Package org.apache.manifoldcf.authorities.authorities.activedirectory

Class ActiveDirectoryAuthority

  • All Implemented Interfaces:
    org.apache.manifoldcf.authorities.interfaces.IAuthorityConnector, org.apache.manifoldcf.core.interfaces.IConnector
    public class ActiveDirectoryAuthority
extends org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector
    This is the Active Directory implementation of the IAuthorityConnector interface. Access tokens for this connector are simple SIDs, except for the "global deny" token, which is designed to allow the authority to shut off access to all authorized documents when the user is unrecognized or the domain controller does not respond.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String _rcsid  
      protected static org.apache.manifoldcf.core.interfaces.StringSet emptyStringSet  

      • Fields inherited from class org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector

        RESPONSE_UNREACHABLE, RESPONSE_UNREACHABLE_ADDITIVE, RESPONSE_USERNOTFOUND, RESPONSE_USERNOTFOUND_ADDITIVE, RESPONSE_USERUNAUTHORIZED, RESPONSE_USERUNAUTHORIZED_ADDITIVE

      • Fields inherited from class org.apache.manifoldcf.core.connector.BaseConnector

        currentContext, params

      • Fields inherited from interface org.apache.manifoldcf.authorities.interfaces.IAuthorityConnector

        GLOBAL_DENY_TOKEN

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected static void addDomainController​(java.util.Set<java.lang.String> seenDomains, org.apache.manifoldcf.core.interfaces.ConfigParams parameters, java.lang.String suffix, java.lang.String domainControllerName, java.lang.String userName, java.lang.String password, java.lang.String authentication, java.lang.String userACLsUsername)  
      java.lang.String check()
      Check connection for sanity.
      void clearThreadContext()
      Clear thread context.
      void connect​(org.apache.manifoldcf.core.interfaces.ConfigParams configParams)
      Connect.
      protected javax.naming.ldap.LdapContext createDCSession​(java.lang.String domainController)
      Create or lookup a session for a domain controller.
      protected static java.util.Map<java.lang.String,​java.lang.String> createDomainControllerMap​(org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper, java.lang.String suffix, java.lang.String domainControllerName, java.lang.String userName, java.lang.String password, java.lang.String authentication, java.lang.String userACLsUsername)  
      protected static java.lang.String deobfuscate​(java.lang.String input)  
      void disconnect()
      Close the connection.
      protected static void fillInACLsTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext, org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper, org.apache.manifoldcf.core.interfaces.ConfigParams parameters)  
      protected static void fillInCacheTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext, org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper, org.apache.manifoldcf.core.interfaces.ConfigParams parameters)  
      protected static void fillInDomainControllerTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext, org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper, org.apache.manifoldcf.core.interfaces.ConfigParams parameters)  
      org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getAuthorizationResponse​(java.lang.String userName)
      Obtain the access tokens for a given user name.
      protected org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getAuthorizationResponseUncached​(java.lang.String userName)
      Obtain the access tokens for a given user name, uncached.
      org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getDefaultAuthorizationResponse​(java.lang.String userName)
      Obtain the default access tokens for a given user name.
      protected java.lang.String getDistinguishedName​(javax.naming.ldap.LdapContext ctx, java.lang.String userName, java.lang.String searchBase, java.lang.String userACLsUsername)
      Obtain the DistinguishedName for a given user logon name.
      protected void getSessionParameters()
      Get parameters needed for caching.
      boolean isConnected()
      This method is called to assess whether to count this connector instance should actually be counted as being connected.
      void outputConfigurationBody​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext, org.apache.manifoldcf.core.interfaces.IHTTPOutput out, java.util.Locale locale, org.apache.manifoldcf.core.interfaces.ConfigParams parameters, java.lang.String tabName)
      Output the configuration body section.
      void outputConfigurationHeader​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext, org.apache.manifoldcf.core.interfaces.IHTTPOutput out, java.util.Locale locale, org.apache.manifoldcf.core.interfaces.ConfigParams parameters, java.util.List<java.lang.String> tabsArray)
      Output the configuration header section.
      void poll()
      Poll.
      java.lang.String processConfigurationPost​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext, org.apache.manifoldcf.core.interfaces.IPostParameters variableContext, java.util.Locale locale, org.apache.manifoldcf.core.interfaces.ConfigParams parameters)
      Process a configuration post.
      void setThreadContext​(org.apache.manifoldcf.core.interfaces.IThreadContext tc)
      Set thread context.
      protected static java.lang.String sid2String​(byte[] SID)
      Convert a binary SID to a string
      void viewConfiguration​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext, org.apache.manifoldcf.core.interfaces.IHTTPOutput out, java.util.Locale locale, org.apache.manifoldcf.core.interfaces.ConfigParams parameters)
      View configuration.

      • Methods inherited from class org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector

        getAccessTokens, getDefaultAccessTokens

      • Methods inherited from class org.apache.manifoldcf.core.connector.BaseConnector

        deinstall, getConfiguration, install, outputConfigurationBody, outputConfigurationHeader, outputConfigurationHeader, pack, packFixedList, packList, packList, processConfigurationPost, unpack, unpackFixedList, unpackList, viewConfiguration

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface org.apache.manifoldcf.core.interfaces.IConnector

        deinstall, getConfiguration, install

    • Field Detail

      • emptyStringSet

        protected static org.apache.manifoldcf.core.interfaces.StringSet emptyStringSet

    • Constructor Detail

      • ActiveDirectoryAuthority

        public ActiveDirectoryAuthority()
        Constructor.

    • Method Detail

      • setThreadContext

        public void setThreadContext​(org.apache.manifoldcf.core.interfaces.IThreadContext tc)
                      throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Set thread context.
        Specified by:
        setThreadContext in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        setThreadContext in class org.apache.manifoldcf.core.connector.BaseConnector
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • clearThreadContext

        public void clearThreadContext()
        Clear thread context.
        Specified by:
        clearThreadContext in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        clearThreadContext in class org.apache.manifoldcf.core.connector.BaseConnector

      • connect

        public void connect​(org.apache.manifoldcf.core.interfaces.ConfigParams configParams)
        Connect. The configuration parameters are included.
        Specified by:
        connect in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        connect in class org.apache.manifoldcf.core.connector.BaseConnector
        Parameters:
        configParams - are the configuration parameters for this connection.

      • deobfuscate

        protected static java.lang.String deobfuscate​(java.lang.String input)

      • check

        public java.lang.String check()
                       throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Check connection for sanity.
        Specified by:
        check in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        check in class org.apache.manifoldcf.core.connector.BaseConnector
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • createDCSession

        protected javax.naming.ldap.LdapContext createDCSession​(java.lang.String domainController)
                                                 throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Create or lookup a session for a domain controller.
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • poll

        public void poll()
          throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Poll. The connection should be closed if it has been idle for too long.
        Specified by:
        poll in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        poll in class org.apache.manifoldcf.core.connector.BaseConnector
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • isConnected

        public boolean isConnected()
        This method is called to assess whether to count this connector instance should actually be counted as being connected.
        Specified by:
        isConnected in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        isConnected in class org.apache.manifoldcf.core.connector.BaseConnector
        Returns:
        true if the connector instance is actually connected.

      • disconnect

        public void disconnect()
                throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Close the connection. Call this before discarding the repository connector.
        Specified by:
        disconnect in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        disconnect in class org.apache.manifoldcf.core.connector.BaseConnector
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • getAuthorizationResponse

        public org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getAuthorizationResponse​(java.lang.String userName)
                                                                                            throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Obtain the access tokens for a given user name.
        Specified by:
        getAuthorizationResponse in interface org.apache.manifoldcf.authorities.interfaces.IAuthorityConnector
        Overrides:
        getAuthorizationResponse in class org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector
        Parameters:
        userName - is the user name or identifier.
        Returns:
        the response tokens (according to the current authority). (Should throws an exception only when a condition cannot be properly described within the authorization response object.)
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • getAuthorizationResponseUncached

        protected org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getAuthorizationResponseUncached​(java.lang.String userName)
                                                                                                       throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Obtain the access tokens for a given user name, uncached.
        Parameters:
        userName - is the user name or identifier.
        Returns:
        the response tokens (according to the current authority). (Should throws an exception only when a condition cannot be properly described within the authorization response object.)
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • getDefaultAuthorizationResponse

        public org.apache.manifoldcf.authorities.interfaces.AuthorizationResponse getDefaultAuthorizationResponse​(java.lang.String userName)
        Obtain the default access tokens for a given user name.
        Specified by:
        getDefaultAuthorizationResponse in interface org.apache.manifoldcf.authorities.interfaces.IAuthorityConnector
        Overrides:
        getDefaultAuthorizationResponse in class org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector
        Parameters:
        userName - is the user name or identifier.
        Returns:
        the default response tokens, presuming that the connect method fails.

      • outputConfigurationHeader

        public void outputConfigurationHeader​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext,
                                      org.apache.manifoldcf.core.interfaces.IHTTPOutput out,
                                      java.util.Locale locale,
                                      org.apache.manifoldcf.core.interfaces.ConfigParams parameters,
                                      java.util.List<java.lang.String> tabsArray)
                               throws org.apache.manifoldcf.core.interfaces.ManifoldCFException,
                                      java.io.IOException
        Output the configuration header section. This method is called in the head section of the connector's configuration page. Its purpose is to add the required tabs to the list, and to output any javascript methods that might be needed by the configuration editing HTML.
        Specified by:
        outputConfigurationHeader in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        outputConfigurationHeader in class org.apache.manifoldcf.core.connector.BaseConnector
        Parameters:
        threadContext - is the local thread context.
        out - is the output to which any HTML should be sent.
        parameters - are the configuration parameters, as they currently exist, for this connection being configured.
        tabsArray - is an array of tab names. Add to this array any tab names that are specific to the connector.
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException
        java.io.IOException

      • outputConfigurationBody

        public void outputConfigurationBody​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext,
                                    org.apache.manifoldcf.core.interfaces.IHTTPOutput out,
                                    java.util.Locale locale,
                                    org.apache.manifoldcf.core.interfaces.ConfigParams parameters,
                                    java.lang.String tabName)
                             throws org.apache.manifoldcf.core.interfaces.ManifoldCFException,
                                    java.io.IOException
        Output the configuration body section. This method is called in the body section of the authority connector's configuration page. Its purpose is to present the required form elements for editing. The coder can presume that the HTML that is output from this configuration will be within appropriate <html>, <body>, and <form> tags. The name of the form is "editconnection".
        Specified by:
        outputConfigurationBody in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        outputConfigurationBody in class org.apache.manifoldcf.core.connector.BaseConnector
        Parameters:
        threadContext - is the local thread context.
        out - is the output to which any HTML should be sent.
        parameters - are the configuration parameters, as they currently exist, for this connection being configured.
        tabName - is the current tab name.
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException
        java.io.IOException

      • fillInDomainControllerTab

        protected static void fillInDomainControllerTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext,
                                                org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper,
                                                org.apache.manifoldcf.core.interfaces.ConfigParams parameters)

      • createDomainControllerMap

        protected static java.util.Map<java.lang.String,​java.lang.String> createDomainControllerMap​(org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper,
                                                                                                  java.lang.String suffix,
                                                                                                  java.lang.String domainControllerName,
                                                                                                  java.lang.String userName,
                                                                                                  java.lang.String password,
                                                                                                  java.lang.String authentication,
                                                                                                  java.lang.String userACLsUsername)

      • fillInCacheTab

        protected static void fillInCacheTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext,
                                     org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper,
                                     org.apache.manifoldcf.core.interfaces.ConfigParams parameters)

      • fillInACLsTab

        protected static void fillInACLsTab​(java.util.Map<java.lang.String,​java.lang.Object> velocityContext,
                                    org.apache.manifoldcf.core.interfaces.IPasswordMapperActivity mapper,
                                    org.apache.manifoldcf.core.interfaces.ConfigParams parameters)

      • processConfigurationPost

        public java.lang.String processConfigurationPost​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext,
                                                 org.apache.manifoldcf.core.interfaces.IPostParameters variableContext,
                                                 java.util.Locale locale,
                                                 org.apache.manifoldcf.core.interfaces.ConfigParams parameters)
                                          throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Process a configuration post. This method is called at the start of the authority connector's configuration page, whenever there is a possibility that form data for a connection has been posted. Its purpose is to gather form information and modify the configuration parameters accordingly. The name of the posted form is "editconnection".
        Specified by:
        processConfigurationPost in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        processConfigurationPost in class org.apache.manifoldcf.core.connector.BaseConnector
        Parameters:
        threadContext - is the local thread context.
        variableContext - is the set of variables available from the post, including binary file post information.
        parameters - are the configuration parameters, as they currently exist, for this connection being configured.
        Returns:
        null if all is well, or a string error message if there is an error that should prevent saving of the connection (and cause a redirection to an error page).
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • addDomainController

        protected static void addDomainController​(java.util.Set<java.lang.String> seenDomains,
                                          org.apache.manifoldcf.core.interfaces.ConfigParams parameters,
                                          java.lang.String suffix,
                                          java.lang.String domainControllerName,
                                          java.lang.String userName,
                                          java.lang.String password,
                                          java.lang.String authentication,
                                          java.lang.String userACLsUsername)
                                   throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • viewConfiguration

        public void viewConfiguration​(org.apache.manifoldcf.core.interfaces.IThreadContext threadContext,
                              org.apache.manifoldcf.core.interfaces.IHTTPOutput out,
                              java.util.Locale locale,
                              org.apache.manifoldcf.core.interfaces.ConfigParams parameters)
                       throws org.apache.manifoldcf.core.interfaces.ManifoldCFException,
                              java.io.IOException
        View configuration. This method is called in the body section of the authority connector's view configuration page. Its purpose is to present the connection information to the user. The coder can presume that the HTML that is output from this configuration will be within appropriate <html> and <body>tags.
        Specified by:
        viewConfiguration in interface org.apache.manifoldcf.core.interfaces.IConnector
        Overrides:
        viewConfiguration in class org.apache.manifoldcf.core.connector.BaseConnector
        Parameters:
        threadContext - is the local thread context.
        out - is the output to which any HTML should be sent.
        parameters - are the configuration parameters, as they currently exist, for this connection being configured.
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException
        java.io.IOException

      • getSessionParameters

        protected void getSessionParameters()
                             throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Get parameters needed for caching.
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • getDistinguishedName

        protected java.lang.String getDistinguishedName​(javax.naming.ldap.LdapContext ctx,
                                                java.lang.String userName,
                                                java.lang.String searchBase,
                                                java.lang.String userACLsUsername)
                                         throws org.apache.manifoldcf.core.interfaces.ManifoldCFException
        Obtain the DistinguishedName for a given user logon name.
        Parameters:
        ctx - is the ldap context to use.
        userName - (Domain Logon Name) is the user name or identifier.
        searchBase - (Full Domain Name for the search ie: DC=qa-ad-76,DC=metacarta,DC=com)
        Returns:
        DistinguishedName for given domain user logon name. (Should throws an exception if user is not found.)
        Throws:
        org.apache.manifoldcf.core.interfaces.ManifoldCFException

      • sid2String

        protected static java.lang.String sid2String​(byte[] SID)
        Convert a binary SID to a string