/
AttributeNewUserGroupBean.java
108 lines (88 loc) · 3.47 KB
/
AttributeNewUserGroupBean.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
* $Id$
*
* Copyright 2010 Glencoe Software, Inc. All rights reserved.
* Use is subject to license terms supplied in LICENSE.txt
*/
package ome.security.auth;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import ome.conditions.ValidationException;
import ome.security.SecuritySystem;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapOperations;
/**
* Handles the "*_attribute" specifiers from etc/omero.properties.
*
* The values of the attribute equal to the string following ":*_attribute:" are
* taken to be the names and/or DNs of {@link ExperimenterGroup} instances and
* created if necessary. If {@link #filtered} is set to true, then the names/DNs
* found must pass the assigned group filter.
*
* @author Josh Moore, josh at glencoesoftware.com
* @see SecuritySystem
* @since Beta4.2
*/
public class AttributeNewUserGroupBean implements NewUserGroupBean {
private final static Log log = LogFactory.getLog(AttributeNewUserGroupBean.class);
/**
* The value following ":*attribute:" in the configuration, where "*"
* can be one of: "", "filtered_", "dn_", and "filtered_dn_".
*/
private final String grpAttribute;
/**
* Whether or not the group filter should be applied to found groups.
*/
private final boolean filtered;
/**
* Whether the value of the attribute should be interpreted as a DN
* or as the group name.
*/
private final boolean dn;
public AttributeNewUserGroupBean(String grpAttribute, boolean filtered, boolean dn) {
this.grpAttribute = grpAttribute;
this.filtered = filtered;
this.dn = dn;
}
@SuppressWarnings("unchecked")
public List<Long> groups(String username, LdapConfig config,
LdapOperations ldap, RoleProvider provider, AttributeSet attrSet) {
Set<String> groupNames = attrSet.getAll(grpAttribute);
if (groupNames == null) {
throw new ValidationException(username + " has no attributes "
+ grpAttribute);
}
final GroupAttributeMapper mapper = new GroupAttributeMapper(config);
// If filtered is activated, then load all group names as mapped
// via the name field.
//
// TODO: this should likely be done via either paged queries
// or once for each target.
List<String> filteredNames = null;
if (filtered) {
String filter = config.getGroupFilter().encode();
filteredNames = (List<String>) ldap.search("", filter, mapper);
}
List<Long> groups = new ArrayList<Long>();
for (String grpName : groupNames) {
// If DN is true, then we need to map from the attribute value
// to the actual group name before comparing.
if (dn) {
DistinguishedName relative = config.relativeDN(grpName);
String nameAttr = config.getGroupAttribute("name");
grpName = relative.getValue(nameAttr);
}
// Apply filter if necessary.
if (filtered && !filteredNames.contains(grpName)) {
log.debug("Group not found by filter: " + grpName);
continue;
}
// Finally, add the grou
groups.add(provider.createGroup(grpName, null, false));
}
return groups;
}
}