public class SimpleCachedLDAPAuthorizationMap extends Object implements AuthorizationMap
Modifier and Type | Class and Description |
---|---|
protected class |
SimpleCachedLDAPAuthorizationMap.CachedLDAPAuthorizationMapNamespaceChangeListener
Listener implementation for directory changes that maps change events to destination types.
|
protected static class |
SimpleCachedLDAPAuthorizationMap.DestinationType |
protected static class |
SimpleCachedLDAPAuthorizationMap.PermissionType |
Modifier and Type | Field and Description |
---|---|
protected DirContext |
context |
protected Map<ActiveMQDestination,AuthorizationEntry> |
entries |
protected String |
groupClass |
Constructor and Description |
---|
SimpleCachedLDAPAuthorizationMap() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet() |
protected void |
applyACL(AuthorizationEntry entry,
SearchResult result,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Applies the policy from the directory to the given entry within the context of the provided permission type.
|
protected void |
applyAcl(AuthorizationEntry entry,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType,
Set<Object> acls)
Applies policy to the entry given the actual principals that will be applied to the policy entry.
|
protected void |
checkForUpdates()
Performs a check for updates from the server in the event that synchronous updates are enabled and are the
refresh interval has elapsed.
|
protected DirContext |
createContext() |
void |
destroy() |
protected ActiveMQDestination |
formatDestination(LdapName dn,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Parses a DN into the equivalent
ActiveMQDestination . |
protected ActiveMQDestination |
formatDestination(Rdn destinationName,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Parses RDN values representing the destination name/pattern and destination type into the equivalent
ActiveMQDestination . |
protected String |
formatDestinationName(Rdn destinationName)
Parses the RDN representing a destination name/pattern into the standard string representation of the
name/pattern.
|
Set<Object> |
getAdminACLs(ActiveMQDestination destination)
Provides synchronized access to the admin ACLs for the destinations as
AuthorizationEntry
is not setup for concurrent access. |
String |
getAdminPermissionGroupSearchFilter() |
String |
getAuthentication() |
String |
getConnectionPassword() |
String |
getConnectionProtocol() |
String |
getConnectionURL() |
String |
getConnectionUsername() |
protected AuthorizationEntry |
getEntry(DefaultAuthorizationMap map,
LdapName dn,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Retrieves or creates the
AuthorizationEntry that corresponds to the DN in dn . |
protected String |
getFilterForPermissionType(SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Returns the filter string for the given permission type.
|
String |
getGroupClass() |
String |
getGroupNameAttribute() |
String |
getGroupObjectClass() |
String |
getPermissionGroupMemberAttribute() |
protected int |
getPrefixLengthForDestinationType(SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
Returns the DN prefix size based on the given destination type.
|
String |
getQueueSearchBase() |
Set<Object> |
getReadACLs(ActiveMQDestination destination)
Provides synchronized access to the read ACLs for the destinations as
AuthorizationEntry is not setup for
concurrent access. |
String |
getReadPermissionGroupSearchFilter() |
int |
getRefreshInterval() |
Set<Object> |
getTempDestinationAdminACLs()
Provides synchronized and defensive access to the admin ACLs for temp destinations as the super implementation
returns live copies of the ACLs and
AuthorizationEntry is not setup for concurrent access. |
Set<Object> |
getTempDestinationReadACLs()
Provides synchronized and defensive access to the read ACLs for temp destinations as the super implementation
returns live copies of the ACLs and
AuthorizationEntry is not setup for concurrent access. |
Set<Object> |
getTempDestinationWriteACLs()
Provides synchronized and defensive access to the write ACLs for temp destinations as the super implementation
returns live copies of the ACLs and
AuthorizationEntry is not setup for concurrent access. |
String |
getTempSearchBase() |
String |
getTopicSearchBase() |
String |
getUserNameAttribute() |
String |
getUserObjectClass() |
Set<Object> |
getWriteACLs(ActiveMQDestination destination)
Provides synchronized access to the write ACLs for the destinations as
AuthorizationEntry is not setup
for concurrent access. |
String |
getWritePermissionGroupSearchFilter() |
protected boolean |
isContextAlive() |
boolean |
isLegacyGroupMapping() |
boolean |
isRefreshDisabled() |
void |
namingExceptionThrown(NamingExceptionEvent namingExceptionEvent)
Handler for exception events from the registry.
|
void |
objectAdded(NamingEvent namingEvent,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for new policy entries in the directory.
|
void |
objectChanged(NamingEvent namingEvent,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for changed policy entries in the directory.
|
void |
objectRemoved(NamingEvent namingEvent,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for removed policy entries in the directory.
|
void |
objectRenamed(NamingEvent namingEvent,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Handler for renamed policy entries in the directory.
|
protected DirContext |
open()
Returns the existing open context or creates a new one and registers listeners for push notifications if such an
update style is enabled.
|
protected void |
processQueryResults(DefaultAuthorizationMap map,
NamingEnumeration<SearchResult> results,
SimpleCachedLDAPAuthorizationMap.DestinationType destinationType,
SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
Processes results from a directory query in the context of a given destination type and permission type.
|
protected void |
query()
Queries the directory and initializes the policy based on the data in the directory.
|
void |
setAdminPermissionGroupSearchFilter(String adminPermissionGroupSearchFilter) |
void |
setAuthentication(String authentication) |
void |
setConnectionPassword(String connectionPassword) |
void |
setConnectionProtocol(String connectionProtocol) |
void |
setConnectionURL(String connectionURL) |
void |
setConnectionUsername(String connectionUsername) |
void |
setGroupClass(String groupClass) |
void |
setGroupNameAttribute(String groupNameAttribute) |
void |
setGroupObjectClass(String groupObjectClass) |
void |
setLegacyGroupMapping(boolean legacyGroupMapping) |
void |
setPermissionGroupMemberAttribute(String permissionGroupMemberAttribute) |
void |
setQueueSearchBase(String queueSearchBase) |
void |
setReadPermissionGroupSearchFilter(String readPermissionGroupSearchFilter) |
void |
setRefreshDisabled(boolean refreshDisabled) |
void |
setRefreshInterval(int refreshInterval) |
void |
setTempSearchBase(String tempSearchBase) |
void |
setTopicSearchBase(String topicSearchBase) |
void |
setUserNameAttribute(String userNameAttribute) |
void |
setUserObjectClass(String userObjectClass) |
void |
setWritePermissionGroupSearchFilter(String writePermissionGroupSearchFilter) |
protected <T> Set<T> |
transcribeSet(Set<T> source)
Transcribes an existing set into a new set.
|
protected void |
updated()
Marks the time at which the authorization state was last refreshed.
|
protected String groupClass
protected DirContext context
protected Map<ActiveMQDestination,AuthorizationEntry> entries
public SimpleCachedLDAPAuthorizationMap()
protected DirContext createContext() throws NamingException
NamingException
protected boolean isContextAlive()
protected DirContext open() throws NamingException
NamingException
- if there is an error setting things upprotected void query() throws Exception
Exception
- if there is an unrecoverable error processing the directory contentsprotected void processQueryResults(DefaultAuthorizationMap map, NamingEnumeration<SearchResult> results, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType) throws Exception
results
- the results to processdestinationType
- the type of the destination for which the directory results applypermissionType
- the type of the permission for which the directory results applyException
- if there is an error processing the resultsprotected void updated()
protected AuthorizationEntry getEntry(DefaultAuthorizationMap map, LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
AuthorizationEntry
that corresponds to the DN in dn
. This implementation
should not be invoked concurrently.map
- the DefaultAuthorizationMap to operate on.dn
- the DN representing the policy entry in the directorydestinationType
- the type of the destination to get/create the entry forIllegalArgumentException
- if destination type is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE
, SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC
,
SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP
or if the policy entry DN is malformedprotected void applyACL(AuthorizationEntry entry, SearchResult result, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType) throws NamingException
entry
- the policy entry to apply the policy toresult
- the results from the directory to apply to the policy entrypermissionType
- the permission type of the data in the directoryNamingException
- if there is an error applying the ACLprotected void applyAcl(AuthorizationEntry entry, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType, Set<Object> acls)
entry
- the policy entry to which the policy should be appliedpermissionType
- the type of the permission that the policy will be applied toacls
- the principals that represent the actual policyprotected ActiveMQDestination formatDestination(LdapName dn, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
ActiveMQDestination
. The default implementation expects a format of
cn=cn=admin,ou=$,ou=...
or ou=$,ou=...
.dn
- the DN to parsedestinationType
- the type of the destination that we are parsingIllegalArgumentException
- if destinationType
is SimpleCachedLDAPAuthorizationMap.DestinationType.TEMP
or if the format of dn
is
incorrect for for a topic or queueformatDestination(Rdn, DestinationType)
protected ActiveMQDestination formatDestination(Rdn destinationName, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
ActiveMQDestination
.destinationName
- the RDN representing the name or pattern for the destinationdestinationType
- the type of the destinationIllegalArgumentException
- if destinationType
is not one of SimpleCachedLDAPAuthorizationMap.DestinationType.TOPIC
or
SimpleCachedLDAPAuthorizationMap.DestinationType.QUEUE
.formatDestinationName(Rdn)
,
formatDestination(LdapName, DestinationType)
protected String formatDestinationName(Rdn destinationName)
destinationName
- the RDN representing the name or pattern for the destination#formatDestination(Rdn, Rdn)
protected <T> Set<T> transcribeSet(Set<T> source)
source
- the source set or null
source
or null
if source
is
null
protected String getFilterForPermissionType(SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
IllegalArgumentException
- if permissionType
is not supportedsetAdminPermissionGroupSearchFilter(String)
,
setReadPermissionGroupSearchFilter(String)
,
setWritePermissionGroupSearchFilter(String)
protected int getPrefixLengthForDestinationType(SimpleCachedLDAPAuthorizationMap.DestinationType destinationType)
IllegalArgumentException
- if destinationType
is not supportedsetQueueSearchBase(String)
,
setTopicSearchBase(String)
,
setTempSearchBase(String)
protected void checkForUpdates()
public Set<Object> getTempDestinationAdminACLs()
AuthorizationEntry
is not setup for concurrent access.getTempDestinationAdminACLs
in interface AuthorizationMap
public Set<Object> getTempDestinationReadACLs()
AuthorizationEntry
is not setup for concurrent access.getTempDestinationReadACLs
in interface AuthorizationMap
public Set<Object> getTempDestinationWriteACLs()
AuthorizationEntry
is not setup for concurrent access.getTempDestinationWriteACLs
in interface AuthorizationMap
public Set<Object> getAdminACLs(ActiveMQDestination destination)
AuthorizationEntry
is not setup for concurrent access.getAdminACLs
in interface AuthorizationMap
public Set<Object> getReadACLs(ActiveMQDestination destination)
AuthorizationEntry
is not setup for
concurrent access.getReadACLs
in interface AuthorizationMap
public Set<Object> getWriteACLs(ActiveMQDestination destination)
AuthorizationEntry
is not setup
for concurrent access.getWriteACLs
in interface AuthorizationMap
public void objectAdded(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
namingEvent
- the new entry event that occurreddestinationType
- the type of the destination to which the event appliespermissionType
- the permission type to which the event appliespublic void objectRemoved(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
namingEvent
- the removed entry event that occurreddestinationType
- the type of the destination to which the event appliespermissionType
- the permission type to which the event appliespublic void objectRenamed(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
namingEvent
- the renaming entry event that occurreddestinationType
- the type of the destination to which the event appliespermissionType
- the permission type to which the event appliespublic void objectChanged(NamingEvent namingEvent, SimpleCachedLDAPAuthorizationMap.DestinationType destinationType, SimpleCachedLDAPAuthorizationMap.PermissionType permissionType)
namingEvent
- the changed entry event that occurreddestinationType
- the type of the destination to which the event appliespermissionType
- the permission type to which the event appliespublic void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent)
namingExceptionEvent
- the exception eventpublic void afterPropertiesSet() throws Exception
Exception
public String getConnectionURL()
public void setConnectionURL(String connectionURL)
public String getConnectionUsername()
public void setConnectionUsername(String connectionUsername)
public String getConnectionPassword()
public void setConnectionPassword(String connectionPassword)
public String getConnectionProtocol()
public void setConnectionProtocol(String connectionProtocol)
public String getAuthentication()
public void setAuthentication(String authentication)
public String getQueueSearchBase()
public void setQueueSearchBase(String queueSearchBase)
public String getTopicSearchBase()
public void setTopicSearchBase(String topicSearchBase)
public String getTempSearchBase()
public void setTempSearchBase(String tempSearchBase)
public String getPermissionGroupMemberAttribute()
public void setPermissionGroupMemberAttribute(String permissionGroupMemberAttribute)
public String getAdminPermissionGroupSearchFilter()
public void setAdminPermissionGroupSearchFilter(String adminPermissionGroupSearchFilter)
public String getReadPermissionGroupSearchFilter()
public void setReadPermissionGroupSearchFilter(String readPermissionGroupSearchFilter)
public String getWritePermissionGroupSearchFilter()
public void setWritePermissionGroupSearchFilter(String writePermissionGroupSearchFilter)
public boolean isLegacyGroupMapping()
public void setLegacyGroupMapping(boolean legacyGroupMapping)
public String getGroupObjectClass()
public void setGroupObjectClass(String groupObjectClass)
public String getUserObjectClass()
public void setUserObjectClass(String userObjectClass)
public String getGroupNameAttribute()
public void setGroupNameAttribute(String groupNameAttribute)
public String getUserNameAttribute()
public void setUserNameAttribute(String userNameAttribute)
public boolean isRefreshDisabled()
public void setRefreshDisabled(boolean refreshDisabled)
public int getRefreshInterval()
public void setRefreshInterval(int refreshInterval)
public String getGroupClass()
public void setGroupClass(String groupClass)
Copyright © 2005–2016 The Apache Software Foundation. All rights reserved.