You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by al...@apache.org on 2015/07/31 13:35:56 UTC
[1/2] incubator-brooklyn git commit: LDAP Domain Component
Repository: incubator-brooklyn
Updated Branches:
refs/heads/master d90a8bf07 -> e206168af
LDAP Domain Component
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/8d4baaa0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/8d4baaa0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/8d4baaa0
Branch: refs/heads/master
Commit: 8d4baaa076f4a4506e02fefc6cd97da10cc64af7
Parents: 906ea25
Author: Valentin Aitken <va...@cloudsoftcorp.com>
Authored: Thu Jul 30 20:53:16 2015 +0300
Committer: Valentin Aitken <va...@cloudsoftcorp.com>
Committed: Thu Jul 30 20:53:16 2015 +0300
----------------------------------------------------------------------
.../java/brooklyn/rest/BrooklynWebConfig.java | 3 ++
.../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++--
2 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
index 4443b00..294fd18 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
@@ -66,6 +66,9 @@ public class BrooklynWebConfig {
public final static ConfigKey<String> LDAP_REALM = ConfigKeys.newStringConfigKey(
BASE_NAME_SECURITY+".ldap.realm");
+ public final static ConfigKey<String> LDAP_OU = ConfigKeys.newStringConfigKey(
+ BASE_NAME_SECURITY+"ldap.ou");
+
public final static ConfigKey<Boolean> HTTPS_REQUIRED = ConfigKeys.newBooleanConfigKey(
BASE_NAME+".security.https.required",
"Whether HTTPS is required; false here can be overridden by CLI option", false);
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
index a9fa453..c8c10a1 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -35,6 +35,12 @@ import brooklyn.management.ManagementContext;
import brooklyn.rest.BrooklynWebConfig;
import brooklyn.util.exceptions.Exceptions;
import brooklyn.util.text.Strings;
+import com.google.common.base.Function;
+import com.google.common.base.Joiner;
+import com.google.common.collect.Lists;
+
+import java.util.Arrays;
+import java.util.List;
/**
* A {@link SecurityProvider} implementation that relies on LDAP to authenticate.
@@ -49,6 +55,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
private final String ldapUrl;
private final String ldapRealm;
+ private final String organizationUnit;
public LdapSecurityProvider(ManagementContext mgmt) {
StringConfigMap properties = mgmt.getConfig();
@@ -56,11 +63,20 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
Strings.checkNonEmpty(ldapUrl, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_URL);
ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_REALM));
Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_REALM);
+
+ if(Strings.isBlank(properties.getConfig(BrooklynWebConfig.LDAP_OU))) {
+ LOG.info("Setting LDAP ou attribute to: Users");
+ organizationUnit = "Users";
+ } else {
+ organizationUnit = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_OU));
+ }
+ Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_OU);
}
- public LdapSecurityProvider(String ldapUrl, String ldapRealm) {
+ public LdapSecurityProvider(String ldapUrl, String ldapRealm, String organizationUnit) {
this.ldapUrl = ldapUrl;
this.ldapRealm = ldapRealm;
+ this.organizationUnit = organizationUnit;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
@@ -68,7 +84,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
public boolean authenticate(HttpSession session, String user, String password) {
if (session==null || user==null) return false;
checkCanLoad();
-
+
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
@@ -85,7 +101,15 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
}
private String getUserDN(String user) {
- return "cn=" + user + "," + ldapRealm;
+ List<String> domain = Lists.transform(Arrays.asList(ldapRealm.split("\\.")), new Function<String, String>() {
+ @Override
+ public String apply(String input) {
+ return "dc=" + input;
+ }
+ });
+
+ String dc = Joiner.on(",").join(domain).toLowerCase();
+ return "cn=" + user + ",ou=" + organizationUnit + "," + dc;
}
static boolean triedLoading = false;
[2/2] incubator-brooklyn git commit: This closes #780
Posted by al...@apache.org.
This closes #780
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/e206168a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/e206168a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/e206168a
Branch: refs/heads/master
Commit: e206168afc1f6c47ad6823730d4be296e7a2d664
Parents: d90a8bf 8d4baaa
Author: Aled Sage <al...@gmail.com>
Authored: Fri Jul 31 12:36:10 2015 +0100
Committer: Aled Sage <al...@gmail.com>
Committed: Fri Jul 31 12:36:10 2015 +0100
----------------------------------------------------------------------
.../java/brooklyn/rest/BrooklynWebConfig.java | 3 ++
.../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++--
2 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------