You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/01/25 19:02:25 UTC
[3/3] git commit: ISIS-307, ISIS-306: map groups to roles, trim perms.
Updated Branches:
refs/heads/master 53566279b -> b8ed07d9d
ISIS-307, ISIS-306: map groups to roles, trim perms.
Project: http://git-wip-us.apache.org/repos/asf/isis/repo
Commit: http://git-wip-us.apache.org/repos/asf/isis/commit/b8ed07d9
Tree: http://git-wip-us.apache.org/repos/asf/isis/tree/b8ed07d9
Diff: http://git-wip-us.apache.org/repos/asf/isis/diff/b8ed07d9
Branch: refs/heads/master
Commit: b8ed07d9da70fc3f48348773e7cb74cd2d6b51d3
Parents: 4928d18
Author: Dan Haywood <da...@apache.org>
Authored: Fri Jan 25 17:36:10 2013 +0000
Committer: Dan Haywood <da...@apache.org>
Committed: Fri Jan 25 17:36:10 2013 +0000
----------------------------------------------------------------------
.../apache/isis/security/shiro/IsisLdapRealm.java | 22 ++++++++++++++-
.../org/apache/isis/security/shiro/util/Util.java | 10 ++++++-
.../src/main/webapp/WEB-INF/shiro.ini | 8 +++++
3 files changed, 38 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/isis/blob/b8ed07d9/component/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
index 6a0ed04..9cac5fe 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
@@ -47,6 +47,14 @@ import com.google.common.collect.Sets;
* ldapRealm.groupObjectClass = groupOfUniqueNames
* ldapRealm.uniqueMemberAttribute = uniqueMember
* ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
+ *
+ * # optional mapping from physical groups to logical application roles
+ * ldapRealm.rolesByGroup = \
+ * LDN_USERS: user_role,\
+ * NYK_USERS: user_role,\
+ * HKG_USERS: user_role,\
+ * GLOBAL_ADMIN: admin_role,\
+ * DEMOS: self-install_role
*
* ldapRealm.permissionsByRole=\
* user_role = *:ToDoItemsJdo:*:*,\
@@ -72,6 +80,7 @@ public class IsisLdapRealm extends JndiLdapRealm {
private String uniqueMemberAttributeValuePrefix;
private String uniqueMemberAttributeValueSuffix;
+ private final Map<String,String> rolesByGroup = Maps.newLinkedHashMap();
private final Map<String,List<String>> permissionsByRole = Maps.newLinkedHashMap();
public IsisLdapRealm() {
@@ -140,13 +149,20 @@ public class IsisLdapRealm extends JndiLdapRealm {
if ((uniqueMemberAttributeValuePrefix + userName + uniqueMemberAttributeValueSuffix).equals(attrValue)) {
Attribute attribute = group.getAttributes().get("cn");
String groupName = attribute.get().toString();
- roleNames.add(groupName);
+ String roleName = roleNameFor(groupName);
+ if(roleName != null) {
+ roleNames.add(roleName);
+ }
break;
}
}
}
}
+ private String roleNameFor(String groupName) {
+ return !rolesByGroup.isEmpty() ? rolesByGroup.get(groupName) : groupName;
+ }
+
private Set<String> permsFor(Set<String> roleNames) {
Set<String> perms = Sets.newLinkedHashSet(); // preserve order
@@ -190,6 +206,10 @@ public class IsisLdapRealm extends JndiLdapRealm {
this.uniqueMemberAttributeValueSuffix = suffix;
}
+ public void setRolesByGroup(Map<String, String> rolesByGroup) {
+ this.rolesByGroup.putAll(rolesByGroup);
+ }
+
public void setPermissionsByRole(String permissionsByRoleStr) {
permissionsByRole.putAll(Util.parse(permissionsByRoleStr));
}
http://git-wip-us.apache.org/repos/asf/isis/blob/b8ed07d9/component/security/shiro/src/main/java/org/apache/isis/security/shiro/util/Util.java
----------------------------------------------------------------------
diff --git a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/util/Util.java b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/util/Util.java
index 005dda4..edc87c4 100644
--- a/component/security/shiro/src/main/java/org/apache/isis/security/shiro/util/Util.java
+++ b/component/security/shiro/src/main/java/org/apache/isis/security/shiro/util/Util.java
@@ -3,6 +3,7 @@ package org.apache.isis.security.shiro.util;
import java.util.List;
import java.util.Map;
+import com.google.common.base.Function;
import com.google.common.base.Splitter;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
@@ -10,6 +11,13 @@ import com.google.common.collect.Maps;
public class Util {
+ private static final Function<String, String> TRIM = new Function<String,String>() {
+ @Override
+ public String apply(String str) {
+ return str.trim();
+ }
+ };
+
public static Map<String, List<String>> parse(String permissionsByRoleStr) {
Map<String,List<String>> perms = Maps.newHashMap();
for(String roleAndPermsStr: Splitter.on(";").split(permissionsByRoleStr)) {
@@ -20,7 +28,7 @@ public class Util {
}
final String role = roleAndPerms[0].trim();
final String permStr = roleAndPerms[1].trim();
- perms.put(role, Lists.newArrayList(Splitter.on(",").split(permStr)));
+ perms.put(role, Lists.newArrayList(Iterables.transform(Splitter.on(",").split(permStr), TRIM)));
}
return perms;
}
http://git-wip-us.apache.org/repos/asf/isis/blob/b8ed07d9/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
----------------------------------------------------------------------
diff --git a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
index 1bee770..a643d86 100644
--- a/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
+++ b/example/application/quickstart_wicket_restful_jdo/viewer-webapp/src/main/webapp/WEB-INF/shiro.ini
@@ -34,6 +34,14 @@ ldapRealm.groupObjectClass = groupOfUniqueNames
ldapRealm.uniqueMemberAttribute = uniqueMember
ldapRealm.uniqueMemberAttributeValueTemplate = uid={0}
+# optional mapping from physical groups to logical application roles
+#ldapRealm.rolesByGroup = \
+# LDN_USERS: user_role,\
+# NYK_USERS: user_role,\
+# HKG_USERS: user_role,\
+# GLOBAL_ADMIN: admin_role,\
+# DEMOS: self-install_role
+
ldapRealm.permissionsByRole=\
user_role = *:ToDoItemsJdo:*:*,\
*:ToDoItem:*:*; \