karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4496) UserPrincipal lookup in the JAAS' BackingEngine
Date Wed, 07 Feb 2018 09:47:00 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16355220#comment-16355220
] 

ASF GitHub Bot commented on KARAF-4496:
---------------------------------------

jbonofre closed pull request #441: [KARAF-4496] Add lookupUser(username) method in JAAS backing
engines
URL: https://github.com/apache/karaf/pull/441
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
index 8638ee6d10..b5d7275a18 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/BackingEngine.java
@@ -48,6 +48,14 @@
      */
     List<UserPrincipal> listUsers();
 
+    /**
+     * Retrieve the {@link UserPrincipal} corresponding to an username, or {@code null} if
user doesn't exist.
+     *
+     * @param username The username.
+     * @return The {@link UserPrincipal} or {@code null}.
+     */
+    UserPrincipal lookupUser(String username);
+
     /**
      * List groups that a user is member of.
      *
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCBackingEngine.java
index 420d549f79..a21bce46bc 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCBackingEngine.java
@@ -46,6 +46,7 @@
     private String deleteAllUserRolesStatement = "DELETE FROM ROLES WHERE USERNAME=?";
     private String deleteUserStatement = "DELETE FROM USERS WHERE USERNAME=?";
     private String selectUsersQuery = "SELECT USERNAME FROM USERS";
+    private String selectUserQuery = "SELECT USERNAME FROM USERS WHERE USERNAME=?";
     private String selectRolesQuery = "SELECT ROLE FROM ROLES WHERE USERNAME=?";
 
     public JDBCBackingEngine(DataSource dataSource) {
@@ -118,6 +119,21 @@ public void deleteUser(String username) {
         }
     }
 
+    @Override
+    public UserPrincipal lookupUser(String username) {
+        try {
+            try (Connection connection = dataSource.getConnection()) {
+                List<String> names = rawSelect(connection, selectUserQuery, username);
+                if (names.size() == 0) {
+                    return null;
+                }
+                return new UserPrincipal(username);
+            }
+        } catch (SQLException e) {
+            throw new RuntimeException("Error getting user", e);
+        }
+    }
+
     /**
      * List the roles of the <code>principal</code>.
      *
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
index 4ee865e20f..90daf5dc2c 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
@@ -62,6 +62,37 @@ public void deleteUser(String username) {
         throw new UnsupportedOperationException("Deleting a user is not supporting in LDAP");
     }
 
+    @Override
+    public UserPrincipal lookupUser(String username) {
+        DirContext context = null;
+        try {
+            context = cache.open();
+
+            SearchControls controls = new SearchControls();
+            if (options.getUserSearchSubtree()) {
+                controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+            } else {
+                controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+            }
+
+            String filter = options.getUserFilter();
+            filter = filter.replaceAll(Pattern.quote("%u"), username);
+            filter = filter.replace("\\", "\\\\");
+
+            LOGGER.debug("Looking for user {} in LDAP with", username);
+            LOGGER.debug("   base DN: {}", options.getUserBaseDn());
+            LOGGER.debug("   filter: {}", filter);
+
+            NamingEnumeration<SearchResult> namingEnumeration = context.search(options.getUserBaseDn(),
filter, controls);
+            if (namingEnumeration.hasMore()) {
+                return new UserPrincipal(username);
+            }
+        } catch (NamingException e) {
+            throw new RuntimeException(e);
+        }
+        return null;
+    }
+
     @Override
     public List<UserPrincipal> listUsers() {
         DirContext context = null;
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
index 7ad3dcb4d3..260ffb1707 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngine.java
@@ -115,6 +115,16 @@ public void deleteUser(String username) {
         return result;
     }
 
+    @Override
+    public UserPrincipal lookupUser(String username) {
+        for (UserPrincipal userPrincipal : listUsers()) {
+            if (userPrincipal.getName().equals(username)) {
+                return userPrincipal;
+            }
+        }
+        return null;
+    }
+
     @Override
     public List<RolePrincipal> listRoles(Principal principal) {
         String userName = principal.getName();
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngine.java
index fcbe41cfc9..44b2ad721a 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngine.java
@@ -108,6 +108,16 @@ public void deleteUser(String username) {
         return result;
     }
 
+    @Override
+    public UserPrincipal lookupUser(String username) {
+        for (UserPrincipal userPrincipal : listUsers()) {
+            if (userPrincipal.getName().equals(username)) {
+                return userPrincipal;
+            }
+        }
+        return null;
+    }
+
     @Override
     public List<RolePrincipal> listRoles(Principal principal) {
         String userName = principal.getName();
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
index 5553b8561d..317ba9315e 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
@@ -186,6 +186,45 @@ public void deleteUser(String username) {
         return users;
     }
 
+    @Override
+    public UserPrincipal lookupUser(String username) {
+        if (version2) {
+            return lookupUserSyncope2(username);
+        } else {
+            return lookupUserSyncope1(username);
+        }
+    }
+
+    private UserPrincipal lookupUserSyncope1(String username) {
+        HttpGet request = new HttpGet(address + "/users?username=" + username);
+        request.setHeader("Content-Type", "application/xml");
+        try {
+            HttpResponse response = client.execute(request);
+            String responseTO = EntityUtils.toString(response.getEntity());
+            if (responseTO != null && !responseTO.isEmpty()) {
+                return new UserPrincipal(username);
+            }
+        } catch (Exception e) {
+            throw new RuntimeException("Error getting user", e);
+        }
+        return null;
+    }
+
+    private UserPrincipal lookupUserSyncope2(String username) {
+        HttpGet request = new HttpGet(address + "/users/" + username);
+        request.setHeader("Content-Type", "application/json");
+        try {
+            HttpResponse httpResponse = client.execute(request);
+            String response = EntityUtils.toString(httpResponse.getEntity());
+            if (response != null && !response.isEmpty()) {
+                return new UserPrincipal(username);
+            }
+        } catch (Exception e) {
+            throw new RuntimeException("Error getting user", e);
+        }
+        return null;
+    }
+
     public List<RolePrincipal> listRoles(Principal principal) {
         if (version2) {
             return listRolesSyncope2(principal);
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
index 66eebb6c28..009602b602 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java
@@ -38,6 +38,7 @@
 import static org.easymock.EasyMock.expect;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
 public class JdbcLoginModuleTest {
@@ -148,6 +149,9 @@ public void testEngine() throws Exception {
         assertTrue(engine.listRoles(group1).isEmpty());
         assertTrue(engine.listGroups(user).isEmpty());
 
+        assertNotNull(engine.lookupUser("abc"));
+        assertEquals("abc", engine.lookupUser("abc").getName());
+
         engine.addRole("abc", "role1");
         assertTrue(engine.listUsers().contains(user));
         assertTrue(engine.listRoles(user).contains(role1));
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngineTest.java
b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngineTest.java
index c1360d67ba..1cb6a28fa8 100644
--- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngineTest.java
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/properties/PropertiesBackingEngineTest.java
@@ -19,6 +19,7 @@
 import static org.apache.karaf.jaas.modules.PrincipalHelper.names;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
 
 import java.io.File;
@@ -68,6 +69,9 @@ public void testUserRoles() throws IOException {
 
         checkLoading();
 
+        assertNotNull(engine.lookupUser("a"));
+        assertEquals("a", engine.lookupUser("a").getName());
+
         // removing some stuff
         UserPrincipal upb = getUser(engine, "b");
         assertEquals(1, engine.listGroups(upa).size());


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> UserPrincipal lookup in the JAAS' BackingEngine
> -----------------------------------------------
>
>                 Key: KARAF-4496
>                 URL: https://issues.apache.org/jira/browse/KARAF-4496
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-security
>            Reporter: Yurii Rashkovskii
>            Assignee: Jean-Baptiste Onofré
>            Priority: Minor
>              Labels: jaas
>             Fix For: 4.2.0, 4.1.5
>
>
> I have a suggestion for improving org.apache.karaf.jaas.modules.BackingEngine
> Currently, the only way to lookup an individual user (as far as I can tell) is to iterate
through the result of BackingEngine#listUsers() and find the required user. This is fine if
the number of users is reasonably low. However, when JAAS infrastructure is used for public
systems (say, a SaaS), it quickly becomes a bottleneck.
> I suggest adding something like `public UserPrincipal lookupUser(String name)` to avoid
this problem (also, it should return `null` if no such user found , or throw an exception)
> I am happy to contribute a PR promptly if this change will be approved.
> Thoughts?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message