From: Olivier Lamy Date: Wed, 16 Jan 2013 14:48:58 +0000 (+0000) Subject: map a ldap group to n roles X-Git-Tag: redback-2.1~101 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=a02fa422515d9b727d8377b895365938a502cc2c;p=archiva.git map a ldap group to n roles git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1433962 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java index bfa828ef0..6520542c8 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java @@ -18,9 +18,9 @@ package org.apache.archiva.redback.common.ldap.role; * under the License. */ -import com.google.common.collect.HashBiMap; +import com.google.common.collect.ArrayListMultimap; +import com.google.common.collect.Multimap; import org.apache.archiva.redback.common.ldap.MappingException; -import org.apache.archiva.redback.common.ldap.connection.LdapConnection; import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory; import org.apache.archiva.redback.common.ldap.connection.LdapException; import org.apache.archiva.redback.configuration.UserConfiguration; @@ -44,12 +44,12 @@ import javax.naming.directory.ModificationItem; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collection; import java.util.Collections; -import java.util.HashMap; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; /** * @author Olivier Lamy @@ -79,6 +79,10 @@ public class DefaultLdapRoleMapper private String baseDn; + private boolean writableLdap = false; + + private boolean useDefaultRoleName = false; + @PostConstruct public void initialize() { @@ -92,6 +96,11 @@ public class DefaultLdapRoleMapper { this.groupsDn = this.baseDn; } + + this.writableLdap = userConf.getBoolean( UserConfigurationKeys.LDAP_WRITABLE, this.writableLdap ); + + this.useDefaultRoleName = + userConf.getBoolean( UserConfigurationKeys.LDAP_GROUPS_USE_ROLENAME, this.useDefaultRoleName ); } public String getLdapGroup( String role ) @@ -164,6 +173,53 @@ public class DefaultLdapRoleMapper } } + public boolean hasRole( DirContext context, String roleName ) + throws MappingException + { + String groupName = findGroupName( roleName ); + + if ( groupName == null ) + { + if ( this.useDefaultRoleName ) + { + groupName = roleName; + } + else + { + log.warn( "skip group creation as no mapping fro roleName:'{}'", roleName ); + return false; + } + } + NamingEnumeration namingEnumeration = null; + try + { + + SearchControls searchControls = new SearchControls(); + + searchControls.setDerefLinkFlag( true ); + searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); + + String filter = "objectClass=" + getLdapGroupClass(); + + namingEnumeration = context.search( "cn=" + groupName + "," + getGroupsDn(), filter, searchControls ); + + return namingEnumeration.hasMore(); + } + catch ( LdapException e ) + { + throw new MappingException( e.getMessage(), e ); + } + catch ( NamingException e ) + { + throw new MappingException( e.getMessage(), e ); + } + + finally + { + close( namingEnumeration ); + } + } + public List getAllRoles( DirContext context ) throws MappingException { @@ -174,20 +230,23 @@ public class DefaultLdapRoleMapper return Collections.emptyList(); } - List roles = new ArrayList( groups.size() ); + Set roles = new HashSet( groups.size() ); - Map mapping = getLdapGroupMappings(); + Map> mapping = getLdapGroupMappings(); for ( String group : groups ) { - String role = mapping.get( group ); - if ( role != null ) + Collection rolesPerGroup = mapping.get( group ); + if ( rolesPerGroup != null ) { - roles.add( role ); + for ( String role : rolesPerGroup ) + { + roles.add( role ); + } } } - return roles; + return new ArrayList( roles ); } public List getGroupsMember( String group, DirContext context ) @@ -330,20 +389,23 @@ public class DefaultLdapRoleMapper { List groups = getGroups( username, context ); - Map rolesMapping = getLdapGroupMappings(); + Map> rolesMapping = getLdapGroupMappings(); - List roles = new ArrayList( groups.size() ); + Set roles = new HashSet( groups.size() ); for ( String group : groups ) { - String role = rolesMapping.get( group ); - if ( role != null ) + Collection rolesPerGroup = rolesMapping.get( group ); + if ( rolesPerGroup != null ) { - roles.add( role ); + for ( String role : rolesPerGroup ) + { + roles.add( role ); + } } } - return roles; + return new ArrayList( roles ); } private void close( NamingEnumeration namingEnumeration ) @@ -381,15 +443,15 @@ public class DefaultLdapRoleMapper log.warn( "removeLdapMapping not implemented" ); } - public void setLdapGroupMappings( Map mappings ) + public void setLdapGroupMappings( Map> mappings ) throws MappingException { log.warn( "setLdapGroupMappings not implemented" ); } - public Map getLdapGroupMappings() + public Map> getLdapGroupMappings() { - Map map = new HashMap(); + Multimap map = ArrayListMultimap.create(); Collection keys = userConf.getKeys(); @@ -397,23 +459,36 @@ public class DefaultLdapRoleMapper { if ( key.startsWith( UserConfigurationKeys.LDAP_GROUPS_ROLE_START_KEY ) ) { - map.put( StringUtils.substringAfter( key, UserConfigurationKeys.LDAP_GROUPS_ROLE_START_KEY ), - userConf.getString( key ) ); + String val = userConf.getString( key ); + String[] roles = StringUtils.split( val, ',' ); + for ( String role : roles ) + { + map.put( StringUtils.substringAfter( key, UserConfigurationKeys.LDAP_GROUPS_ROLE_START_KEY ), + role ); + } } } - return map; + return map.asMap(); } public boolean saveRole( String roleName, DirContext context ) throws MappingException { - String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName ); + String groupName = findGroupName( roleName ); + if ( groupName == null ) { - log.warn( "skip group creation as no mapping fro roleName:'{}'", roleName ); - return false; + if ( this.useDefaultRoleName ) + { + groupName = roleName; + } + else + { + log.warn( "skip group creation as no mapping fro roleName:'{}'", roleName ); + return false; + } } List allGroups = getAllGroups( context ); @@ -461,12 +536,12 @@ public class DefaultLdapRoleMapper throws MappingException { - String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName ); + String groupName = findGroupName( roleName ); if ( groupName == null ) { log.warn( "no group found for role '{}", roleName ); - return false; + groupName = roleName; } NamingEnumeration namingEnumeration = null; @@ -531,7 +606,7 @@ public class DefaultLdapRoleMapper public boolean removeUserRole( String roleName, String username, DirContext context ) throws MappingException { - String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName ); + String groupName = findGroupName( roleName ); if ( groupName == null ) { @@ -627,7 +702,7 @@ public class DefaultLdapRoleMapper throws MappingException { - String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName ); + String groupName = findGroupName( roleName ); try { @@ -684,4 +759,22 @@ public class DefaultLdapRoleMapper { this.baseDn = baseDn; } + + //------------------- + // utils methods + //------------------- + + protected String findGroupName( String role ) + { + Map> mapping = getLdapGroupMappings(); + + for ( Map.Entry> entry : mapping.entrySet() ) + { + if ( entry.getValue().contains( role ) ) + { + return entry.getKey(); + } + } + return null; + } } diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java index 56d5e3be6..a801b7d9a 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java @@ -21,6 +21,7 @@ package org.apache.archiva.redback.common.ldap.role; import org.apache.archiva.redback.common.ldap.MappingException; import javax.naming.directory.DirContext; +import java.util.Collection; import java.util.List; import java.util.Map; @@ -60,6 +61,9 @@ public interface LdapRoleMapper List getAllRoles( DirContext context ) throws MappingException; + boolean hasRole( DirContext context, String role ) + throws MappingException; + /** * @return the base dn which contains all ldap groups @@ -103,12 +107,12 @@ public interface LdapRoleMapper throws MappingException; /** - * @return Map of corresponding LDAP group (key) and Redback role (value) + * @return Map of corresponding LDAP group (key) and Redback roles (value) */ - Map getLdapGroupMappings() + Map> getLdapGroupMappings() throws MappingException; - void setLdapGroupMappings( Map mappings ) + void setLdapGroupMappings( Map> mappings ) throws MappingException; /** diff --git a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java index b22204121..2bf1dbee7 100644 --- a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java +++ b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java @@ -82,6 +82,8 @@ public interface UserConfigurationKeys String LDAP_GROUPS_ROLE_START_KEY = "ldap.config.groups.role."; + String LDAP_GROUPS_USE_ROLENAME = "ldap.config.groups.use.rolename"; + String LDAP_WRITABLE = "ldap.config.writable"; String APPLICATION_URL = "application.url"; diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java index b46bd32e4..91a3027ac 100644 --- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java @@ -61,6 +61,7 @@ import javax.naming.directory.DirContext; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -195,16 +196,19 @@ public class LdapRbacManager { try { - Collection roleNames = ldapRoleMapper.getLdapGroupMappings().values(); + Collection> roleNames = ldapRoleMapper.getLdapGroupMappings().values(); - List roles = new ArrayList(); + Set roles = new HashSet(); - for ( String name : roleNames ) + for ( Collection names : roleNames ) { - roles.add( new RoleImpl( name ) ); + for ( String name : names ) + { + roles.add( new RoleImpl( name ) ); + } } - return roles; + return new ArrayList( roles ); } catch ( MappingException e ) { @@ -340,16 +344,19 @@ public class LdapRbacManager } List roles = new ArrayList( groups.size() ); - Map mappedGroups = ldapRoleMapper.getLdapGroupMappings(); + Map> mappedGroups = ldapRoleMapper.getLdapGroupMappings(); for ( String group : groups ) { - String roleName = mappedGroups.get( group ); - if ( roleName != null ) + Collection roleNames = mappedGroups.get( group ); + if ( roleNames != null ) { - Role role = getRole( roleName ); - if ( role != null ) + for ( String roleName : roleNames ) { - roles.add( role ); + Role role = getRole( roleName ); + if ( role != null ) + { + roles.add( role ); + } } } } @@ -471,7 +478,7 @@ public class LdapRbacManager { ldapConnection = ldapConnectionFactory.getConnection(); context = ldapConnection.getDirContext(); - if ( !ldapRoleMapper.getAllRoles( context ).contains( roleName ) ) + if ( !ldapRoleMapper.hasRole( context, roleName ) ) { return null; } @@ -484,7 +491,9 @@ public class LdapRbacManager { throw new RbacManagerException( e.getMessage(), e ); } - return this.rbacImpl.getRole( roleName ); + Role role = this.rbacImpl.getRole( roleName ); + return ( role == null ) ? new RoleImpl( roleName ) : role; + } public Map getRoles( Collection roleNames )