Package com.netscape.cmscore.usrgrp
Class UGSubsystem
- java.lang.Object
-
- com.netscape.certsrv.base.BaseSubsystem
-
- com.netscape.cmscore.usrgrp.UGSubsystem
-
- All Implemented Interfaces:
ISubsystem
,IIdEvaluator
,IUsrGrp
,java.io.Serializable
public final class UGSubsystem extends BaseSubsystem implements ISubsystem, IUsrGrp
This class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.- Version:
- $Revision$, $Date$
- Author:
- thomask, cfu
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
GROUP_ATTR_VALUE
static java.lang.String
ID
protected static java.lang.String
LDAP_ATTR_CERTDN
protected static java.lang.String
LDAP_ATTR_PROFILE_ID
protected static java.lang.String
LDAP_ATTR_USER_CERT
protected static java.lang.String
LDAP_ATTR_USER_CERT_STRING
static org.slf4j.Logger
logger
protected java.lang.String
mBaseDN
protected static java.lang.String
MEMBER_ATTR
protected LdapBoundConnFactory
mLdapConnFactory
protected static UGSubsystem
mUG
protected static java.lang.String
OBJECTCLASS_ATTR
static java.lang.String
SUPER_CERT_ADMINS
-
Constructor Summary
Constructors Constructor Description UGSubsystem()
Constructs LDAP based usr/grp management
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCertSubjectDN(IUser identity)
void
addGroup(IGroup group)
Adds a group of identities.void
addUser(IUser identity)
Adds identity.void
addUserCert(IUser identity)
adds a user certificate to uservoid
addUserToGroup(IGroup grp, java.lang.String userid)
protected IGroup
buildGroup(netscape.ldap.LDAPEntry entry)
builds an instance of a Group entryprotected java.util.Enumeration<IGroup>
buildGroups(netscape.ldap.LDAPSearchResults res)
protected IUser
buildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<IUser>
buildUsers(netscape.ldap.LDAPSearchResults res)
protected java.lang.String
convertUIDtoDN(java.lang.String uid)
Converts an uid attribute to a DN.protected IGroup
createGroup(IUsrGrp scope, java.lang.String id)
IGroup
createGroup(java.lang.String id)
protected IUser
createUser(IUsrGrp base, java.lang.String id)
IUser
createUser(java.lang.String id)
boolean
evaluate(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.IGroup
findGroup(java.lang.String filter)
java.util.Enumeration<IGroup>
findGroups(java.lang.String filter)
Finds groups.java.util.Enumeration<IGroup>
findGroupsByUser(java.lang.String userDn, java.lang.String filter)
User
findUser(java.security.cert.X509Certificate cert)
Locates a user by certificate.java.util.Enumeration<IUser>
findUsers(java.lang.String filter)
Searchs for identities that matches the filter.IUser
findUsersByCert(java.lang.String filter)
Searchs for identities that matches the certificate locater generated filter.java.lang.String
getCertificateString(java.security.cert.X509Certificate cert)
protected java.lang.String
getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format.ICertUserLocator
getCertUserLocator()
protected netscape.ldap.LDAPConnection
getConn()
java.lang.String
getDescription()
Retrieves the description of this scope.IGroup
getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.IGroup
getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.java.lang.String
getId()
Retrieves identifier of this scope.IUser
getUser(java.lang.String userID)
Retrieves a user from LDAPjava.lang.String
getUserDN(java.lang.String userID)
void
init(IConfigStore config)
Connects to LDAP server.boolean
isGroupPresent(java.lang.String name)
Checks if the given group existsprotected boolean
isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.boolean
isMemberOf(IUser id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)boolean
isMemberOf(java.lang.String userid, java.lang.String groupname)
protected boolean
isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the groupprotected IUser
lbuildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<IUser>
lbuildUsers(netscape.ldap.LDAPSearchResults res)
java.util.Enumeration<IGroup>
listGroups(java.lang.String filter)
List groups.java.util.Enumeration<IUser>
listUsers(java.lang.String filter)
Searchs for identities that matches the filter.void
modifyGroup(IGroup group)
Modifies an existing group in the database.void
modifyUser(IUser identity)
modifies user attributes.void
removeCertSubjectDN(IUser identity)
void
removeGroup(java.lang.String name)
Removes a group.void
removeUser(java.lang.String userid)
Removes identity.void
removeUserCert(IUser identity)
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removedvoid
removeUserFromGroup(IGroup grp, java.lang.String userid)
protected void
returnConn(netscape.ldap.LDAPConnection conn)
void
setId(java.lang.String id)
Sets identifier of this managervoid
shutdown()
Disconnects usr/grp manager from the LDAPvoid
startup()
Starts up this service.-
Methods inherited from class com.netscape.certsrv.base.BaseSubsystem
getConfigStore
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.netscape.certsrv.base.ISubsystem
getConfigStore
-
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
ID
public static final java.lang.String ID
- See Also:
- Constant Field Values
-
SUPER_CERT_ADMINS
public static final java.lang.String SUPER_CERT_ADMINS
- See Also:
- Constant Field Values
-
OBJECTCLASS_ATTR
protected static final java.lang.String OBJECTCLASS_ATTR
- See Also:
- Constant Field Values
-
MEMBER_ATTR
protected static final java.lang.String MEMBER_ATTR
- See Also:
- Constant Field Values
-
GROUP_ATTR_VALUE
protected static final java.lang.String GROUP_ATTR_VALUE
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT_STRING
protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
- See Also:
- Constant Field Values
-
LDAP_ATTR_CERTDN
protected static final java.lang.String LDAP_ATTR_CERTDN
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT
protected static final java.lang.String LDAP_ATTR_USER_CERT
- See Also:
- Constant Field Values
-
LDAP_ATTR_PROFILE_ID
protected static final java.lang.String LDAP_ATTR_PROFILE_ID
- See Also:
- Constant Field Values
-
mLdapConnFactory
protected transient LdapBoundConnFactory mLdapConnFactory
-
mBaseDN
protected java.lang.String mBaseDN
-
mUG
protected static UGSubsystem mUG
-
-
Method Detail
-
getId
public java.lang.String getId()
Retrieves identifier of this scope.- Specified by:
getId
in interfaceISubsystem
- Specified by:
getId
in interfaceIUsrGrp
- Overrides:
getId
in classBaseSubsystem
- Returns:
- subsystem identifier
-
setId
public void setId(java.lang.String id) throws EBaseException
Sets identifier of this manager- Specified by:
setId
in interfaceISubsystem
- Overrides:
setId
in classBaseSubsystem
- Parameters:
id
- subsystem identifier- Throws:
EBaseException
- failed to set id
-
init
public void init(IConfigStore config) throws EBaseException
Connects to LDAP server.- Specified by:
init
in interfaceISubsystem
- Overrides:
init
in classBaseSubsystem
- Parameters:
config
- configuration store- Throws:
EBaseException
- failed to initialize
-
startup
public void startup() throws EBaseException
Starts up this service.- Specified by:
startup
in interfaceISubsystem
- Throws:
EBaseException
- failed to start up
-
shutdown
public void shutdown()
Disconnects usr/grp manager from the LDAP- Specified by:
shutdown
in interfaceISubsystem
-
createUser
public IUser createUser(java.lang.String id)
-
createGroup
public IGroup createGroup(java.lang.String id)
-
getDescription
public java.lang.String getDescription()
Retrieves the description of this scope.- Specified by:
getDescription
in interfaceIUsrGrp
- Returns:
- description
-
getUser
public IUser getUser(java.lang.String userID) throws EUsrGrpException
Retrieves a user from LDAP- Specified by:
getUser
in interfaceIUsrGrp
- Parameters:
userID
- the user id for the given user- Returns:
- user interface
- Throws:
EUsrGrpException
-
findUser
public User findUser(java.security.cert.X509Certificate cert) throws EUsrGrpException
Locates a user by certificate.- Throws:
EUsrGrpException
-
findUsersByCert
public IUser findUsersByCert(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the certificate locater generated filter.- Throws:
EUsrGrpException
-
findUsers
public java.util.Enumeration<IUser> findUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter.- Throws:
EUsrGrpException
-
listUsers
public java.util.Enumeration<IUser> listUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing- Throws:
EUsrGrpException
-
lbuildUsers
protected java.util.Enumeration<IUser> lbuildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildUsers
protected java.util.Enumeration<IUser> buildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
lbuildUser
protected IUser lbuildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
buildUser
protected IUser buildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Set all attributes retrieved from LDAP server and set them on User.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
addUser
public void addUser(IUser identity) throws EUsrGrpException
Adds identity. Certificates handled by a separate call to addUserCert()- Specified by:
addUser
in interfaceIUsrGrp
- Parameters:
identity
- an user interface- Throws:
EUsrGrpException
- thrown when some of the user attribute values are null
-
addUserCert
public void addUserCert(IUser identity) throws EUsrGrpException
adds a user certificate to user- Throws:
EUsrGrpException
-
addCertSubjectDN
public void addCertSubjectDN(IUser identity) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeCertSubjectDN
public void removeCertSubjectDN(IUser identity) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserCert
public void removeUserCert(IUser identity) throws EUsrGrpException
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed- Throws:
EUsrGrpException
-
addUserToGroup
public void addUserToGroup(IGroup grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserFromGroup
public void removeUserFromGroup(IGroup grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUser
public void removeUser(java.lang.String userid) throws EUsrGrpException
Removes identity.- Specified by:
removeUser
in interfaceIUsrGrp
- Parameters:
userid
- the user id for the given user- Throws:
EUsrGrpException
- thrown when failed to remove user
-
modifyUser
public void modifyUser(IUser identity) throws EUsrGrpException
modifies user attributes. Certs are handled separately- Specified by:
modifyUser
in interfaceIUsrGrp
- Parameters:
identity
- the user interface which contains the modified information- Throws:
EUsrGrpException
- thrown when failed to modify user
-
buildGroups
protected java.util.Enumeration<IGroup> buildGroups(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
findGroups
public java.util.Enumeration<IGroup> findGroups(java.lang.String filter) throws EUsrGrpException
Finds groups.- Throws:
EUsrGrpException
-
findGroup
public IGroup findGroup(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listGroups
public java.util.Enumeration<IGroup> listGroups(java.lang.String filter) throws EUsrGrpException
List groups. more efficient than find Groups. only retrieves group names and description.- Throws:
EUsrGrpException
-
findGroupsByUser
public java.util.Enumeration<IGroup> findGroupsByUser(java.lang.String userDn, java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildGroup
protected IGroup buildGroup(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds an instance of a Group entry- Throws:
EUsrGrpException
-
getGroupFromName
public IGroup getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.
-
getGroup
public IGroup getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
-
isGroupPresent
public boolean isGroupPresent(java.lang.String name)
Checks if the given group exists
-
isMemberOf
public boolean isMemberOf(java.lang.String userid, java.lang.String groupname)
-
isMemberOf
public boolean isMemberOf(IUser id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
-
isMemberOfLdapGroup
protected boolean isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the group
-
addGroup
public void addGroup(IGroup group) throws EUsrGrpException
Adds a group of identities.- Specified by:
addGroup
in interfaceIUsrGrp
- Parameters:
group
- the given group- Throws:
EUsrGrpException
- thrown when failed to add the group.
-
removeGroup
public void removeGroup(java.lang.String name) throws EUsrGrpException
Removes a group. Can't remove SUPER_CERT_ADMINS- Specified by:
removeGroup
in interfaceIUsrGrp
- Parameters:
name
- the group name- Throws:
EUsrGrpException
- thrown when failed to remove the given group.
-
modifyGroup
public void modifyGroup(IGroup group) throws EUsrGrpException
Modifies an existing group in the database.- Specified by:
modifyGroup
in interfaceIUsrGrp
- Parameters:
group
- an existing group that has been modified in memory- Throws:
EUsrGrpException
- thrown when failed to modify the group.
-
evaluate
public boolean evaluate(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.- Specified by:
evaluate
in interfaceIIdEvaluator
- Parameters:
type
- the type of evaluator, in this case, it is groupid
- the user id for the given userop
- operator, only "=" and "!=" are supportedvalue
- the name of the group, eg, "Certificate Manager Agents"- Returns:
- true if the given user is a member of the group
-
convertUIDtoDN
protected java.lang.String convertUIDtoDN(java.lang.String uid) throws netscape.ldap.LDAPException
Converts an uid attribute to a DN.- Throws:
netscape.ldap.LDAPException
-
isMatched
protected boolean isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.
-
getCertificateStringWithoutVersion
protected java.lang.String getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format. should eventually go into the locator itself
-
getCertificateString
public java.lang.String getCertificateString(java.security.cert.X509Certificate cert)
-
getUserDN
public java.lang.String getUserDN(java.lang.String userID)
-
getConn
protected netscape.ldap.LDAPConnection getConn() throws ELdapException
- Throws:
ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn)
-
getCertUserLocator
public ICertUserLocator getCertUserLocator()
-
-