Example 1 with Groups
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups in project OA4MP by ncsa.
the class NCSAGroupHandler method parse.
/**
* The form of an LDAP record is cn=group,buncha stuff.
*
* @param jsonArray
* @return
*/
@Override
public Groups parse(JSONArray jsonArray) {
Groups groups = new Groups();
for (Object x : jsonArray) {
if (x instanceof String) {
String xx = (String) x;
int start = xx.indexOf("cn=");
if (start != -1) {
int end = xx.indexOf(",", start);
String groupName = xx.substring(start + 3, end);
int gid = 0;
try {
gid = getGroupID(groupName);
} catch (NamingException e) {
e.printStackTrace();
}
GroupElement g = null;
if (gid == -1) {
// no gid
g = new GroupElement(groupName);
} else {
g = new GroupElement(groupName, gid);
}
groups.put(g);
}
}
}
return groups;
}
Also used :
Groups(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups)
GroupElement(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.GroupElement)
NamingException(javax.naming.NamingException)
Example 2 with Groups
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups in project OA4MP by ncsa.
the class jIsMemberOf method execute.
@Override
public Object execute() {
if (claims.containsKey(OA2Claims.IS_MEMBER_OF)) {
Groups groups = null;
if (claims.get(OA2Claims.IS_MEMBER_OF) instanceof JSONArray) {
groups = new Groups();
groups.fromJSON((JSONArray) claims.get(OA2Claims.IS_MEMBER_OF));
}
if (claims.get(OA2Claims.IS_MEMBER_OF) instanceof Groups) {
groups = (Groups) claims.get(OA2Claims.IS_MEMBER_OF);
}
if (groups == null) {
throw new NFWException("Error: unrecognized group structure in claims");
}
boolean isMemberOfAll = true;
ArrayList<String> targetList = new ArrayList<>();
for (Object object : getArgs()) {
if (object instanceof JFunctor) {
JFunctor ff = (JFunctor) object;
ff.execute();
if (ff.getResult() != null) {
targetList.add(ff.getResult().toString());
}
} else {
targetList.add(object.toString());
}
}
for (String g : targetList) {
isMemberOfAll = isMemberOfAll && groups.keySet().contains(g);
}
result = isMemberOfAll;
} else {
result = false;
}
executed = true;
return result;
}
Also used :
NFWException(edu.uiuc.ncsa.security.core.exceptions.NFWException)
Groups(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.Groups)
JFunctor(edu.uiuc.ncsa.security.util.functor.JFunctor)
JSONArray(net.sf.json.JSONArray)
ArrayList(java.util.ArrayList)
Example 3 with Groups
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups in project OA4MP by ncsa.
the class LDAPClaimsSource method toJSON.
/**
* This takes the result of the search as a {@link NamingEnumeration} and set of attributes (from the
* configuration file) and returns a JSON object. The default is that singletons are returned as simple
* values while lists are recorded as arrays.
*
* @param attributes
* @param e
* @return
* @throws NamingException
*/
protected JSONObject toJSON(Map<String, LDAPConfigurationUtil.AttributeEntry> attributes, NamingEnumeration e, String userName) throws NamingException {
JSONObject json = new JSONObject();
if (!e.hasMoreElements()) {
DebugUtil.trace(this, "LDAP SEARCH RESULT IS EMPTY");
}
if (attributes.isEmpty()) {
// no attribute specified means return everything
return doEmptyAttrs(e);
}
while (e.hasMoreElements()) {
SearchResult entry = (SearchResult) e.next();
Attributes a = entry.getAttributes();
for (String attribID : attributes.keySet()) {
Attribute attribute = a.get(attribID);
if (attribute == null) {
continue;
}
if (attributes.get(attribID).isGroup) {
JSONArray jsonAttribs = new JSONArray();
for (int i = 0; i < attribute.size(); i++) {
jsonAttribs.add(attribute.get(i));
}
GroupHandler gg = null;
if (isNCSA()) {
gg = new NCSAGroupHandler(this, userName);
} else {
gg = getGroupHandler();
}
Groups groups = gg.parse(jsonAttribs);
json.put(attributes.get(attribID).targetName, groups.toJSON());
} else {
if (attribute.size() == 1) {
// Single-valued attributes are recorded as simple values
if (attributes.get(attribID).isList) {
// Convert a single value to a JSON array.
JSONArray jsonAttribs = new JSONArray();
jsonAttribs.add(attribute.get(0));
json.put(attributes.get(attribID).targetName, jsonAttribs);
} else {
json.put(attributes.get(attribID).targetName, attribute.get(0));
}
} else {
// Multi-valued attributes are recorded as arrays.
JSONArray jsonAttribs = new JSONArray();
for (int i = 0; i < attribute.size(); i++) {
jsonAttribs.add(attribute.get(i));
}
json.put(attributes.get(attribID).targetName, jsonAttribs);
}
}
}
}
return json;
}
Also used :
NCSAGroupHandler(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.NCSAGroupHandler)
JSONObject(net.sf.json.JSONObject)
JSONArray(net.sf.json.JSONArray)
NCSAGroupHandler(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.NCSAGroupHandler)
GroupHandler(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.GroupHandler)
Example 4 with Groups
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups in project OA4MP by ncsa.
the class ClaimSourceConfigConverter method convert.
/**
* Takes a {@link ClaimSource}, grabs it configuration and turns it in to a stem
* variable. This is used to pass back configurations to scripts.
*
* @param claimsSource
* @param type
* @return
*/
public static StemVariable convert(ClaimSource claimsSource, String type) {
StemVariable stem = new StemVariable();
ClaimSourceConfiguration cfg = claimsSource.getConfiguration();
setDefaultsInStem(cfg, stem);
// set the type in the stem for later.
stem.put(CS_DEFAULT_TYPE, type);
LDAPConfiguration cfg2 = null;
switch(type) {
case CS_TYPE_CODE:
if (!(claimsSource instanceof BasicClaimsSourceImpl)) {
throw new IllegalArgumentException("Error: Custom code must extend BasicClaimSourceImpl. The class \"" + claimsSource.getClass().getCanonicalName() + "\" does not.");
}
BasicClaimsSourceImpl basicClaimsSource = (BasicClaimsSourceImpl) claimsSource;
if (cfg.getProperty(CS_CODE_JAVA_CLASS) == null) {
throw new IllegalStateException("Error: No java class has been set for a custom claim source.");
}
for (String key : cfg.getProperties().keySet()) {
// First cut is just use strings
stem.put(key, cfg.getProperty(key));
}
break;
case CS_TYPE_FILE:
FSClaimSource fsClaimSource = (FSClaimSource) claimsSource;
stem.put(CS_FILE_FILE_PATH, cfg.getProperty(FSClaimSource.FILE_PATH_KEY));
if (cfg.getProperty(FSClaimSource.FILE_CLAIM_KEY) != null) {
stem.put(CS_FILE_CLAIM_KEY, cfg.getProperty(FSClaimSource.FILE_CLAIM_KEY));
}
stem.put(CS_USE_DEFAULT_KEY, fsClaimSource.isUseDefaultClaims());
if (fsClaimSource.getDefaultClaimName() != null) {
stem.put(CS_DEFAULT_CLAIM_NAME_KEY, fsClaimSource.getDefaultClaimName());
}
break;
case CS_TYPE_HEADERS:
if (cfg.getProperty(HTTPHeaderClaimsSource.PREFIX_KEY) != null) {
stem.put(CS_HEADERS_PREFIX, cfg.getProperty(HTTPHeaderClaimsSource.PREFIX_KEY));
}
break;
case CS_TYPE_NCSA:
cfg2 = (LDAPConfiguration) claimsSource.getConfiguration();
stem.put(CS_LDAP_SEARCH_FILTER_ATTRIBUTE, cfg2.getSearchFilterAttribute());
break;
case CS_TYPE_LDAP:
LDAPConfigurationUtil cUtil = new LDAPConfigurationUtil();
cfg2 = (LDAPConfiguration) claimsSource.getConfiguration();
stem.put(CS_LDAP_SEARCH_NAME, cfg2.getSearchNameKey());
stem.put(CS_LDAP_SERVER_ADDRESS, cfg2.getServer());
stem.put(CS_LDAP_CONTEXT_NAME, cfg2.getContextName());
stem.put(CS_LDAP_ADDITIONAL_FILTER, cfg2.getAdditionalFilter());
stem.put(CS_LDAP_PORT, new Long(cfg2.getPort()));
stem.put(CS_LDAP_AUTHZ_TYPE, cUtil.getAuthName(cfg2.getAuthType()));
stem.put(CS_LDAP_SEARCH_FILTER_ATTRIBUTE, cfg2.getSearchFilterAttribute());
if (cfg2.getAuthType() == LDAPConfigurationUtil.LDAP_AUTH_SIMPLE_KEY) {
stem.put(CS_LDAP_PASSWORD, cfg2.getPassword());
stem.put(CS_LDAP_SECURITY_PRINCIPAL, cfg2.getSecurityPrincipal());
}
if (cfg2.getSearchAttributes() != null && !cfg2.getSearchAttributes().isEmpty()) {
List<Object> groups = new ArrayList<>();
List<Object> names = new ArrayList<>();
List<Object> isList = new ArrayList<>();
StemVariable renames = new StemVariable();
for (String key : cfg2.getSearchAttributes().keySet()) {
LDAPConfigurationUtil.AttributeEntry attributeEntry = cfg2.getSearchAttributes().get(key);
names.add(attributeEntry.sourceName);
if (attributeEntry.targetName != null && !attributeEntry.targetName.equals(attributeEntry.sourceName)) {
renames.put(attributeEntry.sourceName, attributeEntry.targetName);
}
if (attributeEntry.isGroup) {
groups.add(attributeEntry.sourceName);
}
if (attributeEntry.isList) {
isList.add(attributeEntry.sourceName);
}
StemVariable nameStem = new StemVariable();
nameStem.addList(names);
stem.put(CS_LDAP_SEARCH_ATTRIBUTES, nameStem);
if (groups.size() != 0) {
StemVariable groupStem = new StemVariable();
groupStem.addList(groups);
stem.put(CS_LDAP_GROUP_NAMES, groupStem);
}
if (isList.size() != 0) {
StemVariable listStem = new StemVariable();
listStem.addList(isList);
stem.put(CS_LDAP_LISTS, listStem);
}
if (renames.size() != 0) {
stem.put(CS_LDAP_RENAME, renames);
}
}
}
break;
default:
throw new IllegalArgumentException("Error: Unknown source type");
}
return stem;
}
Also used :
FSClaimSource(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.FSClaimSource)
BasicClaimsSourceImpl(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
StemVariable(edu.uiuc.ncsa.qdl.variables.StemVariable)
ClaimSourceConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.claims.ClaimSourceConfiguration)
JSONObject(net.sf.json.JSONObject)
LDAPConfigurationUtil(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfigurationUtil)
Example 5 with Groups
use of edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups in project OA4MP by ncsa.
the class LDAPClaimsSource method toJSON.
/**
* This takes the result of the search as a {@link NamingEnumeration} and set of attributes (from the
* configuration file) and returns a JSON object. The default is that singletons are returned as simple
* values while lists are recorded as arrays.
*
* @param attributes
* @param e
* @return
* @throws NamingException
*/
protected JSONObject toJSON(Map<String, LDAPConfigurationUtil.AttributeEntry> attributes, NamingEnumeration e) throws NamingException {
DebugUtil.dbg(this, "starting to convert search results to JSON. " + attributes.size() + " results found.");
JSONObject json = new JSONObject();
while (e.hasMore()) {
SearchResult entry = (SearchResult) e.next();
Attributes a = entry.getAttributes();
for (String attribID : attributes.keySet()) {
Attribute attribute = a.get(attribID);
DebugUtil.dbg(this, "returned LDAP attribute=" + attribute);
if (attribute == null) {
continue;
}
if (attributes.get(attribID).isGroup) {
JSONArray jsonAttribs = new JSONArray();
for (int i = 0; i < attribute.size(); i++) {
jsonAttribs.add(attribute.get(i));
}
GroupHandler gg = null;
if (isNCSA()) {
gg = new NCSAGroupHandler(this);
} else {
gg = getGroupHandler();
}
Groups groups = gg.parse(jsonAttribs);
json.put(attributes.get(attribID).targetName, groups.toJSON());
} else {
if (attribute.size() == 1) {
// Single-valued attributes are recorded as simple values
if (attributes.get(attribID).isList) {
JSONArray jsonAttribs = new JSONArray();
jsonAttribs.add(attribute.get(0));
json.put(attributes.get(attribID).targetName, jsonAttribs);
} else {
json.put(attributes.get(attribID).targetName, attribute.get(0));
}
} else {
// Multi-valued attributes are recorded as arrays.
JSONArray jsonAttribs = new JSONArray();
for (int i = 0; i < attribute.size(); i++) {
jsonAttribs.add(attribute.get(i));
}
json.put(attributes.get(attribID).targetName, jsonAttribs);
}
}
}
}
DebugUtil.dbg(this, "LDAP search results=" + json);
return json;
}
Also used :
JSONObject(net.sf.json.JSONObject)
Groups(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups)
JSONArray(net.sf.json.JSONArray)
Aggregations
JSONObject (net.sf.json.JSONObject)6
JSONArray (net.sf.json.JSONArray)4
Groups (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.Groups)2
Groups (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.Groups)2
JFunctorTest (edu.uiuc.ncsa.security.util.JFunctorTest)2
HashMap (java.util.HashMap)2
Test (org.junit.Test)2
BasicClaimsSourceImpl (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.BasicClaimsSourceImpl)1
FSClaimSource (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.FSClaimSource)1
GroupElement (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.claims.GroupElement)1
GroupElement (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.scopeHandlers.GroupElement)1
ClaimsProcessor (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.ClaimsProcessor)1
GroupHandler (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.GroupHandler)1
NCSAGroupHandler (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.NCSAGroupHandler)1
OA2Client (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.clients.OA2Client)1
TXRecord (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.tx.TXRecord)1
AuthorizationPath (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.tokens.AuthorizationPath)1
AuthorizationTemplate (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.tokens.AuthorizationTemplate)1
AuthorizationTemplates (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.tokens.AuthorizationTemplates)1
StemVariable (edu.uiuc.ncsa.qdl.variables.StemVariable)1
