This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 48c962a98e06781045633763127663a60c26ac03 Author: Juan Cabrerizo <[email protected]> AuthorDate: Fri Jul 16 16:41:59 2021 +0100 Flated context attributes --- .../core/mgmt/entitlement/WebEntitlementContext.java | 5 +---- .../rest/filter/EntitlementContextFilter.java | 20 +++++++------------- .../rest/security/provider/LdapSecurityProvider.java | 4 ++-- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/WebEntitlementContext.java b/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/WebEntitlementContext.java index a7673ae..f54653c 100644 --- a/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/WebEntitlementContext.java +++ b/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/WebEntitlementContext.java @@ -22,7 +22,6 @@ import org.apache.brooklyn.api.mgmt.entitlement.EntitlementContext; import org.apache.brooklyn.util.collections.MutableMap; import org.apache.brooklyn.util.javalang.JavaClassNames; -import java.util.HashMap; import java.util.Map; /** @@ -31,9 +30,7 @@ import java.util.Map; */ public class WebEntitlementContext implements EntitlementContext { - public static final String ENTITLEMENTS_ATTRIBUTES = "brooklyn.entitlements.attributes"; - - public static final String USER_ROLES = "brooklyn.entitlements.user.roles"; + public static final String USER_GROUPS = "brooklyn.entitlements.user.groups"; final String user; diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java index a904393..4a8bb67 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/filter/EntitlementContextFilter.java @@ -20,8 +20,6 @@ package org.apache.brooklyn.rest.filter; import java.io.IOException; import java.security.Principal; -import java.util.List; -import java.util.Map; import javax.annotation.Priority; import javax.servlet.http.HttpServletRequest; @@ -33,11 +31,11 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.SecurityContext; import javax.ws.rs.ext.Provider; -import com.google.common.collect.ImmutableMap; import org.apache.brooklyn.api.mgmt.entitlement.EntitlementContext; import org.apache.brooklyn.core.mgmt.entitlement.Entitlements; import org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext; import org.apache.brooklyn.rest.util.MultiSessionAttributeAdapter; +import org.apache.brooklyn.util.collections.MutableMap; import org.apache.brooklyn.util.text.Strings;; @Provider @@ -71,17 +69,13 @@ public class EntitlementContextFilter implements ContainerRequestFilter, Contain String remoteAddr = request.getRemoteAddr(); String uid = RequestTaggingRsFilter.getTag(); - List<String> userRoles = (List<String>) getAttributeFromSession(WebEntitlementContext.USER_ROLES); - Map<String, Object> entitlementAttributes = null; - if (userRoles != null) { - entitlementAttributes = ImmutableMap.of( - WebEntitlementContext.ENTITLEMENTS_ATTRIBUTES, - ImmutableMap.of( - WebEntitlementContext.USER_ROLES, - userRoles)); - } - WebEntitlementContext entitlementContext = new WebEntitlementContext(userName, remoteAddr, uri, uid, entitlementAttributes); + WebEntitlementContext entitlementContext = new WebEntitlementContext( + userName, + remoteAddr, + uri, + uid, + MutableMap.<String, Object>of().addIfNotNull(WebEntitlementContext.USER_GROUPS, getAttributeFromSession(WebEntitlementContext.USER_GROUPS))); Entitlements.setEntitlementContext(entitlementContext); } } diff --git a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java index 3d821b7..49cc4e4 100644 --- a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java +++ b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/security/provider/LdapSecurityProvider.java @@ -44,7 +44,7 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext.USER_ROLES; +import static org.apache.brooklyn.core.mgmt.entitlement.WebEntitlementContext.USER_GROUPS; /** * A {@link SecurityProvider} implementation that relies on LDAP to authenticate. @@ -110,7 +110,7 @@ public class LdapSecurityProvider extends AbstractSecurityProvider implements Se DirContext ctx = new InitialDirContext(env);// will throw if password is invalid if (fetchUserGroups) { // adds user groups ot eh session - sessionSupplierOnSuccess.get().setAttribute(USER_ROLES, getUserGroups(user, ctx)); + sessionSupplierOnSuccess.get().setAttribute(USER_GROUPS, getUserGroups(user, ctx)); } return allow(sessionSupplierOnSuccess.get(), user); } catch (NamingException e) {
