Examples with SecurityGroup org.olat.basesecurity.SecurityGroup used on opensource projects

Example 26 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class QuestionItemDAO method persist.

public void persist(Identity owner, QuestionItemImpl item) {
    if (item.getOwnerGroup() == null) {
        SecurityGroup ownerGroup = securityManager.createAndPersistSecurityGroup();
        item.setOwnerGroup(ownerGroup);
    }
    dbInstance.getCurrentEntityManager().persist(item);
    if (owner != null) {
        securityManager.addIdentityToSecurityGroup(owner, item.getOwnerGroup());
    }
}

Example 27 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class LDAPLoginManagerImpl method findIdentityByLdapAuthentication.

/**
 * Searches for Identity in OLAT.
 *
 * @param uid Name of Identity
 * @param errors LDAPError Object if user exits but not member of
 *          LDAPSecurityGroup
 *
 * @return Identity if it's found and member of LDAPSecurityGroup, null
 *         otherwise (if user exists but not managed by LDAP, error Object is
 *         modified)
 */
@Override
public Identity findIdentityByLdapAuthentication(Attributes attrs, LDAPError errors) {
    if (attrs == null) {
        errors.insert("findIdentyByLdapAuthentication: attrs::null");
        return null;
    }
    String uid = getAttributeValue(attrs.get(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER)));
    String token = getAttributeValue(attrs.get(syncConfiguration.getLdapUserLoginAttribute()));
    Identity identity = securityManager.findIdentityByNameCaseInsensitive(uid);
    if (identity == null) {
        return null;
    } else {
        SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
        if (ldapGroup == null) {
            log.error("Error getting user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
            return null;
        }
        boolean inSecurityGroup = securityManager.isIdentityInSecurityGroup(identity, ldapGroup);
        if (inSecurityGroup) {
            Authentication ldapAuth = securityManager.findAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP);
            if (ldapAuth == null) {
                // BUG Fixe: update the user and test if it has a ldap provider
                securityManager.createAndPersistAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP, token, null, null);
            } else if (StringHelper.containsNonWhitespace(token) && !token.equals(ldapAuth.getAuthusername())) {
                ldapAuth.setAuthusername(token);
                ldapAuth = securityManager.updateAuthentication(ldapAuth);
            }
            return identity;
        } else if (ldapLoginModule.isConvertExistingLocalUsersToLDAPUsers()) {
            // Add user to LDAP security group and add the ldap provider
            securityManager.createAndPersistAuthentication(identity, LDAPAuthenticationController.PROVIDER_LDAP, token, null, null);
            securityManager.addIdentityToSecurityGroup(identity, ldapGroup);
            log.info("Found identity by LDAP username that was not yet in LDAP security group. Converted user::" + uid + " to be an LDAP managed user");
            return identity;
        } else {
            errors.insert("findIdentyByLdapAuthentication: User with username::" + uid + " exist but not Managed by LDAP");
            return null;
        }
    }
}

Example 28 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class LDAPLoginManagerImpl method createAndPersistUser.

/**
 * Creates User in OLAT and ads user to LDAP securityGroup Required Attributes
 * have to be checked before this method.
 *
 * @param userAttributes Set of LDAP Attribute of User to be created
 */
@Override
public Identity createAndPersistUser(Attributes userAttributes) {
    // Get and Check Config
    String[] reqAttrs = syncConfiguration.checkRequestAttributes(userAttributes);
    if (reqAttrs != null) {
        log.warn("Can not create and persist user, the following attributes are missing::" + ArrayUtils.toString(reqAttrs), null);
        return null;
    }
    String uid = getAttributeValue(userAttributes.get(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER)));
    String email = getAttributeValue(userAttributes.get(syncConfiguration.getOlatPropertyToLdapAttribute(UserConstants.EMAIL)));
    // Lookup user
    if (securityManager.findIdentityByNameCaseInsensitive(uid) != null) {
        log.error("Can't create user with username='" + uid + "', this username does already exist in OLAT database", null);
        return null;
    }
    if (!MailHelper.isValidEmailAddress(email)) {
        // needed to prevent possibly an AssertException in findIdentityByEmail breaking the sync!
        log.error("Cannot try to lookup user " + uid + " by email with an invalid email::" + email, null);
        return null;
    }
    if (!userManager.isEmailAllowed(email)) {
        log.error("Can't create user with email='" + email + "', a user with that email does already exist in OLAT database", null);
        return null;
    }
    // Create User (first and lastname is added in next step)
    User user = userManager.createUser(null, null, email);
    // Set User Property's (Iterates over Attributes and gets OLAT Property out
    // of olatexconfig.xml)
    NamingEnumeration<? extends Attribute> neAttr = userAttributes.getAll();
    try {
        while (neAttr.hasMore()) {
            Attribute attr = neAttr.next();
            String olatProperty = mapLdapAttributeToOlatProperty(attr.getID());
            if (!attr.getID().equalsIgnoreCase(syncConfiguration.getOlatPropertyToLdapAttribute(LDAPConstants.LDAP_USER_IDENTIFYER))) {
                String ldapValue = getAttributeValue(attr);
                if (olatProperty == null || ldapValue == null)
                    continue;
                user.setProperty(olatProperty, ldapValue);
            }
        }
        // Add static user properties from the configuration
        Map<String, String> staticProperties = syncConfiguration.getStaticUserProperties();
        if (staticProperties != null && staticProperties.size() > 0) {
            for (Entry<String, String> staticProperty : staticProperties.entrySet()) {
                user.setProperty(staticProperty.getKey(), staticProperty.getValue());
            }
        }
    } catch (NamingException e) {
        log.error("NamingException when trying to create and persist LDAP user with username::" + uid, e);
        return null;
    } catch (Exception e) {
        // catch any exception here to properly log error
        log.error("Unknown exception when trying to create and persist LDAP user with username::" + uid, e);
        return null;
    }
    // Create Identity
    Identity identity = securityManager.createAndPersistIdentityAndUser(uid, null, user, LDAPAuthenticationController.PROVIDER_LDAP, uid);
    // Add to SecurityGroup LDAP
    SecurityGroup secGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
    securityManager.addIdentityToSecurityGroup(identity, secGroup);
    // Add to SecurityGroup OLATUSERS
    secGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
    securityManager.addIdentityToSecurityGroup(identity, secGroup);
    log.info("Created LDAP user username::" + uid);
    return identity;
}

Example 29 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class LDAPLoginManagerImpl method removeFallBackAuthentications.

/**
 * remove all cached authentications for fallback-login. useful if users logged in first with a default pw and changed it outside in AD/LDAP, but OLAT doesn't know about.
 * removing fallback-auths means login is only possible by AD/LDAP and if server is reachable!
 * see FXOLAT-284
 */
@Override
public void removeFallBackAuthentications() {
    if (ldapLoginModule.isCacheLDAPPwdAsOLATPwdOnLogin()) {
        SecurityGroup ldapGroup = securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
        if (ldapGroup == null) {
            log.error("Cannot get user from OLAT security group '" + LDAPConstants.SECURITY_GROUP_LDAP + "' : group does not exist", null);
        }
        List<Identity> ldapIdents = securityManager.getIdentitiesOfSecurityGroup(ldapGroup);
        log.info("found " + ldapIdents.size() + " identies in ldap security group");
        int count = 0;
        for (Identity identity : ldapIdents) {
            Authentication auth = securityManager.findAuthentication(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier());
            if (auth != null) {
                securityManager.deleteAuthentication(auth);
                count++;
            }
            if (count % 20 == 0) {
                dbInstance.intermediateCommit();
            }
        }
        log.info("removed cached authentications (fallback login provider: " + BaseSecurityModule.getDefaultAuthProviderIdentifier() + ") for " + count + " users.");
    }
}

Example 30 with SecurityGroup

use of org.olat.basesecurity.SecurityGroup in project OpenOLAT by OpenOLAT.

the class ImportAuthorOverviewIdentitiesController method loadModel.

private List<Identity> loadModel(List<String> keys) {
    // securityManager.getIdentitiesOfSecurityGroup(securityGroup);
    List<Identity> existIdents = Collections.emptyList();
    List<Identity> okIdentities = new ArrayList<Identity>();
    List<String> isanonymous = new ArrayList<String>();
    List<String> notfounds = new ArrayList<String>();
    List<String> alreadyin = new ArrayList<String>();
    SecurityGroup anonymousSecGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
    for (String identityKey : keys) {
        Identity ident = securityManager.loadIdentityByKey(Long.parseLong(identityKey));
        if (ident == null) {
            // not found, add to not-found-list
            notfounds.add(identityKey);
        } else if (securityManager.isIdentityInSecurityGroup(ident, anonymousSecGroup)) {
            isanonymous.add(identityKey);
        } else {
            // check if already in group
            boolean inGroup = PersistenceHelper.containsPersistable(existIdents, ident);
            if (inGroup) {
                // added to warning: already in group
                alreadyin.add(ident.getName());
            } else {
                // ok to add -> preview (but filter duplicate entries)
                if (!PersistenceHelper.containsPersistable(okIdentities, ident)) {
                    okIdentities.add(ident);
                }
            }
        }
    }
    return okIdentities;
}