@Override public GeoServerRoleService createRoleService(SecurityNamedServiceConfig config) throws IOException { return new LDAPRoleService(); }
@Override public SortedSet<String> getUserNamesForRole(final GeoServerRole role) throws IOException { final SortedSet<String> users = new TreeSet<String>(); authenticateIfNeeded( new AuthenticatedLdapEntryContextCallback() { @Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { fillUsersForRole(ctx, users, role); } }); return Collections.unmodifiableSortedSet(users); }
private void addRolesToSet(SortedSet<GeoServerRole> roles, Set<String> roleNames) { for (String roleName : roleNames) { try { roles.add(createRoleObject(roleName)); } catch (IOException e) { LOGGER.log(Level.SEVERE, "Error adding a new role from LDAP", e); } } }
@Override public GeoServerRole getRoleByName(String role) throws IOException { if (role.startsWith("ROLE_")) { // remove standard role prefix role = role.substring(5); } final String roleName = role; final SortedSet<String> roles = new TreeSet<String>(); authenticateIfNeeded( new AuthenticatedLdapEntryContextCallback() { @Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { roles.addAll( LDAPUtils.getLdapTemplateInContext(ctx, template) .searchForSingleAttributeValues( groupSearchBase, groupNameFilter, new String[] {roleName}, groupNameAttribute)); } }); if (roles.size() == 1) { return createRoleObject(role); } return null; }
@Override public GeoServerRole getAdminRole() { if (adminGroup == null) { return null; } try { return getRoleByName(adminGroup); } catch (IOException e) { throw new RuntimeException(e); } }
private void fillAllRoles(DirContext ctx, SortedSet<GeoServerRole> roles) { Set<String> roleNames = LDAPUtils.getLdapTemplateInContext(ctx, template) .searchForSingleAttributeValues( groupSearchBase, allGroupsSearchFilter, new String[] {}, groupNameAttribute); addRolesToSet(roles, roleNames); }
@Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { fillRolesForUser(ctx, username, lookupDn(username), roles); } });
@Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { LDAPUtils.getLdapTemplateInContext(ctx, template) .search(groupSearchBase, allGroupsSearchFilter, counter(count)); } });
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); LDAPRoleServiceConfig ldapConfig = (LDAPRoleServiceConfig) config; if (!isEmpty(ldapConfig.getAdminGroup())) { this.adminGroup = ldapConfig.getAdminGroup(); } if (!isEmpty(ldapConfig.getGroupAdminGroup())) { this.groupAdminGroup = ldapConfig.getGroupAdminGroup(); } } /** Read only store. */
private void fillUsersForRole(DirContext ctx, SortedSet<String> users, GeoServerRole role) { String roleStr = role.toString(); if (roleStr.startsWith("ROLE_")) { // remove standard role prefix roleStr = roleStr.substring(5); } DirContextOperations roleObj = LDAPUtils.getLdapTemplateInContext(ctx, template) .searchForSingleEntry( groupSearchBase, groupNameFilter, new String[] {roleStr}); if (roleObj != null) { Object[] usernames = roleObj.getObjectAttributes(groupMembershipAttribute); if (usernames != null) { for (Object username : usernames) { String user = username.toString(); Matcher m = userMembershipPattern.matcher(user); if (m.matches()) { user = m.group(1); } users.add(getUserNameFromMembership(user)); } } } }
@Override public GeoServerRole getGroupAdminRole() { if (groupAdminGroup == null) { return null; } try { return getRoleByName(groupAdminGroup); } catch (IOException e) { throw new RuntimeException(e); } }
private void fillRolesForUser( DirContext ctx, String username, String userDn, SortedSet<GeoServerRole> roles) { Set<String> roleNames = LDAPUtils.getLdapTemplateInContext(ctx, template) .searchForSingleAttributeValues( groupSearchBase, groupMembershipFilter, new String[] {username, userDn}, groupNameAttribute); addRolesToSet(roles, roleNames); }
public void createRoleService(boolean userFilter) throws IOException { service = new LDAPRoleService(); if (userFilter) { config.setGroupSearchFilter("member={1},dc=example,dc=com"); config.setUserFilter("uid={0}"); } else { config.setGroupSearchFilter("member=cn={0}"); } service.initializeFromConfig(config); }
@Override public int getRoleCount() throws IOException { AtomicInteger count = new AtomicInteger(0); authenticateIfNeeded( new AuthenticatedLdapEntryContextCallback() { @Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { LDAPUtils.getLdapTemplateInContext(ctx, template) .search(groupSearchBase, allGroupsSearchFilter, counter(count)); } }); return count.get(); } }
/** Assume role name = group name */ @Override public SortedSet<GeoServerRole> getRolesForGroup(String groupname) throws IOException { SortedSet<GeoServerRole> set = new TreeSet<GeoServerRole>(); GeoServerRole role = getRoleByName(groupname); if (role != null) { set.add(role); } return Collections.unmodifiableSortedSet(set); }
@Override public SortedSet<GeoServerRole> getRoles() throws IOException { final SortedSet<GeoServerRole> roles = new TreeSet<GeoServerRole>(); authenticateIfNeeded( new AuthenticatedLdapEntryContextCallback() { @Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { fillAllRoles(ctx, roles); } }); return Collections.unmodifiableSortedSet(roles); }
@Override public SortedSet<GeoServerRole> getRolesForUser(final String username) throws IOException { final SortedSet<GeoServerRole> roles = new TreeSet<GeoServerRole>(); authenticateIfNeeded( new AuthenticatedLdapEntryContextCallback() { @Override public void executeWithContext( DirContext ctx, LdapEntryIdentification ldapEntryIdentification) { fillRolesForUser(ctx, username, lookupDn(username), roles); } }); return Collections.unmodifiableSortedSet(roles); }