Source code

001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Arnaud Kervern
018 */
019
020package org.nuxeo.ecm.platform.shibboleth;
021
022import java.io.Serializable;
023import java.util.HashMap;
024import java.util.HashSet;
025import java.util.List;
026import java.util.Map;
027
028import org.nuxeo.ecm.core.api.CoreSession;
029import org.nuxeo.ecm.core.api.DocumentModel;
030import org.nuxeo.ecm.core.api.DocumentModelComparator;
031import org.nuxeo.ecm.core.api.DocumentModelList;
032import org.nuxeo.ecm.core.api.model.InvalidPropertyValueException;
033import org.nuxeo.ecm.directory.Directory;
034import org.nuxeo.ecm.directory.Reference;
035import org.nuxeo.ecm.directory.Session;
036import org.nuxeo.ecm.directory.api.DirectoryService;
037import org.nuxeo.ecm.platform.shibboleth.computedgroups.ELGroupComputerHelper;
038import org.nuxeo.ecm.platform.usermanager.UserManager;
039import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException;
040import org.nuxeo.runtime.api.Framework;
041
042public class ShibbolethGroupHelper {
043
044    private ShibbolethGroupHelper() {
045        // Helper class
046    }
047
048    protected static DirectoryService getDirectoryService() {
049        return Framework.getService(DirectoryService.class);
050    }
051
052    protected static UserManager getUserManager() {
053        return Framework.getService(UserManager.class);
054    }
055
056    public static DocumentModel getBareGroupModel(CoreSession core) {
057        return core.createDocumentModel(ShibbolethConstants.SHIBBOLETH_DOCTYPE);
058    }
059
060    public static DocumentModel createGroup(DocumentModel group) {
061        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
062            if (session.hasEntry(group.getPropertyValue(
063                    ShibbolethConstants.SHIBBOLETH_SCHEMA + ":" + ShibbolethConstants.GROUP_ID_PROPERTY).toString())) {
064                throw new GroupAlreadyExistsException();
065            }
066
067            checkExpressionLanguageValidity(group);
068
069            group = session.createEntry(group);
070            return group;
071        }
072    }
073
074    public static DocumentModel getGroup(String groupName) {
075        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
076            return session.getEntry(groupName);
077        }
078    }
079
080    public static void updateGroup(DocumentModel group) {
081        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
082            checkExpressionLanguageValidity(group);
083
084            session.updateEntry(group);
085        }
086    }
087
088    public static void deleteGroup(DocumentModel group) {
089        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
090            session.deleteEntry(group);
091        }
092    }
093
094    /**
095     * Query the group directory to find if shibbGroupName is used in a subGroup field.
096     *
097     * @param shibbGroupName name of the desired groupe
098     * @return a DocumentList representing the groups matching the query
099     */
100    public static List<String> getParentsGroups(String shibbGroupName) {
101        Directory dir = getDirectoryService().getDirectory(getUserManager().getGroupDirectoryName());
102
103        Reference subGroups = dir.getReference(getUserManager().getGroupSubGroupsField());
104        List<String> ret = subGroups.getSourceIdsForTarget(shibbGroupName);
105        return ret;
106    }
107
108    public static DocumentModelList getGroups() {
109        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
110            return session.getEntries();
111        }
112    }
113
114    public static DocumentModelList searchGroup(String fullText) {
115        try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) {
116            Map<String, Serializable> filters = new HashMap<String, Serializable>();
117            if (fullText != null && !"".equals(fullText)) {
118                filters.put(ShibbolethConstants.GROUP_ID_PROPERTY, fullText);
119            }
120
121            Map<String, String> orderBy = new HashMap<String, String>();
122            orderBy.put(ShibbolethConstants.GROUP_ID_PROPERTY, DocumentModelComparator.ORDER_ASC);
123            return session.query(filters, new HashSet<String>(filters.keySet()), orderBy);
124        }
125    }
126
127    protected static void checkExpressionLanguageValidity(DocumentModel group) {
128        String expressionLanguage = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":"
129                + ShibbolethConstants.GROUP_EL_PROPERTY);
130        if (!ELGroupComputerHelper.isValidEL(expressionLanguage)) {
131            throw new InvalidPropertyValueException(expressionLanguage + " : is not a valid expression language");
132        }
133    }
134
135}