Example 41 with DbUser
use of org.ovirt.engine.core.common.businessentities.aaa.DbUser in project ovirt-engine by oVirt.
the class CreateUserSessionCommand method executeCommand.
@Override
protected void executeCommand() {
final AuthenticationProfile profile = AuthenticationProfileRepository.getInstance().getProfile(getParameters().getProfileName());
sourceIp = getParameters().getSourceIp();
if (profile == null) {
setSucceeded(false);
} else {
final DbUser user = buildUser(getParameters(), profile.getAuthzName());
boolean isAdmin = !roleDao.getAnyAdminRoleForUserAndGroups(user.getId(), StringUtils.join(user.getGroupIds(), ",")).isEmpty();
user.setAdmin(isAdmin);
setCurrentUser(user);
setUserName(String.format("%s@%s", getCurrentUser().getLoginName(), getCurrentUser().getDomain()));
if (getParameters().isAdminRequired() && !isAdmin) {
setSucceeded(false);
} else if (permissionDao.getEntityPermissionsForUserAndGroups(user.getId(), StringUtils.join(user.getGroupIds(), ","), ActionGroup.LOGIN, BOTTOM_OBJECT_ID, VdcObjectType.Bottom, true) == null) {
setSucceeded(false);
} else {
String engineSessionId = sessionDataContainer.generateEngineSessionId();
sessionDataContainer.setSourceIp(engineSessionId, getParameters().getSourceIp());
sessionDataContainer.setUser(engineSessionId, user);
sessionDataContainer.refresh(engineSessionId);
sessionDataContainer.setProfile(engineSessionId, profile);
sessionDataContainer.setPrincipalName(engineSessionId, getParameters().getPrincipalName());
sessionDataContainer.setSsoAccessToken(engineSessionId, getParameters().getSsoToken());
sessionDataContainer.setSsoOvirtAppApiScope(engineSessionId, getParameters().getAppScope());
getReturnValue().setActionReturnValue(engineSessionId);
setSucceeded(true);
sessionId = engineSessionId;
}
}
}
Also used :
AuthenticationProfile(org.ovirt.engine.core.aaa.AuthenticationProfile)
DbUser(org.ovirt.engine.core.common.businessentities.aaa.DbUser)
Example 42 with DbUser
use of org.ovirt.engine.core.common.businessentities.aaa.DbUser in project ovirt-engine by oVirt.
the class DirectoryUtils method mapPrincipalRecordToDbUser.
public DbUser mapPrincipalRecordToDbUser(String authz, ExtMap principal) {
principal = principal.clone();
flatGroups(principal);
DbUser dbUser = dbUserDao.getByExternalId(authz, principal.get(PrincipalRecord.ID));
Guid userId = dbUser != null ? dbUser.getId() : Guid.newGuid();
dbUser = new DbUser(mapPrincipalRecordToDirectoryUser(authz, principal));
dbUser.setId(userId);
Set<Guid> groupIds = new HashSet<>();
Set<String> groupsNames = new HashSet<>();
for (ExtMap group : principal.<Collection<ExtMap>>get(PrincipalRecord.GROUPS, Collections.<ExtMap>emptyList())) {
DbGroup dbGroup = dbGroupDao.getByExternalId(authz, group.get(GroupRecord.ID));
if (dbGroup != null) {
groupIds.add(dbGroup.getId());
groupsNames.add(dbGroup.getName());
}
}
dbUser.setGroupIds(groupIds);
dbUser.setGroupNames(groupsNames);
return dbUser;
}Example 43 with DbUser
use of org.ovirt.engine.core.common.businessentities.aaa.DbUser in project ovirt-engine by oVirt.
the class LoginOnBehalfCommand method executeCommand.
@Override
protected void executeCommand() {
try {
DbUser dbUser = getDbUser();
logInfo = String.format("for user %s", dbUser.getLoginName());
getReturnValue().setActionReturnValue(createSession(dbUser, dbUser.getDomain(), loginOnBehalf(dbUser)));
setSucceeded(true);
} catch (Exception ex) {
log.error("Unable to create engine session: {}", ex.getMessage());
log.debug("Unable to create engine session", ex);
}
}
Also used :
EngineException(org.ovirt.engine.core.common.errors.EngineException)
DbUser(org.ovirt.engine.core.common.businessentities.aaa.DbUser)
Example 44 with DbUser
use of org.ovirt.engine.core.common.businessentities.aaa.DbUser in project ovirt-engine by oVirt.
the class LoginOnBehalfCommand method createSession.
private String createSession(DbUser mappedUser, String authzName, ExtMap principalRecord) {
directoryUtils.flatGroups(principalRecord);
DbUser dbUser = directoryUtils.mapPrincipalRecordToDbUser(authzName, principalRecord);
dbUser.setId(mappedUser.getId());
String engineSessionId;
byte[] s = new byte[64];
new SecureRandom().nextBytes(s);
engineSessionId = new Base64(0).encodeToString(s);
sessionDataContainer.setUser(engineSessionId, dbUser);
sessionDataContainer.refresh(engineSessionId);
return engineSessionId;
}
Also used :
Base64(org.apache.commons.codec.binary.Base64)
SecureRandom(java.security.SecureRandom)
DbUser(org.ovirt.engine.core.common.businessentities.aaa.DbUser)
Example 45 with DbUser
use of org.ovirt.engine.core.common.businessentities.aaa.DbUser in project ovirt-engine by oVirt.
the class LoginOnBehalfCommand method getDbUserForPrincipalName.
private DbUser getDbUserForPrincipalName(String principalName, String authzName) {
Map<String, Object> response = SsoOAuthServiceUtils.fetchPrincipalRecord(getSessionDataContainer().getSsoAccessToken(getParameters().getSessionId()), authzName, principalName, false, false);
ExtMap principalRecord = null;
if (response.containsKey("result")) {
Collection<ExtMap> records = (Collection<ExtMap>) response.get("result");
if (!records.isEmpty()) {
principalRecord = records.iterator().next();
}
}
if (principalRecord == null) {
throw new EngineException(EngineError.PRINCIPAL_NOT_FOUND, String.format("%s in domain '%s", principalName, authzName));
}
DbUser user = new DbUser(directoryUtils.mapPrincipalRecordToDirectoryUser(authzName, principalRecord));
user.setId(Guid.newGuid());
return user;
}
Also used :
ExtMap(org.ovirt.engine.api.extensions.ExtMap)
EngineException(org.ovirt.engine.core.common.errors.EngineException)
Collection(java.util.Collection)
DbUser(org.ovirt.engine.core.common.businessentities.aaa.DbUser)
Aggregations
DbUser (org.ovirt.engine.core.common.businessentities.aaa.DbUser)109
Test (org.junit.Test)26
ArrayList (java.util.ArrayList)18
Guid (org.ovirt.engine.core.compat.Guid)18
DbGroup (org.ovirt.engine.core.common.businessentities.aaa.DbGroup)13
ActionParametersBase (org.ovirt.engine.core.common.action.ActionParametersBase)10
HashSet (java.util.HashSet)9
EntityModel (org.ovirt.engine.ui.uicommonweb.models.EntityModel)9
HashMap (java.util.HashMap)8
QueryReturnValue (org.ovirt.engine.core.common.queries.QueryReturnValue)8
Collection (java.util.Collection)7
Before (org.junit.Before)7
Permission (org.ovirt.engine.core.common.businessentities.Permission)7
List (java.util.List)5
Map (java.util.Map)5
AttachEntityToTagParameters (org.ovirt.engine.core.common.action.AttachEntityToTagParameters)5
PermissionsOperationsParameters (org.ovirt.engine.core.common.action.PermissionsOperationsParameters)5
UICommand (org.ovirt.engine.ui.uicommonweb.UICommand)5
ConfirmationModel (org.ovirt.engine.ui.uicommonweb.models.ConfirmationModel)5
TagListModel (org.ovirt.engine.ui.uicommonweb.models.tags.TagListModel)5
