You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by ad...@apache.org on 2008/11/23 21:52:29 UTC
svn commit: r720040 - in /incubator/jsecurity/sandbox/crowd: ./
src/main/java/org/ src/main/java/org/jsecurity/
src/main/java/org/jsecurity/realms/ src/main/java/org/jsecurity/realms/crowd/
Author: adc
Date: Sun Nov 23 12:52:29 2008
New Revision: 720040
URL: http://svn.apache.org/viewvc?rev=720040&view=rev
Log:
JSEC-28 First crack at the Crowd based realm
Added:
incubator/jsecurity/sandbox/crowd/src/main/java/org/
incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/
incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/
incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/
incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java (with props)
incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java (with props)
Modified:
incubator/jsecurity/sandbox/crowd/pom.xml
Modified: incubator/jsecurity/sandbox/crowd/pom.xml
URL: http://svn.apache.org/viewvc/incubator/jsecurity/sandbox/crowd/pom.xml?rev=720040&r1=720039&r2=720040&view=diff
==============================================================================
--- incubator/jsecurity/sandbox/crowd/pom.xml (original)
+++ incubator/jsecurity/sandbox/crowd/pom.xml Sun Nov 23 12:52:29 2008
@@ -33,16 +33,37 @@
<dependencies>
<dependency>
- <groupId>org.jsecurity</groupId>
- <artifactId>jsecurity</artifactId>
- <version>0.9.0-SNAPSHOT</version>
+ <groupId>com.atlassian.crowd</groupId>
+ <artifactId>crowd-integration-client</artifactId>
+ <version>1.5.2</version>
</dependency>
+
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.4</version>
<scope>test</scope>
</dependency>
+
+ <dependency>
+ <groupId>org.jsecurity</groupId>
+ <artifactId>jsecurity</artifactId>
+ <version>0.9.0-SNAPSHOT</version>
+ </dependency>
</dependencies>
+ <repositories>
+ <repository>
+ <id>central</id>
+ <url>https://m2proxy.atlassian.com/repository/public</url>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </repository>
+ </repositories>
+
</project>
Added: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java?rev=720040&view=auto
==============================================================================
--- incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java (added)
+++ incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java Sun Nov 23 12:52:29 2008
@@ -0,0 +1,191 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jsecurity.realms.crowd;
+
+import java.rmi.RemoteException;
+import java.util.EnumSet;
+
+import com.atlassian.crowd.integration.exception.ApplicationAccessDeniedException;
+import com.atlassian.crowd.integration.exception.InactiveAccountException;
+import com.atlassian.crowd.integration.exception.InvalidAuthenticationException;
+import com.atlassian.crowd.integration.exception.InvalidAuthorizationTokenException;
+import com.atlassian.crowd.integration.exception.ObjectNotFoundException;
+import com.atlassian.crowd.integration.service.soap.client.SecurityServerClient;
+import com.atlassian.crowd.integration.service.soap.client.SecurityServerClientFactory;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.jsecurity.authc.AuthenticationException;
+import org.jsecurity.authc.AuthenticationInfo;
+import org.jsecurity.authc.AuthenticationToken;
+import org.jsecurity.authc.DisabledAccountException;
+import org.jsecurity.authc.IncorrectCredentialsException;
+import org.jsecurity.authc.SimpleAuthenticationInfo;
+import org.jsecurity.authc.UsernamePasswordToken;
+import org.jsecurity.authc.pam.UnsupportedTokenException;
+import org.jsecurity.authz.AuthorizationException;
+import org.jsecurity.authz.AuthorizationInfo;
+import org.jsecurity.authz.SimpleAuthorizationInfo;
+import org.jsecurity.realm.AuthorizingRealm;
+import org.jsecurity.subject.PrincipalCollection;
+
+
+/**
+ * A realm that authenticates and obtains its roles from a Atlassian Crowd
+ * server.
+ * <p/>
+ * The Crowd server as the concept of role and group memberships. Both of
+ * which can be can be mapped to JSecurity roles. This realm implementation
+ * allows the deployer to select either or both memberships to map to JSecurity
+ * roles.
+ *
+ * @version $Rev$ $Date$
+ */
+public class CrowdRealm extends AuthorizingRealm {
+
+ private static final Log LOG = LogFactory.getLog(CrowdRealm.class);
+ private SecurityServerClient crowdClient = SecurityServerClientFactory.getSecurityServerClient();
+ private EnumSet<RoleSource> roleSources = EnumSet.of(RoleSource.ROLES_FROM_CROWD_ROLES);
+
+ /**
+ * Override the default mechanism of obtaining a Crowd client from a
+ * <code>SecurityServerClientFactory</code>.
+ *
+ * @param crowdClient the crowd client to be used by the realm.
+ * @see SecurityServerClientFactory
+ */
+ public void setCrowdClient(SecurityServerClient crowdClient) {
+ this.crowdClient = crowdClient;
+ }
+
+ /**
+ * Obtain the kinds of Crowd memberships that will serve as sources for
+ * JSecurity roles.
+ *
+ * @return an enum set of role source directives.
+ */
+ public EnumSet<RoleSource> getRoleSources() {
+ return roleSources;
+ }
+
+ /**
+ * Set the kinds of Crowd memberships that will serve as sources for
+ * JSecurity roles.
+ *
+ * @param roleSources an enum set of role source directives.
+ */
+ public void setRoleSources(EnumSet<RoleSource> roleSources) {
+ this.roleSources = roleSources;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+
+ if (LOG.isTraceEnabled()) LOG.trace("Collecting authorization info from realm " + getName());
+
+ SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
+
+ for (Object principal : principalCollection.fromRealm(getName())) {
+ if (LOG.isTraceEnabled()) LOG.trace("Collecting roles from " + principal);
+
+ try {
+ if (roleSources.contains(RoleSource.ROLES_FROM_CROWD_ROLES)) {
+ if (LOG.isTraceEnabled()) LOG.trace("Collecting JSecurity roles from Crowd role memberships");
+
+ for (String role : crowdClient.findRoleMemberships(principal.toString())) {
+ if (LOG.isTraceEnabled()) LOG.trace("Adding role " + role);
+
+ authorizationInfo.addRole(role);
+ }
+ }
+
+ if (roleSources.contains(RoleSource.ROLES_FROM_CROWD_GROUPS)) {
+ if (LOG.isTraceEnabled()) LOG.trace("Collecting JSecurity roles from Crowd group memberships");
+
+ for (String group : crowdClient.findGroupMemberships(principal.toString())) {
+ if (LOG.isTraceEnabled()) LOG.trace("Adding role " + group);
+
+ authorizationInfo.addRole(group);
+ }
+ }
+ } catch (InvalidAuthorizationTokenException iae) {
+ String message = "Unable to obtain Crowd group memberships for principal " + principal + ".";
+ LOG.warn(message, iae);
+ throw new AuthorizationException(message, iae);
+ } catch (RemoteException re) {
+ String message = "Unable to obtain Crowd group memberships for principal " + principal + ".";
+ LOG.error(message, re);
+ throw new AuthorizationException(message, re);
+ } catch (ObjectNotFoundException onfe) {
+ String message = "Unable to obtain Crowd group memberships for principal " + principal + ".";
+ LOG.warn(message, onfe);
+ throw new AuthorizationException(message, onfe);
+ }
+ }
+
+ return authorizationInfo;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
+
+ if (LOG.isTraceEnabled()) LOG.trace("Collecting authentication info from realm " + getName());
+
+ if (!(authenticationToken instanceof UsernamePasswordToken)) {
+ String message = "Unsupported token of type " + authenticationToken.getClass().getName() + ". "
+ + UsernamePasswordToken.class.getName() + " is required.";
+ LOG.warn(message);
+ throw new UnsupportedTokenException(message);
+ }
+
+ UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
+ try {
+ crowdClient.authenticatePrincipalSimple(token.getUsername(), new String(token.getPassword()));
+
+ return new SimpleAuthenticationInfo(token.getPrincipal(), token.getCredentials(), getName());
+ }
+ catch (InvalidAuthorizationTokenException iate) {
+ String message = "Unable to obtain authenticate principal " + token.getUsername() + " in Crowd.";
+ LOG.error(message, iate);
+ throw new AuthenticationException(message, iate);
+ }
+ catch (ApplicationAccessDeniedException aade) {
+ String message = "Unable to obtain authenticate principal " + token.getUsername() + " in Crowd.";
+ LOG.error(message, aade);
+ throw new AuthenticationException(message, aade);
+ }
+ catch (InvalidAuthenticationException iae) {
+ LOG.warn("Unable to authenticate principal " + token.getUsername() + " in Crowd.", iae);
+ throw new IncorrectCredentialsException(iae);
+ }
+ catch (RemoteException re) {
+ String message = "Unable to obtain authenticate principal " + token.getUsername() + " in Crowd.";
+ LOG.error(message, re);
+ throw new AuthenticationException(message, re);
+ }
+ catch (InactiveAccountException iae) {
+ LOG.warn("Disabled principal " + token.getUsername() + " in Crowd.", iae);
+ throw new DisabledAccountException(iae);
+ }
+ }
+}
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java
------------------------------------------------------------------------------
svn:keywords = Date Revision Id Author
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/CrowdRealm.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java?rev=720040&view=auto
==============================================================================
--- incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java (added)
+++ incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java Sun Nov 23 12:52:29 2008
@@ -0,0 +1,42 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jsecurity.realms.crowd;
+
+/**
+ * The Atlassian Crowd server as the concept of role and group memberships.
+ * Both of which can be can be mapped to JSecurity roles. This realm
+ * implementation allows the deployer to select either or both memberships to
+ * map to JSecurity roles.
+ * <p/>
+ * These enums are use to direct the JSecurity realm where to obtain roles.
+ * Either or both of the enums may be used.
+ *
+ * @version $Rev$ $Date$
+ */
+public enum RoleSource {
+
+ /**
+ * Obtain JSecurity roles from Crowd group memberships
+ */
+ ROLES_FROM_CROWD_GROUPS,
+
+ /**
+ * Obtain JSecurity roles from Crowd role memberships
+ */
+ ROLES_FROM_CROWD_ROLES
+}
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java
------------------------------------------------------------------------------
svn:keywords = Date Revision Id Author
Propchange: incubator/jsecurity/sandbox/crowd/src/main/java/org/jsecurity/realms/crowd/RoleSource.java
------------------------------------------------------------------------------
svn:mime-type = text/plain