qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lqu...@apache.org
Subject svn commit: r1747192 - in /qpid/java/trunk: broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/ broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/ broker-plugins/management-http/src/main/java/r...
Date Tue, 07 Jun 2016 11:15:16 GMT
Author: lquack
Date: Tue Jun  7 11:15:16 2016
New Revision: 1747192

URL: http://svn.apache.org/viewvc?rev=1747192&view=rev
Log:
QPID-7116: [Java Broker, WMC] Improve UI for SimpleLDAP authProvider regarding group information

Modified:
    qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
    qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/add.html
    qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/css/common.css
    qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAuthenticationProvider.js
    qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/authenticationprovider/simpleldap/add.js

Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java?rev=1747192&r1=1747191&r2=1747192&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
(original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
Tue Jun  7 11:15:16 2016
@@ -320,14 +320,17 @@ public class SimpleLDAPAuthenticationMan
     @Override
     public AuthenticationResult authenticate(String username, String password)
     {
+        String nameFromId;
         try
         {
-            return doLDAPNameAuthentication(getNameFromId(username), password);
+            nameFromId = getNameFromId(username);
         }
         catch (NamingException e)
         {
+            _logger.warn("Retrieving LDAP name for user '{}' resulted in error.", username,
e);
             return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
         }
+        return doLDAPNameAuthentication(nameFromId, password);
     }
 
     private AuthenticationResult doLDAPNameAuthentication(String name, String password)
@@ -372,6 +375,7 @@ public class SimpleLDAPAuthenticationMan
         catch (NamingException e)
         {
             //Some other failure
+            _logger.warn("LDAP authentication attempt for username '{}' resulted in error.",
name, e);
             return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR,
e);
         }
         finally

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/add.html
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/add.html?rev=1747192&r1=1747191&r2=1747192&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/add.html
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/authenticationprovider/simpleldap/add.html
Tue Jun  7 11:15:16 2016
@@ -141,67 +141,95 @@
 
     <div class="formBox">
         <fieldset>
-            <legend>Group Search <span id="addAuthenticationProvider.simpleldap.groupSearchLegend"
class="infoPane"></span></legend>
+            <legend>Additional Group Information <span id="addAuthenticationProvider.simpleldap.groupSearchLegend"
class="infoPane"></span></legend>
             <div data-dojo-type="dijit/Tooltip"
                  data-dojo-props="connectId: ['addAuthenticationProvider.simpleldap.groupSearchLegend']">
                 There are two common ways of representing group membership in LDAP.<br/>
-                User entries can reference their groups or group entries can reference their
members.<br/>
-                To use the former specify group attribute name.<br/>
-                To use the latter specify search context and filter.<br/>
-                A combination of both approaches can be used.
-            </div>
-            <div class="clear">
-                <div class="formLabel-labelCell tableContainer-labelCell">Attribute
name:</div>
-                <div class="formLabel-controlCell tableContainer-valueCell">
-                    <input type="text" class="groupAttributeName"
-                           data-dojo-type="dijit/form/ValidationTextBox"
-                           data-dojo-props="
-                              name: 'groupAttributeName',
-                              placeHolder: 'groupMembership',
-                              title: 'Enter name of user entry attribute holding the group
name',
-                              promptMessage: 'The user entry attribute name holding the group
name user belongs to.'"/>
+                <ul>
+                    <li>
+                        User entries can hold membership information as attribute.<br/>
+                        To use this simply specify the name of the attrribute that holds<br/>
+                        the group information.
+                    </li>
+                    <li>
+                        Group entries can hold a list of their members as attribute.<br/>
+                        You can specify a search context and filter to find all groups<br/>
+                        that the user should be considered a member of. Typically this<br/>
+                        involves filtering groups by looking for the user's DN on a<br/>
+                        group attribute.
+                    </li>
+                </ul>
+            </div>
+            <div id="ldapGroupInfoRadioGroup">
+                <div class="clear">
+                    <input id="ldapGroupInfoRadioButtonNone" type="radio" name="groupInfo"
value="none" data-dojo-type="dijit/form/RadioButton" checked />
+                    <label for="ldapGroupInfoRadioButtonNone">No Additional Group Information
from LDAP</label>
                 </div>
-            </div>
-
-            <div class="clear">
-                <div class="formLabel-labelCell tableContainer-labelCell">Search context:</div>
-                <div class="formLabel-controlCell tableContainer-valueCell">
-                    <input type="text" class="groupSearchContext"
-                           data-dojo-type="dijit/form/ValidationTextBox"
-                           data-dojo-props="
-                                      name: 'groupSearchContext',
-                                      required: true,
-                                      placeHolder: 'dc=groups,dc=example,dc=com',
-                                      title: 'Enter group search context',
-                                      promptMessage: 'Identifies the entry that is the base
of the subtree containing groups'"/>
-                </div>
-            </div>
-            <div class="clear">
-                <div class="formLabel-labelCell tableContainer-labelCell">Search filter:</div>
-                <div class="formLabel-controlCell tableContainer-valueCell">
-                    <input type="text" class="groupSearchFilter"
-                           data-dojo-type="dijit/form/ValidationTextBox"
-                           data-dojo-props="
-                                      name: 'groupSearchFilter',
-                                      required: true,
-                                      placeHolder: '(uniquemember={0})',
-                                      title: 'Enter group search filter ',
-                                      promptMessage: 'Filter expression used to locate group
containing the authenticated user. {0} will be replaced by the user DN.'"/>
+                <div class="clear">
+                    <input id="ldapGroupInfoRadioButtonAttribute" type="radio" name="groupInfo"
value="attribute" data-dojo-type="dijit/form/RadioButton"/>
+                    <label for="ldapGroupInfoRadioButtonAttribute">Group Membership
from User Entry Attribute</label>
+                    <div class="clear radioButtonIndent" id="ldapGroupInfoRadioButtonAttributeContent">
+                        <div class="formLabel-labelCell tableContainer-labelCell">Attribute
name:</div>
+                        <div class="formLabel-controlCell tableContainer-valueCell">
+                            <input type="text" class="groupAttributeName" disabled
+                                   id="ldapGroupInfoRadioButtonAttributeContentAttrName"
+                                   data-dojo-type="dijit/form/ValidationTextBox"
+                                   data-dojo-props="
+                                  name: 'groupAttributeName',
+                                  placeHolder: 'groupMembership',
+                                  title: 'Enter name of user entry attribute holding the
group memberships',
+                                  promptMessage: 'The name of the attribute on the user entry
that<br/>holds the group membership information.'"/>
+                        </div>
+                    </div>
                 </div>
-            </div>
+                <div class="clear">
+                    <input id="ldapGroupInfoRadioButtonQuery" type="radio" name="groupInfo"
value="query" data-dojo-type="dijit/form/RadioButton"/>
+                    <label for="ldapGroupInfoRadioButtonQuery">Group Membership from
Query</label>
+                    <div class="radioButtonIndent" id="ldapGroupInfoRadioButtonQueryContent">
+                        <div class="clear">
+                            <div class="formLabel-labelCell tableContainer-labelCell">Search
context:</div>
+                            <div class="formLabel-controlCell tableContainer-valueCell">
+                                <input type="text" class="groupSearchContext" disabled
+                                       id="ldapGroupInfoRadioButtonQueryContentSearchContext"
+                                       data-dojo-type="dijit/form/ValidationTextBox"
+                                       data-dojo-props="
+                                              name: 'groupSearchContext',
+                                              placeHolder: 'dc=groups,dc=example,dc=com',
+                                              title: 'Enter group search context',
+                                              promptMessage: 'The entry that is the base
of the subtree containing groups'"/>
+                            </div>
+                        </div>
+                        <div class="clear">
+                            <div class="formLabel-labelCell tableContainer-labelCell">Search
filter:</div>
+                            <div class="formLabel-controlCell tableContainer-valueCell">
+                                <input type="text" class="groupSearchFilter" disabled
+                                       id="ldapGroupInfoRadioButtonQueryContentSearchFilter"
+                                       data-dojo-type="dijit/form/ValidationTextBox"
+                                       data-dojo-props="
+                                              name: 'groupSearchFilter',
+                                              placeHolder: '(uniquemember={0})',
+                                              title: 'Enter group search filter',
+                                              promptMessage: 'Filter expression used to locate
groups containing the user.<br/>{0} will be replaced by the user DN.'"/>
+                            </div>
+                        </div>
 
-            <div class="clear">
-                <div class="formLabel-labelCell tableContainer-labelCell">Subtree search
scope:</div>
-                <div class="formLabel-controlCell tableContainer-valueCell">
-                    <input type="text" class="groupSubtreeSearchScope" id="addAuthenticationProvider.simpleldap.groupSubtreeSearchScope"
-                           data-dojo-type="dijit/form/CheckBox"
-                           data-dojo-props=" name: 'groupSubtreeSearchScope' " />
+                        <div class="clear">
+                            <div class="formLabel-labelCell tableContainer-labelCell">Subtree
search scope:</div>
+                            <div class="formLabel-controlCell tableContainer-valueCell">
+                                <input type="text" class="groupSubtreeSearchScope" disabled
+                                       id="ldapGroupInfoRadioButtonQueryContentSubtreeSearch"
+                                       data-dojo-type="dijit/form/CheckBox"
+                                       data-dojo-props=" name: 'groupSubtreeSearchScope'
"/>
+                            </div>
+                        </div>
+                        <div data-dojo-type="dijit/Tooltip"
+                             data-dojo-props="connectId: ['ldapGroupInfoRadioButtonQueryContentSubtreeSearch'],
+                                                          label: 'If selected, the search
for group entries is performed<br/>in the entire subtree of the group search context'">
+                        </div>
+                    </div>
                 </div>
             </div>
-            <div data-dojo-type="dijit/Tooltip"
-                 data-dojo-props="connectId: ['addAuthenticationProvider.simpleldap.groupSubtreeSearchScope'],
-                                                  label: 'If selected, the he search for
group entries is performed in the entire subtree of the group search context'">
-            </div>
+
         </fieldset>
     </div>
 </div>

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/css/common.css
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/css/common.css?rev=1747192&r1=1747191&r2=1747192&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/css/common.css
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/css/common.css
Tue Jun  7 11:15:16 2016
@@ -503,3 +503,9 @@ div .messages {
 .virtualHostConnections .field-bytesInRate { width: 10% }
 .virtualHostConnections .field-msgOutRate { width: 10% }
 .virtualHostConnections .field-bytesOutRate { width: 10% }
+
+.radioButtonIndent {
+    padding-left: 20px;
+    padding-top: 5px;
+    padding-bottom: 5px;
+}

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAuthenticationProvider.js
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAuthenticationProvider.js?rev=1747192&r1=1747191&r2=1747192&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAuthenticationProvider.js
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAuthenticationProvider.js
Tue Jun  7 11:15:16 2016
@@ -191,6 +191,10 @@ define(["dojo/dom",
                 {
                     var authenticationProviderData = util.getFormWidgetValues(this.authenticationProviderForm,
                         this.initialData);
+                    if (this.typeUI && this.typeUI._preSubmit)
+                    {
+                        this.typeUI._preSubmit(authenticationProviderData);
+                    }
                     var context = this.context.get("value");
                     if (context && (!this.initialData || !util.equals(context, this.initialData.context)))
                     {
@@ -297,6 +301,7 @@ define(["dojo/dom",
                                 metadata: that.management.metadata
                             });
                             util.applyMetadataToWidgets(typeFieldsContainer, category, type,
that.management.metadata);
+                            that.typeUI = typeUI;
                         }
                         catch (e)
                         {

Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/authenticationprovider/simpleldap/add.js
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/authenticationprovider/simpleldap/add.js?rev=1747192&r1=1747191&r2=1747192&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/authenticationprovider/simpleldap/add.js
(original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/js/qpid/management/authenticationprovider/simpleldap/add.js
Tue Jun  7 11:15:16 2016
@@ -22,6 +22,7 @@ define(["dojo/query",
         "dijit/registry",
         "qpid/common/util",
         "dojo/store/Memory",
+        "dijit/form/RadioButton",
         "dijit/form/FilteringSelect",
         "dijit/form/ValidationTextBox",
         "dijit/form/CheckBox"], function (query, registry, util, Memory)
@@ -38,6 +39,40 @@ define(["dojo/query",
         _postParse: function (data)
         {
             var that = this;
+
+            this.groupInfoAttributeName = registry.byId('ldapGroupInfoRadioButtonAttributeContentAttrName');
+            this.groupInfoSearchContext = registry.byId('ldapGroupInfoRadioButtonQueryContentSearchContext');
+            this.groupInfoSearchFilter = registry.byId('ldapGroupInfoRadioButtonQueryContentSearchFilter');
+            this.groupInfoSubtreeSearch = registry.byId('ldapGroupInfoRadioButtonQueryContentSubtreeSearch');
+
+            registry.byId("ldapGroupInfoRadioButtonNone").on("change", function(isChecked){
+                if(isChecked){
+                    that.groupInfoAttributeName.set('disabled', true);
+
+                    that.groupInfoSearchContext.set('disabled', true);
+                    that.groupInfoSearchFilter.set('disabled', true);
+                    that.groupInfoSubtreeSearch.set('disabled', true);
+                }
+            }, true);
+            registry.byId("ldapGroupInfoRadioButtonAttribute").on("change", function(isChecked){
+                if(isChecked){
+                    that.groupInfoAttributeName.set('disabled', false);
+
+                    that.groupInfoSearchContext.set('disabled', true);
+                    that.groupInfoSearchFilter.set('disabled', true);
+                    that.groupInfoSubtreeSearch.set('disabled', true);
+                }
+            }, true);
+            registry.byId("ldapGroupInfoRadioButtonQuery").on("change", function(isChecked){
+                if(isChecked){
+                    that.groupInfoAttributeName.set('disabled', true);
+
+                    that.groupInfoSearchContext.set('disabled', false);
+                    that.groupInfoSearchFilter.set('disabled', false);
+                    that.groupInfoSubtreeSearch.set('disabled', false);
+                }
+            }, true);
+
             var obj = {
                 type: "truststore",
                 parent: {type: "broker"}
@@ -49,10 +84,44 @@ define(["dojo/query",
                     if (data.data)
                     {
                         that._initFields(data.data, data.containerNode, data.parent.management.metadata);
+                        if (data.data.groupAttributeName)
+                        {
+                            registry.byId("ldapGroupInfoRadioButtonAttribute").set('checked',
true);
+                        }
+                        else if (data.data.groupSearchFilter || data.data.groupSearchContext)
+                        {
+                            registry.byId("ldapGroupInfoRadioButtonQuery").set('checked',
true);
+                        }
                     }
                 }, util.xhrErrorHandler);
+        },
 
+        _preSubmit: function(formData)
+        {
+            if ("none" === formData.groupInfo)
+            {
+                formData.groupAttributeName = "";
+
+                formData.groupSearchContext = "";
+                formData.groupSearchFilter = "";
+                formData.groupSubtreeSearchScope = false;
+            }
+            else if ("attribute" === formData.groupInfo)
+            {
+                formData.groupSearchContext = "";
+                formData.groupSearchFilter = "";
+                formData.groupSubtreeSearchScope = false;
+            }
+            else if ("query" === formData.groupInfo)
+            {
+                formData.groupAttributeName = "";
+            }
+            else
+            {
+                console.error("Unexpected value of 'groupInfo': " + formData.groupInfo);
+            }
         },
+
         _initTrustStores: function (trustStores, containerNode)
         {
             var data = [];



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message