Package com.esri.gpt.framework.security.identity

Examples of com.esri.gpt.framework.security.identity.IdentityConfiguration


* @return the collection of publishers that can be selected
*/
public static Users buildSelectablePublishers(RequestContext context,
                                              boolean forManagement) {
  IdentityAdapter idAdapter = context.newIdentityAdapter();
  IdentityConfiguration idConfig = context.getIdentityConfiguration();
 
  // add the current user to the list
  Users users = new Users();
  User user = context.getUser();
  users.add(user);
  RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
  boolean bIsAdministrator = roles.hasRole("gptAdministrator");
     
  try {
    if (bIsAdministrator && forManagement) {
     
      // add the administrators
      Role adminRole = idConfig.getConfiguredRoles().get("gptAdministrator");
      if (adminRole != null) {
        Users admins = idAdapter.readGroupMembers(adminRole.getDistinguishedName());
        for (User u: admins.values()) users.add(u);
      }
     
      // add the publishers
      Role pubRole = idConfig.getConfiguredRoles().get("gptPublisher");
      if (pubRole != null) {
        Users publishers = idAdapter.readGroupMembers(pubRole.getDistinguishedName());
        for (User u: publishers.values()) users.add(u);
      }
      users.sort();
    }
   
    // add the metadata management groups
    Groups userGroups = user.getGroups();
    Groups mgmtGroups = idConfig.getMetadataManagementGroups();
    Users mgmtUsers = new Users();
    if ((mgmtGroups != null) && (mgmtGroups.size() > 0)){
      for (Group mgmtGroup : mgmtGroups.values()) {
        boolean bAdd = bIsAdministrator;
        if ((userGroups != null) && userGroups.containsKey(mgmtGroup.getKey())) {
View Full Code Here


* @param userDN
*          the distinguished name to check
* @return the corresponding metadata management group or null
*/
private Group checkManagementGroup(RequestContext context, String userDN) {
  IdentityConfiguration idConfig = context.getIdentityConfiguration();
  Groups mgmtGroups = idConfig.getMetadataManagementGroups();
  if (mgmtGroups != null) {
    return mgmtGroups.get(userDN);
  }
  return null;
}
View Full Code Here

        // declare users
        Users users = new Users();
        // check if the owner is a group
        Group group = null;
        IdentityConfiguration idConfig = context.getIdentityConfiguration();
        Groups mgmtGroups = idConfig.getMetadataManagementGroups();
        if (mgmtGroups != null) {
          group = mgmtGroups.get(uDN);
        }
        if (group != null) {
          // read all members of the group
View Full Code Here

private void loadIdentity(ApplicationConfiguration appConfig, Document dom,
    Node root) throws XPathExpressionException {

  // prepare
  XPath xpath = XPathFactory.newInstance().newXPath();
  IdentityConfiguration idConfig = appConfig.getIdentityConfiguration();
  LdapConfiguration ldapConfig = idConfig.getLdapConfiguration();
  Node ndIdentity = (Node) xpath.evaluate("identity", root, XPathConstants.NODE);
  if (ndIdentity == null) {
    return;
  }

  // primary parameters
  String sName = Val.chkStr(xpath.evaluate("@name", ndIdentity));
  String sRealm = Val.chkStr(xpath.evaluate("@realm", ndIdentity));
  String sEncKey = Val.chkStr(xpath.evaluate("@encKey", ndIdentity));
  String sAdapterClass = Val.chkStr(xpath.evaluate("@adapterClassName", ndIdentity));
  if (sName.length() == 0) {
    sName = "Identity Configuration";
  }
  if (sRealm.length() == 0) {
    sRealm = "Geoportal";
  }
  if (sAdapterClass.length() == 0) {
    sAdapterClass = "com.esri.gpt.framework.security.identity.ldap.LdapIdentityAdapter";
  }
  idConfig.setName(sName);
  idConfig.setRealm(sRealm);
  idConfig.setEncKey(sEncKey);

  // determine the adapter
  Node ndSimple = (Node) xpath.evaluate("simpleAdapter", ndIdentity, XPathConstants.NODE);
  Node ndLdap = (Node) xpath.evaluate("ldapAdapter", ndIdentity, XPathConstants.NODE);
  if (ndSimple != null) {
    ndLdap = null;
    sAdapterClass = "com.esri.gpt.framework.security.identity.local.SimpleIdentityAdapter";
  }
  idConfig.setAdapterClassName(sAdapterClass);

  // simple adapter configuration
  if (ndSimple != null) {

    // account
    Node ndAccount = (Node) xpath.evaluate("account", ndSimple, XPathConstants.NODE);
    if (ndAccount != null) {
      String sUser = xpath.evaluate("@username", ndAccount);
      String sPwd = xpath.evaluate("@password", ndAccount);
      String sDN = "cn=" + sUser + ",ou=simpleadapter";
      boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndAccount),
          false);
      if (bEncrypted) {
        try {
          String sDecrypted = PC1_Encryptor.decrypt(sPwd);
          sPwd = sDecrypted;
        } catch (Exception e) {
          this.getLogger().log(Level.SEVERE,
              "The simple account password failed to decrypt.", e);
        }
      }
      UsernamePasswordCredentials creds = new UsernamePasswordCredentials( sUser, sPwd);
      creds.setDistinguishedName(sDN);
      idConfig.setCatalogAdminDN(creds.getDistinguishedName());
      idConfig.getSimpleConfiguration().setServiceAccountCredentials(creds);
    }

    // roles
    Node ndRoles = (Node) xpath.evaluate("roles", ndSimple, XPathConstants.NODE);
    if (ndRoles != null) {
      Roles roles = idConfig.getConfiguredRoles();
      NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles, XPathConstants.NODESET);
      for (int i = 0; i < nlRoles.getLength(); i++) {
        Node ndRole = nlRoles.item(i);
        Role role = new Role();
        role.setKey(xpath.evaluate("@key", ndRole));
        roles.add(role);
      }
      for (Role role : roles.values()) {
        role.buildFullRoleSet(roles);
      }
    }

  }

  // LDAP adapter configuration
  if (ndLdap != null) {

    // connection properties & service account
    Node ndCon = (Node) xpath.evaluate("ldapConnectionProperties", ndLdap,
        XPathConstants.NODE);
    if (ndCon != null) {
      LdapConnectionProperties props = ldapConfig.getConnectionProperties();
      props.setProviderUrl(xpath.evaluate("@providerURL", ndCon));
      props.setInitialContextFactoryName(xpath.evaluate(
          "@initialContextFactoryName", ndCon));
      props.setSecurityAuthenticationLevel(xpath.evaluate(
          "@securityAuthentication", ndCon));
      props.setSecurityProtocol(xpath.evaluate("@securityProtocol", ndCon));

      Node ndService = (Node) xpath.evaluate("ldapServiceAccount", ndCon, XPathConstants.NODE);
      if (ndService != null) {
        String sUser = xpath.evaluate("@securityPrincipal", ndService);
        String sPwd = xpath.evaluate("@securityCredentials", ndService);
        boolean bEncrypted = Val.chkBool(xpath.evaluate("@encrypted", ndService), false);
        if (bEncrypted) {
          try {
            String sDecrypted = PC1_Encryptor.decrypt(sPwd);
            sPwd = sDecrypted;
          } catch (Exception e) {
            this.getLogger().log(Level.SEVERE, "The securityCredentials failed to decrypt.", e);
          }
        }
        UsernamePasswordCredentials creds = new UsernamePasswordCredentials(sUser, sPwd);
        props.setServiceAccountCredentials(creds);
        idConfig.setCatalogAdminDN(xpath.evaluate("@catalogAdminDN", ndService));
      }
    }

    // single sign-on mechanism
    Node ndSSO = (Node) xpath.evaluate("singleSignOn", ndLdap,
        XPathConstants.NODE);
    if (ndSSO != null) {
      SingleSignOnMechanism sso = idConfig.getSingleSignOnMechanism();
      sso.setActive(Val.chkBool(xpath.evaluate("@active", ndSSO), false));
      sso.setCredentialLocation(xpath.evaluate("@credentialLocation", ndSSO));
      sso.setAnonymousValue(xpath.evaluate("@anonymousValue", ndSSO));
    }

    // self care support
    Node ndSupport = (Node) xpath.evaluate("selfCareSupport", ndLdap,
        XPathConstants.NODE);
    if (ndSupport != null) {
      IdentitySupport support = idConfig.getSupportedFunctions();
      support.setSupportsLogin(Val.chkBool(xpath.evaluate("@supportsLogin",
          ndSupport), true));
      support.setSupportsLogout(Val.chkBool(xpath.evaluate("@supportsLogout",
          ndSupport), true));
      support.setSupportsUserRegistration(Val.chkBool(xpath.evaluate(
          "@supportsUserRegistration", ndSupport), false));
      support.setSupportsUserProfileManagement(Val.chkBool(xpath.evaluate(
          "@supportsUserProfileManagement", ndSupport), false));
      support.setSupportsPasswordChange(Val.chkBool(xpath.evaluate(
          "@supportsPasswordChange", ndSupport), false));
      support.setSupportsPasswordRecovery(Val.chkBool(xpath.evaluate(
          "@supportsPasswordRecovery", ndSupport), false));
    }

    // roles
    Node ndRoles = (Node) xpath.evaluate("roles", ndLdap, XPathConstants.NODE);
    if (ndRoles != null) {
      Roles roles = idConfig.getConfiguredRoles();
      String sRegUserKey = Val.chkStr(xpath.evaluate("@registeredUserRoleKey",
          ndRoles));
      if (sRegUserKey.length() == 0) {
        sRegUserKey = "gptRegisteredUser";
      }
      roles.setAuthenticatedUserRequiresRole(Val.chkBool(xpath.evaluate(
          "@authenticatedUserRequiresRole", ndRoles), true));
      roles.setRegisteredUserRoleKey(sRegUserKey);
                
      NodeList nlRoles = (NodeList) xpath.evaluate("role", ndRoles,
          XPathConstants.NODESET);
      for (int i = 0; i < nlRoles.getLength(); i++) {
        Node ndRole = nlRoles.item(i);
        Role role = new Role();
        role.setKey(xpath.evaluate("@key", ndRole));
        role.setInherits(xpath.evaluate("@inherits", ndRole));
        role.setResKey(xpath.evaluate("@resKey", ndRole));
        role.setManage(Val.chkBool(xpath.evaluate("@manage", ndRole),true));
        role.setForbidden(Val.chkBool(xpath.evaluate("@forbidden", ndRole),false));
        role.setDistinguishedName(xpath.evaluate("@groupDN", ndRole));
        roles.add(role);
      }
      for (Role role : roles.values()) {
        role.buildFullRoleSet(roles);
      }
    }

    // user properties
    Node ndUser = (Node) xpath.evaluate("users", ndLdap, XPathConstants.NODE);
    if (ndUser != null) {
      LdapUserProperties props = ldapConfig.getUserProperties();
      props.setUserDisplayNameAttribute(xpath.evaluate("@displayNameAttribute",
          ndUser));
      props.setPasswordEncryptionAlgorithm(xpath.evaluate(
          "@passwordEncryptionAlgorithm", ndUser));
      props.setUserDNPattern(xpath.evaluate("@newUserDNPattern", ndUser));
      props.setUsernameSearchPattern(xpath.evaluate("@usernameSearchPattern",
          ndUser));
     
      props.setUserRequestsSearchPattern(xpath.evaluate("@newUserRequestSearchPattern",
              ndUser));
     
      props.setUserSearchDIT(xpath.evaluate("@searchDIT", ndUser));
      NodeList nlObj = (NodeList) xpath.evaluate(
          "requiredObjectClasses/objectClass/@name", ndUser,
          XPathConstants.NODESET);
      for (int i = 0; i < nlObj.getLength(); i++) {
        props.addUserObjectClass(nlObj.item(i).getNodeValue());
      }
    }

    // user profile parameters
    UserAttributeMap uaMap = idConfig.getUserAttributeMap();
    NodeList nlUserAttr = (NodeList) xpath.evaluate(
        "users/userAttributeMap/attribute", ndLdap, XPathConstants.NODESET);
    for (int i = 0; i < nlUserAttr.getLength(); i++) {
      UserAttribute attr = new UserAttribute();
      attr.setKey(xpath.evaluate("@key", nlUserAttr.item(i)));
      attr.setLdapName(xpath.evaluate("@ldapName", nlUserAttr.item(i)));

      // TODO: need to do a better check to filter out badly defined
      // parameters
      boolean bIsLdap = (idConfig.getAdapterClassName().indexOf("Ldap") != -1);
      if (bIsLdap && (attr.getLdapName().length() > 0)) {
        uaMap.add(attr);
      }
    }
    ldapConfig.getUserProperties().getUserProfileMapping().configureFromUserAttributes(uaMap);

    // group properties
    Node ndGroup = (Node) xpath.evaluate("groups", ndLdap, XPathConstants.NODE);
    if (ndGroup != null) {
      LdapGroupProperties props = ldapConfig.getGroupProperties();
      props.setGroupDisplayNameAttribute(xpath.evaluate(
          "@displayNameAttribute", ndGroup));
      props.setGroupDynamicMemberAttribute(xpath.evaluate(
          "@dynamicMemberOfGroupsAttribute", ndGroup));
      props.setGroupDynamicMembersAttribute(xpath.evaluate(
          "@dynamicMembersAttribute", ndGroup));
      props.setGroupMemberAttribute(xpath.evaluate("@memberAttribute", ndGroup));
      props.setGroupMemberSearchPattern(xpath.evaluate("@memberSearchPattern",
          ndGroup));
      props.setGroupNameSearchPattern(xpath.evaluate("@nameSearchPattern",
          ndGroup));
      props.setGroupSearchDIT(xpath.evaluate("@searchDIT", ndGroup));
    }

    // metadata management groups
    NodeList nlMmg = (NodeList) xpath.evaluate("groups/metadataManagementGroup",ndLdap,XPathConstants.NODESET);
    for (int i = 0; i < nlMmg.getLength(); i++) {
      Node ndMmg = nlMmg.item(i);
      Group group = new Group();
      group.setDistinguishedName(xpath.evaluate("@groupDN", ndMmg));
      group.setKey(group.getDistinguishedName());
      group.setName(xpath.evaluate("@name", ndMmg));
      idConfig.getMetadataManagementGroups().add(group);
    }

  }
 
  // open providers
  NodeList nlOpenProviders = (NodeList)xpath.evaluate("openProviders/openProvider",ndIdentity,XPathConstants.NODESET);
  for (int i=0; i<nlOpenProviders.getLength(); i++) {
    try {
      OpenProvider op = new OpenProvider();
      op.processConfgurationNode(idConfig.getOpenProviders(),nlOpenProviders.item(i));
    } catch (Exception e) {
      this.getLogger().log(Level.SEVERE,"Error while configuring openProvider.",e);
    }
  }
}
View Full Code Here

TOP

Related Classes of com.esri.gpt.framework.security.identity.IdentityConfiguration

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.