From 72e1da809122e8ee463f684fd04c3996ef62e19b Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Thu, 3 Jan 2013 17:02:10 +0000 Subject: [PATCH] add a ldap role mapper git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1428472 13f79535-47bb-0310-9956-ffa450edef68 --- .../redback/common/ldap/LdapUserMapper.java | 2 +- .../configuration/UserConfigurationKeys.java | 6 + redback-rbac/redback-rbac-providers/pom.xml | 2 +- .../redback-rbac-ldap/pom.xml | 107 ++++ .../rbac/ldap/DefaultLdapRoleMapper.java | 306 +++++++++++ .../redback/rbac/ldap/LdapRbacManager.java | 475 ++++++++++++++++++ .../redback/rbac/ldap/LdapRoleMapper.java | 96 ++++ .../resources/META-INF/spring-context.xml | 115 +++++ .../redback/rbac/ldap/TestLdapRoleMapper.java | 85 ++++ .../src/test/resources/spring-context.xml | 50 ++ 10 files changed, 1242 insertions(+), 2 deletions(-) create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java create mode 100755 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java index 032d87a0..6cf3d859 100644 --- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java +++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/LdapUserMapper.java @@ -193,7 +193,7 @@ public class LdapUserMapper String nameAttribute = getUserFullNameAttribute(); String passwordAttribute = getPasswordAttribute(); - String userId = ( LdapUtils.getAttributeValue( attributes, userIdAttribute, "username" ) ); + String userId = LdapUtils.getAttributeValue( attributes, userIdAttribute, "username" ); LdapUser user = new LdapUser( userId ); user.setOriginalAttributes( attributes ); diff --git a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java index 18f8cc9a..d6f0fd93 100644 --- a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java +++ b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java @@ -72,6 +72,12 @@ public interface UserConfigurationKeys String LDAP_BINDDN = "ldap.config.bind.dn"; + String LDAP_GROUPS_CLASS = "ldap.config.groups.class"; + + String LDAP_GROUPS_BASEDN = "ldap.config.groups.base.dn"; + + String LDAP_GROUPS_ROLE_START_KEY = "ldap.config.groups.role."; + String APPLICATION_URL = "application.url"; String EMAIL_URL_PATH = "email.url.path"; diff --git a/redback-rbac/redback-rbac-providers/pom.xml b/redback-rbac/redback-rbac-providers/pom.xml index cd42db3c..4717d9f1 100644 --- a/redback-rbac/redback-rbac-providers/pom.xml +++ b/redback-rbac/redback-rbac-providers/pom.xml @@ -31,6 +31,6 @@ redback-rbac-jdo redback-rbac-memory redback-rbac-cached - + redback-rbac-ldap diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml new file mode 100644 index 00000000..0423d7d3 --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml @@ -0,0 +1,107 @@ + + + + + 4.0.0 + + + org.apache.archiva.redback + redback-rbac-providers + 2.1-SNAPSHOT + + + redback-rbac-ldap + bundle + Redback :: RBAC Provider :: Ldap + + + + org.apache.archiva.redback + redback-system + + + org.apache.archiva.redback + redback-authorization-api + + + org.apache.archiva.redback + redback-rbac-model + + + org.apache.archiva.redback + redback-common-ldap + + + org.apache.archiva.redback.components.cache + spring-cache-api + + + org.apache.archiva.redback.components.cache + spring-cache-ehcache + + + net.sf.ehcache + ehcache-core + + + org.springframework + spring-context-support + + + javax.annotation + jsr250-api + + + org.apache.archiva.redback + redback-users-ldap + test + + + org.apache.archiva.redback + redback-rbac-tests + test + + + org.hsqldb + hsqldb + test + + + org.slf4j + slf4j-simple + test + + + org.easytesting + fest-assert + test + + + + + + + org.apache.felix + maven-bundle-plugin + + + + + diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java new file mode 100644 index 00000000..ba2e1531 --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/DefaultLdapRoleMapper.java @@ -0,0 +1,306 @@ +package org.apache.archiva.redback.rbac.ldap; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.redback.common.ldap.MappingException; +import org.apache.archiva.redback.common.ldap.connection.LdapConnection; +import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory; +import org.apache.archiva.redback.common.ldap.connection.LdapException; +import org.apache.archiva.redback.configuration.UserConfiguration; +import org.apache.archiva.redback.configuration.UserConfigurationKeys; +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service; + +import javax.annotation.PostConstruct; +import javax.inject.Inject; +import javax.inject.Named; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.DirContext; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +/** + * @author Olivier Lamy + * @since 2.1 + */ +@Service( "ldapRoleMapper#default" ) +public class DefaultLdapRoleMapper + implements LdapRoleMapper +{ + + private Logger log = LoggerFactory.getLogger( getClass() ); + + @Inject + private LdapConnectionFactory ldapConnectionFactory; + + @Inject + @Named( value = "userConfiguration#default" ) + private UserConfiguration userConf; + + //--------------------------- + // fields + //--------------------------- + + private String ldapGroupClass = "groupOfUniqueNames"; + + private String groupsDn; + + @PostConstruct + public void initialize() + { + this.ldapGroupClass = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass ); + + this.groupsDn = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn ); + } + + public String getLdapGroup( String role ) + { + return userConf.getString( UserConfigurationKeys.LDAP_GROUPS_ROLE_START_KEY + role ); + } + + public List getAllGroups() + throws MappingException + { + // TODO caching + LdapConnection ldapConnection = null; + + NamingEnumeration namingEnumeration = null; + try + { + ldapConnection = ldapConnectionFactory.getConnection(); + + DirContext context = ldapConnection.getDirContext(); + + SearchControls searchControls = new SearchControls(); + + searchControls.setDerefLinkFlag( true ); + searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); + + String filter = "objectClass=" + getLdapGroupClass(); + + namingEnumeration = context.search( getGroupsDn(), filter, searchControls ); + + List allGroups = new ArrayList(); + + while ( namingEnumeration.hasMore() ) + { + SearchResult searchResult = namingEnumeration.next(); + + String groupName = searchResult.getName(); + // cn=blabla we only want bla bla + groupName = StringUtils.substringAfter( groupName, "=" ); + + log.debug( "found groupName: '{}", groupName ); + + allGroups.add( groupName ); + + } + + return allGroups; + } + catch ( LdapException e ) + { + throw new MappingException( e.getMessage(), e ); + } + catch ( NamingException e ) + { + throw new MappingException( e.getMessage(), e ); + } + + finally + { + if ( ldapConnection != null ) + { + ldapConnection.close(); + } + if ( namingEnumeration != null ) + { + try + { + namingEnumeration.close(); + } + catch ( NamingException e ) + { + log.warn( "failed to close search results", e ); + } + } + } + } + + public List getGroupsMember( String group ) + throws MappingException + { + // TODO caching + LdapConnection ldapConnection = null; + + NamingEnumeration namingEnumeration = null; + try + { + ldapConnection = ldapConnectionFactory.getConnection(); + + DirContext context = ldapConnection.getDirContext(); + + SearchControls searchControls = new SearchControls(); + + searchControls.setDerefLinkFlag( true ); + searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE ); + + String filter = "objectClass=" + getLdapGroupClass(); + + namingEnumeration = context.search( "cn=" + group + "," + getGroupsDn(), filter, searchControls ); + + List allMembers = new ArrayList(); + + while ( namingEnumeration.hasMore() ) + { + SearchResult searchResult = namingEnumeration.next(); + + Attribute uniqueMemberAttr = searchResult.getAttributes().get( "uniquemember" ); + + if ( uniqueMemberAttr != null ) + { + NamingEnumeration allMembersEnum = (NamingEnumeration) uniqueMemberAttr.getAll(); + while ( allMembersEnum.hasMore() ) + { + String userName = allMembersEnum.next(); + // uid=blabla we only want bla bla + userName = StringUtils.substringAfter( userName, "=" ); + userName = StringUtils.substringBefore( userName, "," ); + log.debug( "found userName for group {}: '{}", group, userName ); + + allMembers.add( userName ); + } + close( allMembersEnum ); + } + + + } + + return allMembers; + } + catch ( LdapException e ) + { + throw new MappingException( e.getMessage(), e ); + } + catch ( NamingException e ) + { + throw new MappingException( e.getMessage(), e ); + } + + finally + { + if ( ldapConnection != null ) + { + ldapConnection.close(); + } + close( namingEnumeration ); + } + } + + public List getGroups( String username ) + throws MappingException + { + // TODO caching and a filter with uid + List allGroups = getAllGroups(); + List userGroups = new ArrayList(); + for ( String group : allGroups ) + { + List users = getGroupsMember( group ); + if ( users.contains( username ) ) + { + userGroups.add( group ); + } + } + return userGroups; + } + + private void close( NamingEnumeration namingEnumeration ) + { + if ( namingEnumeration != null ) + { + try + { + namingEnumeration.close(); + } + catch ( NamingException e ) + { + log.warn( "fail to close namingEnumeration: {}", e.getMessage() ); + } + } + } + + public String getGroupsDn() + { + return this.groupsDn; + } + + public String getLdapGroupClass() + { + return this.ldapGroupClass; + } + + public void addLdapMapping( String role, String ldapGroup ) + { + log.warn( "addLdapMapping not implemented" ); + } + + public void removeLdapMapping( String role ) + { + log.warn( "removeLdapMapping not implemented" ); + } + + public Map getLdapGroupMappings() + { + log.warn( "getLdapGroupMappings not implemented" ); + return Collections.emptyMap(); + } + + //--------------------------------- + // setters for unit tests + //--------------------------------- + + + public void setGroupsDn( String groupsDn ) + { + this.groupsDn = groupsDn; + } + + public void setLdapGroupClass( String ldapGroupClass ) + { + this.ldapGroupClass = ldapGroupClass; + } + + public void setUserConf( UserConfiguration userConf ) + { + this.userConf = userConf; + } + + public void setLdapConnectionFactory( LdapConnectionFactory ldapConnectionFactory ) + { + this.ldapConnectionFactory = ldapConnectionFactory; + } +} diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java new file mode 100644 index 00000000..afe54ba5 --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java @@ -0,0 +1,475 @@ +package org.apache.archiva.redback.rbac.ldap; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory; +import org.apache.archiva.redback.rbac.AbstractRBACManager; +import org.apache.archiva.redback.rbac.AbstractRole; +import org.apache.archiva.redback.rbac.AbstractUserAssignment; +import org.apache.archiva.redback.rbac.Operation; +import org.apache.archiva.redback.rbac.Permission; +import org.apache.archiva.redback.rbac.RBACManager; +import org.apache.archiva.redback.rbac.RbacManagerException; +import org.apache.archiva.redback.rbac.RbacObjectInvalidException; +import org.apache.archiva.redback.rbac.RbacObjectNotFoundException; +import org.apache.archiva.redback.rbac.Resource; +import org.apache.archiva.redback.rbac.Role; +import org.apache.archiva.redback.rbac.UserAssignment; +import org.springframework.stereotype.Service; + +import javax.inject.Inject; +import java.util.Collection; +import java.util.Collections; +import java.util.List; + +/** + * @author Olivier Lamy + * @since 2.1 + */ +@Service( "rbacManager#ldap" ) +public class LdapRbacManager + extends AbstractRBACManager + implements RBACManager +{ + + @Inject + private LdapConnectionFactory ldapConnectionFactory; + + public Role createRole( String name ) + { + return new MockRole(); + } + + public Role saveRole( Role role ) + throws RbacManagerException + { + return role; + } + + public void saveRoles( Collection roles ) + throws RbacManagerException + { + // no op + } + + public Role getRole( String roleName ) + throws RbacManagerException + { + // TODO + return null; + } + + public List getAllRoles() + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public void removeRole( Role role ) + throws RbacManagerException + { + // no op + } + + public Permission createPermission( String name ) + throws RbacManagerException + { + return new MockPermission(); + } + + public Permission createPermission( String name, String operationName, String resourceIdentifier ) + throws RbacManagerException + { + return new MockPermission(); + } + + public Permission savePermission( Permission permission ) + throws RbacManagerException + { + return permission; + } + + public Permission getPermission( String permissionName ) + throws RbacManagerException + { + return new MockPermission(); + } + + public List getAllPermissions() + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public void removePermission( Permission permission ) + throws RbacManagerException + { + // no op + } + + public Operation createOperation( String name ) + throws RbacManagerException + { + return new MockOperation(); + } + + public Operation saveOperation( Operation operation ) + throws RbacManagerException + { + return operation; + } + + public Operation getOperation( String operationName ) + throws RbacManagerException + { + return new MockOperation(); + } + + public List getAllOperations() + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public void removeOperation( Operation operation ) + throws RbacManagerException + { + // no op + } + + public Resource createResource( String identifier ) + throws RbacManagerException + { + return new MockResource(); + } + + public Resource saveResource( Resource resource ) + throws RbacManagerException + { + return resource; + } + + public Resource getResource( String resourceIdentifier ) + throws RbacManagerException + { + // TODO + return new MockResource(); + } + + public List getAllResources() + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public void removeResource( Resource resource ) + throws RbacManagerException + { + // no op + } + + public UserAssignment createUserAssignment( String principal ) + throws RbacManagerException + { + return new MockUserAssignment(); + } + + public UserAssignment saveUserAssignment( UserAssignment userAssignment ) + throws RbacManagerException + { + return userAssignment; + } + + public UserAssignment getUserAssignment( String principal ) + throws RbacManagerException + { + // TODO + return new MockUserAssignment(); + } + + public List getAllUserAssignments() + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public List getUserAssignmentsForRoles( Collection roleNames ) + throws RbacManagerException + { + // TODO + return Collections.emptyList(); + } + + public void removeUserAssignment( UserAssignment userAssignment ) + throws RbacManagerException + { + // no op + } + + public void eraseDatabase() + { + // no op + } + + //------------------------------- + // Mock classes + //------------------------------- + + private static class MockRole + extends AbstractRole + implements Role + { + public void addPermission( Permission permission ) + { + // no op + } + + public void addChildRoleName( String name ) + { + // no op + } + + public List getChildRoleNames() + { + return Collections.emptyList(); + } + + public String getDescription() + { + return null; + } + + public String getName() + { + return null; + } + + public List getPermissions() + { + return Collections.emptyList(); + } + + public boolean isAssignable() + { + return false; + } + + public void removePermission( Permission permission ) + { + // no op + } + + public void setAssignable( boolean assignable ) + { + // no op + } + + public void setChildRoleNames( List names ) + { + // no op + } + + public void setDescription( String description ) + { + // no op + } + + public void setName( String name ) + { + // no op + } + + public void setPermissions( List permissions ) + { + //To change body of implemented methods use File | Settings | File Templates. + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + // no op + } + } + + private static class MockPermission + implements Permission + { + public String getDescription() + { + return null; + } + + public String getName() + { + return null; + } + + public Operation getOperation() + { + return null; + } + + public Resource getResource() + { + return null; + } + + public void setDescription( String description ) + { + // no op + } + + public void setName( String name ) + { + // no op + } + + public void setOperation( Operation operation ) + { + // no op + } + + public void setResource( Resource resource ) + { + // no op + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + // no op + } + } + + private static class MockOperation + implements Operation + { + public String getDescription() + { + return null; + } + + public String getName() + { + return null; + } + + public void setDescription( String description ) + { + // no op + } + + public void setName( String name ) + { + // no op + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + // no op + } + } + + private static class MockResource + implements Resource + { + public String getIdentifier() + { + return null; + } + + public boolean isPattern() + { + return false; + } + + public void setIdentifier( String identifier ) + { + // no op + } + + public void setPattern( boolean pattern ) + { + // no op + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + // no op + } + } + + private static class MockUserAssignment + extends AbstractUserAssignment + implements UserAssignment + { + public String getPrincipal() + { + return null; + } + + public List getRoleNames() + { + return Collections.emptyList(); + } + + public void setPrincipal( String principal ) + { + // no op + } + + public void setRoleNames( List roles ) + { + // no op + } + + public boolean isPermanent() + { + return false; + } + + public void setPermanent( boolean permanent ) + { + // no op + } + } +} diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java new file mode 100644 index 00000000..949e9b5a --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRoleMapper.java @@ -0,0 +1,96 @@ +package org.apache.archiva.redback.rbac.ldap; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import org.apache.archiva.redback.common.ldap.MappingException; + +import java.util.List; +import java.util.Map; + +/** + * will map ldap group to redback role + * + * @author Olivier Lamy + * @since 2.1 + */ +public interface LdapRoleMapper +{ + /** + * @param role redback role + * @return corresponding LDAP group + */ + String getLdapGroup( String role ) + throws MappingException; + + // for continuum ? + //String getLdapGroup( String role, String resource ); + + + /** + * @return all LDAP groups + */ + List getAllGroups() + throws MappingException; + + + /** + * @return the base dn which contains all ldap groups + */ + String getGroupsDn(); + + /** + * @return the class used for group usually groupOfUniqueNames + */ + String getLdapGroupClass(); + + /** + * @param group ldap group + * @return uids of group members + * @throws MappingException + */ + List getGroupsMember( String group ) + throws MappingException; + + List getGroups( String username ) + throws MappingException; + + /** + * add mapping redback role <-> ldap group + * + * @param role redback role + * @param ldapGroup ldap group + */ + void addLdapMapping( String role, String ldapGroup ) + throws MappingException; + + /** + * remove a mapping + * + * @param role redback role + */ + void removeLdapMapping( String role ) + throws MappingException; + + /** + * @return Map of corresponding Redback role (key) and LDAP group (value) + */ + Map getLdapGroupMappings() + throws MappingException; + +} diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml new file mode 100644 index 00000000..dc93717d --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java new file mode 100644 index 00000000..c556cfd4 --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/TestLdapRoleMapper.java @@ -0,0 +1,85 @@ +package org.apache.archiva.redback.rbac.ldap; +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import junit.framework.TestCase; +import org.fest.assertions.Assertions; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import javax.inject.Inject; +import javax.inject.Named; +import java.util.List; + +/** + * @author Olivier Lamy + */ +@RunWith( SpringJUnit4ClassRunner.class ) +@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } ) +@DirtiesContext( classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD ) +public class TestLdapRoleMapper + extends TestCase +{ + + Logger log = LoggerFactory.getLogger( getClass() ); + + @Inject + @Named( value = "ldapRoleMapper#test" ) + LdapRoleMapper ldapRoleMapper; + + + @Test + public void getAllGroups() + throws Exception + { + List allGroups = ldapRoleMapper.getAllGroups(); + + log.info( "allGroups: {}", allGroups ); + + Assertions.assertThat( allGroups ).isNotNull().isNotEmpty().contains( "archiva-admin", + "internal-repo-manager" ); + } + + @Test + public void getGroupsMember() + throws Exception + { + List users = ldapRoleMapper.getGroupsMember( "archiva-admin" ); + + log.info( "users for archiva-admin: {}", users ); + + Assertions.assertThat( users ).isNotNull().isNotEmpty().contains( "admin", "user.7" ); + } + + @Test + public void getGroups() + throws Exception + { + List roles = ldapRoleMapper.getGroups( "admin" ); + + log.info( "roles for admin: {}", roles ); + + Assertions.assertThat( roles ).isNotNull().isNotEmpty().contains( "archiva-admin", "internal-repo-manager" ); + } +} diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml new file mode 100755 index 00000000..403f4195 --- /dev/null +++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file