Example 31 with User
use of org.opencastproject.security.api.User in project opencast by opencast.
the class LdapUserProviderInstance method loadUserFromLdap.
/**
* Loads a user from LDAP.
*
* @param userName
* the username
* @return the user
*/
protected User loadUserFromLdap(String userName) {
if (delegate == null || cache == null) {
throw new IllegalStateException("The LDAP user detail service has not yet been configured");
}
ldapLoads.incrementAndGet();
UserDetails userDetails = null;
Thread currentThread = Thread.currentThread();
ClassLoader originalClassloader = currentThread.getContextClassLoader();
try {
currentThread.setContextClassLoader(LdapUserProviderFactory.class.getClassLoader());
try {
userDetails = delegate.loadUserByUsername(userName);
} catch (UsernameNotFoundException e) {
cache.put(userName, nullToken);
return null;
}
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
// Get the roles and add the extra roles
Collection<GrantedAuthority> authorities = new HashSet<>();
authorities.addAll(userDetails.getAuthorities());
authorities.addAll(setExtraRoles);
Set<JaxbRole> roles = new HashSet<>();
if (authorities != null) {
/*
* Please note the prefix logic for roles:
*
* - Roles that start with any of the "exclude prefixes" are left intact
* - In any other case, the "role prefix" is prepended to the roles read from LDAP
*
* This only applies to the prefix addition. The conversion to uppercase is independent from these
* considerations
*/
for (GrantedAuthority authority : authorities) {
String strAuthority = authority.getAuthority();
boolean hasExcludePrefix = false;
for (String excludePrefix : setExcludePrefixes) {
if (strAuthority.startsWith(excludePrefix)) {
hasExcludePrefix = true;
break;
}
}
if (!hasExcludePrefix) {
strAuthority = rolePrefix + strAuthority;
}
// Finally, add the role itself
roles.add(new JaxbRole(strAuthority, jaxbOrganization));
}
}
User user = new JaxbUser(userDetails.getUsername(), PROVIDER_NAME, jaxbOrganization, roles);
cache.put(userName, user);
return user;
} finally {
currentThread.setContextClassLoader(originalClassloader);
}
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
JaxbRole(org.opencastproject.security.api.JaxbRole)
HashSet(java.util.HashSet)
Example 32 with User
use of org.opencastproject.security.api.User in project opencast by opencast.
the class LdapUserProviderInstance method findUsers.
@Override
public Iterator<User> findUsers(String query, int offset, int limit) {
if (query == null)
throw new IllegalArgumentException("Query must be set");
// TODO implement a LDAP wildcard search
// FIXME We return the current user, rather than an empty list, to make sure the current user's role is displayed in
// the admin UI (MH-12526).
User currentUser = securityService.getUser();
if (loadUser(currentUser.getUsername()) != null) {
List<User> retVal = new ArrayList<>();
retVal.add(securityService.getUser());
return retVal.iterator();
}
return Collections.<User>emptyList().iterator();
}Example 33 with User
use of org.opencastproject.security.api.User in project opencast by opencast.
the class SakaiUserProviderInstance method getRolesForUser.
@Override
public List<Role> getRolesForUser(String userName) {
List<Role> roles = new LinkedList<Role>();
// Don't answer for admin, anonymous or empty user
if ("admin".equals(userName) || "".equals(userName) || "anonymous".equals(userName)) {
logger.debug("we don't answer for: " + userName);
return roles;
}
logger.debug("getRolesForUser(" + userName + ")");
User user = loadUser(userName);
if (user != null) {
logger.debug("Returning cached roleset for {}", userName);
return new ArrayList<Role>(user.getRoles());
}
// Not found
logger.debug("Return empty roleset for {} - not found on Sakai");
return new LinkedList<Role>();
}Example 34 with User
use of org.opencastproject.security.api.User in project opencast by opencast.
the class SakaiUserProviderInstance method loadUserFromSakai.
/**
* Loads a user from Sakai.
*
* @param userName
* the username
* @return the user
*/
protected User loadUserFromSakai(String userName) {
if (cache == null) {
throw new IllegalStateException("The Sakai user detail service has not yet been configured");
}
// Don't answer for admin, anonymous or empty user
if ("admin".equals(userName) || "".equals(userName) || "anonymous".equals(userName)) {
cache.put(userName, nullToken);
logger.debug("we don't answer for: " + userName);
return null;
}
logger.debug("In loadUserFromSakai, currently processing user : {}", userName);
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
// update cache statistics
sakaiLoads.incrementAndGet();
Thread currentThread = Thread.currentThread();
ClassLoader originalClassloader = currentThread.getContextClassLoader();
try {
// Sakai userId (internal id), email address and display name
String[] sakaiUser = getSakaiUser(userName);
if (sakaiUser == null) {
// user not known to this provider
logger.debug("User {} not found in Sakai system", userName);
cache.put(userName, nullToken);
return null;
}
String userId = sakaiUser[0];
String email = sakaiUser[1];
String displayName = sakaiUser[2];
// Get the set of Sakai roles for the user
String[] sakaiRoles = getRolesFromSakai(userId);
// if Sakai doesn't know about this user we need to return
if (sakaiRoles == null) {
cache.put(userName, nullToken);
return null;
}
logger.debug("Sakai roles for eid " + userName + " id " + userId + ": " + Arrays.toString(sakaiRoles));
Set<JaxbRole> roles = new HashSet<JaxbRole>();
boolean isInstructor = false;
for (String r : sakaiRoles) {
roles.add(new JaxbRole(r, jaxbOrganization, "Sakai external role", Role.Type.EXTERNAL));
if (r.endsWith(LTI_INSTRUCTOR_ROLE))
isInstructor = true;
}
// Group role for all Sakai users
roles.add(new JaxbRole(Group.ROLE_PREFIX + "SAKAI", jaxbOrganization, "Sakai Users", Role.Type.EXTERNAL_GROUP));
// Group role for Sakai users who are an instructor in one more sites
if (isInstructor)
roles.add(new JaxbRole(Group.ROLE_PREFIX + "SAKAI_INSTRUCTOR", jaxbOrganization, "Sakai Instructors", Role.Type.EXTERNAL_GROUP));
logger.debug("Returning JaxbRoles: " + roles);
// JaxbUser(String userName, String password, String name, String email, String provider, boolean canLogin, JaxbOrganization organization, Set<JaxbRole> roles)
User user = new JaxbUser(userName, null, displayName, email, PROVIDER_NAME, true, jaxbOrganization, roles);
cache.put(userName, user);
logger.debug("Returning user {}", userName);
return user;
} finally {
currentThread.setContextClassLoader(originalClassloader);
}
}
Also used :
JaxbRole(org.opencastproject.security.api.JaxbRole)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
JaxbUser(org.opencastproject.security.api.JaxbUser)
HashSet(java.util.HashSet)
Example 35 with User
use of org.opencastproject.security.api.User in project opencast by opencast.
the class UserAndRoleDirectoryServiceImpl method getUsers.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.UserDirectoryService#getUsers()
*/
@Override
@SuppressWarnings("unchecked")
public Iterator<User> getUsers() {
Organization org = securityService.getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set");
// Find all users from the user providers
Stream<User> users = Stream.empty();
for (final UserProvider userProvider : userProviders) {
String providerOrgId = userProvider.getOrganization();
if (!ALL_ORGANIZATIONS.equals(providerOrgId) && !org.getId().equals(providerOrgId))
continue;
users = users.append(IteratorUtils.toList(userProvider.getUsers())).sort(userComparator);
}
return users.iterator();
}
Also used :
Organization(org.opencastproject.security.api.Organization)
JaxbOrganization(org.opencastproject.security.api.JaxbOrganization)
User(org.opencastproject.security.api.User)
JaxbUser(org.opencastproject.security.api.JaxbUser)
UserProvider(org.opencastproject.security.api.UserProvider)
Aggregations
User (org.opencastproject.security.api.User)156
Organization (org.opencastproject.security.api.Organization)61
JaxbUser (org.opencastproject.security.api.JaxbUser)60
JaxbRole (org.opencastproject.security.api.JaxbRole)49
DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)44
SecurityService (org.opencastproject.security.api.SecurityService)43
NotFoundException (org.opencastproject.util.NotFoundException)32
Before (org.junit.Before)31
Test (org.junit.Test)27
ArrayList (java.util.ArrayList)26
UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)24
JaxbOrganization (org.opencastproject.security.api.JaxbOrganization)23
AccessControlList (org.opencastproject.security.api.AccessControlList)21
Role (org.opencastproject.security.api.Role)21
UserDirectoryService (org.opencastproject.security.api.UserDirectoryService)21
HashSet (java.util.HashSet)20
OrganizationDirectoryService (org.opencastproject.security.api.OrganizationDirectoryService)18
JpaUser (org.opencastproject.security.impl.jpa.JpaUser)17
IOException (java.io.IOException)16
MediaPackage (org.opencastproject.mediapackage.MediaPackage)16
