You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2017/06/02 11:55:50 UTC
[1/2] karaf git commit: [KARAF-5172] Add a simple LDAPBackingEngine
Repository: karaf
Updated Branches:
refs/heads/master b85a449c6 -> f13b88f7c
[KARAF-5172] Add a simple LDAPBackingEngine
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/518d44ba
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/518d44ba
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/518d44ba
Branch: refs/heads/master
Commit: 518d44ba5fe9cf63d4ea2514dfeced22faf2a388
Parents: b85a449
Author: Andy Phillips <an...@fastmail.com>
Authored: Wed May 31 14:09:35 2017 -0700
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Fri Jun 2 13:54:43 2017 +0200
----------------------------------------------------------------------
.../jaas/modules/ldap/LDAPBackingEngine.java | 196 +++++++++++++++++++
.../modules/ldap/LDAPBackingEngineFactory.java | 38 ++++
2 files changed, 234 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/518d44ba/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
new file mode 100644
index 0000000..5bd3072
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngine.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.ldap;
+
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.apache.karaf.jaas.modules.ldap.LDAPCache;
+import org.apache.karaf.jaas.modules.ldap.LDAPOptions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * Karaf JAAS backing engine to support basic list funcitonality
+ * for the LDAP login module. Modification is not supported
+ * at this time
+ */
+public class LDAPBackingEngine implements BackingEngine {
+
+ private LDAPCache cache;
+ private LDAPOptions options;
+
+ private static Logger LOGGER = LoggerFactory.getLogger(LDAPBackingEngine.class);
+
+ public LDAPBackingEngine(Map<String, ?> options) {
+ this.options = new LDAPOptions(options);
+ cache = LDAPCache.getCache(this.options);
+ }
+
+ @Override
+ public void addUser(String username, String password) {
+ throw new UnsupportedOperationException("Adding a user is not supporting in LDAP");
+ }
+
+ @Override
+ public void deleteUser(String username) {
+ throw new UnsupportedOperationException("Deleting a user is not supporting in LDAP");
+ }
+
+ @Override
+ public List<UserPrincipal> listUsers() {
+ DirContext context = null;
+
+ ArrayList<UserPrincipal> users = new ArrayList<>();
+
+ try {
+ context = cache.open();
+
+ SearchControls controls = new SearchControls();
+ if (options.getUserSearchSubtree()) {
+ controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+ } else {
+ controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
+ }
+
+ String filter = options.getUserFilter();
+ filter = filter.replaceAll(Pattern.quote("%u"), "*");
+ filter = filter.replace("\\", "\\\\");
+
+ LOGGER.debug("Looking for the users in LDAP with ");
+ LOGGER.debug(" base DN: " + options.getUserBaseDn());
+ LOGGER.debug(" filter: " + filter);
+
+ NamingEnumeration namingEnumeration = context.search(options.getUserBaseDn(), filter, controls);
+ try {
+ while (namingEnumeration.hasMore()) {
+ SearchResult result = (SearchResult) namingEnumeration.next();
+
+ // We need to do the following because slashes are handled badly. For example, when searching
+ // for a user with lots of special characters like cn=admin,=+<>#;\
+ // SearchResult contains 2 different results:
+ //
+ // SearchResult.getName = cn=admin\,\=\+\<\>\#\;\\\\
+ // SearchResult.getNameInNamespace = cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
+ //
+ // the second escapes the slashes correctly.
+ String userDNNamespace = result.getNameInNamespace();
+ // handle case where cn, ou, dc case doesn't match
+ int indexOfUserBaseDN = userDNNamespace.toLowerCase().indexOf("," + options.getUserBaseDn().toLowerCase());
+ String userDN = (indexOfUserBaseDN > 0) ?
+ userDNNamespace.substring(0, indexOfUserBaseDN) :
+ result.getName();
+
+ // we need to pull out the cn=, uid=, ect.. from the user name to get the actual user name
+ String userName = userDN;
+ if (userDN.contains("=")) userName = userDN.split("=")[1];
+
+ users.add(new UserPrincipal(userName));
+
+ }
+ } finally {
+ if (namingEnumeration != null) {
+ try {
+ namingEnumeration.close();
+ } catch (NamingException e) {
+ // Ignore
+ }
+ }
+ }
+
+ return users;
+
+ } catch (NamingException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public List<GroupPrincipal> listGroups(UserPrincipal user) {
+ // for now return empty list, group implementation is not supported
+ return Collections.emptyList();
+ }
+
+ @Override
+ public Map<GroupPrincipal, String> listGroups() {
+ // for now return empty list, group implementation is not supported
+ return Collections.emptyMap();
+ }
+
+ @Override
+ public void addGroup(String username, String group) {
+ throw new UnsupportedOperationException("Adding a group is not supporting in LDAP");
+ }
+
+ @Override
+ public void createGroup(String group) {
+ throw new UnsupportedOperationException("Creating a group is not supporting in LDAP");
+ }
+
+ @Override
+ public void deleteGroup(String username, String group) {
+ throw new UnsupportedOperationException("Deleting a group is not supporting in LDAP");
+ }
+
+ @Override
+ public List<RolePrincipal> listRoles(Principal principal) {
+ try {
+ String[] userAndNameSpace = cache.getUserDnAndNamespace(principal.getName());
+ if (userAndNameSpace == null || userAndNameSpace.length < 2) return Collections.emptyList();
+
+ ArrayList<RolePrincipal> roles = new ArrayList<>();
+ for (String role : cache.getUserRoles(principal.getName(), userAndNameSpace[0], userAndNameSpace[1])) {
+ roles.add(new RolePrincipal(role));
+ }
+ return roles;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public void addRole(String username, String role) {
+ throw new UnsupportedOperationException("Adding a role is not supporting in LDAP");
+ }
+
+ @Override
+ public void deleteRole(String username, String role) {
+ throw new UnsupportedOperationException("Deleting a role is not supporting in LDAP");
+ }
+
+ @Override
+ public void addGroupRole(String group, String role) {
+ throw new UnsupportedOperationException("Adding a group role is not supporting in LDAP");
+ }
+
+ @Override
+ public void deleteGroupRole(String group, String role) {
+ throw new UnsupportedOperationException("Deleting a group role is not supporting in LDAP");
+ }
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/518d44ba/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngineFactory.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngineFactory.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngineFactory.java
new file mode 100644
index 0000000..16d1a78
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPBackingEngineFactory.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.ldap;
+
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.apache.karaf.jaas.modules.BackingEngineFactory;
+import org.apache.karaf.jaas.modules.ldap.LDAPLoginModule;
+import java.util.Map;
+
+/**
+ * Karaf JAAS backing engine factory to support basic list funcitonality
+ * for the LDAP login module.
+ */
+public class LDAPBackingEngineFactory implements BackingEngineFactory {
+
+ @Override
+ public String getModuleClass() {
+ return LDAPLoginModule.class.getName();
+ }
+
+ @Override
+ public BackingEngine build(Map<String, ?> options) {
+ return new LDAPBackingEngine(options);
+ }
+
+}
[2/2] karaf git commit: [KARAF-5172] This closes #309
Posted by jb...@apache.org.
[KARAF-5172] This closes #309
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f13b88f7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f13b88f7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f13b88f7
Branch: refs/heads/master
Commit: f13b88f7c9635e35ecd86fcb95a3746125cc16c3
Parents: b85a449 518d44b
Author: Jean-Baptiste Onofré <jb...@apache.org>
Authored: Fri Jun 2 13:55:44 2017 +0200
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Fri Jun 2 13:55:44 2017 +0200
----------------------------------------------------------------------
.../jaas/modules/ldap/LDAPBackingEngine.java | 196 +++++++++++++++++++
.../modules/ldap/LDAPBackingEngineFactory.java | 38 ++++
2 files changed, 234 insertions(+)
----------------------------------------------------------------------