Justin Hammond has uploaded a new change for review. Change subject: engine: Integrate Atlassian Crowd Client as a new Authentication Domain ......................................................................
engine: Integrate Atlassian Crowd Client as a new Authentication Domain This adds support to ovirt to authenticate against a Crowd Authentication Server. Crowd (http://www.atlassian.com/crowd/ is both a Single Sign-on and Federation Authentication Server. It connects to AD, LDAP, Databases and other Atlassian products and provides a single authentication endpoint for applications to authenticate against. In this implementation, I've added a new domain hardcoded to Crowd and when users login with either a user@crowd or select crowd via the web interface, the engine calls the Atlassian Client which sends off the authentication request to the Crowd Server via a REST/Soap interface. In our ovirt setup, we are using ovirt as a build host, and have both a number of internal (via AD) and external (via database) users that would need to login to ovirt to start/stop build images etc for testing, development etc. by implementing crowd support, I only have to point ovirt at one server, rather than have multiple servers (and our security group don't like external internet facing servers talking direct to our AD servers!) To enable it, apart from having a working crowd server (free for OSS projects), just drop the provided crowd.properties file into the /etc/ovirt-engine/ directory and as long as ovirt can successfully login to the crowd server, you will have a new domain on the webinterfaces and can start adding users and permissions via the webadmin. SSO is not implemented here as it would require someway of passing the session from the webadmin/userportal to the engine to authenticate against crowd. Change-Id: Ide867f16d092eb329c0ce2fccf4ebd02f3aae0df Signed-off-by: Justin Hammond <jus...@dynam.ac> --- A backend/manager/conf/crowd.properties M backend/manager/modules/bll/pom.xml A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CrowdBrokerImpl.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdAuthenticateUserCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerCommandBase.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerUtils.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdGroupByGroupIdCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdListCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserNameCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchGroupsByQueryCommand.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchUserByQueryCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerUtils.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapFactory.java 14 files changed, 597 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/24/9324/1 diff --git a/backend/manager/conf/crowd.properties b/backend/manager/conf/crowd.properties new file mode 100644 index 0000000..cc6faf8 --- /dev/null +++ b/backend/manager/conf/crowd.properties @@ -0,0 +1,9 @@ +#Crowd Server Configuration +session.lastvalidation=session.lastvalidation +session.isauthenticated=session.isauthenticated +application.password=<the ovirt password in crowd> +application.name=<the ovirt username in crowd> +session.validationinterval=0 +crowd.server.url=http://<crowd url>/crowd/services/ +session.tokenkey=session.tokenkey +application.login.url=http://ovirturl/ diff --git a/backend/manager/modules/bll/pom.xml b/backend/manager/modules/bll/pom.xml index 67cee2c..934e953 100644 --- a/backend/manager/modules/bll/pom.xml +++ b/backend/manager/modules/bll/pom.xml @@ -163,6 +163,12 @@ <version>${javax.ejb.api.version}</version> </dependency> + <dependency> + <groupId>com.atlassian.crowd</groupId> + <artifactId>crowd-integration-client-rest</artifactId> + <version>2.3.6</version> + </dependency> + </dependencies> <build> @@ -266,4 +272,10 @@ </profile> </profiles> + <repositories> + <repository> + <id>atlassian-content</id> + <url>https://maven.atlassian.com/content/groups/public/</url> + </repository> + </repositories> </project> diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CrowdBrokerImpl.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CrowdBrokerImpl.java new file mode 100644 index 0000000..a1a433b --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/CrowdBrokerImpl.java @@ -0,0 +1,11 @@ +package org.ovirt.engine.core.bll; + +import org.ovirt.engine.core.bll.adbroker.LdapBrokerBase; + +public class CrowdBrokerImpl extends LdapBrokerBase { + @Override + protected String getBrokerType() { + return "Crowd"; + } +} + diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdAuthenticateUserCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdAuthenticateUserCommand.java new file mode 100644 index 0000000..f0275ed --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdAuthenticateUserCommand.java @@ -0,0 +1,47 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.common.businessentities.AdUser; + + +public class CrowdAuthenticateUserCommand extends CrowdBrokerCommandBase { + public CrowdAuthenticateUserCommand(LdapUserPasswordBaseParameters parameters) { + super(parameters); + } + + public String getUPNForUser(String userName, String domain) { + String UPN = userName; + if (!userName.contains("@")) { + UPN = userName + '@' + domain; + } + return UPN; + } + + public String getUserNameForUPN(String UPN) { + String userName = UPN; + if (userName.contains("@")) { + userName = userName.split("@")[0]; + } + return userName; + } + + @Override + protected void ExecuteQuery() { + String userName = getParameters().getLoginName(); + String password = getParameters().getPassword(); + String domain = BrokerUtils.getLoginDomain(userName, getDomain()); + String userUPN = getUPNForUser(userName, domain); + userName = getUserNameForUPN(userUPN); + UserAuthenticationResult result = CrowdBrokerUtils.authenticate(userName, password, domain); + + setSucceeded(result.isSuccessful()); + + if (result.isSuccessful()) { + AdUser user = CrowdBrokerUtils.getUserByUPN(userUPN); + UserAuthenticationResult authResult = new UserAuthenticationResult(user); + setReturnValue(authResult); + } else { + setReturnValue(result); + } + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerCommandBase.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerCommandBase.java new file mode 100644 index 0000000..274b3ea --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerCommandBase.java @@ -0,0 +1,32 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.utils.log.Log; +import org.ovirt.engine.core.utils.log.LogFactory; + +public abstract class CrowdBrokerCommandBase extends BrokerCommandBase { + private static Log log = LogFactory.getLog(CrowdBrokerCommandBase.class); + + public CrowdBrokerCommandBase(LdapBrokerBaseParameters parameters) { + super(parameters); + } + @Override + protected String getPROTOCOL() { + return "Crowd"; + } + + @Override + public LdapReturnValueBase execute() { + try { + ExecuteQuery(); + } catch (RuntimeException e) { + log.errorFormat("Error in executing Crowd broker command. Exception is {0} ", e.getMessage()); + _ldapReturnValue.setSucceeded(false); + _ldapReturnValue.setReturnValue(null); + } + return _ldapReturnValue; + } + + protected abstract void ExecuteQuery(); + +} + diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerUtils.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerUtils.java new file mode 100644 index 0000000..59a736e --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdBrokerUtils.java @@ -0,0 +1,324 @@ +package org.ovirt.engine.core.bll.adbroker; + +import java.io.File; +import java.io.FileReader; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Properties; + +import org.ovirt.engine.core.common.businessentities.AdUser; +import org.ovirt.engine.core.common.businessentities.ad_groups; +import org.ovirt.engine.core.compat.Guid; +import org.ovirt.engine.core.dal.VdcBllMessages; +import org.ovirt.engine.core.utils.log.Log; +import org.ovirt.engine.core.utils.log.LogFactory; + +import com.atlassian.crowd.exception.ApplicationPermissionException; +import com.atlassian.crowd.exception.ExpiredCredentialException; +import com.atlassian.crowd.exception.InactiveAccountException; +import com.atlassian.crowd.exception.InvalidAuthenticationException; +import com.atlassian.crowd.exception.OperationFailedException; +import com.atlassian.crowd.exception.UserNotFoundException; +import com.atlassian.crowd.integration.rest.service.factory.RestCrowdClientFactory; +import com.atlassian.crowd.model.group.Group; +import com.atlassian.crowd.model.group.GroupWithAttributes; +import com.atlassian.crowd.model.user.User; +import com.atlassian.crowd.model.user.UserWithAttributes; +import com.atlassian.crowd.search.builder.Restriction; +import com.atlassian.crowd.search.query.entity.restriction.NullRestriction; +import com.atlassian.crowd.search.query.entity.restriction.PropertyRestriction; +import com.atlassian.crowd.search.query.entity.restriction.PropertyUtils; +import com.atlassian.crowd.service.client.ClientPropertiesImpl; +import com.atlassian.crowd.service.client.CrowdClient; +import com.google.common.collect.ImmutableMap; + +public class CrowdBrokerUtils { + + /* have we previously init'ed Crowd? */ + private static boolean crowdok = false; + + private static Log log = LogFactory.getLog(CrowdBrokerUtils.class); + /* The Couwd Client */ + static CrowdClient m_CrowdClient; + + /* Initialize the Crowd Libraries. + * This will attempt to load the crowd.properties file and then + * authenticate with the Crowd Server as a Application. If all is good + * then we set crowdok as true and are ready to start authenticating users + * + */ + public static boolean initCrowd() { + /* if we have already init'd Crowd, then don't do it again */ + if (crowdok == false) { + Properties m_CrowdConfig = new Properties(); + File f = new File("/etc/ovirt-engine/", "crowd.properties"); + try { + m_CrowdConfig.load(new FileReader(f)); + } catch (Exception e) { + log.warnFormat("Failed to load Crowd Configuration from file {0}{1}: {2}", + "/tmp/", + "crowd.properties", + e.getMessage()); + return false; + } + ClientPropertiesImpl crowdClientProperties = ClientPropertiesImpl.newInstanceFromProperties(m_CrowdConfig); + + /* now try to create the Crowd Client, which automatically connects + * to the Crowd Server + */ + m_CrowdClient = new RestCrowdClientFactory().newInstance(crowdClientProperties); + try { + m_CrowdClient.testConnection(); + } catch (Exception e) { + log.errorFormat("Failed to Connect to Crowd Server: {0}", e.getMessage()); + return false; + } + crowdok = true; + } + return true; + } + + /* helper function to translate between Crowd UserWithAttributes Model and AdUser */ + private static AdUser convertCrowdtoAdUser(UserWithAttributes user) { + AdUser retVal = new AdUser(); + retVal.setName(user.getDisplayName()); + retVal.setUserName(user.getName()); + retVal.setEmail(user.getEmailAddress()); + /* All Crowd Based Users live in the "Crowd" domain */ + retVal.setDomainControler("Crowd"); + /* Crowd doesn't have a something like a Guid, so the following code + * checks if we have stored a previous Guid, and if not, create a new one + * and update a Crowd User Attribute called oVirtGuid with it so + * next time we retrive this user, the Guid is stable + */ + if(user.getValue("oVirtGuid") != null) { + /* previous Guid was found... */ + retVal.setUserId(Guid.createGuidFromString(user.getValue("oVirtGuid"))); + } else { + /* create a new Guid for this user and store it back to Crowd */ + Guid ovguid = Guid.NewGuid(); + try { + m_CrowdClient.storeUserAttributes(retVal.getName(), ImmutableMap.of("oVirtGuid", Collections.singleton(ovguid.toString()))); + } catch (Exception e) { + log.errorFormat("Couldn't Store oVirtGuid for user {0} back to crowd: {1}", retVal.getName(),e.getMessage()); + return null; + } + retVal.setUserId(ovguid); + } + return retVal; + } + + /* helper function to convert between a Crowd User and AdUser + * calls the above function to get the Crowd Attributes and do the actual + * conversion + */ + private static AdUser convertCrowdtoAdUser(User user) { + UserWithAttributes uwa; + try { + uwa = m_CrowdClient.getUserWithAttributes(user.getName()); + } catch (Exception e) { + log.errorFormat("Cant Find User {0}: {1}", user.getName(), e.getMessage()); + return new AdUser(); + } + AdUser retVal = convertCrowdtoAdUser(uwa); + return retVal; + } + + /* helper function to convert between a Croud Group Model and ad_groups + * Calls the below function to get the Crowd Attributes and do the actual + * conversion + */ + private static ad_groups convertCrowdtoAdGroup(Group group) { + GroupWithAttributes gwa = null; + try { + gwa = m_CrowdClient.getGroupWithAttributes(group.getName()); + } catch (Exception e) { + log.errorFormat("Can't Find GroupWithAttributes {0}: {1}", group.getName(), e.getMessage()); + return null; + } + ad_groups ovirtgroup = convertCrowdtoAdGroup(gwa); + return ovirtgroup; + } + + /* helper function to convert between a crowd GroupWithAttributes Model and ad_groups + * + */ + private static ad_groups convertCrowdtoAdGroup(GroupWithAttributes gwa) { + ad_groups ovirtgroup = new ad_groups(); + ovirtgroup.setname(gwa.getName()); + ovirtgroup.setDistinguishedName(gwa.getName()); + ovirtgroup.setdomain("Crowd"); + /* Crowd doesn't have a Guid equivalent, so we create one and store + * it against the group entry in Crowd. + */ + if(gwa.getValue("oVirtGuid") != null) { + ovirtgroup.setid(Guid.createGuidFromString(gwa.getValue("oVirtGuid"))); + } else { + /* create a new Guid for this user and store it back to Crowd */ + Guid ovguid = Guid.NewGuid(); + try { + m_CrowdClient.storeGroupAttributes(gwa.getName(), ImmutableMap.of("oVirtGuid", Collections.singleton(ovguid.toString()))); + } catch (Exception e) { + log.errorFormat("Couldn't Store oVirtGuid for user {0} back to crowd: {1}", gwa.getName(),e.getMessage()); + return null; + } + ovirtgroup.setid(ovguid); + } + return ovirtgroup; + } + + /* Search for a user by the Guid in Crowd */ + public static AdUser getUserByUserGuid(Guid userGuid) { + AdUser retVal = null; + List<User> cusers = new ArrayList<User>(); + initCrowd(); + try { + /* search Crowd by Properties (as the oVirtGuid is stored as a Property on the user + * in Crowd + */ + PropertyRestriction<String> searchguid = Restriction.on(PropertyUtils.ofTypeString("oVirtGuid")).containing(userGuid.toString()); + cusers = m_CrowdClient.searchUsers(searchguid, 0, 200); + } catch (Exception e) { + log.errorFormat("Crowd Search Failed: {0}", e.getMessage()); + return null; + } + log.debugFormat("getUserGuid: {0}", cusers.toString()); + /* we only process the first result.... Hopefully Crowd doesn't + * have multiple users with the same Guid... + */ + retVal = convertCrowdtoAdUser(cusers.get(0)); + return retVal; + } + + /* Search Crowd by userName.. + * Strip the Domain out, and just use the userName portion only. + */ + public static AdUser getUserByUPN(String userName) { + AdUser retVal = null; + UserWithAttributes user; + initCrowd(); + if (userName.matches(".+@.+")) { + String[] loginNameParts = userName.split("@"); + userName = loginNameParts[0]; + } + try { + user = m_CrowdClient.getUserWithAttributes(userName); + } catch (Exception e) { + log.errorFormat("Cant Find User {0}: {1}", userName, e.getMessage()); + return retVal; + } + log.debugFormat("GetUserUPN {0}", user.toString()); + retVal = convertCrowdtoAdUser(user); + return retVal; + } + + /* Search for Group by guid in Crowd. + * + */ + public static ad_groups getGroupByGroupGuid(Guid groupGuid) { + initCrowd(); + ad_groups retVal = null; + List<Group> cusers = new ArrayList<Group>(); + initCrowd(); + try { + /* search Crowd by Properties (as the oVirtGuid is stored as a Property on the Group + * in Crowd + */ + PropertyRestriction<String> searchguid = Restriction.on(PropertyUtils.ofTypeString("oVirtGuid")).containing(groupGuid.toString()); + cusers = m_CrowdClient.searchGroups(searchguid, 0, 200); + } catch (Exception e) { + log.errorFormat("Crowd Search Failed: {0}", e.getMessage()); + } + log.debugFormat("GroupGUID: {0}", cusers.toString()); + /* we only process the first result.... Hopefully Crowd doesn't + * have multiple users with the same Guid... + */ + retVal = convertCrowdtoAdGroup(cusers.get(0)); + return retVal; + } + + /* get a list of all Groups on the Crowd Server + * Unfortunately Crowd doesn't filter the groups by what the Administrator + * has assigned to the application in the crowd console... this means that members + * of groups not assigned in the crowd console will not ever be + * returned via the various get*User commands... + * it appears from what I can tell, Any Group associated with a directory that + * is assigned to the application in Crowd is returned. + */ + public static List<ad_groups> getAllGroups() { + List<ad_groups> groups = new ArrayList<ad_groups>(); + List<Group> cgroups = new ArrayList<Group>(); + initCrowd(); + try { + /* Search for all groups. */ + cgroups = m_CrowdClient.searchGroups(new NullRestriction() {}, 0, 200); + } catch (Exception e) { + log.errorFormat("Crowd Search Failed: {0}", e.getMessage()); + return groups; + } + log.debugFormat("Crowd Groups: {1}", cgroups.toString()); + for (Group un : cgroups) { + /* Only process if the group is marked as Active */ + if (un.isActive()) { + ad_groups ovirtgroup = convertCrowdtoAdGroup(un); + groups.add(ovirtgroup); + } + } + return groups; + } + + /* get a list of all users that are permitted to access this application via + * the crowd console. + */ + public static List<AdUser> getAllUsers() { + List<AdUser> users = new ArrayList<AdUser>(); + List<User> cusers = new ArrayList<User>(); + initCrowd(); + + try { + /* search for all users */ + cusers = m_CrowdClient.searchUsers(new NullRestriction() {}, 0, 200); + } catch (Exception e) { + log.errorFormat("Crowd Search Failed: {0}", e.getMessage()); + } + for (User un : cusers) { + if (un.isActive()) { + AdUser ovirtuser = convertCrowdtoAdUser(un); + users.add(ovirtuser); + } + } + return users; + } + + /* Do the actual authentication of the user by + * asking the crowd client to perform the authentication on our + * behalf. + */ + public static UserAuthenticationResult authenticate(String userName, String password, String domain) { + User u; + initCrowd(); + try { + u = m_CrowdClient.authenticateUser(userName, password); + } catch (UserNotFoundException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD); + } catch (InactiveAccountException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED); + } catch (ExpiredCredentialException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED); + } catch (ApplicationPermissionException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR); + } catch (InvalidAuthenticationException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR); + } catch (OperationFailedException e) { + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_CONNECTION_ERROR); + } + /* if u is still NULL, then its a password failure */ + if (u == null) { + log.warnFormat("Crowd User {0} failed to Login. Invalid Password", userName); + return new UserAuthenticationResult(VdcBllMessages.USER_FAILED_TO_AUTHENTICATE_WRONG_USERNAME_OR_PASSWORD); + } + log.debugFormat("Crowd User {0} Logged in",u.getDisplayName()); + return new UserAuthenticationResult(); + } +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdGroupByGroupIdCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdGroupByGroupIdCommand.java new file mode 100644 index 0000000..326dd5e --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdGroupByGroupIdCommand.java @@ -0,0 +1,26 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.common.businessentities.ad_groups; +import org.ovirt.engine.core.compat.Guid; + +public class CrowdGetAdGroupByGroupIdCommand extends InternalBrokerCommandBase { + private Guid getGroupId() { + return ((LdapSearchByIdParameters) getParameters()).getId(); + } + + public CrowdGetAdGroupByGroupIdCommand(LdapSearchByIdParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + ad_groups group = CrowdBrokerUtils.getGroupByGroupGuid(getGroupId()); + setReturnValue(group); + if (group != null) { + setSucceeded(true); + } else { + setSucceeded(false); + } + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdCommand.java new file mode 100644 index 0000000..2674e96 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdCommand.java @@ -0,0 +1,28 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.common.businessentities.AdUser; +import org.ovirt.engine.core.compat.Guid; + +public class CrowdGetAdUserByUserIdCommand extends InternalBrokerCommandBase { + private Guid getUserId() { + return ((LdapSearchByIdParameters) getParameters()).getId(); + } + + public CrowdGetAdUserByUserIdCommand(LdapSearchByIdParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + AdUser user = CrowdBrokerUtils.getUserByUserGuid(getUserId()); + + if (user != null) { + setSucceeded(true); + setReturnValue(user); + } else { + setSucceeded(false); + } + + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdListCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdListCommand.java new file mode 100644 index 0000000..d2d9833 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserIdListCommand.java @@ -0,0 +1,33 @@ +package org.ovirt.engine.core.bll.adbroker; + +import java.util.ArrayList; +import java.util.List; + +import org.ovirt.engine.core.common.businessentities.AdUser; +import org.ovirt.engine.core.compat.Guid; + + + +public class CrowdGetAdUserByUserIdListCommand extends InternalBrokerCommandBase { + private java.util.ArrayList<Guid> getUserIds() { + return ((LdapSearchByIdListParameters) getParameters()).getUserIds(); + } + + public CrowdGetAdUserByUserIdListCommand(LdapSearchByIdListParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + List<AdUser> results = new ArrayList<AdUser>(); + for (Guid guid : getUserIds()) { + AdUser user = CrowdBrokerUtils.getUserByUserGuid(guid); + if (user != null) { + results.add(user); + } + } + setReturnValue(results); + setSucceeded(true); + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserNameCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserNameCommand.java new file mode 100644 index 0000000..81b243e --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdGetAdUserByUserNameCommand.java @@ -0,0 +1,27 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.common.businessentities.AdUser; + +public class CrowdGetAdUserByUserNameCommand extends InternalBrokerCommandBase { + private String getUserName() { + return ((LdapSearchByUserNameParameters) getParameters()).getUserName(); + } + + public CrowdGetAdUserByUserNameCommand(LdapSearchByUserNameParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + AdUser user = CrowdBrokerUtils.getUserByUPN(getUserName()); + + if (user != null) { + setSucceeded(true); + setReturnValue(user); + } else { + setSucceeded(false); + } + + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchGroupsByQueryCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchGroupsByQueryCommand.java new file mode 100644 index 0000000..3d9acfd --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchGroupsByQueryCommand.java @@ -0,0 +1,18 @@ +package org.ovirt.engine.core.bll.adbroker; + +import org.ovirt.engine.core.common.businessentities.ad_groups; + +public class CrowdSearchGroupsByQueryCommand extends InternalBrokerCommandBase { + + public CrowdSearchGroupsByQueryCommand(LdapSearchByQueryParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + java.util.List<ad_groups> groupList = CrowdBrokerUtils.getAllGroups(); + setReturnValue(groupList); + setSucceeded(true); + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchUserByQueryCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchUserByQueryCommand.java new file mode 100644 index 0000000..8d28676 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/CrowdSearchUserByQueryCommand.java @@ -0,0 +1,20 @@ +package org.ovirt.engine.core.bll.adbroker; + +import java.util.List; + +import org.ovirt.engine.core.common.businessentities.AdUser; + +public class CrowdSearchUserByQueryCommand extends InternalBrokerCommandBase { + + public CrowdSearchUserByQueryCommand(LdapSearchByQueryParameters parameters) { + super(parameters); + } + + @Override + protected void ExecuteQuery() { + List<AdUser> userList = CrowdBrokerUtils.getAllUsers(); + setReturnValue(userList); + setSucceeded(true); + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerUtils.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerUtils.java index f8586b3..16e7696 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerUtils.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapBrokerUtils.java @@ -23,11 +23,11 @@ import org.ovirt.engine.core.common.config.Config; import org.ovirt.engine.core.common.config.ConfigValues; import org.ovirt.engine.core.compat.Guid; -import org.ovirt.engine.core.utils.log.Log; -import org.ovirt.engine.core.utils.log.LogFactory; import org.ovirt.engine.core.dal.dbbroker.DbFacade; import org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector; import org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogableBase; +import org.ovirt.engine.core.utils.log.Log; +import org.ovirt.engine.core.utils.log.LogFactory; /** * Helper class for AD issues @@ -54,6 +54,9 @@ } if (!filterInternalDomain) { results.add(Config.<String> GetValue(ConfigValues.AdminDomain).trim()); + /* Only add the Crowd Domain if it can initilize correctly */ + if (CrowdBrokerUtils.initCrowd()) + results.add("Crowd"); } return results; } diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapFactory.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapFactory.java index 88a3027..e547dce 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapFactory.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/adbroker/LdapFactory.java @@ -1,5 +1,6 @@ package org.ovirt.engine.core.bll.adbroker; +import org.ovirt.engine.core.bll.CrowdBrokerImpl; import org.ovirt.engine.core.bll.InternalBrokerImpl; import org.ovirt.engine.core.common.config.Config; import org.ovirt.engine.core.common.config.ConfigValues; @@ -8,16 +9,20 @@ private static LdapBroker internalInstance; private static LdapBroker ldapInstance; + private static LdapBroker crowdInstance; private static String internalDomain = Config.<String> GetValue(ConfigValues.AdminDomain).trim(); static { internalInstance = new InternalBrokerImpl(); + crowdInstance = new CrowdBrokerImpl(); ldapInstance = new LdapBrokerImpl(); } public static LdapBroker getInstance(String domain) { if (domain.equalsIgnoreCase(internalDomain)) { return internalInstance; + } else if (domain.equalsIgnoreCase("Crowd")) { + return crowdInstance; } else { return ldapInstance; } -- To view, visit http://gerrit.ovirt.org/9324 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ide867f16d092eb329c0ce2fccf4ebd02f3aae0df Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Justin Hammond <jus...@dynam.ac> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
