You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by al...@apache.org on 2015/07/31 13:35:56 UTC

[1/2] incubator-brooklyn git commit: LDAP Domain Component

Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master d90a8bf07 -> e206168af


LDAP Domain Component


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/8d4baaa0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/8d4baaa0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/8d4baaa0

Branch: refs/heads/master
Commit: 8d4baaa076f4a4506e02fefc6cd97da10cc64af7
Parents: 906ea25
Author: Valentin Aitken <va...@cloudsoftcorp.com>
Authored: Thu Jul 30 20:53:16 2015 +0300
Committer: Valentin Aitken <va...@cloudsoftcorp.com>
Committed: Thu Jul 30 20:53:16 2015 +0300

----------------------------------------------------------------------
 .../java/brooklyn/rest/BrooklynWebConfig.java   |  3 ++
 .../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
index 4443b00..294fd18 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java
@@ -66,6 +66,9 @@ public class BrooklynWebConfig {
     public final static ConfigKey<String> LDAP_REALM = ConfigKeys.newStringConfigKey(
             BASE_NAME_SECURITY+".ldap.realm");
 
+    public final static ConfigKey<String> LDAP_OU = ConfigKeys.newStringConfigKey(
+            BASE_NAME_SECURITY+"ldap.ou");
+
     public final static ConfigKey<Boolean> HTTPS_REQUIRED = ConfigKeys.newBooleanConfigKey(
             BASE_NAME+".security.https.required",
             "Whether HTTPS is required; false here can be overridden by CLI option", false); 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
----------------------------------------------------------------------
diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
index a9fa453..c8c10a1 100644
--- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -35,6 +35,12 @@ import brooklyn.management.ManagementContext;
 import brooklyn.rest.BrooklynWebConfig;
 import brooklyn.util.exceptions.Exceptions;
 import brooklyn.util.text.Strings;
+import com.google.common.base.Function;
+import com.google.common.base.Joiner;
+import com.google.common.collect.Lists;
+
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * A {@link SecurityProvider} implementation that relies on LDAP to authenticate.
@@ -49,6 +55,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
 
     private final String ldapUrl;
     private final String ldapRealm;
+    private final String organizationUnit;
 
     public LdapSecurityProvider(ManagementContext mgmt) {
         StringConfigMap properties = mgmt.getConfig();
@@ -56,11 +63,20 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
         Strings.checkNonEmpty(ldapUrl, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_URL);
         ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_REALM));
         Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_REALM);
+
+        if(Strings.isBlank(properties.getConfig(BrooklynWebConfig.LDAP_OU))) {
+            LOG.info("Setting LDAP ou attribute to: Users");
+            organizationUnit = "Users";
+        } else {
+            organizationUnit = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_OU));
+        }
+        Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_OU);
     }
 
-    public LdapSecurityProvider(String ldapUrl, String ldapRealm) {
+    public LdapSecurityProvider(String ldapUrl, String ldapRealm, String organizationUnit) {
         this.ldapUrl = ldapUrl;
         this.ldapRealm = ldapRealm;
+        this.organizationUnit = organizationUnit;
     }
 
     @SuppressWarnings({ "rawtypes", "unchecked" })
@@ -68,7 +84,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
     public boolean authenticate(HttpSession session, String user, String password) {
         if (session==null || user==null) return false;
         checkCanLoad();
-        
+
         Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, ldapUrl);
@@ -85,7 +101,15 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se
     }
 
     private String getUserDN(String user) {
-        return "cn=" + user + "," + ldapRealm;
+        List<String> domain = Lists.transform(Arrays.asList(ldapRealm.split("\\.")), new Function<String, String>() {
+            @Override
+            public String apply(String input) {
+                return "dc=" + input;
+            }
+        });
+
+        String dc = Joiner.on(",").join(domain).toLowerCase();
+        return "cn=" + user + ",ou=" + organizationUnit + "," + dc;
     }
 
     static boolean triedLoading = false;

[2/2] incubator-brooklyn git commit: This closes #780

Posted by al...@apache.org.

This closes #780


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/e206168a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/e206168a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/e206168a

Branch: refs/heads/master
Commit: e206168afc1f6c47ad6823730d4be296e7a2d664
Parents: d90a8bf 8d4baaa
Author: Aled Sage <al...@gmail.com>
Authored: Fri Jul 31 12:36:10 2015 +0100
Committer: Aled Sage <al...@gmail.com>
Committed: Fri Jul 31 12:36:10 2015 +0100

----------------------------------------------------------------------
 .../java/brooklyn/rest/BrooklynWebConfig.java   |  3 ++
 .../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------