Examples of com.esri.gpt.framework.security.identity.ldap.LdapConfiguration

    Node root) throws XPathExpressionException {


  // prepare
  XPath xpath = XPathFactory.newInstance().newXPath();
  IdentityConfiguration idConfig = appConfig.getIdentityConfiguration();
  LdapConfiguration ldapConfig = idConfig.getLdapConfiguration();
  Node ndIdentity = (Node) xpath.evaluate("identity", root, XPathConstants.NODE);
  if (ndIdentity == null) {
    return;
  }


  // primary parameters
  String sName = Val.chkStr(xpath.evaluate("@name", ndIdentity));
  String sRealm = Val.chkStr(xpath.evaluate("@realm", ndIdentity));
  String sEncKey = Val.chkStr(xpath.evaluate("@encKey", ndIdentity));
  String sAdapterClass = Val.chkStr(xpath.evaluate("@adapterClassName", ndIdentity));
  if (sName.length() == 0) {
    sName = "Identity Configuration";
  }
  if (sRealm.length() == 0) {
    sRealm = "Geoportal";
  }
  if (sAdapterClass.length() == 0) {
    sAdapterClass = "com.esri.gpt.framework.security.identity.ldap.LdapIdentityAdapter";
  }
  idConfig.setName(sName);
  idConfig.setRealm(sRealm);
  idConfig.setEncKey(sEncKey);


  // determine the adapter
  Node ndSimple = (Node) xpath.evaluate("simpleAdapter", ndIdentity, XPathConstants.NODE);
  Node ndLdap = (Node) xpath.evaluate("ldapAdapter", ndIdentity, XPathConstants.NODE);
  if (ndSimple != null) {
    ndLdap = null;
    sAdapterClass = "com.esri.gpt.framework.security.identity.local.SimpleIdentityAdapter";
  }
  idConfig.setAdapterClassName(sAdapterClass);


  // simple adapter configuration
  if (ndSimple != null) {


    // account
    Node ndAccount = (Node) xpath.evaluate("account", ndSimple, XPathConstants.NODE);
    if (ndAccount != null) {
      String sUser = xpath.evaluate("@username", ndAccount);
      String sPwd = xpath.evaluate("@password", ndAccount);
      String sDN = "cn=" + sUser + ",ou=simpleadapter";
      boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndAccount),
          false);
      if (bEncrypted) {
        try {
          String sDecrypted = PC1_Encryptor.decrypt(sPwd);
          sPwd = sDecrypted;
        } catch (Exception e) {
          this.getLogger().log(Level.SEVERE,
              "The simple account password failed to decrypt.", e);
        }
      }
      UsernamePasswordCredentials creds = new UsernamePasswordCredentials( sUser, sPwd);
      creds.setDistinguishedName(sDN);
      idConfig.setCatalogAdminDN(creds.getDistinguishedName());
      idConfig.getSimpleConfiguration().setServiceAccountCredentials(creds);
    }


    // roles
    Node ndRoles = (Node) xpath.evaluate("roles", ndSimple, XPathConstants.NODE);
    if (ndRoles != null) {
      Roles roles = idConfig.getConfiguredRoles();
      NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles, XPathConstants.NODESET);
      for (int i = 0; i < nlRoles.getLength(); i++) {
        Node ndRole = nlRoles.item(i);
        Role role = new Role();
        role.setKey(xpath.evaluate("@key", ndRole));
        roles.add(role);
      }
      for (Role role : roles.values()) {
        role.buildFullRoleSet(roles);
      }
    }


  }


  // LDAP adapter configuration
  if (ndLdap != null) {


    // connection properties & service account
    Node ndCon = (Node) xpath.evaluate("ldapConnectionProperties", ndLdap,
        XPathConstants.NODE);
    if (ndCon != null) {
      LdapConnectionProperties props = ldapConfig.getConnectionProperties();
      props.setProviderUrl(xpath.evaluate("@providerURL", ndCon));
      props.setInitialContextFactoryName(xpath.evaluate(
          "@initialContextFactoryName", ndCon));
      props.setSecurityAuthenticationLevel(xpath.evaluate(
          "@securityAuthentication", ndCon));
      props.setSecurityProtocol(xpath.evaluate("@securityProtocol", ndCon));


      Node ndService = (Node) xpath.evaluate("ldapServiceAccount", ndCon, XPathConstants.NODE);
      if (ndService != null) {
        String sUser = xpath.evaluate("@securityPrincipal", ndService);
        String sPwd = xpath.evaluate("@securityCredentials", ndService);
        boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndService), false);
        if (bEncrypted) {
          try {
            String sDecrypted = PC1_Encryptor.decrypt(sPwd);
            sPwd = sDecrypted;
          } catch (Exception e) {
            this.getLogger().log(Level.SEVERE, "The securityCredentials failed to decrypt.", e);
          }
        }
        UsernamePasswordCredentials creds = new UsernamePasswordCredentials(sUser, sPwd);
        props.setServiceAccountCredentials(creds);
        idConfig.setCatalogAdminDN(xpath.evaluate("@catalogAdminDN", ndService));
      }
    }


    // single sign-on mechanism
    Node ndSSO = (Node) xpath.evaluate("singleSignOn", ndLdap,
        XPathConstants.NODE);
    if (ndSSO != null) {
      SingleSignOnMechanism sso = idConfig.getSingleSignOnMechanism();
      sso.setActive(Val.chkBool(xpath.evaluate("@active", ndSSO), false));
      sso.setCredentialLocation(xpath.evaluate("@credentialLocation", ndSSO));
      sso.setAnonymousValue(xpath.evaluate("@anonymousValue", ndSSO));
    }


    // self care support
    Node ndSupport = (Node) xpath.evaluate("selfCareSupport", ndLdap,
        XPathConstants.NODE);
    if (ndSupport != null) {
      IdentitySupport support = idConfig.getSupportedFunctions();
      support.setSupportsLogin(Val.chkBool(xpath.evaluate("@supportsLogin",
          ndSupport), true));
      support.setSupportsLogout(Val.chkBool(xpath.evaluate("@supportsLogout",
          ndSupport), true));
      support.setSupportsUserRegistration(Val.chkBool(xpath.evaluate(
          "@supportsUserRegistration", ndSupport), false));
      support.setSupportsUserProfileManagement(Val.chkBool(xpath.evaluate(
          "@supportsUserProfileManagement", ndSupport), false));
      support.setSupportsPasswordChange(Val.chkBool(xpath.evaluate(
          "@supportsPasswordChange", ndSupport), false));
      support.setSupportsPasswordRecovery(Val.chkBool(xpath.evaluate(
          "@supportsPasswordRecovery", ndSupport), false));
    }


    // roles
    Node ndRoles = (Node) xpath.evaluate("roles", ndLdap, XPathConstants.NODE);
    if (ndRoles != null) {
      Roles roles = idConfig.getConfiguredRoles();
      String sRegUserKey = Val.chkStr(xpath.evaluate("@registeredUserRoleKey",
          ndRoles));
      if (sRegUserKey.length() == 0) {
        sRegUserKey = "gptRegisteredUser";
      }
      roles.setAuthenticatedUserRequiresRole(Val.chkBool(xpath.evaluate(
          "@authenticatedUserRequiresRole", ndRoles), true));
      roles.setRegisteredUserRoleKey(sRegUserKey);
                 
      NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles,
          XPathConstants.NODESET);
      for (int i = 0; i < nlRoles.getLength(); i++) {
        Node ndRole = nlRoles.item(i);
        Role role = new Role();
        role.setKey(xpath.evaluate("@key", ndRole));
        role.setInherits(xpath.evaluate("@inherits", ndRole));
        role.setResKey(xpath.evaluate("@resKey", ndRole));
        role.setManage(Val.chkBool(xpath.evaluate("@manage", ndRole),true));
        role.setForbidden(Val.chkBool(xpath.evaluate("@forbidden", ndRole),false));
        role.setDistinguishedName(xpath.evaluate("@groupDN", ndRole));
        roles.add(role);
      }
      for (Role role : roles.values()) {
        role.buildFullRoleSet(roles);
      }
    }


    // user properties
    Node ndUser = (Node) xpath.evaluate("users", ndLdap, XPathConstants.NODE);
    if (ndUser != null) {
      LdapUserProperties props = ldapConfig.getUserProperties();
      props.setUserDisplayNameAttribute(xpath.evaluate("@displayNameAttribute",
          ndUser));
      props.setPasswordEncryptionAlgorithm(xpath.evaluate(
          "@passwordEncryptionAlgorithm", ndUser));
      props.setUserDNPattern(xpath.evaluate("@newUserDNPattern", ndUser));
      props.setUsernameSearchPattern(xpath.evaluate("@usernameSearchPattern",
          ndUser));
      
      props.setUserRequestsSearchPattern(xpath.evaluate("@newUserRequestSearchPattern",
              ndUser));
      
      props.setUserSearchDIT(xpath.evaluate("@searchDIT", ndUser));
      NodeList nlObj = (NodeList) xpath.evaluate(
          "requiredObjectClasses/objectClass/@name", ndUser,
          XPathConstants.NODESET);
      for (int i = 0; i < nlObj.getLength(); i++) {
        props.addUserObjectClass(nlObj.item(i).getNodeValue());
      }
    }


    // user profile parameters
    UserAttributeMap uaMap = idConfig.getUserAttributeMap();
    NodeList nlUserAttr = (NodeList) xpath.evaluate(
        "users/userAttributeMap/attribute", ndLdap, XPathConstants.NODESET);
    for (int i = 0; i < nlUserAttr.getLength(); i++) {
      UserAttribute attr = new UserAttribute();
      attr.setKey(xpath.evaluate("@key", nlUserAttr.item(i)));
      attr.setLdapName(xpath.evaluate("@ldapName", nlUserAttr.item(i)));


      // TODO: need to do a better check to filter out badly defined
      // parameters
      boolean bIsLdap = (idConfig.getAdapterClassName().indexOf("Ldap") != -1);
      if (bIsLdap && (attr.getLdapName().length() > 0)) {
        uaMap.add(attr);
      }
    }
    ldapConfig.getUserProperties().getUserProfileMapping().configureFromUserAttributes(uaMap);


    // group properties
    Node ndGroup = (Node) xpath.evaluate("groups", ndLdap, XPathConstants.NODE);
    if (ndGroup != null) {
      LdapGroupProperties props = ldapConfig.getGroupProperties();
      props.setGroupDisplayNameAttribute(xpath.evaluate(
          "@displayNameAttribute", ndGroup));
      props.setGroupDynamicMemberAttribute(xpath.evaluate(
          "@dynamicMemberOfGroupsAttribute", ndGroup));
      props.setGroupDynamicMembersAttribute(xpath.evaluate(
Examples of com.esri.gpt.framework.security.identity.ldap.LdapConfiguration

Related Classes of com.esri.gpt.framework.security.identity.ldap.LdapConfiguration
