Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
benjamin.ertl
aai-identity-harmonization
Commits
98c91d14
Commit
98c91d14
authored
May 18, 2016
by
benjamin.ertl
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
scim integration
parent
6291efc1
Pipeline
#3837
skipped
Changes
29
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
29 changed files
with
1389 additions
and
343 deletions
+1389
-343
assertions/fbhcfgee
assertions/fbhcfgee
+0
-51
mapping
mapping
+79
-0
pom.xml
pom.xml
+49
-13
src/main/java/edu/kit/scc/DevelopmentConfiguration.java
src/main/java/edu/kit/scc/DevelopmentConfiguration.java
+95
-0
src/main/java/edu/kit/scc/IdentityHarmonizationService.java
src/main/java/edu/kit/scc/IdentityHarmonizationService.java
+5
-2
src/main/java/edu/kit/scc/IdentityHarmonizer.java
src/main/java/edu/kit/scc/IdentityHarmonizer.java
+3
-3
src/main/java/edu/kit/scc/PosixUserGenerator.java
src/main/java/edu/kit/scc/PosixUserGenerator.java
+217
-0
src/main/java/edu/kit/scc/RestServiceController.java
src/main/java/edu/kit/scc/RestServiceController.java
+71
-2
src/main/java/edu/kit/scc/ServiceConfiguration.java
src/main/java/edu/kit/scc/ServiceConfiguration.java
+64
-0
src/main/java/edu/kit/scc/UserGenerator.java
src/main/java/edu/kit/scc/UserGenerator.java
+18
-0
src/main/java/edu/kit/scc/http/HttpClient.java
src/main/java/edu/kit/scc/http/HttpClient.java
+20
-3
src/main/java/edu/kit/scc/http/HttpResponse.java
src/main/java/edu/kit/scc/http/HttpResponse.java
+5
-5
src/main/java/edu/kit/scc/ldap/LdapClient.java
src/main/java/edu/kit/scc/ldap/LdapClient.java
+24
-136
src/main/java/edu/kit/scc/ldap/LdapPosixGroupAttributeMapper.java
.../java/edu/kit/scc/ldap/LdapPosixGroupAttributeMapper.java
+1
-3
src/main/java/edu/kit/scc/ldap/LdapPosixGroupDao.java
src/main/java/edu/kit/scc/ldap/LdapPosixGroupDao.java
+108
-46
src/main/java/edu/kit/scc/ldap/LdapPosixUserAttributeMapper.java
...n/java/edu/kit/scc/ldap/LdapPosixUserAttributeMapper.java
+14
-4
src/main/java/edu/kit/scc/ldap/LdapPosixUserDao.java
src/main/java/edu/kit/scc/ldap/LdapPosixUserDao.java
+122
-37
src/main/java/edu/kit/scc/ldap/PosixGroup.java
src/main/java/edu/kit/scc/ldap/PosixGroup.java
+4
-4
src/main/java/edu/kit/scc/ldap/PosixUser.java
src/main/java/edu/kit/scc/ldap/PosixUser.java
+39
-9
src/main/java/edu/kit/scc/oidc/OidcClient.java
src/main/java/edu/kit/scc/oidc/OidcClient.java
+17
-0
src/main/java/edu/kit/scc/redis/RedisClient.java
src/main/java/edu/kit/scc/redis/RedisClient.java
+98
-0
src/main/resources/application.properties
src/main/resources/application.properties
+39
-0
src/test/java/edu/kit/scc/test/CreatePosixUserTest.java
src/test/java/edu/kit/scc/test/CreatePosixUserTest.java
+120
-0
src/test/java/edu/kit/scc/test/RestServiceControllerTest.java
...test/java/edu/kit/scc/test/RestServiceControllerTest.java
+60
-0
src/test/java/edu/kit/scc/test/TestSuite.java
src/test/java/edu/kit/scc/test/TestSuite.java
+6
-4
src/test/java/edu/kit/scc/test/http/HttpClientTest.java
src/test/java/edu/kit/scc/test/http/HttpClientTest.java
+2
-2
src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java
src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java
+11
-19
src/test/java/edu/kit/scc/test/redis/RedisClientTest.java
src/test/java/edu/kit/scc/test/redis/RedisClientTest.java
+64
-0
src/test/resources/test-server.ldif
src/test/resources/test-server.ldif
+34
-0
No files found.
assertions/fbhcfgee
deleted
100644 → 0
View file @
6291efc1
H6GNGExp4J8vHLeTGCaV86oeLsJfYXpYHoldMn6TckgUiapgt-ctIRHdRbIKasYW8rvsZufORIw_
ylH6fLW4SH3WUNw4LrnsrLq9CwtnSpd2bNRBXgS9mDx9oMUfbCLnh28GU9JYBIObpFiPDZRBMRzB
Jtemq5e7T3EFOGReOFf8YAWYVbJ7kl10C8O65A3SXU3nTD2q8HFJgnBpl4tLdygXS5PJHjZ77I5N
cc6SI0DWgiv6AhNfs1nC1Hll7ouCC9JYebDrgGZ76yBJOEkms6v8yV1WFG4kd8QYnhmWHSOJ3ZpX
92kP9U-ywE03VvJnvSpFB4YoS6jYJBThPL0o1e4HKy9zns3LUpeH3N37JLXxWIXv_UBh6pli4Jnk
f1mDRgtEN9rRSHaILO1ACb2JbECXBTkfhN153CjO4DYkvaRFFw0KXnZqbEs_O49QfccKVuxj8JnZ
BEyYYOUY5BoiTsRc3fIhotXKlWD5QBsjXB2EcuFYBujLx6z8Xxg-fDYaFgMQXTKJxmkbg4EJHLoG
L02ar7-U_c0h2J6ewyZDg3O3vALxNuOz18rwlXm7x-3hqoIIvmice4XUnmuJTRz1At8OeBx7P2_E
uqMMUWoPW-B3JkYTUjkxom-lm7pMwWdRxBCYEpvsKswrA2HlwN3EvciU3ZkxcFw3ckhlVsdOpWCF
LxGT5x2d4Yp9TWANNIosG9gQrHTZk7FB_JHhJCiftxBkR9j51yKejWWr7zIkRQdagXlXdkzcVhUz
XrKFYTLqKZRXWUxNhc4SeX2QqVXB1XAGzmebuK4K8FvoPB-T1aDFqqDF6MuHG3OnESkIrRODQsux
h9gV1zwrSKJbhYb3q4sTz7iRkYpy7yjVF9TgDczQI8SLoW5XyOgrrKxOCbkq_1E23rLANJSVFY0X
Hfh3U5uAzgqzWLf7vc9x-22uVKkWmCa428_mjq44J1whm_GwCpznij8agEn6mKxlY6Bnnro5VQft
m-ypsnqQnUtYZr2tRBUrlUTCTG4jthlKtu1RbVahOwk8GYtcX4nEuWceOTPiz3iQB5KYylv8GoDM
EX5zrLTfWfBHoHcMpQO7QtiMfygsgop6Pf165XkTBv396Atp2Y-yWGbLcR7tvYsDBAvQ6Z5bsZSf
tKiTECQEtVp7d5_aZSVZElyT2qQtolAHygwzBQKizzCSFgDpg7asXtElR3JMmBXt8uuQ-z6mR54z
zvQgiTL4Q5l9A_NMqMtxaKw1ws6YuFbkorNZjm_c0i_eIJSbYdNqKGco2rG-z2eshdSZPyBBTfyv
MaFyR8GAGeJhdCWE9PkTq4jyHIVzs6hKc9OuzqT_oVt5fJVOhzSLrB3ptrNbJdrZt3PHJFYiaHdP
YGs3Y9GFpIYzRoLiidPVFuCWkRfZCbjKftvc_70yetgF3nx1c2_tseB_1vKV-udQMJhFbeiVOpA9
tSti_NX_q3iRAmXo5jCrZEYBt1I7SjUn3suvkkVna-UaiUeoncl8ATg22_F7lv1nKUZJ32bpKeTb
7WY-wAYYqebb_Hj-bH7BIX9sv1768buLM_XmiOBGydx1AmDHvpiboR8-9UdW02n5AnOrWh4JVcYA
e9vGhHQZjo2hPRGy2cMmzAaVxhZkJTYCcwH-yvQwIgIE1cxjDnXv9bZWrZZeRpWdaaumEyXfUZv4
_zik7-8AJuBjlczb6v63nNa1BUzMAXjXQ2G8U07EV0d_CzzU4mcgOYkeNq7IMbe6I522dq_i5eTY
a3y__zI7FQxN1KpSOSokmm9haEm0MuyxWbFn1c-QjVprnhC7YojF-p-FLGx8PgD_tappyNKP2gyQ
ba_COv3d9gGSkUh6I6rU20jgsOfD4yZ2CWu81WK3RKtlixGhJXhSO2C0Gv0HOVo1fz1Rcb25EtS0
6ra6ZlQII333k4TYBzwKH_2xgU_1chKZBqSvVHWeirOml7ETye6CD-NQ4Tj7UyO8V5WNhnu0LzZS
doiREk_lpzor7EU_MehB0aIOMVBKf5S1bvCkF61qLL0mJEVtMThsi8ObuzA0udE4cvx8LWUeaPdM
x00SZJhKu5WNJ8RifYHWvFhlo4BRImo8nOEvzDcouMIqQPj2S50Dkm0mY_V3u_6KLQi-c4kbjr8g
uFIUYhe-DFGEETpkAGV_dhGVD3OZTBS1J__hG7B5pBrTvkUvx3KKXBSSVDPFXKlBJ5boqmDHhFAK
mohYyHzja1Z2aGyS4nMdi9BYSaTyK4fr6zBlkf1XE2MDlhgBnW69dcenkx4HU_Dkf-iVf91i7NUS
XvwCnca892lWJgthskizwfe4bIZrn45HzXbjq6z-eeo5UXgilRs35JYw_9semmCzg8Z-nhIszro8
m2oQThCFGH-XHKAwRY8SpeUdNR20wxh4WrO84Wb3Ypu3xwbpmTi4VbliRiAj4v9wDOVjmkQppbds
xAaJLn8t9Vi39eJ3bGSEozm-jMxIpF6pHMfCoQOyG6WGZmftK7L-x5Asns-ZRJVXLMIV3hIZZU78
et8I9lpb30kZngE7mVQp8PEVbs0TaNbRxEp-zqKK39vjo4bS0Xg1DKRvxtvYZ_OZ1cZJHOnA8EuV
rw0Nmi8Mhc4gEwGYtK2wIc8t0U9iyxGMQelyPTwd5SStV4fy0FH8r_XpGvKqeOK13Hb63EjcgVlI
fdRQVkkmy1EnffIxCymBPaO-KUXTa1ThZ6dSRBzQi65uxFUP1stOcsLtAunG5fPawcU1GTMLszfw
UcLC1NSJ3FE-3rFV3rVRPjnp1Vy-zuXamg0z1syoxbOyNNicphmdJ_Ku6Gkdo6xcyYBIAb8Xi6mw
JR-sJftkZIsKS_dwRyg0oYRZQgr7URnzEVVJ19Tv4-bwNi7ZlhN_E_WWhQqKkpwTm9EhKR_fYOr_
Rx27X5xr48hCWYKmLbDfPaRHqkB5hOR9tbfwqdQrHIUoKdPBStRNNJuTP1_dRvY_Lc3M4yZjjO68
xJi9YevPfghj2pmYpMIMBp7tCp4jAmtLyOmdwsxMPdqNJeKbm3uXvhxCaHW6SuDQTcmicvjz0U0N
WLKFZap4_RtqWNWo3TQVTsYC2aM1nDEfzO5VPkNOB-2VDaEHoAtsPxnrwGLSJs8k1O3VzzoBM1cu
m1i8D7tEtkw3I7WSQbzL-IscBLsezP3HPL6maG0dHCf9gcl1RxceBhNOWHaE6UQrNcVzEzxaoWZI
tlP__nGmQ0iObfDi2OF433IMGlIgIL9DNWh0YCKZ13XxGtJD6FBpetJKh1sPluTfvGLjJchPdxP3
qGsEBtBwWExk39P4wnRtNO62sfAO3tHnDR_rHG6vFwkf-9FhZLL-1QkjpcFBdUpaLHlS1q1fhJmc
XtwRXriTQH4EnqQTKCYdw3l2IgU_X9chVScZoeF5Druc9aP9ffV0RIlbgHCrocfvvyX_OxYbEPYR
9WRZ_s9FpRhpkGWSXowv18O8XYhG88Au74glE8v_Dvjn6qGqYvPaqPT9-8wiXAxQubCRYqc3pAFf
LNB6YalHn2ZCp_nxKdqEJQ9gRG-sSEsvJSFsGtvH4Jsys7cjgBd0B8XyC1YEPlho0E5HpiuSmha6
sSEcfq9JDKA62rujw7wS_7hJgQvmK_hq-R26QTn8B24D8NYDRXr2JhARsGaSKW9RuzD4DplgjUS_
LdPU8Sq83x5pwUYrWxLgD2sQAlKrgtT9vgqWV67F9xvaDmrKKUL2uD3ch9FPU3ctjD33rX6yUWGt
81zGTzNJ3UVO4K4ZOknLcjCk2vl9i6Lkersk5sBm54b_s6ldobGtz-d4kV_u-D82IrPfdLMYkV72
UDwZjIJ6jaipztNlJjA
mapping
0 → 100644
View file @
98c91d14
OIDC
{
"email": "benjamin.ertl@kit.edu",
"email_verified": true,
"family_name": "Ertl",
"groups": [
{
"id": "54e3843d-2b9d-45df-a76d-03bdf2fe46a2",
"name": "Users"
},
{
"id": "19a8dd29-2b8d-4efd-85cf-f8091037d51f",
"name": "Developers"
}
],
"name": "Benjamin",
"organisation_name": "indigo-dc",
"preferred_username": "benjamin",
"sub": "54d75bff-7ae3-4d65-81db-81c456020655"
}
SCIM
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "90001",
"externalId": "54d75bff-7ae3-4d65-81db-81c456020655",
"userName": "benjamin",
"name": {
"familyName": "Ertl",
"givenName": "Benjamin",
},
"emails": [
{
"value": "benjamin.ertl@kit.edu",
}
],
"groups": [
{
"value": "54e3843d-2b9d-45df-a76d-03bdf2fe46a2",
"$ref": "99991",
"display": "Users"
},
{
"value": "19a8dd29-2b8d-4efd-85cf-f8091037d51f",
"$ref": "99992",
"display": "Developers"
}
],
"meta": {
"organisation_name": "indigo-dc",
}
}
POSIX Account
dn: uid=benjamin,ou=users,dc=test,dc=kit,dc=edu
objectclass: extensibleObject
objectclass: top
objectclass: posixAccount
objectclass: person
cn: benjamin.ertl@kit.edu
gidNumber: 99991
homeDirectory: /home/benjamin
sn: Ertl
uid: benjamin
uidNumber: 90001
description: indigo-dc
uniqueIdentifier: 54d75bff-7ae3-4d65-81db-81c456020655
givenName: Benjamin
mail: benjamin.ertl@kit.edu
POSIX Group
dn: cn=Users,ou=groups,dc=test,dc=kit,dc=edu
objectClass: top
objectClass: posixGroup
cn: Users
gidNumber: 99991
memberUid: benjamin
pom.xml
View file @
98c91d14
...
...
@@ -22,7 +22,10 @@
<groupId>
org.apache.maven.plugins
</groupId>
<artifactId>
maven-surefire-plugin
</artifactId>
<configuration>
<skipTests>
true
</skipTests>
<skipTests>
false
</skipTests>
<includes>
<include>
edu.kit.scc.test.TestSuite
</include>
</includes>
</configuration>
</plugin>
<plugin>
...
...
@@ -55,7 +58,7 @@
<version>
1.3.1.RELEASE
</version>
</parent>
<dependencies>
<!-- Spring -->
<!--
tag::
Spring
[]
-->
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-web
</artifactId>
...
...
@@ -68,22 +71,57 @@
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-thymeleaf
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-redis
</artifactId>
</dependency>
<!-- end::Spring[] -->
<!-- LDAP -->
<!-- tag::Test[] -->
<dependency>
<groupId>
com.jayway.restassured
</groupId>
<artifactId>
rest-assured
</artifactId>
<version>
2.9.0
</version>
<scope>
test
</scope>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-test
</artifactId>
</dependency>
<dependency>
<groupId>
com.github.kstyrc
</groupId>
<artifactId>
embedded-redis
</artifactId>
<version>
0.6
</version>
</dependency>
<dependency>
<groupId>
com.unboundid
</groupId>
<artifactId>
unboundid-ldapsdk
</artifactId>
<version>
3.1.1
</version>
</dependency>
<!-- end::Test[] -->
<!-- tag::LDAP[] -->
<dependency>
<groupId>
org.springframework.ldap
</groupId>
<artifactId>
spring-ldap-core
</artifactId>
<version>
2.0.4.RELEASE
</version>
</dependency>
<!-- end::LDAP[] -->
<!-- OpenID Connect -->
<!--
tag::
OpenID Connect
[]
-->
<dependency>
<groupId>
com.nimbusds
</groupId>
<artifactId>
oauth2-oidc-sdk
</artifactId>
<version>
5.1
</version>
</dependency>
<dependency>
<groupId>
com.nimbusds
</groupId>
<artifactId>
nimbus-jose-jwt
</artifactId>
<version>
4.16.2
</version>
</dependency>
<!-- end::OpenID Connect[] -->
<!-- SAML -->
<!--
tag::
SAML
[]
-->
<dependency>
<groupId>
org.opensaml
</groupId>
<artifactId>
opensaml
</artifactId>
...
...
@@ -95,25 +133,23 @@
</exclusion>
</exclusions>
</dependency>
<!-- end::SAML[] -->
<!-- Utils -->
<!--
tag::
Utils
[]
-->
<dependency>
<groupId>
com.google.guava
</groupId>
<artifactId>
guava
</artifactId>
<version>
1
8.0
</version>
<groupId>
org.bouncycastle
</groupId>
<artifactId>
bcprov-jdk15on
</artifactId>
<version>
1
.54
</version>
</dependency>
<dependency>
<groupId>
org.json
</groupId>
<artifactId>
json
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-test
</artifactId>
</dependency>
<dependency>
<groupId>
org.jdom
</groupId>
<artifactId>
jdom
</artifactId>
<version>
2.0.2
</version>
</dependency>
<!-- end::Utils[] -->
</dependencies>
</project>
\ No newline at end of file
src/main/java/edu/kit/scc/DevelopmentConfiguration.java
0 → 100644
View file @
98c91d14
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package
edu.kit.scc
;
import
com.unboundid.ldap.listener.InMemoryDirectoryServer
;
import
com.unboundid.ldap.listener.InMemoryDirectoryServerConfig
;
import
com.unboundid.ldap.listener.InMemoryListenerConfig
;
import
com.unboundid.ldap.sdk.LDAPException
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Profile
;
import
redis.embedded.RedisServer
;
import
java.io.IOException
;
import
javax.annotation.PostConstruct
;
import
javax.annotation.PreDestroy
;
@Configuration
@Profile
(
"development"
)
public
class
DevelopmentConfiguration
{
private
static
final
Logger
log
=
LoggerFactory
.
getLogger
(
DevelopmentConfiguration
.
class
);
@Value
(
"${spring.redis.port}"
)
private
int
port
;
private
static
InMemoryDirectoryServer
ds
;
private
static
RedisServer
redisServer
;
/**
* Initializes in-memory LDAP and redis.
*
* @throws LDAPException in case in-memory LDAP couldn't be created
* @throws IOException in case in-memory redis couldn't be created
*/
@PostConstruct
public
void
init
()
throws
LDAPException
,
IOException
{
log
.
debug
(
"Set-up in-memory LDAP..."
);
// set-up in-memory LDAP
InMemoryDirectoryServerConfig
config
=
new
InMemoryDirectoryServerConfig
(
"dc=springframework,dc=org"
);
// schema config only necessary if the standard
// schema provided by the library doesn't suit your needs
config
.
setSchema
(
null
);
// listener config only necessary if you want to make sure that the
// server listens on port 33389, otherwise a free random port will
// be picked at runtime - which might be even better for tests btw
config
.
addAdditionalBindCredentials
(
"cn=admin"
,
"password"
);
config
.
setListenerConfigs
(
new
InMemoryListenerConfig
(
"myListener"
,
null
,
33389
,
null
,
null
,
null
));
ds
=
new
InMemoryDirectoryServer
(
config
);
ds
.
startListening
();
// import your test data from ldif files
ds
.
importFromLDIF
(
true
,
"src/test/resources/test-server.ldif"
);
log
.
debug
(
"Set-up in-memory redis..."
);
redisServer
=
new
RedisServer
(
port
);
redisServer
.
start
();
}
/**
* Cleans up in-memory LDAP and redis.
*
*/
@PreDestroy
public
void
cleanUp
()
{
if
(
ds
!=
null
)
{
log
.
debug
(
"Shutdown in-memory LDAP"
);
ds
.
shutDown
(
true
);
}
if
(
redisServer
!=
null
)
{
log
.
debug
(
"Shutdown in-memory redis"
);
redisServer
.
stop
();
}
}
}
src/main/java/edu/kit/scc/
Application
.java
→
src/main/java/edu/kit/scc/
IdentityHarmonizationService
.java
View file @
98c91d14
...
...
@@ -11,9 +11,10 @@ package edu.kit.scc;
import
org.springframework.boot.SpringApplication
;
import
org.springframework.boot.autoconfigure.SpringBootApplication
;
import
org.springframework.core.env.AbstractEnvironment
;
@SpringBootApplication
public
class
Application
{
public
class
IdentityHarmonizationService
{
/**
* Spring Boot Application Runner.
...
...
@@ -21,8 +22,10 @@ public class Application {
* @param args command line arguments
*/
public
static
void
main
(
String
[]
args
)
{
// set development environment
//System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME, "development");
SpringApplication
.
run
(
Application
.
class
,
args
);
SpringApplication
.
run
(
IdentityHarmonizationService
.
class
,
args
);
}
}
src/main/java/edu/kit/scc/IdentityHarmonizer.java
View file @
98c91d14
...
...
@@ -9,9 +9,9 @@
package
edu.kit.scc
;
import
edu.kit.scc.dto.PosixGroup
;
import
edu.kit.scc.dto.PosixUser
;
import
edu.kit.scc.ldap.LdapClient
;
import
edu.kit.scc.ldap.PosixGroup
;
import
edu.kit.scc.ldap.PosixUser
;
import
edu.kit.scc.scim.ScimGroup
;
import
edu.kit.scc.scim.ScimUser
;
import
edu.kit.scc.scim.ScimUser.Meta
;
...
...
@@ -153,7 +153,7 @@ public class IdentityHarmonizer {
if
(!
user
.
isActive
()
&&
user
.
getMeta
()
!=
null
)
{
posixUser
.
setHomeDirectory
(
user
.
getMeta
().
get
(
"homeDirectory"
));
posixUser
.
setUidNumber
(
Integer
.
valueOf
(
user
.
getMeta
().
get
(
"uidNumber"
))
)
;
posixUser
.
setUidNumber
(
user
.
getMeta
().
get
(
"uidNumber"
));
ldapClient
.
updatePosixUser
(
posixUser
);
...
...
src/main/java/edu/kit/scc/PosixUserGenerator.java
0 → 100644
View file @
98c91d14
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package
edu.kit.scc
;
import
edu.kit.scc.ldap.LdapClient
;
import
edu.kit.scc.ldap.PosixGroup
;
import
edu.kit.scc.ldap.PosixUser
;
import
edu.kit.scc.redis.RedisClient
;
import
edu.kit.scc.scim.ScimGroup
;
import
edu.kit.scc.scim.ScimUser
;
import
edu.kit.scc.scim.ScimUser.Email
;
import
edu.kit.scc.scim.ScimUser.Meta
;
import
edu.kit.scc.scim.ScimUser.Name
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.stereotype.Component
;
import
java.util.ArrayList
;
import
java.util.Arrays
;
import
java.util.List
;
import
java.util.UUID
;
@Component
public
class
PosixUserGenerator
implements
UserGenerator
{
private
static
final
Logger
log
=
LoggerFactory
.
getLogger
(
PosixUserGenerator
.
class
);
@Value
(
"${ldap.default.gidNumber}"
)
String
defaultGidNumber
;
@Autowired
private
RedisClient
redisClient
;
@Autowired
private
LdapClient
ldapClient
;
private
String
generateUid
(
String
uidNumber
)
{
return
"user"
+
uidNumber
;
}
@Override
public
ScimUser
createUser
(
ScimUser
scimUser
)
{
// check if default group exists
PosixGroup
defaultGroup
=
ldapClient
.
getPosixGroupByGidNumber
(
defaultGidNumber
);
if
(
defaultGroup
==
null
)
{
log
.
error
(
"default group {} does not exists"
,
defaultGidNumber
);
return
null
;
}
String
uniqueIdentifier
=
scimUser
.
getExternalId
();
// if no unique identifier provided generate a random one
if
(
uniqueIdentifier
==
null
)
{
uniqueIdentifier
=
UUID
.
randomUUID
().
toString
();
}
// create a new user id number
String
uidNumber
=
redisClient
.
createUser
(
uniqueIdentifier
);
if
(
uidNumber
==
null
)
{
log
.
error
(
"user {} already exists"
,
uniqueIdentifier
);
return
null
;
}
// create a default user id
String
uid
=
generateUid
(
uidNumber
);
// populate user with default values
PosixUser
localUser
=
new
PosixUser
();
localUser
.
setCommonName
(
uid
);
localUser
.
setDescription
(
"user created by IdH"
);
localUser
.
setGidNumber
(
defaultGidNumber
);
localUser
.
setHomeDirectory
(
"/home/"
+
uid
);
localUser
.
setSurName
(
uid
);
localUser
.
setUid
(
uid
);
localUser
.
setUidNumber
(
uidNumber
);
localUser
.
setUniqueIdentifier
(
uniqueIdentifier
);
log
.
debug
(
"User defaults to {}"
,
localUser
.
toString
());
// overwrite with provided values
if
(
scimUser
.
getUserName
()
!=
null
)
{
// check for conflicting uid
if
(
ldapClient
.
getPosixUser
(
scimUser
.
getUserName
())
==
null
)
{
localUser
.
setUid
(
scimUser
.
getUserName
());
}
else
{
log
.
warn
(
"user {} already exists, use default uid"
,
scimUser
.
getUserName
());
}
}
List
<
Email
>
emails
=
scimUser
.
getEmails
();
if
(
emails
!=
null
&&
!
emails
.
isEmpty
())
{
if
(
emails
.
get
(
0
).
getValue
()
!=
null
)
{
localUser
.
setMail
(
emails
.
get
(
0
).
getValue
());
localUser
.
setCommonName
(
emails
.
get
(
0
).
getValue
());
}
}
Name
name
=
scimUser
.
getName
();
if
(
name
!=
null
)
{
if
(
name
.
getFamilyName
()
!=
null
)
{
localUser
.
setSurName
(
name
.
getFamilyName
());
}
if
(
name
.
getGivenName
()
!=
null
)
{
localUser
.
setGivenName
(
name
.
getGivenName
());
}
}
// create the user locally
PosixUser
posixUser
=
ldapClient
.
createPosixUser
(
localUser
);
if
(
posixUser
==
null
)
{
log
.
error
(
"could not create user in the LDAP directory"
);
return
null
;
}
log
.
debug
(
"User created {}"
,
posixUser
.
toString
());
// add user to default group
ldapClient
.
addGroupMember
(
defaultGroup
.
getCommonName
(),
localUser
.
getUid
());
ScimGroup
defaultScimGroup
=
new
ScimGroup
();
defaultScimGroup
.
setDisplay
(
defaultGroup
.
getCommonName
());
defaultScimGroup
.
setRef
(
defaultGroup
.
getGidNumber
());
ScimUser
createdUser
=
scimUserFromPosixUser
(
posixUser
);
createdUser
.
getGroups
().
add
(
defaultScimGroup
);
// TODO group unique identifiers
// create local groups, add user
if
(
scimUser
.
getGroups
()
!=
null
)
{
for
(
ScimGroup
group
:
scimUser
.
getGroups
())
{
if
(
group
.
getValue
()
!=
null
&&
group
.
getDisplay
()
!=
null
)
{
// check if group already exists
PosixGroup
localGroup
=
ldapClient
.
getPosixGroupByCn
(
group
.
getDisplay
());
// create group
if
(
localGroup
==
null
)
{
String
groupNumber
=
redisClient
.
createGroup
(
group
.
getValue
());
localGroup
=
new
PosixGroup
();
localGroup
.
setGidNumber
(
groupNumber
);
localGroup
.
setCommonName
(
group
.
getDisplay
());
localGroup
.
setDescription
(
"group created by IdH"
);
localGroup
=
ldapClient
.
createPosixGroup
(
localGroup
);
if
(
localGroup
==
null
)
{
log
.
error
(
"could not create group in the LDAP directory"
);
break
;
}
else
{
log
.
debug
(
"Created group {}"
,
localGroup
.
toString
());
}
}
else
{
log
.
debug
(
"Found existing group {}"
,
localGroup
.
toString
());;
}
// add user
boolean
userAdded
=
ldapClient
.
addGroupMember
(
localGroup
.
getCommonName
(),
localUser
.
getUid
());
if
(
userAdded
)
{
ScimGroup
scimGroup
=
new
ScimGroup
();
scimGroup
.
setDisplay
(
localGroup
.
getCommonName
());
scimGroup
.
setValue
(
group
.
getValue
());
scimGroup
.
setRef
(
localGroup
.
getGidNumber
());
createdUser
.
getGroups
().
add
(
scimGroup
);
log
.
debug
(
"Added user {} to group {}"
,
localUser
.
getUid
(),
localGroup
.
getCommonName
());
}
}
}
}
return
createdUser
;
}
private
ScimUser
scimUserFromPosixUser
(
PosixUser
posixUser
)
{
ScimUser
scimUser
=
new
ScimUser
();
scimUser
.
setSchemas
(
Arrays
.
asList
(
ScimUser
.
USER_SCHEMA_2_0
));
scimUser
.
setExternalId
(
posixUser
.
getUniqueIdentifier
());
scimUser
.
setId
(
posixUser
.
getUidNumber
());
scimUser
.
setUserName
(
posixUser
.
getUid
());
Email
email
=
new
Email
();
email
.
setValue
(
posixUser
.
getMail
());
scimUser
.
setEmails
(
Arrays
.
asList
(
email
));
Meta
meta
=
new
Meta
();
meta
.
put
(
"description"
,
posixUser
.
getDescription
());
meta
.
put
(
"homeDirectory"
,
posixUser
.
getHomeDirectory
());
meta
.
put
(
"gecos"
,
posixUser
.
getGecos
());
meta
.
put
(
"loginShell"
,
posixUser
.
getLoginShell
());
scimUser
.
setMeta
(
meta
);
scimUser
.
setGroups
(
new
ArrayList
<
ScimGroup
>());
Name
name
=
new
Name
();
name
.
setFamilyName
(
posixUser
.
getSurName
());
name
.
setGivenName
(
posixUser
.
getGivenName
());
// scimUser.setPassword(posixUser.getUserPassword());
scimUser
.
setActive
(
true
);
return
scimUser
;
}
}
src/main/java/edu/kit/scc/RestServiceController.java
View file @
98c91d14
...
...
@@ -9,6 +9,7 @@
package
edu.kit.scc
;
import
edu.kit.scc.scim.ScimGroup
;
import
edu.kit.scc.scim.ScimUser
;
import
org.apache.commons.codec.binary.Base64
;
...
...
@@ -18,18 +19,20 @@ import org.springframework.beans.factory.annotation.Autowired;