Examples of com.esri.gpt.framework.security.principal.Groups

• com.esri.gpt.framework.security.principal.Groups
  Defines a Group collection.

 * @throws SQLException if a database communication exception occurs
 */
private void removeUserFromGroups(User user)
  throws CredentialPolicyException, IdentityException, NamingException, SQLException {
  try {
    Groups grps = user.getGroups();
    for(Group g : grps.values()){
      removeUserFromGroup(user, g.getDistinguishedName());
    }

  } finally {
  }

  getQueryFunctions().readUserProfile(dirContext,user);
  user.setName(user.getProfile().getUsername());

  // read groups, set authenticated roles
  getQueryFunctions().readUserGroups(dirContext,user);
  Groups userGroups = user.getGroups();
  Roles configuredRoles = getConfiguration().getIdentityConfiguration().getConfiguredRoles();
  RoleSet authenticatedRoles = user.getAuthenticationStatus().getAuthenticatedRoles();
  for (Role role: configuredRoles.values()) {
    if (userGroups.containsKey(role.getDistinguishedName())) {
      authenticatedRoles.addAll(role.getFullRoleSet());
    }
  }
  user.getAuthenticationStatus().setWasAuthenticated(true);

  // ensure membership if a targeted metadata management group was specified
  if (targetedGroupDN.length() > 0) {
    if (!userGroups.containsKey(targetedGroupDN)) {
      user.getAuthenticationStatus().reset();
      throw new AuthenticationException("Invalid credentials, not a member of the supplied group.");
    }
  }

    String sUsername = credentials.getUsername();

    // check for a metadata management login: username@@group
    int nIdx = sUsername.indexOf("@@");
    if (nIdx != -1) {
      Groups mmGroups = getConfiguration().getIdentityConfiguration().getMetadataManagementGroups();
      if ((mmGroups != null) && (mmGroups.size() > 0)) {
        String sMmUser = Val.chkStr(sUsername.substring(0,nIdx));
        String sMmGroup = Val.chkStr(sUsername.substring(nIdx+2));
        if ((sMmUser.length() > 0) && (sMmGroup.length() > 0)) {
          for (Group group: mmGroups.values()) {
            if (sMmGroup.equalsIgnoreCase(group.getName())) {
              sUsername = sMmUser;
              credentials.setTargetedGroupDN(group.getDistinguishedName());
            }
          }

 * @param filter the group search filter for ldap
 * @return the list of groups matching filter
 * @throws NamingException if an LDAP naming exception occurs
 */
protected Groups readGroups(DirContext dirContext,String filter) throws NamingException{
  Groups groups = new Groups();
  NamingEnumeration<SearchResult> enSearch = null;
  try{
    LdapGroupProperties groupProps = getConfiguration().getGroupProperties();
    String sNameAttribute = groupProps.getGroupDisplayNameAttribute();
      String sBaseDN = groupProps.getGroupSearchDIT();
      String sFilter = groupProps.returnGroupNameSearchFilter(filter);
      SearchControls controls = new SearchControls();
      controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      if (sNameAttribute.length() > 0) {
        String[] aReturn = new String[1];
        aReturn[0] = sNameAttribute;
        controls.setReturningAttributes(aReturn);
      }

      enSearch = dirContext.search(sBaseDN,sFilter,controls);
      try {
        while (enSearch.hasMore()) {
          SearchResult result = (SearchResult)enSearch.next();
          String sDN = buildFullDN(result.getName(),sBaseDN);
          if (sDN.length() > 0) {
            String sName = "";
            if (sNameAttribute.length() > 0) {
              Attribute attrName = result.getAttributes().get(sNameAttribute);
              if ((attrName != null) && (attrName.size() > 0)) {
                sName = Val.chkStr(attrName.get(0).toString());
              }
            }

              Group group = new Group();
              group.setDistinguishedName(sDN);
              group.setKey(group.getDistinguishedName());
              group.setName(sName);
              groups.add(group);
          }
        }
      } catch (PartialResultException pre) {
        LogUtil.getLogger().finer(pre.toString());
      } catch (LimitExceededException lee) {

   * Builds the list of candidate access.
   * @param context the active request context
   */
  public void buildAllGroups(RequestContext context) {
    _list.clear();
    Groups groups = Publisher.buildSelectableGroups(context);
    for (Group g : groups.values()) {
      _list.add(new SelectItem(g.getKey(), g.getName()));
    }
  }

  /*User selectableUser = new User();
    selectableUser.setDistinguishedName("*");
    idAdapter.readUserGroups(selectableUser);
    selectableGroups = selectableUser.getGroups();*/

  Groups groups = idAdapter.readGroups(filter);
  for (Group g : groups.values()){
    if(isAddAttributeRequest){
      try{
        idAdapter.addAttribute(g.getDistinguishedName(), attributeName, attributeValue);
      }catch(AttributeInUseException aiue){
        // TODO : do nothing if attribute exists ? or overwrite ?

  usersJson += " ] , ";

  usersJson += " \"userDn\" : \"" + user.getDistinguishedName() + " \" , ";

  String groupsJson = " \"groups\" : [";
  Groups groups = user.getGroups();
  groups.sort();
  boolean firstGroup = true;
  for (Group group : groups.values()) {
    String gkey = Val.chkStr(group.getKey());
    String name = Val.chkStr(group.getName());
    String dn = Val.chkStr(group.getDistinguishedName());
    if(!firstGroup) {
      groupsJson += ",";
    }else{
      firstGroup = false;
    }
    groupsJson += " { \"key\" : \"" + Val.escapeStrForJson(gkey) + "\" , \"name\" : \"" + Val.escapeStrForJson(name) + "\" , \"dn\" : \"" + Val.escapeStrForJson(dn) + "\" }";
  }
  groupsJson += " ] , ";

  String rolesJson = " \"selectableRoles\" : [";
  Roles roles = buildSelectableRoles(context);
  sortedKeys=new ArrayList<String>(roles.keySet());
  Collections.sort(sortedKeys);
  boolean firstRole = true;
  for(int i=0; i <sortedKeys.size(); i++){
    Role role = roles.get(sortedKeys.get(i));
    String roleDn = Val.chkStr(role.getDistinguishedName());
    String roleKey = Val.chkStr(role.getKey());
    String roleName = msgBroker.retrieveMessage(Val.chkStr(role.getResKey()));
    if(!role.isManage()) continue;
    boolean hasRole = false;
    for (Group group : groups.values()){
      String groupDn = Val.chkStr(group.getDistinguishedName());
      if(roleDn.equals(groupDn)){
        hasRole = true;
        break;
      }

 * @param groupDn group distingushed name
 * @return true if managed user role is same as groupDn
 */
protected boolean checkRole(User user,String groupDn){
  boolean isSelf = false;
  Groups groups = user.getGroups();
  for (Group group : groups.values()){
    String dn = Val.chkStr(group.getDistinguishedName());
    if(dn.equals(groupDn)){
      isSelf = true;
      break;
    }

  }

  // check for an assign Acl request
  if (sAction.equalsIgnoreCase("assignAcl")) {
    ArrayList<String> acl = getActionCriteria().getMetadataAccessPolicy();
    Groups groups = Publisher.buildSelectableGroups(getRequestContext());
    // if (acl != null && acl.size() > 0) {
    executeAssignAcl(adminDao, uuids, groups, acl);
    // }
  }

  }

  // check for an assign Acl request
  if (sAction.equalsIgnoreCase("assignAcl")) {
    ArrayList<String> selectedGroups = getActionCriteria().getMetadataAccessPolicy();
    Groups groups = Publisher.buildSelectableGroups(getRequestContext());
    if (selectedGroups != null && selectedGroups.size() > 0) {
      MetadataAcl acl = new MetadataAcl(getRequestContext());
      nRows = adminDao.updateAcl(getPublisher(), queryCriteria, acl.buildAclGroups(groups, selectedGroups));
    } else {
      nRows = adminDao.updateAcl(getPublisher(), queryCriteria, null);