/**
   * @param role
   * @return
   * @throws org.apache.directory.fortress.core.FinderException
   */
  List<Group> roleGroups(Role role) throws FinderException {
    List<Group> groupList = new ArrayList<>();
    LdapConnection ld = null;
    SearchCursor searchResults;
    String groupRoot = getRootDn(role.getContextId(), GlobalIds.GROUP_ROOT);
    String filter = null;

    try {
      encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
      filter =
          GlobalIds.FILTER_PREFIX
              + GROUP_OBJECT_CLASS_IMPL
              + ")("
              + SchemaConstants.MEMBER_AT
              + "="
              + role.getDn()
              + "))";
      ld = getAdminConnection();
      searchResults =
          search(
              ld, groupRoot, SearchScope.ONELEVEL, filter, GROUP_ATRS, false, GlobalIds.BATCH_SIZE);
      long sequence = 0;

      while (searchResults.next()) {
        groupList.add(unloadLdapEntry(searchResults.getEntry(), sequence++));
      }
    } catch (CursorException e) {
      String error = "find filter [" + filter + "] caught CursorException=" + e.getMessage();
      throw new FinderException(GlobalErrIds.GROUP_SEARCH_FAILED, error, e);
    } catch (LdapException e) {
      String error = "find filter [" + filter + "] caught LDAPException=" + e.getMessage();
      throw new FinderException(GlobalErrIds.GROUP_SEARCH_FAILED, error, e);
    } finally {
      closeAdminConnection(ld);
    }

    return groupList;
  }
Beispiel #2
0
  protected Set<Entry> resolveNestedRoles(
      final Tuple<String, Dn> role, final LdapConnection ldapConnection, final String roleName)
      throws AuthException, LdapException {

    EntryCursor rolesResult = null;
    EntryCursor _result = null;
    try {

      final Set<Entry> result = new HashSet<Entry>();
      Dn roleDn = null;
      final boolean isRoleStringValidDn = Dn.isValid(role.v1());

      if (role.v2() != null) {
        roleDn = role.v2();
      } else {
        // lookup role
        if (isRoleStringValidDn) {
          roleDn = ldapConnection.lookup(role.v1()).getDn();
        } else {

          try {

            // search
            _result =
                ldapConnection.search(
                    settings.get(
                        ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLEBASE, ""),
                    settings
                        .get(
                            ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLESEARCH,
                            "(member={0})")
                        .replace("{1}", role.v1()),
                    SearchScope.SUBTREE);

            // one
            if (!_result.next()) {
              log.warn("Cannot resolve role '{}' (NOT FOUND)", role.v1());
            } else {

              //
              final Entry entry = _result.get();
              roleDn = entry.getDn();

              if (_result.next()) {
                log.warn("Cannot resolve role '{}' (MORE THAN ONE FOUND)", role.v1());
              }
            }
          } catch (final CursorException e) {
            log.warn("Cannot resolve role '{}' (EXCEPTION: {})", e, role.v1(), e.toString());
          } finally {
            if (_result != null) {
              _result.close();
            }
          }
        }
      }

      log.trace("role dn resolved to {}", roleDn);

      rolesResult =
          ldapConnection.search(
              settings.get(ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLEBASE, ""),
              settings
                  .get(
                      ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLESEARCH,
                      "(member={0})")
                  .replace("{0}", roleDn == null ? role.v1() : roleDn.toString())
                  .replace("{1}", role.v1()),
              SearchScope.SUBTREE);

      for (final Iterator iterator = rolesResult.iterator(); iterator.hasNext(); ) {
        final Entry searchResultEntry = (Entry) iterator.next();
        final String _role = searchResultEntry.get(roleName).getString();
        log.trace("nested l1 {}", searchResultEntry.getDn());
        final Set<Entry> in =
            resolveNestedRoles(
                new Tuple<String, Dn>(_role, searchResultEntry.getDn()), ldapConnection, roleName);

        for (final Iterator<Entry> iterator2 = in.iterator(); iterator2.hasNext(); ) {
          final Entry entry = iterator2.next();
          result.add(entry);
          log.trace("nested l2 {}", entry.getDn());
        }

        result.add(searchResultEntry);
      }

      return result;
    } finally {

      if (rolesResult != null) {
        rolesResult.close();
      }
    }
  }