if using useDefaultRoleName we must check role really exists

git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1437035 13f79535-47bb-0310-9956-ffa450edef68
2013-01-22 16:36:38 +00:00 · 2013-01-22 16:36:38 +00:00 · df0a55dab7
parent 078b26ba3c
commit df0a55dab7
4 changed files with 36 additions and 19 deletions
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
@ -57,7 +57,7 @@ import java.util.Set;
 * @author Olivier Lamy
 * @since 2.1
 */
-@Service("ldapRoleMapper#default")
+@Service( "ldapRoleMapper#default" )
 public class DefaultLdapRoleMapper
    implements LdapRoleMapper
 {
@ -68,7 +68,7 @@ public class DefaultLdapRoleMapper
    private LdapConnectionFactory ldapConnectionFactory;

    @Inject
-    @Named(value = "userConfiguration#default")
+    @Named( value = "userConfiguration#default" )
    private UserConfiguration userConf;

    //---------------------------
@ -395,7 +395,7 @@ public class DefaultLdapRoleMapper
        }
    }

-    public List<String> getRoles( String username, DirContext context )
+    public List<String> getRoles( String username, DirContext context, Collection<String> realRoles )
        throws MappingException
    {
        List<String> groups = getGroups( username, context );
@ -409,18 +409,15 @@ public class DefaultLdapRoleMapper
            Collection<String> rolesPerGroup = rolesMapping.get( group );
            if ( rolesPerGroup != null )
            {
-                for ( String role : rolesPerGroup )
-                {
-                    roles.add( role );
-                }
+                roles.addAll( rolesPerGroup );
            }
-            /*else
+            else
            {
-                if ( this.useDefaultRoleName )
+                if ( this.useDefaultRoleName && realRoles != null && realRoles.contains( group ) )
                {
                    roles.add( group );
                }
-            }*/
+            }
        }

        return new ArrayList<String>( roles );
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java
@ -86,7 +86,7 @@ public interface LdapRoleMapper
    List<String> getGroups( String username, DirContext context )
        throws MappingException;

-    List<String> getRoles( String username, DirContext context )
+    List<String> getRoles( String username, DirContext context, Collection<String> realRoles )
        throws MappingException;

    /**
--- a/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
@ -86,6 +86,9 @@ public class TestLdapRoleMapper
    @Inject
    LdapConnectionFactory ldapConnectionFactory;

+    List<String> roleNames =
+        Arrays.asList( "Archiva System Administrator", "Internal Repo Manager", "Internal Repo Observer" );
+
    LdapConnection ldapConnection;

    DirContext context;
@ -339,7 +342,7 @@ public class TestLdapRoleMapper
    public void getRoles()
        throws Exception
    {
-        List<String> roles = ldapRoleMapper.getRoles( "admin", getDirContext() );
+        List<String> roles = ldapRoleMapper.getRoles( "admin", getDirContext(), roleNames );

        log.info( "roles for admin: {}", roles );

@ -347,14 +350,14 @@ public class TestLdapRoleMapper
                                                                                       "Internal Repo Manager",
                                                                                       "Internal Repo Observer" );

-        roles = ldapRoleMapper.getRoles( "user.7", getDirContext() );
+        roles = ldapRoleMapper.getRoles( "user.7", getDirContext(), roleNames );

        log.info( "roles for user.7: {}", roles );

        Assertions.assertThat( roles ).isNotNull().isNotEmpty().hasSize( 2 ).contains( "Archiva System Administrator",
                                                                                       "Internal Repo Observer" );

-        roles = ldapRoleMapper.getRoles( "user.8", getDirContext() );
+        roles = ldapRoleMapper.getRoles( "user.8", getDirContext(), roleNames );

        log.info( "roles for user.8: {}", roles );

--- a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
@ -370,6 +370,18 @@ public class LdapRbacManager

    }

+    protected List<String> getRealRoles()
+        throws RbacManagerException
+    {
+        List<Role> roles = this.rbacImpl.getAllRoles();
+        List<String> roleNames = new ArrayList<String>( roles.size() );
+        for ( Role role : roles )
+        {
+            roleNames.add( role.getName() );
+        }
+        return roleNames;
+    }
+
    public Collection<Role> getAssignedRoles( String username )
        throws RbacManagerException
    {
@ -382,7 +394,7 @@ public class LdapRbacManager

            ldapConnection = ldapConnectionFactory.getConnection();
            context = ldapConnection.getDirContext();
-            List<String> roleNames = ldapRoleMapper.getRoles( username, context );
+            List<String> roleNames = ldapRoleMapper.getRoles( username, context, getRealRoles() );

            if ( roleNames.isEmpty() )
            {
@ -531,7 +543,7 @@ public class LdapRbacManager
            context = ldapConnection.getDirContext();

            List<String> allRoles = ldapRoleMapper.getAllRoles( context );
-            final List<String> userRoles = ldapRoleMapper.getRoles( username, context );
+            final List<String> userRoles = ldapRoleMapper.getRoles( username, context, getRealRoles() );

            List<Role> unassignedRoles = new ArrayList<Role>();

@ -568,7 +580,7 @@ public class LdapRbacManager
        {
            ldapConnection = ldapConnectionFactory.getConnection();
            context = ldapConnection.getDirContext();
-            List<String> roles = ldapRoleMapper.getRoles( username, context );
+            List<String> roles = ldapRoleMapper.getRoles( username, context, getRealRoles() );

            return new UserAssignmentImpl( username, roles );
        }
@ -938,7 +950,8 @@ public class LdapRbacManager
            context = ldapConnection.getDirContext();
            List<String> allRoles = ldapRoleMapper.getAllRoles( context );

-            List<String> currentUserRoles = ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context );
+            List<String> currentUserRoles =
+                ldapRoleMapper.getRoles( userAssignment.getPrincipal(), context, getRealRoles() );

            for ( String role : userAssignment.getRoleNames() )
            {
@ -992,13 +1005,17 @@ public class LdapRbacManager
        {
            ldapConnection = ldapConnectionFactory.getConnection();
            context = ldapConnection.getDirContext();
-            List<String> roles = ldapRoleMapper.getRoles( principal, context );
+            List<String> roles = ldapRoleMapper.getRoles( principal, context, getRealRoles() );
            if ( roles == null || roles.isEmpty() )
            {
                return false;
            }
            return true;
        }
+        catch ( RbacManagerException e )
+        {
+            log.warn( "fail to call userAssignmentExists: {}", e.getMessage() );
+        }
        catch ( LdapException e )
        {
            log.warn( "fail to call userAssignmentExists: {}", e.getMessage() );