Java tutorial
/******************************************************************************* * Copyright (c) 2010 David Harrison. * All rights reserved. This program and the accompanying materials * are made available under the terms of the GNU Public License v3.0 * which accompanies this distribution, and is available at * http://www.gnu.org/licenses/gpl-3.0.html * * Contributors: * David Harrison - initial API and implementation ******************************************************************************/ package com.sfs.dao; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import com.sfs.beans.UserBean; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.jasig.cas.client.authentication.AttributePrincipal; /** * The Class WhozatAuthenticationDAOImpl. */ public class SAMLAuthenticationDAOImpl implements AuthenticationDAO { /** The data logger. */ private static Logger dataLogger = Logger.getLogger(SAMLAuthenticationDAOImpl.class); /** The group container. */ private String groupContainer = ""; /** The dn attr. */ private String dnAttr = "dn"; /** The first name attribute. */ private String firstNameAttr = "firstName"; /** The last name attribute. */ private String lastNameAttr = "lastName"; /** The email address attribute. */ private String emailAddressAttr = "emailAddress"; /** The group membership attribute. */ private String groupMembershipAttr = "groupMembership"; /** The group mapping. */ private Map<String, String> groupMapping = new HashMap<String, String>(); /** * Sets the group container. * * @param groupContainerVal the new group container */ public final void setGroupContainer(final String groupContainerVal) { this.groupContainer = groupContainerVal; } /** * Gets the group container. * * @return the group container */ protected final String getGroupContainer() { return this.groupContainer; } /** * Sets the distinguished name attribute. * * @param dnAttrVal the new first name attribute */ public final void setDnAttr(final String dnAttrVal) { this.dnAttr = dnAttrVal; } /** * Sets the first name attribute. * * @param firstNameAttrVal the new first name attribute */ public final void setFirstNameAttr(final String firstNameAttrVal) { this.firstNameAttr = firstNameAttrVal; } /** * Sets the last name attribute. * * @param lastNameAttrVal the new last name attribute */ public final void setLastNameAttr(final String lastNameAttrVal) { this.lastNameAttr = lastNameAttrVal; } /** * Sets the email address attribute. * * @param emailAddressAttrVal the new email address attribute */ public final void setEmailAddressAttr(final String emailAddressAttrVal) { this.emailAddressAttr = emailAddressAttrVal; } /** * Sets the group membership attribute. * * @param groupMembershipAttrVal the new group membership attribute */ public final void setGroupMembershipAttr(final String groupMembershipAttrVal) { this.groupMembershipAttr = groupMembershipAttrVal; } /** * Sets the group mapping. * * @param groupMappingVal the group mapping val */ public final void setGroupMapping(final Map<String, String> groupMappingVal) { this.groupMapping = groupMappingVal; } /** * Load the UserBean from the SAML (CAS) response. * * @param userName the user name * @param request the servlet request * * @return the user bean * * @throws SFSDaoException the SFS dao exception */ public final UserBean load(final String userName, final HttpServletRequest request) throws SFSDaoException { // Loads user details into bean using a supplied username if (userName == null) { throw new SFSDaoException("Username cannot be null"); } if (userName.compareTo("") == 0) { throw new SFSDaoException("Username cannot be an empty string"); } UserBean user = null; if (request != null && request.getUserPrincipal() != null) { final String username = request.getRemoteUser(); if (StringUtils.isNotBlank(username)) { final AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal(); final Map<?, ?> attributes = principal.getAttributes(); user = loadUserDetails(username, attributes); } } if (user == null) { throw new SFSDaoException("A user object for this username was not found"); } return user; } /** * Load user details. * * @param username the username * @param attributes the attributes * @return the user bean */ private UserBean loadUserDetails(final String username, final Map<?, ?> attributes) { final UserBean user = new UserBean(); user.setUserName(username); Iterator<?> attributeNames = attributes.keySet().iterator(); for (; attributeNames.hasNext();) { final String attribute = (String) attributeNames.next(); final Object value = attributes.get(attribute); if (value != null) { dataLogger.debug("Attribute: " + attribute); dataLogger.debug("Type: " + value.getClass()); dataLogger.debug("Value: " + value); if (StringUtils.equalsIgnoreCase(attribute, dnAttr)) { user.setDN(getStringValue(value)); } if (StringUtils.equalsIgnoreCase(attribute, firstNameAttr)) { user.setPreferredName(getStringValue(value)); } if (StringUtils.equalsIgnoreCase(attribute, lastNameAttr)) { user.setLastName(getStringValue(value)); } if (StringUtils.equalsIgnoreCase(attribute, emailAddressAttr)) { user.setEmail(getStringValue(value)); } if (StringUtils.equalsIgnoreCase(attribute, groupMembershipAttr)) { ArrayList<String> roleDNs = new ArrayList<String>(); if (value instanceof String) { roleDNs.add((String) value); } if (value instanceof ArrayList<?>) { ArrayList<?> values = (ArrayList<?>) value; for (int i = 0; i < values.size(); i++) { roleDNs.add((String) values.get(i)); } } final Collection<String> roles = new ArrayList<String>(); for (String role : roleDNs) { // See which valid roles this user has dataLogger.debug("Role: " + role); final int fApos = role.indexOf(","); final String groupType = role.substring(fApos + 1); dataLogger.debug("Group type: " + groupType); if (StringUtils.equalsIgnoreCase(groupType, this.groupContainer)) { final int startOfGroup = role.indexOf("="); final String group = role.substring(startOfGroup + 1, fApos); dataLogger.debug("Group name: " + group); // Get the group mapping if (StringUtils.isNotBlank(group) && this.groupMapping.containsKey(group)) { String whichdoctorGroup = this.groupMapping.get(group); if (StringUtils.isNotBlank(whichdoctorGroup)) { roles.add(whichdoctorGroup); } } } } user.setMemberOf(roles); } } } dataLogger.debug("User DN: " + user.getDN()); dataLogger.debug("Role count: " + user.getMemberOf().size()); if (StringUtils.isNotBlank(user.getDN()) && user.getMemberOf().size() > 0) { // The user has a DN and belongs to one valid role, log in dataLogger.debug("User has at least one valid role - logged in"); user.setLoggedIn(true); } return user; } /** * Gets the string value. * * @param value the value * @return the string value */ private String getStringValue(final Object value) { String stringValue = ""; if (value instanceof String) { stringValue = (String) value; } if (value instanceof ArrayList<?>) { ArrayList<?> values = (ArrayList<?>) value; if (values.size() > 0) { stringValue = (String) values.get(0); } } return stringValue; } }