Commit d8af9811 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

clean up + code style

parent e1f942cc
Pipeline #1838 skipped
......@@ -9,6 +9,7 @@
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<checkstyle.config.location>google_checks.xml</checkstyle.config.location>
</properties>
<build>
......@@ -24,6 +25,27 @@
<skipTests>true</skipTests>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>2.17</version>
<executions>
<execution>
<id>validate</id>
<phase>validate</phase>
<configuration>
<configLocation>google_checks.xml</configLocation>
<encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<linkXRef>false</linkXRef>
</configuration>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import org.springframework.boot.SpringApplication;
......@@ -14,9 +15,14 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
/**
* Spring Boot Application Runner.
*
* @param args command line arguments
*/
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
SpringApplication.run(Application.class, args);
}
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
public class AuthenticationController {
private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);
@Value("${oauth2.authorizeUri}")
private String oauth2AuthorizeUri;
@Value("${oauth2.redirectUri}")
private String oauth2RedirectUri;
@Value("${oauth2.clientId}")
private String oauth2ClientId;
@RequestMapping("/login")
public String login(HttpServletResponse response, Model model) throws UnsupportedEncodingException {
String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
redirectUrl += oauth2ClientId;
redirectUrl += "&redirect_uri=";
redirectUrl += oauth2RedirectUri;
log.debug("Redirect to {}", redirectUrl);
try {
SecureRandom secRnd = new SecureRandom();
char[] VALID_CHARACTERS = "abcdefghijklmnopqrstuvwxyz".toCharArray();
char[] chars = new char[16];
for (int i = 0; i < chars.length; i++)
chars[i] = VALID_CHARACTERS[secRnd.nextInt(chars.length)];
} catch (Exception e) {
log.error("ERROR {}", e.getMessage());
}
return "redirect:" + redirectUrl;
}
@RequestMapping(path = "/oauth2")
public String oauth2Authentication(@RequestParam(value = "code", required = true) String code, Model model) {
log.debug(code);
model.addAttribute("code", code);
return "index";
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
package edu.kit.scc;
import edu.kit.scc.dto.PosixGroup;
import edu.kit.scc.dto.PosixUser;
......@@ -23,147 +16,169 @@ import edu.kit.scc.scim.ScimGroup;
import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUser.Meta;
@Component
public class IdentityHarmonizer {
private static final Logger log = LoggerFactory.getLogger(IdentityHarmonizer.class);
@Autowired
private LdapClient ldapClient;
public List<ScimUser> harmonizeIdentities(List<ScimUser> scimUsers) {
ArrayList<ScimUser> linkedUsers = new ArrayList<>();
ScimUser primaryUser = null;
for (ScimUser user : scimUsers) {
if (user.isActive()) {
primaryUser = user;
break;
}
}
if (scimUsers.remove(primaryUser)) {
PosixUser primaryPosixUser = ldapClient.getPosixUser(primaryUser.getUserName());
log.debug("Primary user {}", primaryPosixUser.toString());
Meta metaData = new Meta();
metaData.put("homeDirectory", primaryPosixUser.getHomeDirectory());
metaData.put("cn", primaryPosixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(primaryPosixUser.getGidNumber()));
metaData.put("uid", primaryPosixUser.getUid());
metaData.put("uidNumber", String.valueOf(primaryPosixUser.getUidNumber()));
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
primaryUser.setMeta(metaData);
import java.util.ArrayList;
import java.util.List;
List<PosixGroup> primaryGroups = ldapClient.getUserGroups(primaryUser.getUserName());
log.debug("Primary groups {}", primaryGroups.toString());
@Component
public class IdentityHarmonizer {
primaryUser.setGroups(new ArrayList<>());
private static final Logger log = LoggerFactory.getLogger(IdentityHarmonizer.class);
for (ScimUser secondaryUser : scimUsers) {
PosixUser secondaryPosixUser = ldapClient.getPosixUser(secondaryUser.getUserName());
log.debug("Secondary user {}", secondaryUser.toString());
@Autowired
private LdapClient ldapClient;
metaData = new Meta();
metaData.put("homeDirectory", secondaryPosixUser.getHomeDirectory());
metaData.put("cn", secondaryPosixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(secondaryPosixUser.getGidNumber()));
metaData.put("uid", secondaryPosixUser.getUid());
metaData.put("uidNumber", String.valueOf(secondaryPosixUser.getUidNumber()));
secondaryUser.setMeta(metaData);
List<PosixGroup> secondaryGroups = ldapClient.getUserGroups(secondaryUser.getUserName());
log.debug("Secondary groups {}", secondaryGroups.toString());
secondaryUser.setGroups(new ArrayList<>());
for (PosixGroup group : primaryGroups) {
List<String> members = group.getMemberUids();
log.debug("Group {} members {}", group.getCommonName(), members);
if (!members.contains(secondaryUser.getUserName())) {
ldapClient.addGroupMember(group.getCommonName(), secondaryUser.getUserName());
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
secondaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", secondaryUser.getUserName(), group.getCommonName());
}
}
for (PosixGroup group : secondaryGroups) {
List<String> members = group.getMemberUids();
log.debug("Group members {}", members);
if (!members.contains(primaryUser.getUserName())) {
ldapClient.addGroupMember(group.getCommonName(), primaryUser.getUserName());
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
primaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", primaryUser.getUserName(), group.getCommonName());
}
}
linkedUsers.add(secondaryUser);
secondaryPosixUser.setUidNumber(primaryPosixUser.getUidNumber());
secondaryPosixUser.setHomeDirectory(primaryPosixUser.getHomeDirectory());
ldapClient.updatePosixUser(secondaryPosixUser);
log.debug("Modified LDAP user {}", secondaryUser.toString());
}
linkedUsers.add(primaryUser);
}
return linkedUsers;
}
public List<ScimUser> unlinkUsers(List<ScimUser> scimUsers) {
ArrayList<ScimUser> unlinkedUsers = new ArrayList<>();
for (ScimUser user : scimUsers) {
PosixUser posixUser = ldapClient.getPosixUser(user.getUserName());
log.debug("Posix user {}", posixUser.toString());
for (ScimGroup group : user.getGroups()) {
ldapClient.removeGroupMember(group.getDisplay(), user.getUserName());
log.debug("Remove user {} from group {}", user.getUserName(), group.getDisplay());
}
if (!user.isActive() && user.getMeta() != null) {
posixUser.setHomeDirectory(user.getMeta().get("homeDirectory"));
posixUser.setUidNumber(Integer.valueOf(user.getMeta().get("uidNumber")));
ldapClient.updatePosixUser(posixUser);
log.debug("Modified LDAP user {}", posixUser.toString());
}
posixUser = ldapClient.getPosixUser(user.getUserName());
Meta metaData = new Meta();
metaData.put("homeDirectory", posixUser.getHomeDirectory());
metaData.put("cn", posixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(posixUser.getGidNumber()));
metaData.put("uid", posixUser.getUid());
metaData.put("uidNumber", String.valueOf(posixUser.getUidNumber()));
/**
* Links the users represented in the JSON serialized list of SCIM user's via LDAP locally.
*
* @param scimUsers the SCIM user's to link
* @return a list of JSON serialized SCIM user's containing the modification information
*/
public List<ScimUser> harmonizeIdentities(List<ScimUser> scimUsers) {
ArrayList<ScimUser> linkedUsers = new ArrayList<>();
ScimUser primaryUser = null;
for (ScimUser user : scimUsers) {
if (user.isActive()) {
primaryUser = user;
break;
}
}
if (scimUsers.remove(primaryUser)) {
PosixUser primaryPosixUser = ldapClient.getPosixUser(primaryUser.getUserName());
log.debug("Primary user {}", primaryPosixUser.toString());
Meta metaData = new Meta();
metaData.put("homeDirectory", primaryPosixUser.getHomeDirectory());
metaData.put("cn", primaryPosixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(primaryPosixUser.getGidNumber()));
metaData.put("uid", primaryPosixUser.getUid());
metaData.put("uidNumber", String.valueOf(primaryPosixUser.getUidNumber()));
user.setGroups(new ArrayList<>());
List<PosixGroup> posixGroups = ldapClient.getUserGroups(user.getUserName());
for (PosixGroup group : posixGroups) {
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
user.getGroups().add(scimGroup);
}
user.setActive(true);
unlinkedUsers.add(user);
}
return unlinkedUsers;
}
primaryUser.setMeta(metaData);
List<PosixGroup> primaryGroups = ldapClient.getUserGroups(primaryUser.getUserName());
log.debug("Primary groups {}", primaryGroups.toString());
primaryUser.setGroups(new ArrayList<>());
for (ScimUser secondaryUser : scimUsers) {
PosixUser secondaryPosixUser = ldapClient.getPosixUser(secondaryUser.getUserName());
log.debug("Secondary user {}", secondaryUser.toString());
metaData = new Meta();
metaData.put("homeDirectory", secondaryPosixUser.getHomeDirectory());
metaData.put("cn", secondaryPosixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(secondaryPosixUser.getGidNumber()));
metaData.put("uid", secondaryPosixUser.getUid());
metaData.put("uidNumber", String.valueOf(secondaryPosixUser.getUidNumber()));
secondaryUser.setMeta(metaData);
List<PosixGroup> secondaryGroups = ldapClient.getUserGroups(secondaryUser.getUserName());
log.debug("Secondary groups {}", secondaryGroups.toString());
secondaryUser.setGroups(new ArrayList<>());
for (PosixGroup group : primaryGroups) {
List<String> members = group.getMemberUids();
log.debug("Group {} members {}", group.getCommonName(), members);
if (!members.contains(secondaryUser.getUserName())) {
ldapClient.addGroupMember(group.getCommonName(), secondaryUser.getUserName());
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
secondaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", secondaryUser.getUserName(),
group.getCommonName());
}
}
for (PosixGroup group : secondaryGroups) {
List<String> members = group.getMemberUids();
log.debug("Group members {}", members);
if (!members.contains(primaryUser.getUserName())) {
ldapClient.addGroupMember(group.getCommonName(), primaryUser.getUserName());
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
primaryUser.getGroups().add(scimGroup);
log.debug("Adding user {} to group {}", primaryUser.getUserName(),
group.getCommonName());
}
}
linkedUsers.add(secondaryUser);
secondaryPosixUser.setUidNumber(primaryPosixUser.getUidNumber());
secondaryPosixUser.setHomeDirectory(primaryPosixUser.getHomeDirectory());
ldapClient.updatePosixUser(secondaryPosixUser);
log.debug("Modified LDAP user {}", secondaryUser.toString());
}
linkedUsers.add(primaryUser);
}
return linkedUsers;
}
/**
* Unlinks the users represented in the JSON serialized list of SCIM user's via LDAP locally.
*
* @param scimUsers the SCIM user's to unlink
* @return a list of JSON serialized SCIM user's containing the user's information after unlinking
*/
public List<ScimUser> unlinkUsers(List<ScimUser> scimUsers) {
ArrayList<ScimUser> unlinkedUsers = new ArrayList<>();
for (ScimUser user : scimUsers) {
PosixUser posixUser = ldapClient.getPosixUser(user.getUserName());
log.debug("Posix user {}", posixUser.toString());
for (ScimGroup group : user.getGroups()) {
ldapClient.removeGroupMember(group.getDisplay(), user.getUserName());
log.debug("Remove user {} from group {}", user.getUserName(), group.getDisplay());
}
if (!user.isActive() && user.getMeta() != null) {
posixUser.setHomeDirectory(user.getMeta().get("homeDirectory"));
posixUser.setUidNumber(Integer.valueOf(user.getMeta().get("uidNumber")));
ldapClient.updatePosixUser(posixUser);
log.debug("Modified LDAP user {}", posixUser.toString());
}
posixUser = ldapClient.getPosixUser(user.getUserName());
Meta metaData = new Meta();
metaData.put("homeDirectory", posixUser.getHomeDirectory());
metaData.put("cn", posixUser.getCommonName());
metaData.put("gidNumber", String.valueOf(posixUser.getGidNumber()));
metaData.put("uid", posixUser.getUid());
metaData.put("uidNumber", String.valueOf(posixUser.getUidNumber()));
user.setGroups(new ArrayList<>());
List<PosixGroup> posixGroups = ldapClient.getUserGroups(user.getUserName());
for (PosixGroup group : posixGroups) {
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(group.getCommonName());
scimGroup.setValue(String.valueOf(group.getGidNumber()));
user.getGroups().add(scimGroup);
}
user.setActive(true);
unlinkedUsers.add(user);
}
return unlinkedUsers;
}
}
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import java.util.List;
package edu.kit.scc;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.FormParam;
import edu.kit.scc.scim.ScimUser;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
......@@ -19,7 +17,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -27,170 +24,114 @@ import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import java.util.List;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.oidc.OidcClient;
import edu.kit.scc.regapp.RegAppClient;
import edu.kit.scc.scim.ScimListResponse;
import edu.kit.scc.scim.ScimUser;
import javax.servlet.http.HttpServletResponse;
@RestController
@RequestMapping("/rest")
public class RestServiceController {
private static Logger log = LoggerFactory.getLogger(RestServiceController.class);
@Value("${rest.serviceUsername}")
private String restUser;
@Value("${rest.servicePassword}")
private String restPassword;
@Autowired
private RegAppClient regAppClient;
@Autowired
private OidcClient oidcClient;
@Autowired
private IdentityHarmonizer identityHarmonizer;
@RequestMapping(path = "/link", method = RequestMethod.POST)
public List<ScimUser> linkUsers(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody List<ScimUser> scimUsers, HttpServletResponse response) {
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", scimUsers);
List<ScimUser> modifiedUsers = identityHarmonizer.harmonizeIdentities(scimUsers);
if (!modifiedUsers.isEmpty())
return modifiedUsers;
throw new ConflictException();
}
@RequestMapping(path = "/unlink", method = RequestMethod.POST)
public List<ScimUser> unlinkUsers(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody List<ScimUser> scimUsers, HttpServletResponse response) {
verifyAuthorization(basicAuthorization);
log.debug("Request body {}", scimUsers);
List<ScimUser> modifiedUsers = identityHarmonizer.unlinkUsers(scimUsers);
if (!modifiedUsers.isEmpty())
return modifiedUsers;
throw new ConflictException();
}
@RequestMapping(path = "/scim/Users", method = RequestMethod.POST, produces = "application/scim+json")
@ResponseStatus(value = HttpStatus.CREATED)
public ScimUser scimAddUser(@RequestHeader("Authorization") String basicAuthorization,
@RequestBody ScimUser scimUser, HttpServletResponse response) {
verifyAuthorization(basicAuthorization);