Examples with UserMapping com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping used on opensource projects

Search in sources :

Example 1 with UserMapping

use of com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping in project coprhd-controller by CoprHD.

the class TenantsService method addUserMappings.

/**
 * Add the list of user mappings to the tenant. Check for conflicting mappings that
 * already exist.
 *
 * @param tenant
 * @param userMappingParams
 */
private void addUserMappings(TenantOrg tenant, List<UserMappingParam> userMappingParams, StorageOSUser user) {
    List<UserMapping> userMappings = UserMapping.fromParamList(userMappingParams);
    Map<String, Map<URI, List<UserMapping>>> domainUserMappingMap = new HashMap<String, Map<URI, List<UserMapping>>>();
    for (UserMapping userMapping : userMappings) {
        if (null == userMapping.getDomain() || userMapping.getDomain().isEmpty()) {
            throw APIException.badRequests.requiredParameterMissingOrEmpty("domain");
        }
        trimGroupAndDomainNames(userMapping);
        if (!authNProviderExistsForDomain(userMapping.getDomain())) {
            throw APIException.badRequests.invalidParameter("domain", userMapping.getDomain());
        }
        String domain = userMapping.getDomain();
        Map<URI, List<UserMapping>> domainMappings = domainUserMappingMap.get(domain);
        if (null == domainMappings) {
            domainMappings = _permissionsHelper.getAllUserMappingsForDomain(domain);
            domainUserMappingMap.put(domain, domainMappings);
        }
        for (Entry<URI, List<UserMapping>> existingMappingEntry : domainMappings.entrySet()) {
            if (!tenant.getId().equals(existingMappingEntry.getKey())) {
                for (UserMapping existingMapping : existingMappingEntry.getValue()) {
                    if (userMapping.isMatch(existingMapping)) {
                        URI dupTenantURI = existingMappingEntry.getKey();
                        throw _permissionsHelper.userHasGivenRole(user, dupTenantURI, Role.TENANT_ADMIN) ? APIException.badRequests.userMappingDuplicatedInAnotherTenantExtended(userMapping.toString(), dupTenantURI.toString()) : APIException.badRequests.userMappingDuplicatedInAnotherTenant(userMapping.toString());
                    }
                }
            }
        }
        // user group and groups in authentication provider.
        if (!isValidMapping(userMapping)) {
            throw APIException.badRequests.invalidParameter("user_mapping", userMapping.toString());
        }
        tenant.addUserMapping(userMapping.getDomain(), userMapping.toString());
    }
}
Also used : UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) HashMap(java.util.HashMap) TenantOrgList(com.emc.storageos.model.tenant.TenantOrgList) NamedElementQueryResultList(com.emc.storageos.db.client.constraint.NamedElementQueryResultList) ArrayList(java.util.ArrayList) VcenterList(com.emc.storageos.model.host.vcenter.VcenterList) HostList(com.emc.storageos.model.host.HostList) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList) ClusterList(com.emc.storageos.model.host.cluster.ClusterList) VolumeGroupList(com.emc.storageos.model.application.VolumeGroupList) List(java.util.List) SchedulePolicyList(com.emc.storageos.model.schedulepolicy.SchedulePolicyList) BulkList(com.emc.storageos.api.service.impl.response.BulkList) ProjectList(com.emc.storageos.model.project.ProjectList) Map(java.util.Map) StringSetMap(com.emc.storageos.db.client.model.StringSetMap) HashMap(java.util.HashMap) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI)

Example 2 with UserMapping

use of com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping in project coprhd-controller by CoprHD.

the class StorageOSLdapPersonAttributeDao method getStorageOSUser.

/*
     * another implementation of getStorageOSUser which throws Exception with error message instead of using failure reason.
     */
@Override
public StorageOSUserDAO getStorageOSUser(final Credentials credentials) {
    final String username = ((UsernamePasswordCredentials) credentials).getUserName();
    ValidationFailureReason[] failureReason = new ValidationFailureReason[1];
    UserAndTenants userAndTenants = getStorageOSUserAndTenants(username, failureReason);
    if (userAndTenants == null) {
        switch(failureReason[0]) {
            case LDAP_CONNECTION_FAILED:
                throw SecurityException.fatals.communicationToLDAPResourceFailed();
            case LDAP_MANAGER_AUTH_FAILED:
                throw SecurityException.fatals.ldapManagerAuthenticationFailed();
            case USER_OR_GROUP_NOT_FOUND_FOR_TENANT:
            default:
                throw APIException.badRequests.principalSearchFailed(username);
        }
    }
    StorageOSUserDAO user = userAndTenants._user;
    Map<URI, UserMapping> tenants = userAndTenants._tenants;
    if (null == tenants || tenants.isEmpty()) {
        _log.error("User {} did not match any tenant", username);
        throw APIException.forbidden.userDoesNotMapToAnyTenancy(user.getUserName());
    }
    if (tenants.keySet().size() > 1) {
        _log.error("User {} mapped to tenants {}", username, tenants.keySet().toArray());
        throw APIException.forbidden.userBelongsToMultiTenancy(user.getUserName(), tenantName(tenants.keySet()));
    }
    user.setTenantId(tenants.keySet().iterator().next().toString());
    return user;
}
Also used : ValidationFailureReason(com.emc.storageos.auth.AuthenticationManager.ValidationFailureReason) StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) URI(java.net.URI) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials)

Example 3 with UserMapping

use of com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping in project coprhd-controller by CoprHD.

the class StorageOSLdapPersonAttributeDao method getStorageOSUserAndTenants.

private UserAndTenants getStorageOSUserAndTenants(String username, ValidationFailureReason[] failureReason, URI tenantURI, List<UserMapping> usermapping) {
    BasePermissionsHelper permissionsHelper = new BasePermissionsHelper(_dbClient, false);
    final String[] userDomain = username.split("@");
    if (userDomain.length < 2) {
        _log.error("Illegal username {} missing domain", username);
        failureReason[0] = ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT;
        return null;
    }
    final String domain = userDomain[1];
    final String ldapQuery = LdapFilterUtil.getPersonFilterWithValues(_filter, username);
    if (ldapQuery == null) {
        _log.error("Null query filter from string {} for username", _filter, username);
        failureReason[0] = ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT;
        return null;
    }
    StringSet authnProviderDomains = getAuthnProviderDomains(domain);
    List<String> attrs = new ArrayList<String>();
    Map<URI, List<UserMapping>> tenantToMappingMap = permissionsHelper.getAllUserMappingsForDomain(authnProviderDomains);
    if (_searchControls.getReturningAttributes() != null) {
        Collections.addAll(attrs, _searchControls.getReturningAttributes());
    }
    if (tenantURI != null) {
        tenantToMappingMap.put(tenantURI, usermapping);
    }
    printTenantToMappingMap(tenantToMappingMap);
    // Add attributes that need to be released for tenant mapping
    for (List<UserMapping> mappings : tenantToMappingMap.values()) {
        if (mappings == null) {
            continue;
        }
        for (UserMapping mapping : mappings) {
            if (mapping.getAttributes() != null && !mapping.getAttributes().isEmpty()) {
                for (UserMappingAttribute mappingAttribute : mapping.getAttributes()) {
                    attrs.add(mappingAttribute.getKey());
                }
            }
        }
    }
    // Now get the returning attributes from the userGroup table.
    getReturningAttributesFromUserGroups(permissionsHelper, domain, attrs);
    // Create search controls with the additional attributes to return
    SearchControls dnSearchControls = new SearchControls(_searchControls.getSearchScope(), _searchControls.getCountLimit(), _searchControls.getTimeLimit(), attrs.toArray(new String[attrs.size()]), _searchControls.getReturningObjFlag(), _searchControls.getDerefLinkFlag());
    Map<String, List<String>> userMappingAttributes = new HashMap<String, List<String>>();
    StorageOSUserMapper userMapper = new StorageOSUserMapper(username, getDistinguishedNameAttribute(), userMappingAttributes);
    // Execute the query
    @SuppressWarnings("unchecked") final List<StorageOSUserDAO> storageOSUsers = safeLdapSearch(_baseDN, ldapQuery, dnSearchControls, userMapper, failureReason);
    if (null == storageOSUsers) {
        _log.error("Query for user {} failed", username);
        return null;
    }
    StorageOSUserDAO storageOSUser = null;
    try {
        storageOSUser = DataAccessUtils.requiredUniqueResult(storageOSUsers);
        if (null == storageOSUser) {
            _log.error("Query for user {} yielded no results", username);
            failureReason[0] = ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT;
            return null;
        }
    } catch (IncorrectResultSizeDataAccessException ex) {
        _log.error("Query for user {} yielded incorrect number of results.", username, ex);
        failureReason[0] = ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT;
        return null;
    }
    // If the type is AD then fetch the users tokenGroups
    if (_type == AuthnProvider.ProvidersType.ad) {
        List<String> groups = queryTokenGroups(ldapQuery, storageOSUser);
        StringBuilder groupsString = new StringBuilder("[ ");
        for (String group : groups) {
            groupsString.append(group + " ");
            storageOSUser.addGroup(group);
        }
        groupsString.append("]");
        _log.debug("User {} adding groups {}", username, groupsString);
    } else {
        if (!updateGroupsAndRootGroupsInLDAPByMemberAttribute(storageOSUser, failureReason)) {
            // null means Exception has been thrown and error logged already, empty means no group found in LDAP/AD
            _log.info("User {} is not in any AD/LDAP groups.", storageOSUser.getDistinguishedName());
        }
    }
    // Add the user's group based on the attributes.
    addUserGroupsToUserGroupList(permissionsHelper, domain, storageOSUser);
    return new UserAndTenants(storageOSUser, mapUserToTenant(authnProviderDomains, storageOSUser, userMappingAttributes, tenantToMappingMap, failureReason));
}
Also used : UserMappingAttribute(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMappingAttribute) URI(java.net.URI) StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) IncorrectResultSizeDataAccessException(org.springframework.dao.IncorrectResultSizeDataAccessException) StringSet(com.emc.storageos.db.client.model.StringSet) LdapServerList(com.emc.storageos.auth.impl.LdapServerList) URIQueryResultList(com.emc.storageos.db.client.constraint.URIQueryResultList) SearchControls(javax.naming.directory.SearchControls) BasePermissionsHelper(com.emc.storageos.security.authorization.BasePermissionsHelper)

Example 4 with UserMapping

use of com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping in project coprhd-controller by CoprHD.

the class StorageOSLdapPersonAttributeDao method getStorageOSUser.

/*
     * @see com.emc.storageos.auth.StorageOSPersonAttributeDao#getPerson(java.lang.String)
     */
@Override
public StorageOSUserDAO getStorageOSUser(final Credentials credentials, ValidationFailureReason[] failureReason) {
    final String username = ((UsernamePasswordCredentials) credentials).getUserName();
    UserAndTenants userAndTenants = getStorageOSUserAndTenants(username, failureReason);
    if (null != userAndTenants) {
        StorageOSUserDAO user = userAndTenants._user;
        Map<URI, UserMapping> tenants = userAndTenants._tenants;
        if (null == tenants || tenants.isEmpty()) {
            _log.error("User {} did not match any tenant", username);
        } else if (tenants.keySet().size() > 1) {
            _log.error("User {} mapped to tenants {}", username, tenants.keySet().toArray());
        } else {
            user.setTenantId(tenants.keySet().iterator().next().toString());
        }
        return user;
    }
    return null;
}
Also used : StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO) UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) URI(java.net.URI) UsernamePasswordCredentials(org.apache.commons.httpclient.UsernamePasswordCredentials)

Example 5 with UserMapping

use of com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping in project coprhd-controller by CoprHD.

the class UserTenantResource method getUserTenant.

@GET
@Produces(MediaType.APPLICATION_XML)
public Response getUserTenant(@QueryParam("username") String username, @QueryParam("tenantURI") String tenantURI, @QueryParam("usermappings") String strUserMappings) {
    if (username == null || username.isEmpty()) {
        Response.status(Status.BAD_REQUEST).entity("Query parameter username is required").build();
    }
    Map<URI, UserMapping> userTenants = null;
    if (StringUtils.isEmpty(tenantURI)) {
        userTenants = _authManager.getUserTenants(username);
    } else {
        List<UserMapping> userMappings = null;
        if (!StringUtils.isEmpty(strUserMappings)) {
            userMappings = MarshallUtil.convertStringToUserMappingList(strUserMappings);
            _log.debug("usermapping parameter after convert: " + userMappings);
        }
        userTenants = _authManager.peekUserTenants(username, URI.create(tenantURI), userMappings);
    }
    if (null != userTenants) {
        UserTenantList userTenantList = new UserTenantList();
        userTenantList._userTenantList = new ArrayList<UserTenant>();
        for (Entry<URI, UserMapping> userTenantEntry : userTenants.entrySet()) {
            UserTenant userTenant = new UserTenant();
            userTenant._id = userTenantEntry.getKey();
            userTenant._userMapping = userTenantEntry.getValue();
            userTenantList._userTenantList.add(userTenant);
        }
        return Response.ok(userTenantList).build();
    }
    return Response.status(Status.BAD_REQUEST).entity(String.format("Invalid username")).build();
}
Also used : UserTenant(com.emc.storageos.security.resource.UserInfoPage.UserTenant) UserTenantList(com.emc.storageos.security.resource.UserInfoPage.UserTenantList) UserMapping(com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping) URI(java.net.URI) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET)

Aggregations

UserMapping (com.emc.storageos.security.authorization.BasePermissionsHelper.UserMapping)10 URI (java.net.URI)10 NamedURI (com.emc.storageos.db.client.model.NamedURI)4 StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)4 StringSetMap (com.emc.storageos.db.client.model.StringSetMap)4 TenantOrg (com.emc.storageos.db.client.model.TenantOrg)4 UserMappingAttribute (com.emc.storageos.security.authorization.BasePermissionsHelper.UserMappingAttribute)4 URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)3 StringSet (com.emc.storageos.db.client.model.StringSet)3 UsernamePasswordCredentials (org.apache.commons.httpclient.UsernamePasswordCredentials)3 ValidationFailureReason (com.emc.storageos.auth.AuthenticationManager.ValidationFailureReason)2 LdapServerList (com.emc.storageos.auth.impl.LdapServerList)2 AuthnProvider (com.emc.storageos.db.client.model.AuthnProvider)2 BasePermissionsHelper (com.emc.storageos.security.authorization.BasePermissionsHelper)2 BulkList (com.emc.storageos.api.service.impl.response.BulkList)1 NamedElementQueryResultList (com.emc.storageos.db.client.constraint.NamedElementQueryResultList)1 AbstractChangeTrackingSet (com.emc.storageos.db.client.model.AbstractChangeTrackingSet)1 DataObject (com.emc.storageos.db.client.model.DataObject)1 ObjectNamespace (com.emc.storageos.db.client.model.ObjectNamespace)1 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial