org.openpermis.subject.assignment.ldap
Class LdapController

java.lang.Object
  extended by org.openpermis.subject.assignment.RoleAssignmentController<T>
      extended by org.openpermis.subject.assignment.CachingRoleAssignmentController<LdapContext>
          extended by org.openpermis.subject.assignment.ldap.LdapController
All Implemented Interfaces:
SubjectIdentityNormalizer

public class LdapController
extends CachingRoleAssignmentController<LdapContext>

Controls file based role assignments contained in a local directory.

Reads all files in the directory and its sub directories. Writes new files to root directory, specified at construction time.

Since:
0.9.0

Constructor Summary
LdapController(String ldapUrl, String bindPrincipal, String bindPrincipalPassword, String ldapSearchBase, Decoder<LdapContext> decoder, Encoder encoder)
          Creates an ldap controller that controls ldap entries contained in the specified ldap server.
 
Method Summary
protected  void closeInitialLdapContext()
           
protected  LdapContext creatingNewContext(URI identity, URI issuer, Set<RoleDefinition> roles, Date validFrom, Date validTo)
          Creates a context for a role assignment.
protected  List<LdapContext> getContexts()
          Returns all contexts of this controller.
protected  byte[] readFromContext(LdapContext context)
          Reads the content of a context.
protected  void revokingAssignment(RoleAssignment<LdapContext> roleAssignment)
          Revoking the specified role assignment.
protected  void writeToContext(LdapContext context, byte[] content)
          Writes the a byte array into a context.
 
Methods inherited from class org.openpermis.subject.assignment.CachingRoleAssignmentController
createContext, issue, list, normalize, refresh, revoke
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LdapController

public LdapController(String ldapUrl,
                      String bindPrincipal,
                      String bindPrincipalPassword,
                      String ldapSearchBase,
                      Decoder<LdapContext> decoder,
                      Encoder encoder)
Creates an ldap controller that controls ldap entries contained in the specified ldap server.

If the encoder is null this controller supports only read operations.

Parameters:
ldapUrl - The LDAP URL. Example: "ldap://foo.host.com:389"
bindPrincipal - The distinguished name of the principal used to bind at the directory to perform the search. Use null as value to anonymously bind.
bindPrincipalPassword - The password of the principal to bind at the directory to perform the search. Use null as value to anonymously bind.
ldapSearchBase - The search base.
decoder - used to decode role assignments.
encoder - used to encode role assignments.
Since:
0.9.0
Method Detail

closeInitialLdapContext

protected void closeInitialLdapContext()
                                throws RoleAssignmentControllerException
Throws:
RoleAssignmentControllerException
Since:
0.9.0

writeToContext

protected void writeToContext(LdapContext context,
                              byte[] content)
                       throws RoleAssignmentControllerException
Description copied from class: CachingRoleAssignmentController
Writes the a byte array into a context.

Specified by:
writeToContext in class CachingRoleAssignmentController<LdapContext>
Parameters:
context - the context in which the byte array is written.
content - the byte array that gets written into the context.
Throws:
RoleAssignmentControllerException - signals that the assignment failed.
Since:
0.9.0

readFromContext

protected byte[] readFromContext(LdapContext context)
                          throws RoleAssignmentControllerException
Description copied from class: CachingRoleAssignmentController
Reads the content of a context.

Specified by:
readFromContext in class CachingRoleAssignmentController<LdapContext>
Parameters:
context - the context whose content is returned.
Returns:
the content of the context.
Throws:
RoleAssignmentControllerException - signals that the assignment failed.
Since:
0.9.0

getContexts

protected List<LdapContext> getContexts()
Description copied from class: CachingRoleAssignmentController
Returns all contexts of this controller.

Specified by:
getContexts in class CachingRoleAssignmentController<LdapContext>
Returns:
all contexts of this controller.
Since:
0.9.0

creatingNewContext

protected LdapContext creatingNewContext(URI identity,
                                         URI issuer,
                                         Set<RoleDefinition> roles,
                                         Date validFrom,
                                         Date validTo)
Description copied from class: CachingRoleAssignmentController
Creates a context for a role assignment.

Specified by:
creatingNewContext in class CachingRoleAssignmentController<LdapContext>
Parameters:
identity - holder of the role assignment.
issuer - the issuer of the role assignment.
roles - roles of the role assignment,
validFrom - the validity start of the role assignment.
validTo - the validity end of the role assignment.
Returns:
the context for the role assignment.
Since:
0.9.0

revokingAssignment

protected void revokingAssignment(RoleAssignment<LdapContext> roleAssignment)
                           throws RoleAssignmentControllerException
Description copied from class: CachingRoleAssignmentController
Revoking the specified role assignment.

Specified by:
revokingAssignment in class CachingRoleAssignmentController<LdapContext>
Parameters:
roleAssignment - the role assignment to revoke.
Throws:
RoleAssignmentControllerException - signals that the specified role assignment could not be revoked.
Since:
0.9.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG