-
Notifications
You must be signed in to change notification settings - Fork 826
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'feature/extract_ldap_mail_attribute' into develop
- Loading branch information
Showing
12 changed files
with
487 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
common/src/main/java/org/cloudfoundry/identity/uaa/ldap/ExtendedLdapUserDetails.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
/* | ||
* ****************************************************************************** | ||
* Cloud Foundry | ||
* Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved. | ||
* | ||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this product except in compliance with the License. | ||
* | ||
* This product includes a number of subcomponents with | ||
* separate copyright notices and license terms. Your use of these | ||
* subcomponents is subject to the terms and conditions of the | ||
* subcomponent's license, as noted in the LICENSE file. | ||
* ****************************************************************************** | ||
*/ | ||
package org.cloudfoundry.identity.uaa.ldap; | ||
|
||
import org.springframework.security.ldap.userdetails.LdapUserDetails; | ||
|
||
import java.util.Map; | ||
|
||
public interface ExtendedLdapUserDetails extends LdapUserDetails { | ||
|
||
public String[] getMail(); | ||
|
||
public Map<String,String[]> getAttributes(); | ||
|
||
} |
70 changes: 70 additions & 0 deletions
70
common/src/main/java/org/cloudfoundry/identity/uaa/ldap/ExtendedLdapUserMapper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/******************************************************************************* | ||
* Cloud Foundry | ||
* Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved. | ||
* | ||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this product except in compliance with the License. | ||
* | ||
* This product includes a number of subcomponents with | ||
* separate copyright notices and license terms. Your use of these | ||
* subcomponents is subject to the terms and conditions of the | ||
* subcomponent's license, as noted in the LICENSE file. | ||
*******************************************************************************/ | ||
package org.cloudfoundry.identity.uaa.ldap; | ||
|
||
|
||
import org.apache.commons.logging.Log; | ||
import org.apache.commons.logging.LogFactory; | ||
import org.cloudfoundry.identity.uaa.ldap.extension.ExtendedLdapUserImpl; | ||
import org.springframework.ldap.core.DirContextAdapter; | ||
import org.springframework.ldap.core.DirContextOperations; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.userdetails.UserDetails; | ||
import org.springframework.security.ldap.userdetails.LdapUserDetails; | ||
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper; | ||
|
||
import java.util.Collection; | ||
import java.util.Collections; | ||
import java.util.HashMap; | ||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import static org.cloudfoundry.identity.uaa.ldap.extension.SpringSecurityLdapTemplate.DN_KEY; | ||
|
||
public class ExtendedLdapUserMapper extends LdapUserDetailsMapper { | ||
private static final Log logger = LogFactory.getLog(ExtendedLdapUserMapper.class); | ||
|
||
private String mailAttributeName="mail"; | ||
@Override | ||
public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) { | ||
LdapUserDetails ldapUserDetails = (LdapUserDetails)super.mapUserFromContext(ctx, username, authorities); | ||
|
||
DirContextAdapter adapter = (DirContextAdapter) ctx; | ||
Map<String, String[]> record = new HashMap<String, String[]>(); | ||
List<String> attributeNames = Collections.list(adapter.getAttributes().getIDs()); | ||
for (String attributeName : attributeNames) { | ||
try { | ||
String[] values = adapter.getStringAttributes(attributeName); | ||
if (values == null || values.length == 0) { | ||
logger.debug("No attribute value found for '" + attributeName + "'"); | ||
} else { | ||
record.put(attributeName, values); | ||
} | ||
} catch (ArrayStoreException x) { | ||
logger.debug("Attribute value is not a string for '" + attributeName + "'"); | ||
} | ||
} | ||
record.put(DN_KEY, new String[] {adapter.getDn().toString()}); | ||
ExtendedLdapUserImpl result = new ExtendedLdapUserImpl(ldapUserDetails, record); | ||
result.setMailAttributeName(getMailAttributeName()); | ||
return result; | ||
} | ||
|
||
public String getMailAttributeName() { | ||
return mailAttributeName; | ||
} | ||
|
||
public void setMailAttributeName(String mailAttributeName) { | ||
this.mailAttributeName = mailAttributeName; | ||
} | ||
} |
160 changes: 160 additions & 0 deletions
160
common/src/main/java/org/cloudfoundry/identity/uaa/ldap/extension/ExtendedLdapUserImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
/* | ||
* ****************************************************************************** | ||
* Cloud Foundry | ||
* Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved. | ||
* | ||
* This product is licensed to you under the Apache License, Version 2.0 (the "License"). | ||
* You may not use this product except in compliance with the License. | ||
* | ||
* This product includes a number of subcomponents with | ||
* separate copyright notices and license terms. Your use of these | ||
* subcomponents is subject to the terms and conditions of the | ||
* subcomponent's license, as noted in the LICENSE file. | ||
* ****************************************************************************** | ||
*/ | ||
package org.cloudfoundry.identity.uaa.ldap.extension; | ||
|
||
import org.cloudfoundry.identity.uaa.ldap.ExtendedLdapUserDetails; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.authority.AuthorityUtils; | ||
import org.springframework.security.ldap.userdetails.LdapUserDetails; | ||
|
||
import java.util.Collection; | ||
import java.util.Collections; | ||
import java.util.HashMap; | ||
import java.util.Map; | ||
|
||
public class ExtendedLdapUserImpl implements ExtendedLdapUserDetails { | ||
|
||
private String mailAttributeName = "mail"; | ||
private String dn; | ||
private String password; | ||
private String username; | ||
private Collection<? extends GrantedAuthority> authorities = AuthorityUtils.NO_AUTHORITIES; | ||
private boolean accountNonExpired = true; | ||
private boolean accountNonLocked = true; | ||
private boolean credentialsNonExpired = true; | ||
private boolean enabled = true; | ||
// PPolicy data | ||
private int timeBeforeExpiration = Integer.MAX_VALUE; | ||
private int graceLoginsRemaining = Integer.MAX_VALUE; | ||
private Map<String,String[]> attributes = new HashMap<>(); | ||
|
||
public ExtendedLdapUserImpl() {} | ||
public ExtendedLdapUserImpl(LdapUserDetails details) { | ||
setDn(details.getDn()); | ||
setUsername(details.getUsername()); | ||
setPassword(details.getPassword()); | ||
setEnabled(details.isEnabled()); | ||
setAccountNonExpired(details.isAccountNonExpired()); | ||
setCredentialsNonExpired(details.isCredentialsNonExpired()); | ||
setAccountNonLocked(details.isAccountNonLocked()); | ||
setAuthorities(details.getAuthorities()); | ||
} | ||
public ExtendedLdapUserImpl(LdapUserDetails details, Map<String,String[]> attributes) { | ||
this(details); | ||
this.attributes.putAll(attributes); | ||
} | ||
|
||
@Override | ||
public String[] getMail() { | ||
String[] mail = attributes.get(getMailAttributeName()); | ||
if (mail==null) { | ||
mail = new String[0]; | ||
} | ||
return mail; | ||
} | ||
|
||
@Override | ||
public Map<String, String[]> getAttributes() { | ||
return Collections.unmodifiableMap(attributes); | ||
} | ||
|
||
public String getDn() { | ||
return dn; | ||
} | ||
|
||
public void setDn(String dn) { | ||
this.dn = dn; | ||
} | ||
|
||
public String getPassword() { | ||
return password; | ||
} | ||
|
||
public void setPassword(String password) { | ||
this.password = password; | ||
} | ||
|
||
public String getUsername() { | ||
return username; | ||
} | ||
|
||
public void setUsername(String username) { | ||
this.username = username; | ||
} | ||
|
||
public Collection<? extends GrantedAuthority> getAuthorities() { | ||
return authorities; | ||
} | ||
|
||
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) { | ||
this.authorities = authorities; | ||
} | ||
|
||
public boolean isAccountNonExpired() { | ||
return accountNonExpired; | ||
} | ||
|
||
public void setAccountNonExpired(boolean accountNonExpired) { | ||
this.accountNonExpired = accountNonExpired; | ||
} | ||
|
||
public boolean isAccountNonLocked() { | ||
return accountNonLocked; | ||
} | ||
|
||
public void setAccountNonLocked(boolean accountNonLocked) { | ||
this.accountNonLocked = accountNonLocked; | ||
} | ||
|
||
public boolean isCredentialsNonExpired() { | ||
return credentialsNonExpired; | ||
} | ||
|
||
public void setCredentialsNonExpired(boolean credentialsNonExpired) { | ||
this.credentialsNonExpired = credentialsNonExpired; | ||
} | ||
|
||
public boolean isEnabled() { | ||
return enabled; | ||
} | ||
|
||
public void setEnabled(boolean enabled) { | ||
this.enabled = enabled; | ||
} | ||
|
||
public int getTimeBeforeExpiration() { | ||
return timeBeforeExpiration; | ||
} | ||
|
||
public void setTimeBeforeExpiration(int timeBeforeExpiration) { | ||
this.timeBeforeExpiration = timeBeforeExpiration; | ||
} | ||
|
||
public int getGraceLoginsRemaining() { | ||
return graceLoginsRemaining; | ||
} | ||
|
||
public void setGraceLoginsRemaining(int graceLoginsRemaining) { | ||
this.graceLoginsRemaining = graceLoginsRemaining; | ||
} | ||
|
||
public String getMailAttributeName() { | ||
return mailAttributeName; | ||
} | ||
|
||
public void setMailAttributeName(String mailAttributeName) { | ||
this.mailAttributeName = mailAttributeName; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.