cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From du...@apache.org
Subject [07/20] Add SSL Support
Date Sat, 31 Aug 2013 21:11:52 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java
index 073edda..f522503 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUserManager.java
@@ -30,76 +30,94 @@ import javax.naming.directory.SearchResult;
 
 public class LdapUserManager {
 
-    @Inject
-    private LdapConfiguration _ldapConfiguration;
+	@Inject
+	private LdapConfiguration _ldapConfiguration;
 
-    public LdapUserManager() {
-    }
-
-    public LdapUserManager(final LdapConfiguration ldapConfiguration) {
-        _ldapConfiguration = ldapConfiguration;
-    }
-
-    private LdapUser createUser(final SearchResult result) throws NamingException {
-        final Attributes attributes = result.getAttributes();
-
-        final String username = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getUsernameAttribute());
-        final String email = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getEmailAttribute());
-        final String firstname = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getFirstnameAttribute());
-        final String lastname = LdapUtils.getAttributeValue(attributes, _ldapConfiguration.getLastnameAttribute());
-        final String principal = result.getName() + "," + _ldapConfiguration.getBaseDn();
-
-        return new LdapUser(username, email, firstname, lastname, principal);
-    }
-
-    public LdapUser getUser(final String username, final DirContext context) throws NamingException
{
-        final NamingEnumeration<SearchResult> result = searchUsers(username, context);
-        if (result.hasMoreElements()) {
-            return createUser(result.nextElement());
-        } else {
-            throw new NamingException("No user found for username " + username);
-        }
-    }
-
-    public List<LdapUser> getUsers(final DirContext context) throws NamingException
{
-        return getUsers(null, context);
-    }
+	public LdapUserManager() {
+	}
 
-    public List<LdapUser> getUsers(final String username, final DirContext context)
throws NamingException {
-        final NamingEnumeration<SearchResult> results = searchUsers(username, context);
+	public LdapUserManager(final LdapConfiguration ldapConfiguration) {
+		_ldapConfiguration = ldapConfiguration;
+	}
 
-        final List<LdapUser> users = new ArrayList<LdapUser>();
+	private LdapUser createUser(final SearchResult result)
+			throws NamingException {
+		final Attributes attributes = result.getAttributes();
+
+		final String username = LdapUtils.getAttributeValue(attributes,
+				_ldapConfiguration.getUsernameAttribute());
+		final String email = LdapUtils.getAttributeValue(attributes,
+				_ldapConfiguration.getEmailAttribute());
+		final String firstname = LdapUtils.getAttributeValue(attributes,
+				_ldapConfiguration.getFirstnameAttribute());
+		final String lastname = LdapUtils.getAttributeValue(attributes,
+				_ldapConfiguration.getLastnameAttribute());
+		final String principal = result.getName() + ","
+				+ _ldapConfiguration.getBaseDn();
+
+		return new LdapUser(username, email, firstname, lastname, principal);
+	}
 
-        while (results.hasMoreElements()) {
-            final SearchResult result = results.nextElement();
-            users.add(createUser(result));
-        }
+	public LdapUser getUser(final String username, final DirContext context)
+			throws NamingException {
+		final NamingEnumeration<SearchResult> result = searchUsers(username,
+				context);
+		if (result.hasMoreElements()) {
+			return createUser(result.nextElement());
+		} else {
+			throw new NamingException("No user found for username " + username);
+		}
+	}
 
-        Collections.sort(users);
+	public List<LdapUser> getUsers(final DirContext context)
+			throws NamingException {
+		return getUsers(null, context);
+	}
 
-        return users;
-    }
+	public List<LdapUser> getUsers(final String username,
+			final DirContext context) throws NamingException {
+		final NamingEnumeration<SearchResult> results = searchUsers(username,
+				context);
 
-    public NamingEnumeration<SearchResult> searchUsers(final DirContext context) throws
NamingException {
-        return searchUsers(null, context);
-    }
+		final List<LdapUser> users = new ArrayList<LdapUser>();
 
-    public NamingEnumeration<SearchResult> searchUsers(final String username, final
DirContext context) throws NamingException {
-        final SearchControls controls = new SearchControls();
+		while (results.hasMoreElements()) {
+			final SearchResult result = results.nextElement();
+			users.add(createUser(result));
+		}
 
-        controls.setSearchScope(_ldapConfiguration.getScope());
-        controls.setReturningAttributes(_ldapConfiguration.getReturnAttributes());
+		Collections.sort(users);
 
-	final String userObjectFilter = "(objectClass=" + _ldapConfiguration.getUserObject() + ")";
-	final String usernameFilter = "(" + _ldapConfiguration.getUsernameAttribute() + "=" + (username
== null ? "*" : username) + ")";
-	String memberOfFilter = "";
-	if(_ldapConfiguration.getSearchGroupPrinciple() != null) {
-	    memberOfFilter = "(memberof=" + _ldapConfiguration.getSearchGroupPrinciple() + ")";
+		return users;
 	}
 
+	public NamingEnumeration<SearchResult> searchUsers(final DirContext context)
+			throws NamingException {
+		return searchUsers(null, context);
+	}
 
-	final String filter = "(&" + userObjectFilter + usernameFilter + memberOfFilter + ")";
-
-        return context.search(_ldapConfiguration.getBaseDn(), filter, controls);
-    }
+	public NamingEnumeration<SearchResult> searchUsers(final String username,
+			final DirContext context) throws NamingException {
+		final SearchControls controls = new SearchControls();
+
+		controls.setSearchScope(_ldapConfiguration.getScope());
+		controls.setReturningAttributes(_ldapConfiguration
+				.getReturnAttributes());
+
+		final String userObjectFilter = "(objectClass="
+				+ _ldapConfiguration.getUserObject() + ")";
+		final String usernameFilter = "("
+				+ _ldapConfiguration.getUsernameAttribute() + "="
+				+ (username == null ? "*" : username) + ")";
+		String memberOfFilter = "";
+		if (_ldapConfiguration.getSearchGroupPrinciple() != null) {
+			memberOfFilter = "(memberof="
+					+ _ldapConfiguration.getSearchGroupPrinciple() + ")";
+		}
+
+		final String filter = "(&" + userObjectFilter + usernameFilter
+				+ memberOfFilter + ")";
+
+		return context.search(_ldapConfiguration.getBaseDn(), filter, controls);
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java
index 8e7e93e..ff8c88c 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/LdapUtils.java
@@ -21,41 +21,42 @@ import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 
 public final class LdapUtils {
-    public static String escapeLDAPSearchFilter(final String filter) {
-        final StringBuilder sb = new StringBuilder();
-        for (char character : filter.toCharArray()) {
-            switch (character) {
-            case '\\':
-                sb.append("\\5c");
-                break;
-            case '*':
-                sb.append("\\2a");
-                break;
-            case '(':
-                sb.append("\\28");
-                break;
-            case ')':
-                sb.append("\\29");
-                break;
-            case '\u0000':
-                sb.append("\\00");
-                break;
-            default:
-                sb.append(character);
-            }
-        }
-        return sb.toString();
-    }
+	public static String escapeLDAPSearchFilter(final String filter) {
+		final StringBuilder sb = new StringBuilder();
+		for (char character : filter.toCharArray()) {
+			switch (character) {
+			case '\\':
+				sb.append("\\5c");
+				break;
+			case '*':
+				sb.append("\\2a");
+				break;
+			case '(':
+				sb.append("\\28");
+				break;
+			case ')':
+				sb.append("\\29");
+				break;
+			case '\u0000':
+				sb.append("\\00");
+				break;
+			default:
+				sb.append(character);
+			}
+		}
+		return sb.toString();
+	}
 
-    public static String getAttributeValue(final Attributes attributes, final String attributeName)
throws NamingException {
-        final Attribute attribute = attributes.get(attributeName);
-        if (attribute != null) {
-            final Object value = attribute.get();
-            return String.valueOf(value);
-        }
-        return null;
-    }
+	public static String getAttributeValue(final Attributes attributes,
+			final String attributeName) throws NamingException {
+		final Attribute attribute = attributes.get(attributeName);
+		if (attribute != null) {
+			final Object value = attribute.get();
+			return String.valueOf(value);
+		}
+		return null;
+	}
 
-    private LdapUtils() {
-    }
+	private LdapUtils() {
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java
index 0f510c3..d7a3744 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoLdapUserMatchingQueryException.java
@@ -17,16 +17,16 @@
 package org.apache.cloudstack.ldap;
 
 public class NoLdapUserMatchingQueryException extends Exception {
-    private static final long serialVersionUID = 7124360347208388174L;
+	private static final long serialVersionUID = 7124360347208388174L;
 
-    private final String query;
+	private final String query;
 
-    public NoLdapUserMatchingQueryException(final String query) {
-        super("No users matching: " + query);
-        this.query = query;
-    }
+	public NoLdapUserMatchingQueryException(final String query) {
+		super("No users matching: " + query);
+		this.query = query;
+	}
 
-    public String getQuery() {
-        return query;
-    }
+	public String getQuery() {
+		return query;
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java
index d9bf13f..91279ae 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/NoSuchLdapUserException.java
@@ -17,15 +17,15 @@
 package org.apache.cloudstack.ldap;
 
 public class NoSuchLdapUserException extends Exception {
-    private static final long serialVersionUID = 6782938919658010900L;
-    private final String username;
+	private static final long serialVersionUID = 6782938919658010900L;
+	private final String username;
 
-    public NoSuchLdapUserException(final String username) {
-        super("No such user: " + username);
-        this.username = username;
-    }
+	public NoSuchLdapUserException(final String username) {
+		super("No such user: " + username);
+		this.username = username;
+	}
 
-    public String getUsername() {
-        return username;
-    }
+	public String getUsername() {
+		return username;
+	}
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java
index a2d5e65..f74bb9c 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDao.java
@@ -23,8 +23,10 @@ import org.apache.cloudstack.ldap.LdapConfigurationVO;
 import com.cloud.utils.Pair;
 import com.cloud.utils.db.GenericDao;
 
-public interface LdapConfigurationDao extends GenericDao<LdapConfigurationVO, Long>
{
-    LdapConfigurationVO findByHostname(String hostname);
+public interface LdapConfigurationDao extends
+		GenericDao<LdapConfigurationVO, Long> {
+	LdapConfigurationVO findByHostname(String hostname);
 
-    Pair<List<LdapConfigurationVO>, Integer> searchConfigurations(String hostname,
int port);
+	Pair<List<LdapConfigurationVO>, Integer> searchConfigurations(
+			String hostname, int port);
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java
b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java
index 0f2a015..862206d 100644
--- a/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java
+++ b/plugins/user-authenticators/ldap/src/org/apache/cloudstack/ldap/dao/LdapConfigurationDaoImpl.java
@@ -20,9 +20,8 @@ import java.util.List;
 
 import javax.ejb.Local;
 
-import org.springframework.stereotype.Component;
-
 import org.apache.cloudstack.ldap.LdapConfigurationVO;
+import org.springframework.stereotype.Component;
 
 import com.cloud.utils.Pair;
 import com.cloud.utils.db.GenericDaoBase;
@@ -31,36 +30,43 @@ import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.db.SearchCriteria.Op;
 
 @Component
-@Local(value = {LdapConfigurationDao.class})
-public class LdapConfigurationDaoImpl extends GenericDaoBase<LdapConfigurationVO, Long>
implements LdapConfigurationDao {
-    private final SearchBuilder<LdapConfigurationVO> hostnameSearch;
-    private final SearchBuilder<LdapConfigurationVO> listAllConfigurationsSearch;
+@Local(value = { LdapConfigurationDao.class })
+public class LdapConfigurationDaoImpl extends
+		GenericDaoBase<LdapConfigurationVO, Long> implements
+		LdapConfigurationDao {
+	private final SearchBuilder<LdapConfigurationVO> hostnameSearch;
+	private final SearchBuilder<LdapConfigurationVO> listAllConfigurationsSearch;
 
-    public LdapConfigurationDaoImpl() {
-        super();
-        hostnameSearch = createSearchBuilder();
-        hostnameSearch.and("hostname", hostnameSearch.entity().getHostname(), SearchCriteria.Op.EQ);
-        hostnameSearch.done();
+	public LdapConfigurationDaoImpl() {
+		super();
+		hostnameSearch = createSearchBuilder();
+		hostnameSearch.and("hostname", hostnameSearch.entity().getHostname(),
+				SearchCriteria.Op.EQ);
+		hostnameSearch.done();
 
-        listAllConfigurationsSearch = createSearchBuilder();
-        listAllConfigurationsSearch.and("hostname", listAllConfigurationsSearch.entity().getHostname(),
Op.EQ);
-        listAllConfigurationsSearch.and("port", listAllConfigurationsSearch.entity().getPort(),
Op.EQ);
-        listAllConfigurationsSearch.done();
-    }
+		listAllConfigurationsSearch = createSearchBuilder();
+		listAllConfigurationsSearch.and("hostname", listAllConfigurationsSearch
+				.entity().getHostname(), Op.EQ);
+		listAllConfigurationsSearch.and("port", listAllConfigurationsSearch
+				.entity().getPort(), Op.EQ);
+		listAllConfigurationsSearch.done();
+	}
 
-    @Override
-    public LdapConfigurationVO findByHostname(final String hostname) {
-        final SearchCriteria<LdapConfigurationVO> sc = hostnameSearch.create();
-        sc.setParameters("hostname", hostname);
-        return findOneBy(sc);
-    }
+	@Override
+	public LdapConfigurationVO findByHostname(final String hostname) {
+		final SearchCriteria<LdapConfigurationVO> sc = hostnameSearch.create();
+		sc.setParameters("hostname", hostname);
+		return findOneBy(sc);
+	}
 
-    @Override
-    public Pair<List<LdapConfigurationVO>, Integer> searchConfigurations(final
String hostname, final int port) {
-        final SearchCriteria<LdapConfigurationVO> sc = listAllConfigurationsSearch.create();
-        if (hostname != null) {
-            sc.setParameters("hostname", hostname);
-        }
-        return searchAndCount(sc, null);
-    }
+	@Override
+	public Pair<List<LdapConfigurationVO>, Integer> searchConfigurations(
+			final String hostname, final int port) {
+		final SearchCriteria<LdapConfigurationVO> sc = listAllConfigurationsSearch
+				.create();
+		if (hostname != null) {
+			sc.setParameters("hostname", hostname);
+		}
+		return searchAndCount(sc, null);
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/server/src/com/cloud/configuration/Config.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index 91bcbf5..bc60d6c 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -434,6 +434,9 @@ public enum Config {
     LdapUsernameAttribute("Advanced", ManagementServer.class, String.class, "ldap.username.attribute",
"uid", "Sets the username attribute used within LDAP", null),
     LdapUserObject("Advanced", ManagementServer.class, String.class, "ldap.user.object",
"inetOrgPerson", "Sets the object type of users within LDAP", null),
     LdapSearchGroupPrinciple("Advanced", ManagementServer.class, String.class, "ldap.search.group.principle",
null, "Sets the principle of the group that users must be a member of", null),
+    LdapSSLEnabled("Advanced", ManagementServer.class, String.class, "ldap.ssl.enabled",
"false", "Enables/Disables SSL support for LDAP", null),
+    LdapTrustStore("Advanced", ManagementServer.class, String.class, "ldap.truststore", null,
"Sets the path to the truststore to use for SSL", null),
+    LdapTrustStorePassword("Advanced", ManagementServer.class, String.class, "ldap.truststore.password",
null, "Sets the password for the truststore", null),
 
 	// VMSnapshots
     VMSnapshotMax("Advanced", VMSnapshotManager.class, Integer.class, "vmsnapshot.max", "10",
"Maximum vm snapshots for a vm", null),

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/00c17add/setup/db/db/schema-410to420.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-410to420.sql b/setup/db/db/schema-410to420.sql
index 9792991..5277258 100644
--- a/setup/db/db/schema-410to420.sql
+++ b/setup/db/db/schema-410to420.sql
@@ -2151,6 +2151,9 @@ INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT',
'manag
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP');
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.basedn', NULL, 'Sets the basedn for LDAP');
 INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a
member of');
+INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.ssl.enabled', 'false', 'Enables/Disables SSL support for LDAP');
+INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.truststore', NULL, 'Sets the path to the truststore to use for LDAP SSL');
+INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server',
'ldap.truststore.password', NULL, 'Sets the password for the truststore');
 
 
 CREATE TABLE `cloud`.`ldap_configuration` (


Mime
View raw message