ome.logic
Class LdapImpl

java.lang.Object
  extended by ome.logic.AbstractLevel2Service
      extended by ome.logic.LdapImpl
All Implemented Interfaces:
ILdap, LocalLdap, ServiceInterface, SelfConfigurableService

@Transactional(readOnly=true)
public class LdapImpl
extends AbstractLevel2Service
implements LocalLdap

Provides methods for administering user accounts, passwords, as well as methods which require special privileges. Developer note: As can be expected, to perform these privileged the Admin service has access to several resources that should not be generally used while developing services. Misuse could circumvent security or auditing.

Since:
3.0-M3
Version:
$Revision: 1552 $, $Date: 2007-05-23 09:43:33 +0100 (Wed, 23 May 2007) $
Author:
Aleksandra Tarkowska, A.Tarkowska@dundee.ac.uk
See Also:
SecuritySystem, Permissions

Nested Class Summary
static class LdapImpl.GroupAttributMapper
           
 class LdapImpl.PersonContextMapper
           
static class LdapImpl.UidAttributMapper
           
 
Field Summary
protected  String attributes
           
protected  boolean config
           
protected  String groups
           
protected  org.springframework.jdbc.core.simple.SimpleJdbcOperations jdbc
           
protected  org.springframework.ldap.core.LdapOperations ldapOperations
           
protected  String newUserGroup
           
protected  RoleProvider roleProvider
           
protected  String values
           
 
Fields inherited from class ome.logic.AbstractLevel2Service
iQuery, iUpdate, metadata, queryFactory, sec
 
Constructor Summary
LdapImpl(RoleProvider roleProvider, org.springframework.ldap.core.LdapOperations ldapOperations, org.springframework.jdbc.core.simple.SimpleJdbcOperations jdbc, String newUserGroup, String groups, String attributes, String values, boolean config)
           
 
Method Summary
 boolean createUserFromLdap(String username, String password)
          Gets user from LDAP for checking him by requirements and setting his details on DB
 String findDN(String username)
          Searchs unique Distinguished Name - String in LDAP for Common Name equals username.
 ome.model.meta.Experimenter findExperimenter(String username)
          Searchs Experimenter by unique Distinguished Name - String in LDAP for Common Name equals username.
 String getBase()
          Gets base from the OmeroContext -> Bean: contextSource
 String[] getReqAttributes()
          Gets specyfied attributes from properties.
 List<String> getReqGroups()
          Gets specyfied requirements from properties.
 String[] getReqValues()
          Gets specified values for attributes from properties.
 Class<? extends ServiceInterface> getServiceInterface()
           
 boolean getSetting()
          Gets config value from properties.
protected  void isAuthContext(String username, String password)
          Creates the initial context with no connection request controls in order to check authentication.
 boolean isInGroups(List groups, List usergroups)
          Checks that user's group list contains require groups.
 List<ome.model.meta.Experimenter> searchAll()
          Searchs all Experimenter list on LDAP for attribute objectClass = person.
 List<ome.model.meta.Experimenter> searchByAttribute(String dns, String attr, String value)
          Searchs all Experimenter in LDAP for specyfied attribute
 List<ome.model.meta.Experimenter> searchByAttributes(String dn, String[] attributes, String[] values)
          Searchs all Experimenter in LDAP for specyfied attributes.
 ome.model.meta.Experimenter searchByDN(String dns)
          Searchs one Experimenter in LDAP for specyfied Distinguished Name - String
 List<String> searchDnInGroups(String attr, String value)
          Searchs Distinguished Name - String in groups
 List<ome.model.meta.ExperimenterGroup> searchGroups()
          Searchs all Groups in LDAP
 void setDN(Long experimenterID, String dn)
          Searchs all Experimenter in LDAP for objectClass = person
 void setReqAttributes(String[] arg0)
          Sets specyfied attributes from properties.
 void setReqGroups(List<String> arg0)
          Sets specyfied requirements from properties.
 void setReqValues(String[] arg0)
          Sets specified values for attributes from properties.
 boolean validatePassword(String base, String password)
          Validates password for base.
 boolean validateRequiroments(String base)
          Valids specyfied requirements for base (groups, attributes)
 
Methods inherited from class ome.logic.AbstractLevel2Service
getBeanHelper, getExtendedMetadata, getQueryFactory, getSecuritySystem, selfConfigure, setExtendedMetadata, setQueryFactory, setQueryService, setSecuritySystem, setUpdateService
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ldapOperations

protected final org.springframework.ldap.core.LdapOperations ldapOperations

jdbc

protected final org.springframework.jdbc.core.simple.SimpleJdbcOperations jdbc

newUserGroup

protected final String newUserGroup

groups

protected final String groups

attributes

protected final String attributes

values

protected final String values

config

protected final boolean config

roleProvider

protected final RoleProvider roleProvider
Constructor Detail

LdapImpl

public LdapImpl(RoleProvider roleProvider,
                org.springframework.ldap.core.LdapOperations ldapOperations,
                org.springframework.jdbc.core.simple.SimpleJdbcOperations jdbc,
                String newUserGroup,
                String groups,
                String attributes,
                String values,
                boolean config)
Method Detail

searchAll

public List<ome.model.meta.Experimenter> searchAll()
Description copied from interface: ILdap
Searchs all Experimenter list on LDAP for attribute objectClass = person.

Specified by:
searchAll in interface ILdap
Returns:
all Experimenter list.

searchByAttribute

public List<ome.model.meta.Experimenter> searchByAttribute(String dns,
                                                           String attr,
                                                           String value)
Description copied from interface: ILdap
Searchs all Experimenter in LDAP for specyfied attribute

Specified by:
searchByAttribute in interface ILdap
Parameters:
dns - - Distinguished Name - String base for search. Never null, should be net.sf.ldaptemplate.support.DistinguishedName#EMPTY_PATH.
value - - String expected value of attribute. Never null or empty.
Returns:
List of Experimenters.

searchByDN

public ome.model.meta.Experimenter searchByDN(String dns)
Description copied from interface: ILdap
Searchs one Experimenter in LDAP for specyfied Distinguished Name - String

Specified by:
searchByDN in interface ILdap
Parameters:
dns - unique Distinguished Name - String of user, Never null or empty.
Returns:
an Experimenter.

findDN

public String findDN(String username)
Description copied from interface: ILdap
Searchs unique Distinguished Name - String in LDAP for Common Name equals username. Common Name should be unique under the specified base. If list of cn's contains more then one DN will return exception.

Specified by:
findDN in interface ILdap
Parameters:
username - Name of the Experimenter equals CommonName.
Returns:
an String Distinguished Name. Never null.

findExperimenter

public ome.model.meta.Experimenter findExperimenter(String username)
Description copied from interface: ILdap
Searchs Experimenter by unique Distinguished Name - String in LDAP for Common Name equals username. Common Name should be unique under the specified base. If list of cn's contains more then one DN will return exception.

Specified by:
findExperimenter in interface ILdap
Parameters:
username - Name of the Experimenter equals CommonName.
Returns:
an Experimenter. Never null.

searchDnInGroups

public List<String> searchDnInGroups(String attr,
                                     String value)
Description copied from interface: ILdap
Searchs Distinguished Name - String in groups

Specified by:
searchDnInGroups in interface ILdap
Parameters:
attr - - String name of memeber attribute. Never null or empty.
value - - user's DN which should be set on value for attribute. Never null or empty.
Returns:
List of groups which contains DN.

searchByAttributes

public List<ome.model.meta.Experimenter> searchByAttributes(String dn,
                                                            String[] attributes,
                                                            String[] values)
Description copied from interface: ILdap
Searchs all Experimenter in LDAP for specyfied attributes. Attributes should be specyfied in String [] and their values should be set in equivalets String [].

Specified by:
searchByAttributes in interface ILdap
Parameters:
dn - - net.sf.ldaptemplate.support.DistinguishedName base for search. Never null, should be net.sf.ldaptemplate.support.DistinguishedName#EMPTY_PATH.
Returns:
List of Experimenters.

searchGroups

public List<ome.model.meta.ExperimenterGroup> searchGroups()
Description copied from interface: ILdap
Searchs all Groups in LDAP

Specified by:
searchGroups in interface ILdap
Returns:
an ExperimenterGroups.

setDN

@Transactional(readOnly=false)
public void setDN(Long experimenterID,
                                String dn)
Description copied from interface: ILdap
Searchs all Experimenter in LDAP for objectClass = person

Specified by:
setDN in interface ILdap

getSetting

public boolean getSetting()
Description copied from interface: ILdap
Gets config value from properties.

Specified by:
getSetting in interface ILdap
Returns:
boolean

getReqGroups

public List<String> getReqGroups()
Description copied from interface: ILdap
Gets specyfied requirements from properties.

Specified by:
getReqGroups in interface ILdap
Returns:
List

getReqAttributes

public String[] getReqAttributes()
Description copied from interface: ILdap
Gets specyfied attributes from properties.

Specified by:
getReqAttributes in interface ILdap
Returns:
String []

getReqValues

public String[] getReqValues()
Description copied from interface: ILdap
Gets specified values for attributes from properties.

Specified by:
getReqValues in interface ILdap
Returns:
String []

setReqAttributes

public void setReqAttributes(String[] arg0)
Description copied from interface: ILdap
Sets specyfied attributes from properties.

Specified by:
setReqAttributes in interface ILdap

setReqGroups

public void setReqGroups(List<String> arg0)
Description copied from interface: ILdap
Sets specyfied requirements from properties.

Specified by:
setReqGroups in interface ILdap

setReqValues

public void setReqValues(String[] arg0)
Description copied from interface: ILdap
Sets specified values for attributes from properties.

Specified by:
setReqValues in interface ILdap

getServiceInterface

public Class<? extends ServiceInterface> getServiceInterface()
Specified by:
getServiceInterface in interface SelfConfigurableService

getBase

public String getBase()
Gets base from the OmeroContext -> Bean: contextSource

Specified by:
getBase in interface LocalLdap
Returns:
String

isAuthContext

protected void isAuthContext(String username,
                             String password)
Creates the initial context with no connection request controls in order to check authentication. If authentication fails, this method throws a SecurityViolation.


validatePassword

public boolean validatePassword(String base,
                                String password)
Validates password for base. Base is user's DN. When context was created successful specified requirements are valid.

Specified by:
validatePassword in interface LocalLdap
Returns:
boolean

createUserFromLdap

@Transactional(readOnly=false)
public boolean createUserFromLdap(String username,
                                                String password)
Gets user from LDAP for checking him by requirements and setting his details on DB

Specified by:
createUserFromLdap in interface LocalLdap
Returns:
ServiceFactory

validateRequiroments

public boolean validateRequiroments(String base)
Valids specyfied requirements for base (groups, attributes)

Specified by:
validateRequiroments in interface LocalLdap
Returns:
boolean

isInGroups

public boolean isInGroups(List groups,
                          List usergroups)
Checks that user's group list contains require groups. If one of user's groups is on require groups' list will return true.

Specified by:
isInGroups in interface LocalLdap
Returns:
boolean


OmeroJava Api

Version: Beta-4.1.1-r5927-b91

Copyright © 2009 The University of Dundee. All Rights Reserved.