View Javadoc

1   package org.apache.turbine.services.security.ldap;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.io.ByteArrayOutputStream;
20  import java.io.PrintWriter;
21  import java.sql.Connection;
22  import java.util.Hashtable;
23  import javax.naming.NamingException;
24  import javax.naming.directory.Attribute;
25  import javax.naming.directory.Attributes;
26  import javax.naming.directory.BasicAttribute;
27  import javax.naming.directory.BasicAttributes;
28  import javax.servlet.http.HttpSessionBindingEvent;
29  
30  import org.apache.commons.logging.Log;
31  import org.apache.commons.logging.LogFactory;
32  import org.apache.torque.om.BaseObject;
33  import org.apache.torque.om.StringKey;
34  import org.apache.turbine.om.security.User;
35  import org.apache.turbine.services.security.TurbineSecurity;
36  
37  /***
38   * LDAPUser implements User and provides access to a user who accesses the
39   * system via LDAP.
40   *
41   * @author <a href="mailto:cberry@gluecode.com">Craig D. Berry</a>
42   * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi</a>
43   * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
44   * @author <a href="mailto:dlr@finemaltcoding.com">Daniel Rall</a>
45   * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
46   * @version $Id: LDAPUser.java 278822 2005-09-05 19:53:05Z henning $
47   */
48  public class LDAPUser extends BaseObject implements User
49  {
50  
51      /*** Serial Version UID */
52      private static final long serialVersionUID = 3953123276619326752L;
53  
54      /*** Logging */
55      private static Log log = LogFactory.getLog(LDAPUser.class);
56  
57      /* A few attributes common to a User. */
58  
59      /*** Date when the user was created */
60      private java.util.Date createDate = null;
61  
62      /*** Date when the user was last accessed */
63      private java.util.Date lastAccessDate = null;
64  
65      /*** timeout */
66      private int timeout = 15;
67  
68      /*** This is data that will survive a servlet engine restart. */
69      private Hashtable permStorage = null;
70  
71      /*** This is data that will not survive a servlet engine restart. */
72      private Hashtable tempStorage = null;
73  
74      /***
75       * Constructor.
76       * Create a new User and set the createDate.
77       */
78      public LDAPUser()
79      {
80          createDate = new java.util.Date();
81          tempStorage = new Hashtable(10);
82          permStorage = new Hashtable(10);
83          setHasLoggedIn(Boolean.FALSE);
84      }
85  
86      /***
87       * Populates the user with values obtained from the LDAP Service.
88       * This method could be redefined in subclasses.
89       * @param attribs The attributes obtained from LDAP.
90       * @throws NamingException if there was an error with JNDI.
91       */
92      public void setLDAPAttributes(Attributes attribs)
93              throws NamingException
94      {
95  
96          Attribute attr;
97          String attrName;
98  
99          // Set the User id.
100         attrName = LDAPSecurityConstants.getUserIdAttribute();
101         if (attrName != null)
102         {
103             attr = attribs.get(attrName);
104             if (attr != null && attr.get() != null)
105             {
106                 try
107                 {
108                     setPrimaryKey(new StringKey(attr.get().toString()));
109                 }
110                 catch (Exception ex)
111                 {
112                     log.error("Exception caught:", ex);
113                 }
114             }
115         }
116 
117         // Set the Username.
118         attrName = LDAPSecurityConstants.getNameAttribute();
119         if (attrName != null)
120         {
121             attr = attribs.get(attrName);
122             if (attr != null && attr.get() != null)
123             {
124                 setUserName(attr.get().toString());
125             }
126         }
127         else
128         {
129             log.error("There is no LDAP attribute for the username.");
130         }
131 
132         // Set the Firstname.
133         attrName = LDAPSecurityConstants.getFirstNameAttribute();
134         if (attrName != null)
135         {
136             attr = attribs.get(attrName);
137             if (attr != null && attr.get() != null)
138             {
139                 setFirstName(attr.get().toString());
140             }
141         }
142 
143         // Set the Lastname.
144         attrName = LDAPSecurityConstants.getLastNameAttribute();
145         if (attrName != null)
146         {
147             attr = attribs.get(attrName);
148             if (attr != null && attr.get() != null)
149             {
150                 setLastName(attr.get().toString());
151             }
152         }
153 
154         // Set the E-Mail
155         attrName = LDAPSecurityConstants.getEmailAttribute();
156         if (attrName != null)
157         {
158             attr = attribs.get(attrName);
159             if (attr != null && attr.get() != null)
160             {
161                 setEmail(attr.get().toString());
162             }
163         }
164     }
165 
166     /***
167      * Get the JNDI Attributes used to store the user in LDAP.
168      * This method could be redefined in a subclass.
169      *
170      * @throws NamingException if there is a JNDI error.
171      * @return The JNDI attributes of the user.
172      */
173     public Attributes getLDAPAttributes()
174             throws NamingException
175     {
176         Attributes attribs = new BasicAttributes();
177         String attrName;
178 
179         // Set the objectClass
180         attrName = "objectClass";
181         if (attrName != null)
182         {
183             Object value = "turbineUser";
184 
185             if (value != null)
186             {
187                 Attribute attr = new BasicAttribute(attrName, value);
188 
189                 attribs.put(attr);
190             }
191         }
192 
193         // Set the User id.
194         attrName = LDAPSecurityConstants.getUserIdAttribute();
195         if (attrName != null)
196         {
197             Object value = getPrimaryKey();
198 
199             if (value != null)
200             {
201                 Attribute attr = new BasicAttribute(attrName, value);
202 
203                 attribs.put(attr);
204             }
205         }
206 
207         // Set the Username.
208         attrName = LDAPSecurityConstants.getNameAttribute();
209         if (attrName != null)
210         {
211             Object value = getName();
212 
213             if (value != null)
214             {
215                 Attribute attr = new BasicAttribute(attrName, value);
216 
217                 attribs.put(attr);
218             }
219         }
220 
221         // Set the Firstname.
222         attrName = LDAPSecurityConstants.getFirstNameAttribute();
223         if (attrName != null)
224         {
225             Object value = getFirstName();
226 
227             if (value != null)
228             {
229                 Attribute attr = new BasicAttribute(attrName, value);
230 
231                 attribs.put(attr);
232             }
233         }
234 
235         // Set the Lastname.
236         attrName = LDAPSecurityConstants.getLastNameAttribute();
237         if (attrName != null)
238         {
239             Object value = getLastName();
240 
241             if (value != null)
242             {
243                 Attribute attr = new BasicAttribute(attrName, value);
244 
245                 attribs.put(attr);
246             }
247         }
248 
249         // Set the E-Mail.
250         attrName = LDAPSecurityConstants.getEmailAttribute();
251         if (attrName != null)
252         {
253             Object value = getEmail();
254 
255             if (value != null)
256             {
257                 Attribute attr = new BasicAttribute(attrName, value);
258 
259                 attribs.put(attr);
260             }
261         }
262 
263         // Set the Password
264         attrName = LDAPSecurityConstants.getPasswordAttribute();
265         if (attrName != null)
266         {
267             Object value = getPassword();
268 
269             if (value != null)
270             {
271                 Attribute attr = new BasicAttribute(attrName, value);
272 
273                 attribs.put(attr);
274             }
275         }
276 
277         return attribs;
278     }
279 
280     /***
281      * Gets the distinguished name (DN) of the User.
282      * This method could be redefined in a subclass.
283      * @return The Distinguished Name of the user.
284      */
285     public String getDN()
286     {
287         String filterAttribute = LDAPSecurityConstants.getNameAttribute();
288         String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
289         String userName = getName();
290 
291         String dn = filterAttribute + "=" + userName + "," + userBaseSearch;
292 
293         return dn;
294     }
295 
296     /***
297      * Gets the access counter for a user during a session.
298      *
299      * @return The access counter for the user for the session.
300      */
301     public int getAccessCounterForSession()
302     {
303         try
304         {
305             return ((Integer) getTemp(User.SESSION_ACCESS_COUNTER)).intValue();
306         }
307         catch (Exception e)
308         {
309             return 0;
310         }
311     }
312 
313     /***
314      * Gets the access counter for a user from perm storage.
315      *
316      * @return The access counter for the user.
317      */
318     public int getAccessCounter()
319     {
320         try
321         {
322             return ((Integer) getPerm(User.ACCESS_COUNTER)).intValue();
323         }
324         catch (Exception e)
325         {
326             return 0;
327         }
328     }
329 
330     /***
331      * Gets the create date for this User.  This is the time at which
332      * the user object was created.
333      *
334      * @return A Java Date with the date of creation for the user.
335      */
336     public java.util.Date getCreateDate()
337     {
338         return createDate;
339     }
340 
341     /***
342      * Returns the value of Confirmed variable
343      * @return the confirm value.
344      */
345     public String getConfirmed()
346     {
347         String tmp = null;
348 
349         tmp = (String) getPerm(User.CONFIRM_VALUE);
350         if (tmp != null && tmp.length() == 0)
351         {
352             tmp = null;
353         }
354         return tmp;
355     }
356 
357     /***
358      * Returns the Email for this user.  If this is defined, then
359      * the user is considered logged in.
360      *
361      * @return A String with the user's Email.
362      */
363     public String getEmail()
364     {
365         String tmp = null;
366 
367         tmp = (String) getPerm(User.EMAIL);
368         if (tmp != null && tmp.length() == 0)
369         {
370             tmp = null;
371         }
372         return tmp;
373     }
374 
375     /***
376      * Gets the last access date for this User.  This is the last time
377      * that the user object was referenced.
378      *
379      * @return A Java Date with the last access date for the user.
380      */
381     public java.util.Date getLastAccessDate()
382     {
383         if (lastAccessDate == null)
384         {
385             setLastAccessDate();
386         }
387         return lastAccessDate;
388     }
389 
390     /***
391      * Get last login date/time for this user.
392      *
393      * @return A Java Date with the last login date for the user.
394      */
395     public java.util.Date getLastLogin()
396     {
397         return (java.util.Date) getPerm(User.LAST_LOGIN);
398     }
399 
400     /***
401      * Get password for this user.
402      *
403      * @return A String with the password for the user.
404      */
405     public String getPassword()
406     {
407         return (String) getPerm(User.PASSWORD);
408     }
409 
410     /***
411      * Get an object from permanent storage.
412      * @param name The object's name.
413      * @return An Object with the given name.
414      */
415     public Object getPerm(String name)
416     {
417         return permStorage.get(name);
418     }
419 
420     /***
421      * Get an object from permanent storage; return default if value
422      * is null.
423      *
424      * @param name The object's name.
425      * @param def A default value to return.
426      * @return An Object with the given name.
427      */
428     public Object getPerm(String name, Object def)
429     {
430         try
431         {
432             Object val = permStorage.get(name);
433 
434             if (val == null)
435             {
436                 return def;
437             }
438             return val;
439         }
440         catch (Exception e)
441         {
442             return def;
443         }
444     }
445 
446     /***
447      * This should only be used in the case where we want to save the
448      * data to the database.
449      *
450      * @return A Hashtable.
451      */
452     public Hashtable getPermStorage()
453     {
454         if (this.permStorage == null)
455         {
456             this.permStorage = new Hashtable();
457         }
458         return this.permStorage;
459     }
460 
461     /***
462      * Get an object from temporary storage.
463      *
464      * @param name The object's name.
465      * @return An Object with the given name.
466      */
467     public Object getTemp(String name)
468     {
469         return tempStorage.get(name);
470     }
471 
472     /***
473      * Get an object from temporary storage; return default if value
474      * is null.
475      *
476      * @param name The object's name.
477      * @param def A default value to return.
478      * @return An Object with the given name.
479      */
480     public Object getTemp(String name, Object def)
481     {
482         Object val;
483 
484         try
485         {
486             val = tempStorage.get(name);
487             if (val == null)
488             {
489                 val = def;
490             }
491         }
492         catch (Exception e)
493         {
494             val = def;
495         }
496         return val;
497     }
498 
499     /***
500      * A User object can have a variable Timeout, which is defined in
501      * minutes.  If the user has been timed out, then the
502      * hasLoggedIn() value will return false.
503      *
504      * @return An int specifying the timeout.
505      */
506     public int getTimeout()
507     {
508         return this.timeout;
509     }
510 
511     /***
512      * Returns the username for this user.  If this is defined, then
513      * the user is considered logged in.
514      *
515      * @return A String with the username.
516      * @deprecated Use getName() instead
517      */
518     public String getUserName()
519     {
520         return getName();
521     }
522 
523     /***
524      * Returns the first name for this user.  If this is defined, then
525      * the user is considered logged in.
526      *
527      * @return A String with the user's first name.
528      */
529     public String getFirstName()
530     {
531         String tmp = null;
532 
533         tmp = (String) getPerm(User.FIRST_NAME);
534         if (tmp != null && tmp.length() == 0)
535         {
536             tmp = null;
537         }
538         return tmp;
539     }
540 
541     /***
542      * Returns the last name for this user.  If this is defined, then
543      * the user is considered logged in.
544      *
545      * @return A String with the user's last name.
546      */
547     public String getLastName()
548     {
549         String tmp = null;
550 
551         tmp = (String) getPerm(User.LAST_NAME);
552         if (tmp != null && tmp.length() == 0)
553         {
554             tmp = null;
555         }
556         return tmp;
557     }
558 
559     /***
560      * The user is considered logged in if they have not timed out.
561      *
562      * @return True if the user has logged in.
563      */
564     public boolean hasLoggedIn()
565     {
566         Boolean tmp = getHasLoggedIn();
567 
568         if (tmp != null && tmp.booleanValue())
569         {
570             return true;
571         }
572         else
573         {
574             return false;
575         }
576     }
577 
578     /***
579      * This method reports whether or not the user has been confirmed
580      * in the system by checking the <code>CONFIRM_VALUE</code>
581      * column to see if it is equal to <code>CONFIRM_DATA</code>.
582      *
583      * @return True if the user has been confirmed.
584      */
585     public boolean isConfirmed()
586     {
587         return ((String) getTemp(CONFIRM_VALUE, "")).equals(CONFIRM_DATA);
588     }
589 
590     /***
591      * Increments the permanent hit counter for the user.
592      */
593     public void incrementAccessCounter()
594     {
595         setAccessCounter(getAccessCounter() + 1);
596     }
597 
598     /***
599      * Increments the session hit counter for the user.
600      */
601     public void incrementAccessCounterForSession()
602     {
603         setAccessCounterForSession(getAccessCounterForSession() + 1);
604     }
605 
606     /***
607      * Remove an object from temporary storage and return the object.
608      *
609      * @param name The name of the object to remove.
610      * @return An Object.
611      */
612     public Object removeTemp(String name)
613     {
614         return tempStorage.remove(name);
615     }
616 
617     /***
618      * Sets the access counter for a user, saved in perm storage.
619      *
620      * @param cnt The new count.
621      */
622     public void setAccessCounter(int cnt)
623     {
624         setPerm(User.ACCESS_COUNTER, new Integer(cnt));
625     }
626 
627     /***
628      * Sets the session access counter for a user, saved in temp
629      * storage.
630      *
631      * @param cnt The new count.
632      */
633     public void setAccessCounterForSession(int cnt)
634     {
635         setTemp(User.SESSION_ACCESS_COUNTER, new Integer(cnt));
636     }
637 
638     /***
639      * Set the users confirmed variable
640      *
641      * @param confirm The new confim value.
642      */
643     public void setConfirmed(String confirm)
644     {
645         getPerm(User.CONFIRM_VALUE, confirm);
646     }
647 
648     /***
649      * Sets the last access date for this User. This is the last time
650      * that the user object was referenced.
651      */
652     public void setLastAccessDate()
653     {
654         lastAccessDate = new java.util.Date();
655     }
656 
657     /***
658      * Sets the create date for this User. This is the time at which
659      * the user object was created.
660      *
661      * @param date The create date.
662      */
663     public void setCreateDate(java.util.Date date)
664     {
665         createDate = date;
666     }
667 
668     /***
669      * Set the users Email
670      *
671      * @param email The new email.
672      */
673     public void setEmail(String email)
674     {
675         setPerm(User.EMAIL, email);
676     }
677 
678     /***
679      * Set the users First Name
680      *
681      * @param fname The new firstname.
682      */
683     public void setFirstName(String fname)
684     {
685         setPerm(User.FIRST_NAME, fname);
686     }
687 
688     /***
689      * Set last login date/time.
690      *
691      * @param date The last login date.
692      */
693     public void setLastLogin(java.util.Date date)
694     {
695         setPerm(User.LAST_LOGIN, date);
696     }
697 
698     /***
699      * Set the users Last Name
700      * Sets the last name for this user.
701      *
702      * @param lname The new lastname.
703      */
704     public void setLastName(String lname)
705     {
706         setPerm(User.LAST_NAME, lname);
707     }
708 
709     /***
710      * Set password.
711      *
712      * @param password The new password.
713      */
714     public void setPassword(String password)
715     {
716         setPerm(User.PASSWORD, password);
717     }
718 
719     /***
720      * Put an object into permanent storage.
721      *
722      * @param name The object's name.
723      * @param value The object.
724      */
725     public void setPerm(String name, Object value)
726     {
727         permStorage.put(name, value);
728     }
729 
730     /***
731      * This should only be used in the case where we want to save the
732      * data to the database.
733      *
734      * @param stuff A Hashtable.
735      */
736     public void setPermStorage(Hashtable stuff)
737     {
738         this.permStorage = stuff;
739     }
740 
741     /***
742      * This should only be used in the case where we want to save the
743      * data to the database.
744      *
745      * @return A Hashtable.
746      */
747     public Hashtable getTempStorage()
748     {
749         if (this.tempStorage == null)
750         {
751             this.tempStorage = new Hashtable();
752         }
753         return this.tempStorage;
754     }
755 
756     /***
757      * This should only be used in the case where we want to save the
758      * data to the database.
759      *
760      * @param storage A Hashtable.
761      */
762     public void setTempStorage(Hashtable storage)
763     {
764         this.tempStorage = storage;
765     }
766 
767     /***
768      * This gets whether or not someone has logged in.  hasLoggedIn()
769      * returns this value as a boolean.  This is private because you
770      * should use hasLoggedIn() instead.
771      *
772      * @return True if someone has logged in.
773      */
774     private Boolean getHasLoggedIn()
775     {
776         return (Boolean) getTemp(User.HAS_LOGGED_IN);
777     }
778 
779     /***
780      * This sets whether or not someone has logged in.  hasLoggedIn()
781      * returns this value.
782      *
783      * @param value Whether someone has logged in or not.
784      */
785     public void setHasLoggedIn(Boolean value)
786     {
787         setTemp(User.HAS_LOGGED_IN, value);
788     }
789 
790     /***
791      * Put an object into temporary storage.
792      *
793      * @param name The object's name.
794      * @param value The object.
795      */
796     public void setTemp(String name, Object value)
797     {
798         tempStorage.put(name, value);
799     }
800 
801     /***
802      * A User object can have a variable Timeout which is defined in
803      * minutes.  If the user has been timed out, then the
804      * hasLoggedIn() value will return false.
805      *
806      * @param time The user's timeout.
807      */
808     public void setTimeout(int time)
809     {
810         this.timeout = time;
811     }
812 
813     /***
814      * Sets the username for this user.
815      *
816      * @param username The user's username.
817      */
818     public void setUserName(String username)
819     {
820         setPerm(User.USERNAME, username);
821     }
822 
823     /***
824      * Updates the last login date in the database.
825      *
826      * @exception Exception a generic exception.
827      */
828     public void updateLastLogin() throws Exception
829     {
830         setPerm(User.LAST_LOGIN, new java.util.Date());
831     }
832 
833     /***
834      * Implement this method if you wish to be notified when the User
835      * has been Bound to the session.
836      *
837      * @param hsbe The HttpSessionBindingEvent.
838      */
839     public void valueBound(HttpSessionBindingEvent hsbe)
840     {
841         // Do not currently need this method.
842     }
843 
844     /***
845      * Implement this method if you wish to be notified when the User
846      * has been Unbound from the session.
847      *
848      * @param hsbe The HttpSessionBindingEvent.
849      */
850     public void valueUnbound(HttpSessionBindingEvent hsbe)
851     {
852         try
853         {
854             if (hasLoggedIn())
855             {
856                 TurbineSecurity.saveUser(this);
857             }
858         }
859         catch (Exception e)
860         {
861             log.error("BaseUser.valueUnbobund(): "
862                     + e.getMessage());
863             log.error(e);
864 
865             // To prevent messages being lost in case the logging system
866             // goes away before sessions get unbound on servlet container
867             // shutdown, print the stcktrace to the container's console.
868             ByteArrayOutputStream ostr = new ByteArrayOutputStream();
869 
870             e.printStackTrace(new PrintWriter(ostr, true));
871             String stackTrace = ostr.toString();
872 
873             System.out.println(stackTrace);
874         }
875     }
876 
877     /***
878      * Returns the username for this user.  If this is defined, then
879      * the user is considered logged in.
880      *
881      * @return A String with the username.
882      */
883     public String getName()
884     {
885         String tmp = null;
886 
887         tmp = (String) getPerm(User.USERNAME);
888         if (tmp != null && tmp.length() == 0)
889         {
890             tmp = null;
891         }
892         return tmp;
893     }
894 
895     /***
896      * Not implemented.
897      * @param name the name of the User.
898      */
899     public void setName(String name)
900     {
901     }
902 
903     /***
904      * Not implemented.
905      * @return 0
906      */
907     public int getId()
908     {
909         return 0;
910     }
911 
912     /***
913      * Not implemented.
914      * @return null
915      */
916     public Integer getIdAsObj()
917     {
918         return new Integer(0);
919     }
920 
921     /***
922      * Not implemented.
923      *
924      * @param id The id of the User.
925      */
926     public void setId(int id)
927     {
928     }
929 
930     /***
931      * Saves this object to the data store.
932      * @throws Exception if it cannot be saved
933      */
934     public void save()
935             throws Exception
936     {
937         if (TurbineSecurity.accountExists(this))
938         {
939             TurbineSecurity.saveUser(this);
940         }
941         else
942         {
943             TurbineSecurity.addUser(this, getPassword());
944         }
945     }
946 
947     /***
948      * not implemented
949      *
950      * @param conn the database connection
951      * @throws Exception if there is an error
952      */
953     public void save(Connection conn) throws Exception
954     {
955         throw new Exception("not implemented");
956     }
957 
958     /***
959      * not implemented
960      *
961      * @param dbname the database name
962      * @throws Exception if there is an error
963      */
964     public void save(String dbname) throws Exception
965     {
966         throw new Exception("not implemented");
967     }
968 
969 }