Examples with UnionizingLdapSearch org.pentaho.platform.plugin.services.security.userrole.ldap.search.UnionizingLdapSearch used on opensource projects

Example 1 with UnionizingLdapSearch

use of org.pentaho.platform.plugin.services.security.userrole.ldap.search.UnionizingLdapSearch in project pentaho-platform by pentaho.

the class DefaultLdapUserRoleListServiceTest method testGetUsernamesInRole4.

/**
 * Search for all users starting at <code>ou=groups</code>, looking for objects with
 * <code>(&(objectClass=groupOfUniqueNames)(cn={0}))</code>, and extracting the <code>uid</code> token of the
 * <code>uniqueMember</code> attribute. This search implies that the schema is setup such that a user's roles come
 * from that user's DN being present in the <code>uniqueMember</code> attribute of a child object under the
 * <code>ou=groups</code> object.
 *
 * @throws Exception
 */
@Test
public void testGetUsernamesInRole4() throws Exception {
    SearchControls con1 = new SearchControls();
    // $NON-NLS-1$
    con1.setReturningAttributes(new String[] { "uniqueMember" });
    LdapSearchParamsFactory paramFactory = // $NON-NLS-1$//$NON-NLS-2$
    new LdapSearchParamsFactoryImpl("ou=groups", "(&(objectClass=groupOfUniqueNames)(cn={0}))", con1);
    // $NON-NLS-1$ //$NON-NLS-2$
    Transformer transformer1 = new SearchResultToAttrValueList("uniqueMember", "uid");
    GrantedAuthorityToString transformer2 = new GrantedAuthorityToString();
    LdapSearch usernamesInRoleSearch = new GenericLdapSearch(getContextSource(), paramFactory, transformer1, transformer2);
    SearchControls con2 = new SearchControls();
    // $NON-NLS-1$
    con2.setReturningAttributes(new String[] { "uid" });
    LdapSearchParamsFactory paramFactory2 = // $NON-NLS-1$//$NON-NLS-2$
    new LdapSearchParamsFactoryImpl("ou=users", "(businessCategory=cn={0}*)", con2);
    // $NON-NLS-1$
    Transformer transformer3 = new SearchResultToAttrValueList("uid");
    GrantedAuthorityToString transformer4 = new GrantedAuthorityToString();
    LdapSearch usernamesInRoleSearch2 = new GenericLdapSearch(getContextSource(), paramFactory2, transformer3, transformer4);
    Set searches = new HashSet();
    searches.add(usernamesInRoleSearch);
    searches.add(usernamesInRoleSearch2);
    UnionizingLdapSearch unionSearch = new UnionizingLdapSearch(searches);
    unionSearch.afterPropertiesSet();
    DefaultLdapUserRoleListService userRoleListService = getDefaultLdapUserRoleListService();
    userRoleListService.setUsernamesInRoleSearch(unionSearch);
    // $NON-NLS-1$
    List<String> res = userRoleListService.getUsersInRole(null, "DEV");
    // $NON-NLS-1$
    assertTrue(res.contains("pat"));
    // $NON-NLS-1$
    assertTrue(res.contains("tiffany"));
    if (logger.isDebugEnabled()) {
        // $NON-NLS-1$
        logger.debug("results of getUsernamesInRole4() with role=ROLE_DEV: " + res);
    }
    // $NON-NLS-1$
    res = userRoleListService.getUsersInRole(null, "DEVELOPMENT");
    // $NON-NLS-1$
    assertTrue(res.contains("pat"));
    // $NON-NLS-1$
    assertTrue(res.contains("tiffany"));
    if (logger.isDebugEnabled()) {
        // $NON-NLS-1$
        logger.debug("results of getUsernamesInRole4() with role=DEVELOPMENT: " + res);
    }
}

Example 2 with UnionizingLdapSearch

use of org.pentaho.platform.plugin.services.security.userrole.ldap.search.UnionizingLdapSearch in project pentaho-platform by pentaho.

the class DefaultLdapUserRoleListServiceTest method testGetAllAuthorities3.

/**
 * Union the results of two different searches.
 * <ul>
 * <li>Search 1: Search for all roles (aka authorities) starting at <code>ou=groups</code>, looking for objects with
 * <code>objectClass=groupOfUniqueNames</code>, and returning the <code>cn</code> attribute.</li>
 * <li>Search 2: Search for all roles (aka authorities) starting at <code>ou=roles</code>, looking for objects with
 * <code>objectClass=organizationalRole</code>, and returning the <code>cn</code> attribute.</li>
 * </ul>
 */
@Test
public void testGetAllAuthorities3() throws Exception {
    SearchControls con1 = new SearchControls();
    // $NON-NLS-1$
    con1.setReturningAttributes(new String[] { "cn" });
    LdapSearchParamsFactory paramsFactory = // $NON-NLS-1$ //$NON-NLS-2$
    new LdapSearchParamsFactoryImpl("ou=roles", "(objectClass=organizationalRole)", con1);
    // $NON-NLS-1$
    Transformer one = new SearchResultToAttrValueList("cn");
    Transformer two = new StringToGrantedAuthority();
    Transformer[] transformers = { one, two };
    Transformer transformer = new ChainedTransformer(transformers);
    LdapSearch rolesSearch = new GenericLdapSearch(getContextSource(), paramsFactory, transformer);
    SearchControls con2 = new SearchControls();
    // $NON-NLS-1$
    con1.setReturningAttributes(new String[] { "cn" });
    LdapSearchParamsFactory paramsFactory2 = // $NON-NLS-1$//$NON-NLS-2$
    new LdapSearchParamsFactoryImpl("ou=groups", "(objectClass=groupOfUniqueNames)", con2);
    // $NON-NLS-1$
    Transformer oneB = new SearchResultToAttrValueList("cn");
    Transformer twoB = new StringToGrantedAuthority();
    Transformer[] transformers2 = { oneB, twoB };
    Transformer transformer2 = new ChainedTransformer(transformers2);
    LdapSearch rolesSearch2 = new GenericLdapSearch(getContextSource(), paramsFactory2, transformer2);
    Set searches = new HashSet();
    searches.add(rolesSearch);
    searches.add(rolesSearch2);
    UnionizingLdapSearch unionSearch = new UnionizingLdapSearch(searches);
    DefaultLdapUserRoleListService userRoleListService = getDefaultLdapUserRoleListService();
    userRoleListService.setAllAuthoritiesSearch(unionSearch);
    List res = userRoleListService.getAllRoles();
    // $NON-NLS-1$
    assertTrue(res.contains("ROLE_DEVMGR"));
    // $NON-NLS-1$
    assertTrue(res.contains("ROLE_DEVELOPMENT"));
    if (logger.isDebugEnabled()) {
        // $NON-NLS-1$
        logger.debug("results of getAllAuthorities3(): " + res);
    }
}