SEC-2690: Formatting cleanup
This commit is contained in:
Rob Winch
parent
93b863d2e5
commit
6b43b261bc
|
|
@ -100,66 +100,66 @@ public class SpringSecurityLdapTemplateITests extends AbstractLdapIntegrationTes
|
|||
assertTrue(values.contains("submanager"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test
|
||||
public void testMultiAttributeRetrievalWithNullAttributeNames() {
|
||||
Set<Map<String, String[]>> values =
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[] {"bob"},
|
||||
null);
|
||||
Set<Map<String, String[]>> values =
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[]{"bob"},
|
||||
null);
|
||||
assertEquals(1, values.size());
|
||||
Map<String, String[]> record = (Map<String, String[]>)values.toArray()[0];
|
||||
assertAttributeValue(record,"uid","bob");
|
||||
assertAttributeValue(record,"objectclass","top","person","organizationalPerson","inetOrgPerson");
|
||||
assertAttributeValue(record,"cn","Bob Hamilton");
|
||||
assertAttributeValue(record,"sn","Hamilton");
|
||||
Map<String, String[]> record = (Map<String, String[]>) values.toArray()[0];
|
||||
assertAttributeValue(record, "uid", "bob");
|
||||
assertAttributeValue(record, "objectclass", "top", "person", "organizationalPerson", "inetOrgPerson");
|
||||
assertAttributeValue(record, "cn", "Bob Hamilton");
|
||||
assertAttributeValue(record, "sn", "Hamilton");
|
||||
assertFalse(record.containsKey("userPassword"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMultiAttributeRetrievalWithZeroLengthAttributeNames() {
|
||||
Set<Map<String, String[]>> values =
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[] {"bob"},
|
||||
new String[0]);
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[]{"bob"},
|
||||
new String[0]);
|
||||
assertEquals(1, values.size());
|
||||
Map<String, String[]> record = (Map<String, String[]>)values.toArray()[0];
|
||||
assertAttributeValue(record,"uid","bob");
|
||||
assertAttributeValue(record,"objectclass","top","person","organizationalPerson","inetOrgPerson");
|
||||
assertAttributeValue(record,"cn","Bob Hamilton");
|
||||
assertAttributeValue(record,"sn","Hamilton");
|
||||
Map<String, String[]> record = (Map<String, String[]>) values.toArray()[0];
|
||||
assertAttributeValue(record, "uid", "bob");
|
||||
assertAttributeValue(record, "objectclass", "top", "person", "organizationalPerson", "inetOrgPerson");
|
||||
assertAttributeValue(record, "cn", "Bob Hamilton");
|
||||
assertAttributeValue(record, "sn", "Hamilton");
|
||||
assertFalse(record.containsKey("userPassword"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMultiAttributeRetrievalWithSpecifiedAttributeNames() {
|
||||
Set<Map<String, String[]>> values =
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[] {"bob"},
|
||||
new String[] {
|
||||
"uid",
|
||||
"cn",
|
||||
"sn"
|
||||
});
|
||||
template.searchForMultipleAttributeValues(
|
||||
"ou=people",
|
||||
"(uid={0})",
|
||||
new String[]{"bob"},
|
||||
new String[]{
|
||||
"uid",
|
||||
"cn",
|
||||
"sn"
|
||||
});
|
||||
assertEquals(1, values.size());
|
||||
Map<String, String[]> record = (Map<String, String[]>)values.toArray()[0];
|
||||
assertAttributeValue(record,"uid","bob");
|
||||
assertAttributeValue(record,"cn","Bob Hamilton");
|
||||
assertAttributeValue(record,"sn","Hamilton");
|
||||
Map<String, String[]> record = (Map<String, String[]>) values.toArray()[0];
|
||||
assertAttributeValue(record, "uid", "bob");
|
||||
assertAttributeValue(record, "cn", "Bob Hamilton");
|
||||
assertAttributeValue(record, "sn", "Hamilton");
|
||||
assertFalse(record.containsKey("userPassword"));
|
||||
assertFalse(record.containsKey("objectclass"));
|
||||
}
|
||||
|
||||
protected void assertAttributeValue(Map<String, String[]> record, String attributeName, String... values) {
|
||||
assertTrue(record.containsKey(attributeName));
|
||||
assertEquals(values.length,record.get(attributeName).length);
|
||||
for (int i=0; i<values.length; i++) {
|
||||
assertEquals(values[i],record.get(attributeName)[i]);
|
||||
assertEquals(values.length, record.get(attributeName).length);
|
||||
for (int i = 0; i < values.length; i++) {
|
||||
assertEquals(values[i], record.get(attributeName)[i]);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,10 +25,7 @@ import java.util.Arrays;
|
|||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
* @author Filip Hanik
|
||||
|
|
@ -52,18 +49,18 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
populator.setRolePrefix("");
|
||||
populator.setSearchSubtree(true);
|
||||
populator.setConvertToUpperCase(false);
|
||||
jDevelopers = new LdapAuthority("j-developers","cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
javaDevelopers = new LdapAuthority("java-developers","cn=java-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
groovyDevelopers = new LdapAuthority("groovy-developers","cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
scalaDevelopers = new LdapAuthority("scala-developers","cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
closureDevelopers = new LdapAuthority("closure-developers","cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
circularJavaDevelopers = new LdapAuthority("circular-java-developers","cn=circular-java-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
jDevelopers = new LdapAuthority("j-developers", "cn=j-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
javaDevelopers = new LdapAuthority("java-developers", "cn=java-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
groovyDevelopers = new LdapAuthority("groovy-developers", "cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
scalaDevelopers = new LdapAuthority("scala-developers", "cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
closureDevelopers = new LdapAuthority("closure-developers", "cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
circularJavaDevelopers = new LdapAuthority("circular-java-developers", "cn=circular-java-developers,ou=jdeveloper,dc=springframework,dc=org");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testScalaDudeJDevelopersAuthorities() {
|
||||
DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,"scaladude");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
|
||||
assertEquals(5, authorities.size());
|
||||
assertEquals(Arrays.asList(javaDevelopers, scalaDevelopers, circularJavaDevelopers, jDevelopers, groovyDevelopers), authorities);
|
||||
}
|
||||
|
|
@ -71,7 +68,7 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
@Test
|
||||
public void testJavaDudeJDevelopersAuthorities() {
|
||||
DirContextAdapter ctx = new DirContextAdapter("uid=javadude,ou=people,dc=springframework,dc=org");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,"javadude");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "javadude");
|
||||
assertEquals(3, authorities.size());
|
||||
assertEquals(Arrays.asList(javaDevelopers, circularJavaDevelopers, jDevelopers), authorities);
|
||||
}
|
||||
|
|
@ -80,7 +77,7 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
public void testScalaDudeJDevelopersAuthoritiesWithSearchLimit() {
|
||||
populator.setMaxSearchDepth(1);
|
||||
DirContextAdapter ctx = new DirContextAdapter("uid=scaladude,ou=people,dc=springframework,dc=org");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,"scaladude");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "scaladude");
|
||||
assertEquals(1, authorities.size());
|
||||
assertEquals(Arrays.asList(scalaDevelopers), authorities);
|
||||
}
|
||||
|
|
@ -88,9 +85,9 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
@Test
|
||||
public void testGroovyDudeJDevelopersAuthorities() {
|
||||
DirContextAdapter ctx = new DirContextAdapter("uid=groovydude,ou=people,dc=springframework,dc=org");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,"groovydude");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "groovydude");
|
||||
assertEquals(4, authorities.size());
|
||||
assertEquals(Arrays.asList(javaDevelopers,circularJavaDevelopers,jDevelopers,groovyDevelopers), authorities);
|
||||
assertEquals(Arrays.asList(javaDevelopers, circularJavaDevelopers, jDevelopers, groovyDevelopers), authorities);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -98,9 +95,9 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
populator.setAttributeNames(new HashSet(Arrays.asList("member")));
|
||||
|
||||
DirContextAdapter ctx = new DirContextAdapter("uid=closuredude,ou=people,dc=springframework,dc=org");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx,"closuredude");
|
||||
Collection<GrantedAuthority> authorities = populator.getGrantedAuthorities(ctx, "closuredude");
|
||||
assertEquals(5, authorities.size());
|
||||
assertEquals(Arrays.asList(closureDevelopers,javaDevelopers,circularJavaDevelopers,jDevelopers,groovyDevelopers), authorities);
|
||||
assertEquals(Arrays.asList(closureDevelopers, javaDevelopers, circularJavaDevelopers, jDevelopers, groovyDevelopers), authorities);
|
||||
|
||||
LdapAuthority[] ldapAuthorities = authorities.toArray(new LdapAuthority[0]);
|
||||
assertEquals(5, ldapAuthorities.length);
|
||||
|
|
@ -108,20 +105,20 @@ public class NestedLdapAuthoritiesPopulatorTests extends AbstractLdapIntegration
|
|||
assertTrue(ldapAuthorities[0].getAttributes().containsKey("member"));
|
||||
assertNotNull(ldapAuthorities[0].getAttributes().get("member"));
|
||||
assertEquals(1, ldapAuthorities[0].getAttributes().get("member").length);
|
||||
assertEquals("uid=closuredude,ou=people,dc=springframework,dc=org",ldapAuthorities[0].getFirstAttributeValue("member"));
|
||||
assertEquals("uid=closuredude,ou=people,dc=springframework,dc=org", ldapAuthorities[0].getFirstAttributeValue("member"));
|
||||
|
||||
//java group
|
||||
assertTrue(ldapAuthorities[1].getAttributes().containsKey("member"));
|
||||
assertNotNull(ldapAuthorities[1].getAttributes().get("member"));
|
||||
assertEquals(3,ldapAuthorities[1].getAttributes().get("member").length);
|
||||
assertEquals(groovyDevelopers.getDn(),ldapAuthorities[1].getFirstAttributeValue("member"));
|
||||
assertEquals(3, ldapAuthorities[1].getAttributes().get("member").length);
|
||||
assertEquals(groovyDevelopers.getDn(), ldapAuthorities[1].getFirstAttributeValue("member"));
|
||||
assertEquals(
|
||||
new String[] {
|
||||
groovyDevelopers.getDn(),
|
||||
scalaDevelopers.getDn(),
|
||||
"uid=javadude,ou=people,dc=springframework,dc=org"
|
||||
},
|
||||
ldapAuthorities[1].getAttributes().get("member")
|
||||
new String[]{
|
||||
groovyDevelopers.getDn(),
|
||||
scalaDevelopers.getDn(),
|
||||
"uid=javadude,ou=people,dc=springframework,dc=org"
|
||||
},
|
||||
ldapAuthorities[1].getAttributes().get("member")
|
||||
);
|
||||
|
||||
//test non existent attribute
|
||||
|
|
|
|||
|
|
@ -152,12 +152,12 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
*/
|
||||
public Set<String> searchForSingleAttributeValues(final String base, final String filter, final Object[] params,
|
||||
final String attributeName) {
|
||||
String[] attributeNames = new String[] {attributeName};
|
||||
Set<Map<String,String[]>> multipleAttributeValues = searchForMultipleAttributeValues(base,filter,params,attributeNames);
|
||||
String[] attributeNames = new String[]{attributeName};
|
||||
Set<Map<String, String[]>> multipleAttributeValues = searchForMultipleAttributeValues(base, filter, params, attributeNames);
|
||||
Set<String> result = new HashSet<String>();
|
||||
for (Map<String,String[]> map : multipleAttributeValues) {
|
||||
for (Map<String, String[]> map : multipleAttributeValues) {
|
||||
String[] values = map.get(attributeName);
|
||||
if (values!=null && values.length>0) {
|
||||
if (values != null && values.length > 0) {
|
||||
result.addAll(Arrays.asList(values));
|
||||
}
|
||||
}
|
||||
|
|
@ -183,7 +183,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
// Escape the params acording to RFC2254
|
||||
Object[] encodedParams = new String[params.length];
|
||||
|
||||
for (int i=0; i < params.length; i++) {
|
||||
for (int i = 0; i < params.length; i++) {
|
||||
encodedParams[i] = LdapEncoder.filterEncode(params[i].toString());
|
||||
}
|
||||
|
||||
|
|
@ -196,13 +196,13 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
public Object mapFromContext(Object ctx) {
|
||||
DirContextAdapter adapter = (DirContextAdapter) ctx;
|
||||
Map<String, String[]> record = new HashMap<String, String[]>();
|
||||
if (attributeNames==null||attributeNames.length==0) {
|
||||
if (attributeNames == null || attributeNames.length == 0) {
|
||||
try {
|
||||
for (NamingEnumeration ae = adapter.getAttributes().getAll(); ae.hasMore(); ) {
|
||||
Attribute attr = (Attribute) ae.next();
|
||||
extractStringAttributeValues(adapter, record, attr.getID());
|
||||
}
|
||||
}catch (NamingException x) {
|
||||
} catch (NamingException x) {
|
||||
org.springframework.ldap.support.LdapUtils.convertLdapException(x);
|
||||
}
|
||||
} else {
|
||||
|
|
@ -210,7 +210,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
extractStringAttributeValues(adapter, record, attributeName);
|
||||
}
|
||||
}
|
||||
record.put(DN_KEY, new String[] {getAdapterDN(adapter)});
|
||||
record.put(DN_KEY, new String[]{getAdapterDN(adapter)});
|
||||
set.add(record);
|
||||
return null;
|
||||
}
|
||||
|
|
@ -218,7 +218,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
|
||||
SearchControls ctls = new SearchControls();
|
||||
ctls.setSearchScope(searchControls.getSearchScope());
|
||||
ctls.setReturningAttributes(attributeNames!=null&&attributeNames.length>0?attributeNames:null);
|
||||
ctls.setReturningAttributes(attributeNames != null && attributeNames.length > 0 ? attributeNames : null);
|
||||
|
||||
search(base, formattedFilter, ctls, roleMapper);
|
||||
|
||||
|
|
@ -239,10 +239,11 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
}
|
||||
|
||||
/**
|
||||
* Extracts String values for a specified attribute name and places them in the map representing the ldap record
|
||||
* If a value is not of type String, it will derive it's value from the {@link Object#toString()}
|
||||
* @param adapter - the adapter that contains the values
|
||||
* @param record - the map holding the attribute names and values
|
||||
* Extracts String values for a specified attribute name and places them in the map representing the ldap record If
|
||||
* a value is not of type String, it will derive it's value from the {@link Object#toString()}
|
||||
*
|
||||
* @param adapter - the adapter that contains the values
|
||||
* @param record - the map holding the attribute names and values
|
||||
* @param attributeName - the name for which to fetch the values from
|
||||
*/
|
||||
protected void extractStringAttributeValues(DirContextAdapter adapter, Map<String, String[]> record, String attributeName) {
|
||||
|
|
@ -253,9 +254,9 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
|||
}
|
||||
List<String> svalues = new ArrayList<String>();
|
||||
for (Object o : values) {
|
||||
if (o!=null) {
|
||||
if (o != null) {
|
||||
if (String.class.isAssignableFrom(o.getClass())) {
|
||||
svalues.add((String)o);
|
||||
svalues.add((String) o);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Attribute:" + attributeName + " contains a non string value of type[" + o.getClass() + "]");
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ public class ApacheDSContainer implements InitializingBean, DisposableBean, Life
|
|||
|
||||
server = new LdapServer();
|
||||
server.setDirectoryService(service);
|
||||
//AbstractLdapIntegrationTests assume IPv4, so we specify the same here
|
||||
// AbstractLdapIntegrationTests assume IPv4, so we specify the same here
|
||||
server.setTransports(new TcpTransport("127.0.0.1", port));
|
||||
start();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* An authority that contains at least a DN and a role name for an LDAP entry
|
||||
* but can also contain other desired attributes to be fetched during an LDAP
|
||||
* authority search.
|
||||
* An authority that contains at least a DN and a role name for an LDAP entry but can also contain other desired
|
||||
* attributes to be fetched during an LDAP authority search.
|
||||
*
|
||||
* @author Filip Hanik
|
||||
*/
|
||||
public class LdapAuthority implements GrantedAuthority {
|
||||
|
|
@ -34,21 +34,23 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Constructs an LdapAuthority that has a role and a DN but no other attributes
|
||||
*
|
||||
* @param role
|
||||
* @param dn
|
||||
*/
|
||||
public LdapAuthority(String role, String dn) {
|
||||
this(role,dn,null);
|
||||
this(role, dn, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs an LdapAuthority with the given role, DN and other LDAP attributes
|
||||
*
|
||||
* @param role
|
||||
* @param dn
|
||||
* @param attributes
|
||||
*/
|
||||
public LdapAuthority(String role, String dn, Map<String,String[]> attributes) {
|
||||
if (role==null) throw new NullPointerException("role can not be null");
|
||||
public LdapAuthority(String role, String dn, Map<String, String[]> attributes) {
|
||||
if (role == null) throw new NullPointerException("role can not be null");
|
||||
this.role = role;
|
||||
this.dn = dn;
|
||||
this.attributes = attributes;
|
||||
|
|
@ -56,6 +58,7 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Returns the LDAP attributes
|
||||
*
|
||||
* @return the LDAP attributes, map can be null
|
||||
*/
|
||||
public Map<String, String[]> getAttributes() {
|
||||
|
|
@ -64,6 +67,7 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Returns the DN for this LDAP authority
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getDn() {
|
||||
|
|
@ -72,15 +76,16 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Returns the values for a specific attribute
|
||||
*
|
||||
* @param name the attribute name
|
||||
* @return a String array, never null but may be zero length
|
||||
*/
|
||||
public String[] getAttributeValues(String name) {
|
||||
String[] result = null;
|
||||
if (attributes!=null) {
|
||||
if (attributes != null) {
|
||||
result = attributes.get(name);
|
||||
}
|
||||
if (result==null) {
|
||||
if (result == null) {
|
||||
result = new String[0];
|
||||
}
|
||||
return result;
|
||||
|
|
@ -88,12 +93,13 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
|
||||
/**
|
||||
* Returns the first attribute value for a specified attribute
|
||||
*
|
||||
* @param name
|
||||
* @return the first attribute value for a specified attribute, may be null
|
||||
*/
|
||||
public String getFirstAttributeValue(String name) {
|
||||
String[] result = getAttributeValues(name);
|
||||
if (result.length>0) {
|
||||
if (result.length > 0) {
|
||||
return result[0];
|
||||
} else {
|
||||
return null;
|
||||
|
|
@ -109,8 +115,7 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
}
|
||||
|
||||
/**
|
||||
* Compares the LdapAuthority based on {@link #getAuthority()} and {@link #getDn()} values
|
||||
* {@inheritDoc}
|
||||
* Compares the LdapAuthority based on {@link #getAuthority()} and {@link #getDn()} values {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
|
|
@ -135,8 +140,8 @@ public class LdapAuthority implements GrantedAuthority {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "LdapAuthority{" +
|
||||
"dn='" + dn + '\'' +
|
||||
", role='" + role + '\'' +
|
||||
'}';
|
||||
"dn='" + dn + '\'' +
|
||||
", role='" + role + '\'' +
|
||||
'}';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,8 +28,7 @@ import java.util.Map;
|
|||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* A LDAP authority populator that can recursively search static nested groups.
|
||||
* <p>An example of nested groups can be
|
||||
* A LDAP authority populator that can recursively search static nested groups. <p>An example of nested groups can be
|
||||
* <pre>
|
||||
* #Nested groups data
|
||||
*
|
||||
|
|
@ -128,9 +127,9 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
* Maximum search depth - represents the number of recursive searches performed
|
||||
*/
|
||||
private int maxSearchDepth = 10;
|
||||
|
||||
/**
|
||||
* Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be
|
||||
* set as a property.
|
||||
* Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be set as a property.
|
||||
*
|
||||
* @param contextSource supplies the contexts used to search for user roles.
|
||||
* @param groupSearchBase if this is an empty string the search will be performed from the root DN of the
|
||||
|
|
@ -157,50 +156,51 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
|
||||
/**
|
||||
* Performs the nested group search
|
||||
* @param userDn - the userDN to search for, will become the group DN for subsequent searches
|
||||
* @param username - the username of the user
|
||||
*
|
||||
* @param userDn - the userDN to search for, will become the group DN for subsequent searches
|
||||
* @param username - the username of the user
|
||||
* @param authorities - the authorities set that will be populated, must not be null
|
||||
* @param depth - the depth remaining, when 0 recursion will end
|
||||
* @param depth - the depth remaining, when 0 recursion will end
|
||||
*/
|
||||
protected void performNestedSearch(String userDn, String username, Set<GrantedAuthority> authorities, int depth) {
|
||||
if (depth==0) {
|
||||
if (depth == 0) {
|
||||
//back out of recursion
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Search aborted, max depth reached," +
|
||||
" for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
|
||||
+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
|
||||
" for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
|
||||
+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
|
||||
+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
|
||||
+ getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
|
||||
}
|
||||
|
||||
if (getAttributeNames()==null) {
|
||||
if (getAttributeNames() == null) {
|
||||
setAttributeNames(new HashSet<String>());
|
||||
}
|
||||
if (StringUtils.hasText(getGroupRoleAttribute()) && !getAttributeNames().contains(getGroupRoleAttribute())) {
|
||||
getAttributeNames().add(getGroupRoleAttribute());
|
||||
}
|
||||
|
||||
Set<Map<String,String[]>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
|
||||
getGroupSearchBase(),
|
||||
getGroupSearchFilter(),
|
||||
new String[]{userDn, username},
|
||||
getAttributeNames().toArray(new String[getAttributeNames().size()]));
|
||||
Set<Map<String, String[]>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
|
||||
getGroupSearchBase(),
|
||||
getGroupSearchFilter(),
|
||||
new String[]{userDn, username},
|
||||
getAttributeNames().toArray(new String[getAttributeNames().size()]));
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Roles from search: " + userRoles);
|
||||
}
|
||||
|
||||
for (Map<String,String[]> record : userRoles) {
|
||||
for (Map<String, String[]> record : userRoles) {
|
||||
boolean circular = false;
|
||||
String dn = record.get(SpringSecurityLdapTemplate.DN_KEY)[0];
|
||||
String[] roleValues = record.get(getGroupRoleAttribute());
|
||||
Set<String> roles = new HashSet<String>();
|
||||
roles.addAll(Arrays.asList(roleValues!=null?roleValues:new String[0]));
|
||||
roles.addAll(Arrays.asList(roleValues != null ? roleValues : new String[0]));
|
||||
for (String role : roles) {
|
||||
if (isConvertToUpperCase()) {
|
||||
role = role.toUpperCase();
|
||||
|
|
@ -208,9 +208,9 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
role = getRolePrefix() + role;
|
||||
//if the group already exist, we will not search for it's parents again.
|
||||
//this prevents a forever loop for a misconfigured ldap directory
|
||||
circular = circular | (!authorities.add(new LdapAuthority(role,dn,record)));
|
||||
circular = circular | (!authorities.add(new LdapAuthority(role, dn, record)));
|
||||
}
|
||||
String roleName = roles.size()>0 ? roles.iterator().next() : dn;
|
||||
String roleName = roles.size() > 0 ? roles.iterator().next() : dn;
|
||||
if (!circular) {
|
||||
performNestedSearch(dn, roleName, authorities, (depth - 1));
|
||||
}
|
||||
|
|
@ -219,8 +219,9 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
}
|
||||
|
||||
/**
|
||||
* Returns the attribute names that this populator has been configured to retrieve
|
||||
* Value can be null, represents fetch all attributes
|
||||
* Returns the attribute names that this populator has been configured to retrieve Value can be null, represents
|
||||
* fetch all attributes
|
||||
*
|
||||
* @return the attribute names or null for all
|
||||
*/
|
||||
public Set<String> getAttributeNames() {
|
||||
|
|
@ -229,6 +230,7 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
|
||||
/**
|
||||
* Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
|
||||
*
|
||||
* @param attributeNames - the names of the LDAP attributes to retrieve
|
||||
*/
|
||||
public void setAttributeNames(Set<String> attributeNames) {
|
||||
|
|
@ -236,8 +238,8 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
}
|
||||
|
||||
/**
|
||||
* How far should a nested search go. Depth is calculated in the number of levels we search up for
|
||||
* parent groups.
|
||||
* How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
|
||||
*
|
||||
* @return the max search depth, default is 10
|
||||
*/
|
||||
public int getMaxSearchDepth() {
|
||||
|
|
@ -245,8 +247,8 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
}
|
||||
|
||||
/**
|
||||
* How far should a nested search go. Depth is calculated in the number of levels we search up for
|
||||
* parent groups.
|
||||
* How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
|
||||
*
|
||||
* @param maxSearchDepth the max search depth
|
||||
*/
|
||||
public void setMaxSearchDepth(int maxSearchDepth) {
|
||||
|
|
@ -254,5 +256,4 @@ public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopula
|
|||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ public class LdapAuthorityTests {
|
|||
|
||||
@Before
|
||||
public void setUp() {
|
||||
Map<String,String[]> attributes = new HashMap<String,String[]>();
|
||||
attributes.put(SpringSecurityLdapTemplate.DN_KEY,new String[] {DN});
|
||||
attributes.put("mail",new String[] {"filip@ldap.test.org", "filip@ldap.test2.org"});
|
||||
Map<String, String[]> attributes = new HashMap<String, String[]>();
|
||||
attributes.put(SpringSecurityLdapTemplate.DN_KEY, new String[]{DN});
|
||||
attributes.put("mail", new String[]{"filip@ldap.test.org", "filip@ldap.test2.org"});
|
||||
authority = new LdapAuthority("testRole", DN, attributes);
|
||||
}
|
||||
|
||||
|
|
@ -47,6 +47,6 @@ public class LdapAuthorityTests {
|
|||
@Test
|
||||
public void testGetAuthority() throws Exception {
|
||||
assertNotNull(authority.getAuthority());
|
||||
assertEquals("testRole",authority.getAuthority());
|
||||
assertEquals("testRole", authority.getAuthority());
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue