/** * Returns a query for checking whether specified user is a member of specified group. * * The query requires {@value HiveConf#HIVE_SERVER2_AUTHENTICATION_LDAP_USERMEMBERSHIPKEY_NAME} * Hive configuration property to be set. * * @param userId user unique identifier * @param groupDn group DN * @return an instance of {@link Query} * @see HiveConf.ConfVars#HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY * @throws NullPointerException when * {@value HiveConf#HIVE_SERVER2_AUTHENTICATION_LDAP_USERMEMBERSHIPKEY_NAME} is not set. */ public Query isUserMemberOfGroup(String userId, String groupDn) { Preconditions.checkState(!Strings.isNullOrEmpty(userMembershipAttr), "hive.server2.authentication.ldap.userMembershipKey is not configured."); return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(<userMembershipAttr>=<groupDn>)(<guidAttr>=<userId>))") .map("classes", USER_OBJECT_CLASSES) .map("guidAttr", guidAttr) .map("userMembershipAttr", userMembershipAttr) .map("userId", userId) .map("groupDn", groupDn) .limit(2) .build(); }
/** * Returns a query object created for the custom filter. * <br> * This query is configured to return a group membership attribute as part of the search result. * @param searchFilter custom search filter * @return an instance of {@link Query} */ public Query customQuery(String searchFilter) { Query.QueryBuilder builder = Query.builder(); builder.filter(searchFilter); if (!Strings.isNullOrEmpty(groupMembershipAttr)) { builder.returnAttribute(groupMembershipAttr); } return builder.build(); } }
/** * Returns a query for checking whether specified user is a member of specified group. * * The query requires {@value HiveConf#HIVE_SERVER2_AUTHENTICATION_LDAP_USERMEMBERSHIPKEY_NAME} * Hive configuration property to be set. * * @param userId user unique identifier * @param groupDn group DN * @return an instance of {@link Query} * @see HiveConf.ConfVars#HIVE_SERVER2_PLAIN_LDAP_USERMEMBERSHIP_KEY * @throws NullPointerException when * {@value HiveConf#HIVE_SERVER2_AUTHENTICATION_LDAP_USERMEMBERSHIPKEY_NAME} is not set. */ public Query isUserMemberOfGroup(String userId, String groupDn) { Preconditions.checkState(!Strings.isNullOrEmpty(userMembershipAttr), "hive.server2.authentication.ldap.userMembershipKey is not configured."); return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(<userMembershipAttr>=<groupDn>)(<guidAttr>=<userId>))") .map("classes", USER_OBJECT_CLASSES) .map("guidAttr", guidAttr) .map("userMembershipAttr", userMembershipAttr) .map("userId", userId) .map("groupDn", groupDn) .limit(2) .build(); }
/** * Returns a query object created for the custom filter. * <br> * This query is configured to return a group membership attribute as part of the search result. * @param searchFilter custom search filter * @return an instance of {@link Query} */ public Query customQuery(String searchFilter) { Query.QueryBuilder builder = Query.builder(); builder.filter(searchFilter); if (!Strings.isNullOrEmpty(groupMembershipAttr)) { builder.returnAttribute(groupMembershipAttr); } return builder.build(); } }
/** * Returns a query for finding user DN based on DN pattern. * <br> * Name of this method was derived from the original implementation of LDAP authentication. * This method should be replaced by {@link QueryFactory#findUserDnByRdn(java.lang.String). * * @param rdn user RDN * @return an instance of {@link Query} */ public Query findDnByPattern(String rdn) { return Query.builder() .filter("(<rdn>)") .map("rdn", rdn) .limit(2) .build(); }
/** * Returns a query for finding user DN based on user RDN. * @param userRdn user RDN * @return an instance of {@link Query} */ public Query findUserDnByRdn(String userRdn) { return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(<userRdn>))") .limit(2) .map("classes", USER_OBJECT_CLASSES) .map("userRdn", userRdn) .build(); }
/** * Returns a query for finding Group DN based on group unique ID. * @param groupId group unique identifier * @return an instance of {@link Query} */ public Query findGroupDnById(String groupId) { return Query.builder() .filter("(&(objectClass=<groupClassAttr>)(<guidAttr>=<groupID>))") .map("guidAttr", guidAttr) .map("groupClassAttr", groupClassAttr) .map("groupID", groupId) .limit(2) .build(); }
/** * Returns a query for finding groups to which the user belongs. * @param userName username * @param userDn user DN * @return an instance of {@link Query} */ public Query findGroupsForUser(String userName, String userDn) { return Query.builder() .filter("(&(objectClass=<groupClassAttr>)(|(<groupMembershipAttr>=<userDn>)" + "(<groupMembershipAttr>=<userName>)))") .map("groupClassAttr", groupClassAttr) .map("groupMembershipAttr", groupMembershipAttr) .map("userName", userName) .map("userDn", userDn) .build(); }
/** * Builds an instance of {@link Query}. * @return configured directory service query */ public Query build() { validate(); String filter = createFilter(); updateControls(); return new Query(filter, controls); } }
/** * Creates Query Builder. * @return query builder. */ public static QueryBuilder builder() { return new QueryBuilder(); }
/** * Returns a query for finding user DN based on user unique name. * @param userName user unique name (uid or sAMAccountName) * @return an instance of {@link Query} */ public Query findUserDnByName(String userName) { return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(|(uid=<userName>)(sAMAccountName=<userName>)))") .map("classes", USER_OBJECT_CLASSES) .map("userName", userName) .limit(2) .build(); }
/** * Returns a query for finding user DN based on DN pattern. * <br> * Name of this method was derived from the original implementation of LDAP authentication. * This method should be replaced by {@link QueryFactory#findUserDnByRdn(java.lang.String). * * @param rdn user RDN * @return an instance of {@link Query} */ public Query findDnByPattern(String rdn) { return Query.builder() .filter("(<rdn>)") .map("rdn", rdn) .limit(2) .build(); }
/** * Returns a query for finding groups to which the user belongs. * @param userName username * @param userDn user DN * @return an instance of {@link Query} */ public Query findGroupsForUser(String userName, String userDn) { return Query.builder() .filter("(&(objectClass=<groupClassAttr>)(|(<groupMembershipAttr>=<userDn>)" + "(<groupMembershipAttr>=<userName>)))") .map("groupClassAttr", groupClassAttr) .map("groupMembershipAttr", groupMembershipAttr) .map("userName", userName) .map("userDn", userDn) .build(); }
/** * Returns a query for finding user DN based on user RDN. * @param userRdn user RDN * @return an instance of {@link Query} */ public Query findUserDnByRdn(String userRdn) { return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(<userRdn>))") .limit(2) .map("classes", USER_OBJECT_CLASSES) .map("userRdn", userRdn) .build(); }
/** * Returns a query for finding user DN based on user unique name. * @param userName user unique name (uid or sAMAccountName) * @return an instance of {@link Query} */ public Query findUserDnByName(String userName) { return Query.builder() .filter("(&(|<classes:{ class |(objectClass=<class>)}>)" + "(|(uid=<userName>)(sAMAccountName=<userName>)))") .map("classes", USER_OBJECT_CLASSES) .map("userName", userName) .limit(2) .build(); }
/** * Returns a query for finding Group DN based on group unique ID. * @param groupId group unique identifier * @return an instance of {@link Query} */ public Query findGroupDnById(String groupId) { return Query.builder() .filter("(&(objectClass=<groupClassAttr>)(<guidAttr>=<groupID>))") .map("guidAttr", guidAttr) .map("groupClassAttr", groupClassAttr) .map("groupID", groupId) .limit(2) .build(); }
/** * Creates Query Builder. * @return query builder. */ public static QueryBuilder builder() { return new QueryBuilder(); }
@Test public void testQueryBuilderReturningAttributes() { Query q = Query.builder() .filter("(query)") .returnAttribute("attr1") .returnAttribute("attr2") .build(); assertEquals("(query)", q.getFilter()); assertArrayEquals(new String[] {"attr1", "attr2"}, q.getControls().getReturningAttributes()); } }
/** * Builds an instance of {@link Query}. * @return configured directory service query */ public Query build() { validate(); String filter = createFilter(); updateControls(); return new Query(filter, controls); } }