disabling activationWorkFlow if external SSO provider is enabled.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/66ca27c6 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/66ca27c6 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/66ca27c6 Branch: refs/heads/apigee-sso-provider Commit: 66ca27c6fadcd322dcb9f32f3fca2fd14f6bf1d0 Parents: 526748b Author: Ayesha Dastagiri <[email protected]> Authored: Thu Jul 7 16:34:47 2016 -0700 Committer: Ayesha Dastagiri <[email protected]> Committed: Thu Jul 7 16:34:47 2016 -0700 ---------------------------------------------------------------------- .../organizations/users/UsersResource.java | 13 +++++--- .../rest/management/users/UserResource.java | 4 +++ .../rest/management/users/UsersResource.java | 9 +++++- .../security/shiro/utils/SubjectUtils.java | 32 ++++++++------------ .../usergrid/security/tokens/TokenService.java | 10 ++++-- .../tokens/cassandra/TokenServiceImpl.java | 2 +- 6 files changed, 43 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java index 40ba92e..03106c0 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java @@ -129,11 +129,16 @@ public class UsersResource extends AbstractContextResource { } if ( user == null ) { - user = management.createAdminUser( organization.getUuid(), username, name, email, password, false, false ); - // A null may be returned if the user fails validation check - if ( user != null ) { - management.startAdminUserPasswordResetFlow( organization.getUuid(), user ); + if ( tokens.isExternalSSOProviderEnabled() ){ + user = management.createAdminUser(organization.getUuid(),username,name,email,password,true,false); + } + else { + user = management.createAdminUser(organization.getUuid(), username, name, email, password, false, false); + // A null may be returned if the user fails validation check + if (user != null) { + management.startAdminUserPasswordResetFlow(organization.getUuid(), user); + } } } http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index e431579..1c5bcdf 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -20,6 +20,7 @@ package org.apache.usergrid.rest.management.users; import com.fasterxml.jackson.jaxrs.json.annotation.JSONP; import net.tanesha.recaptcha.ReCaptchaImpl; import net.tanesha.recaptcha.ReCaptchaResponse; +import org.apache.shiro.SecurityUtils; import org.apache.usergrid.management.ActivationState; import org.apache.usergrid.management.UserInfo; import org.apache.usergrid.rest.AbstractContextResource; @@ -27,6 +28,7 @@ import org.apache.usergrid.rest.ApiResponse; import org.apache.usergrid.rest.exceptions.RedirectionException; import org.apache.usergrid.rest.management.users.organizations.OrganizationsResource; import org.apache.usergrid.rest.security.annotations.RequireAdminUserAccess; +import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier; import org.apache.usergrid.security.tokens.TokenInfo; import org.apache.usergrid.security.tokens.exceptions.TokenException; import org.apache.usergrid.services.ServiceResults; @@ -72,6 +74,8 @@ public class UserResource extends AbstractContextResource { public UserResource init( UserInfo user ) { this.user = user; + PrincipalIdentifier userPrincipal = (PrincipalIdentifier) SecurityUtils.getSubject().getPrincipal(); + this.token = userPrincipal.getAccessTokenCredentials().getToken(); return this; } http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java index 7356124..9730e06 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java @@ -138,7 +138,14 @@ public class UsersResource extends AbstractContextResource { ApiResponse response = createApiResponse(); response.setAction( "create user" ); - UserInfo user = management.createAdminUser( null, username, name, email, password, false, false ); + + UserInfo user = null; + if ( tokens.isExternalSSOProviderEnabled() ){ + user = management.createAdminUser(null,username,name,email,password,true,false); + } + else { + user = management.createAdminUser(null, username, name, email, password, false, false); + } Map<String, Object> result = new LinkedHashMap<String, Object>(); if ( user != null ) { result.put( "user", user ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java b/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java index 3b4b37d..822e2c0 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java @@ -17,34 +17,28 @@ package org.apache.usergrid.security.shiro.utils; -import java.util.Map; -import java.util.Set; -import java.util.UUID; - +import com.google.common.collect.BiMap; import com.google.common.collect.HashBiMap; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.apache.usergrid.management.ApplicationInfo; -import org.apache.usergrid.management.OrganizationInfo; -import org.apache.usergrid.management.UserInfo; -import org.apache.usergrid.security.shiro.PrincipalCredentialsToken; -import org.apache.usergrid.security.shiro.principals.UserPrincipal; - import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.UnavailableSecurityManagerException; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; +import org.apache.usergrid.management.ApplicationInfo; +import org.apache.usergrid.management.OrganizationInfo; +import org.apache.usergrid.management.UserInfo; +import org.apache.usergrid.persistence.index.query.Identifier; +import org.apache.usergrid.security.shiro.PrincipalCredentialsToken; +import org.apache.usergrid.security.shiro.principals.UserPrincipal; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -import com.google.common.collect.BiMap; +import java.util.Map; +import java.util.Set; +import java.util.UUID; import static org.apache.commons.lang.StringUtils.isNotBlank; -import org.apache.usergrid.persistence.index.query.Identifier; -import static org.apache.usergrid.security.shiro.Realm.ROLE_ADMIN_USER; -import static org.apache.usergrid.security.shiro.Realm.ROLE_APPLICATION_ADMIN; -import static org.apache.usergrid.security.shiro.Realm.ROLE_APPLICATION_USER; -import static org.apache.usergrid.security.shiro.Realm.ROLE_ORGANIZATION_ADMIN; -import static org.apache.usergrid.security.shiro.Realm.ROLE_SERVICE_ADMIN; +import static org.apache.usergrid.security.shiro.Realm.*; public class SubjectUtils { http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/services/src/main/java/org/apache/usergrid/security/tokens/TokenService.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/tokens/TokenService.java b/stack/services/src/main/java/org/apache/usergrid/security/tokens/TokenService.java index 2ef5d59..308c428 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/tokens/TokenService.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/tokens/TokenService.java @@ -17,11 +17,11 @@ package org.apache.usergrid.security.tokens; +import org.apache.usergrid.security.AuthPrincipalInfo; + import java.util.Map; import java.util.UUID; -import org.apache.usergrid.security.AuthPrincipalInfo; - public interface TokenService { @@ -65,4 +65,10 @@ public interface TokenService { * given principal uuid and application uuid */ public void removeTokens( AuthPrincipalInfo principal ) throws Exception; + + + /** + * checks if the external SSO provider is enabled. + */ + public boolean isExternalSSOProviderEnabled(); } http://git-wip-us.apache.org/repos/asf/usergrid/blob/66ca27c6/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java index 7beeb3b..14d685c 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java @@ -789,7 +789,7 @@ public class TokenServiceImpl implements TokenService { } - private boolean isExternalSSOProviderEnabled() { + public boolean isExternalSSOProviderEnabled() { return Boolean.valueOf(properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED )); }
