Commit b8e4d0c7 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

change to INDIGO LDAP user

parent c6ef842a
......@@ -7,7 +7,7 @@
<packaging>jar</packaging>
<properties>
<java.version>1.7</java.version>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
......
......@@ -9,6 +9,7 @@
package edu.kit.scc;
import java.text.ParseException;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -24,6 +25,7 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.scim.ScimClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUserAttributeMapper;
......@@ -38,8 +40,13 @@ public class IdentityHarmonizer {
@Autowired
private OidcClient oidcClient;
public ScimUser harmonizeIdentities(String username, OIDCTokens tokens) {
public ScimListResponse harmonizeIdentities(String username, OIDCTokens tokens) {
int identityCount = 0;
ScimUser scimUser = scimClient.getScimUser(username);
if (scimUser != null)
identityCount++;
ScimUser scimUserFromJWT = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
......@@ -62,24 +69,48 @@ public class IdentityHarmonizer {
if (userInfo != null) {
log.debug("User info {}", userInfo.toJSONObject().toJSONString());
scimUserFromJWT = mapper.mapFromUserInfo(userInfo);
if (scimUserFromJWT != null)
identityCount++;
}
return mapper.merge(scimUser, scimUserFromJWT);
ScimListResponse scimListResponse = new ScimListResponse();
scimListResponse
.setSchemas(Arrays.asList(scimListResponse.LIST_RESPONSE_SCHEMA, new ScimUser().USER_SCHEMA_2_0));
scimListResponse.setResources(Arrays.asList(scimUser, scimUserFromJWT));
scimListResponse.setTotalResults(identityCount);
log.debug("SCIM query response {}", scimListResponse.toString());
return scimListResponse;
}
// Example Reg-App HttpResponse
// {"eppn":"ym0762@partner.kit.edu","last_update":"2016-02-02
// 11:47:49.489","email":"ym0762@partner.kit.edu"}
public ScimUser harmonizeIdentities(String username, HttpResponse regAppQuery) {
public ScimListResponse harmonizeIdentities(String username, HttpResponse regAppQuery) {
int identityCount = 0;
ScimUser scimUser = scimClient.getScimUser(username);
if (scimUser != null)
identityCount++;
ScimUser scimUserFromQuery = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
if (regAppQuery != null) {
log.debug("Reg-app query response {}", regAppQuery.toString());
scimUserFromQuery = mapper.mapFromRegAppQuery(regAppQuery.getResponseString());
if (scimUserFromQuery != null)
identityCount++;
}
return mapper.merge(scimUser, scimUserFromQuery);
ScimListResponse scimListResponse = new ScimListResponse();
scimListResponse.setSchemas(Arrays.asList(scimListResponse.LIST_RESPONSE_SCHEMA, scimUser.USER_SCHEMA_2_0));
scimListResponse.setResources(Arrays.asList(scimUser, scimUserFromQuery));
scimListResponse.setTotalResults(identityCount);
log.debug("SCIM query response {}", scimListResponse.toString());
return scimListResponse;
}
}
......@@ -8,7 +8,9 @@
*/
package edu.kit.scc;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import javax.ws.rs.HeaderParam;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
......@@ -29,6 +31,8 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.regapp.RegAppClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimService;
import edu.kit.scc.scim.ScimUser;
@RestController
......@@ -52,13 +56,26 @@ public class RestServiceController {
@Autowired
private IdentityHarmonizer identityHarmonizer;
// expected body e.g.
// password=password
// password=https%3A%2F%2F512eebd9%3Fk%3D49806e48a5cd2941604eb9dfe321c3bc
// password=3D49806e48a5cd2941604eb9dfe321c3bc
@Autowired
private ScimService scimService;
@RequestMapping(path = "/scim/Users", method = RequestMethod.POST, produces = "application/scim+json")
@ResponseStatus(value = HttpStatus.CREATED)
public ScimUser scimAddUser(@RequestHeader("Authorization") String basicAuthorization, @RequestBody String body,
HttpServletResponse response) {
ScimUser scimUser = new ScimUser();
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", body);
response.addHeader("Location", "");
return scimUser;
}
@RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST)
public ScimUser ecpAuthentication(@PathVariable String regId,
public ScimListResponse ecpAuthentication(@PathVariable String regId,
@RequestHeader("Authorization") String basicAuthorization, @FormParam("username") String username,
@FormParam("password") String password, @RequestBody String body) {
......@@ -125,4 +142,22 @@ public class RestServiceController {
super(e);
}
}
}
@ResponseStatus(value = HttpStatus.CONFLICT)
public class ConflictException extends RuntimeException {
private static final long serialVersionUID = -9070725142810603956L;
public ConflictException() {
super();
}
public ConflictException(String message) {
super(message);
}
public ConflictException(Throwable e) {
super(e);
}
}
}
\ No newline at end of file
......@@ -10,16 +10,16 @@ package edu.kit.scc.dao;
import java.util.List;
import edu.kit.scc.dto.UserDTO;
import edu.kit.scc.dto.IndigoUser;
public interface UserDAO {
public List<UserDTO> getAllUsers();
public interface IndigoUserDAO {
public List<IndigoUser> getAllUsers();
public List<UserDTO> getUserDetails(String uid);
public List<IndigoUser> getUserDetails(String uid);
public void insertUser(UserDTO userDTO);
public void insertUser(IndigoUser userDTO);
public void updateUser(UserDTO userDTO);
public void updateUser(IndigoUser userDTO);
public void deleteUser(UserDTO userDTO);
public void deleteUser(IndigoUser userDTO);
}
......@@ -10,18 +10,18 @@ package edu.kit.scc.dao;
import java.util.List;
import edu.kit.scc.dto.GroupDTO;
import edu.kit.scc.dto.PosixGroup;
public interface GroupDAO {
public List<GroupDTO> getAllGroups();
public interface PosixGroupDAO {
public List<PosixGroup> getAllGroups();
public List<GroupDTO> getGroupDetails(String commonName);
public List<PosixGroup> getGroupDetails(String commonName);
public void insertGroup(GroupDTO groupDTO);
public void insertGroup(PosixGroup groupDTO);
public void updateGroup(GroupDTO groupDTO);
public void updateGroup(PosixGroup groupDTO);
public void deleteGroup(GroupDTO groupDTO);
public void deleteGroup(PosixGroup groupDTO);
public void addMember(GroupDTO groupDTO, String memberUid);
public void addMember(PosixGroup groupDTO, String memberUid);
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dto;
public class IndigoUser extends PosixUser {
String indigoId;
public String getIndigoId() {
return indigoId;
}
public void setIndigoId(String indigoId) {
this.indigoId = indigoId;
}
@Override
public String toString() {
return "IndigoUser [" + (indigoId != null ? "indigoId=" + indigoId + ", " : "")
+ (uid != null ? "uid=" + uid + ", " : "")
+ (commonName != null ? "commonName=" + commonName + ", " : "")
+ (surName != null ? "surName=" + surName + ", " : "")
+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+ (description != null ? "description=" + description + ", " : "")
+ (gecos != null ? "gecos=" + gecos + ", " : "")
+ (loginShell != null ? "loginShell=" + loginShell + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword + ", " : "") + "uidNumber=" + uidNumber
+ ", gidNumber=" + gidNumber + "]";
}
}
\ No newline at end of file
......@@ -10,11 +10,13 @@ package edu.kit.scc.dto;
import java.util.List;
public class GroupDTO {
public class PosixGroup {
String commonName;
int gidNumber;
List<String> memberUids;
String description;
String userPassword;
public String getCommonName() {
return commonName;
......@@ -40,9 +42,27 @@ public class GroupDTO {
this.memberUids = memberUids;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getUserPassword() {
return userPassword;
}
public void setUserPassword(String userPassword) {
this.userPassword = userPassword;
}
@Override
public String toString() {
return "GroupDTO [" + (commonName != null ? "commonName=" + commonName + ", " : "") + "gidNumber=" + gidNumber
+ ", " + (memberUids != null ? "memberUids=" + memberUids : "") + "]";
return "PosixGroup [" + (commonName != null ? "commonName=" + commonName + ", " : "") + "gidNumber=" + gidNumber
+ ", " + (memberUids != null ? "memberUids=" + memberUids + ", " : "")
+ (description != null ? "description=" + description + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword : "") + "]";
}
}
......@@ -8,16 +8,44 @@
*/
package edu.kit.scc.dto;
public class UserDTO {
public class PosixUser {
String uid;
String commonName;
String surName;
String homeDirectory;
String description;
String gecos;
String loginShell;
String userPassword;
int uidNumber;
int gidNumber;
public String getGecos() {
return gecos;
}
public void setGecos(String gecos) {
this.gecos = gecos;
}
public String getLoginShell() {
return loginShell;
}
public void setLoginShell(String loginShell) {
this.loginShell = loginShell;
}
public String getUserPassword() {
return userPassword;
}
public void setUserPassword(String userPassword) {
this.userPassword = userPassword;
}
public String getUid() {
return uid;
}
......@@ -76,11 +104,14 @@ public class UserDTO {
@Override
public String toString() {
return "UserDTO [" + (uid != null ? "uid=" + uid + ", " : "")
return "PosixUser [" + (uid != null ? "uid=" + uid + ", " : "")
+ (commonName != null ? "commonName=" + commonName + ", " : "")
+ (surName != null ? "surName=" + surName + ", " : "")
+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+ (description != null ? "description=" + description + ", " : "") + "uidNumber=" + uidNumber
+ (description != null ? "description=" + description + ", " : "")
+ (gecos != null ? "gecos=" + gecos + ", " : "")
+ (loginShell != null ? "loginShell=" + loginShell + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword + ", " : "") + "uidNumber=" + uidNumber
+ ", gidNumber=" + gidNumber + "]";
}
}
\ No newline at end of file
}
......@@ -21,8 +21,8 @@ import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.stereotype.Component;
import edu.kit.scc.dto.GroupDTO;
import edu.kit.scc.dto.UserDTO;
import edu.kit.scc.dto.PosixGroup;
import edu.kit.scc.dto.IndigoUser;
/**
* LDAP client implementation.
......@@ -69,37 +69,37 @@ public class LdapClient {
}
@Bean
LdapUserDAO ldapUser(LdapTemplate ldapTemplate) {
LdapUserDAO ldapUserDAO = new LdapUserDAO();
LdapIndigoUserDAO ldapUser(LdapTemplate ldapTemplate) {
LdapIndigoUserDAO ldapUserDAO = new LdapIndigoUserDAO();
ldapUserDAO.setLdapTemplate(ldapTemplate);
ldapUserDAO.setUserBase(userBase);
return ldapUserDAO;
}
@Bean
LdapGroupDAO ldapGroup(LdapTemplate ldapTemplate) {
LdapGroupDAO ldapGroupDAO = new LdapGroupDAO();
LdapPosixGroupDAO ldapGroup(LdapTemplate ldapTemplate) {
LdapPosixGroupDAO ldapGroupDAO = new LdapPosixGroupDAO();
ldapGroupDAO.setLdapTemplate(ldapTemplate);
ldapGroupDAO.setGroupBase(groupBase);
return ldapGroupDAO;
}
@Autowired
private LdapUserDAO ldapUser;
private LdapIndigoUserDAO ldapUser;
@Autowired
private LdapGroupDAO ldapGroup;
private LdapPosixGroupDAO ldapGroup;
/**
* Gets the user specified from the LDAP server.
*
* @param uid
* the user's uid
* @return a {@link UserDTO} with the LDAP user information
* @return a {@link IndigoUser} with the LDAP user information
*/
public UserDTO getLdapUser(String uid) {
List<UserDTO> userList = ldapUser.getUserDetails(uid);
UserDTO user = null;
public IndigoUser getIndigoUser(String uid) {
List<IndigoUser> userList = ldapUser.getUserDetails(uid);
IndigoUser user = null;
if (userList != null && !userList.isEmpty()) {
user = userList.get(0);
......@@ -113,11 +113,11 @@ public class LdapClient {
*
* @param cn
* the group's common name
* @return a {@link GroupDTO} with the LDAP group information
* @return a {@link PosixGroup} with the LDAP group information
*/
public GroupDTO getLdapGroup(String cn) {
List<GroupDTO> groupList = ldapGroup.getGroupDetails(cn);
GroupDTO group = null;
public PosixGroup getPosixGroup(String cn) {
List<PosixGroup> groupList = ldapGroup.getGroupDetails(cn);
PosixGroup group = null;
if (groupList != null && !groupList.isEmpty()) {
group = groupList.get(0);
......@@ -131,10 +131,10 @@ public class LdapClient {
*
* @return a {@link List<UserDTO>} with the LDAP user information
*/
public List<UserDTO> getLdapUsers() {
List<UserDTO> userList = ldapUser.getAllUsers();
public List<IndigoUser> getIndigoUsers() {
List<IndigoUser> userList = ldapUser.getAllUsers();
for (int i = 0; i < userList.size(); i++)
log.debug("User {}", ((UserDTO) userList.get(i)).toString());
log.debug("User {}", ((IndigoUser) userList.get(i)).toString());
return userList;
}
......@@ -144,16 +144,16 @@ public class LdapClient {
*
* @return a {@link List<GroupDTO>} with the LDAP group information
*/
public List<GroupDTO> getLdapGroups() {
List<GroupDTO> groupList = ldapGroup.getAllGroups();
public List<PosixGroup> getPosixGroups() {
List<PosixGroup> groupList = ldapGroup.getAllGroups();
for (int i = 0; i < groupList.size(); i++)
log.debug("Group {}", ((GroupDTO) groupList.get(i)).toString());
log.debug("Group {}", ((PosixGroup) groupList.get(i)).toString());
return groupList;
}
/**
* Creates a new LDAP POSIX user.
* Creates a new LDAP INDIGO POSIX user.
*
* @param uid
* the user's uid
......@@ -169,17 +169,27 @@ public class LdapClient {
* the user's home directory
* @param description
* the user's description
* @param gecos
* the user's general comprehensive operating system information
* @param loginShell
* the user's login shell
* @param userPassword
* the user's password
*/
public void createUser(String uid, String cn, String sn, int uidNumber, int gidNumber, String homeDirectory,
String description) {
UserDTO user = new UserDTO();
public void createIndigoUser(String uid, String cn, String sn, String indigoId, int uidNumber, int gidNumber,
String homeDirectory, String description, String gecos, String loginShell, String userPassword) {
IndigoUser user = new IndigoUser();
user.setCommonName(cn);
user.setDescription(description);
user.setSurName(sn);
user.setUid(uid);
user.setGecos(gecos);
user.setIndigoId(indigoId);
user.setGidNumber(gidNumber);
user.setUidNumber(uidNumber);
user.setHomeDirectory(homeDirectory);
user.setLoginShell(loginShell);
user.setUserPassword(userPassword);
ldapUser.insertUser(user);
}
......@@ -200,28 +210,38 @@ public class LdapClient {
* the user's home directory
* @param description
* the user's description
* @param gecos
* the user's general comprehensive operating system information
* @param loginShell
* the user's login shell
* @param userPassword
* the user's password
*/
public void updateUser(String uid, String cn, String sn, int uidNumber, int gidNumber, String homeDirectory,
String description) {
UserDTO user = new UserDTO();
public void updateIndigoUser(String uid, String cn, String sn, String indigoId, int uidNumber, int gidNumber,
String homeDirectory, String description, String gecos, String loginShell, String userPassword) {
IndigoUser user = new IndigoUser();
user.setCommonName(cn);
user.setDescription(description);
user.setSurName(sn);
user.setUid(uid);
user.setGecos(gecos);
user.setIndigoId(indigoId);
user.setGidNumber(gidNumber);
user.setUidNumber(uidNumber);
user.setHomeDirectory(homeDirectory);
user.setLoginShell(loginShell);
user.setUserPassword(userPassword);
ldapUser.updateUser(user);
}
/**
* Deletes a specific LDAP POSIX user.
* Deletes a specific LDAP user.
*
* @param uid
* the user's uid
*/
public void deleteUser(String uid) {
UserDTO user = new UserDTO();
IndigoUser user = new IndigoUser();
user.setUid(uid);
ldapUser.deleteUser(user);
}
......@@ -233,11 +253,18 @@ public class LdapClient {
* the group's common name
* @param gidNumber
* the group's gid number
* @param the
* group's description
* @param the
* group's user password
*
*/
public void createGroup(String cn, int gidNumber) {
GroupDTO group = new GroupDTO();
public void createPosixGroup(String cn, int gidNumber, String description, String userPassword) {
PosixGroup group = new PosixGroup();
group.setCommonName(cn);
group.setGidNumber(gidNumber);
group.setDescription(description);
group.setUserPassword(userPassword);
ldapGroup.insertGroup(group);
}
......@@ -248,28 +275,43 @@ public class LdapClient {
* the group's common name
* @param gidNumber
* the group's gid number
* @param the
* group's description
* @param the
* group's user password
*
*/
public void updateGroup(String cn, int gidNumber) {
GroupDTO group = new GroupDTO();
public void updatePosixGroup(String cn, int gidNumber, String description, String userPassword) {
PosixGroup group = new PosixGroup();
group.setCommonName(cn);
group.setGidNumber(gidNumber);
group.setDescription(description);
group.setUserPassword(userPassword);
ldapGroup.updateGroup(group);
}
/**
* Deletes a specific LDAP POSIX group.
* Deletes a specific LDAP group.
*
* @param cn
* the group's common name
*/