ome.logic

Class LdapImpl

java.lang.Object

ome.logic.AbstractLevel2Service

ome.logic.LdapImpl

All Implemented Interfaces:

ILdap, ServiceInterface, SelfConfigurableService, org.springframework.context.ApplicationContextAware

@Transactional(readOnly=true)
public class LdapImpl
extends AbstractLevel2Service
implements ILdap, org.springframework.context.ApplicationContextAware

Provides methods for administering user accounts, passwords, as well as methods which require special privileges. Developer note: As can be expected, to perform these privileged the Admin service has access to several resources that should not be generally used while developing services. Misuse could circumvent security or auditing.

Since:

3.0-M3

Author:

Aleksandra Tarkowska, A.Tarkowska@dundee.ac.uk

See Also:

SecuritySystem, Permissions

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	LdapImpl.GroupLoader Data class which stores the state of the NewUserGroupBean and NewUserGroupOwnerBean operations.

Field Summary

Fields inherited from class ome.logic.AbstractLevel2Service

iQuery, iUpdate, metadata, queryFactory, sec

Constructor Summary

Constructors

Constructor and Description
LdapImpl(org.springframework.ldap.core.ContextSource ctx, org.springframework.ldap.core.LdapOperations ldap, Roles roles, LdapConfig config, RoleProvider roleProvider, SqlAction sql)

Method Summary

Modifier and Type	Method and Description
Experimenter	createUser(String username) Creates an Experimenter based on the supplied LDAP username.
Experimenter	createUser(String username, String password) Creates an Experimenter based on the supplied LDAP username.
Experimenter	createUser(String username, String password, boolean checkPassword) Creates an Experimenter based on the supplied LDAP username.
boolean	createUserFromLdap(String username, String password) Deprecated.
List<Experimenter>	discover() Discovers and lists Experimenters who are present in the remote LDAP server and in the local DB but have the ldap property set to false.
List<ExperimenterGroup>	discoverGroups() Discovers and lists ExperimenterGroups which are present in the remote LDAP server and in the local DB but have the ldap property set to false.
String	findDN(String username) Searches unique Distinguished Name - String in LDAP for Common Name equals username.
Experimenter	findExperimenter(String username) Searches Experimenter by unique Distinguished Name - String in LDAP for Common Name equals username.
ExperimenterGroup	findGroup(String groupname) Looks up a specific ExperimenterGroup in LDAP using the provided group name.
String	findGroupDN(String groupname) Looks up the DN for a group.
Class<? extends ServiceInterface>	getServiceInterface()
boolean	getSetting() Gets config value from properties.
List<Long>	loadLdapGroups(String username, org.springframework.ldap.core.DistinguishedName dn) Deprecated.
String	lookupLdapAuthExperimenter(Long id) Queries the LDAP server and returns the DN for the specified OMERO user ID.
List<Map<String,Object>>	lookupLdapAuthExperimenters() Queries the LDAP server and returns the DN for all OMERO users that have the ldap flag enabled.
List<Experimenter>	searchAll() Searches all Experimenter list on LDAP for attribute objectClass = person.
List<Experimenter>	searchByAttribute(String dns, String attr, String value) Searches all Experimenter in LDAP for specified attribute
List<Experimenter>	searchByAttributes(String dn, String[] attributes, String[] values) Searches all Experimenter in LDAP for specified attributes.
Experimenter	searchByDN(String dns) Searches one Experimenter in LDAP for specified Distinguished Name - String
List<String>	searchDnInGroups(String attr, String value) Searches Distinguished Name - String in groups
void	setApplicationContext(org.springframework.context.ApplicationContext arg0)
void	setDN(Long experimenterID, String dn) Deprecated.
void	synchronizeLdapUser(String username)
boolean	validatePassword(String dn, String password) Validates password for base.

Methods inherited from class ome.logic.AbstractLevel2Service

getBeanHelper, getExtendedMetadata, getQueryFactory, getSecuritySystem, selfConfigure, setExtendedMetadata, setQueryFactory, setQueryService, setSecuritySystem, setUpdateService

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LdapImpl

public LdapImpl(org.springframework.ldap.core.ContextSource ctx,
                org.springframework.ldap.core.LdapOperations ldap,
                Roles roles,
                LdapConfig config,
                RoleProvider roleProvider,
                SqlAction sql)

Method Detail

setApplicationContext

public void setApplicationContext(org.springframework.context.ApplicationContext arg0)
                           throws org.springframework.beans.BeansException

Specified by:

setApplicationContext in interface org.springframework.context.ApplicationContextAware

Throws:

org.springframework.beans.BeansException

getServiceInterface

public Class<? extends ServiceInterface> getServiceInterface()

Specified by:

getServiceInterface in interface SelfConfigurableService

searchAll

public List<Experimenter> searchAll()

Description copied from interface: ILdap

Searches all Experimenter list on LDAP for attribute objectClass = person.

Specified by:

searchAll in interface ILdap

Returns:

all Experimenter list.

searchByAttribute

public List<Experimenter> searchByAttribute(String dns,
                                            String attr,
                                            String value)

Description copied from interface: ILdap

Searches all Experimenter in LDAP for specified attribute

Specified by:

searchByAttribute in interface ILdap

Parameters:

dns - Distinguished Name base for search. Never null.

attr - Name of attribute. Never null or empty.

value - Expected value of attribute. Never null or empty.

Returns:

List of Experimenters.

searchByDN

public Experimenter searchByDN(String dns)

Description copied from interface: ILdap

Searches one Experimenter in LDAP for specified Distinguished Name - String

Specified by:

searchByDN in interface ILdap

Parameters:

dns - unique Distinguished Name - String of user, Never null or empty.

Returns:

an Experimenter.

findDN

public String findDN(String username)

Description copied from interface: ILdap

Searches unique Distinguished Name - String in LDAP for Common Name equals username. Common Name should be unique under the specified base. If list of cn's contains more then one DN will return exception.

Specified by:

findDN in interface ILdap

Parameters:

username - Name of the Experimenter equals CommonName.

Returns:

an String Distinguished Name. Never null.

findGroupDN

public String findGroupDN(String groupname)

Description copied from interface: ILdap

Looks up the DN for a group.

Specified by:

findGroupDN in interface ILdap

Returns:

an String Distinguished Name. Never null.

findExperimenter

public Experimenter findExperimenter(String username)

Description copied from interface: ILdap

Searches Experimenter by unique Distinguished Name - String in LDAP for Common Name equals username. Common Name should be unique under the specified base. If list of cn's contains more then one DN will return exception.

Specified by:

findExperimenter in interface ILdap

Parameters:

username - Name of the Experimenter equals CommonName.

Returns:

an Experimenter. Never null.

findGroup

public ExperimenterGroup findGroup(String groupname)

Description copied from interface: ILdap

Looks up a specific ExperimenterGroup in LDAP using the provided group name. It is expected that the group name will be unique in the searched LDAP base tree. If more than one group with the specified name has been found, an exception will be thrown.

Specified by:

findGroup in interface ILdap

Returns:

an ExperimenterGroup. Never null.

searchDnInGroups

public List<String> searchDnInGroups(String attr,
                                     String value)

Description copied from interface: ILdap

Searches Distinguished Name - String in groups

Specified by:

searchDnInGroups in interface ILdap

Parameters:

attr - Name of member attribute. Never null or empty.

value - User's DN which should be set on value for attribute. Never null or empty.

Returns:

List of groups which contains DN.

searchByAttributes

public List<Experimenter> searchByAttributes(String dn,
                                             String[] attributes,
                                             String[] values)

Description copied from interface: ILdap

Searches all Experimenter in LDAP for specified attributes. Attributes should be specified in String [] and their values should be set in equivalent String [].

Specified by:

searchByAttributes in interface ILdap

Parameters:

dn - DistinguishedName base for search. Never null.

attributes - Name of attribute. Never null or empty.

values - Expected value of attribute. Never null or empty.

Returns:

List of Experimenters.

setDN

@Transactional(readOnly=false)
 @Deprecated
public void setDN(Long experimenterID,
                                                              String dn)

Deprecated.

Description copied from interface: ILdap

Sets the value of the dn column in the password table to the supplied string, for the supplied Experimenter ID.

Specified by:

setDN in interface ILdap

getSetting

public boolean getSetting()

Description copied from interface: ILdap

Gets config value from properties.

Specified by:

getSetting in interface ILdap

Returns:

boolean

synchronizeLdapUser

public void synchronizeLdapUser(String username)

createUserFromLdap

@Deprecated
 @Transactional(readOnly=false)
public boolean createUserFromLdap(String username,
                                                                              String password)

Deprecated.

Creates an Experimenter based on the supplied LDAP username. Doesn't validate the user's password and can be only executed by admin users.

Parameters:

username - The user's LDAP username.

password - The user's LDAP password, not null.

Returns:

true if a user is created

createUser

@Transactional(readOnly=false)
public Experimenter createUser(String username)

Creates an Experimenter based on the supplied LDAP username. Doesn't validate the user's password and can be only executed by admin users.

Specified by:

createUser in interface ILdap

Parameters:

username - The user's LDAP username.

Returns:

The newly created Experimenter object.

createUser

public Experimenter createUser(String username,
                               String password)

Creates an Experimenter based on the supplied LDAP username. Enforces user password validation.

Parameters:

username - The user's LDAP username.

password - The user's LDAP password, not null.

Returns:

The newly created Experimenter object.

createUser

public Experimenter createUser(String username,
                               String password,
                               boolean checkPassword)

Creates an Experimenter based on the supplied LDAP username. A boolean flag controls if password checks should be performed.

Parameters:

username - The user's LDAP username.

password - The user's password.

checkPassword - Flag indicating if password check should be performed.

Returns:

The newly created Experimenter object.

loadLdapGroups

@Deprecated
public List<Long> loadLdapGroups(String username,
                                             org.springframework.ldap.core.DistinguishedName dn)

Deprecated.

validatePassword

public boolean validatePassword(String dn,
                                String password)

Validates password for base. Base is user's DN. When context was created successful specified requirements are valid.

Parameters:

dn - the user's distinguished name

password - the user's password

Returns:

boolean if the user's password is correct

lookupLdapAuthExperimenters

public List<Map<String,Object>> lookupLdapAuthExperimenters()

Queries the LDAP server and returns the DN for all OMERO users that have the ldap flag enabled.

Returns:

a list of DN to user ID maps.

lookupLdapAuthExperimenter

public String lookupLdapAuthExperimenter(Long id)

Queries the LDAP server and returns the DN for the specified OMERO user ID. The LDAP server is queried and the DN returned only for IDs that have the ldap flag enabled.

Parameters:

id - The user ID.

Returns:

The DN as a String. Null if user isn't from LDAP.

discover

public List<Experimenter> discover()

Description copied from interface: ILdap

Discovers and lists Experimenters who are present in the remote LDAP server and in the local DB but have the ldap property set to false.

Specified by:

discover in interface ILdap

Returns:

list of Experimenters.

discoverGroups

public List<ExperimenterGroup> discoverGroups()

Description copied from interface: ILdap

Discovers and lists ExperimenterGroups which are present in the remote LDAP server and in the local DB but have the ldap property set to false.

Specified by:

discoverGroups in interface ILdap

Returns:

list of ExperimenterGroups.