Commit 658cf05e authored by benjamin.ertl's avatar benjamin.ertl
Browse files

added harmonizatino

parent 57509300
......@@ -8,16 +8,12 @@
*/
package edu.kit.scc;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
private static final Logger log = LoggerFactory.getLogger(Application.class);
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
......
......@@ -9,8 +9,6 @@
package edu.kit.scc;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.json.JSONArray;
......@@ -95,6 +93,7 @@ public class RestServiceController {
if (response != null && response.statusCode == 200) {
log.debug("Reg-app authentication success");
// TODO harmonize
// harmonizeIdentities(userName);
return;
}
......@@ -110,7 +109,6 @@ public class RestServiceController {
throw new UnauthorizedException();
}
String subject = null;
if (tokens != null) {
try {
JWT jwt = tokens.getIDToken();
......@@ -120,59 +118,64 @@ public class RestServiceController {
AccessToken accessToken = tokens.getAccessToken();
oidcClient.requestUserInfo(accessToken.getValue());
subject = claimsSet.getSubject();
String subject = claimsSet.getSubject();
log.debug("OIDC authentication success");
// TODO harmonize
harmonizeIdentities(subject);
return;
} catch (ParseException e) {
log.error(e.getMessage());
throw new UnauthorizedException();
}
}
UserDTO user = new UserDTO();
List<GroupDTO> groups = new ArrayList<GroupDTO>();
// if nothing succeeded, fail ... gracefully
throw new UnauthorizedException();
}
private void harmonizeIdentities(String subject) {
// SCIM
// we are looking for "roles" in the SCIM response, representing the
// user's groups, and the user information itself
// we are looking for groups in the SCIM response
log.debug("Try to get SCIM user information");
if (subject != null) {
JSONObject userJson = scimClient.getUser(subject);
if (userJson != null) {
try {
JSONArray resources = userJson.getJSONArray("Resources");
JSONObject userResource = resources.getJSONObject(0);
String userName = userResource.getString("userName");
user.setUid(userName);
JSONObject names = userResource.getJSONObject("name");
user.setCommonName(names.getString("givenName"));
user.setSurName(names.getString("familyName"));
user.setDescription(userResource.getString("id"));
JSONObject userJson = scimClient.getUser(subject);
if (userJson != null) {
try {
JSONArray resources = userJson.getJSONArray("Resources");
JSONObject userResource = resources.getJSONObject(0);
log.debug(user.toString());
String userName = userResource.getString("userName");
JSONObject names = userResource.getJSONObject("name");
JSONArray roles = userResource.getJSONArray("groups");
for (int i = 0; i < roles.length(); i++) {
JSONObject role = roles.getJSONObject(i);
UserDTO existingUser = ldapClient.getLdapUser(userName);
GroupDTO group = new GroupDTO();
group.setCommonName(role.getString("display"));
groups.add(group);
// there should always be an existing user in the LDAP tree
if (existingUser != null)
log.debug(existingUser.toString());
else {
throw new UnauthorizedException("no existing LDAP user");
}
log.debug(group.toString());
JSONArray roles = userResource.getJSONArray("groups");
for (int i = 0; i < roles.length(); i++) {
JSONObject role = roles.getJSONObject(i);
String cn = role.getString("display");
GroupDTO group = ldapClient.getLdapGroup(cn);
if (group != null) {
// check/add user
if (!group.getMemberUids().contains(userName))
ldapClient.addGroupMember(cn, userName);
} else {
// create new group and add user
ldapClient.createGroup(cn, ldapClient.generateGroupId());
ldapClient.addGroupMember(cn, userName);
}
} catch (JSONException e) {
// no additional user information
log.error(e.getMessage());
}
} catch (JSONException e) {
// no additional user information
log.error(e.getMessage());
}
UserDTO ldapUser = ldapClient.getLdapUser(user.getUid());
}
// if nothing succeeded, fail ... gracefully
throw new UnauthorizedException();
}
@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
......
......@@ -8,7 +8,9 @@
*/
package edu.kit.scc.ldap;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -271,4 +273,25 @@ public class LdapClient {
group.setCommonName(cn);
ldapGroup.addMember(group, memberUid);
}
/**
* Generates a non-conflicting group id.
*
* @return a new int gidNumber
*/
public int generateGroupId() {
int max = 99999;
int min = 10000;
Random rand = new Random();
ArrayList<Integer> existingGidNumbers = new ArrayList<Integer>();
List<GroupDTO> groups = ldapGroup.getAllGroups();
for (GroupDTO group : groups)
existingGidNumbers.add(group.getGidNumber());
int randomInt = rand.nextInt((max - min) + 1) + min;
while (existingGidNumbers.contains(randomInt))
randomInt = rand.nextInt((max - min) + 1) + min;
return randomInt;
}
}
......@@ -8,9 +8,7 @@
*/
package edu.kit.scc.test.ldap;
import static org.junit.Assert.*;
import java.util.ArrayList;
import static org.junit.Assert.assertNotNull;
import org.junit.FixMethodOrder;
import org.junit.Test;
......@@ -111,4 +109,8 @@ public class LdapClientTest {
ldapClient.getLdapUsers();
}
@Test
public void getNewGidNumber() {
log.debug("{}", ldapClient.generateGroupId());
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment