HyLdap example

.gitignore

README.md

Example build directory.

See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2012-March/002964.html

To clone:

$ git clone git://gist.github.com/2158254.git components/hyldap
Cloning into 'components/hyldap'...
remote: Counting objects: 19, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 19 (delta 2), reused 16 (delta 2)
Receiving objects: 100% (19/19), done.
Resolving deltas: 100% (2/2), done.

To build:

$ ./build.py -f components/hyldap/build.xml
Buildfile: omero.git/components/hyldap/build.xml
Entering omero.git/components/hyldap...

retrieve:
:: Ivy 2.1.0 - 20090925235825 :: http://ant.apache.org/ivy/ ::
:: loading settings :: file = omero.git/etc/ivysettings.xml

prepare:
Created dir: omero.git/components/hyldap/target/generated/.done
Created dir: omero.git/components/hyldap/target/generated/src
Created dir: omero.git/components/hyldap/target/generated/resources
Created dir: omero.git/components/hyldap/target/classes
Created dir: omero.git/components/hyldap/target/test-classes
Created dir: omero.git/components/hyldap/target/reports
Copying 1 file to omero.git/components/hyldap/target/generated/resources
Copying 1 file to omero.git/components/hyldap/target/classes
Copying 1 file to omero.git/components/hyldap/target/generated/resources
Copying 1 file to omero.git/components/hyldap/target/classes
Copying 1 file to omero.git/components/hyldap/target/generated/resources
Copying 1 file to omero.git/components/hyldap/target/classes
Copying 1 file to omero.git/components/hyldap/target/generated/resources
Copying 1 file to omero.git/components/hyldap/target/classes

generate:
Copying 1 file to omero.git/components/hyldap/target/classes

compile:
Compiling 1 source file to omero.git/components/hyldap/target/classes
Deleting: omero.git/components/hyldap/_omero_build_1225728604.tmp

package:
Building jar: omero.git/components/hyldap/target/hyldap.jar

install:
:: delivering :: omero#hyldap;working@Josh-Moores-MacBook-Pro.local :: 4.3.3-DEV-ice33 :: integration :: Thu Mar 22 14:10:50 CET 2012
    delivering ivy file to omero.git/components/hyldap/target/ivy.xml
:: publishing :: omero#hyldap
    published hyldap to omero.git/etc/../target/repository/hyldap-4.3.3-DEV-ice33.jar
    published ivy to omero.git/etc/../target/repository/hyldap-4.3.3-DEV-ice33.ivy

BUILD SUCCESSFUL
Total time: 9 seconds

build.xml

<?xml version="1.0" encoding="utf-8"?>
<project name="hyldap" default="install" basedir=".">

    <property name="main.class" value="NONE"/>
    <property name="import.dir" value="${basedir}/../antlib/resources"/>
    <import file="${import.dir}/global.xml"/>
    <import file="${import.dir}/lifecycle.xml"/>
    <import file="${import.dir}/hibernate.xml"/>

</project>

HyHcNewUserGroupBean.java

/*
 *   $Id$
 *
 *   Copyright 2010 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */

package hyldap;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.HashMap;
import java.util.HashSet;

import ome.conditions.ValidationException;
import ome.security.SecuritySystem;
import ome.security.auth.AttributeSet;
import ome.security.auth.GroupAttributeMapper;
import ome.security.auth.LdapConfig;
import ome.security.auth.NewUserGroupBean;
import ome.security.auth.RoleProvider;

import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;
import org.springframework.ldap.core.LdapOperations;

/**
 * Implements group selection based on a hard-coded list of allowed groups.
 * 
 * @author Harri J채채linoja, harri.jaalinoja at helsinki.fi
 * @see SecuritySystem
 * @since Beta4.2
 */
public class HyHcNewUserGroupBean implements ome.security.auth.NewUserGroupBean, HyLdapAttributes {

    private HashMap allowedGroups;
    
    private final static Log log = LogFactory.getLog(HyHcNewUserGroupBean.class);


 
    public HyHcNewUserGroupBean() {
        allowedGroups = new HashMap();
        //allowedGroups.put("uid=grp-A91900-bi-vart,ou=alma_workgroups,ou=groups,o=hy","BI-Vartiainen");
        allowedGroups.put("uid=grp-A34520-biu,ou=alma_workgroups,ou=groups,o=hy","BIU");
        allowedGroups.put("uid=grp-A91900-lmu,ou=alma_workgroups,ou=groups,o=hy","LMU"); 
    }

    public List<Long> groups(String username, LdapConfig config,
            LdapOperations ldap, RoleProvider provider, AttributeSet attrSet) {

        log.debug("groups for " + username);
        Set<String> groupNames = new HashSet<String>();
        groupNames.addAll(attrSet.getAll(GROUP_MEMBER));
        groupNames.addAll(attrSet.getAll(GROUP_OWNER));
        if (groupNames.isEmpty()) {
            throw new ValidationException(username + " has no attributes "
                    + GROUP_MEMBER + " or " + GROUP_OWNER);
        }

        List<Long> groups = new ArrayList<Long>();
        for (String grpName : groupNames) {
            log.debug("grpName " + grpName);
            if (allowedGroups.containsKey(grpName)) {
                log.debug("grpName matched " + grpName);
                String grpOmeName = (String)allowedGroups.get(grpName);
                log.debug("grpName matched " + grpOmeName);
                groups.add(provider.createGroup(grpOmeName, null, false));
                log.debug("grpName matched, adding group 'user'");
                groups.add (new Long(1));
            }
        }   
        return groups;

    }

}

HyLdapAttributes.java

package hyldap;

public interface HyLdapAttributes {
    public final static String GROUP_MEMBER = "hyGroupMemberships";
    public final static String GROUP_OWNER = "hyGroupOwnerships";
}

hyldapConfig.xml

<hyldapconfig>
    <group ldapname="uid=grp-A91900-bi-vart,ou=alma_workgroups,ou=groups,o=hy" omename="BI-Vartiainen"/>
    <group ldapname="uid=grp-A34520-biu,ou=alma_workgroups,ou=groups,o=hy" omename="BIU"/>
</hyldapconfig >

HyNewUserGroupBean.java

/*
 *   $Id$
 *
 *   Copyright 2010 Glencoe Software, Inc. All rights reserved.
 *   Use is subject to license terms supplied in LICENSE.txt
 */

package hyldap;

import java.io.File;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.HashMap;
import java.util.HashSet;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;

import ome.api.IConfig;
import ome.conditions.ValidationException;
import ome.security.SecuritySystem;
import ome.security.auth.AttributeSet;
import ome.security.auth.GroupAttributeMapper;
import ome.security.auth.LdapConfig;
import ome.security.auth.NewUserGroupBean;
import ome.security.auth.RoleProvider;
import ome.system.ServiceFactory;

import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;
import org.springframework.ldap.core.LdapOperations;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;


/**
 * Implements group selection based on a group info found in OMERO configuration.
 * 
 * @author Harri Jäälinoja, harri.jaalinoja at helsinki.fi
 * @since Beta4.3
 */
public class HyNewUserGroupBean implements ome.security.auth.NewUserGroupBean, HyLdapAttributes {

    public final static String ELEM_CONFIG = "hyldapconfig";
    public final static String ELEM_GROUP = "group";
    public final static String ATTR_LDAPNAME = "ldapname";
    public final static String ATTR_OMENAME = "omename";
    
    private HashMap allowedGroups = new HashMap();
    private final static Log log = LogFactory.getLog(HyNewUserGroupBean.class);


 
    public HyNewUserGroupBean() {
        log.info("Initialized without config file, this may cause problems...");
    }

    public HyNewUserGroupBean(String configFile) {
        log.info("Initialized with config file: " + configFile);
        
        // open config file
        try {
            File f = new File(configFile);
            DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
            Document d = db.parse(f);
            Element config = d.getDocumentElement();
            NodeList groups = config.getElementsByTagName(ELEM_GROUP);
            
            Node n;
            String ldapname;
            String omename;
            for(int i=0;  i < groups.getLength(); i++) {
                n = groups.item(i);
                ldapname = n.getAttributes().getNamedItem(ATTR_LDAPNAME).getNodeValue();
                omename = n.getAttributes().getNamedItem(ATTR_OMENAME).getNodeValue();
                log.debug("ldapname: " + ldapname + ", omename: " + omename);
                allowedGroups.put(ldapname,omename);
            }
        }
        catch (Exception e) {
            log.error("Failed to parse config.",e);
        }
    }

    
    public List<Long> groups(String username, LdapConfig config,
            LdapOperations ldap, RoleProvider provider, AttributeSet attrSet) {

        log.debug("groups for " + username);
        Set<String> groupNames = new HashSet<String>();
        groupNames.addAll(attrSet.getAll(GROUP_MEMBER));
        groupNames.addAll(attrSet.getAll(GROUP_OWNER));
        if (groupNames.isEmpty()) {
            throw new ValidationException(username + " has no attributes "
                    + GROUP_MEMBER);
        }
        
        List<Long> groups = new ArrayList<Long>();
        for (String grpName : groupNames) {
            log.debug("grpName " + grpName);
            if (allowedGroups.containsKey(grpName)) {
                log.debug("grpName matched " + grpName);
                String grpOmeName = (String)allowedGroups.get(grpName);
                log.debug("grpName matched " + grpOmeName);
                groups.add(provider.createGroup(grpOmeName, null, false));
                log.debug("grpName matched, adding group 'user'");
                groups.add (new Long(1));
            }
        }   
        return groups;

    }
}

ivy.xml

<ivy-module version="1.0">
  <info
      organisation="omero"
      module="hyldap"
      status="integration"/>
  <configurations>
    <conf name="build"/>
    <conf name="server"/>
  </configurations>
  <publications>
    <artifact name="hyldap" type="jar"/>
  </publications>
  <dependencies defaultconfmapping="build,server->default">
    <!-- Internal -->
    <dependency name="server" rev="${omero.version}" changing="true" conf="build->build;server->server"/>
  </dependencies>
</ivy-module>

NewUserGroupBean.java

package hyldap;

import java.util.List;

import ome.security.SecuritySystem;
import ome.security.auth.*;

import org.springframework.ldap.core.LdapOperations;

/**
 * Strategy for finding the appropriate groups for a given user in LDAP.
 *
 * @author Josh Moore, josh at glencoesoftware.com
 * @see SecuritySystem
 * @since Beta4.2
 */
public interface NewUserGroupBean {

    /**
     *
     * @param config
     * @param ldap
     * @param provider
     * @param userProperties
     */
    List<Long> groups(String username,
            LdapConfig config, LdapOperations ldap, RoleProvider provider,
            AttributeSet attrSet);

}

service-hyldap.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

    <bean id="hyldapbean" class="hyldap.HyNewUserGroupBean">
        <constructor-arg value="/home/omero/hyldapConfig.xml"/>
    </bean>
    
    <bean id="hyldapbean_hc" class="hyldap.HyHcNewUserGroupBean"/>

</beans>

test.xml

<ivy-module version="1.0">
  <info
      organisation="omero"
      module="hyldap"
      status="integration"/>
  <configurations>
    <conf name="test"/>
  </configurations>
  <publications>
    <artifact name="hyldap-test" type="jar"/>
  </publications>
  <dependencies defaultconfmapping="test->*">
    <dependency name="hyldap" rev="${omero.version}" changing="true"/>
  </dependencies>
</ivy-module>