterable<T>	searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query) Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).
protected static <T> Iterable<T>	toGenericIterable(Iterable list) Converts an Iterable to a generic Iterable.

Methods inherited from class com.atlassian.crowd.directory.SpringLDAPConnector

addDefaultSnToUserAttributes, addDefaultValueToUserAttributesForAttribute, addGroup, addUser, asLdapGroupName, asLdapName, asLdapUserName, authenticate, createModificationItem, encodePassword, findEntityByDN, findEntityByDN, findGroupByName, findGroupByNameAndType, findGroupWithAttributesByName, findUserByExternalId, findUserByName, findUserWithAttributesByName, getAttributeAsBoolean, getAttributeAsLong, getAuthoritativeDirectory, getBaseEnvironmentProperties, getContextSource, getDirectoryId, getGroupContextMapper, getInitialGroupMemberDN, getKeys, getLdapPropertiesMapper, getNewGroupAttributes, getNewGroupDirectorySpecificAttributes, getNewUserAttributes, getNewUserDirectorySpecificAttributes, getSearchDN, getStandardisedDN, getSubTreeSearchControls, getUserContextMapper, getUserModificationItems, getValue, getValues, isEmpty, isRolesDisabled, pageSearchResults, postprocessGroups, removeGroup, removeGroupAttributes, removeUser, removeUserAttributes, renameGroup, renameUser, searchEntities, searchEntitiesWithRequestControls, searchGroupObjects, searchGroupObjectsOfSpecifiedGroupType, searchGroupRelationships, searchGroups, searchUserObjects, searchUsers, setAttributes, setDirectoryId, storeGroupAttributes, storeUserAttributes, supportsInactiveAccounts, supportsNestedGroups, testConnection, typedEntityNotFoundException, updateGroup, updateUser, updateUserCredential

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

getDescriptiveName

Constructor Detail

RFC4519Directory

public RFC4519Directory(LDAPQueryTranslater ldapQueryTranslater,
                        com.atlassian.event.api.EventPublisher eventPublisher,
                        InstanceFactory instanceFactory)

Method Detail

getCustomGroupAttributeMappers

protected List<AttributeMapper> getCustomGroupAttributeMappers()

Description copied from class: SpringLDAPConnector

As a minimum, this SHOULD provide an attribute mapper that maps the group members attribute (if available).

Overrides:

getCustomGroupAttributeMappers in class SpringLDAPConnector

Returns:

collection of custom attribute mappers (cannot be null but can be an empty list).

getMemberDnMappers

protected List<AttributeMapper> getMemberDnMappers()

getCustomUserAttributeMappers

protected List<AttributeMapper> getCustomUserAttributeMappers()

Overrides:

getCustomUserAttributeMappers in class SpringLDAPConnector

Returns:

a collection of custom attribute mappers. By default just return an empty list.

isDnDirectGroupMember

protected boolean isDnDirectGroupMember(String memberDN,
                                        LDAPGroupWithAttributes parentGroup)

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)
                                throws OperationFailedException

Description copied from interface: RemoteDirectory

Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

username - name of user.

groupName - name of group.

Returns:

true iff the user is a direct member of the group.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(String childGroup,
                                        String parentGroup)
                                 throws OperationFailedException

Description copied from interface: RemoteDirectory

Determines if a group is a direct member of another group. The directory is NOT expected to resolve any transitive group relationships.

Parameters:

childGroup - name of child group.

parentGroup - name of parent group.

Returns:

true iff the childGroup is a direct member of the parentGroup.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

addDnToGroup

protected void addDnToGroup(String dn,
                            LDAPGroupWithAttributes group)
                     throws OperationFailedException

Throws:

OperationFailedException

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws GroupNotFoundException,
                           OperationFailedException,
                           UserNotFoundException,
                           MembershipAlreadyExistsException

Description copied from interface: RemoteDirectory

Adds a user as a member of a group. This means that all user members of childGroup will appear as members of parentGroup to querying applications.

Parameters:

username - The user that will become a member of groupName

groupName - The group that will gain a new member.

Throws:

GroupNotFoundException - If the group cannot be found.

OperationFailedException - underlying directory implementation failed to execute the operation.

UserNotFoundException - If the user cannot be found.

MembershipAlreadyExistsException - if the user is already a member of the group

addGroupToGroup

public void addGroupToGroup(String childGroup,
                            String parentGroup)
                     throws GroupNotFoundException,
                            InvalidMembershipException,
                            OperationFailedException,
                            MembershipAlreadyExistsException

Description copied from interface: RemoteDirectory

Adds a group as a member of a parent group.

Parameters:

childGroup - The group that will become a member of parentGroup

parentGroup - The group that will gain a new member

Throws:

GroupNotFoundException - One or both of the groups cannot be found.

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

OperationFailedException - underlying directory implementation failed to execute the operation.

MembershipAlreadyExistsException - if the child group is already a child of the parent group

removeDnFromGroup

protected void removeDnFromGroup(String dn,
                                 LDAPGroupWithAttributes group)
                          throws OperationFailedException

Throws:

OperationFailedException

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws UserNotFoundException,
                                GroupNotFoundException,
                                MembershipNotFoundException,
                                OperationFailedException

Description copied from interface: RemoteDirectory

Removes a user as a member of a group.

Parameters:

username - The user that will be removed from parentGroup

groupName - The group that will lose the member.

Throws:

UserNotFoundException - If the user cannot be found.

GroupNotFoundException - If the group cannot be found.

MembershipNotFoundException - if the user is not a direct member of the group.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeGroupFromGroup

public void removeGroupFromGroup(String childGroup,
                                 String parentGroup)
                          throws GroupNotFoundException,
                                 MembershipNotFoundException,
                                 InvalidMembershipException,
                                 OperationFailedException

Description copied from interface: RemoteDirectory

Removes a group as a member of a parent group.

Parameters:

childGroup - The group that will be removed from parentGroup

parentGroup - The group that will lose the member.

Throws:

GroupNotFoundException - One or both of the groups cannot be found.

MembershipNotFoundException - if the childGroup is not a direct member of the parentGroup.

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

OperationFailedException - underlying directory implementation failed to execute the operation.

getMemberships

public Iterable<Membership> getMemberships()
                                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.

If there is a failure in the underlying retrieval, the iterator may throw Membership.MembershipIterationException at runtime.

If the directory does not have a bulk call interface then a typical implementation would be:

 return new DirectoryMembershipsIterable(this);
 
 

Returns:

an iterable view of the available group memberships

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation

getLdapName

protected static LdapName getLdapName(LDAPDirectoryEntity entity)
                               throws OperationFailedException

Parameters:

entity - an LDAP entity

Returns:

the LdapName of the entity

Throws:

OperationFailedException - if the entity DN cannot be parsed

searchGroupRelationshipsWithGroupTypeSpecified

protected <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> query)
                                                              throws OperationFailedException

Description copied from class: SpringLDAPConnector

Execute the search for group relationships given that a group of type GROUP or LEGACY_ROLE has been specified in the EntityDescriptor for the group(s).

Specified by:

searchGroupRelationshipsWithGroupTypeSpecified in class SpringLDAPConnector

Parameters:

query - membership query with all GroupType's not null.

Returns:

list of members or memberships depending on the query.

Throws:

OperationFailedException - if the operation failed due to a communication error with the remote directory, or if the query is invalid

findGroupMemberships

protected List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> query)
                                                                throws OperationFailedException

Throws:

OperationFailedException

findGroupMembershipNames

protected Iterable<String> findGroupMembershipNames(MembershipQuery<String> query)
                                             throws OperationFailedException

Throws:

OperationFailedException

findGroupMembershipsOfUserViaMemberOf

protected <T> List<T> findGroupMembershipsOfUserViaMemberOf(String username,
                                                            int startIndex,
                                                            int maxResults,
                                                            com.atlassian.crowd.directory.RFC4519Directory.LookupByDn<T> mapper)
                                                 throws OperationFailedException

Throws:

OperationFailedException

findUserMembersOfGroupViaMemberDN

protected List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String groupName,
                                                                         GroupType groupType,
                                                                         int startIndex,
                                                                         int maxResults)
                                                                  throws OperationFailedException

Throws:

OperationFailedException

findUserMembersOfGroupViaMemberOf

protected Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String groupName,
                                                                             GroupType groupType,
                                                                             int startIndex,
                                                                             int maxResults)
                                                                      throws OperationFailedException

Throws:

OperationFailedException

toGenericIterable

protected static <T> Iterable<T> toGenericIterable(Iterable list)

Converts an Iterable to a generic Iterable.

findDirectMembersOfGroup

public Iterable<LdapName> findDirectMembersOfGroup(LdapName groupDn)
                                            throws OperationFailedException

This method is not part of RemoteDirectory's contract. It is introduced by RFC4519Directory to support RFC4519DirectoryMembershipsIterable.

Parameters:

groupDn - LDAP name of a group

Returns:

the LDAP names of the direct members (users and groups) of the given group

Throws:

OperationFailedException - if the operation fails for any reason