1 package org.apache.turbine.services.security.ldap;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import java.io.ByteArrayOutputStream;
23 import java.io.PrintWriter;
24 import java.sql.Connection;
25 import java.util.Hashtable;
26 import javax.naming.NamingException;
27 import javax.naming.directory.Attribute;
28 import javax.naming.directory.Attributes;
29 import javax.naming.directory.BasicAttribute;
30 import javax.naming.directory.BasicAttributes;
31 import javax.servlet.http.HttpSessionBindingEvent;
32
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
35 import org.apache.torque.om.BaseObject;
36 import org.apache.torque.om.StringKey;
37 import org.apache.turbine.om.security.User;
38 import org.apache.turbine.services.security.TurbineSecurity;
39
40 /***
41 * LDAPUser implements User and provides access to a user who accesses the
42 * system via LDAP.
43 *
44 * @author <a href="mailto:cberry@gluecode.com">Craig D. Berry</a>
45 * @author <a href="mailto:tadewunmi@gluecode.com">Tracy M. Adewunmi</a>
46 * @author <a href="mailto:lflournoy@gluecode.com">Leonard J. Flournoy </a>
47 * @author <a href="mailto:dlr@finemaltcoding.com">Daniel Rall</a>
48 * @author <a href="mailto:hhernandez@itweb.com.mx">Humberto Hernandez</a>
49 * @version $Id: LDAPUser.java 534527 2007-05-02 16:10:59Z tv $
50 */
51 public class LDAPUser extends BaseObject implements User
52 {
53
54 /*** Serial Version UID */
55 private static final long serialVersionUID = 3953123276619326752L;
56
57 /*** Logging */
58 private static Log log = LogFactory.getLog(LDAPUser.class);
59
60
61
62 /*** Date when the user was created */
63 private java.util.Date createDate = null;
64
65 /*** Date when the user was last accessed */
66 private java.util.Date lastAccessDate = null;
67
68 /*** timeout */
69 private int timeout = 15;
70
71 /*** This is data that will survive a servlet engine restart. */
72 private Hashtable permStorage = null;
73
74 /*** This is data that will not survive a servlet engine restart. */
75 private Hashtable tempStorage = null;
76
77 /***
78 * Constructor.
79 * Create a new User and set the createDate.
80 */
81 public LDAPUser()
82 {
83 createDate = new java.util.Date();
84 tempStorage = new Hashtable(10);
85 permStorage = new Hashtable(10);
86 setHasLoggedIn(Boolean.FALSE);
87 }
88
89 /***
90 * Populates the user with values obtained from the LDAP Service.
91 * This method could be redefined in subclasses.
92 * @param attribs The attributes obtained from LDAP.
93 * @throws NamingException if there was an error with JNDI.
94 */
95 public void setLDAPAttributes(Attributes attribs)
96 throws NamingException
97 {
98
99 Attribute attr;
100 String attrName;
101
102
103 attrName = LDAPSecurityConstants.getUserIdAttribute();
104 if (attrName != null)
105 {
106 attr = attribs.get(attrName);
107 if (attr != null && attr.get() != null)
108 {
109 try
110 {
111 setPrimaryKey(new StringKey(attr.get().toString()));
112 }
113 catch (Exception ex)
114 {
115 log.error("Exception caught:", ex);
116 }
117 }
118 }
119
120
121 attrName = LDAPSecurityConstants.getNameAttribute();
122 if (attrName != null)
123 {
124 attr = attribs.get(attrName);
125 if (attr != null && attr.get() != null)
126 {
127 setUserName(attr.get().toString());
128 }
129 }
130 else
131 {
132 log.error("There is no LDAP attribute for the username.");
133 }
134
135
136 attrName = LDAPSecurityConstants.getFirstNameAttribute();
137 if (attrName != null)
138 {
139 attr = attribs.get(attrName);
140 if (attr != null && attr.get() != null)
141 {
142 setFirstName(attr.get().toString());
143 }
144 }
145
146
147 attrName = LDAPSecurityConstants.getLastNameAttribute();
148 if (attrName != null)
149 {
150 attr = attribs.get(attrName);
151 if (attr != null && attr.get() != null)
152 {
153 setLastName(attr.get().toString());
154 }
155 }
156
157
158 attrName = LDAPSecurityConstants.getEmailAttribute();
159 if (attrName != null)
160 {
161 attr = attribs.get(attrName);
162 if (attr != null && attr.get() != null)
163 {
164 setEmail(attr.get().toString());
165 }
166 }
167 }
168
169 /***
170 * Get the JNDI Attributes used to store the user in LDAP.
171 * This method could be redefined in a subclass.
172 *
173 * @throws NamingException if there is a JNDI error.
174 * @return The JNDI attributes of the user.
175 */
176 public Attributes getLDAPAttributes()
177 throws NamingException
178 {
179 Attributes attribs = new BasicAttributes();
180 String attrName;
181
182
183 attrName = "objectClass";
184 if (attrName != null)
185 {
186 Object value = "turbineUser";
187
188 if (value != null)
189 {
190 Attribute attr = new BasicAttribute(attrName, value);
191
192 attribs.put(attr);
193 }
194 }
195
196
197 attrName = LDAPSecurityConstants.getUserIdAttribute();
198 if (attrName != null)
199 {
200 Object value = getPrimaryKey();
201
202 if (value != null)
203 {
204 Attribute attr = new BasicAttribute(attrName, value);
205
206 attribs.put(attr);
207 }
208 }
209
210
211 attrName = LDAPSecurityConstants.getNameAttribute();
212 if (attrName != null)
213 {
214 Object value = getName();
215
216 if (value != null)
217 {
218 Attribute attr = new BasicAttribute(attrName, value);
219
220 attribs.put(attr);
221 }
222 }
223
224
225 attrName = LDAPSecurityConstants.getFirstNameAttribute();
226 if (attrName != null)
227 {
228 Object value = getFirstName();
229
230 if (value != null)
231 {
232 Attribute attr = new BasicAttribute(attrName, value);
233
234 attribs.put(attr);
235 }
236 }
237
238
239 attrName = LDAPSecurityConstants.getLastNameAttribute();
240 if (attrName != null)
241 {
242 Object value = getLastName();
243
244 if (value != null)
245 {
246 Attribute attr = new BasicAttribute(attrName, value);
247
248 attribs.put(attr);
249 }
250 }
251
252
253 attrName = LDAPSecurityConstants.getEmailAttribute();
254 if (attrName != null)
255 {
256 Object value = getEmail();
257
258 if (value != null)
259 {
260 Attribute attr = new BasicAttribute(attrName, value);
261
262 attribs.put(attr);
263 }
264 }
265
266
267 attrName = LDAPSecurityConstants.getPasswordAttribute();
268 if (attrName != null)
269 {
270 Object value = getPassword();
271
272 if (value != null)
273 {
274 Attribute attr = new BasicAttribute(attrName, value);
275
276 attribs.put(attr);
277 }
278 }
279
280 return attribs;
281 }
282
283 /***
284 * Gets the distinguished name (DN) of the User.
285 * This method could be redefined in a subclass.
286 * @return The Distinguished Name of the user.
287 */
288 public String getDN()
289 {
290 String filterAttribute = LDAPSecurityConstants.getNameAttribute();
291 String userBaseSearch = LDAPSecurityConstants.getBaseSearch();
292 String userName = getName();
293
294 String dn = filterAttribute + "=" + userName + "," + userBaseSearch;
295
296 return dn;
297 }
298
299 /***
300 * Gets the access counter for a user during a session.
301 *
302 * @return The access counter for the user for the session.
303 */
304 public int getAccessCounterForSession()
305 {
306 try
307 {
308 return ((Integer) getTemp(User.SESSION_ACCESS_COUNTER)).intValue();
309 }
310 catch (Exception e)
311 {
312 return 0;
313 }
314 }
315
316 /***
317 * Gets the access counter for a user from perm storage.
318 *
319 * @return The access counter for the user.
320 */
321 public int getAccessCounter()
322 {
323 try
324 {
325 return ((Integer) getPerm(User.ACCESS_COUNTER)).intValue();
326 }
327 catch (Exception e)
328 {
329 return 0;
330 }
331 }
332
333 /***
334 * Gets the create date for this User. This is the time at which
335 * the user object was created.
336 *
337 * @return A Java Date with the date of creation for the user.
338 */
339 public java.util.Date getCreateDate()
340 {
341 return createDate;
342 }
343
344 /***
345 * Returns the value of Confirmed variable
346 * @return the confirm value.
347 */
348 public String getConfirmed()
349 {
350 String tmp = null;
351
352 tmp = (String) getPerm(User.CONFIRM_VALUE);
353 if (tmp != null && tmp.length() == 0)
354 {
355 tmp = null;
356 }
357 return tmp;
358 }
359
360 /***
361 * Returns the Email for this user. If this is defined, then
362 * the user is considered logged in.
363 *
364 * @return A String with the user's Email.
365 */
366 public String getEmail()
367 {
368 String tmp = null;
369
370 tmp = (String) getPerm(User.EMAIL);
371 if (tmp != null && tmp.length() == 0)
372 {
373 tmp = null;
374 }
375 return tmp;
376 }
377
378 /***
379 * Gets the last access date for this User. This is the last time
380 * that the user object was referenced.
381 *
382 * @return A Java Date with the last access date for the user.
383 */
384 public java.util.Date getLastAccessDate()
385 {
386 if (lastAccessDate == null)
387 {
388 setLastAccessDate();
389 }
390 return lastAccessDate;
391 }
392
393 /***
394 * Get last login date/time for this user.
395 *
396 * @return A Java Date with the last login date for the user.
397 */
398 public java.util.Date getLastLogin()
399 {
400 return (java.util.Date) getPerm(User.LAST_LOGIN);
401 }
402
403 /***
404 * Get password for this user.
405 *
406 * @return A String with the password for the user.
407 */
408 public String getPassword()
409 {
410 return (String) getPerm(User.PASSWORD);
411 }
412
413 /***
414 * Get an object from permanent storage.
415 * @param name The object's name.
416 * @return An Object with the given name.
417 */
418 public Object getPerm(String name)
419 {
420 return permStorage.get(name);
421 }
422
423 /***
424 * Get an object from permanent storage; return default if value
425 * is null.
426 *
427 * @param name The object's name.
428 * @param def A default value to return.
429 * @return An Object with the given name.
430 */
431 public Object getPerm(String name, Object def)
432 {
433 try
434 {
435 Object val = permStorage.get(name);
436
437 if (val == null)
438 {
439 return def;
440 }
441 return val;
442 }
443 catch (Exception e)
444 {
445 return def;
446 }
447 }
448
449 /***
450 * This should only be used in the case where we want to save the
451 * data to the database.
452 *
453 * @return A Hashtable.
454 */
455 public Hashtable getPermStorage()
456 {
457 if (this.permStorage == null)
458 {
459 this.permStorage = new Hashtable();
460 }
461 return this.permStorage;
462 }
463
464 /***
465 * Get an object from temporary storage.
466 *
467 * @param name The object's name.
468 * @return An Object with the given name.
469 */
470 public Object getTemp(String name)
471 {
472 return tempStorage.get(name);
473 }
474
475 /***
476 * Get an object from temporary storage; return default if value
477 * is null.
478 *
479 * @param name The object's name.
480 * @param def A default value to return.
481 * @return An Object with the given name.
482 */
483 public Object getTemp(String name, Object def)
484 {
485 Object val;
486
487 try
488 {
489 val = tempStorage.get(name);
490 if (val == null)
491 {
492 val = def;
493 }
494 }
495 catch (Exception e)
496 {
497 val = def;
498 }
499 return val;
500 }
501
502 /***
503 * A User object can have a variable Timeout, which is defined in
504 * minutes. If the user has been timed out, then the
505 * hasLoggedIn() value will return false.
506 *
507 * @return An int specifying the timeout.
508 */
509 public int getTimeout()
510 {
511 return this.timeout;
512 }
513
514 /***
515 * Returns the username for this user. If this is defined, then
516 * the user is considered logged in.
517 *
518 * @return A String with the username.
519 * @deprecated Use getName() instead
520 */
521 public String getUserName()
522 {
523 return getName();
524 }
525
526 /***
527 * Returns the first name for this user. If this is defined, then
528 * the user is considered logged in.
529 *
530 * @return A String with the user's first name.
531 */
532 public String getFirstName()
533 {
534 String tmp = null;
535
536 tmp = (String) getPerm(User.FIRST_NAME);
537 if (tmp != null && tmp.length() == 0)
538 {
539 tmp = null;
540 }
541 return tmp;
542 }
543
544 /***
545 * Returns the last name for this user. If this is defined, then
546 * the user is considered logged in.
547 *
548 * @return A String with the user's last name.
549 */
550 public String getLastName()
551 {
552 String tmp = null;
553
554 tmp = (String) getPerm(User.LAST_NAME);
555 if (tmp != null && tmp.length() == 0)
556 {
557 tmp = null;
558 }
559 return tmp;
560 }
561
562 /***
563 * The user is considered logged in if they have not timed out.
564 *
565 * @return True if the user has logged in.
566 */
567 public boolean hasLoggedIn()
568 {
569 Boolean tmp = getHasLoggedIn();
570
571 if (tmp != null && tmp.booleanValue())
572 {
573 return true;
574 }
575 else
576 {
577 return false;
578 }
579 }
580
581 /***
582 * This method reports whether or not the user has been confirmed
583 * in the system by checking the <code>CONFIRM_VALUE</code>
584 * column to see if it is equal to <code>CONFIRM_DATA</code>.
585 *
586 * @return True if the user has been confirmed.
587 */
588 public boolean isConfirmed()
589 {
590 return ((String) getTemp(CONFIRM_VALUE, "")).equals(CONFIRM_DATA);
591 }
592
593 /***
594 * Increments the permanent hit counter for the user.
595 */
596 public void incrementAccessCounter()
597 {
598 setAccessCounter(getAccessCounter() + 1);
599 }
600
601 /***
602 * Increments the session hit counter for the user.
603 */
604 public void incrementAccessCounterForSession()
605 {
606 setAccessCounterForSession(getAccessCounterForSession() + 1);
607 }
608
609 /***
610 * Remove an object from temporary storage and return the object.
611 *
612 * @param name The name of the object to remove.
613 * @return An Object.
614 */
615 public Object removeTemp(String name)
616 {
617 return tempStorage.remove(name);
618 }
619
620 /***
621 * Sets the access counter for a user, saved in perm storage.
622 *
623 * @param cnt The new count.
624 */
625 public void setAccessCounter(int cnt)
626 {
627 setPerm(User.ACCESS_COUNTER, new Integer(cnt));
628 }
629
630 /***
631 * Sets the session access counter for a user, saved in temp
632 * storage.
633 *
634 * @param cnt The new count.
635 */
636 public void setAccessCounterForSession(int cnt)
637 {
638 setTemp(User.SESSION_ACCESS_COUNTER, new Integer(cnt));
639 }
640
641 /***
642 * Set the users confirmed variable
643 *
644 * @param confirm The new confim value.
645 */
646 public void setConfirmed(String confirm)
647 {
648 getPerm(User.CONFIRM_VALUE, confirm);
649 }
650
651 /***
652 * Sets the last access date for this User. This is the last time
653 * that the user object was referenced.
654 */
655 public void setLastAccessDate()
656 {
657 lastAccessDate = new java.util.Date();
658 }
659
660 /***
661 * Sets the create date for this User. This is the time at which
662 * the user object was created.
663 *
664 * @param date The create date.
665 */
666 public void setCreateDate(java.util.Date date)
667 {
668 createDate = date;
669 }
670
671 /***
672 * Set the users Email
673 *
674 * @param email The new email.
675 */
676 public void setEmail(String email)
677 {
678 setPerm(User.EMAIL, email);
679 }
680
681 /***
682 * Set the users First Name
683 *
684 * @param fname The new firstname.
685 */
686 public void setFirstName(String fname)
687 {
688 setPerm(User.FIRST_NAME, fname);
689 }
690
691 /***
692 * Set last login date/time.
693 *
694 * @param date The last login date.
695 */
696 public void setLastLogin(java.util.Date date)
697 {
698 setPerm(User.LAST_LOGIN, date);
699 }
700
701 /***
702 * Set the users Last Name
703 * Sets the last name for this user.
704 *
705 * @param lname The new lastname.
706 */
707 public void setLastName(String lname)
708 {
709 setPerm(User.LAST_NAME, lname);
710 }
711
712 /***
713 * Set password.
714 *
715 * @param password The new password.
716 */
717 public void setPassword(String password)
718 {
719 setPerm(User.PASSWORD, password);
720 }
721
722 /***
723 * Put an object into permanent storage.
724 *
725 * @param name The object's name.
726 * @param value The object.
727 */
728 public void setPerm(String name, Object value)
729 {
730 permStorage.put(name, value);
731 }
732
733 /***
734 * This should only be used in the case where we want to save the
735 * data to the database.
736 *
737 * @param stuff A Hashtable.
738 */
739 public void setPermStorage(Hashtable stuff)
740 {
741 this.permStorage = stuff;
742 }
743
744 /***
745 * This should only be used in the case where we want to save the
746 * data to the database.
747 *
748 * @return A Hashtable.
749 */
750 public Hashtable getTempStorage()
751 {
752 if (this.tempStorage == null)
753 {
754 this.tempStorage = new Hashtable();
755 }
756 return this.tempStorage;
757 }
758
759 /***
760 * This should only be used in the case where we want to save the
761 * data to the database.
762 *
763 * @param storage A Hashtable.
764 */
765 public void setTempStorage(Hashtable storage)
766 {
767 this.tempStorage = storage;
768 }
769
770 /***
771 * This gets whether or not someone has logged in. hasLoggedIn()
772 * returns this value as a boolean. This is private because you
773 * should use hasLoggedIn() instead.
774 *
775 * @return True if someone has logged in.
776 */
777 private Boolean getHasLoggedIn()
778 {
779 return (Boolean) getTemp(User.HAS_LOGGED_IN);
780 }
781
782 /***
783 * This sets whether or not someone has logged in. hasLoggedIn()
784 * returns this value.
785 *
786 * @param value Whether someone has logged in or not.
787 */
788 public void setHasLoggedIn(Boolean value)
789 {
790 setTemp(User.HAS_LOGGED_IN, value);
791 }
792
793 /***
794 * Put an object into temporary storage.
795 *
796 * @param name The object's name.
797 * @param value The object.
798 */
799 public void setTemp(String name, Object value)
800 {
801 tempStorage.put(name, value);
802 }
803
804 /***
805 * A User object can have a variable Timeout which is defined in
806 * minutes. If the user has been timed out, then the
807 * hasLoggedIn() value will return false.
808 *
809 * @param time The user's timeout.
810 */
811 public void setTimeout(int time)
812 {
813 this.timeout = time;
814 }
815
816 /***
817 * Sets the username for this user.
818 *
819 * @param username The user's username.
820 */
821 public void setUserName(String username)
822 {
823 setPerm(User.USERNAME, username);
824 }
825
826 /***
827 * Updates the last login date in the database.
828 *
829 * @exception Exception a generic exception.
830 */
831 public void updateLastLogin() throws Exception
832 {
833 setPerm(User.LAST_LOGIN, new java.util.Date());
834 }
835
836 /***
837 * Implement this method if you wish to be notified when the User
838 * has been Bound to the session.
839 *
840 * @param hsbe The HttpSessionBindingEvent.
841 */
842 public void valueBound(HttpSessionBindingEvent hsbe)
843 {
844
845 }
846
847 /***
848 * Implement this method if you wish to be notified when the User
849 * has been Unbound from the session.
850 *
851 * @param hsbe The HttpSessionBindingEvent.
852 */
853 public void valueUnbound(HttpSessionBindingEvent hsbe)
854 {
855 try
856 {
857 if (hasLoggedIn())
858 {
859 TurbineSecurity.saveUser(this);
860 }
861 }
862 catch (Exception e)
863 {
864 log.error("BaseUser.valueUnbobund(): "
865 + e.getMessage());
866 log.error(e);
867
868
869
870
871 ByteArrayOutputStream ostr = new ByteArrayOutputStream();
872
873 e.printStackTrace(new PrintWriter(ostr, true));
874 String stackTrace = ostr.toString();
875
876 System.out.println(stackTrace);
877 }
878 }
879
880 /***
881 * Returns the username for this user. If this is defined, then
882 * the user is considered logged in.
883 *
884 * @return A String with the username.
885 */
886 public String getName()
887 {
888 String tmp = null;
889
890 tmp = (String) getPerm(User.USERNAME);
891 if (tmp != null && tmp.length() == 0)
892 {
893 tmp = null;
894 }
895 return tmp;
896 }
897
898 /***
899 * Not implemented.
900 * @param name the name of the User.
901 */
902 public void setName(String name)
903 {
904 }
905
906 /***
907 * Not implemented.
908 * @return 0
909 */
910 public int getId()
911 {
912 return 0;
913 }
914
915 /***
916 * Not implemented.
917 * @return null
918 */
919 public Integer getIdAsObj()
920 {
921 return new Integer(0);
922 }
923
924 /***
925 * Not implemented.
926 *
927 * @param id The id of the User.
928 */
929 public void setId(int id)
930 {
931 }
932
933 /***
934 * Saves this object to the data store.
935 * @throws Exception if it cannot be saved
936 */
937 public void save()
938 throws Exception
939 {
940 if (TurbineSecurity.accountExists(this))
941 {
942 TurbineSecurity.saveUser(this);
943 }
944 else
945 {
946 TurbineSecurity.addUser(this, getPassword());
947 }
948 }
949
950 /***
951 * not implemented
952 *
953 * @param conn the database connection
954 * @throws Exception if there is an error
955 */
956 public void save(Connection conn) throws Exception
957 {
958 throw new Exception("not implemented");
959 }
960
961 /***
962 * not implemented
963 *
964 * @param dbname the database name
965 * @throws Exception if there is an error
966 */
967 public void save(String dbname) throws Exception
968 {
969 throw new Exception("not implemented");
970 }
971
972 }