@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
log.info("Get roles for user " + username + " from local DB");
UserEntity user;
user = userDAO.findLdapUserByName(username);
if (user == null) {
log.info("User " + username + " not present in local DB - creating");
createLdapUser(username);
user = userDAO.findLdapUserByName(username);
}
//don't remove admin role from user if group mapping was not configured
if (configuration.getLdapServerProperties().isGroupMappingEnabled()) {
//Adding an "admin" user role if user is a member of ambari administrators
// LDAP group
Boolean isAdmin =
(Boolean) userData.getObjectAttribute(AMBARI_ADMIN_LDAP_ATTRIBUTE_KEY);
if ((isAdmin != null) && isAdmin) {
log.info("Adding admin role to LDAP user " + username);
addRole(user, configuration.getConfigsMap().
get(Configuration.ADMIN_ROLE_NAME_KEY));
} else {
removeRole(user, configuration.getConfigsMap().
get(Configuration.ADMIN_ROLE_NAME_KEY));
}
}
return authorizationHelper.convertRolesToAuthorities(user.getRoleEntities());
}