brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [1/2] incubator-brooklyn git commit: LDAP Domain Component
Date Fri, 31 Jul 2015 11:35:56 GMT
Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master d90a8bf07 -> e206168af


LDAP Domain Component


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/8d4baaa0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/8d4baaa0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/8d4baaa0

Branch: refs/heads/master
Commit: 8d4baaa076f4a4506e02fefc6cd97da10cc64af7
Parents: 906ea25
Author: Valentin Aitken <valentin.aitken@cloudsoftcorp.com>
Authored: Thu Jul 30 20:53:16 2015 +0300
Committer: Valentin Aitken <valentin.aitken@cloudsoftcorp.com>
Committed: Thu Jul 30 20:53:16 2015 +0300

----------------------------------------------------------------------
 .../java/brooklyn/rest/BrooklynWebConfig.java   |  3 ++
 .../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
index 4443b00..294fd18 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
@@ -66,6 +66,9 @@ public class BrooklynWebConfig {
     public final static ConfigKey<String> LDAP_REALM = ConfigKeys.newStringConfigKey(
             BASE_NAME_SECURITY+".ldap.realm");
 
+    public final static ConfigKey<String> LDAP_OU = ConfigKeys.newStringConfigKey(
+            BASE_NAME_SECURITY+"ldap.ou");
+
     public final static ConfigKey<Boolean> HTTPS_REQUIRED = ConfigKeys.newBooleanConfigKey(
             BASE_NAME+".security.https.required",
             "Whether HTTPS is required; false here can be overridden by CLI option", false);


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
index a9fa453..c8c10a1 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -35,6 +35,12 @@ import brooklyn.management.ManagementContext;
 import brooklyn.rest.BrooklynWebConfig;
 import brooklyn.util.exceptions.Exceptions;
 import brooklyn.util.text.Strings;
+import com.google.common.base.Function;
+import com.google.common.base.Joiner;
+import com.google.common.collect.Lists;
+
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * A {@link SecurityProvider} implementation that relies on LDAP to authenticate.
@@ -49,6 +55,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements
Se
 
     private final String ldapUrl;
     private final String ldapRealm;
+    private final String organizationUnit;
 
     public LdapSecurityProvider(ManagementContext mgmt) {
         StringConfigMap properties = mgmt.getConfig();
@@ -56,11 +63,20 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements
Se
         Strings.checkNonEmpty(ldapUrl, "LDAP security provider configuration missing required
property "+BrooklynWebConfig.LDAP_URL);
         ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_REALM));
         Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required
property "+BrooklynWebConfig.LDAP_REALM);
+
+        if(Strings.isBlank(properties.getConfig(BrooklynWebConfig.LDAP_OU))) {
+            LOG.info("Setting LDAP ou attribute to: Users");
+            organizationUnit = "Users";
+        } else {
+            organizationUnit = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_OU));
+        }
+        Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required
property "+BrooklynWebConfig.LDAP_OU);
     }
 
-    public LdapSecurityProvider(String ldapUrl, String ldapRealm) {
+    public LdapSecurityProvider(String ldapUrl, String ldapRealm, String organizationUnit)
{
         this.ldapUrl = ldapUrl;
         this.ldapRealm = ldapRealm;
+        this.organizationUnit = organizationUnit;
     }
 
     @SuppressWarnings({ "rawtypes", "unchecked" })
@@ -68,7 +84,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements
Se
     public boolean authenticate(HttpSession session, String user, String password) {
         if (session==null || user==null) return false;
         checkCanLoad();
-        
+
         Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, ldapUrl);
@@ -85,7 +101,15 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements
Se
     }
 
     private String getUserDN(String user) {
-        return "cn=" + user + "," + ldapRealm;
+        List<String> domain = Lists.transform(Arrays.asList(ldapRealm.split("\\.")),
new Function<String, String>() {
+            @Override
+            public String apply(String input) {
+                return "dc=" + input;
+            }
+        });
+
+        String dc = Joiner.on(",").join(domain).toLowerCase();
+        return "cn=" + user + ",ou=" + organizationUnit + "," + dc;
     }
 
     static boolean triedLoading = false;


Mime
View raw message