/** * Executes a delete user action. * * @param request HTTP request. * @param response HTTP response. * @param context request context * @throws Exception if an exception occurs */ private void executeDeleteUser( HttpServletRequest request, HttpServletResponse response, RequestContext context) throws Exception { try { String[] parts = request.getRequestURI().toString().split("/"); if (parts.length > 0) { String userIdentifier = URLDecoder.decode(parts[5].trim(), "UTF-8"); if (userIdentifier.endsWith(userDIT)) { String attempt = Val.chkStr(request.getParameter("attempt")); IdentityAdapter idAdapter = context.newIdentityAdapter(); User user = new User(); user.setDistinguishedName(userIdentifier); idAdapter.readUserProfile(user); idAdapter.readUserGroups(user); boolean isSelf = checkSelf(context, userIdentifier); if ((isSelf && attempt.equals("2")) || !isSelf) { idAdapter.deleteUser(user); response .getWriter() .write(msgBroker.retrieveMessage("catalog.identity.deleteUser.success")); } else { response.getWriter().write("prompt"); } } } } finally { } }
/** * Add attribute to ldap entry. * * @param request HTTP request. * @param response HTTP response. * @param context request context * @throws IdentityException if a system error occurs preventing the action * @throws IOException if error writing to the buffer * @throws NamingException if an LDAP naming exception occurs * @throws SQLException * @throws CredentialPolicyException */ private void executeModifyUserAttribute( HttpServletRequest request, HttpServletResponse response, RequestContext context, boolean isAddAttributeRequest) throws IdentityException, IOException, NamingException, SQLException, CredentialPolicyException { String mimeType = "application/json"; String filter = Val.chkStr(request.getParameter("q")); String attributeName = Val.chkStr(request.getParameter("an")); String attributeValue = Val.chkStr(request.getParameter("av")); if (filter.length() == 0) { response.getWriter().write("{ \"response\" : \"noResults\" }"); return; } IdentityAdapter idAdapter = context.newIdentityAdapter(); Users users = idAdapter.readUsers(filter, null); for (User u : users.values()) { if (isAddAttributeRequest) { try { idAdapter.addAttribute(u.getDistinguishedName(), attributeName, attributeValue); } catch (AttributeInUseException aiue) { // TODO : do nothing if attribute exists ? or overwrite ? } } else { idAdapter.removeAttribute(u.getDistinguishedName(), attributeName, attributeValue); } } writeCharacterResponse( response, "{ \"response\" : \"User attribute modification was successful.\" }", "UTF-8", mimeType + ";charset=UTF-8"); }
/** * Executes a remove member action. * * @param request HTTP request. * @param response HTTP response. * @param context request context * @throws Exception if an exception occurs */ protected void executeRemoveMember( HttpServletRequest request, HttpServletResponse response, RequestContext context) throws Exception { try { String[] parts = request.getRequestURI().toString().split("/"); String member = Val.chkStr(request.getParameter("member")); String attempt = Val.chkStr(request.getParameter("attempt")); IdentityAdapter idAdapter = context.newIdentityAdapter(); User user = new User(); user.setDistinguishedName(member); idAdapter.readUserProfile(user); if (parts.length > 0) { String groupIdentifier = URLDecoder.decode(parts[5].trim(), "UTF-8"); if (!groupIdentifier.endsWith(groupDIT)) { IdentityConfiguration idConfig = context.getIdentityConfiguration(); Roles configuredRoles = idConfig.getConfiguredRoles(); Role roleRegistered = configuredRoles.get(groupIdentifier); groupIdentifier = roleRegistered.getDistinguishedName(); } boolean isSelf = checkSelf(context, member); if ((isSelf && attempt.equals("2")) || !isSelf) { boolean checkGroupConfigured = true; if (checkIfAllowConfigured(context)) { checkGroupConfigured = checkIfConfigured(context, groupIdentifier); } boolean isAllowedToManage = true; isAllowedToManage = checkIfAllowedToManage(context, groupIdentifier); if (checkGroupConfigured) { if (isAllowedToManage) { idAdapter.removeUserFromGroup(user, groupIdentifier); response .getWriter() .write(msgBroker.retrieveMessage("catalog.identity.removeRole.success")); } else { response.sendError( HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"" + groupIdentifier + " is not allowed to be managed in geoportal. \"}"); return; } } else { response.sendError( HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"" + groupIdentifier + " is not configured in geoportal. \"}"); return; } } else { response.getWriter().write("prompt"); } } } finally { } }
/** * Serializes list of ldap users matching filter. * * @param context the current request context * @param filter the user search filter for ldap * @return the list of users as json * @throws IdentityException if a system error occurs preventing the action * @throws NamingException if an LDAP naming exception occurs * @throws SQLException */ protected String serializeUsersAsJson( RequestContext context, String filter, String attributeName, boolean isMemberSearch) throws IdentityException, NamingException, SQLException { Users users = new Users(); int totalMatches = 0; if (!isMemberSearch) { HashMap<String, Object> resultsMap = buildUsersList(context, filter, null); users = (Users) resultsMap.get("topUserMatches"); totalMatches = (Integer) resultsMap.get("totalMatches"); } else if (isMemberSearch && attributeName != null) { Roles configuredRoles = context.getIdentityConfiguration().getConfiguredRoles(); Role role = configuredRoles.get(attributeName); String sDn = role.getDistinguishedName(); IdentityAdapter idAdapter = context.newIdentityAdapter(); users = idAdapter.readGroupMembers(sDn); totalMatches = users.size(); users.sort(); } else { IdentityAdapter idAdapter = context.newIdentityAdapter(); Users members = idAdapter.readGroupMembers(filter); for (User u : members.values()) { users.add(u); } users.sort(); totalMatches = users.size(); } String usersJson = "{ \"totalUsers\" : \"" + totalMatches + "\" ,\"topUsers\" : \"" + users.size() + "\" , \"users\": ["; boolean firstUser = true; for (User user : users.values()) { String userName = user.getName(); String dn = user.getKey(); if (!firstUser) { usersJson += ","; } else { firstUser = false; } usersJson += " { \"dn\" : \"" + dn + "\" , \"userName\" : \"" + Val.escapeStrForJson(userName) + "\" }"; } usersJson += " ] }"; return usersJson; }
/** * Builds list of ldap users matching filter. * * @param context the current request context (contains the active user) * @param filter the user search filter for ldap * @return the list of users matching filter * @throws IdentityException if a system error occurs preventing the action * @throws NamingException if an LDAP naming exception occurs */ protected HashMap<String, Object> buildUsersList( RequestContext context, String filter, String attributeName) throws IdentityException, NamingException { HashMap<String, Object> resultsMap = new HashMap<String, Object>(); IdentityAdapter idAdapter = context.newIdentityAdapter(); String searchLimit = Val.chkStr( context .getCatalogConfiguration() .getParameters() .getValue("ldap.identity.search.maxResults")); int srchLimit = -1; if (searchLimit.length() > 0) { srchLimit = Integer.parseInt(searchLimit); } Users users = idAdapter.readUsers(filter, attributeName); users.sort(); int totalMatches = users.size(); resultsMap.put("totalMatches", totalMatches); if (srchLimit == -1) { resultsMap.put("topUserMatches", users); return resultsMap; } if (attributeName != null) { resultsMap.put("topUserMatches", users); return resultsMap; } Users topUserMatches = new Users(); int count = 0; for (User user : users.values()) { count++; if (count <= srchLimit) { topUserMatches.add(user); } else { break; } } resultsMap.put("topUserMatches", topUserMatches); return resultsMap; }