nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-1308: Fixed: return groups from LDAP, accessId is member of.

This commit is contained in:
holgerhagen 2020-06-26 14:19:11 +02:00 committed by Mustapha Zorgati
parent b321c495ba
commit 553c1d9f83
5 changed files with 54 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/AccessIdController.java
View File

@ -63,11 +63,10 @@ public class AccessIdController {
if (!validateAccessId(accessId)) { if (!validateAccessId(accessId)) {
throw new InvalidArgumentException("The accessId is invalid"); throw new InvalidArgumentException("The accessId is invalid");
} }
List<AccessIdRepresentationModel> accessIdUsers; List<AccessIdRepresentationModel> accessIds;
ResponseEntity<List<AccessIdRepresentationModel>> response; ResponseEntity<List<AccessIdRepresentationModel>> response;
accessIdUsers = ldapClient.searchUsersAndGroups(accessId); accessIds = ldapClient.searchGroupsAccessIdIsMemberOf(accessId);
accessIdUsers.addAll(ldapClient.searchGroupsofUsersIsMember(accessId)); response = ResponseEntity.ok(accessIds);
response = ResponseEntity.ok(accessIdUsers);
if (LOGGER.isDebugEnabled()) { if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", response); LOGGER.debug("Exit from getGroupsByAccessId(), returning {}", response);
} }

12
rest/taskana-rest-spring/src/main/java/pro/taskana/common/rest/ldap/LdapClient.java
View File

@ -17,6 +17,7 @@ import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.support.AbstractContextMapper; import org.springframework.ldap.core.support.AbstractContextMapper;
import org.springframework.ldap.filter.AndFilter; import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter; import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.LikeFilter;
import org.springframework.ldap.filter.OrFilter; import org.springframework.ldap.filter.OrFilter;
import org.springframework.ldap.filter.WhitespaceWildcardsFilter; import org.springframework.ldap.filter.WhitespaceWildcardsFilter;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -182,15 +183,15 @@ public class LdapClient {
return accessId; return accessId;
} }
public List<AccessIdRepresentationModel> searchGroupsofUsersIsMember(final String name) public List<AccessIdRepresentationModel> searchGroupsAccessIdIsMemberOf(final String name)
throws InvalidArgumentException { throws InvalidArgumentException {
LOGGER.debug("entry to searchGroupsofUsersIsMember(name = {}).", name); LOGGER.debug("entry to searchGroupsAccessIdIsMemberOf(name = {}).", name);
isInitOrFail(); isInitOrFail();
testMinSearchForLength(name); testMinSearchForLength(name);
final AndFilter andFilter = new AndFilter(); final AndFilter andFilter = new AndFilter();
andFilter.and(new WhitespaceWildcardsFilter(getGroupNameAttribute(), "")); andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
andFilter.and(new EqualsFilter(getGroupsOfUser(), name)); andFilter.and(new LikeFilter(getGroupsOfUser(), "*" + name + "*"));
String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()}; String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};
@ -202,7 +203,8 @@ public class LdapClient {
userAttributesToReturn, userAttributesToReturn,
new GroupContextMapper()); new GroupContextMapper());
LOGGER.debug( LOGGER.debug(
"exit from searchGroupsofUsersIsMember. Retrieved the following users: {}.", accessIds); "exit from searchGroupsAccessIdIsMemberOf. Retrieved the following accessIds: {}.",
accessIds);
return accessIds; return accessIds;
} }

40
rest/taskana-rest-spring/src/test/java/pro/taskana/common/rest/AccessIdControllerIntTest.java
View File

@ -107,6 +107,46 @@ class AccessIdControllerIntTest {
.isEqualTo(HttpStatus.BAD_REQUEST); .isEqualTo(HttpStatus.BAD_REQUEST);
} }
@Test
void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfUserIsGiven() {
ResponseEntity<List<AccessIdRepresentationModel>> response =
template.exchange(
restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS) + "?access-id=teamlead-2",
HttpMethod.GET,
restHelper.defaultRequest(),
ParameterizedTypeReference.forType(AccessIdListResource.class));
List<AccessIdRepresentationModel> body = response.getBody();
assertThat(body).isNotNull();
assertThat(body)
.extracting(AccessIdRepresentationModel::getAccessId)
.usingElementComparator(String.CASE_INSENSITIVE_ORDER)
.containsExactlyInAnyOrder(
"cn=ksc-teamleads,cn=groups,OU=Test,O=TASKANA",
"cn=business-admins,cn=groups,OU=Test,O=TASKANA",
"cn=monitor-users,cn=groups,OU=Test,O=TASKANA",
"cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
}
@Test
void should_returnAccessIdsOfGroupsTheAccessIdIsMemberOf_ifAccessIdOfGroupIsGiven() {
ResponseEntity<List<AccessIdRepresentationModel>> response =
template.exchange(
restHelper.toUrl(Mapping.URL_ACCESSID_GROUPS)
+ "?access-id=cn=Organisationseinheit KSC 1,"
+ "cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA",
HttpMethod.GET,
restHelper.defaultRequest(),
ParameterizedTypeReference.forType(AccessIdListResource.class));
List<AccessIdRepresentationModel> body = response.getBody();
assertThat(body).isNotNull();
assertThat(body)
.extracting(AccessIdRepresentationModel::getAccessId)
.usingElementComparator(String.CASE_INSENSITIVE_ORDER)
.containsExactlyInAnyOrder("cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA");
}
static class AccessIdListResource extends ArrayList<AccessIdRepresentationModel> { static class AccessIdListResource extends ArrayList<AccessIdRepresentationModel> {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
} }

4
rest/taskana-rest-spring/src/test/resources/application.properties
View File

@ -25,13 +25,13 @@ taskana.ldap.userSearchFilterValue=person
taskana.ldap.userFirstnameAttribute=givenName taskana.ldap.userFirstnameAttribute=givenName
taskana.ldap.userLastnameAttribute=sn taskana.ldap.userLastnameAttribute=sn
taskana.ldap.userIdAttribute=uid taskana.ldap.userIdAttribute=uid
taskana.ldap.groupSearchBase=cn=groups taskana.ldap.groupSearchBase=
taskana.ldap.groupSearchFilterName=objectclass taskana.ldap.groupSearchFilterName=objectclass
taskana.ldap.groupSearchFilterValue=groupOfUniqueNames taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
taskana.ldap.groupNameAttribute=cn taskana.ldap.groupNameAttribute=cn
taskana.ldap.minSearchForLength=3 taskana.ldap.minSearchForLength=3
taskana.ldap.maxNumberOfReturnedAccessIds=50 taskana.ldap.maxNumberOfReturnedAccessIds=50
taskana.ldap.groupsOfUser=memberUid taskana.ldap.groupsOfUser=uniquemember
# Embedded Spring LDAP server # Embedded Spring LDAP server
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
spring.ldap.embedded.credential.username= uid=admin spring.ldap.embedded.credential.username= uid=admin

2
rest/taskana-rest-spring/src/test/resources/taskana-test.ldif
View File

@ -230,6 +230,8 @@ objectclass: top
###################### ######################
dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
cn: Organisationseinheit KSC cn: Organisationseinheit KSC
uniquemember: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
uniquemember: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
objectclass: groupofuniquenames objectclass: groupofuniquenames
objectclass: top objectclass: top