You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2014/08/14 21:50:38 UTC
[3/7] git commit: Add Syncope backend engine support
Add Syncope backend engine support
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b050fe28
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b050fe28
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b050fe28
Branch: refs/heads/master
Commit: b050fe28c1604c457257dcd8cbea52b428eee4d1
Parents: 972a14d
Author: Jean-Baptiste Onofré <jb...@apache.org>
Authored: Wed Aug 13 13:50:58 2014 +0200
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Wed Aug 13 13:50:58 2014 +0200
----------------------------------------------------------------------
jaas/modules/pom.xml | 11 +-
.../modules/syncope/SyncopeBackingEngine.java | 127 +++++++++++++++++++
.../syncope/SyncopeBackingEngineFactory.java | 51 ++++++++
.../modules/syncope/SyncopeLoginModule.java | 67 ++++++++--
.../modules/syncope/SyncopeLoginModuleTest.java | 105 +++++++++++++++
5 files changed, 343 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/pom.xml
----------------------------------------------------------------------
diff --git a/jaas/modules/pom.xml b/jaas/modules/pom.xml
index a6c15f0..2c6d01c 100644
--- a/jaas/modules/pom.xml
+++ b/jaas/modules/pom.xml
@@ -96,7 +96,8 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient-osgi</artifactId>
+ <artifactId>httpclient</artifactId>
+ <scope>provided</scope>
<version>4.3.5</version>
</dependency>
@@ -150,16 +151,16 @@
javax.net,
org.apache.karaf.jaas.config,
org.osgi.service.event;resolution:=optional,
- net.sf.ehcache*;resolution:=optional,
- net.spy.memcached*;resolution:=optional,
- org.apache.commons.codec*;resolution:=optional,
+ !net.sf.ehcache*,
+ !net.spy.memcached*,
*
</Import-Package>
<Private-Package>
org.apache.karaf.jaas.modules.impl,
org.apache.felix.utils.properties,
org.apache.karaf.util.tracker,
- org.apache.http*
+ org.apache.http*,
+ org.apache.commons.codec*
</Private-Package>
<Bundle-Activator>
org.apache.karaf.jaas.modules.impl.Activator
http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
new file mode 100644
index 0000000..bec9dc9
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngine.java
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.apache.karaf.jaas.boot.principal.GroupPrincipal;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+public class SyncopeBackingEngine implements BackingEngine {
+
+ private final Logger logger = LoggerFactory.getLogger(SyncopeBackingEngine.class);
+
+ private String address;
+
+ private DefaultHttpClient client;
+
+ public SyncopeBackingEngine(String address, String adminUser, String adminPassword) {
+ this.address = address;
+
+ client = new DefaultHttpClient();
+ Credentials creds = new UsernamePasswordCredentials(adminUser, adminPassword);
+ client.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
+ }
+
+ public void addUser(String username, String password) {
+ if (username.startsWith(GROUP_PREFIX)) {
+ throw new IllegalArgumentException("Group prefix " + GROUP_PREFIX + " not permitted with Syncope backend");
+ }
+ HttpPost request = new HttpPost(address + "/users");
+ }
+
+ public void deleteUser(String username) {
+ if (username.startsWith(GROUP_PREFIX)) {
+ throw new IllegalArgumentException("Group prefix " + GROUP_PREFIX + " not permitted with Syncope backend");
+ }
+ HttpDelete request = new HttpDelete(address + "/users/" + username);
+ try {
+ HttpResponse response = client.execute(request);
+ logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+ logger.warn(EntityUtils.toString(response.getEntity()));
+ } catch (Exception e) {
+ throw new RuntimeException("Error deleting user", e);
+ }
+ }
+
+ public List<UserPrincipal> listUsers() {
+ HttpGet request = new HttpGet(address + "/users");
+ try {
+ HttpResponse response = client.execute(request);
+ logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+ logger.warn(EntityUtils.toString(response.getEntity()));
+ } catch (Exception e) {
+ throw new RuntimeException("Error listing user", e);
+ }
+ return new ArrayList<UserPrincipal>();
+ }
+
+ public List<RolePrincipal> listRoles(Principal principal) {
+ HttpGet request = new HttpGet(address + "/users/" + principal.getName());
+ try {
+ HttpResponse response = client.execute(request);
+ logger.warn("Status code: " + response.getStatusLine().getStatusCode());
+ logger.warn(EntityUtils.toString(response.getEntity()));
+ } catch (Exception e) {
+ throw new RuntimeException("Error listing roles", e);
+ }
+ return new ArrayList<RolePrincipal>();
+ }
+
+ public void addRole(String username, String role) {
+
+ }
+
+ public void deleteRole(String username, String role) {
+
+ }
+
+ public List<GroupPrincipal> listGroups(UserPrincipal principal) {
+ return new ArrayList<GroupPrincipal>();
+ }
+
+ public void addGroup(String username, String group) {
+
+ }
+
+ public void deleteGroup(String username, String group) {
+
+ }
+
+ public void addGroupRole(String group, String role) {
+
+ }
+
+ public void deleteGroupRole(String group, String role) {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
new file mode 100644
index 0000000..f3a85a5
--- /dev/null
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeBackingEngineFactory.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.apache.karaf.jaas.modules.BackingEngine;
+import org.apache.karaf.jaas.modules.BackingEngineFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+public class SyncopeBackingEngineFactory implements BackingEngineFactory {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(SyncopeBackingEngineFactory.class);
+
+ public BackingEngine build(Map<String, ?> options) {
+ SyncopeBackingEngine instance = null;
+ String address = (String) options.get(SyncopeLoginModule.ADDRESS);
+ String adminUser = (String) options.get(SyncopeLoginModule.ADMIN_USER);
+ String adminPassword = (String) options.get(SyncopeLoginModule.ADMIN_PASSWORD);
+
+ try {
+ instance = new SyncopeBackingEngine(address, adminUser, adminPassword);
+ } catch (Exception e) {
+ LOGGER.error("Error creating the Syncope backing engine", e);
+ }
+
+ return instance;
+ }
+
+ /**
+ * Returns the login module class, that this factory can build.
+ */
+ public String getModuleClass() {
+ return SyncopeLoginModule.class.getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
index cdc3f30..582ddda 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
@@ -16,14 +16,14 @@ package org.apache.karaf.jaas.modules.syncope;
import org.apache.http.HttpStatus;
import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.util.EntityUtils;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+import org.apache.karaf.jaas.boot.principal.UserPrincipal;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,6 +43,8 @@ public class SyncopeLoginModule extends AbstractKarafLoginModule {
private final static Logger LOGGER = LoggerFactory.getLogger(SyncopeLoginModule.class);
public final static String ADDRESS = "address";
+ public final static String ADMIN_USER = "admin.user"; // for the backing engine
+ public final static String ADMIN_PASSWORD = "admin.password"; // for the backing engine
private String address;
@@ -75,29 +77,68 @@ public class SyncopeLoginModule extends AbstractKarafLoginModule {
// authenticate the user on Syncope
LOGGER.debug("Authenticate user {} on Syncope located {}", user, address);
- CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
- credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password));
- CloseableHttpClient client = HttpClients.createDefault();
- HttpClientContext context = HttpClientContext.create();
- context.setCredentialsProvider(credentialsProvider);
+ DefaultHttpClient client = new DefaultHttpClient();
+ Credentials creds = new UsernamePasswordCredentials(user, password);
+ client.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
HttpGet get = new HttpGet(address + "/users/self");
+ List<String> roles = new ArrayList<String>();
try {
- CloseableHttpResponse response = client.execute(get, context);
- LOGGER.info("Response: " + response.getStatusLine().getStatusCode());
+ CloseableHttpResponse response = client.execute(get);
+ LOGGER.debug("Syncope HTTP response status code: {}", response.getStatusLine().getStatusCode());
if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
LOGGER.warn("User {} not authenticated", user);
return false;
}
+ LOGGER.debug("User {} authenticated", user);
+ LOGGER.debug("Populating principals with user");
+ principals.add(new UserPrincipal(user));
+ LOGGER.debug("Retrieving user {} roles", user);
+ roles = extractingRoles(EntityUtils.toString(response.getEntity()));
} catch (Exception e) {
LOGGER.error("User {} authentication failed", user, e);
throw new LoginException("User " + user + " authentication failed: " + e.getMessage());
}
- LOGGER.warn("User {} authenticated", user);
+ LOGGER.debug("Populating principals with roles");
+ for (String role : roles) {
+ principals.add(new RolePrincipal(role));
+ }
return true;
}
+ /**
+ * Extract the user roles from the Syncope entity response.
+ *
+ * @param response the HTTP response from Syncope.
+ * @return the list of user roles.
+ * @throws Exception in case of extraction failure.
+ */
+ protected List<String> extractingRoles(String response) throws Exception {
+ List<String> roles = new ArrayList<String>();
+ // extract the <memberships> element
+ int index = response.indexOf("<memberships>");
+ response = response.substring(index + "<memberships>".length());
+ index = response.indexOf("</memberships>");
+ response = response.substring(0, index);
+
+ // looking for the roleName elements
+ index = response.indexOf("<roleName>");
+ while (index != -1) {
+ response = response.substring(index + "<roleName>".length());
+ int end = response.indexOf("</roleName>");
+ if (end == -1) {
+ index = -1;
+ }
+ String role = response.substring(0, end);
+ roles.add(role);
+ response = response.substring(end + "</roleName>".length());
+ index = response.indexOf("<roleName>");
+ }
+
+ return roles;
+ }
+
public boolean abort() {
return true;
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/b050fe28/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
new file mode 100644
index 0000000..eca0818
--- /dev/null
+++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModuleTest.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.jaas.modules.syncope;
+
+import org.junit.Test;
+import org.junit.Assert;
+
+import java.util.List;
+
+public class SyncopeLoginModuleTest {
+
+ @Test
+ public void testRolesExtraction() throws Exception {
+ String syncopeResponse = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n" +
+ "<user>\n" +
+ " <attributes>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>cool</schema>\n" +
+ " <value>false</value>\n" +
+ " </attribute>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>email</schema>\n" +
+ " <value>karaf@example.net</value>\n" +
+ " </attribute>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>fullname</schema>\n" +
+ " <value>karaf</value>\n" +
+ " </attribute>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>gender</schema>\n" +
+ " <value>M</value>\n" +
+ " </attribute>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>surname</schema>\n" +
+ " <value>karaf</value>\n" +
+ " </attribute>\n" +
+ " <attribute>\n" +
+ " <readonly>false</readonly>\n" +
+ " <schema>userId</schema>\n" +
+ " <value>karaf@example.net</value>\n" +
+ " </attribute>\n" +
+ " </attributes>\n" +
+ " <derivedAttributes/>\n" +
+ " <id>100</id>\n" +
+ " <propagationStatuses/>\n" +
+ " <resources/>\n" +
+ " <virtualAttributes/>\n" +
+ " <creationDate>2014-08-12T18:37:09.202+02:00</creationDate>\n" +
+ " <failedLogins>0</failedLogins>\n" +
+ " <lastLoginDate>2014-08-13T09:38:02.204+02:00</lastLoginDate>\n" +
+ " <memberships>\n" +
+ " <membership>\n" +
+ " <attributes/>\n" +
+ " <derivedAttributes/>\n" +
+ " <id>100</id>\n" +
+ " <propagationStatuses/>\n" +
+ " <resources/>\n" +
+ " <virtualAttributes/>\n" +
+ " <resources/>\n" +
+ " <roleId>100</roleId>\n" +
+ " <roleName>admin</roleName>\n" +
+ " </membership>\n" +
+ " <membership>\n" +
+ " <attributes/>\n" +
+ " <derivedAttributes/>\n" +
+ " <id>101</id>\n" +
+ " <propagationStatuses/>\n" +
+ " <resources/>\n" +
+ " <virtualAttributes/>\n" +
+ " <resources/>\n" +
+ " <roleId>101</roleId>\n" +
+ " <roleName>another</roleName>\n" +
+ " </membership>\n" +
+ " </memberships>\n" +
+ " <password>36460D3A3C1E27C0DB2AF23344475EE712DD3C9D</password>\n" +
+ " <status>active</status>\n" +
+ " <username>karaf</username>\n" +
+ "</user>\n";
+ SyncopeLoginModule syncopeLoginModule = new SyncopeLoginModule();
+ List<String> roles = syncopeLoginModule.extractingRoles(syncopeResponse);
+ Assert.assertEquals(2, roles.size());
+ Assert.assertEquals("admin", roles.get(0));
+ Assert.assertEquals("another", roles.get(1));
+ }
+
+}