/**
* @param role
* @return
* @throws org.apache.directory.fortress.core.FinderException
*/
List<Group> roleGroups(Role role) throws FinderException {
List<Group> groupList = new ArrayList<>();
LdapConnection ld = null;
SearchCursor searchResults;
String groupRoot = getRootDn(role.getContextId(), GlobalIds.GROUP_ROOT);
String filter = null;
try {
encodeSafeText(role.getName(), GlobalIds.ROLE_LEN);
filter =
GlobalIds.FILTER_PREFIX
+ GROUP_OBJECT_CLASS_IMPL
+ ")("
+ SchemaConstants.MEMBER_AT
+ "="
+ role.getDn()
+ "))";
ld = getAdminConnection();
searchResults =
search(
ld, groupRoot, SearchScope.ONELEVEL, filter, GROUP_ATRS, false, GlobalIds.BATCH_SIZE);
long sequence = 0;
while (searchResults.next()) {
groupList.add(unloadLdapEntry(searchResults.getEntry(), sequence++));
}
} catch (CursorException e) {
String error = "find filter [" + filter + "] caught CursorException=" + e.getMessage();
throw new FinderException(GlobalErrIds.GROUP_SEARCH_FAILED, error, e);
} catch (LdapException e) {
String error = "find filter [" + filter + "] caught LDAPException=" + e.getMessage();
throw new FinderException(GlobalErrIds.GROUP_SEARCH_FAILED, error, e);
} finally {
closeAdminConnection(ld);
}
return groupList;
}
protected Set<Entry> resolveNestedRoles(
final Tuple<String, Dn> role, final LdapConnection ldapConnection, final String roleName)
throws AuthException, LdapException {
EntryCursor rolesResult = null;
EntryCursor _result = null;
try {
final Set<Entry> result = new HashSet<Entry>();
Dn roleDn = null;
final boolean isRoleStringValidDn = Dn.isValid(role.v1());
if (role.v2() != null) {
roleDn = role.v2();
} else {
// lookup role
if (isRoleStringValidDn) {
roleDn = ldapConnection.lookup(role.v1()).getDn();
} else {
try {
// search
_result =
ldapConnection.search(
settings.get(
ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLEBASE, ""),
settings
.get(
ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLESEARCH,
"(member={0})")
.replace("{1}", role.v1()),
SearchScope.SUBTREE);
// one
if (!_result.next()) {
log.warn("Cannot resolve role '{}' (NOT FOUND)", role.v1());
} else {
//
final Entry entry = _result.get();
roleDn = entry.getDn();
if (_result.next()) {
log.warn("Cannot resolve role '{}' (MORE THAN ONE FOUND)", role.v1());
}
}
} catch (final CursorException e) {
log.warn("Cannot resolve role '{}' (EXCEPTION: {})", e, role.v1(), e.toString());
} finally {
if (_result != null) {
_result.close();
}
}
}
}
log.trace("role dn resolved to {}", roleDn);
rolesResult =
ldapConnection.search(
settings.get(ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLEBASE, ""),
settings
.get(
ConfigConstants.ARMOR_AUTHENTICATION_AUTHORIZATION_LDAP_ROLESEARCH,
"(member={0})")
.replace("{0}", roleDn == null ? role.v1() : roleDn.toString())
.replace("{1}", role.v1()),
SearchScope.SUBTREE);
for (final Iterator iterator = rolesResult.iterator(); iterator.hasNext(); ) {
final Entry searchResultEntry = (Entry) iterator.next();
final String _role = searchResultEntry.get(roleName).getString();
log.trace("nested l1 {}", searchResultEntry.getDn());
final Set<Entry> in =
resolveNestedRoles(
new Tuple<String, Dn>(_role, searchResultEntry.getDn()), ldapConnection, roleName);
for (final Iterator<Entry> iterator2 = in.iterator(); iterator2.hasNext(); ) {
final Entry entry = iterator2.next();
result.add(entry);
log.trace("nested l2 {}", entry.getDn());
}
result.add(searchResultEntry);
}
return result;
} finally {
if (rolesResult != null) {
rolesResult.close();
}
}
}
