Repository: incubator-brooklyn Updated Branches: refs/heads/master d90a8bf07 -> e206168af
LDAP Domain Component Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/8d4baaa0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/8d4baaa0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/8d4baaa0 Branch: refs/heads/master Commit: 8d4baaa076f4a4506e02fefc6cd97da10cc64af7 Parents: 906ea25 Author: Valentin Aitken <[email protected]> Authored: Thu Jul 30 20:53:16 2015 +0300 Committer: Valentin Aitken <[email protected]> Committed: Thu Jul 30 20:53:16 2015 +0300 ---------------------------------------------------------------------- .../java/brooklyn/rest/BrooklynWebConfig.java | 3 ++ .../security/provider/LdapSecurityProvider.java | 30 ++++++++++++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java index 4443b00..294fd18 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/BrooklynWebConfig.java @@ -66,6 +66,9 @@ public class BrooklynWebConfig { public final static ConfigKey<String> LDAP_REALM = ConfigKeys.newStringConfigKey( BASE_NAME_SECURITY+".ldap.realm"); + public final static ConfigKey<String> LDAP_OU = ConfigKeys.newStringConfigKey( + BASE_NAME_SECURITY+"ldap.ou"); + public final static ConfigKey<Boolean> HTTPS_REQUIRED = ConfigKeys.newBooleanConfigKey( BASE_NAME+".security.https.required", "Whether HTTPS is required; false here can be overridden by CLI option", false); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/8d4baaa0/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java index a9fa453..c8c10a1 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java @@ -35,6 +35,12 @@ import brooklyn.management.ManagementContext; import brooklyn.rest.BrooklynWebConfig; import brooklyn.util.exceptions.Exceptions; import brooklyn.util.text.Strings; +import com.google.common.base.Function; +import com.google.common.base.Joiner; +import com.google.common.collect.Lists; + +import java.util.Arrays; +import java.util.List; /** * A {@link SecurityProvider} implementation that relies on LDAP to authenticate. @@ -49,6 +55,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se private final String ldapUrl; private final String ldapRealm; + private final String organizationUnit; public LdapSecurityProvider(ManagementContext mgmt) { StringConfigMap properties = mgmt.getConfig(); @@ -56,11 +63,20 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se Strings.checkNonEmpty(ldapUrl, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_URL); ldapRealm = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_REALM)); Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_REALM); + + if(Strings.isBlank(properties.getConfig(BrooklynWebConfig.LDAP_OU))) { + LOG.info("Setting LDAP ou attribute to: Users"); + organizationUnit = "Users"; + } else { + organizationUnit = CharMatcher.isNot('"').retainFrom(properties.getConfig(BrooklynWebConfig.LDAP_OU)); + } + Strings.checkNonEmpty(ldapRealm, "LDAP security provider configuration missing required property "+BrooklynWebConfig.LDAP_OU); } - public LdapSecurityProvider(String ldapUrl, String ldapRealm) { + public LdapSecurityProvider(String ldapUrl, String ldapRealm, String organizationUnit) { this.ldapUrl = ldapUrl; this.ldapRealm = ldapRealm; + this.organizationUnit = organizationUnit; } @SuppressWarnings({ "rawtypes", "unchecked" }) @@ -68,7 +84,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se public boolean authenticate(HttpSession session, String user, String password) { if (session==null || user==null) return false; checkCanLoad(); - + Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl); @@ -85,7 +101,15 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se } private String getUserDN(String user) { - return "cn=" + user + "," + ldapRealm; + List<String> domain = Lists.transform(Arrays.asList(ldapRealm.split("\\.")), new Function<String, String>() { + @Override + public String apply(String input) { + return "dc=" + input; + } + }); + + String dc = Joiner.on(",").join(domain).toLowerCase(); + return "cn=" + user + ",ou=" + organizationUnit + "," + dc; } static boolean triedLoading = false;
