001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Arnaud Kervern 018 */ 019 020package org.nuxeo.ecm.platform.shibboleth; 021 022import java.io.Serializable; 023import java.util.HashMap; 024import java.util.HashSet; 025import java.util.List; 026import java.util.Map; 027 028import org.nuxeo.ecm.core.api.CoreSession; 029import org.nuxeo.ecm.core.api.DocumentModel; 030import org.nuxeo.ecm.core.api.DocumentModelComparator; 031import org.nuxeo.ecm.core.api.DocumentModelList; 032import org.nuxeo.ecm.core.api.model.InvalidPropertyValueException; 033import org.nuxeo.ecm.directory.Directory; 034import org.nuxeo.ecm.directory.Reference; 035import org.nuxeo.ecm.directory.Session; 036import org.nuxeo.ecm.directory.api.DirectoryService; 037import org.nuxeo.ecm.platform.shibboleth.computedgroups.ELGroupComputerHelper; 038import org.nuxeo.ecm.platform.usermanager.UserManager; 039import org.nuxeo.ecm.platform.usermanager.exceptions.GroupAlreadyExistsException; 040import org.nuxeo.runtime.api.Framework; 041 042public class ShibbolethGroupHelper { 043 044 private ShibbolethGroupHelper() { 045 // Helper class 046 } 047 048 protected static DirectoryService getDirectoryService() { 049 return Framework.getService(DirectoryService.class); 050 } 051 052 protected static UserManager getUserManager() { 053 return Framework.getService(UserManager.class); 054 } 055 056 public static DocumentModel getBareGroupModel(CoreSession core) { 057 return core.createDocumentModel(ShibbolethConstants.SHIBBOLETH_DOCTYPE); 058 } 059 060 public static DocumentModel createGroup(DocumentModel group) { 061 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 062 if (session.hasEntry(group.getPropertyValue( 063 ShibbolethConstants.SHIBBOLETH_SCHEMA + ":" + ShibbolethConstants.GROUP_ID_PROPERTY).toString())) { 064 throw new GroupAlreadyExistsException(); 065 } 066 067 checkExpressionLanguageValidity(group); 068 069 group = session.createEntry(group); 070 return group; 071 } 072 } 073 074 public static DocumentModel getGroup(String groupName) { 075 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 076 return session.getEntry(groupName); 077 } 078 } 079 080 public static void updateGroup(DocumentModel group) { 081 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 082 checkExpressionLanguageValidity(group); 083 084 session.updateEntry(group); 085 } 086 } 087 088 public static void deleteGroup(DocumentModel group) { 089 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 090 session.deleteEntry(group); 091 } 092 } 093 094 /** 095 * Query the group directory to find if shibbGroupName is used in a subGroup field. 096 * 097 * @param shibbGroupName name of the desired groupe 098 * @return a DocumentList representing the groups matching the query 099 */ 100 public static List<String> getParentsGroups(String shibbGroupName) { 101 Directory dir = getDirectoryService().getDirectory(getUserManager().getGroupDirectoryName()); 102 103 Reference subGroups = dir.getReference(getUserManager().getGroupSubGroupsField()); 104 List<String> ret = subGroups.getSourceIdsForTarget(shibbGroupName); 105 return ret; 106 } 107 108 public static DocumentModelList getGroups() { 109 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 110 return session.getEntries(); 111 } 112 } 113 114 public static DocumentModelList searchGroup(String fullText) { 115 try (Session session = getDirectoryService().open(ShibbolethConstants.SHIBBOLETH_DIRECTORY)) { 116 Map<String, Serializable> filters = new HashMap<>(); 117 if (fullText != null && !"".equals(fullText)) { 118 filters.put(ShibbolethConstants.GROUP_ID_PROPERTY, fullText); 119 } 120 121 Map<String, String> orderBy = new HashMap<>(); 122 orderBy.put(ShibbolethConstants.GROUP_ID_PROPERTY, DocumentModelComparator.ORDER_ASC); 123 return session.query(filters, new HashSet<>(filters.keySet()), orderBy); 124 } 125 } 126 127 protected static void checkExpressionLanguageValidity(DocumentModel group) { 128 String expressionLanguage = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":" 129 + ShibbolethConstants.GROUP_EL_PROPERTY); 130 if (!ELGroupComputerHelper.isValidEL(expressionLanguage)) { 131 throw new InvalidPropertyValueException(expressionLanguage + " : is not a valid expression language"); 132 } 133 } 134 135}