Commit b8e4d0c7 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

change to INDIGO LDAP user

parent c6ef842a
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<packaging>jar</packaging> <packaging>jar</packaging>
<properties> <properties>
<java.version>1.7</java.version> <java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties> </properties>
......
...@@ -9,6 +9,7 @@ ...@@ -9,6 +9,7 @@
package edu.kit.scc; package edu.kit.scc;
import java.text.ParseException; import java.text.ParseException;
import java.util.Arrays;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -24,6 +25,7 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens; ...@@ -24,6 +25,7 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import edu.kit.scc.http.HttpResponse; import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient; import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.scim.ScimClient; import edu.kit.scc.scim.ScimClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimUser; import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUserAttributeMapper; import edu.kit.scc.scim.ScimUserAttributeMapper;
...@@ -38,8 +40,13 @@ public class IdentityHarmonizer { ...@@ -38,8 +40,13 @@ public class IdentityHarmonizer {
@Autowired @Autowired
private OidcClient oidcClient; private OidcClient oidcClient;
public ScimUser harmonizeIdentities(String username, OIDCTokens tokens) { public ScimListResponse harmonizeIdentities(String username, OIDCTokens tokens) {
int identityCount = 0;
ScimUser scimUser = scimClient.getScimUser(username); ScimUser scimUser = scimClient.getScimUser(username);
if (scimUser != null)
identityCount++;
ScimUser scimUserFromJWT = null; ScimUser scimUserFromJWT = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper(); ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
...@@ -62,24 +69,48 @@ public class IdentityHarmonizer { ...@@ -62,24 +69,48 @@ public class IdentityHarmonizer {
if (userInfo != null) { if (userInfo != null) {
log.debug("User info {}", userInfo.toJSONObject().toJSONString()); log.debug("User info {}", userInfo.toJSONObject().toJSONString());
scimUserFromJWT = mapper.mapFromUserInfo(userInfo); scimUserFromJWT = mapper.mapFromUserInfo(userInfo);
if (scimUserFromJWT != null)
identityCount++;
} }
return mapper.merge(scimUser, scimUserFromJWT); ScimListResponse scimListResponse = new ScimListResponse();
scimListResponse
.setSchemas(Arrays.asList(scimListResponse.LIST_RESPONSE_SCHEMA, new ScimUser().USER_SCHEMA_2_0));
scimListResponse.setResources(Arrays.asList(scimUser, scimUserFromJWT));
scimListResponse.setTotalResults(identityCount);
log.debug("SCIM query response {}", scimListResponse.toString());
return scimListResponse;
} }
// Example Reg-App HttpResponse // Example Reg-App HttpResponse
// {"eppn":"ym0762@partner.kit.edu","last_update":"2016-02-02 // {"eppn":"ym0762@partner.kit.edu","last_update":"2016-02-02
// 11:47:49.489","email":"ym0762@partner.kit.edu"} // 11:47:49.489","email":"ym0762@partner.kit.edu"}
public ScimUser harmonizeIdentities(String username, HttpResponse regAppQuery) { public ScimListResponse harmonizeIdentities(String username, HttpResponse regAppQuery) {
int identityCount = 0;
ScimUser scimUser = scimClient.getScimUser(username); ScimUser scimUser = scimClient.getScimUser(username);
if (scimUser != null)
identityCount++;
ScimUser scimUserFromQuery = null; ScimUser scimUserFromQuery = null;
ScimUserAttributeMapper mapper = new ScimUserAttributeMapper(); ScimUserAttributeMapper mapper = new ScimUserAttributeMapper();
if (regAppQuery != null) { if (regAppQuery != null) {
log.debug("Reg-app query response {}", regAppQuery.toString()); log.debug("Reg-app query response {}", regAppQuery.toString());
scimUserFromQuery = mapper.mapFromRegAppQuery(regAppQuery.getResponseString()); scimUserFromQuery = mapper.mapFromRegAppQuery(regAppQuery.getResponseString());
if (scimUserFromQuery != null)
identityCount++;
} }
return mapper.merge(scimUser, scimUserFromQuery); ScimListResponse scimListResponse = new ScimListResponse();
scimListResponse.setSchemas(Arrays.asList(scimListResponse.LIST_RESPONSE_SCHEMA, scimUser.USER_SCHEMA_2_0));
scimListResponse.setResources(Arrays.asList(scimUser, scimUserFromQuery));
scimListResponse.setTotalResults(identityCount);
log.debug("SCIM query response {}", scimListResponse.toString());
return scimListResponse;
} }
} }
...@@ -8,7 +8,9 @@ ...@@ -8,7 +8,9 @@
*/ */
package edu.kit.scc; package edu.kit.scc;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam; import javax.ws.rs.FormParam;
import javax.ws.rs.HeaderParam;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger; import org.slf4j.Logger;
...@@ -29,6 +31,8 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens; ...@@ -29,6 +31,8 @@ import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import edu.kit.scc.http.HttpResponse; import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient; import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.regapp.RegAppClient; import edu.kit.scc.regapp.RegAppClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimService;
import edu.kit.scc.scim.ScimUser; import edu.kit.scc.scim.ScimUser;
@RestController @RestController
...@@ -52,13 +56,26 @@ public class RestServiceController { ...@@ -52,13 +56,26 @@ public class RestServiceController {
@Autowired @Autowired
private IdentityHarmonizer identityHarmonizer; private IdentityHarmonizer identityHarmonizer;
// expected body e.g. @Autowired
// password=password private ScimService scimService;
// password=https%3A%2F%2F512eebd9%3Fk%3D49806e48a5cd2941604eb9dfe321c3bc
// password=3D49806e48a5cd2941604eb9dfe321c3bc @RequestMapping(path = "/scim/Users", method = RequestMethod.POST, produces = "application/scim+json")
@ResponseStatus(value = HttpStatus.CREATED)
public ScimUser scimAddUser(@RequestHeader("Authorization") String basicAuthorization, @RequestBody String body,
HttpServletResponse response) {
ScimUser scimUser = new ScimUser();
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", body);
response.addHeader("Location", "");
return scimUser;
}
@RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST) @RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST)
public ScimUser ecpAuthentication(@PathVariable String regId, public ScimListResponse ecpAuthentication(@PathVariable String regId,
@RequestHeader("Authorization") String basicAuthorization, @FormParam("username") String username, @RequestHeader("Authorization") String basicAuthorization, @FormParam("username") String username,
@FormParam("password") String password, @RequestBody String body) { @FormParam("password") String password, @RequestBody String body) {
...@@ -125,4 +142,22 @@ public class RestServiceController { ...@@ -125,4 +142,22 @@ public class RestServiceController {
super(e); super(e);
} }
} }
}
@ResponseStatus(value = HttpStatus.CONFLICT)
public class ConflictException extends RuntimeException {
private static final long serialVersionUID = -9070725142810603956L;
public ConflictException() {
super();
}
public ConflictException(String message) {
super(message);
}
public ConflictException(Throwable e) {
super(e);
}
}
}
\ No newline at end of file
...@@ -10,16 +10,16 @@ package edu.kit.scc.dao; ...@@ -10,16 +10,16 @@ package edu.kit.scc.dao;
import java.util.List; import java.util.List;
import edu.kit.scc.dto.UserDTO; import edu.kit.scc.dto.IndigoUser;
public interface UserDAO { public interface IndigoUserDAO {
public List<UserDTO> getAllUsers(); public List<IndigoUser> getAllUsers();
public List<UserDTO> getUserDetails(String uid); public List<IndigoUser> getUserDetails(String uid);
public void insertUser(UserDTO userDTO); public void insertUser(IndigoUser userDTO);
public void updateUser(UserDTO userDTO); public void updateUser(IndigoUser userDTO);
public void deleteUser(UserDTO userDTO); public void deleteUser(IndigoUser userDTO);
} }
...@@ -10,18 +10,18 @@ package edu.kit.scc.dao; ...@@ -10,18 +10,18 @@ package edu.kit.scc.dao;
import java.util.List; import java.util.List;
import edu.kit.scc.dto.GroupDTO; import edu.kit.scc.dto.PosixGroup;
public interface GroupDAO { public interface PosixGroupDAO {
public List<GroupDTO> getAllGroups(); public List<PosixGroup> getAllGroups();
public List<GroupDTO> getGroupDetails(String commonName); public List<PosixGroup> getGroupDetails(String commonName);
public void insertGroup(GroupDTO groupDTO); public void insertGroup(PosixGroup groupDTO);
public void updateGroup(GroupDTO groupDTO); public void updateGroup(PosixGroup groupDTO);
public void deleteGroup(GroupDTO groupDTO); public void deleteGroup(PosixGroup groupDTO);
public void addMember(GroupDTO groupDTO, String memberUid); public void addMember(PosixGroup groupDTO, String memberUid);
} }
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc.dto;
public class IndigoUser extends PosixUser {
String indigoId;
public String getIndigoId() {
return indigoId;
}
public void setIndigoId(String indigoId) {
this.indigoId = indigoId;
}
@Override
public String toString() {
return "IndigoUser [" + (indigoId != null ? "indigoId=" + indigoId + ", " : "")
+ (uid != null ? "uid=" + uid + ", " : "")
+ (commonName != null ? "commonName=" + commonName + ", " : "")
+ (surName != null ? "surName=" + surName + ", " : "")
+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+ (description != null ? "description=" + description + ", " : "")
+ (gecos != null ? "gecos=" + gecos + ", " : "")
+ (loginShell != null ? "loginShell=" + loginShell + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword + ", " : "") + "uidNumber=" + uidNumber
+ ", gidNumber=" + gidNumber + "]";
}
}
\ No newline at end of file
...@@ -10,11 +10,13 @@ package edu.kit.scc.dto; ...@@ -10,11 +10,13 @@ package edu.kit.scc.dto;
import java.util.List; import java.util.List;
public class GroupDTO { public class PosixGroup {
String commonName; String commonName;
int gidNumber; int gidNumber;
List<String> memberUids; List<String> memberUids;
String description;
String userPassword;
public String getCommonName() { public String getCommonName() {
return commonName; return commonName;
...@@ -40,9 +42,27 @@ public class GroupDTO { ...@@ -40,9 +42,27 @@ public class GroupDTO {
this.memberUids = memberUids; this.memberUids = memberUids;
} }
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public String getUserPassword() {
return userPassword;
}
public void setUserPassword(String userPassword) {
this.userPassword = userPassword;
}
@Override @Override
public String toString() { public String toString() {
return "GroupDTO [" + (commonName != null ? "commonName=" + commonName + ", " : "") + "gidNumber=" + gidNumber return "PosixGroup [" + (commonName != null ? "commonName=" + commonName + ", " : "") + "gidNumber=" + gidNumber
+ ", " + (memberUids != null ? "memberUids=" + memberUids : "") + "]"; + ", " + (memberUids != null ? "memberUids=" + memberUids + ", " : "")
+ (description != null ? "description=" + description + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword : "") + "]";
} }
} }
...@@ -8,16 +8,44 @@ ...@@ -8,16 +8,44 @@
*/ */
package edu.kit.scc.dto; package edu.kit.scc.dto;
public class UserDTO { public class PosixUser {
String uid; String uid;
String commonName; String commonName;
String surName; String surName;
String homeDirectory; String homeDirectory;
String description; String description;
String gecos;
String loginShell;
String userPassword;
int uidNumber; int uidNumber;
int gidNumber; int gidNumber;
public String getGecos() {
return gecos;
}
public void setGecos(String gecos) {
this.gecos = gecos;
}
public String getLoginShell() {
return loginShell;
}
public void setLoginShell(String loginShell) {
this.loginShell = loginShell;
}
public String getUserPassword() {
return userPassword;
}
public void setUserPassword(String userPassword) {
this.userPassword = userPassword;
}
public String getUid() { public String getUid() {
return uid; return uid;
} }
...@@ -76,11 +104,14 @@ public class UserDTO { ...@@ -76,11 +104,14 @@ public class UserDTO {
@Override @Override
public String toString() { public String toString() {
return "UserDTO [" + (uid != null ? "uid=" + uid + ", " : "") return "PosixUser [" + (uid != null ? "uid=" + uid + ", " : "")
+ (commonName != null ? "commonName=" + commonName + ", " : "") + (commonName != null ? "commonName=" + commonName + ", " : "")
+ (surName != null ? "surName=" + surName + ", " : "") + (surName != null ? "surName=" + surName + ", " : "")
+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "") + (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+ (description != null ? "description=" + description + ", " : "") + "uidNumber=" + uidNumber + (description != null ? "description=" + description + ", " : "")
+ (gecos != null ? "gecos=" + gecos + ", " : "")
+ (loginShell != null ? "loginShell=" + loginShell + ", " : "")
+ (userPassword != null ? "userPassword=" + userPassword + ", " : "") + "uidNumber=" + uidNumber
+ ", gidNumber=" + gidNumber + "]"; + ", gidNumber=" + gidNumber + "]";
} }
} }
\ No newline at end of file
...@@ -21,8 +21,8 @@ import org.springframework.ldap.core.LdapTemplate; ...@@ -21,8 +21,8 @@ import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.LdapContextSource; import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import edu.kit.scc.dto.GroupDTO; import edu.kit.scc.dto.PosixGroup;
import edu.kit.scc.dto.UserDTO; import edu.kit.scc.dto.IndigoUser;
/** /**
* LDAP client implementation. * LDAP client implementation.
...@@ -69,37 +69,37 @@ public class LdapClient { ...@@ -69,37 +69,37 @@ public class LdapClient {
} }
@Bean @Bean
LdapUserDAO ldapUser(LdapTemplate ldapTemplate) { LdapIndigoUserDAO ldapUser(LdapTemplate ldapTemplate) {
LdapUserDAO ldapUserDAO = new LdapUserDAO(); LdapIndigoUserDAO ldapUserDAO = new LdapIndigoUserDAO();
ldapUserDAO.setLdapTemplate(ldapTemplate); ldapUserDAO.setLdapTemplate(ldapTemplate);
ldapUserDAO.setUserBase(userBase); ldapUserDAO.setUserBase(userBase);
return ldapUserDAO; return ldapUserDAO;
} }
@Bean @Bean
LdapGroupDAO ldapGroup(LdapTemplate ldapTemplate) { LdapPosixGroupDAO ldapGroup(LdapTemplate ldapTemplate) {
LdapGroupDAO ldapGroupDAO = new LdapGroupDAO(); LdapPosixGroupDAO ldapGroupDAO = new LdapPosixGroupDAO();
ldapGroupDAO.setLdapTemplate(ldapTemplate); ldapGroupDAO.setLdapTemplate(ldapTemplate);
ldapGroupDAO.setGroupBase(groupBase); ldapGroupDAO.setGroupBase(groupBase);
return ldapGroupDAO; return ldapGroupDAO;
} }
@Autowired @Autowired
private LdapUserDAO ldapUser; private LdapIndigoUserDAO ldapUser;
@Autowired @Autowired
private LdapGroupDAO ldapGroup; private LdapPosixGroupDAO ldapGroup;
/** /**
* Gets the user specified from the LDAP server. * Gets the user specified from the LDAP server.
* *
* @param uid * @param uid
* the user's uid * the user's uid
* @return a {@link UserDTO} with the LDAP user information * @return a {@link IndigoUser} with the LDAP user information
*/ */
public UserDTO getLdapUser(String uid) { public IndigoUser getIndigoUser(String uid) {
List<UserDTO> userList = ldapUser.getUserDetails(uid); List<IndigoUser> userList = ldapUser.getUserDetails(uid);
UserDTO user = null; IndigoUser user = null;
if (userList != null && !userList.isEmpty()) { if (userList != null && !userList.isEmpty()) {
user = userList.get(0); user = userList.get(0);
...@@ -113,11 +113,11 @@ public class LdapClient { ...@@ -113,11 +113,11 @@ public class LdapClient {
* *
* @param cn * @param cn
* the group's common name * the group's common name
* @return a {@link GroupDTO} with the LDAP group information * @return a {@link PosixGroup} with the LDAP group information
*/ */
public GroupDTO getLdapGroup(String cn) { public PosixGroup getPosixGroup(String cn) {
List<GroupDTO> groupList = ldapGroup.getGroupDetails(cn); List<PosixGroup> groupList = ldapGroup.getGroupDetails(cn);
GroupDTO group = null; PosixGroup group = null;
if (groupList != null && !groupList.isEmpty()) { if (groupList != null && !groupList.isEmpty()) {
group = groupList.get(0); group = groupList.get(0);
...@@ -131,10 +131,10 @@ public class LdapClient { ...@@ -131,10 +131,10 @@ public class LdapClient {
* *
* @return a {@link List<UserDTO>} with the LDAP user information * @return a {@link List<UserDTO>} with the LDAP user information
*/ */
public List<UserDTO> getLdapUsers() { public List<IndigoUser> getIndigoUsers() {
List<UserDTO> userList = ldapUser.getAllUsers(); List<IndigoUser> userList = ldapUser.getAllUsers();
for (int i = 0; i < userList.size(); i++) for (int i = 0; i < userList.size(); i++)
log.debug("User {}", ((UserDTO) userList.get(i)).toString()); log.debug("User {}", ((IndigoUser) userList.get(i)).toString());
return userList; return userList;
} }
...@@ -144,16 +144,16 @@ public class LdapClient { ...@@ -144,16 +144,16 @@ public class LdapClient {
* *
* @return a {@link List<GroupDTO>} with the LDAP group information * @return a {@link List<GroupDTO>} with the LDAP group information
*/ */
public List<GroupDTO> getLdapGroups() { public List<PosixGroup> getPosixGroups() {
List<GroupDTO> groupList = ldapGroup.getAllGroups(); List<PosixGroup> groupList = ldapGroup.getAllGroups();
for (int i = 0; i < groupList.size(); i++) for (int i = 0; i < groupList.size(); i++)
log.debug("Group {}", ((GroupDTO) groupList.get(i)).toString()); log.debug("Group {}", ((PosixGroup) groupList.get(i)).toString());