Package ome.logic

Class LdapImpl

  • All Implemented Interfaces:
    ome.api.ILdap, ome.api.ServiceInterface, ome.system.SelfConfigurableService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware
    @Transactional(readOnly=true)
public class LdapImpl
extends AbstractLevel2Service
implements ome.api.ILdap, org.springframework.context.ApplicationContextAware
    Provides methods for administering user accounts, passwords, as well as methods which require special privileges. Developer note: As can be expected, to perform these privileged the Admin service has access to several resources that should not be generally used while developing services. Misuse could circumvent security or auditing.
    Since:
    3.0-M3
    See Also:
    SecuritySystem, Permissions

    • Constructor Detail

      • LdapImpl

        public LdapImpl​(org.springframework.ldap.core.ContextSource ctx,
                org.springframework.ldap.core.LdapOperations ldap,
                ome.system.Roles roles,
                LdapConfig config,
                RoleProvider roleProvider,
                ome.util.SqlAction sql)

    • Method Detail

      • setApplicationContext

        public void setApplicationContext​(org.springframework.context.ApplicationContext arg0)
                           throws org.springframework.beans.BeansException
        Specified by:
        setApplicationContext in interface org.springframework.context.ApplicationContextAware
        Throws:
        org.springframework.beans.BeansException

      • getServiceInterface

        public java.lang.Class<? extends ome.api.ServiceInterface> getServiceInterface()
        Specified by:
        getServiceInterface in interface ome.system.SelfConfigurableService

      • searchAll

        public java.util.List<ome.model.meta.Experimenter> searchAll()
        Specified by:
        searchAll in interface ome.api.ILdap

      • searchByAttribute

        public java.util.List<ome.model.meta.Experimenter> searchByAttribute​(java.lang.String dns,
                                                                     java.lang.String attr,
                                                                     java.lang.String value)
        Specified by:
        searchByAttribute in interface ome.api.ILdap

      • searchByDN

        public ome.model.meta.Experimenter searchByDN​(java.lang.String dns)
        Specified by:
        searchByDN in interface ome.api.ILdap

      • findDN

        public java.lang.String findDN​(java.lang.String username)
        Specified by:
        findDN in interface ome.api.ILdap

      • findGroupDN

        public java.lang.String findGroupDN​(java.lang.String groupname)
        Specified by:
        findGroupDN in interface ome.api.ILdap

      • findExperimenter

        public ome.model.meta.Experimenter findExperimenter​(java.lang.String username)
        Specified by:
        findExperimenter in interface ome.api.ILdap

      • findGroup

        public ome.model.meta.ExperimenterGroup findGroup​(java.lang.String groupname)
        Specified by:
        findGroup in interface ome.api.ILdap

      • searchDnInGroups

        public java.util.List<java.lang.String> searchDnInGroups​(java.lang.String attr,
                                                         java.lang.String value)
        Specified by:
        searchDnInGroups in interface ome.api.ILdap

      • searchByAttributes

        public java.util.List<ome.model.meta.Experimenter> searchByAttributes​(java.lang.String dn,
                                                                      java.lang.String[] attributes,
                                                                      java.lang.String[] values)
        Specified by:
        searchByAttributes in interface ome.api.ILdap

      • setDN

        @Transactional(readOnly=false)
@Deprecated
public void setDN​(java.lang.Long experimenterID,
                  java.lang.String dn)
        Deprecated.
        Specified by:
        setDN in interface ome.api.ILdap

      • getSetting

        public boolean getSetting()
        Specified by:
        getSetting in interface ome.api.ILdap

      • synchronizeLdapUser

        public void synchronizeLdapUser​(java.lang.String username)

      • createUserFromLdap

        @Deprecated
@Transactional(readOnly=false)
public boolean createUserFromLdap​(java.lang.String username,
                                  java.lang.String password)
        Deprecated.
        Creates an Experimenter based on the supplied LDAP username. Doesn't validate the user's password and can be only executed by admin users.
        Parameters:
        username - The user's LDAP username.
        password - The user's LDAP password, not null.
        Returns:
        true if a user is created

      • createUser

        @Transactional(readOnly=false)
public ome.model.meta.Experimenter createUser​(java.lang.String username)
        Creates an Experimenter based on the supplied LDAP username. Doesn't validate the user's password and can be only executed by admin users.
        Specified by:
        createUser in interface ome.api.ILdap
        Parameters:
        username - The user's LDAP username.
        Returns:
        The newly created Experimenter object.

      • createUser

        public ome.model.meta.Experimenter createUser​(java.lang.String username,
                                              java.lang.String password)
        Creates an Experimenter based on the supplied LDAP username. Enforces user password validation.
        Parameters:
        username - The user's LDAP username.
        password - The user's LDAP password, not null.
        Returns:
        The newly created Experimenter object.

      • createUser

        public ome.model.meta.Experimenter createUser​(java.lang.String username,
                                              java.lang.String password,
                                              boolean checkPassword)
        Creates an Experimenter based on the supplied LDAP username. A boolean flag controls if password checks should be performed.
        Parameters:
        username - The user's LDAP username.
        password - The user's password.
        checkPassword - Flag indicating if password check should be performed.
        Returns:
        The newly created Experimenter object.

      • loadLdapGroups

        @Deprecated
public java.util.List<java.lang.Long> loadLdapGroups​(java.lang.String username,
                                                     org.springframework.ldap.core.DistinguishedName dn)
        Deprecated.

      • validatePassword

        public boolean validatePassword​(java.lang.String dn,
                                java.lang.String password)
        Validates password for base. Base is user's DN. When context was created successful specified requirements are valid.
        Parameters:
        dn - the user's distinguished name
        password - the user's password
        Returns:
        boolean if the user's password is correct

      • lookupLdapAuthExperimenters

        public java.util.List<java.util.Map<java.lang.String,​java.lang.Object>> lookupLdapAuthExperimenters()
        Queries the LDAP server and returns the DN for all OMERO users that have the ldap flag enabled.
        Returns:
        a list of DN to user ID maps.

      • lookupLdapAuthExperimenter

        public java.lang.String lookupLdapAuthExperimenter​(java.lang.Long id)
        Queries the LDAP server and returns the DN for the specified OMERO user ID. The LDAP server is queried and the DN returned only for IDs that have the ldap flag enabled.
        Parameters:
        id - The user ID.
        Returns:
        The DN as a String. Null if user isn't from LDAP.

      • discover

        public java.util.List<ome.model.meta.Experimenter> discover()
        Specified by:
        discover in interface ome.api.ILdap

      • discoverGroups

        public java.util.List<ome.model.meta.ExperimenterGroup> discoverGroups()
        Specified by:
        discoverGroups in interface ome.api.ILdap