TSK-1820: introduced switch for LDAP group member filter types
This commit is contained in:
holgerhagen
holgerhagen
parent
5c70c1a7bb
commit
6a41254009
|
|
@ -252,8 +252,10 @@ public class LdapClient {
|
||||||
final AndFilter andFilter = new AndFilter();
|
final AndFilter andFilter = new AndFilter();
|
||||||
andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
|
andFilter.and(new EqualsFilter(getGroupSearchFilterName(), getGroupSearchFilterValue()));
|
||||||
final OrFilter orFilter = new OrFilter();
|
final OrFilter orFilter = new OrFilter();
|
||||||
orFilter.or(new EqualsFilter(getGroupsOfUser(), accessId));
|
if (!"DN".equalsIgnoreCase(getGroupsOfUserType())) {
|
||||||
orFilter.or(new EqualsFilter(getGroupsOfUser(), dn));
|
orFilter.or(new EqualsFilter(getGroupsOfUserName(), accessId));
|
||||||
|
}
|
||||||
|
orFilter.or(new EqualsFilter(getGroupsOfUserName(), dn));
|
||||||
andFilter.and(orFilter);
|
andFilter.and(orFilter);
|
||||||
|
|
||||||
String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};
|
String[] userAttributesToReturn = {getUserIdAttribute(), getGroupNameAttribute()};
|
||||||
|
|
@ -302,11 +304,7 @@ public class LdapClient {
|
||||||
andFilter.encode(),
|
andFilter.encode(),
|
||||||
SearchControls.SUBTREE_SCOPE,
|
SearchControls.SUBTREE_SCOPE,
|
||||||
null,
|
null,
|
||||||
new AbstractContextMapper<String>() {
|
new DnStringContextMapper());
|
||||||
public String doMapFromContext(DirContextOperations ctx) {
|
|
||||||
return getDnFromContext(ctx);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
if (distinguishedNames == null || distinguishedNames.isEmpty()) {
|
if (distinguishedNames == null || distinguishedNames.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
|
|
@ -456,8 +454,16 @@ public class LdapClient {
|
||||||
return maxNumberOfReturnedAccessIds;
|
return maxNumberOfReturnedAccessIds;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getGroupsOfUser() {
|
public String getGroupsOfUserName() {
|
||||||
return LdapSettings.TASKANA_LDAP_GROUPS_OF_USER.getValueFromEnv(env);
|
String groupsOfUser = LdapSettings.TASKANA_LDAP_GROUPS_OF_USER_NAME.getValueFromEnv(env);
|
||||||
|
if (groupsOfUser == null || groupsOfUser.isEmpty()) {
|
||||||
|
groupsOfUser = LdapSettings.TASKANA_LDAP_GROUPS_OF_USER.getValueFromEnv(env);
|
||||||
|
}
|
||||||
|
return groupsOfUser;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGroupsOfUserType() {
|
||||||
|
return LdapSettings.TASKANA_LDAP_GROUPS_OF_USER_TYPE.getValueFromEnv(env);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isUser(String accessId) {
|
public boolean isUser(String accessId) {
|
||||||
|
|
@ -565,6 +571,9 @@ public class LdapClient {
|
||||||
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_2_ATTRIBUTE))
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_2_ATTRIBUTE))
|
||||||
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_3_ATTRIBUTE))
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_3_ATTRIBUTE))
|
||||||
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_4_ATTRIBUTE))
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_USER_ORG_LEVEL_4_ATTRIBUTE))
|
||||||
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_GROUPS_OF_USER))
|
||||||
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_GROUPS_OF_USER_NAME))
|
||||||
|
.filter(p -> !p.equals(LdapSettings.TASKANA_LDAP_GROUPS_OF_USER_TYPE))
|
||||||
.filter(p -> p.getValueFromEnv(env) == null)
|
.filter(p -> p.getValueFromEnv(env) == null)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
}
|
}
|
||||||
|
|
@ -667,4 +676,11 @@ public class LdapClient {
|
||||||
return accessId;
|
return accessId;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class DnStringContextMapper extends AbstractContextMapper<String> {
|
||||||
|
@Override
|
||||||
|
public String doMapFromContext(DirContextOperations ctx) {
|
||||||
|
return getDnFromContext(ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,9 @@ enum LdapSettings {
|
||||||
TASKANA_LDAP_GROUP_NAME_ATTRIBUTE("taskana.ldap.groupNameAttribute"),
|
TASKANA_LDAP_GROUP_NAME_ATTRIBUTE("taskana.ldap.groupNameAttribute"),
|
||||||
TASKANA_LDAP_MIN_SEARCH_FOR_LENGTH("taskana.ldap.minSearchForLength"),
|
TASKANA_LDAP_MIN_SEARCH_FOR_LENGTH("taskana.ldap.minSearchForLength"),
|
||||||
TASKANA_LDAP_MAX_NUMBER_OF_RETURNED_ACCESS_IDS("taskana.ldap.maxNumberOfReturnedAccessIds"),
|
TASKANA_LDAP_MAX_NUMBER_OF_RETURNED_ACCESS_IDS("taskana.ldap.maxNumberOfReturnedAccessIds"),
|
||||||
TASKANA_LDAP_GROUPS_OF_USER("taskana.ldap.groupsOfUser");
|
TASKANA_LDAP_GROUPS_OF_USER("taskana.ldap.groupsOfUser"),
|
||||||
|
TASKANA_LDAP_GROUPS_OF_USER_NAME("taskana.ldap.groupsOfUser.name"),
|
||||||
|
TASKANA_LDAP_GROUPS_OF_USER_TYPE("taskana.ldap.groupsOfUser.type");
|
||||||
|
|
||||||
private final String key;
|
private final String key;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import static org.mockito.Mockito.verify;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -23,12 +24,14 @@ import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.extension.ExtendWith;
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
import org.mockito.InjectMocks;
|
import org.mockito.InjectMocks;
|
||||||
import org.mockito.Mock;
|
import org.mockito.Mock;
|
||||||
|
import org.mockito.Spy;
|
||||||
import org.mockito.junit.jupiter.MockitoExtension;
|
import org.mockito.junit.jupiter.MockitoExtension;
|
||||||
import org.springframework.core.env.Environment;
|
import org.springframework.core.env.Environment;
|
||||||
import org.springframework.ldap.core.LdapTemplate;
|
import org.springframework.ldap.core.LdapTemplate;
|
||||||
|
|
||||||
import pro.taskana.TaskanaEngineConfiguration;
|
import pro.taskana.TaskanaEngineConfiguration;
|
||||||
import pro.taskana.common.api.TaskanaRole;
|
import pro.taskana.common.api.TaskanaRole;
|
||||||
|
import pro.taskana.common.api.exceptions.InvalidArgumentException;
|
||||||
import pro.taskana.common.api.exceptions.SystemException;
|
import pro.taskana.common.api.exceptions.SystemException;
|
||||||
import pro.taskana.common.rest.models.AccessIdRepresentationModel;
|
import pro.taskana.common.rest.models.AccessIdRepresentationModel;
|
||||||
|
|
||||||
|
|
@ -41,7 +44,7 @@ class LdapClientTest {
|
||||||
|
|
||||||
@Mock TaskanaEngineConfiguration taskanaEngineConfiguration;
|
@Mock TaskanaEngineConfiguration taskanaEngineConfiguration;
|
||||||
|
|
||||||
@InjectMocks LdapClient cut;
|
@Spy @InjectMocks LdapClient cut;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testLdap_searchGroupByDn() {
|
void testLdap_searchGroupByDn() {
|
||||||
|
|
@ -122,6 +125,37 @@ class LdapClientTest {
|
||||||
.isEqualTo("cn=developersgroup,ou=groups");
|
.isEqualTo("cn=developersgroup,ou=groups");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void shouldNot_CreateOrCriteriaWithDnAndAccessIdString_When_PropertyTypeIsSet()
|
||||||
|
throws InvalidArgumentException {
|
||||||
|
|
||||||
|
setUpEnvMock();
|
||||||
|
lenient().when(this.environment.getProperty("taskana.ldap.groupsOfUser.type")).thenReturn("dn");
|
||||||
|
lenient()
|
||||||
|
.when(
|
||||||
|
ldapTemplate.search(
|
||||||
|
any(String.class),
|
||||||
|
eq("(&(objectclass=person)(uid=user-1-1))"),
|
||||||
|
eq(2),
|
||||||
|
any(),
|
||||||
|
any(LdapClient.DnStringContextMapper.class)))
|
||||||
|
.thenReturn(Collections.singletonList("uid=user-1-1,cn=users,OU=Test,O=TASKANA"));
|
||||||
|
|
||||||
|
cut.init();
|
||||||
|
|
||||||
|
cut.searchGroupsAccessIdIsMemberOf("user-1-1");
|
||||||
|
|
||||||
|
String expectedFilterValue =
|
||||||
|
"(&(objectclass=groupOfUniqueNames)(memberUid=uid=user-1-1,cn=users,OU=Test,O=TASKANA))";
|
||||||
|
verify(ldapTemplate)
|
||||||
|
.search(
|
||||||
|
any(String.class),
|
||||||
|
eq(expectedFilterValue),
|
||||||
|
anyInt(),
|
||||||
|
any(),
|
||||||
|
any(LdapClient.GroupContextMapper.class));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void testLdap_getFirstPageOfaResultList() {
|
void testLdap_getFirstPageOfaResultList() {
|
||||||
setUpEnvMock();
|
setUpEnvMock();
|
||||||
|
|
@ -148,8 +182,9 @@ class LdapClientTest {
|
||||||
void testLdap_checkForMissingConfigurations() {
|
void testLdap_checkForMissingConfigurations() {
|
||||||
// optional config fields: minSearchForLength, maxNumberOfReturnedAccessIds, userPhoneAttribute,
|
// optional config fields: minSearchForLength, maxNumberOfReturnedAccessIds, userPhoneAttribute,
|
||||||
// userMobilePhoneAttribute, userEmailAttribute, userOrglevel1Attribute, userOrglevel2Attribute,
|
// userMobilePhoneAttribute, userEmailAttribute, userOrglevel1Attribute, userOrglevel2Attribute,
|
||||||
// userOrglevel3Attribute, userOrglevel4Attribute
|
// userOrglevel3Attribute, userOrglevel4Attribute, groupsOfUser, groupsOfUserName,
|
||||||
assertThat(cut.checkForMissingConfigurations()).hasSize(LdapSettings.values().length - 9);
|
// groupOfUserType
|
||||||
|
assertThat(cut.checkForMissingConfigurations()).hasSize(LdapSettings.values().length - 12);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ taskana.ldap.groupNameAttribute=cn
|
||||||
taskana.ldap.minSearchForLength=3
|
taskana.ldap.minSearchForLength=3
|
||||||
taskana.ldap.maxNumberOfReturnedAccessIds=50
|
taskana.ldap.maxNumberOfReturnedAccessIds=50
|
||||||
taskana.ldap.groupsOfUser=uniquemember
|
taskana.ldap.groupsOfUser=uniquemember
|
||||||
|
taskana.ldap.groupsOfUser.type=
|
||||||
# Embedded Spring LDAP server
|
# Embedded Spring LDAP server
|
||||||
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
|
spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
|
||||||
spring.ldap.embedded.credential.username= uid=admin
|
spring.ldap.embedded.credential.username= uid=admin
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue