Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
benjamin.ertl
aai-identity-harmonization
Commits
658cf05e
Commit
658cf05e
authored
Jan 22, 2016
by
benjamin.ertl
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
added harmonizatino
parent
57509300
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
69 additions
and
45 deletions
+69
-45
src/main/java/edu/kit/scc/Application.java
src/main/java/edu/kit/scc/Application.java
+0
-4
src/main/java/edu/kit/scc/RestServiceController.java
src/main/java/edu/kit/scc/RestServiceController.java
+41
-38
src/main/java/edu/kit/scc/ldap/LdapClient.java
src/main/java/edu/kit/scc/ldap/LdapClient.java
+23
-0
src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java
src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java
+5
-3
No files found.
src/main/java/edu/kit/scc/Application.java
View file @
658cf05e
...
...
@@ -8,16 +8,12 @@
*/
package
edu.kit.scc
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.boot.SpringApplication
;
import
org.springframework.boot.autoconfigure.SpringBootApplication
;
@SpringBootApplication
public
class
Application
{
private
static
final
Logger
log
=
LoggerFactory
.
getLogger
(
Application
.
class
);
public
static
void
main
(
String
[]
args
)
{
SpringApplication
.
run
(
Application
.
class
,
args
);
...
...
src/main/java/edu/kit/scc/RestServiceController.java
View file @
658cf05e
...
...
@@ -9,8 +9,6 @@
package
edu.kit.scc
;
import
java.text.ParseException
;
import
java.util.ArrayList
;
import
java.util.List
;
import
org.apache.commons.codec.binary.Base64
;
import
org.json.JSONArray
;
...
...
@@ -95,6 +93,7 @@ public class RestServiceController {
if
(
response
!=
null
&&
response
.
statusCode
==
200
)
{
log
.
debug
(
"Reg-app authentication success"
);
// TODO harmonize
// harmonizeIdentities(userName);
return
;
}
...
...
@@ -110,7 +109,6 @@ public class RestServiceController {
throw
new
UnauthorizedException
();
}
String
subject
=
null
;
if
(
tokens
!=
null
)
{
try
{
JWT
jwt
=
tokens
.
getIDToken
();
...
...
@@ -120,59 +118,64 @@ public class RestServiceController {
AccessToken
accessToken
=
tokens
.
getAccessToken
();
oidcClient
.
requestUserInfo
(
accessToken
.
getValue
());
subject
=
claimsSet
.
getSubject
();
String
subject
=
claimsSet
.
getSubject
();
log
.
debug
(
"OIDC authentication success"
);
// TODO harmonize
harmonizeIdentities
(
subject
);
return
;
}
catch
(
ParseException
e
)
{
log
.
error
(
e
.
getMessage
());
throw
new
UnauthorizedException
();
}
}
UserDTO
user
=
new
UserDTO
();
List
<
GroupDTO
>
groups
=
new
ArrayList
<
GroupDTO
>();
// if nothing succeeded, fail ... gracefully
throw
new
UnauthorizedException
();
}
private
void
harmonizeIdentities
(
String
subject
)
{
// SCIM
// we are looking for "roles" in the SCIM response, representing the
// user's groups, and the user information itself
// we are looking for groups in the SCIM response
log
.
debug
(
"Try to get SCIM user information"
);
if
(
subject
!=
null
)
{
JSONObject
userJson
=
scimClient
.
getUser
(
subject
);
if
(
userJson
!=
null
)
{
try
{
JSONArray
resources
=
userJson
.
getJSONArray
(
"Resources"
);
JSONObject
userResource
=
resources
.
getJSONObject
(
0
);
String
userName
=
userResource
.
getString
(
"userName"
);
user
.
setUid
(
userName
);
JSONObject
names
=
userResource
.
getJSONObject
(
"name"
);
user
.
setCommonName
(
names
.
getString
(
"givenName"
));
user
.
setSurName
(
names
.
getString
(
"familyName"
));
user
.
setDescription
(
userResource
.
getString
(
"id"
));
JSONObject
userJson
=
scimClient
.
getUser
(
subject
);
if
(
userJson
!=
null
)
{
try
{
JSONArray
resources
=
userJson
.
getJSONArray
(
"Resources"
);
JSONObject
userResource
=
resources
.
getJSONObject
(
0
);
log
.
debug
(
user
.
toString
());
String
userName
=
userResource
.
getString
(
"userName"
);
JSONObject
names
=
userResource
.
getJSONObject
(
"name"
);
JSONArray
roles
=
userResource
.
getJSONArray
(
"groups"
);
for
(
int
i
=
0
;
i
<
roles
.
length
();
i
++)
{
JSONObject
role
=
roles
.
getJSONObject
(
i
);
UserDTO
existingUser
=
ldapClient
.
getLdapUser
(
userName
);
GroupDTO
group
=
new
GroupDTO
();
group
.
setCommonName
(
role
.
getString
(
"display"
));
groups
.
add
(
group
);
// there should always be an existing user in the LDAP tree
if
(
existingUser
!=
null
)
log
.
debug
(
existingUser
.
toString
());
else
{
throw
new
UnauthorizedException
(
"no existing LDAP user"
);
}
log
.
debug
(
group
.
toString
());
JSONArray
roles
=
userResource
.
getJSONArray
(
"groups"
);
for
(
int
i
=
0
;
i
<
roles
.
length
();
i
++)
{
JSONObject
role
=
roles
.
getJSONObject
(
i
);
String
cn
=
role
.
getString
(
"display"
);
GroupDTO
group
=
ldapClient
.
getLdapGroup
(
cn
);
if
(
group
!=
null
)
{
// check/add user
if
(!
group
.
getMemberUids
().
contains
(
userName
))
ldapClient
.
addGroupMember
(
cn
,
userName
);
}
else
{
// create new group and add user
ldapClient
.
createGroup
(
cn
,
ldapClient
.
generateGroupId
());
ldapClient
.
addGroupMember
(
cn
,
userName
);
}
}
catch
(
JSONException
e
)
{
// no additional user information
log
.
error
(
e
.
getMessage
());
}
}
catch
(
JSONException
e
)
{
// no additional user information
log
.
error
(
e
.
getMessage
());
}
UserDTO
ldapUser
=
ldapClient
.
getLdapUser
(
user
.
getUid
());
}
// if nothing succeeded, fail ... gracefully
throw
new
UnauthorizedException
();
}
@ResponseStatus
(
value
=
HttpStatus
.
UNAUTHORIZED
)
...
...
src/main/java/edu/kit/scc/ldap/LdapClient.java
View file @
658cf05e
...
...
@@ -8,7 +8,9 @@
*/
package
edu.kit.scc.ldap
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Random
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -271,4 +273,25 @@ public class LdapClient {
group
.
setCommonName
(
cn
);
ldapGroup
.
addMember
(
group
,
memberUid
);
}
/**
* Generates a non-conflicting group id.
*
* @return a new int gidNumber
*/
public
int
generateGroupId
()
{
int
max
=
99999
;
int
min
=
10000
;
Random
rand
=
new
Random
();
ArrayList
<
Integer
>
existingGidNumbers
=
new
ArrayList
<
Integer
>();
List
<
GroupDTO
>
groups
=
ldapGroup
.
getAllGroups
();
for
(
GroupDTO
group
:
groups
)
existingGidNumbers
.
add
(
group
.
getGidNumber
());
int
randomInt
=
rand
.
nextInt
((
max
-
min
)
+
1
)
+
min
;
while
(
existingGidNumbers
.
contains
(
randomInt
))
randomInt
=
rand
.
nextInt
((
max
-
min
)
+
1
)
+
min
;
return
randomInt
;
}
}
src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java
View file @
658cf05e
...
...
@@ -8,9 +8,7 @@
*/
package
edu.kit.scc.test.ldap
;
import
static
org
.
junit
.
Assert
.*;
import
java.util.ArrayList
;
import
static
org
.
junit
.
Assert
.
assertNotNull
;
import
org.junit.FixMethodOrder
;
import
org.junit.Test
;
...
...
@@ -111,4 +109,8 @@ public class LdapClientTest {
ldapClient
.
getLdapUsers
();
}
@Test
public
void
getNewGidNumber
()
{
log
.
debug
(
"{}"
,
ldapClient
.
generateGroupId
());
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment