Examples with GroupsException org.apereo.portal.groups.GroupsException used on opensource projects

Example 11 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class AnyUnblockedGrantPermissionPolicy method hasUnblockedPathToGrant.

/**
 * This method performs the actual, low-level checking of a single activity and target. Is IS
 * responsible for performing the same check for affiliated groups in the Groups hierarchy, but
 * it is NOT responsible for understanding the nuances of relationships some activities and/or
 * targets have with one another (e.g. MANAGE_APPROVED, ALL_PORTLETS, etc.). It performs the
 * following steps, in order:
 *
 * <ol>
 *   <li>Find out if the specified principal is <em>specifically</em> granted or denied; if an
 *       answer is found in this step, return it
 *   <li>Find out what groups this principal belongs to; convert each one to a principal and
 *       seek an answer by invoking ourselves recursively; if an answer is found in this step,
 *       return it
 *   <li>Return false (no explicit GRANT means no permission)
 * </ol>
 */
private boolean hasUnblockedPathToGrant(IAuthorizationService service, IAuthorizationPrincipal principal, IPermissionOwner owner, IPermissionActivity activity, IPermissionTarget target, Set<IGroupMember> seenGroups) throws GroupsException {
    if (log.isTraceEnabled()) {
        log.trace("Searching for unblocked path to GRANT for principal '{}' to " + "'{}' on target '{}' having already checked:  {}", principal.getKey(), activity.getFname(), target.getKey(), seenGroups);
    }
    /*
         * Step #1:  Specific GRANT/DENY attached to this principal
         */
    final IPermission[] permissions = service.getPermissionsForPrincipal(principal, owner.getFname(), activity.getFname(), target.getKey());
    final Set<IPermission> activePermissions = removeInactivePermissions(permissions);
    final boolean denyExists = containsType(activePermissions, IPermission.PERMISSION_TYPE_DENY);
    if (denyExists) {
        // We need go no further;  DENY trumps both GRANT & inherited permissions
        return false;
    }
    final boolean grantExists = containsType(activePermissions, IPermission.PERMISSION_TYPE_GRANT);
    if (grantExists) {
        // We need go no further;  explicit GRANT at this level of the hierarchy
        if (log.isTraceEnabled()) {
            log.trace("Found unblocked path to this permission set including a GRANT:  {}", activePermissions);
        }
        return true;
    }
    /*
         * Step #2:  Seek an answer from affiliated groups
         */
    IGroupMember principalAsGroupMember = service.getGroupMember(principal);
    if (seenGroups.contains(principalAsGroupMember)) {
        if (log.isTraceEnabled()) {
            log.trace("Declining to re-examine principal '{}' for permission to '{}' " + "on '{}' because this group is among already checked groups:  {}", principal.getKey(), activity.getFname(), target.getKey(), seenGroups);
        }
        return false;
    }
    seenGroups.add(principalAsGroupMember);
    Set<IEntityGroup> immediatelyContainingGroups = principalAsGroupMember.getParentGroups();
    for (IGroupMember parentGroup : immediatelyContainingGroups) {
        try {
            if (parentGroup != null) {
                IAuthorizationPrincipal parentPrincipal = service.newPrincipal(parentGroup);
                boolean parentHasUnblockedPathToGrant = hasUnblockedPathToGrantWithCache(service, parentPrincipal, owner, activity, target, seenGroups);
                if (parentHasUnblockedPathToGrant) {
                    return true;
                }
            // Parent didn't have a path to grant, fall through and try another parent (if
            // any)
            }
        } catch (Exception e) {
            // problem evaluating this path, but let's not let it stop
            // us from exploring other paths.  Though a portion of the
            // group structure is broken, permission may be granted by
            // an unbroken portion
            log.error("Error evaluating permissions of parent group [" + parentGroup + "]", e);
        }
    }
    /*
         * Step #3:  No explicit GRANT means no permission
         */
    return false;
}

Example 12 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class GrouperEntityGroupStore method find.

/* (non-Javadoc)
     * @see org.apereo.portal.groups.IEntityGroupStore#find(java.lang.String)
     */
public IEntityGroup find(String key) throws GroupsException {
    try {
        // key
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Searching Grouper for a direct match for key: " + key);
        }
        WsGroup wsGroup = findGroupFromKey(key);
        if (wsGroup == null) {
            return null;
        }
        IEntityGroup group = createUportalGroupFromGrouperGroup(wsGroup);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Retrieved group from the Grouper server matching key " + key + ": " + group.toString());
        }
        // return the group
        return group;
    } catch (Exception e) {
        LOGGER.warn("Exception while attempting to retrieve " + "group with key " + key + " from Grouper web services: " + e.getMessage());
        return null;
    }
}

Example 13 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class GrouperEntityGroupStore method findMemberGroups.

@SuppressWarnings("unchecked")
public Iterator findMemberGroups(IEntityGroup group) throws GroupsException {
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Searching for group-type members of group with key: " + group.getKey());
    }
    try {
        if (!validKey(group.getLocalKey())) {
            return Collections.<IEntityGroup>emptyList().iterator();
        }
        GcGetMembers gcGetMembers = new GcGetMembers();
        gcGetMembers.addGroupName(group.getLocalKey());
        gcGetMembers.assignIncludeSubjectDetail(true);
        gcGetMembers.addSourceId("g:gsa");
        WsGetMembersResults results = gcGetMembers.execute();
        if (results == null || results.getResults() == null || results.getResults().length == 0 || results.getResults()[0].getWsSubjects() == null) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("No group-type members found for group with key " + group.getKey());
            }
            return Collections.<IEntityGroup>emptyList().iterator();
        }
        final List<IEntityGroup> members = new ArrayList<IEntityGroup>();
        WsSubject[] subjects = results.getResults()[0].getWsSubjects();
        for (WsSubject wsSubject : subjects) {
            if (validKey(wsSubject.getName())) {
                WsGroup wsGroup = findGroupFromKey(wsSubject.getName());
                if (wsGroup != null) {
                    IEntityGroup member = createUportalGroupFromGrouperGroup(wsGroup);
                    members.add(member);
                    if (LOGGER.isTraceEnabled()) {
                        LOGGER.trace("found IEntityGroup member: " + member);
                    }
                }
            }
        }
        return members.iterator();
    } catch (Exception e) {
        LOGGER.warn("Exception while attempting to retrieve " + "member groups of group with key " + group.getKey() + " from Grouper web services: " + e.getMessage());
        return Collections.<IGroupMember>emptyList().iterator();
    }
}

Example 14 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class FileSystemGroupStore method searchForGroups.

/**
     * Returns an EntityIdentifier[] of groups of the given leaf type whose names match the query
     * string according to the search method.
     *
     * @param query String the string used to match group names.
     * @param searchMethod see org.apereo.portal.groups.IGroupConstants.
     * @param leafType the leaf type of the groups we are searching for.
     * @return EntityIdentifier[]
     */
public EntityIdentifier[] searchForGroups(String query, int searchMethod, Class leafType) throws GroupsException {
    List ids = new ArrayList();
    File baseDir = getFileRoot(leafType);
    if (log.isDebugEnabled())
        log.debug(DEBUG_CLASS_NAME + "searchForGroups(): " + query + " method: " + searchMethod + " type: " + leafType);
    if (baseDir != null) {
        String nameFilter = null;
        switch(searchMethod) {
            case IS:
                nameFilter = query;
                break;
            case STARTS_WITH:
                nameFilter = query + ".*";
                break;
            case ENDS_WITH:
                nameFilter = ".*" + query;
                break;
            case CONTAINS:
                nameFilter = ".*" + query + ".*";
                break;
            default:
                throw new GroupsException(DEBUG_CLASS_NAME + ".searchForGroups(): Unknown search method: " + searchMethod);
        }
        final Pattern namePattern = Pattern.compile(nameFilter);
        final FilenameFilter filter = new FilenameFilter() {

            @Override
            public boolean accept(File dir, String name) {
                return namePattern.matcher(name).matches();
            }
        };
        Set allDirs = getAllDirectoriesBelow(baseDir);
        allDirs.add(baseDir);
        for (Iterator itr = allDirs.iterator(); itr.hasNext(); ) {
            File[] files = ((File) itr.next()).listFiles(filter);
            for (int filesIdx = 0; filesIdx < files.length; filesIdx++) {
                String key = getKeyFromFile(files[filesIdx]);
                EntityIdentifier ei = new EntityIdentifier(key, ICompositeGroupService.GROUP_ENTITY_TYPE);
                ids.add(ei);
            }
        }
    }
    if (log.isDebugEnabled())
        log.debug(DEBUG_CLASS_NAME + ".searchForGroups(): found " + ids.size() + " files.");
    return (EntityIdentifier[]) ids.toArray(new EntityIdentifier[ids.size()]);
}

Example 15 with GroupsException

use of org.apereo.portal.groups.GroupsException in project uPortal by Jasig.

the class LDAPGroupStore method searchForEntities.

public EntityIdentifier[] searchForEntities(String query, int method, Class type) throws GroupsException {
    if (type != group && type != iperson)
        return new EntityIdentifier[0];
    // Guarantee that LDAP injection is prevented by replacing LDAP special characters
    // with escaped versions of the character
    query = LdapEncoder.filterEncode(query);
    ArrayList ids = new ArrayList();
    switch(method) {
        case STARTS_WITH:
            query = query + "*";
            break;
        case ENDS_WITH:
            query = "*" + query;
            break;
        case CONTAINS:
            query = "*" + query + "*";
            break;
    }
    query = namefield + "=" + query;
    DirContext context = getConnection();
    NamingEnumeration userlist = null;
    SearchControls sc = new SearchControls();
    sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
    sc.setReturningAttributes(new String[] { keyfield });
    try {
        userlist = context.search(usercontext, query, sc);
        ArrayList keys = new ArrayList();
        processLdapResults(userlist, keys);
        String[] k = (String[]) keys.toArray(new String[0]);
        for (int i = 0; i < k.length; i++) {
            ids.add(new EntityIdentifier(k[i], iperson));
        }
        return (EntityIdentifier[]) ids.toArray(new EntityIdentifier[0]);
    } catch (NamingException nex) {
        throw new GroupsException("LDAPGroupStore: Unable to perform filter " + query, nex);
    }
}