karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [3/7] git commit: Add Syncope backend engine support
Date Thu, 14 Aug 2014 19:50:38 GMT
Add Syncope backend engine support


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b050fe28
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b050fe28
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b050fe28

Branch: refs/heads/master
Commit: b050fe28c1604c457257dcd8cbea52b428eee4d1
Parents: 972a14d
Author: Jean-Baptiste Onofré <jbonofre@apache.org>
Authored: Wed Aug 13 13:50:58 2014 +0200
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Wed Aug 13 13:50:58 2014 +0200

----------------------------------------------------------------------
 jaas/modules/pom.xml                            |  11 +-
 .../modules/syncope/SyncopeBackingEngine.java   | 127 +++++++++++++++++++
 .../syncope/SyncopeBackingEngineFactory.java    |  51 ++++++++
 .../modules/syncope/SyncopeLoginModule.java     |  67 ++++++++--
 .../modules/syncope/SyncopeLoginModuleTest.java | 105 +++++++++++++++
 5 files changed, 343 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/pom.xml
----------------------------------------------------------------------
diff --git a/jaas/modules/pom.xml b/jaas/modules/pom.xml
index a6c15f0..2c6d01c 100644
--- a/jaas/modules/pom.xml
+++ b/jaas/modules/pom.xml
@@ -96,7 +96,8 @@
 
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient-osgi</artifactId>
+            <artifactId>httpclient</artifactId>
+            <scope>provided</scope>
             <version>4.3.5</version>
         </dependency>
 
@@ -150,16 +151,16 @@
                             javax.net,
                             org.apache.karaf.jaas.config,
                             org.osgi.service.event;resolution:=optional,
-                            net.sf.ehcache*;resolution:=optional,
-                            net.spy.memcached*;resolution:=optional,
-                            org.apache.commons.codec*;resolution:=optional,
+                            !net.sf.ehcache*,
+                            !net.spy.memcached*,
                             *
                         </Import-Package>
                         <Private-Package>
                             org.apache.karaf.jaas.modules.impl,
                             org.apache.felix.utils.properties,
                             org.apache.karaf.util.tracker,
-                            org.apache.http*
+                            org.apache.http*,
+                            org.apache.commons.codec*
                         </Private-Package>
                         <Bundle-Activator>
                             org.apache.karaf.jaas.modules.impl.Activator

http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
new file mode 100644
index 0000000..bec9dc9
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+public class SyncopeBackingEngine implements BackingEngine {
+
+    private final Logger logger = LoggerFactory.getLogger(SyncopeBackingEngine.class);
+
+    private String address;
+
+    private DefaultHttpClient client;
+
+    public SyncopeBackingEngine(String address, String adminUser, String adminPassword) {
+        this.address = address;
+
+        client = new DefaultHttpClient();
+        Credentials creds = new UsernamePasswordCredentials(adminUser, adminPassword);
+        client.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
+    }
+
+    public void addUser(String username, String password) {
+        if (username.startsWith(GROUP_PREFIX)) {
+            throw new IllegalArgumentException("Group prefix " + GROUP_PREFIX + " not permitted
with Syncope backend");
+        }
+        HttpPost request = new HttpPost(address + "/users");
+    }
+
+    public void deleteUser(String username) {
+        if (username.startsWith(GROUP_PREFIX)) {
+            throw new IllegalArgumentException("Group prefix " + GROUP_PREFIX + " not permitted
with Syncope backend");
+        }
+        HttpDelete request = new HttpDelete(address + "/users/" + username);
+        try {
+            HttpResponse response = client.execute(request);
+            logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+            logger.warn(EntityUtils.toString(response.getEntity()));
+        } catch (Exception e) {
+            throw new RuntimeException("Error deleting user", e);
+        }
+    }
+
+    public List<UserPrincipal> listUsers() {
+        HttpGet request = new HttpGet(address + "/users");
+        try {
+            HttpResponse response = client.execute(request);
+            logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+            logger.warn(EntityUtils.toString(response.getEntity()));
+        } catch (Exception e) {
+            throw new RuntimeException("Error listing user", e);
+        }
+        return new ArrayList<UserPrincipal>();
+    }
+
+    public List<RolePrincipal> listRoles(Principal principal) {
+        HttpGet request = new HttpGet(address + "/users/" + principal.getName());
+        try {
+            HttpResponse response  = client.execute(request);
+            logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+            logger.warn(EntityUtils.toString(response.getEntity()));
+        } catch (Exception e) {
+            throw new RuntimeException("Error listing roles", e);
+        }
+        return new ArrayList<RolePrincipal>();
+    }
+
+    public void addRole(String username, String role) {
+
+    }
+
+    public void deleteRole(String username, String role) {
+
+    }
+
+    public List<GroupPrincipal> listGroups(UserPrincipal principal) {
+        return new ArrayList<GroupPrincipal>();
+    }
+
+    public void addGroup(String username, String group) {
+
+    }
+
+    public void deleteGroup(String username, String group) {
+
+    }
+
+    public void addGroupRole(String group, String role) {
+
+    }
+
+    public void deleteGroupRole(String group, String role) {
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
new file mode 100644
index 0000000..f3a85a5
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.apache.karaf.jaas.modules.BackingEngineFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+public class SyncopeBackingEngineFactory implements BackingEngineFactory {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(SyncopeBackingEngineFactory.class);
+
+    public BackingEngine build(Map<String, ?> options) {
+        SyncopeBackingEngine instance = null;
+        String address = (String) options.get(SyncopeLoginModule.ADDRESS);
+        String adminUser = (String) options.get(SyncopeLoginModule.ADMIN_USER);
+        String adminPassword = (String) options.get(SyncopeLoginModule.ADMIN_PASSWORD);
+
+        try {
+            instance = new SyncopeBackingEngine(address, adminUser, adminPassword);
+        } catch (Exception e) {
+            LOGGER.error("Error creating the Syncope backing engine", e);
+        }
+
+        return instance;
+    }
+
+    /**
+     * Returns the login module class, that this factory can build.
+     */
+    public String getModuleClass() {
+        return SyncopeLoginModule.class.getName();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
index cdc3f30..582ddda 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
@@ -16,14 +16,14 @@ package org.apache.karaf.jaas.modules.syncope;
 
 import org.apache.http.HttpStatus;
 import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
 import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.CredentialsProvider;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
 import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,6 +43,8 @@ public class SyncopeLoginModule extends AbstractKarafLoginModule {
     private final static Logger LOGGER = LoggerFactory.getLogger(SyncopeLoginModule.class);
 
     public final static String ADDRESS = "address";
+    public final static String ADMIN_USER = "admin.user"; // for the backing engine
+    public final static String ADMIN_PASSWORD = "admin.password"; // for the backing engine
 
     private String address;
 
@@ -75,29 +77,68 @@ public class SyncopeLoginModule extends AbstractKarafLoginModule {
 
         // authenticate the user on Syncope
         LOGGER.debug("Authenticate user {} on Syncope located {}", user, address);
-        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user,
password));
-        CloseableHttpClient client = HttpClients.createDefault();
-        HttpClientContext context = HttpClientContext.create();
-        context.setCredentialsProvider(credentialsProvider);
+        DefaultHttpClient client = new DefaultHttpClient();
+        Credentials creds = new UsernamePasswordCredentials(user, password);
+        client.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
         HttpGet get = new HttpGet(address + "/users/self");
+        List<String> roles = new ArrayList<String>();
         try {
-            CloseableHttpResponse response = client.execute(get, context);
-            LOGGER.info("Response: " + response.getStatusLine().getStatusCode());
+            CloseableHttpResponse response = client.execute(get);
+            LOGGER.debug("Syncope HTTP response status code: {}", response.getStatusLine().getStatusCode());
             if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
                 LOGGER.warn("User {} not authenticated", user);
                 return false;
             }
+            LOGGER.debug("User {} authenticated", user);
+            LOGGER.debug("Populating principals with user");
+            principals.add(new UserPrincipal(user));
+            LOGGER.debug("Retrieving user {} roles", user);
+            roles = extractingRoles(EntityUtils.toString(response.getEntity()));
         } catch (Exception e) {
             LOGGER.error("User {} authentication failed", user, e);
             throw new LoginException("User " + user + " authentication failed: " + e.getMessage());
         }
 
-        LOGGER.warn("User {} authenticated", user);
+        LOGGER.debug("Populating principals with roles");
+        for (String role : roles) {
+            principals.add(new RolePrincipal(role));
+        }
 
         return true;
     }
 
+    /**
+     * Extract the user roles from the Syncope entity response.
+     *
+     * @param response the HTTP response from Syncope.
+     * @return the list of user roles.
+     * @throws Exception in case of extraction failure.
+     */
+    protected List<String> extractingRoles(String response) throws Exception {
+        List<String> roles = new ArrayList<String>();
+        // extract the <memberships> element
+        int index = response.indexOf("<memberships>");
+        response = response.substring(index + "<memberships>".length());
+        index = response.indexOf("</memberships>");
+        response = response.substring(0, index);
+
+        // looking for the roleName elements
+        index = response.indexOf("<roleName>");
+        while (index != -1) {
+            response = response.substring(index + "<roleName>".length());
+            int end = response.indexOf("</roleName>");
+            if (end == -1) {
+                index = -1;
+            }
+            String role = response.substring(0, end);
+            roles.add(role);
+            response = response.substring(end + "</roleName>".length());
+            index = response.indexOf("<roleName>");
+        }
+
+        return roles;
+    }
+
     public boolean abort() {
         return true;
     }

http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
new file mode 100644
index 0000000..eca0818
--- /dev/null
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.junit.Test;
+import org.junit.Assert;
+
+import java.util.List;
+
+public class SyncopeLoginModuleTest {
+
+    @Test
+    public void testRolesExtraction() throws Exception {
+        String syncopeResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n"
+
+                "<user>\n" +
+                "    <attributes>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>cool</schema>\n" +
+                "            <value>false</value>\n" +
+                "        </attribute>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>email</schema>\n" +
+                "            <value>karaf@example.net</value>\n" +
+                "        </attribute>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>fullname</schema>\n" +
+                "            <value>karaf</value>\n" +
+                "        </attribute>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>gender</schema>\n" +
+                "            <value>M</value>\n" +
+                "        </attribute>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>surname</schema>\n" +
+                "            <value>karaf</value>\n" +
+                "        </attribute>\n" +
+                "        <attribute>\n" +
+                "            <readonly>false</readonly>\n" +
+                "            <schema>userId</schema>\n" +
+                "            <value>karaf@example.net</value>\n" +
+                "        </attribute>\n" +
+                "    </attributes>\n" +
+                "    <derivedAttributes/>\n" +
+                "    <id>100</id>\n" +
+                "    <propagationStatuses/>\n" +
+                "    <resources/>\n" +
+                "    <virtualAttributes/>\n" +
+                "    <creationDate>2014-08-12T18:37:09.202+02:00</creationDate>\n"
+
+                "    <failedLogins>0</failedLogins>\n" +
+                "    <lastLoginDate>2014-08-13T09:38:02.204+02:00</lastLoginDate>\n"
+
+                "    <memberships>\n" +
+                "        <membership>\n" +
+                "            <attributes/>\n" +
+                "            <derivedAttributes/>\n" +
+                "            <id>100</id>\n" +
+                "            <propagationStatuses/>\n" +
+                "            <resources/>\n" +
+                "            <virtualAttributes/>\n" +
+                "            <resources/>\n" +
+                "            <roleId>100</roleId>\n" +
+                "            <roleName>admin</roleName>\n" +
+                "        </membership>\n" +
+                "        <membership>\n" +
+                "            <attributes/>\n" +
+                "            <derivedAttributes/>\n" +
+                "            <id>101</id>\n" +
+                "            <propagationStatuses/>\n" +
+                "            <resources/>\n" +
+                "            <virtualAttributes/>\n" +
+                "            <resources/>\n" +
+                "            <roleId>101</roleId>\n" +
+                "            <roleName>another</roleName>\n" +
+                "        </membership>\n" +
+                "    </memberships>\n" +
+                "    <password>36460D3A3C1E27C0DB2AF23344475EE712DD3C9D</password>\n"
+
+                "    <status>active</status>\n" +
+                "    <username>karaf</username>\n" +
+                "</user>\n";
+        SyncopeLoginModule syncopeLoginModule = new SyncopeLoginModule();
+        List<String> roles = syncopeLoginModule.extractingRoles(syncopeResponse);
+        Assert.assertEquals(2, roles.size());
+        Assert.assertEquals("admin", roles.get(0));
+        Assert.assertEquals("another", roles.get(1));
+    }
+
+}


Mime
View raw message