%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.services.security.ldap.LDAPSecurityService |
|
|
1 | package org.apache.turbine.services.security.ldap; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import java.util.Hashtable; |
|
20 | import java.util.Iterator; |
|
21 | import java.util.Vector; |
|
22 | import javax.naming.NameAlreadyBoundException; |
|
23 | import javax.naming.NamingEnumeration; |
|
24 | import javax.naming.NamingException; |
|
25 | import javax.naming.directory.Attribute; |
|
26 | import javax.naming.directory.Attributes; |
|
27 | import javax.naming.directory.BasicAttribute; |
|
28 | import javax.naming.directory.BasicAttributes; |
|
29 | import javax.naming.directory.DirContext; |
|
30 | import javax.naming.directory.SearchControls; |
|
31 | import javax.naming.directory.SearchResult; |
|
32 | ||
33 | import org.apache.commons.logging.Log; |
|
34 | import org.apache.commons.logging.LogFactory; |
|
35 | import org.apache.torque.util.Criteria; |
|
36 | import org.apache.turbine.om.security.Group; |
|
37 | import org.apache.turbine.om.security.Permission; |
|
38 | import org.apache.turbine.om.security.Role; |
|
39 | import org.apache.turbine.om.security.TurbineGroup; |
|
40 | import org.apache.turbine.om.security.TurbinePermission; |
|
41 | import org.apache.turbine.om.security.TurbineRole; |
|
42 | import org.apache.turbine.om.security.User; |
|
43 | import org.apache.turbine.services.security.BaseSecurityService; |
|
44 | import org.apache.turbine.services.security.TurbineSecurity; |
|
45 | import org.apache.turbine.util.security.AccessControlList; |
|
46 | import org.apache.turbine.util.security.DataBackendException; |
|
47 | import org.apache.turbine.util.security.EntityExistsException; |
|
48 | import org.apache.turbine.util.security.GroupSet; |
|
49 | import org.apache.turbine.util.security.PermissionSet; |
|
50 | import org.apache.turbine.util.security.RoleSet; |
|
51 | import org.apache.turbine.util.security.UnknownEntityException; |
|
52 | ||
53 | /** |
|
54 | * An implementation of SecurityService that uses LDAP as a backend. |
|
55 | * |
|
56 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
|
57 | * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi </a> |
|
58 | * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a> |
|
59 | * @author <a href="mailto:jvanzyl@apache.org">Jason van Zyl</a> |
|
60 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
|
61 | * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a> |
|
62 | * @version $Id: LDAPSecurityService.java 264148 2005-08-29 14:21:04Z henning $ |
|
63 | */ |
|
64 | 0 | public class LDAPSecurityService extends BaseSecurityService |
65 | { |
|
66 | ||
67 | /** Logging */ |
|
68 | 0 | private static Log log = LogFactory.getLog(LDAPSecurityService.class); |
69 | ||
70 | /* |
|
71 | * ----------------------------------------------------------------------- |
|
72 | * C R E A T I O N O F A C C E S S C O N T R O L L I S T |
|
73 | * ----------------------------------------------------------------------- |
|
74 | */ |
|
75 | ||
76 | /** |
|
77 | * Constructs an AccessControlList for a specific user. |
|
78 | * |
|
79 | * This method creates a snapshot of the state of security information |
|
80 | * concerning this user, at the moment of invocation and stores it |
|
81 | * into an AccessControlList object. |
|
82 | * |
|
83 | * @param user the user for whom the AccessControlList are to be retrieved |
|
84 | * @throws DataBackendException if there was an error accessing the backend. |
|
85 | * @throws UnknownEntityException if user account is not present. |
|
86 | * @return an AccessControlList for a specific user. |
|
87 | */ |
|
88 | public AccessControlList getACL(User user) |
|
89 | throws DataBackendException, UnknownEntityException |
|
90 | { |
|
91 | 0 | if (!TurbineSecurity.accountExists(user)) |
92 | { |
|
93 | 0 | throw new UnknownEntityException("The account '" |
94 | + user.getName() + "' does not exist"); |
|
95 | } |
|
96 | try |
|
97 | { |
|
98 | 0 | Hashtable roles = new Hashtable(); |
99 | 0 | Hashtable permissions = new Hashtable(); |
100 | ||
101 | // notify the state modifiers (writers) that we want to create |
|
102 | // the snapshot. |
|
103 | 0 | lockShared(); |
104 | ||
105 | // construct the snapshot: |
|
106 | // foreach group in the system |
|
107 | 0 | Iterator groupsIterator = getAllGroups().iterator(); |
108 | ||
109 | 0 | while (groupsIterator.hasNext()) |
110 | { |
|
111 | 0 | Group group = (Group) groupsIterator.next(); |
112 | ||
113 | // get roles of user in the group |
|
114 | 0 | RoleSet groupRoles = getRoles(user, group); |
115 | ||
116 | // put the Set into roles(group) |
|
117 | 0 | roles.put(group, groupRoles); |
118 | // collect all permissoins in this group |
|
119 | 0 | PermissionSet groupPermissions = new PermissionSet(); |
120 | // foreach role in Set |
|
121 | 0 | Iterator rolesIterator = groupRoles.iterator(); |
122 | ||
123 | 0 | while (rolesIterator.hasNext()) |
124 | { |
|
125 | 0 | Role role = (Role) rolesIterator.next(); |
126 | // get permissions of the role |
|
127 | 0 | PermissionSet rolePermissions = getPermissions(role); |
128 | ||
129 | 0 | groupPermissions.add(rolePermissions); |
130 | } |
|
131 | // put the Set into permissions(group) |
|
132 | 0 | permissions.put(group, groupPermissions); |
133 | } |
|
134 | 0 | return getAclInstance(roles, permissions); |
135 | } |
|
136 | 0 | catch (Exception e) |
137 | { |
|
138 | 0 | throw new DataBackendException("Failed to build ACL for user '" |
139 | + user.getName() + "'", e); |
|
140 | } |
|
141 | finally |
|
142 | { |
|
143 | // notify the state modifiers that we are done creating |
|
144 | // the snapshot. |
|
145 | 0 | unlockShared(); |
146 | } |
|
147 | } |
|
148 | ||
149 | /* |
|
150 | * ----------------------------------------------------------------------- |
|
151 | * S E C U R I T Y M A N A G E M E N T |
|
152 | * ----------------------------------------------------------------------- |
|
153 | */ |
|
154 | ||
155 | /** |
|
156 | * Grant an User a Role in a Group. |
|
157 | * |
|
158 | * @param user the user. |
|
159 | * @param group the group. |
|
160 | * @param role the role. |
|
161 | * @throws DataBackendException if there was an error accessing the backend. |
|
162 | * @throws UnknownEntityException if user account, group or role |
|
163 | * is not present. |
|
164 | */ |
|
165 | public synchronized void grant(User user, Group group, Role role) |
|
166 | throws DataBackendException, UnknownEntityException |
|
167 | { |
|
168 | try |
|
169 | { |
|
170 | 0 | lockExclusive(); |
171 | ||
172 | 0 | String userName = user.getName(); |
173 | 0 | String roleName = role.getName(); |
174 | 0 | String groupName = group.getName(); |
175 | ||
176 | 0 | if (!accountExists(user)) |
177 | { |
|
178 | 0 | throw new UnknownEntityException( |
179 | "User '" + userName + "' does not exist"); |
|
180 | } |
|
181 | ||
182 | 0 | if (!checkExists(role)) |
183 | { |
|
184 | 0 | throw new UnknownEntityException( |
185 | "Role '" + roleName + "' does not exist"); |
|
186 | } |
|
187 | ||
188 | 0 | if (!checkExists(group)) |
189 | { |
|
190 | 0 | throw new UnknownEntityException( |
191 | "Group '" + groupName + "' does not exist"); |
|
192 | } |
|
193 | ||
194 | // Make the distinguished name. |
|
195 | 0 | String dn = "turbineGroupName=" + groupName + "," |
196 | + LDAPSecurityConstants.getNameAttribute() |
|
197 | + "=" + userName + "," |
|
198 | + LDAPSecurityConstants.getBaseSearch(); |
|
199 | ||
200 | ||
201 | // Connect to LDAP. |
|
202 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
203 | ||
204 | // Make the attributes. |
|
205 | 0 | Attributes attrs = new BasicAttributes(); |
206 | ||
207 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
208 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineUserGroup")); |
209 | 0 | attrs.put(new BasicAttribute("turbineUserUniqueId", userName)); |
210 | try |
|
211 | { |
|
212 | // Add the turbineUserGroup. |
|
213 | 0 | ctx.bind(dn, null, attrs); |
214 | } |
|
215 | 0 | catch (NameAlreadyBoundException ex) |
216 | { |
|
217 | // Since turbineUserGroup had already been created |
|
218 | // then just add the role name attribute. |
|
219 | 0 | attrs = new BasicAttributes(); |
220 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
221 | 0 | ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs); |
222 | 0 | } |
223 | ||
224 | } |
|
225 | 0 | catch (NamingException ex) |
226 | { |
|
227 | 0 | throw new DataBackendException("NamingException caught", ex); |
228 | } |
|
229 | finally |
|
230 | { |
|
231 | 0 | unlockExclusive(); |
232 | 0 | } |
233 | 0 | } |
234 | ||
235 | /** |
|
236 | * Revoke a Role in a Group from an User. |
|
237 | * |
|
238 | * @param user the user. |
|
239 | * @param group the group. |
|
240 | * @param role the role. |
|
241 | * @throws DataBackendException if there was an error accessing the backend. |
|
242 | * @throws UnknownEntityException if user account, group or role is |
|
243 | * not present. |
|
244 | */ |
|
245 | public synchronized void revoke(User user, Group group, Role role) |
|
246 | throws DataBackendException, UnknownEntityException |
|
247 | { |
|
248 | try |
|
249 | { |
|
250 | 0 | lockExclusive(); |
251 | ||
252 | 0 | String userName = user.getName(); |
253 | 0 | String roleName = role.getName(); |
254 | 0 | String groupName = group.getName(); |
255 | ||
256 | 0 | if (!accountExists(user)) |
257 | { |
|
258 | 0 | throw new UnknownEntityException( |
259 | "User '" + userName + "' does not exist"); |
|
260 | } |
|
261 | ||
262 | 0 | if (!checkExists(role)) |
263 | { |
|
264 | 0 | throw new UnknownEntityException( |
265 | "Role '" + roleName + "' does not exist"); |
|
266 | } |
|
267 | ||
268 | 0 | if (!checkExists(group)) |
269 | { |
|
270 | 0 | throw new UnknownEntityException( |
271 | "Group '" + groupName + "' does not exist"); |
|
272 | } |
|
273 | ||
274 | // Make the distinguished name. |
|
275 | 0 | String dn = "turbineGroupName=" + groupName + "," |
276 | + LDAPSecurityConstants.getNameAttribute() |
|
277 | + "=" + userName + "," |
|
278 | + LDAPSecurityConstants.getBaseSearch(); |
|
279 | ||
280 | // Make the attributes. |
|
281 | 0 | Attributes attrs = new BasicAttributes(); |
282 | ||
283 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
284 | ||
285 | // Connect to LDAP. |
|
286 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
287 | ||
288 | // Remove the role. |
|
289 | 0 | ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs); |
290 | ||
291 | } |
|
292 | 0 | catch (NamingException ex) |
293 | { |
|
294 | 0 | throw new DataBackendException("NamingException caught", ex); |
295 | } |
|
296 | finally |
|
297 | { |
|
298 | 0 | unlockExclusive(); |
299 | 0 | } |
300 | 0 | } |
301 | ||
302 | /** |
|
303 | * Grants a Role a Permission |
|
304 | * |
|
305 | * @param role the Role. |
|
306 | * @param permission the Permission. |
|
307 | * @throws DataBackendException if there was an error accessing the backend. |
|
308 | * @throws UnknownEntityException if role or permission is not present. |
|
309 | */ |
|
310 | public synchronized void grant(Role role, Permission permission) |
|
311 | throws DataBackendException, UnknownEntityException |
|
312 | { |
|
313 | try |
|
314 | { |
|
315 | 0 | lockExclusive(); |
316 | ||
317 | 0 | String roleName = role.getName(); |
318 | 0 | String permName = permission.getName(); |
319 | ||
320 | 0 | if (!checkExists(role)) |
321 | { |
|
322 | 0 | throw new UnknownEntityException( |
323 | "Role '" + roleName + "' does not exist"); |
|
324 | } |
|
325 | ||
326 | 0 | if (!checkExists(permission)) |
327 | { |
|
328 | 0 | throw new UnknownEntityException( |
329 | "Permission '" + permName + "' does not exist"); |
|
330 | } |
|
331 | ||
332 | // Make the distinguished name. |
|
333 | 0 | String dn = "turbineRoleName=" + roleName + "," |
334 | + LDAPSecurityConstants.getBaseSearch(); |
|
335 | ||
336 | // Make the attributes. |
|
337 | 0 | Attributes attrs = new BasicAttributes(); |
338 | ||
339 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
340 | ||
341 | // Connect to LDAP. |
|
342 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
343 | ||
344 | // Add the permission. |
|
345 | 0 | ctx.modifyAttributes(dn, DirContext.ADD_ATTRIBUTE, attrs); |
346 | ||
347 | } |
|
348 | 0 | catch (NamingException ex) |
349 | { |
|
350 | 0 | throw new DataBackendException("NamingException caught", ex); |
351 | } |
|
352 | finally |
|
353 | { |
|
354 | 0 | unlockExclusive(); |
355 | 0 | } |
356 | 0 | } |
357 | ||
358 | /** |
|
359 | * Revokes a Permission from a Role. |
|
360 | * |
|
361 | * @param role the Role. |
|
362 | * @param permission the Permission. |
|
363 | * @throws DataBackendException if there was an error accessing the backend. |
|
364 | * @throws UnknownEntityException if role or permission is not present. |
|
365 | */ |
|
366 | public synchronized void revoke(Role role, Permission permission) |
|
367 | throws DataBackendException, UnknownEntityException |
|
368 | { |
|
369 | try |
|
370 | { |
|
371 | 0 | lockExclusive(); |
372 | ||
373 | 0 | String roleName = role.getName(); |
374 | 0 | String permName = permission.getName(); |
375 | ||
376 | 0 | if (!checkExists(role)) |
377 | { |
|
378 | 0 | throw new UnknownEntityException( |
379 | "Role '" + roleName + "' does not exist"); |
|
380 | } |
|
381 | ||
382 | 0 | if (!checkExists(permission)) |
383 | { |
|
384 | 0 | throw new UnknownEntityException( |
385 | "Permission '" + permName + "' does not exist"); |
|
386 | } |
|
387 | ||
388 | // Make the distinguished name. |
|
389 | 0 | String dn = "turbineRoleName=" + roleName + "," |
390 | + LDAPSecurityConstants.getBaseSearch(); |
|
391 | ||
392 | // Make the attributes. |
|
393 | 0 | Attributes attrs = new BasicAttributes(); |
394 | ||
395 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
396 | ||
397 | // Connect to LDAP. |
|
398 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
399 | ||
400 | // Remove the permission. |
|
401 | 0 | ctx.modifyAttributes(dn, DirContext.REMOVE_ATTRIBUTE, attrs); |
402 | ||
403 | } |
|
404 | 0 | catch (NamingException ex) |
405 | { |
|
406 | 0 | throw new DataBackendException("NamingException caught", ex); |
407 | } |
|
408 | finally |
|
409 | { |
|
410 | 0 | unlockExclusive(); |
411 | 0 | } |
412 | 0 | } |
413 | ||
414 | /* |
|
415 | * ----------------------------------------------------------------------- |
|
416 | * G R O U P / R O L E / P E R M I S S I O N M A N A G E M E N T |
|
417 | * ----------------------------------------------------------------------- |
|
418 | */ |
|
419 | ||
420 | /** |
|
421 | * Retrieves a new Group. It creates |
|
422 | * a new Group based on the Services Group implementation. It does not |
|
423 | * create a new Group in the system though. Use addGroup for that. |
|
424 | * <strong>Not implemented</strong> |
|
425 | * |
|
426 | * @param groupName The name of the Group to be retrieved. |
|
427 | * @return a Group. |
|
428 | */ |
|
429 | public Group getNewGroup(String groupName) |
|
430 | { |
|
431 | 0 | return (Group) new TurbineGroup(groupName); |
432 | } |
|
433 | ||
434 | /** |
|
435 | * Retrieves a new Role. It creates |
|
436 | * a new Role based on the Services Role implementation. It does not |
|
437 | * create a new Role in the system though. Use addRole for that. |
|
438 | * <strong>Not implemented</strong> |
|
439 | * |
|
440 | * @param roleName The name of the Group to be retrieved. |
|
441 | * @return a Role. |
|
442 | */ |
|
443 | public Role getNewRole(String roleName) |
|
444 | { |
|
445 | 0 | return (Role) new TurbineRole(roleName); |
446 | } |
|
447 | ||
448 | /** |
|
449 | * Retrieves a new Permission. It creates |
|
450 | * a new Permission based on the Services Permission implementation. It |
|
451 | * does not create a new Permission in the system though. Use create for |
|
452 | * that. |
|
453 | * <strong>Not implemented</strong> |
|
454 | * |
|
455 | * @param permissionName The name of the Permission to be retrieved. |
|
456 | * @return a Permission |
|
457 | */ |
|
458 | public Permission getNewPermission(String permissionName) |
|
459 | { |
|
460 | 0 | return (Permission) new TurbinePermission(permissionName); |
461 | } |
|
462 | ||
463 | /** |
|
464 | * Retrieve a set of Groups that meet the specified Criteria. |
|
465 | * |
|
466 | * @param criteria Criteria of Group selection. |
|
467 | * @return a set of Groups that meet the specified Criteria. |
|
468 | * @throws DataBackendException if there is problem with the Backend. |
|
469 | */ |
|
470 | public GroupSet getGroups(Criteria criteria) |
|
471 | throws DataBackendException |
|
472 | { |
|
473 | 0 | Vector groups = new Vector(); |
474 | ||
475 | try |
|
476 | { |
|
477 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
478 | ||
479 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
480 | 0 | String filter = "(objectclass=turbineGroup)"; |
481 | ||
482 | /* |
|
483 | * Create the default search controls. |
|
484 | */ |
|
485 | 0 | SearchControls ctls = new SearchControls(); |
486 | ||
487 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
488 | ||
489 | 0 | while (answer.hasMore()) |
490 | { |
|
491 | 0 | SearchResult sr = (SearchResult) answer.next(); |
492 | 0 | Attributes attribs = sr.getAttributes(); |
493 | 0 | Attribute attr = attribs.get("turbineGroupName"); |
494 | ||
495 | 0 | if (attr != null && attr.get() != class="keyword">null) |
496 | { |
|
497 | 0 | Group group = getNewGroup(attr.get().toString()); |
498 | ||
499 | 0 | groups.add(group); |
500 | } |
|
501 | } |
|
502 | } |
|
503 | 0 | catch (NamingException ex) |
504 | { |
|
505 | 0 | throw new DataBackendException("NamingException caught", ex); |
506 | 0 | } |
507 | 0 | return new GroupSet(groups); |
508 | } |
|
509 | ||
510 | /** Get the Roles that a user belongs in a specific group. |
|
511 | * @param user The user. |
|
512 | * @param group The group |
|
513 | * @throws DataBackendException if there is a problem with |
|
514 | * the LDAP service. |
|
515 | * @return a RoleSet. |
|
516 | */ |
|
517 | private RoleSet getRoles(User user, Group group) |
|
518 | throws DataBackendException |
|
519 | { |
|
520 | 0 | Vector roles = new Vector(0); |
521 | ||
522 | try |
|
523 | { |
|
524 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
525 | ||
526 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
527 | 0 | String filter = "(& "; |
528 | ||
529 | 0 | filter += "(objectclass=turbineUserGroup)"; |
530 | 0 | filter += "(turbineUserUniqueId=" + user.getName() + ")"; |
531 | 0 | filter += "(turbineGroupName=" + group.getName() + ")"; |
532 | 0 | filter += ")"; |
533 | ||
534 | /* |
|
535 | * Create the default search controls. |
|
536 | */ |
|
537 | 0 | SearchControls ctls = new SearchControls(); |
538 | ||
539 | 0 | ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); |
540 | ||
541 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
542 | ||
543 | 0 | while (answer.hasMore()) |
544 | { |
|
545 | 0 | SearchResult sr = (SearchResult) answer.next(); |
546 | 0 | Attributes attribs = sr.getAttributes(); |
547 | 0 | Attribute attr = attribs.get("turbineRoleName"); |
548 | ||
549 | 0 | if (attr != null) |
550 | { |
|
551 | 0 | NamingEnumeration values = attr.getAll(); |
552 | ||
553 | 0 | while (values.hasMore()) |
554 | { |
|
555 | 0 | Role role = getNewRole(values.next().toString()); |
556 | ||
557 | 0 | roles.add(role); |
558 | } |
|
559 | } |
|
560 | else |
|
561 | { |
|
562 | 0 | log.error("Role doesn't have a name"); |
563 | } |
|
564 | } |
|
565 | } |
|
566 | 0 | catch (NamingException ex) |
567 | { |
|
568 | 0 | throw new DataBackendException( |
569 | "NamingException caught:", ex); |
|
570 | 0 | } |
571 | ||
572 | 0 | return new RoleSet(roles); |
573 | } |
|
574 | ||
575 | /** |
|
576 | * Retrieve a set of Roles that meet the specified Criteria. |
|
577 | * |
|
578 | * @param criteria Criteria of Roles selection. |
|
579 | * @return a set of Roles that meet the specified Criteria. |
|
580 | * @throws DataBackendException if there is a problem with the Backend. |
|
581 | */ |
|
582 | public RoleSet getRoles(Criteria criteria) throws DataBackendException |
|
583 | { |
|
584 | 0 | Vector roles = new Vector(0); |
585 | ||
586 | try |
|
587 | { |
|
588 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
589 | ||
590 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
591 | 0 | String filter = "(objectclass=turbineRole)"; |
592 | ||
593 | /* |
|
594 | * Create the default search controls. |
|
595 | */ |
|
596 | 0 | SearchControls ctls = new SearchControls(); |
597 | ||
598 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
599 | ||
600 | 0 | while (answer.hasMore()) |
601 | { |
|
602 | 0 | SearchResult sr = (SearchResult) answer.next(); |
603 | 0 | Attributes attribs = sr.getAttributes(); |
604 | 0 | Attribute attr = attribs.get("turbineRoleName"); |
605 | ||
606 | 0 | if (attr != null && attr.get() != class="keyword">null) |
607 | { |
|
608 | 0 | Role role = getNewRole(attr.get().toString()); |
609 | ||
610 | 0 | roles.add(role); |
611 | } |
|
612 | else |
|
613 | { |
|
614 | 0 | log.error("Role doesn't have a name"); |
615 | } |
|
616 | } |
|
617 | } |
|
618 | 0 | catch (NamingException ex) |
619 | { |
|
620 | 0 | throw new DataBackendException("NamingException caught", ex); |
621 | 0 | } |
622 | ||
623 | 0 | return new RoleSet(roles); |
624 | } |
|
625 | ||
626 | /** |
|
627 | * Retrieve a set of Permissions that meet the specified Criteria. |
|
628 | * |
|
629 | * @param criteria Criteria of Permissions selection. |
|
630 | * @return a set of Permissions that meet the specified Criteria. |
|
631 | * @throws DataBackendException if there is a problem with the Backend. |
|
632 | */ |
|
633 | public PermissionSet getPermissions(Criteria criteria) |
|
634 | throws DataBackendException |
|
635 | { |
|
636 | 0 | Vector permissions = new Vector(); |
637 | ||
638 | try |
|
639 | { |
|
640 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
641 | ||
642 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
643 | 0 | String filter = "(objectClass=turbinePermission)"; |
644 | ||
645 | /* |
|
646 | * Create the default search controls. |
|
647 | */ |
|
648 | 0 | SearchControls ctls = new SearchControls(); |
649 | ||
650 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
651 | ||
652 | 0 | while (answer.hasMore()) |
653 | { |
|
654 | 0 | SearchResult sr = (SearchResult) answer.next(); |
655 | 0 | Attributes attribs = sr.getAttributes(); |
656 | 0 | Attribute attr = attribs.get("turbinePermissionName"); |
657 | ||
658 | 0 | if (attr != null && attr.get() != class="keyword">null) |
659 | { |
|
660 | 0 | Permission perm = getNewPermission(attr.get().toString()); |
661 | ||
662 | 0 | permissions.add(perm); |
663 | } |
|
664 | else |
|
665 | { |
|
666 | 0 | log.error("Permission doesn't have a name"); |
667 | } |
|
668 | } |
|
669 | } |
|
670 | 0 | catch (NamingException ex) |
671 | { |
|
672 | 0 | throw new DataBackendException( |
673 | "The LDAP server specified is unavailable", ex); |
|
674 | 0 | } |
675 | 0 | return new PermissionSet(permissions); |
676 | } |
|
677 | ||
678 | /** |
|
679 | * Retrieves all permissions associated with a role. |
|
680 | * |
|
681 | * @param role the role name, for which the permissions are to be retrieved. |
|
682 | * @throws DataBackendException if there was an error accessing the backend. |
|
683 | * @throws UnknownEntityException if the role is not present. |
|
684 | * @return a PermissionSet. |
|
685 | */ |
|
686 | public PermissionSet getPermissions(Role role) |
|
687 | throws DataBackendException, UnknownEntityException |
|
688 | { |
|
689 | 0 | Hashtable permissions = new Hashtable(); |
690 | ||
691 | try |
|
692 | { |
|
693 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
694 | ||
695 | 0 | String baseSearch = LDAPSecurityConstants.getBaseSearch(); |
696 | 0 | String filter = "(& "; |
697 | ||
698 | 0 | filter += "(objectClass=turbineRole)"; |
699 | 0 | filter += "(turbineRoleName=" + role.getName() + ")"; |
700 | 0 | filter += ")"; |
701 | ||
702 | /* |
|
703 | * Create the default search controls. |
|
704 | */ |
|
705 | 0 | SearchControls ctls = new SearchControls(); |
706 | ||
707 | 0 | NamingEnumeration answer = ctx.search(baseSearch, filter, ctls); |
708 | ||
709 | 0 | while (answer.hasMore()) |
710 | { |
|
711 | 0 | SearchResult sr = (SearchResult) answer.next(); |
712 | 0 | Attributes attribs = sr.getAttributes(); |
713 | 0 | Attribute attr = attribs.get("turbinePermissionName"); |
714 | ||
715 | 0 | if (attr != null) |
716 | { |
|
717 | 0 | NamingEnumeration values = attr.getAll(); |
718 | ||
719 | 0 | while (values.hasMore()) |
720 | { |
|
721 | 0 | String permName = values.next().toString(); |
722 | 0 | Permission perm = getNewPermission(permName); |
723 | ||
724 | 0 | permissions.put(perm.getName(), perm); |
725 | } |
|
726 | } |
|
727 | } |
|
728 | } |
|
729 | 0 | catch (NamingException ex) |
730 | { |
|
731 | 0 | throw new DataBackendException( |
732 | "The LDAP server specified is unavailable", ex); |
|
733 | 0 | } |
734 | 0 | return new PermissionSet(permissions.values()); |
735 | } |
|
736 | ||
737 | /** |
|
738 | * Stores Group's attributes. The Groups is required to exist in the system. |
|
739 | * |
|
740 | * @param group The Group to be stored. |
|
741 | * @throws DataBackendException if there was an error accessing the backend. |
|
742 | * @throws UnknownEntityException if the group does not exist. |
|
743 | */ |
|
744 | public void saveGroup(Group group) throws DataBackendException, |
|
745 | UnknownEntityException |
|
746 | { |
|
747 | // Not implemented yet. |
|
748 | 0 | } |
749 | ||
750 | /** |
|
751 | * Stores Role's attributes. The Roles is required to exist in the system. |
|
752 | * |
|
753 | * @param role The Role to be stored. |
|
754 | * @throws DataBackendException if there was an error accessing the backend. |
|
755 | * @throws UnknownEntityException if the role does not exist. |
|
756 | */ |
|
757 | public void saveRole(Role role) throws DataBackendException, |
|
758 | UnknownEntityException |
|
759 | { |
|
760 | // Not implemented yet. |
|
761 | 0 | } |
762 | ||
763 | /** |
|
764 | * Stores Permission's attributes. The Permissions is required to exist in |
|
765 | * the system. |
|
766 | * |
|
767 | * @param permission The Permission to be stored. |
|
768 | * @throws DataBackendException if there was an error accessing the backend. |
|
769 | * @throws UnknownEntityException if the permission does not exist. |
|
770 | */ |
|
771 | public void savePermission(Permission permission) |
|
772 | throws DataBackendException, UnknownEntityException |
|
773 | { |
|
774 | // Not implemented yet. |
|
775 | 0 | } |
776 | ||
777 | /** |
|
778 | * Creates a new group with specified attributes. |
|
779 | * <strong>Not implemented</strong> |
|
780 | * |
|
781 | * @param group the object describing the group to be created. |
|
782 | * @return a new Group object that has id set up properly. |
|
783 | * @throws DataBackendException if there was an error accessing the backend. |
|
784 | * @throws EntityExistsException if the group already exists. |
|
785 | */ |
|
786 | public synchronized Group addGroup(Group group) |
|
787 | throws DataBackendException, EntityExistsException |
|
788 | { |
|
789 | try |
|
790 | { |
|
791 | 0 | lockExclusive(); |
792 | ||
793 | 0 | String groupName = group.getName(); |
794 | ||
795 | 0 | if (checkExists(group)) |
796 | { |
|
797 | 0 | throw new EntityExistsException( |
798 | "Group '" + groupName + "' already exists"); |
|
799 | } |
|
800 | ||
801 | // Make the distinguished name. |
|
802 | 0 | String dn = "turbineGroupName=" + groupName + "," |
803 | + LDAPSecurityConstants.getBaseSearch(); |
|
804 | ||
805 | // Make the attributes. |
|
806 | 0 | Attributes attrs = new BasicAttributes(); |
807 | ||
808 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineGroup")); |
809 | 0 | attrs.put(new BasicAttribute("turbineGroupName", groupName)); |
810 | ||
811 | // Connect to LDAP. |
|
812 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
813 | ||
814 | // Add the group in LDAP. |
|
815 | 0 | ctx.bind(dn, null, attrs); |
816 | ||
817 | // Add the group to system-wide cache. |
|
818 | 0 | getAllGroups().add(group); |
819 | ||
820 | 0 | return group; |
821 | } |
|
822 | 0 | catch (NamingException ex) |
823 | { |
|
824 | 0 | throw new DataBackendException("NamingException caught", ex); |
825 | } |
|
826 | finally |
|
827 | { |
|
828 | 0 | unlockExclusive(); |
829 | } |
|
830 | } |
|
831 | ||
832 | /** |
|
833 | * Creates a new role with specified attributes. |
|
834 | * |
|
835 | * @param role the object describing the role to be created. |
|
836 | * @return a new Role object that has id set up properly. |
|
837 | * @throws DataBackendException if there was an error accessing the backend. |
|
838 | * @throws EntityExistsException if the role already exists. |
|
839 | */ |
|
840 | public synchronized Role addRole(Role role) |
|
841 | throws DataBackendException, EntityExistsException |
|
842 | { |
|
843 | try |
|
844 | { |
|
845 | 0 | lockExclusive(); |
846 | ||
847 | 0 | String roleName = role.getName(); |
848 | ||
849 | 0 | if (checkExists(role)) |
850 | { |
|
851 | 0 | throw new EntityExistsException( |
852 | "Role '" + roleName + "' already exists"); |
|
853 | } |
|
854 | ||
855 | // Make the distinguished name. |
|
856 | 0 | String dn = "turbineRoleName=" + roleName + "," |
857 | + LDAPSecurityConstants.getBaseSearch(); |
|
858 | ||
859 | // Make the attributes. |
|
860 | 0 | Attributes attrs = new BasicAttributes(); |
861 | ||
862 | 0 | attrs.put(new BasicAttribute("objectClass", "turbineRole")); |
863 | 0 | attrs.put(new BasicAttribute("turbineRoleName", roleName)); |
864 | ||
865 | // Connect to LDAP. |
|
866 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
867 | ||
868 | // Add the role in LDAP. |
|
869 | 0 | ctx.bind(dn, null, attrs); |
870 | ||
871 | // Add the role to system-wide cache. |
|
872 | 0 | getAllRoles().add(role); |
873 | ||
874 | 0 | return role; |
875 | } |
|
876 | 0 | catch (NamingException ex) |
877 | { |
|
878 | 0 | throw new DataBackendException("NamingException caught", ex); |
879 | } |
|
880 | finally |
|
881 | { |
|
882 | 0 | unlockExclusive(); |
883 | } |
|
884 | } |
|
885 | ||
886 | /** |
|
887 | * Creates a new permission with specified attributes. |
|
888 | * <strong>Not implemented</strong> |
|
889 | * |
|
890 | * @param permission the object describing the permission to be created. |
|
891 | * @return a new Permission object that has id set up properly. |
|
892 | * @throws DataBackendException if there was an error accessing the backend. |
|
893 | * @throws EntityExistsException if the permission already exists. |
|
894 | */ |
|
895 | public synchronized Permission addPermission(Permission permission) |
|
896 | throws DataBackendException, EntityExistsException |
|
897 | { |
|
898 | try |
|
899 | { |
|
900 | 0 | lockExclusive(); |
901 | ||
902 | 0 | String permName = permission.getName(); |
903 | ||
904 | 0 | if (checkExists(permission)) |
905 | { |
|
906 | 0 | throw new EntityExistsException( |
907 | "Permission '" + permName + "' already exists"); |
|
908 | } |
|
909 | ||
910 | // Make the distinguished name. |
|
911 | 0 | String dn = "turbinePermissionName=" + permName + "," |
912 | + LDAPSecurityConstants.getBaseSearch(); |
|
913 | ||
914 | // Make the attributes. |
|
915 | 0 | Attributes attrs = new BasicAttributes(); |
916 | ||
917 | 0 | attrs.put(new BasicAttribute("objectClass", "turbinePermission")); |
918 | 0 | attrs.put(new BasicAttribute("turbinePermissionName", permName)); |
919 | ||
920 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
921 | ||
922 | // Add the permission in LDAP. |
|
923 | 0 | ctx.bind(dn, null, attrs); |
924 | ||
925 | // add the permission to system-wide cache |
|
926 | 0 | getAllPermissions().add(permission); |
927 | ||
928 | 0 | return permission; |
929 | } |
|
930 | 0 | catch (NamingException ex) |
931 | { |
|
932 | 0 | throw new DataBackendException("NamingException caught", ex); |
933 | } |
|
934 | finally |
|
935 | { |
|
936 | 0 | unlockExclusive(); |
937 | } |
|
938 | } |
|
939 | ||
940 | /** |
|
941 | * Removes a Group from the system. |
|
942 | * |
|
943 | * @param group object describing group to be removed. |
|
944 | * @throws DataBackendException if there was an error accessing the backend. |
|
945 | * @throws UnknownEntityException if the group does not exist. |
|
946 | */ |
|
947 | public synchronized void removeGroup(Group group) |
|
948 | throws DataBackendException, UnknownEntityException |
|
949 | { |
|
950 | try |
|
951 | { |
|
952 | 0 | lockExclusive(); |
953 | ||
954 | 0 | String groupName = group.getName(); |
955 | ||
956 | 0 | if (!checkExists(group)) |
957 | { |
|
958 | 0 | throw new UnknownEntityException( |
959 | "Group '" + groupName + "' does not exist"); |
|
960 | } |
|
961 | ||
962 | // Make the distinguished name. |
|
963 | 0 | String dn = "turbineGroupName=" + groupName + "," |
964 | + LDAPSecurityConstants.getBaseSearch(); |
|
965 | ||
966 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
967 | ||
968 | // Remove the group from LDAP. |
|
969 | 0 | ctx.unbind(dn); |
970 | ||
971 | // Remove the group from system-wide cache. |
|
972 | 0 | getAllGroups().remove(group); |
973 | } |
|
974 | 0 | catch (NamingException ex) |
975 | { |
|
976 | 0 | throw new DataBackendException("NamingException caught", ex); |
977 | } |
|
978 | finally |
|
979 | { |
|
980 | 0 | unlockExclusive(); |
981 | 0 | } |
982 | 0 | } |
983 | ||
984 | /** |
|
985 | * Removes a Role from the system. |
|
986 | * |
|
987 | * @param role object describing role to be removed. |
|
988 | * @throws DataBackendException if there was an error accessing the backend. |
|
989 | * @throws UnknownEntityException if the role does not exist. |
|
990 | */ |
|
991 | public synchronized void removeRole(Role role) |
|
992 | throws DataBackendException, UnknownEntityException |
|
993 | { |
|
994 | try |
|
995 | { |
|
996 | 0 | lockExclusive(); |
997 | ||
998 | 0 | String roleName = role.getName(); |
999 | ||
1000 | 0 | if (!checkExists(role)) |
1001 | { |
|
1002 | 0 | throw new UnknownEntityException( |
1003 | "Role '" + roleName + "' does not exist"); |
|
1004 | } |
|
1005 | ||
1006 | // Make the distinguished name. |
|
1007 | 0 | String dn = "turbineRoleName=" + roleName + "," |
1008 | + LDAPSecurityConstants.getBaseSearch(); |
|
1009 | ||
1010 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
1011 | ||
1012 | // Remove the role from LDAP. |
|
1013 | 0 | ctx.unbind(dn); |
1014 | ||
1015 | // Remove the role from system-wide cache. |
|
1016 | 0 | getAllRoles().remove(role); |
1017 | } |
|
1018 | 0 | catch (NamingException ex) |
1019 | { |
|
1020 | 0 | throw new DataBackendException("NamingException caught", ex); |
1021 | } |
|
1022 | finally |
|
1023 | { |
|
1024 | 0 | unlockExclusive(); |
1025 | 0 | } |
1026 | 0 | } |
1027 | ||
1028 | /** |
|
1029 | * Removes a Permission from the system. |
|
1030 | * |
|
1031 | * @param permission object describing permission to be removed. |
|
1032 | * @throws DataBackendException if there was an error accessing the backend. |
|
1033 | * @throws UnknownEntityException if the permission does not exist. |
|
1034 | */ |
|
1035 | public synchronized void removePermission(Permission permission) |
|
1036 | throws DataBackendException, UnknownEntityException |
|
1037 | { |
|
1038 | try |
|
1039 | { |
|
1040 | 0 | lockExclusive(); |
1041 | ||
1042 | 0 | String permName = permission.getName(); |
1043 | ||
1044 | 0 | if (!checkExists(permission)) |
1045 | { |
|
1046 | 0 | throw new UnknownEntityException( |
1047 | "Permission '" + permName + "' does not exist"); |
|
1048 | } |
|
1049 | ||
1050 | // Make the distinguished name. |
|
1051 | 0 | String dn = "turbinePermissionName=" + permName + "," |
1052 | + LDAPSecurityConstants.getBaseSearch(); |
|
1053 | ||
1054 | 0 | DirContext ctx = LDAPUserManager.bindAsAdmin(); |
1055 | ||
1056 | // Remove the permission in LDAP. |
|
1057 | 0 | ctx.unbind(dn); |
1058 | ||
1059 | // Remove the permission from system-wide cache. |
|
1060 | 0 | getAllPermissions().remove(permission); |
1061 | } |
|
1062 | 0 | catch (NamingException ex) |
1063 | { |
|
1064 | 0 | throw new DataBackendException("NamingException caught", ex); |
1065 | } |
|
1066 | finally |
|
1067 | { |
|
1068 | 0 | unlockExclusive(); |
1069 | 0 | } |
1070 | 0 | } |
1071 | ||
1072 | /** |
|
1073 | * Renames an existing Group. |
|
1074 | * |
|
1075 | * @param group object describing the group to be renamed. |
|
1076 | * @param name the new name for the group. |
|
1077 | * @throws DataBackendException if there was an error accessing the backend. |
|
1078 | * @throws UnknownEntityException if the group does not exist. |
|
1079 | */ |
|
1080 | public synchronized void renameGroup(Group group, String name) |
|
1081 | throws DataBackendException, UnknownEntityException |
|
1082 | { |
|
1083 | // Not implemented yet. |
|
1084 | 0 | } |
1085 | ||
1086 | /** |
|
1087 | * Renames an existing Role. |
|
1088 | * |
|
1089 | * @param role object describing the role to be renamed. |
|
1090 | * @param name the new name for the role. |
|
1091 | * @throws DataBackendException if there was an error accessing the backend. |
|
1092 | * @throws UnknownEntityException if the role does not exist. |
|
1093 | */ |
|
1094 | public synchronized void renameRole(Role role, String name) |
|
1095 | throws DataBackendException, UnknownEntityException |
|
1096 | { |
|
1097 | // Not implemented yet. |
|
1098 | 0 | } |
1099 | ||
1100 | /** |
|
1101 | * Renames an existing Permission. |
|
1102 | * |
|
1103 | * @param permission object describing the permission to be renamed. |
|
1104 | * @param name the new name for the permission. |
|
1105 | * @throws DataBackendException if there was an error accessing the backend. |
|
1106 | * @throws UnknownEntityException if the permission does not exist. |
|
1107 | */ |
|
1108 | public synchronized void renamePermission(Permission permission, |
|
1109 | String name) |
|
1110 | throws DataBackendException, UnknownEntityException |
|
1111 | { |
|
1112 | // Not implemented yet. |
|
1113 | 0 | } |
1114 | ||
1115 | /** |
|
1116 | * Revoke all the roles to a user |
|
1117 | * @param user the user. |
|
1118 | * @throws DataBackendException if there is an error with the data backend. |
|
1119 | * @throws UnkownEntityException if the role or a permission is not found. |
|
1120 | */ |
|
1121 | public void revokeAll(User user) |
|
1122 | throws DataBackendException, UnknownEntityException |
|
1123 | { |
|
1124 | 0 | Iterator groupsIterator = getAllGroups().iterator(); |
1125 | 0 | while (groupsIterator.hasNext()) |
1126 | { |
|
1127 | 0 | Group group = (Group) groupsIterator.next(); |
1128 | 0 | Iterator rolesIterator = getRoles(user, group).iterator(); |
1129 | 0 | while (rolesIterator.hasNext()) |
1130 | { |
|
1131 | 0 | Role role = (Role) rolesIterator.next(); |
1132 | 0 | revoke(user, group, role); |
1133 | } |
|
1134 | } |
|
1135 | 0 | } |
1136 | ||
1137 | /** |
|
1138 | * Revoke all the permissions to a role. |
|
1139 | * @param role the role. |
|
1140 | * @throws DataBackendException if there is an error with the data backend. |
|
1141 | * @throws UnkownEntityException if the role or a permission is not found. |
|
1142 | */ |
|
1143 | public void revokeAll(Role role) |
|
1144 | throws DataBackendException, UnknownEntityException |
|
1145 | { |
|
1146 | 0 | PermissionSet permissions = getPermissions(role); |
1147 | 0 | Iterator permIterator = permissions.iterator(); |
1148 | 0 | while (permIterator.hasNext()) |
1149 | { |
|
1150 | 0 | Permission perm = (Permission) permIterator.next(); |
1151 | 0 | revoke(role, perm); |
1152 | } |
|
1153 | 0 | } |
1154 | ||
1155 | /** |
|
1156 | * Revoke all the roles to a group. |
|
1157 | * @param group the group. |
|
1158 | * @throws DataBackendException if there is an error with the data backend. |
|
1159 | * @throws UnkownEntityException if the role or a permission is not found. |
|
1160 | */ |
|
1161 | public void revokeAll(Group group) |
|
1162 | throws DataBackendException, UnknownEntityException |
|
1163 | { |
|
1164 | 0 | for (Iterator it = getUserList(new Criteria()).iterator(); |
1165 | 0 | it.hasNext();) |
1166 | { |
|
1167 | 0 | User user = (User) it.next(); |
1168 | 0 | for (Iterator rolesIterator = getRoles(user, group).iterator(); |
1169 | 0 | rolesIterator.hasNext();) |
1170 | { |
|
1171 | 0 | Role role = (Role) rolesIterator.next(); |
1172 | 0 | revoke(user, group, role); |
1173 | } |
|
1174 | } |
|
1175 | 0 | } |
1176 | ||
1177 | /** |
|
1178 | * Determines if the <code>Role</code> exists in the security system. |
|
1179 | * |
|
1180 | * @param role a <code>Role</code> value |
|
1181 | * @return true if the role exists in the system, false otherwise |
|
1182 | * @throws DataBackendException if there is an error with LDAP |
|
1183 | */ |
|
1184 | public boolean checkExists(Role role) |
|
1185 | throws DataBackendException |
|
1186 | { |
|
1187 | 0 | RoleSet roleSet = getRoles(new Criteria()); |
1188 | ||
1189 | 0 | return roleSet.contains(role); |
1190 | } |
|
1191 | ||
1192 | /** |
|
1193 | * Determines if the <code>Group</code> exists in the security system. |
|
1194 | * |
|
1195 | * @param group a <code>Group</code> value |
|
1196 | * @return true if the group exists in the system, false otherwise |
|
1197 | * @throws DataBackendException if there is an error with LDAP |
|
1198 | */ |
|
1199 | public boolean checkExists(Group group) |
|
1200 | throws DataBackendException |
|
1201 | { |
|
1202 | 0 | GroupSet groupSet = getGroups(new Criteria()); |
1203 | ||
1204 | 0 | return groupSet.contains(group); |
1205 | } |
|
1206 | ||
1207 | /** |
|
1208 | * Determines if the <code>Permission</code> exists in the security system. |
|
1209 | * |
|
1210 | * @param permission a <code>Permission</code> value |
|
1211 | * @return true if the permission exists in the system, false otherwise |
|
1212 | * @throws DataBackendException if there is an error with LDAP |
|
1213 | */ |
|
1214 | public boolean checkExists(Permission permission) |
|
1215 | throws DataBackendException |
|
1216 | { |
|
1217 | 0 | PermissionSet permissionSet = getPermissions(new Criteria()); |
1218 | ||
1219 | 0 | return permissionSet.contains(permission); |
1220 | } |
|
1221 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |