modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/CoreGUI.gwt.xml
| 3
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
| 130 ++---
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/SearchGUI.java
| 3
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
| 213 +++++----
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleEditView.java
| 70 ++-
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleLdapGroupSelector.java
| 218 ++++++----
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/selector/AbstractSelector.java
| 3
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/AuthorizationGWTService.java
| 7
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
| 23 -
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
| 26 -
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
| 10
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/ResourceAutodiscoveryView.java
| 3
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/util/rpc/MonitoringRequestCallback.java
| 3
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/AuthorizationGWTServiceImpl.java
| 15
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
| 163 -------
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
| 33 -
modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java
| 58 --
modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
| 44 --
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
| 100 ++++
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
| 1
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
| 43 -
21 files changed, 533 insertions(+), 636 deletions(-)
New commits:
commit f30c1641e3821253a6597f7af3721576a345c05d
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Sun Oct 24 15:34:39 2010 -0400
i)fixes to UserSessionManager and SubjectManagerBean for login process. ii)fixes to
LoginView for refresh/F5 registration problems iii)start on returning LdapGroup objects
where possible.
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/CoreGUI.gwt.xml
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/CoreGUI.gwt.xml
index a5f67c1..98ce5ec 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/CoreGUI.gwt.xml
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/CoreGUI.gwt.xml
@@ -24,7 +24,8 @@
<!-- ============================ gwt-log ============================= -->
<!-- For development, a default of 'DEBUG' is recommended. -->
- <inherits name="com.allen_sauer.gwt.log.gwt-log-DEBUG" />
+ <!-- <inherits name="com.allen_sauer.gwt.log.gwt-log-DEBUG"
/>-->
+ <inherits name="com.allen_sauer.gwt.log.gwt-log-TRACE" />
<!-- For production, most teams prefer to set the default log level to
'OFF'. -->
<!--<inherits name="com.allen_sauer.gwt.log.gwt-log-OFF" />-->
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
index c59ce69..813e9fc 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
@@ -100,7 +100,7 @@ public class LoginView extends Canvas {
private static final String PHONE = "phone";
private static final String DEPARTMENT = "department";
private static final String SESSIONID = "ldap.sessionid";
- private static final String PASSWORD = "ldap.password";
+ static final String PASSWORD = "ldap.password";
public void showLoginDialog(String message) {
showLoginDialog();
@@ -190,15 +190,16 @@ public class LoginView extends Canvas {
*/
public void showRegistrationDialog(String user, final String sessionId, final String
password,
final AsyncCallback<Subject> callback) {
-
if (!loginShowing) {
- if ((user != null) && (!user.trim().isEmpty())) {
+ //store registration values as cookies for F5 refresh
+ if ((user != null) && (!user.trim().isEmpty()) &&
(Cookies.getCookie(USERNAME) == null)) {
Cookies.setCookie(USERNAME, user);
+ }
+ if ((password != null) && (!password.trim().isEmpty()) &&
(Cookies.getCookie(PASSWORD) == null)) {
Cookies.setCookie(PASSWORD, password);
}
- loginShowing = true;
- // forms = new ArrayList<DynamicForm>();
+ loginShowing = true;
form = new DynamicForm();
form.setMargin(25);
@@ -231,7 +232,6 @@ public class LoginView extends Canvas {
username.setDisabled(true);
username.setWidth(fieldWidth);
- //column.addMember(wrapInDynamicForm(6, first, last, username));
}
email = new TextItem(EMAIL, "Email");
email.setRequired(true);
@@ -383,6 +383,7 @@ public class LoginView extends Canvas {
private void resetLogin() {
window.destroy();
loginShowing = false;
+ UserSessionManager.setSessionState(UserSessionManager.State.IS_LOGGED_OUT);
new LoginView().showLoginDialog();
}
@@ -392,7 +393,9 @@ public class LoginView extends Canvas {
* @param callback
*/
protected void registerLdapUser(DynamicForm populatedForm, final
AsyncCallback<Subject> callback) {
+
final Subject newSubject = new Subject();
+ newSubject.setId(0);//enforce registration element for LDAP processing
//insert some required data checking
boolean proceed = true;
@@ -438,14 +441,14 @@ public class LoginView extends Canvas {
newSubject.setFsystem(false);
if (proceed) {
- GWTServiceLookup.getLdapService().processSubjectForLdap(newSubject, password,
true,
+ Log.trace("New LDAP user registration details valid for user'"
+ newSubject.getName() + "'.");
+ //proceed with LDAP processing request.
+ GWTServiceLookup.getSubjectService().processSubjectForLdap(newSubject,
password,
new AsyncCallback<Subject>() {
public void onFailure(Throwable caught) {
- Log.debug("Failed to register LDAP subject:" +
caught.getMessage());
- //TODO: how/what to display in LoginView when unexpected
communication with server occurs?
- // LoginView
- //
.displayFormError("UserSessionManager: Unable to check subject for LDAP authorization
"
- // + "- check
Server status.");
+ Log.debug("Failed to register LDAP subject '" +
newSubject.getName() + "' "
+ + caught.getMessage());
+ //TODO: pass in warning message to Login Dialog.
new LoginView().showLoginDialog();
}
@@ -455,6 +458,8 @@ public class LoginView extends Canvas {
CoreGUI.getMessageCenter().notify(
new Message("Succesfully registered the new ldap
Subject.", Message.Severity.Info));
Log.trace("Succesfully registered the new ldap
Subject.");
+ //clean out password from cookie. No further need.
+ Cookies.removeCookie(PASSWORD);
window.destroy();
loginShowing = false;
callback.onSuccess(checked);
@@ -462,8 +467,11 @@ public class LoginView extends Canvas {
});
} else {//log them out then reload LoginView
- Log.warn("Failed to locate username required to create LDAP
subject.");
+ Log.warn("Failed to locate required components to create LDAP
subject.");
UserSessionManager.logout();
+ window.destroy();
+ loginShowing = false;
+ //TODO: pass informative message to login.
new LoginView().showLoginDialog();
}
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/SearchGUI.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/SearchGUI.java
index 0932e6f..d716136 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/SearchGUI.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/SearchGUI.java
@@ -19,6 +19,7 @@
package org.rhq.enterprise.gui.coregui.client;
import com.google.gwt.core.client.EntryPoint;
+import com.google.gwt.user.client.Cookies;
import com.google.gwt.user.client.rpc.AsyncCallback;
import com.smartgwt.client.util.SC;
@@ -46,7 +47,7 @@ public class SearchGUI implements EntryPoint {
return;
}
- UserSessionManager.checkLoginStatus(null, null, new
AsyncCallback<Subject>() {
+ UserSessionManager.checkLoginStatus(Cookies.getCookie("username"),
null, new AsyncCallback<Subject>() {
@Override
public void onFailure(Throwable caught) {
SC.say("Unable to determine login status, check server
status");
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
index d505fd1..1b47e02 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
@@ -33,6 +33,8 @@ import com.google.gwt.user.client.Timer;
import com.google.gwt.user.client.rpc.AsyncCallback;
import org.rhq.core.domain.auth.Subject;
+import org.rhq.core.domain.criteria.SubjectCriteria;
+import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup;
import org.rhq.enterprise.gui.coregui.client.util.BrowserUtility;
import org.rhq.enterprise.gui.coregui.client.util.preferences.UserPreferences;
@@ -60,7 +62,7 @@ public class UserSessionManager {
private static Subject sessionSubject;
private static UserPreferences userPreferences;
- private enum State {
+ enum State {
IS_LOGGED_IN, //
IS_REGISTERING, //
IS_LOGGED_OUT;
@@ -135,48 +137,128 @@ public class UserSessionManager {
Log.info("sessionAccess-reschedulingSessionTimeout:
" + expiryMillis);
sessionTimer.schedule((int) expiryMillis);
}
+ if (Cookies.getCookie("username") == null) {
+ Cookies.setCookie("username", user);
+ }
// set the session subject, so the fetch to load the
configuration works
- Subject subject = new Subject();
+ final Subject subject = new Subject();
subject.setId(subjectId);
subject.setSessionId(Integer.valueOf(sessionId));
sessionSubject = subject;
- subject.setName(user);
- // figure out if ldap auth is used and whether case insenitive
ldap auth requests should be handled.
- GWTServiceLookup.getLdapService().processSubjectForLdap(subject,
password, false,
- new AsyncCallback<Subject>() {
- public void onFailure(Throwable caught) {
- Log.debug("Failed to load user's
subject:" + caught.getMessage());
- //TODO: how/what to display in LoginView when
unexpected communication with server occurs?
- // LoginView
- //
.displayFormError("UserSessionManager: Unable to check subject for LDAP authorization
"
- // +
"- check Server status.");
- new LoginView().showLoginDialog();
- }
-
- public void onSuccess(Subject checked) {
- Log.trace("Successfully checked subject
'" + checked + "' for LDAP processing.");
- if (checked.getId() > 0) {//subject is already
registered.
- sessionState = State.IS_LOGGED_IN;
+ //populate the username for the subject for isUserWithPrincipal
check
+ subject.setName(Cookies.getCookie("username"));
+
+ if (subject.getId() == 0) {//either i)ldap new user registration
ii)ldap case sensitive match
+ //BZ-586435: insert case insensitivity for usernames with
ldap auth
+ // locate first matching subject and attach.
+ SubjectCriteria subjectCriteria = new SubjectCriteria();
+ subjectCriteria.setCaseSensitive(false);
+ subjectCriteria.setStrict(true);
+ subjectCriteria.fetchRoles(false);
+ subjectCriteria.fetchConfiguration(false);
+ subjectCriteria.addFilterName(subject.getName());
+
+ //check for case insensitive matches.
+
GWTServiceLookup.getSubjectService().findSubjectsByCriteria(subjectCriteria,
+ new AsyncCallback<PageList<Subject>>() {
+
+ public void onFailure(Throwable caught) {//none
found, launch registration
+ //TODO: log to Login.error
+ Log
+ .warn("There was a problem querying
subjects by criteria during loginStatus check."
+ + caught.getMessage());
+ }
+
+ //pipe through method to handle case insensitive
+ public void onSuccess(PageList<Subject> result)
{
+ if (result.size() == 0) {//none found, launch
registration
+ Log.trace("Proceeding with registration
for ldap user '" + user + "'.");
+ sessionState = State.IS_REGISTERING;
+ //no need to store username away in cookie
for F5 refresh as registration ui handles.
+ new
LoginView().showRegistrationDialog(subject.getName(), sessionId,
+ password, callback);
+ } else {//launch case sensitive code handling
+ Log
+ .trace("Checking login and
determined that ldap case insensitive login '"
+ + subject.getName() + "'
should be used instead of '" + user + "'");
+ //use the original username to pass session
check.
+ subject.setName(user);
+
GWTServiceLookup.getSubjectService().processSubjectForLdap(subject,
+ password, new
AsyncCallback<Subject>() {
+ public void onFailure(Throwable
caught) {
+ Log.debug("Failed to
complete ldap processing for subject:"
+ + caught.getMessage());
+ //TODO: pass message to login
dialog.
+ new
LoginView().showLoginDialog();
+ }
+
+ public void onSuccess(Subject
checked) {
+ Log.trace("Proceeding with
registration for ldap user '" + user
+ + "'.");
+ sessionState =
State.IS_LOGGED_IN;
+ callback.onSuccess(checked);
+ }
+ });//end processSubjectForLdap
+ }
+ }
+ });//end findSubjectsByCriteria
+
+ } else {//else send through regular session check
+
+ SubjectCriteria criteria = new SubjectCriteria();
+ criteria.fetchConfiguration(true);
+ criteria.addFilterId(subjectId);
+
+
GWTServiceLookup.getSubjectService().findSubjectsByCriteria(criteria,
+ new AsyncCallback<PageList<Subject>>() {
+ public void onFailure(Throwable caught) {
+ CoreGUI.getErrorHandler().handleError(
+ "UserSessionManager: Failed to load
user's subject", caught);
+ Log.info("Failed to load user's
subject");
+ //TODO: pass message to login ui.
+ new LoginView().showLoginDialog();
+ }
+
+ public void onSuccess(PageList<Subject> result)
{
+ final Subject validSessionSubject =
result.get(0);
+ //include session for subject session processing
with LDAP
+
validSessionSubject.setSessionId(Integer.valueOf(sessionId));
+ Log.trace("Completed session check for
subject '" + result + "'.");
+
+ //initiate ldap check for ldap authz update(wrt
roles) of subject with silent update
+
GWTServiceLookup.getSubjectService().processSubjectForLdap(validSessionSubject,
+ "", new
AsyncCallback<Subject>() {
+ public void onFailure(Throwable caught)
{
+ Log.warn("Errors occurred
processing subject for LDAP."
+ + caught.getMessage());
+ //TODO: pass informative message to
Login UI.
+ }
+
+ public void onSuccess(Subject result) {
+ Log.trace("Succesfully updated
authorization for ldap subject '"
+ + validSessionSubject.getName() +
"'");
+ }
+ });
+
+ //update the returned subject with current
session id
+
validSessionSubject.setSessionId(Integer.valueOf(sessionId));
+
// reset the session subject to the latest, for
wrapping in user preferences
- sessionSubject = checked;
- //insert ldap check logic
+ sessionSubject = validSessionSubject;
userPreferences = new
UserPreferences(sessionSubject);
refresh();
-
- callback.onSuccess(checked);
-
- Log.trace("Subject registration
required:" + needsRegistration);
- } else {//subject requires registration
- Log.trace("Proceeding with registration for
ldap user '" + user + "'.");
- sessionState = State.IS_REGISTERING;
- new LoginView().showRegistrationDialog(user,
sessionId, password, callback);
+ sessionState = State.IS_LOGGED_IN;
+ callback.onSuccess(validSessionSubject);
}
- }
- });
+ });
+ }
} else {//invalid session. Back to login
sessionState = State.IS_LOGGED_OUT;
+ //clean out cookies if actually logged out.
+ Cookies.removeCookie("username");
+ Cookies.removeCookie(LoginView.PASSWORD);
new LoginView().showLoginDialog();
}
}
@@ -194,7 +276,7 @@ public class UserSessionManager {
}
public static void login() {
- login(null, null);
+ login(Cookies.getCookie("username"), null);
}
/**Same as login, but passes in credentials optionally needed during new LDAP user
registration.
@@ -207,9 +289,12 @@ public class UserSessionManager {
public void onSuccess(Subject result) {
// will build UI if necessary, then fires history event
sessionState = State.IS_LOGGED_IN;
- // subject and session has been updated during this login request
- Log.trace("A new subject and session may has been returned. Updating
sessionSubject.");
- sessionSubject = result;
+ // subject and session may have been updated during this login request
+ if (sessionSubject.getSessionId() != result.getSessionId()) {//update
+ Log.trace("A new subject and session may has been returned.
Updating sessionSubject.");
+ sessionSubject = result;
+ }
+ Cookies.setCookie("username", sessionSubject.getName());
CoreGUI.get().buildCoreUI();
}
@@ -309,4 +394,8 @@ public class UserSessionManager {
public static UserPreferences getUserPreferences() {
return userPreferences;
}
+
+ public static void setSessionState(State newSessionState) {
+ sessionState = newSessionState;
+ }
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleEditView.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleEditView.java
index 836a355..b40ac2b 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleEditView.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleEditView.java
@@ -21,6 +21,7 @@ package org.rhq.enterprise.gui.coregui.client.admin.roles;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import com.google.gwt.user.client.History;
@@ -29,6 +30,7 @@ import com.smartgwt.client.data.DSCallback;
import com.smartgwt.client.data.DSRequest;
import com.smartgwt.client.data.DSResponse;
import com.smartgwt.client.data.Record;
+import com.smartgwt.client.data.RecordList;
import com.smartgwt.client.types.Alignment;
import com.smartgwt.client.types.DSOperationType;
import com.smartgwt.client.types.Overflow;
@@ -46,6 +48,7 @@ import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.criteria.RoleCriteria;
+import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.resource.group.ResourceGroup;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.coregui.client.BookmarkableView;
@@ -170,7 +173,8 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
public void save() {
final HashSet<Integer> groupSelection = this.groupSelector.getSelection();
final HashSet<Integer> userSelection =
this.subjectSelector.getSelection();
- final HashSet<String> ldapGroupSelection =
this.ldapGroupSelector.getGroupSelection();
+ // final HashSet<String> ldapGroupSelection =
this.ldapGroupSelector.getGroupSelection();
+ final HashSet<Integer> ldapGroupSelection =
this.ldapGroupSelector.getSelection();
// The form.saveData() call triggers either RolesDataSource.executeAdd() to
create the new Role,
// or executeUpdate() if saving changes to an existing Role. On success we need
to perform the
@@ -217,7 +221,10 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
}
});
- List<String> selectedGroupList = new
ArrayList<String>(ldapGroupSelection);
+ // List<String> selectedGroupList = new
ArrayList<String>(ldapGroupSelection);
+ List<String> selectedGroupList = new ArrayList<String>();
+ selectedGroupList = loadLdapGroupSelection(ldapGroupSelection);
+ // List<Integer> selectedGroupList = new
ArrayList<Integer>(ldapGroupSelection);
if (!selectedGroupList.isEmpty()) {
GWTServiceLookup.getLdapService().setLdapGroupsForRole(roleId,
selectedGroupList,
new AsyncCallback<Void>() {
@@ -235,6 +242,24 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
}
}
+
+ /** Return list of group names from selection indices.
+ *
+ * @param ldapGroupSelection
+ * @return
+ */
+ private List<String> loadLdapGroupSelection(HashSet<Integer>
ldapGroupSelection) {
+ List<String> groupNames = new ArrayList<String>();
+ if (ldapGroupSelection != null) {
+ RecordList recordList =
ldapGroupSelector.getAssignedGrid().getDataAsRecordList();
+ for (int index : ldapGroupSelection) {
+ Record record = recordList.get(index);
+ String name = record.getAttributeAsString("name");
+ groupNames.add(name);
+ }
+ }
+ return groupNames;
+ }
});
}
@@ -246,7 +271,9 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
.getAttributeAsObject("subjects"));
this.ldapGroupSelector = new
RoleLdapGroupSelector(this.extendLocatorId("LdapGroups"), record
.getAttributeAsInt("id"));
-
+ // this.ldapGroupSelector = new
RoleLdapGroupSelector(this.extendLocatorId("LdapGroups"), (Set<LdapGroup>)
record
+ // .getAttributeAsObject("ldapGroupsAvailable"),
(Set<LdapGroup>) record
+ // .getAttributeAsObject("ldapGroupsAssigned"));
this.groupSelectorItem.setCanvas(this.groupSelector);
this.subjectSelectorItem.setCanvas(this.subjectSelector);
@@ -280,7 +307,6 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
}
private void editRole(int roleId, final ViewId current) {
-
final int id = Integer.valueOf(current.getBreadcrumbs().get(0).getName());
if (id > 0) {
@@ -298,12 +324,38 @@ public class RoleEditView extends LocatableVLayout implements
BookmarkableView {
@Override
public void onSuccess(PageList<Role> result) {
- Role role = result.get(0);
- Record record = new RolesDataSource().copyValues(role);
- editRecord(record);
+ final Role role = result.get(0);
+ final Record record = new RolesDataSource().copyValues(role);
+ //if ldap configured
+ GWTServiceLookup.getLdapService().checkLdapConfiguredStatus(new
AsyncCallback<Boolean>() {
+ public void onSuccess(Boolean result) {
+ //get available ldap groups
+ GWTServiceLookup.getLdapService().findAvailableGroups(
+ new AsyncCallback<Set<Map<String,
String>>>() {
+ public void onFailure(Throwable caught) {
+ CoreGUI.getErrorHandler().handleError(
+ "Failed to retrieve available LDAP
groups.", caught);
+ }
+
+ public void onSuccess(Set<Map<String,
String>> availableLdapGroups) {
+ //TODO: get assigned ldap groups
+ Set<LdapGroup> availableGroups =
RoleLdapGroupSelector
+ .convertToCollection(availableLdapGroups);
+ //update record with both objects.
+
record.setAttribute("ldapGroupsAvailable", availableGroups);
+ editRecord(record);
+
current.getBreadcrumbs().get(0).setDisplayName("Editing: " + role.getName());
+ CoreGUI.refreshBreadCrumbTrail();
+ }
+ });
+ }
- current.getBreadcrumbs().get(0).setDisplayName("Editing: "
+ role.getName());
- CoreGUI.refreshBreadCrumbTrail();
+ public void onFailure(Throwable caught) {//ldap not configured,
proceed
+ editRecord(record);
+ current.getBreadcrumbs().get(0).setDisplayName("Editing:
" + role.getName());
+ CoreGUI.refreshBreadCrumbTrail();
+ }
+ });
}
});
} else {
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleLdapGroupSelector.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleLdapGroupSelector.java
index 2443c5b..580da5b 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleLdapGroupSelector.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/admin/roles/RoleLdapGroupSelector.java
@@ -42,6 +42,7 @@ import com.smartgwt.client.widgets.grid.events.DataArrivedEvent;
import com.smartgwt.client.widgets.grid.events.DataArrivedHandler;
import org.rhq.core.domain.resource.group.LdapGroup;
+import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.coregui.client.CoreGUI;
import org.rhq.enterprise.gui.coregui.client.components.selector.AbstractSelector;
import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup;
@@ -50,7 +51,8 @@ import org.rhq.enterprise.gui.coregui.client.util.RPCDataSource;
/**
* @author Simeon Pinder
*/
-public class RoleLdapGroupSelector extends AbstractSelector<HashSet<Map<String,
String>>> {
+//public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String, String>>> {
+public class RoleLdapGroupSelector extends
AbstractSelector<PageList<LdapGroup>> {
public static final String id = "id";
public static final String name = "name";
public static final String description = "description";
@@ -61,6 +63,15 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
private int currentRole = -1;
private boolean initialLdapSelectionsLoad = true;
+ // public RoleLdapGroupSelector(String locatorId, Set<LdapGroup> available,
Set<LdapGroup> assigned) {
+ // super(locatorId);
+ // if (available != null) {
+ // ListGridRecord[] data = (new
LdapGroupsDataSource()).buildRecords(available);
+ //// setAssigned(data);
+ //// setA
+ // }
+ // }
+
public RoleLdapGroupSelector(String locatorId, Integer integer) {
super(locatorId);
if (integer != null) {
@@ -74,9 +85,11 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
}
@Override
- protected RPCDataSource<HashSet<Map<String, String>>>
getDataSource() {
+ // protected RPCDataSource<HashSet<Map<String, String>>>
getDataSource() {
+ protected RPCDataSource<PageList<LdapGroup>> getDataSource() {
if (availableDatasource == null) {
availableDatasource = new LdapGroupsDataSource();
+ Log.debug("++++++++++ RoleLDapGroupSelector.datasourceInit:" +
availableDatasource);
//add subsequent listener
int currentRoleId = getCurrentRole();
if (currentRoleId > -1) {
@@ -89,14 +102,16 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
if (currentRoleId > -1) {
if (initialLdapSelectionsLoad) {
GWTServiceLookup.getLdapService().findLdapGroupsAssignedToRole(currentRoleId,
- new AsyncCallback<Set<Map<String,
String>>>() {
+ // new
AsyncCallback<Set<Map<String, String>>>() {
+ new AsyncCallback<PageList<LdapGroup>>()
{
public void onFailure(Throwable throwable) {
CoreGUI.getErrorHandler().handleError(
"Failed to load LdapGroups available
for role.", throwable);
}
- public void onSuccess(Set<Map<String,
String>> currentlyAssignedLdapGroups) {
+ // public
void onSuccess(Set<Map<String, String>> currentlyAssignedLdapGroups) {
+ public void onSuccess(PageList<LdapGroup>
currentlyAssignedLdapGroups) {
//translate groups into records for grid
//
response.setData(buildRecords(locatedGroups));
//
response.setData(buildAssignedRecords(currentlyAssignedLdapGroups));
@@ -106,9 +121,12 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
RecordList loaded =
availableGrid.getDataAsRecordList();
if (loaded != null) {
ArrayList<Integer> located =
new ArrayList<Integer>();
- for (Map groupMap :
currentlyAssignedLdapGroups) {
- int index =
loaded.findIndex(name, (String) groupMap.get(name));
+ //
for (Map groupMap : currentlyAssignedLdapGroups) {
+ for (LdapGroup group :
currentlyAssignedLdapGroups) {
+ //
int index = loaded.findIndex(name, (String) groupMap.get(name));
+ int index =
loaded.findIndex(name, (String) group.getName());
if (index > -1) {
+
group.setId(index);//overwrite RHQ Resource ID to match ldap fabricated id.
located.add(Integer.valueOf(index));
}
}
@@ -124,6 +142,15 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
select(assignedGrid.getSelection());
updateButtons();
assignedGrid.deselectAllRecords();
+ //
assignedGrid.deselectAllRecords();
+ //
assignedGrid.transferSelectedData(availableGrid);
+ //
select(assignedGrid.getSelection());
+ //
updateButtons();
+ Record rec =
assignedGrid.getDataAsRecordList().get(0);
+ //
for (String attr : rec.getAttributes()) {
+ //
Log.debug("%%%%%%%%%% attribute:" + attr +
":value:"
+ //
+ rec.getAttribute(attr) + ":");
+ //
}
}
}
}
@@ -142,38 +169,39 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
return null; // TODO: Implement this method.
}
- protected void select(ListGridRecord[] records) {
- availableGrid.deselectAllRecords();
- for (ListGridRecord record : records) {
- record.setEnabled(false);
- selection.add(record.getAttributeAsString(name));
- }
- assignedGrid.markForRedraw();
- }
-
- protected void deselect(ListGridRecord[] records) {
- HashSet<String> toRemove = new HashSet<String>();
- for (ListGridRecord record : records) {
- toRemove.add(record.getAttributeAsString(name));
- }
- selection.removeAll(toRemove);
-
- for (String name : toRemove) {
- Record r = availableGrid.getDataAsRecordList().find(name, name);
- if (r != null) {
- ((ListGridRecord) r).setEnabled(true);
- }
- }
- int cnt = 0;
- for (Record lgr : availableGrid.getDataAsRecordList().toArray()) {
- if (lgr.getAttributeAsBoolean("enabled")) {
- cnt++;
- }
- }
- availableGrid.markForRedraw();
- }
-
- public class LdapGroupsDataSource extends RPCDataSource<HashSet<Map<String,
String>>> {
+ // protected void select(ListGridRecord[] records) {
+ // availableGrid.deselectAllRecords();
+ // for (ListGridRecord record : records) {
+ // record.setEnabled(false);
+ // selection.add(record.getAttributeAsString(name));
+ // }
+ // assignedGrid.markForRedraw();
+ // }
+ //
+ // protected void deselect(ListGridRecord[] records) {
+ // HashSet<String> toRemove = new HashSet<String>();
+ // for (ListGridRecord record : records) {
+ // toRemove.add(record.getAttributeAsString(name));
+ // }
+ // selection.removeAll(toRemove);
+ //
+ // for (String name : toRemove) {
+ // Record r = availableGrid.getDataAsRecordList().find(name, name);
+ // if (r != null) {
+ // ((ListGridRecord) r).setEnabled(true);
+ // }
+ // }
+ // int cnt = 0;
+ // for (Record lgr : availableGrid.getDataAsRecordList().toArray()) {
+ // if (lgr.getAttributeAsBoolean("enabled")) {
+ // cnt++;
+ // }
+ // }
+ // availableGrid.markForRedraw();
+ // }
+
+ // public class LdapGroupsDataSource extends
RPCDataSource<HashSet<Map<String, String>>> {
+ public class LdapGroupsDataSource extends
RPCDataSource<PageList<LdapGroup>> {
public static final String LDAP_NOT_CONFIGURED_EMPTY_MESSAGE = "(LDAP not
configured. 'Administrator'->System Settings to change)";
public static final String EMPTY_MESSAGE = "No items to show";
@@ -187,7 +215,9 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
setFields(nameField, descriptionField);
}
- public ListGridRecord[] buildRecords(Set<Map<String, String>>
locatedGroups) {
+ // public ListGridRecord[] buildRecords(Set<Map<String,
String>> locatedGroups) {
+ // public ListGridRecord[] buildRecords(PageList<LdapGroup>
locatedGroups) {
+ public ListGridRecord[] buildRecords(Set<LdapGroup> locatedGroups) {
ListGridRecord[] records = new ListGridRecord[0];
int indx = 0;
if ((locatedGroups != null) && (!locatedGroups.isEmpty())) {
@@ -195,18 +225,20 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
records = new ListGridRecord[locatedGroups.size()];
int index = 0;
//for each Map returned then iterate over to retrieve the values
- Iterator<Map<String, String>> iterator =
locatedGroups.iterator();
- while (iterator.hasNext()) {
- Map<String, String> group = iterator.next();
+ // Iterator<Map<String, String>> iterator =
locatedGroups.iterator();
+ // while (iterator.hasNext()) {
+ for (LdapGroup group : locatedGroups) {
+ // Map<String, String> group =
iterator.next();
//iterate over the group data to translate into records
ListGridRecord record = new ListGridRecord();
//load identifier
record.setAttribute(id, index++);
- //load name
- record.setAttribute(name, group.get(name));
+ //load name
+ // record.setAttribute(name, group.get(name));
+ record.setAttribute(name, group.getName());
//load description
- record.setAttribute(description, group.get(description));
-
+ // record.setAttribute(description,
group.get(description));
+ record.setAttribute(description, group.getDescription());
records[indx++] = record;
}
@@ -220,12 +252,14 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
}
@Override
- public HashSet<Map<String, String>> copyValues(ListGridRecord from)
{
+ // public HashSet<Map<String, String>>
copyValues(ListGridRecord from) {
+ public PageList<LdapGroup> copyValues(ListGridRecord from) {
throw new UnsupportedOperationException("Ldap Group data is read
only");
}
@Override
- public ListGridRecord copyValues(HashSet<Map<String, String>> from)
{
+ // public ListGridRecord copyValues(HashSet<Map<String,
String>> from) {
+ public ListGridRecord copyValues(PageList<LdapGroup> from) {
return null;
}
@@ -246,9 +280,13 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
}
public void onSuccess(Set<Map<String,
String>> locatedGroups) {
- Log.debug("Successfully located groups.");
+ Log.trace("Successfully located groups.");
+ Log.debug("----------------------------------
Available groups:"
+ + locatedGroups.size());
//translate groups into records for grid
- response.setData(buildRecords(locatedGroups));
+ //
response.setData(buildRecords(locatedGroups));
+ //
Set<LdapGroup> collection = new HashSet<LdapGroup>();
+
response.setData(buildRecords(convertToCollection(locatedGroups)));
//entry count
if (null != locatedGroups) {
response.setTotalRows(locatedGroups.size());
@@ -258,6 +296,22 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
//pass off for processing
processResponse(request.getRequestId(), response);
}
+
+ // private
PageList<LdapGroup> convertToCollection(Set<Map<String, String>>
locatedGroups) {
+ // private
Set<LdapGroup> convertToCollection(Set<Map<String, String>>
locatedGroups) {
+ //
Set<LdapGroup> converted = new HashSet<LdapGroup>();
+ // if (locatedGroups
!= null) {
+ //
Iterator<Map<String, String>> iterator = locatedGroups.iterator();
+ // while
(iterator.hasNext()) {
+ //
Map<String, String> map = iterator.next();
+ // LdapGroup
group = new LdapGroup();
+ //
group.setDescription(map.get("description"));
+ //
group.setName(map.get("name"));
+ //
converted.add(group);
+ // }
+ // }
+ // return converted;
+ // }
});
} else {
Log.debug("(LDAP not currently enabled. " +
EMPTY_MESSAGE);
@@ -275,26 +329,43 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
}
}
- public HashSet<String> getGroupSelection() {
- RecordList records = assignedGrid.getDataAsRecordList();
- //empty out selection and populate with actual contents
- selection.clear();
- if (!records.isEmpty()) {
- for (Record r : records.toArray()) {
- selection.add(r.getAttributeAsString(name));
+ public static Set<LdapGroup> convertToCollection(Set<Map<String,
String>> locatedGroups) {
+ Set<LdapGroup> converted = new HashSet<LdapGroup>();
+ if (locatedGroups != null) {
+ Iterator<Map<String, String>> iterator =
locatedGroups.iterator();
+ int index = 0;
+ while (iterator.hasNext()) {
+ Map<String, String> map = iterator.next();
+ LdapGroup group = new LdapGroup();
+ group.setDescription(map.get("description"));
+ group.setName(map.get("name"));
+ group.setId(index++);
+ converted.add(group);
}
}
- HashSet<String> assignedSelections = new HashSet<String>();
- for (ListGridRecord r : assignedGrid.getSelection()) {
- assignedSelections.add(r.getAttributeAsString(name));
- }
- HashSet<String> remainingRecords = new HashSet<String>();
- for (Record r : assignedGrid.getDataAsRecordList().toArray()) {
- remainingRecords.add(r.getAttributeAsString(name));
- }
- return remainingRecords;
+ return converted;
}
+ // public HashSet<String> getGroupSelection() {
+ // RecordList records = assignedGrid.getDataAsRecordList();
+ // //empty out selection and populate with actual contents
+ // selection.clear();
+ // if (!records.isEmpty()) {
+ // for (Record r : records.toArray()) {
+ // selection.add(r.getAttributeAsString(name));
+ // }
+ // }
+ // HashSet<String> assignedSelections = new HashSet<String>();
+ // for (ListGridRecord r : assignedGrid.getSelection()) {
+ // assignedSelections.add(r.getAttributeAsString(name));
+ // }
+ // HashSet<String> remainingRecords = new HashSet<String>();
+ // for (Record r : assignedGrid.getDataAsRecordList().toArray()) {
+ // remainingRecords.add(r.getAttributeAsString(name));
+ // }
+ // return remainingRecords;
+ // }
+
public class LdapAssignedGroupsDatasource extends
RPCDataSource<Set<String>> {
private Integer currentRoleId = Integer.valueOf(-1);
@@ -324,22 +395,26 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
}
GWTServiceLookup.getLdapService().findLdapGroupsAssignedToRole(currentRoleId,
- new AsyncCallback<Set<Map<String, String>>>() {
+ // new AsyncCallback<Set<Map<String,
String>>>() {
+ new AsyncCallback<PageList<LdapGroup>>() {
public void onFailure(Throwable throwable) {
CoreGUI.getErrorHandler().handleError("Failed to load
LdapGroups available for role.",
throwable);
}
- public void onSuccess(Set<Map<String, String>>
currentlyAssignedLdapGroups) {
+ // public void onSuccess(Set<Map<String,
String>> currentlyAssignedLdapGroups) {
+ public void onSuccess(PageList<LdapGroup>
currentlyAssignedLdapGroups) {
//translate groups into records for grid
//
response.setData(buildRecords(locatedGroups));
//
response.setData(buildAssignedRecords(currentlyAssignedLdapGroups));
//instead of setting the data, find which ones are shared and
transfer as before
RecordList loaded = getAssignedGrid().getDataAsRecordList();
ArrayList<Integer> located = new
ArrayList<Integer>();
- for (Map groupMap : currentlyAssignedLdapGroups) {
- int index = loaded.findIndex(name, (String)
groupMap.get(name));
+ // for (Map groupMap :
currentlyAssignedLdapGroups) {
+ for (LdapGroup groupMap : currentlyAssignedLdapGroups) {
+ // int index =
loaded.findIndex(name, (String) groupMap.get(name));
+ int index = loaded.findIndex(id, groupMap.getId());
if (index > -1) {
located.add(Integer.valueOf(index));
}
@@ -375,7 +450,8 @@ public class RoleLdapGroupSelector extends
AbstractSelector<HashSet<Map<String,
records = new ListGridRecord[currentlyAssignedLdapGroups.size()];
for (LdapGroup group : currentlyAssignedLdapGroups) {
ListGridRecord record = new ListGridRecord();
- record.setAttribute(id, group.getName());
+ // record.setAttribute(id, group.getName());
+ record.setAttribute(id, group.getId());
//load name
record.setAttribute(name, group.getName());
//load description
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/selector/AbstractSelector.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/selector/AbstractSelector.java
index 91c622a..02d39f2 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/selector/AbstractSelector.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/components/selector/AbstractSelector.java
@@ -311,6 +311,9 @@ public abstract class AbstractSelector<T> extends
LocatableVLayout {
protected void deselect(ListGridRecord[] records) {
HashSet<Integer> toRemove = new HashSet<Integer>();
for (ListGridRecord record : records) {
+ // for (String attr : record.getAttributes()) {
+ // Log.debug("------- ATTR:" + attr +
":value:" + record.getAttribute(attr) + ":");
+ // }
toRemove.add(record.getAttributeAsInt("id"));
}
selection.removeAll(toRemove);
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
index 533fcd9..3045c5d 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
@@ -28,7 +28,8 @@ import java.util.Set;
import com.google.gwt.user.client.rpc.RemoteService;
-import org.rhq.core.domain.auth.Subject;
+import org.rhq.core.domain.resource.group.LdapGroup;
+import org.rhq.core.domain.util.PageList;
/**
* @author Simeon Pinder
@@ -59,21 +60,12 @@ public interface LdapGWTService extends RemoteService {
*/
void setLdapGroupsForRole(int roleId, List<String> groupIds);
- /**
- *
- * @param currentSubject
- * @param user
- * @param password
- * @return
- */
- Subject processSubjectForLdap(Subject currentSubject, String password, boolean
ldapRegistration);
-
/** Finds ldap groups already assigned to this role.
*
* @param currentRoleId
* @return
*/
- Set<Map<String, String>> findLdapGroupsAssignedToRole(int
currentRoleId);
+ PageList<LdapGroup> findLdapGroupsAssignedToRole(int currentRoleId);
/** Boolean response about whether ldap configured..
*
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
index 4abe475..50aa21f 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
@@ -111,6 +111,6 @@ public interface SubjectGWTService extends RemoteService {
* @param criteria details for the search
* @return PageList<Subject> matching criteria.
*/
- Subject processSubjectForLdap(Subject subjectToModify, String password, boolean
registerLdap);
+ Subject processSubjectForLdap(Subject subjectToModify, String password);
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/util/rpc/MonitoringRequestCallback.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/util/rpc/MonitoringRequestCallback.java
index a1de14c..a479aa0 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/util/rpc/MonitoringRequestCallback.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/util/rpc/MonitoringRequestCallback.java
@@ -21,6 +21,7 @@ package org.rhq.enterprise.gui.coregui.client.util.rpc;
import com.google.gwt.http.client.Request;
import com.google.gwt.http.client.RequestCallback;
import com.google.gwt.http.client.Response;
+import com.google.gwt.user.client.Cookies;
import com.google.gwt.user.client.History;
import com.google.gwt.user.client.rpc.AsyncCallback;
import com.smartgwt.client.util.SC;
@@ -64,7 +65,7 @@ public class MonitoringRequestCallback implements RequestCallback {
+ response.getStatusText());
// if we have a rich and coordinated client-side loggedIn state, do we need
to check upon failure here?
- UserSessionManager.checkLoginStatus(null, null, new
AsyncCallback<Subject>() {
+ UserSessionManager.checkLoginStatus(Cookies.getCookie("username"),
null, new AsyncCallback<Subject>() {
@Override
public void onSuccess(Subject result) {
History.fireCurrentHistoryState();
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
index 8cf63d5..330ed24 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
@@ -20,14 +20,12 @@ package org.rhq.enterprise.gui.coregui.server.gwt;
import java.util.ArrayList;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import com.allen_sauer.gwt.log.client.Log;
-import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
@@ -106,38 +104,11 @@ public class LdapGWTServiceImpl extends AbstractGWTServiceImpl
implements LdapGW
}
@Override
- public Set<Map<String, String>> findLdapGroupsAssignedToRole(int roleId)
{
+ public PageList<LdapGroup> findLdapGroupsAssignedToRole(int roleId) {
try {
PageList<LdapGroup> allAssignedLdapGroups =
ldapManager.findLdapGroupsByRole(roleId, PageControl
.getUnlimitedInstance());
- Set<Map<String, String>> ldapGroups = new
HashSet<Map<String, String>>();
-
- for (LdapGroup group : allAssignedLdapGroups) {
- HashMap<String, String> map = new HashMap<String, String>();
- map.put("name", group.getName());
- map.put("id", group.getName());
- map.put("description", group.getDescription());
- ldapGroups.add(map);
- }
-
- return SerialUtility.prepare(ldapGroups,
"findLdapGroupsAssignedToRole");
- } catch (Exception e) {
- throw new RuntimeException(ThrowableUtil.getAllMessages(e));
- }
- }
-
- /** Does a series of LDAP checks and for case insensitive ldap matching accounts will
return new Subject with session id.
- * i) needs registration(user exists in ldap but not yet in RHQ)
- * ii) if LDAP authentication is enabled. All authentication is piped through this
method.
- *
- *
- */
- @Override
- public Subject processSubjectForLdap(Subject currentSubject, String password, boolean
ldapRegistration) {
- try {
- currentSubject = subjectManager.processSubjectForLdap(currentSubject,
password, ldapRegistration);
-
- return SerialUtility.prepare(currentSubject,
"processSubjectForLdap");
+ return SerialUtility.prepare(allAssignedLdapGroups,
"findLdapGroupsAssignedToRole");
} catch (Exception e) {
throw new RuntimeException(ThrowableUtil.getAllMessages(e));
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
index 378e269..15d7464 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
@@ -95,10 +95,10 @@ public class SubjectGWTServiceImpl extends AbstractGWTServiceImpl
implements Sub
}
}
- public Subject processSubjectForLdap(Subject subjectToModify, String password,
boolean registerLdap) {
+ public Subject processSubjectForLdap(Subject subjectToModify, String password) {
try {
- return
SerialUtility.prepare(subjectManager.processSubjectForLdap(getSessionSubject(), password,
- registerLdap), "SubjectManager.processSubjectForLdap");
+ return
SerialUtility.prepare(subjectManager.processSubjectForLdap(subjectToModify, password),
+ "SubjectManager.processSubjectForLdap");
} catch (Exception e) {
throw new RuntimeException(ThrowableUtil.getAllMessages(e));
}
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
index e1ffe82..491f26e 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
@@ -291,14 +291,16 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
try {
int sessionId = sessionManager.getSessionIdFromUsername(username);
subject.setSessionId(sessionId);
- //insert processing for LDAP users who have registered before and have
jdbc credentials
+ //insert processing for LDAP users who have registered before and have
jdbc credentials, but no principal.
log.trace("Processing subject '" + subject.getName() +
"' for LDAP functionality.");
- subject = processSubjectForLdap(subject, password, false);
+ subject = processSubjectForLdap(subject, password);
return subject;
} catch (SessionException se) {
// nope, no session; continue on so we can create the session
}
} else {
+ System.out.println("+++++++++++ i)Not yet registered ii)case insensitive
login from ldap for username:"
+ + username + ":");
// There is no subject in the database yet.
// If LDAP authentication is enabled and we cannot find the subject,
// it means we must have authenticated via LDAP, not JDBC (otherwise,
@@ -331,12 +333,12 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
* @return same or new Subject returned from LDAP processing.
* @throws LoginException
*/
- public Subject processSubjectForLdap(Subject subject, String subjectPassword, boolean
ldapRegistration)
- throws LoginException {
-
+ public Subject processSubjectForLdap(Subject subject, String subjectPassword) throws
LoginException {
if (subject != null) {//null check
//if user has principal then bail as LDAP processing not required
boolean userHasPrincipal = isUserWithPrincipal(subject.getName());
+ log.trace("Processing subject '" + subject.getName() +
"' for LDAP check, userHasPrincipal:"
+ + userHasPrincipal);
//if user has principal then return as non-ldap user
if (userHasPrincipal) {
@@ -346,26 +348,13 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
Properties config = systemManager.getSystemConfiguration();
boolean ldapConfigured =
config.getProperty(RHQConstants.JAASProvider).equals(
RHQConstants.LDAPJAASProvider);
-
if (ldapConfigured) {//i)registration ii)case sensitive matches
iii)authorization updates
//check that session is valid. RHQ auth has already occurred.
if (!isValidSessionId(subject.getSessionId(), subject.getName(),
subject.getId())) {
throw new LoginException("User session not valid. Login to
proceed.");
}
- if ((subject.getId() == 0) && ldapRegistration) {//insert
overlord registration and login
- //we've verified that this user has valid session, requires
registration and that ldap is configured.
- Subject superuser = getOverlord();
-
- // create the subject, but don't add a principal since LDAP
will handle authentication
- log.trace("registering new LDAP-authenticated subject
[" + subject.getName() + "]");
- createSubject(superuser, subject);
-
- // nuke the temporary session and establish a new
- // one for this subject.. must be done before pulling the
- // new subject in order to do it with his own credentials
- logout(subject.getSessionId().intValue());
- subject = login(subject.getName(), subjectPassword);
- } else {//already registered
+ if (subject.getId() == 0) {//i)case insensitive check or ii)ldap new
user registration.
+
//BZ-586435: insert case insensitivity for usernames with ldap
auth
// locate first matching subject and attach.
SubjectCriteria subjectCriteria = new SubjectCriteria();
@@ -387,12 +376,25 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
log.info(msg);
subject = login(ldapSubject.getName(), subjectPassword);
Integer sessionId = subject.getSessionId();
- log.debug("Logged in as [" + ldapSubject.getName()
+ "] with session id [" + sessionId
+ log.trace("Logged in as [" + ldapSubject.getName()
+ "] with session id [" + sessionId
+ "]");
+ } else {//then this is a registration request. insert overlord
registration and login
+ //we've verified that this user has valid session,
requires registration and that ldap is configured.
+ Subject superuser = getOverlord();
+
+ // create the subject, but don't add a principal since
LDAP will handle authentication
+ log.trace("registering new LDAP-authenticated subject
[" + subject.getName() + "]");
+ createSubject(superuser, subject);
+
+ // nuke the temporary session and establish a new
+ // one for this subject.. must be done before pulling the
+ // new subject in order to do it with his own credentials
+ logout(subject.getSessionId().intValue());
+ subject = login(subject.getName(), subjectPassword);
}
}
{//now carry out authz refresh for this Subject
- if (subject.getId() > 0) {
+ if (subject.getId() > 0) {//only act on persisted subjects
//BZ-580127: only do group authz check if one or both of
group filter fields is set
Properties options = systemManager.getSystemConfiguration();
String groupFilter = (String)
options.getProperty(RHQConstants.LDAPGroupFilter, "");
@@ -400,10 +402,13 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
if ((groupFilter.trim().length() > 0) ||
(groupMember.trim().length() > 0)) {
List<String> groupNames = new
ArrayList<String>(ldapManager
.findAvailableGroupsFor(subject.getName()));
+ log.trace("Updating ldap authorization data for user
'" + subject.getName() + "'");
ldapManager.assignRolesToLdapSubject(subject.getId(),
groupNames);
}
}
}
+ } else {//ldap not configured. Somehow authenticated for LDAP without
being ldap being configured. Error. Bail
+ throw new LoginException("You are authenticated for LDAP, but
LDAP is not configured.");
}
}
}
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
index 2b00345..9339811 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
@@ -219,6 +219,5 @@ public interface SubjectManagerLocal {
*/
PageList<Subject> findSubjectsByCriteria(Subject subject, SubjectCriteria
criteria);
- Subject processSubjectForLdap(Subject subject, String subjectPassword, boolean
ldapRegistration)
- throws LoginException;
+ Subject processSubjectForLdap(Subject subject, String subjectPassword) throws
LoginException;
}
\ No newline at end of file
commit 82d0eb6866f0de15a8ff8e49ea6c39f2a8184b2b
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Fri Oct 22 10:01:03 2010 -0400
Numerous changes: i) register new ldap user validation changes ii)UserSessionMgr
cleanup iii)*GWTService cleanup iii)revert to use orig Authorization
permissions approach iv)tighten up security process in
processSubjectForLdap v)subjectCriteria performance change.
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
index 41935c8..c59ce69 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
@@ -22,7 +22,6 @@
*/
package org.rhq.enterprise.gui.coregui.client;
-import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Map;
@@ -46,6 +45,7 @@ import com.smartgwt.client.widgets.Window;
import com.smartgwt.client.widgets.events.ClickEvent;
import com.smartgwt.client.widgets.events.ClickHandler;
import com.smartgwt.client.widgets.form.DynamicForm;
+import com.smartgwt.client.widgets.form.ValuesManager;
import com.smartgwt.client.widgets.form.events.SubmitValuesEvent;
import com.smartgwt.client.widgets.form.events.SubmitValuesHandler;
import com.smartgwt.client.widgets.form.fields.CanvasItem;
@@ -82,6 +82,7 @@ public class LoginView extends Canvas {
private DynamicForm form;
private SubmitItem loginButton;
+ private ValuesManager valuesManager = new ValuesManager();
public LoginView() {
}
@@ -92,7 +93,6 @@ public class LoginView extends Canvas {
private TextItem email;
private TextItem phone;
private TextItem department;
- private ArrayList<DynamicForm> forms;
private static final String FIRST = "first";
private static final String LAST = "last";
private static final String USERNAME = "ldap.username";
@@ -102,6 +102,11 @@ public class LoginView extends Canvas {
private static final String SESSIONID = "ldap.sessionid";
private static final String PASSWORD = "ldap.password";
+ public void showLoginDialog(String message) {
+ showLoginDialog();
+ form.setErrorsPreamble(message);
+ }
+
public void showLoginDialog() {
if (!loginShowing) {
loginShowing = true;
@@ -193,7 +198,7 @@ public class LoginView extends Canvas {
}
loginShowing = true;
- forms = new ArrayList<DynamicForm>();
+ // forms = new ArrayList<DynamicForm>();
form = new DynamicForm();
form.setMargin(25);
@@ -237,7 +242,13 @@ public class LoginView extends Canvas {
department.setWidth(fieldWidth);
SpacerItem space = new SpacerItem();
space.setColSpan(1);
- column.addMember(wrapInDynamicForm(6, header, first, last, username, email,
phone, department));
+ DynamicForm inputFields = new DynamicForm();
+ inputFields.setNumCols(6);
+ inputFields.setFields(header, first, last, username, email, phone,
department);
+ inputFields.setValuesManager(valuesManager);
+ loadValidators(inputFields);
+ column.addMember(inputFields);
+
HTMLFlow hr = new
HTMLFlow("<br/><hr/><br/><br/>");
hr.setWidth(750);
hr.setAlign(Alignment.CENTER);
@@ -252,10 +263,11 @@ public class LoginView extends Canvas {
//check for session timeout
if (UserSessionManager.isLoggedOut()) {
resetLogin();
+ return;
}
//validation
- if (validateForms(forms)) {
+ if (valuesManager.validate()) {
Log.trace("Successfully validated all data for user
registration.");
//populate form
form.setValue(FIRST, String.valueOf(first.getValue()));
@@ -301,6 +313,8 @@ public class LoginView extends Canvas {
}
public void onFailure(Throwable caught) {
+ form.setFieldErrors(FIRST,
+ "Note: Optional retrieval of ldap details unsuccessful.
Manual entry required.", true);
Log.debug("Optional LDAP detail retrieval did not succeed.
Registration prepopulation will occur.");
}
});
@@ -310,6 +324,7 @@ public class LoginView extends Canvas {
public void onClick(ClickEvent event) {
if (UserSessionManager.isLoggedOut()) {
resetLogin();
+ return;
}
//clear out all validation messages.
@@ -318,7 +333,7 @@ public class LoginView extends Canvas {
first.setValue(empty);
last.setValue(empty);
email.setValue("test(a)test.com");
- validateForms(forms);
+ valuesManager.validate();
}
first.clearValue();
last.clearValue();
@@ -334,6 +349,7 @@ public class LoginView extends Canvas {
public void onClick(ClickEvent event) {
UserSessionManager.logout();
resetLogin();
+ return;
}
});
row.addMember(logout);
@@ -362,21 +378,6 @@ public class LoginView extends Canvas {
}
}
- /** Iterates through the dynamic forms populated then calls validate().
- *
- * @param forms
- * @return
- */
- private boolean validateForms(ArrayList<DynamicForm> forms) {
- boolean allValid = true;
- for (DynamicForm form : forms) {
- if (!form.validate()) {
- allValid = false;
- }
- }
- return allValid;
- }
-
/** Go through steps of invalidating this login and piping them back to CoreGUI
Login.
*/
private void resetLogin() {
@@ -467,29 +468,6 @@ public class LoginView extends Canvas {
}
}
- /**Helper method to wrap N form items one a single line/row represented by a
DynamicForm
- *
- * @param columnCount
- * @param header
- * @return
- */
- private Canvas wrapInDynamicForm(int columnCount, FormItem... header) {
- DynamicForm form = new DynamicForm();
- if (header != null) {
- if (columnCount < 1) {//default to label and details for each form item
- form.setNumCols(header.length * 2);
- } else {
- form.setNumCols(columnCount);
- }
- form.setFields(header);
- //store away all forms for final validation
- forms.add(form);
- //load validators for form
- loadValidators(form);
- }
- return form;
- }
-
/**Build and loads the validators for each of the formItems
*
* @param form
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
index e875f66..d505fd1 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
@@ -33,8 +33,6 @@ import com.google.gwt.user.client.Timer;
import com.google.gwt.user.client.rpc.AsyncCallback;
import org.rhq.core.domain.auth.Subject;
-import org.rhq.core.domain.criteria.SubjectCriteria;
-import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup;
import org.rhq.enterprise.gui.coregui.client.util.BrowserUtility;
import org.rhq.enterprise.gui.coregui.client.util.preferences.UserPreferences;
@@ -195,56 +193,6 @@ public class UserSessionManager {
}
}
- /**
- *
- * @param subjectId
- * @param sessionId
- * @param user
- * @param callback
- */
- private static void locateSubjectOrLogin(int subjectId, final String sessionId, final
String user, String password,
- final AsyncCallback<Subject> callback) {
- if (subjectId > 0) {//registration not needed
- Log.trace("SubjectCriteria search with subjectId:" + subjectId);
- SubjectCriteria criteria = new SubjectCriteria();
- criteria.fetchConfiguration(true);
- criteria.addFilterId(subjectId);
-
- //pipe into next asynchronous call.
- GWTServiceLookup.getSubjectService().findSubjectsByCriteria(criteria,
- new AsyncCallback<PageList<Subject>>() {
- public void onFailure(Throwable caught) {
- //TODO: how/what to display in LoginView when unexpected
communication with server occurs?
- // LoginView
- //
.displayFormError("UserSessionManager: Unable to check subject for LDAP authorization
"
- // + "- check
Server status.");
- Log.debug("Failed to load user's subject");
- //show login dialog
- new LoginView().showLoginDialog();
- }
-
- public void onSuccess(PageList<Subject> result) {
- Subject subject = result.get(0);
- Log.trace("Found subject [" + subject +
"].");
- subject.setSessionId(Integer.valueOf(sessionId));
-
- // reset the session subject to the latest, for wrapping in user
preferences
- sessionSubject = subject;
- sessionState = State.IS_LOGGED_IN;
- //insert ldap check logic
- userPreferences = new UserPreferences(sessionSubject);
- refresh();
-
- callback.onSuccess(subject);
- }
- });
- } else {
- Log.trace("Proceeding with registration for ldap user '" + user
+ "'.");
- sessionState = State.IS_REGISTERING;
- new LoginView().showRegistrationDialog(user, sessionId, password, callback);
- }
- }
-
public static void login() {
login(null, null);
}
@@ -259,10 +207,9 @@ public class UserSessionManager {
public void onSuccess(Subject result) {
// will build UI if necessary, then fires history event
sessionState = State.IS_LOGGED_IN;
- if (result != null) {// subject and session has been updated during this
login request
- Log.trace("A new subject and session has been returned. Updating
sessionSubject.");
- sessionSubject = result;
- }
+ // subject and session has been updated during this login request
+ Log.trace("A new subject and session may has been returned. Updating
sessionSubject.");
+ sessionSubject = result;
CoreGUI.get().buildCoreUI();
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/AuthorizationGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/AuthorizationGWTService.java
index 58bae69..13b5572 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/AuthorizationGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/AuthorizationGWTService.java
@@ -72,11 +72,4 @@ public interface AuthorizationGWTService extends RemoteService {
*/
Set<Permission> getExplicitGlobalPermissions();
- /**
- * Lightweight check of whether current user has manage inventory permissions.
- *
- * @return Boolean answer to manage inventory permissions status.
- */
- Boolean checkUserGlobalPermission(Permission permission);
-
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
index 481ae0b..533fcd9 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
@@ -68,15 +68,6 @@ public interface LdapGWTService extends RemoteService {
*/
Subject processSubjectForLdap(Subject currentSubject, String password, boolean
ldapRegistration);
- /**
- *
- * @param currentSubject
- * @param user
- * @param password
- * @return
- */
- void updateLdapGroupAssignmentsForSubject(Subject subject);
-
/** Finds ldap groups already assigned to this role.
*
* @param currentRoleId
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
index edb50a0..4abe475 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
@@ -94,8 +94,23 @@ public interface SubjectGWTService extends RemoteService {
*/
Subject updateSubject(Subject subjectToModify);
+ /**
+ * Queries subjects using current logged in user.
+ *
+ * @param criteria details for the search
+ * @return PageList<Subject> matching criteria.
+ */
PageList<Subject> findSubjectsByCriteria(SubjectCriteria criteria);
- Subject processSubjectForLdap(Subject subjectToModify, String password);
+ /**
+ * Checks the subject passed in for LDAP processing, to optionally
+ * i)perform registration of new RHQ LDAP user
+ * ii)handles case insentive username matches.
+ * iii)update ldap user->role ldap assignments
+ *
+ * @param criteria details for the search
+ * @return PageList<Subject> matching criteria.
+ */
+ Subject processSubjectForLdap(Subject subjectToModify, String password, boolean
registerLdap);
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
index b6b23b6..3645614 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
@@ -23,6 +23,7 @@ import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import com.allen_sauer.gwt.log.client.Log;
import com.google.gwt.user.client.rpc.AsyncCallback;
@@ -128,9 +129,10 @@ public class AutodiscoveryQueueDataSource extends DataSource {
}
//determine if has manage inventory perms, if so then chain and proceed with
getting discovered resources
- authorizationService.checkUserGlobalPermission(MANAGE_INVENTORY, new
AsyncCallback<Boolean>() {
- public void onSuccess(Boolean hasManageInventoryPermissions) {
- if (hasManageInventoryPermissions) {
+ authorizationService.getExplicitGlobalPermissions(new
AsyncCallback<Set<Permission>>() {
+ public void onSuccess(Set<Permission> globalPermissions) {
+ Boolean accessGranted = globalPermissions.contains(MANAGE_INVENTORY);
+ if (accessGranted) {
if (dataContainerReference != null) {
dataContainerReference.setEmptyMessage(EMPTY_MESSAGE);
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/ResourceAutodiscoveryView.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/ResourceAutodiscoveryView.java
index d269e30..be35794 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/ResourceAutodiscoveryView.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/ResourceAutodiscoveryView.java
@@ -123,7 +123,8 @@ public class ResourceAutodiscoveryView extends LocatableVLayout {
treeGrid.setHeight100();
- treeGrid.setDataSource(dataSource = new AutodiscoveryQueueDataSource(treeGrid));
+ dataSource = new AutodiscoveryQueueDataSource(treeGrid);
+ treeGrid.setDataSource(dataSource);
treeGrid.setAutoFetchData(true);
treeGrid.setResizeFieldsInRealTime(true);
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/AuthorizationGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/AuthorizationGWTServiceImpl.java
index 7a13a94..56a4857 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/AuthorizationGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/AuthorizationGWTServiceImpl.java
@@ -83,19 +83,4 @@ public class AuthorizationGWTServiceImpl extends AbstractGWTServiceImpl
implemen
}
}
- /** Lightweight check of whether user has requested permission.
- *
- * @return Boolean data point.
- */
- public Boolean checkUserGlobalPermission(Permission permission) {
- Boolean accessGranted = false;
- try {
- Set<Permission> globalPermissions =
authorizationManager.getExplicitGlobalPermissions(getSessionSubject());
- accessGranted = globalPermissions.contains(permission);
- return accessGranted;
- } catch (Exception e) {
- throw new RuntimeException(ThrowableUtil.getAllMessages(e));
- }
- }
-
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
index d6723d6..8cf63d5 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
@@ -105,65 +105,6 @@ public class LdapGWTServiceImpl extends AbstractGWTServiceImpl
implements LdapGW
}
}
- public void updateLdapGroupAssignmentsForSubject(Subject subject) {
- try {
- //BZ-580127: only do group authz check if one or both of group filter fields
is set
- // Properties options = systemManager.getSystemConfiguration();
- String groupFilter =
LookupUtil.getSystemManager().getSystemConfiguration().getProperty(
- RHQConstants.LDAPGroupFilter, "");
- String groupMember =
LookupUtil.getSystemManager().getSystemConfiguration().getProperty(
- RHQConstants.LDAPGroupMember, "");
- if ((groupFilter.trim().length() > 0) || (groupMember.trim().length() >
0)) {
- String provider =
LookupUtil.getSystemManager().getSystemConfiguration().getProperty(
- RHQConstants.JAASProvider);
- if (RHQConstants.LDAPJAASProvider.equals(provider)) {
- List<String> groupNames = new
ArrayList<String>(ldapManager.findAvailableGroupsFor(subject
- .getName()));
- ldapManager.assignRolesToLdapSubject(subject.getId(), groupNames);
- }
- }
- // try { //defend against ldap communication runtime difficulties.
- // } catch (EJBException ejx) {
- // //this is the exception type thrown now that we use
SLSB.Local methods
- // // mine out other exceptions
- // Exception cause = ejx.getCausedByException();
- // if (cause == null) {
- // ActionMessages actionMessages = new ActionMessages();
- // actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage("errors.cam.general"));
- // saveErrors(request, actionMessages);
- // } else {
- // if (cause instanceof LdapFilterException) {
- // ActionMessages actionMessages = new
ActionMessages();
- // actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage(
- // "admin.role.LdapGroupFilterMessage"));
- // saveErrors(request, actionMessages);
- // } else if (cause instanceof LdapCommunicationException)
{
- // ActionMessages actionMessages = new
ActionMessages();
- // SystemManagerLocal manager =
LookupUtil.getSystemManager();
- // options = manager.getSystemConfiguration();
- // String providerUrl =
options.getProperty(RHQConstants.LDAPUrl, "(unavailable)");
- // actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage(
- // "admin.role.LdapCommunicationMessage",
providerUrl));
- // saveErrors(request, actionMessages);
- // }
- // }
- // } catch (LdapFilterException lce) {
- // ActionMessages actionMessages = new ActionMessages();
- // actionMessages.add(ActionMessages.GLOBAL_MESSAGE,
- // new
ActionMessage("admin.role.LdapGroupFilterMessage"));
- // saveErrors(request, actionMessages);
- // } catch (LdapCommunicationException lce) {
- // ActionMessages actionMessages = new ActionMessages();
- // String providerUrl =
options.getProperty(RHQConstants.LDAPUrl, "(unavailable)");
- // actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage(
- // "admin.role.LdapCommunicationMessage",
providerUrl));
- // saveErrors(request, actionMessages);
- // }
- } catch (Exception e) {
- throw new RuntimeException(ThrowableUtil.getAllMessages(e));
- }
- }
-
@Override
public Set<Map<String, String>> findLdapGroupsAssignedToRole(int roleId)
{
try {
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
index 953fc36..378e269 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
@@ -95,10 +95,10 @@ public class SubjectGWTServiceImpl extends AbstractGWTServiceImpl
implements Sub
}
}
- public Subject processSubjectForLdap(Subject subjectToModify, String password) {
+ public Subject processSubjectForLdap(Subject subjectToModify, String password,
boolean registerLdap) {
try {
- return
SerialUtility.prepare(subjectManager.processSubjectForLdap(getSessionSubject(),
password),
- "SubjectManager.processSubjectForLdap");
+ return
SerialUtility.prepare(subjectManager.processSubjectForLdap(getSessionSubject(), password,
+ registerLdap), "SubjectManager.processSubjectForLdap");
} catch (Exception e) {
throw new RuntimeException(ThrowableUtil.getAllMessages(e));
}
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
index 8e76409..e1ffe82 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
@@ -64,7 +64,6 @@ import
org.rhq.enterprise.server.resource.group.ResourceGroupManagerLocal;
import org.rhq.enterprise.server.system.SystemManagerLocal;
import org.rhq.enterprise.server.util.CriteriaQueryGenerator;
import org.rhq.enterprise.server.util.CriteriaQueryRunner;
-import org.rhq.enterprise.server.util.LookupUtil;
/**
* Provides functionality to access and manipulate subjects and principals, mainly for
authentication purposes.
@@ -349,11 +348,11 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
RHQConstants.LDAPJAASProvider);
if (ldapConfigured) {//i)registration ii)case sensitive matches
iii)authorization updates
+ //check that session is valid. RHQ auth has already occurred.
+ if (!isValidSessionId(subject.getSessionId(), subject.getName(),
subject.getId())) {
+ throw new LoginException("User session not valid. Login to
proceed.");
+ }
if ((subject.getId() == 0) && ldapRegistration) {//insert
overlord registration and login
- //check that session is valid
- if (!isValidSessionId(subject.getSessionId(), subject.getName(),
subject.getId())) {
- throw new LoginException("User session not valid. Login
to proceed.");
- }
//we've verified that this user has valid session, requires
registration and that ldap is configured.
Subject superuser = getOverlord();
@@ -372,9 +371,10 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
SubjectCriteria subjectCriteria = new SubjectCriteria();
subjectCriteria.setCaseSensitive(false);
subjectCriteria.setStrict(true);
+ subjectCriteria.fetchRoles(false);
+ subjectCriteria.fetchConfiguration(false);
subjectCriteria.addFilterName(subject.getName());
- PageList<Subject> subjectsLocated =
LookupUtil.getSubjectManager().findSubjectsByCriteria(
- subject, subjectCriteria);
+ PageList<Subject> subjectsLocated =
findSubjectsByCriteria(subject, subjectCriteria);
//if subject variants located then take the first one with a
principal otherwise do nothing
//To defend against the case where they create an account with
the same name but not
//case as an rhq sysadmin or higher perms, then make them relogin
with same creds entered.
@@ -390,19 +390,6 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
log.debug("Logged in as [" + ldapSubject.getName()
+ "] with session id [" + sessionId
+ "]");
}
- // {//now carry out authz refresh for this
Subject
- // if (subject.getId() > 0) {
- // //BZ-580127: only do group
authz check if one or both of group filter fields is set
- // Properties options =
systemManager.getSystemConfiguration();
- // String groupFilter = (String)
options.getProperty(RHQConstants.LDAPGroupFilter, "");
- // String groupMember = (String)
options.getProperty(RHQConstants.LDAPGroupMember, "");
- // if
((groupFilter.trim().length() > 0) || (groupMember.trim().length() > 0)) {
- // List<String>
groupNames = new ArrayList<String>(ldapManager
- //
.findAvailableGroupsFor(subject.getName()));
- //
ldapManager.assignRolesToLdapSubject(subject.getId(), groupNames);
- // }
- // }
- // }
}
{//now carry out authz refresh for this Subject
if (subject.getId() > 0) {
commit bfb2345015cf187c7ded32562b1fbbc6e30a58d7
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Thu Oct 21 17:51:05 2010 -0400
refactor Subject SLSB to include more of LDAP logic.
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
index e5d202e..41935c8 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/LoginView.java
@@ -437,37 +437,29 @@ public class LoginView extends Canvas {
newSubject.setFsystem(false);
if (proceed) {
- GWTServiceLookup.getSubjectService().createSubjectUsingOverlord(newSubject,
password,
+ GWTServiceLookup.getLdapService().processSubjectForLdap(newSubject, password,
true,
new AsyncCallback<Subject>() {
- public void onSuccess(final Subject newLoggedInSubject) {
- CoreGUI.getMessageCenter().notify(
- new Message("Succesfully created new ldap
Subject.", Message.Severity.Info));
- Log.trace("New subject created for ldap user.");
- //now do group role assignment for initial login
-
GWTServiceLookup.getLdapService().updateLdapGroupAssignmentsForSubject(newLoggedInSubject,
- new AsyncCallback<Void>() {
- public void onFailure(Throwable caught) {
- CoreGUI.getErrorHandler().handleError("Failed to
assign roles for ldap Subject.",
- caught);
- Log.debug("Failed to assign roles to ldap
subject.");
- }
-
- public void onSuccess(Void result) {
- CoreGUI.getMessageCenter().notify(
- new Message("Succesfully assigned roles for
ldap Subject.",
- Message.Severity.Info));
- Log.trace("Role assignment update for ldap
subject complete.");
- window.destroy();
- loginShowing = false;
- callback.onSuccess(newLoggedInSubject);
- }
- });
+ public void onFailure(Throwable caught) {
+ Log.debug("Failed to register LDAP subject:" +
caught.getMessage());
+ //TODO: how/what to display in LoginView when unexpected
communication with server occurs?
+ // LoginView
+ //
.displayFormError("UserSessionManager: Unable to check subject for LDAP authorization
"
+ // + "- check
Server status.");
+ new LoginView().showLoginDialog();
}
- public void onFailure(Throwable caught) {
- CoreGUI.getErrorHandler().handleError("Failed to create ldap
Subject.", caught);
+ public void onSuccess(Subject checked) {
+ Log.trace("Successfully registered LDAP subject '"
+ checked + "'.");
+
+ CoreGUI.getMessageCenter().notify(
+ new Message("Succesfully registered the new ldap
Subject.", Message.Severity.Info));
+ Log.trace("Succesfully registered the new ldap
Subject.");
+ window.destroy();
+ loginShowing = false;
+ callback.onSuccess(checked);
}
});
+
} else {//log them out then reload LoginView
Log.warn("Failed to locate username required to create LDAP
subject.");
UserSessionManager.logout();
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
index 06c8604..e875f66 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/UserSessionManager.java
@@ -144,21 +144,12 @@ public class UserSessionManager {
subject.setSessionId(Integer.valueOf(sessionId));
sessionSubject = subject;
- //checks to see if this user needs registration.
- if (subject.getId() == 0) {
- // Subject with a ID of 0 means the subject wasn't in the
database but the login succeeded.
- // This means the login method detected that LDAP
authenticated the user and just gave us a dummy subject.
- // Set the needs-registration flag so we can eventually steer
the user to the LDAP registration workflow.
- // needsRegistration = true;
- needsRegistration = true;
- }
-
+ subject.setName(user);
// figure out if ldap auth is used and whether case insenitive
ldap auth requests should be handled.
-
GWTServiceLookup.getLdapService().checkSubjectForLdapAuth(subject, user, password,
+ GWTServiceLookup.getLdapService().processSubjectForLdap(subject,
password, false,
new AsyncCallback<Subject>() {
public void onFailure(Throwable caught) {
- Log.warn("Unable to check subject for LDAP
authorization - check Server status."
- + caught.getMessage());
+ Log.debug("Failed to load user's
subject:" + caught.getMessage());
//TODO: how/what to display in LoginView when
unexpected communication with server occurs?
// LoginView
//
.displayFormError("UserSessionManager: Unable to check subject for LDAP authorization
"
@@ -167,20 +158,23 @@ public class UserSessionManager {
}
public void onSuccess(Subject checked) {
- //now pull the flags/information back out of this
subject
- if (checked == null) {//no new subject was returned.
- // also handles case where user is JDBC-based
- Log.trace("No alternative case insensitive
LDAP accounts located.");
- locateSubjectOrLogin(subjectId, sessionId, user,
password, callback);
- } else {//alternative Subject returned meaning we
located
- Log.trace("Case insensitive matching LDAP
account located.");
- needsRegistration = false;
- //change the subject.sessionId
+ Log.trace("Successfully checked subject
'" + checked + "' for LDAP processing.");
+ if (checked.getId() > 0) {//subject is already
registered.
+ sessionState = State.IS_LOGGED_IN;
+ // reset the session subject to the latest, for
wrapping in user preferences
sessionSubject = checked;
- locateSubjectOrLogin(checked.getId(),
String.valueOf(checked.getSessionId()),
- checked.getName(), password, callback);
+ //insert ldap check logic
+ userPreferences = new
UserPreferences(sessionSubject);
+ refresh();
+
+ callback.onSuccess(checked);
+
+ Log.trace("Subject registration
required:" + needsRegistration);
+ } else {//subject requires registration
+ Log.trace("Proceeding with registration for
ldap user '" + user + "'.");
+ sessionState = State.IS_REGISTERING;
+ new LoginView().showRegistrationDialog(user,
sessionId, password, callback);
}
- Log.trace("Subject registration required:"
+ needsRegistration);
}
});
} else {//invalid session. Back to login
@@ -236,6 +230,7 @@ public class UserSessionManager {
// reset the session subject to the latest, for wrapping in user
preferences
sessionSubject = subject;
+ sessionState = State.IS_LOGGED_IN;
//insert ldap check logic
userPreferences = new UserPreferences(sessionSubject);
refresh();
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
index 7915b80..481ae0b 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/LdapGWTService.java
@@ -66,7 +66,7 @@ public interface LdapGWTService extends RemoteService {
* @param password
* @return
*/
- Subject checkSubjectForLdapAuth(Subject currentSubject, String user, String
password);
+ Subject processSubjectForLdap(Subject currentSubject, String password, boolean
ldapRegistration);
/**
*
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
index a277f90..edb50a0 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/gwt/SubjectGWTService.java
@@ -58,15 +58,6 @@ public interface SubjectGWTService extends RemoteService {
Subject createSubject(Subject subjectToCreate);
/**
- * Create a a new subject. Same as createSubject, but uses overlord privileges to
automate Subject creation. Ex. Used during
- * LDAP logins.
- *
- * @param subjectToCreate The subject to be created.
- * @return the newly persisted {@link Subject}
- */
- Subject createSubjectUsingOverlord(Subject subjectToCreate, String password);
-
- /**
* Deletes the given set of users, including both the {@link Subject} and {@link
org.rhq.core.domain.auth.Principal} objects associated with
* those users.
*
@@ -105,4 +96,6 @@ public interface SubjectGWTService extends RemoteService {
PageList<Subject> findSubjectsByCriteria(SubjectCriteria criteria);
+ Subject processSubjectForLdap(Subject subjectToModify, String password);
+
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
index a947c57..b6b23b6 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/discovery/AutodiscoveryQueueDataSource.java
@@ -150,7 +150,7 @@ public class AutodiscoveryQueueDataSource extends DataSource {
Log.debug("(User does not have required managed inventory
permissions. " + EMPTY_MESSAGE);
response.setTotalRows(0);
if (dataContainerReference != null) {
- Log.debug("Setting better empty container message." +
NO_MANAGE_INVENTORY_PERMS_EMPTY_MESSAGE);
+ Log.trace("Setting better empty container message." +
NO_MANAGE_INVENTORY_PERMS_EMPTY_MESSAGE);
dataContainerReference.setEmptyMessage(NO_MANAGE_INVENTORY_PERMS_EMPTY_MESSAGE);
}
processResponse(request.getRequestId(), response);
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
index 7b27fb6..d6723d6 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/LdapGWTServiceImpl.java
@@ -28,7 +28,6 @@ import java.util.Set;
import com.allen_sauer.gwt.log.client.Log;
import org.rhq.core.domain.auth.Subject;
-import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
@@ -193,81 +192,11 @@ public class LdapGWTServiceImpl extends AbstractGWTServiceImpl
implements LdapGW
*
*/
@Override
- public Subject checkSubjectForLdapAuth(Subject currentSubject, String user, String
password) {
+ public Subject processSubjectForLdap(Subject currentSubject, String password, boolean
ldapRegistration) {
try {
- Subject newSubject = null;
- Log.trace("Subject being checked for ldapAuthentication is :" +
currentSubject);
+ currentSubject = subjectManager.processSubjectForLdap(currentSubject,
password, ldapRegistration);
- boolean needsRegistrationOrCaseIncorrectOnAccountName = false;
-
- //null checks.
- if ((currentSubject != null) && (user != null) && (password
!= null)) {
- if (currentSubject.getId() == 0) {
- // Subject with a ID of 0 means the subject wasn't in the
database but the login succeeded.
- // This means the login method detected the LDAP authenticated user
and gave us a dummy subject.
- // Set the needs-registration flag so we can eventually steer the
user to the LDAP registration workflow.
- needsRegistrationOrCaseIncorrectOnAccountName = true;
- }
-
- Log.trace("Subject has id of :" + currentSubject.getId() +
"and requires Registration:"
- + needsRegistrationOrCaseIncorrectOnAccountName);
-
- // figure out if the user has a principal
- String provider =
LookupUtil.getSystemManager().getSystemConfiguration().getProperty(
- RHQConstants.JAASProvider);
- boolean ldapEnabled = ((provider != null) &&
provider.equals(RHQConstants.LDAPJAASProvider));
-
- Log.trace("LDAP Authentication has been enabled :" +
ldapEnabled);
- boolean hasPrincipal = false;
-
- if (ldapEnabled) {
- // when we allow for LDAP authentication, we may still have users
logging in with JDBC.
- // The only way we can distinguish these users is by checking to see
if they have an
- // entry in the principals table. If they do, then we know we use
JDBC authentication
- // for that user. If they do not, then we must be using LDAP to
authenticate that user.
- // hasPrincipal =
subjectManager.isUserWithPrincipal(currentSubject.getName());
- hasPrincipal = subjectManager.isUserWithPrincipal(user);
- Log.trace("Subject '" + user + "' hasPrincipal
:" + hasPrincipal);
-
- if (!hasPrincipal &&
needsRegistrationOrCaseIncorrectOnAccountName) {
- //for the case when they're already registered but entering a
case sensitive different name
- //BZ-586435: insert case insensitivity for usernames with ldap
auth
- // locate first matching subject and attach.
- SubjectCriteria subjectCriteria = new SubjectCriteria();
- subjectCriteria.setCaseSensitive(false);
- subjectCriteria.setStrict(true);
- subjectCriteria.addFilterName(user);
- subjectCriteria.fetchRoles(true);
- subjectCriteria.fetchConfiguration(true);
- PageList<Subject> subjectsLocated =
LookupUtil.getSubjectManager().findSubjectsByCriteria(
- LookupUtil.getSubjectManager().getOverlord(),
subjectCriteria);
- Log.trace("Subjects located with name '" + user +
"' and found:" + subjectsLocated.size());
-
- //if subject variants located then take the first one with a
principal otherwise do nothing
- //To defend against the case where they create an account with
the same name but not
- //case as an rhq sysadmin or higher perms, then make them relogin
with same creds entered.
- if (!subjectsLocated.isEmpty()) {//then case insensitive username
matches found. Try to use instead.
- Subject ldapSubject = subjectsLocated.get(0);
- String msg = "Located existing ldap account with
different case for ["
- + ldapSubject.getName() + "]. "
- + "Attempting to authenticate with that account
instead.";
- Log.info(msg);
- Log.trace("Attempting to log back in with credentials
passed in.");
- newSubject = subjectManager.login(user, password);
- Log.trace("Logged in as [" + ldapSubject.getName()
+ "] with session id ["
- + newSubject.getSessionId() + "]");
- needsRegistrationOrCaseIncorrectOnAccountName = false;
- }
- }
-
- } else {
- // with regular JDBC authentication, we are guaranteed to have a
principal
- hasPrincipal = true;
- }
- } else {
- Log.debug("The Subject and user/password cannot be null to
proceed.");
- }
- return SerialUtility.prepare(newSubject,
"checkSubjectForLdapAuth");
+ return SerialUtility.prepare(currentSubject,
"processSubjectForLdap");
} catch (Exception e) {
throw new RuntimeException(ThrowableUtil.getAllMessages(e));
}
diff --git
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
index 8c5e9ea..953fc36 100644
---
a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
+++
b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/server/gwt/SubjectGWTServiceImpl.java
@@ -18,8 +18,6 @@
*/
package org.rhq.enterprise.gui.coregui.server.gwt;
-import com.allen_sauer.gwt.log.client.Log;
-
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.util.PageList;
@@ -64,28 +62,6 @@ public class SubjectGWTServiceImpl extends AbstractGWTServiceImpl
implements Sub
}
}
- /**Same as create subject, but uses Overlord and returns new/non-temporary session.
- *
- * @param subjectToCreate
- * @param password
- * @return
- */
- public Subject createSubjectUsingOverlord(Subject subjectToCreate, String password)
{
- try {
- //Officially create the new subject
- subjectToCreate = subjectManager.createSubject(subjectManager.getOverlord(),
subjectToCreate);
- // nuke the temporary session and establish a new
- // one for this subject.. must be done before pulling the
- // new subject in order to do it with his own credentials
- subjectManager.logout(getSessionSubject().getSessionId());
- subjectToCreate = subjectManager.login(subjectToCreate.getName(), password);
- Log.trace("Created new user with overlord and logged back in with that
user.");
- return SerialUtility.prepare(subjectToCreate,
"SubjectManager.createSubjectUsingOverlord");
- } catch (Exception e) {
- throw new RuntimeException(ThrowableUtil.getAllMessages(e));
- }
- }
-
public void deleteSubjects(int[] subjectIds) {
try {
subjectManager.deleteSubjects(getSessionSubject(), subjectIds);
@@ -119,6 +95,15 @@ public class SubjectGWTServiceImpl extends AbstractGWTServiceImpl
implements Sub
}
}
+ public Subject processSubjectForLdap(Subject subjectToModify, String password) {
+ try {
+ return
SerialUtility.prepare(subjectManager.processSubjectForLdap(getSessionSubject(),
password),
+ "SubjectManager.processSubjectForLdap");
+ } catch (Exception e) {
+ throw new RuntimeException(ThrowableUtil.getAllMessages(e));
+ }
+ }
+
public PageList<Subject> findSubjectsByCriteria(SubjectCriteria criteria) {
try {
return
SerialUtility.prepare(subjectManager.findSubjectsByCriteria(getSessionSubject(),
criteria),
diff --git
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java
index 91980ad..1702827 100644
---
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java
+++
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java
@@ -18,12 +18,8 @@
*/
package org.rhq.enterprise.gui.admin.user;
-import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
-import java.util.Properties;
-import javax.ejb.EJBException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -33,8 +29,6 @@ import org.apache.commons.logging.LogFactory;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
-import org.apache.struts.action.ActionMessage;
-import org.apache.struts.action.ActionMessages;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.configuration.Configuration;
@@ -43,10 +37,7 @@ import org.rhq.enterprise.gui.legacy.WebUser;
import org.rhq.enterprise.gui.legacy.action.BaseAction;
import org.rhq.enterprise.gui.legacy.util.RequestUtils;
import org.rhq.enterprise.gui.legacy.util.SessionUtils;
-import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
-import org.rhq.enterprise.server.exception.LdapCommunicationException;
-import org.rhq.enterprise.server.exception.LdapFilterException;
import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.system.SystemManagerLocal;
import org.rhq.enterprise.server.util.LookupUtil;
@@ -121,55 +112,6 @@ public class RegisterAction extends BaseAction {
HashMap parms = new HashMap(1);
parms.put(Constants.USER_PARAM, newSubject.getId());
- //BZ-580127: only do group authz check if one or both of group filter fields is
set
- Properties options = systemManager.getSystemConfiguration();
- String groupFilter = (String) options.getProperty(RHQConstants.LDAPGroupFilter,
"");
- String groupMember = (String) options.getProperty(RHQConstants.LDAPGroupMember,
"");
- if ((groupFilter.trim().length() > 0) || (groupMember.trim().length() > 0))
{
- try { //defend against ldap communication runtime difficulties.
- String provider =
LookupUtil.getSystemManager().getSystemConfiguration().getProperty(
- RHQConstants.JAASProvider);
- if (RHQConstants.LDAPJAASProvider.equals(provider)) {
- List<String> groupNames = new
ArrayList(ldapManager.findAvailableGroupsFor(newSubject.getName()));
- ldapManager.assignRolesToLdapSubject(newSubject.getId(),
groupNames);
- }
- } catch (EJBException ejx) {
- //this is the exception type thrown now that we use SLSB.Local methods
- // mine out other exceptions
- Exception cause = ejx.getCausedByException();
- if (cause == null) {
- ActionMessages actionMessages = new ActionMessages();
- actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage("errors.cam.general"));
- saveErrors(request, actionMessages);
- } else {
- if (cause instanceof LdapFilterException) {
- ActionMessages actionMessages = new ActionMessages();
- actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage(
- "admin.role.LdapGroupFilterMessage"));
- saveErrors(request, actionMessages);
- } else if (cause instanceof LdapCommunicationException) {
- ActionMessages actionMessages = new ActionMessages();
- SystemManagerLocal manager = LookupUtil.getSystemManager();
- options = manager.getSystemConfiguration();
- String providerUrl = options.getProperty(RHQConstants.LDAPUrl,
"(unavailable)");
- actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new
ActionMessage(
- "admin.role.LdapCommunicationMessage",
providerUrl));
- saveErrors(request, actionMessages);
- }
- }
- } catch (LdapFilterException lce) {
- ActionMessages actionMessages = new ActionMessages();
- actionMessages.add(ActionMessages.GLOBAL_MESSAGE,
- new ActionMessage("admin.role.LdapGroupFilterMessage"));
- saveErrors(request, actionMessages);
- } catch (LdapCommunicationException lce) {
- ActionMessages actionMessages = new ActionMessages();
- String providerUrl = options.getProperty(RHQConstants.LDAPUrl,
"(unavailable)");
- actionMessages.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
- "admin.role.LdapCommunicationMessage", providerUrl));
- saveErrors(request, actionMessages);
- }
- }
return returnSuccess(request, mapping, parms, false);
}
}
\ No newline at end of file
diff --git
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
index 432d95c..19d7bd3 100644
---
a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
+++
b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/authentication/AuthenticateUserAction.java
@@ -38,8 +38,6 @@ import org.apache.struts.tiles.actions.TilesAction;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.configuration.Configuration;
-import org.rhq.core.domain.criteria.SubjectCriteria;
-import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.gui.legacy.AttrConstants;
import org.rhq.enterprise.gui.legacy.Constants;
import org.rhq.enterprise.gui.legacy.WebUser;
@@ -79,6 +77,7 @@ public class AuthenticateUserAction extends TilesAction {
log.debug("Logged in as [" + logonForm.getJ_username() + "]
with session id [" + sessionId + "]");
+ boolean hasPrincipal = true;
if (subject.getId() == 0) {
// Subject with a ID of 0 means the subject wasn't in the database
but the login succeeded.
// This means the login method detected that LDAP authenticated the user
and just gave us a dummy subject.
@@ -86,47 +85,6 @@ public class AuthenticateUserAction extends TilesAction {
needsRegistration = true;
}
- // figure out if the user has a principal
- boolean usingLDAP = usingLDAPAuthentication(ctx);
- boolean hasPrincipal = false;
-
- if (usingLDAP) {
- // when we allow for LDAP authentication, we may still have users logging
in with JDBC.
- // The only way we can distinguish these users is by checking to see if
they have an
- // entry in the principals table. If they do, then we know we use JDBC
authentication
- // for that user. If they do not, then we must be using LDAP to
authenticate that user.
- hasPrincipal =
subjectManager.isUserWithPrincipal(logonForm.getJ_username());
-
- if (!hasPrincipal && needsRegistration) {
- //for the case when they're already registered but entering a
case sensitive different name
- //BZ-586435: insert case insensitivity for usernames with ldap auth
- // locate first matching subject and attach.
- SubjectCriteria subjectCriteria = new SubjectCriteria();
- subjectCriteria.setCaseSensitive(false);
- subjectCriteria.setStrict(true);
- subjectCriteria.addFilterName(logonForm.getJ_username());
- PageList<Subject> subjectsLocated =
LookupUtil.getSubjectManager().findSubjectsByCriteria(
- LookupUtil.getSubjectManager().getOverlord(), subjectCriteria);
- //if subject variants located then take the first one with a
principal otherwise do nothing
- //To defend against the case where they create an account with the
same name but not
- //case as an rhq sysadmin or higher perms, then make them relogin
with same creds entered.
- if (!subjectsLocated.isEmpty()) {//then case insensitive username
matches found. Try to use instead.
- Subject ldapSubject = subjectsLocated.get(0);
- String msg = "Located existing ldap account with different
case for [" + ldapSubject.getName()
- + "]. " + "Attempting to authenticate with
that account instead.";
- log.info(msg);
- subject = subjectManager.login(ldapSubject.getName(),
logonForm.getJ_password());
- sessionId = subject.getSessionId();
- log.debug("Logged in as [" + ldapSubject.getName() +
"] with session id [" + sessionId + "]");
- needsRegistration = false;
- }
- }
-
- } else {
- // with regular JDBC authentication, we are guaranteed to have a
principal
- hasPrincipal = true;
- }
-
if (!needsRegistration) {
subject = subjectManager.loadUserConfiguration(subject.getId());
subject.setSessionId(sessionId); // put the transient data back into our
new subject
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
index 3b125e1..8e76409 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerBean.java
@@ -59,10 +59,12 @@ import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.authz.RequiredPermission;
import org.rhq.enterprise.server.core.CustomJaasDeploymentServiceMBean;
import org.rhq.enterprise.server.exception.LoginException;
+import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.resource.group.ResourceGroupManagerLocal;
import org.rhq.enterprise.server.system.SystemManagerLocal;
import org.rhq.enterprise.server.util.CriteriaQueryGenerator;
import org.rhq.enterprise.server.util.CriteriaQueryRunner;
+import org.rhq.enterprise.server.util.LookupUtil;
/**
* Provides functionality to access and manipulate subjects and principals, mainly for
authentication purposes.
@@ -84,6 +86,10 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
private ResourceGroupManagerLocal resourceGroupManager;
@EJB
+ @IgnoreDependency
+ private LdapGroupManagerLocal ldapManager;
+
+ @EJB
private SystemManagerLocal systemManager;
@EJB
@@ -274,7 +280,7 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
Subject subject = getSubjectByName(username);
- if (subject != null) {
+ if (subject != null) {//regular JDBC user
if (!subject.getFactive()) {
throw new LoginException("User account has been disabled.");
}
@@ -286,6 +292,9 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
try {
int sessionId = sessionManager.getSessionIdFromUsername(username);
subject.setSessionId(sessionId);
+ //insert processing for LDAP users who have registered before and have
jdbc credentials
+ log.trace("Processing subject '" + subject.getName() +
"' for LDAP functionality.");
+ subject = processSubjectForLdap(subject, password, false);
return subject;
} catch (SessionException se) {
// nope, no session; continue on so we can create the session
@@ -317,6 +326,103 @@ public class SubjectManagerBean implements SubjectManagerLocal,
SubjectManagerRe
return subject;
}
+ /**This method is applied to non-null Subject instances that may require LDAP
auth/authz processing.
+ *
+ * @param subject Authenticated subject.
+ * @return same or new Subject returned from LDAP processing.
+ * @throws LoginException
+ */
+ public Subject processSubjectForLdap(Subject subject, String subjectPassword, boolean
ldapRegistration)
+ throws LoginException {
+
+ if (subject != null) {//null check
+ //if user has principal then bail as LDAP processing not required
+ boolean userHasPrincipal = isUserWithPrincipal(subject.getName());
+
+ //if user has principal then return as non-ldap user
+ if (userHasPrincipal) {
+ return subject; //bail. No further checking required.
+ } else {//Start LDAP check.
+ //retrieve configuration properties and do LDAP check
+ Properties config = systemManager.getSystemConfiguration();
+ boolean ldapConfigured =
config.getProperty(RHQConstants.JAASProvider).equals(
+ RHQConstants.LDAPJAASProvider);
+
+ if (ldapConfigured) {//i)registration ii)case sensitive matches
iii)authorization updates
+ if ((subject.getId() == 0) && ldapRegistration) {//insert
overlord registration and login
+ //check that session is valid
+ if (!isValidSessionId(subject.getSessionId(), subject.getName(),
subject.getId())) {
+ throw new LoginException("User session not valid. Login
to proceed.");
+ }
+ //we've verified that this user has valid session, requires
registration and that ldap is configured.
+ Subject superuser = getOverlord();
+
+ // create the subject, but don't add a principal since LDAP
will handle authentication
+ log.trace("registering new LDAP-authenticated subject
[" + subject.getName() + "]");
+ createSubject(superuser, subject);
+
+ // nuke the temporary session and establish a new
+ // one for this subject.. must be done before pulling the
+ // new subject in order to do it with his own credentials
+ logout(subject.getSessionId().intValue());
+ subject = login(subject.getName(), subjectPassword);
+ } else {//already registered
+ //BZ-586435: insert case insensitivity for usernames with ldap
auth
+ // locate first matching subject and attach.
+ SubjectCriteria subjectCriteria = new SubjectCriteria();
+ subjectCriteria.setCaseSensitive(false);
+ subjectCriteria.setStrict(true);
+ subjectCriteria.addFilterName(subject.getName());
+ PageList<Subject> subjectsLocated =
LookupUtil.getSubjectManager().findSubjectsByCriteria(
+ subject, subjectCriteria);
+ //if subject variants located then take the first one with a
principal otherwise do nothing
+ //To defend against the case where they create an account with
the same name but not
+ //case as an rhq sysadmin or higher perms, then make them relogin
with same creds entered.
+ if ((!subjectsLocated.isEmpty())
+ &&
(!subjectsLocated.get(0).getName().equals(subject.getName()))) {//then case insensitive
username matches found. Try to use instead.
+ Subject ldapSubject = subjectsLocated.get(0);
+ String msg = "Located existing ldap account with
different case for ["
+ + ldapSubject.getName() + "]. "
+ + "Attempting to authenticate with that account
instead.";
+ log.info(msg);
+ subject = login(ldapSubject.getName(), subjectPassword);
+ Integer sessionId = subject.getSessionId();
+ log.debug("Logged in as [" + ldapSubject.getName()
+ "] with session id [" + sessionId
+ + "]");
+ }
+ // {//now carry out authz refresh for this
Subject
+ // if (subject.getId() > 0) {
+ // //BZ-580127: only do group
authz check if one or both of group filter fields is set
+ // Properties options =
systemManager.getSystemConfiguration();
+ // String groupFilter = (String)
options.getProperty(RHQConstants.LDAPGroupFilter, "");
+ // String groupMember = (String)
options.getProperty(RHQConstants.LDAPGroupMember, "");
+ // if
((groupFilter.trim().length() > 0) || (groupMember.trim().length() > 0)) {
+ // List<String>
groupNames = new ArrayList<String>(ldapManager
+ //
.findAvailableGroupsFor(subject.getName()));
+ //
ldapManager.assignRolesToLdapSubject(subject.getId(), groupNames);
+ // }
+ // }
+ // }
+ }
+ {//now carry out authz refresh for this Subject
+ if (subject.getId() > 0) {
+ //BZ-580127: only do group authz check if one or both of
group filter fields is set
+ Properties options = systemManager.getSystemConfiguration();
+ String groupFilter = (String)
options.getProperty(RHQConstants.LDAPGroupFilter, "");
+ String groupMember = (String)
options.getProperty(RHQConstants.LDAPGroupMember, "");
+ if ((groupFilter.trim().length() > 0) ||
(groupMember.trim().length() > 0)) {
+ List<String> groupNames = new
ArrayList<String>(ldapManager
+ .findAvailableGroupsFor(subject.getName()));
+ ldapManager.assignRolesToLdapSubject(subject.getId(),
groupNames);
+ }
+ }
+ }
+ }
+ }
+ }
+ return subject;
+ }
+
/**
* @see org.rhq.enterprise.server.auth.SubjectManagerLocal#logout(Subject)
*/
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
index d62096b..2b00345 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/auth/SubjectManagerLocal.java
@@ -219,4 +219,6 @@ public interface SubjectManagerLocal {
*/
PageList<Subject> findSubjectsByCriteria(Subject subject, SubjectCriteria
criteria);
+ Subject processSubjectForLdap(Subject subject, String subjectPassword, boolean
ldapRegistration)
+ throws LoginException;
}
\ No newline at end of file
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
index bb29a47..6136d27 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
@@ -19,11 +19,8 @@
package org.rhq.enterprise.server.core.jaas;
import java.security.acl.Group;
-import java.util.ArrayList;
import java.util.Iterator;
-import java.util.List;
import java.util.Properties;
-import java.util.Set;
import java.util.Map.Entry;
import javax.naming.Context;
@@ -39,12 +36,6 @@ import org.apache.commons.logging.LogFactory;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
-import org.rhq.core.domain.auth.Subject;
-import org.rhq.core.domain.resource.group.LdapGroup;
-import org.rhq.core.domain.util.PageControl;
-import org.rhq.core.domain.util.PageList;
-import org.rhq.enterprise.server.auth.SubjectManagerLocal;
-import org.rhq.enterprise.server.authz.RoleManagerLocal;
import org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal;
import org.rhq.enterprise.server.util.LookupUtil;
import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory;
@@ -207,40 +198,6 @@ public class LdapLoginModule extends UsernamePasswordLoginModule {
//if successful then verified that user and pw are valid ldap
credentials
ctx.reconnect(null);
- //if group auth enabled and user acct already exists then insert
authorization check
- String groupFilter = (String) options.get("GroupFilter");
- String groupMember = (String)
options.get("GroupMemberFilter");
- SubjectManagerLocal sManager = LookupUtil.getSubjectManager();
- Subject ldapSubject = sManager.getSubjectByName(getUsername());
- if (ldapSubject != null && ((groupFilter != null) &&
!groupFilter.trim().equals(""))
- && ((groupMember != null) &&
!groupMember.trim().equals(""))) {
- //check authorized groups to see if this user is authorized via ldap
- //BUT still must always return true as authz is handled by RHQ if
roles/groups correct
-
- //retrieve all ldap groups that this user is authorized for based on
ldap group filter and group member settings
- Set<String> authorizedLdapGroups =
ldapManager.findAvailableGroupsFor(userName);
- RoleManagerLocal roleManager = LookupUtil.getRoleManager();
-
- //find all currently mapped ldap groups
- PageList<LdapGroup> allCurrentLdapGroupsRegistered =
ldapManager.findLdapGroups(PageControl
- .getUnlimitedInstance());
-
- //find all roles for currently mapped ldap groups.
- //empty current user from all groups -synch
- for (LdapGroup gp : allCurrentLdapGroupsRegistered) {
- if (gp.getRole() != null) {
- gp.getRole().removeSubject(ldapSubject);
- }
- }
- if (authorizedLdapGroups.isEmpty()) {
- return true; //bailing out as now correctly authorized
correctly.
- }
-
- //else add this subject back to all AuthoriziedLdapGroups
- //lookup all roles that map to the authorizedLdapGroup names
- List authorizedList = new ArrayList(authorizedLdapGroups);
- ldapManager.assignRolesToLdapSubject(ldapSubject.getId(),
authorizedList);
- }
return true;
}
commit 100fcb7bef6bafcc061e308c1a1240c7c2343372
Merge: 98209e5... e19fff4...
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Wed Oct 20 13:11:14 2010 -0400
Merge remote branch 'origin/gwt-ldap' into gwt-ldap2
commit 98209e5176c76ad61bccc00313591f7eff3768aa
Merge: b949685... 39280ce...
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Wed Oct 20 12:31:16 2010 -0400
Merge remote branch 'origin/gwt-ldap' into gwt-ldap2
commit b9496858222af18d9d04a2b515390dc258495140
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Tue Oct 19 16:27:00 2010 -0400
Revert " BZ-644344: fix for ldap accounts named 'admin' case
insensitive."
This reverts commit 3989386b8cf1fa4ff96c973b4f93eefe4df0f902.
- no need. Case insensitive check still returns 'admin' which is still not
allowed.
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
index a821bde..e862db9 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
@@ -87,10 +87,9 @@ public class JDBCPrincipalCheckLoginModule extends
UsernamePasswordLoginModule {
@Override
protected String getUsersPassword() throws LoginException {
String username = getUsername();
- if ("admin".equalsIgnoreCase(username)) {
+ if ("admin".equals(username)) {
throw new FailedLoginException("Cannot log in as overlord");
}
-
String password = getUsernameAndPassword()[1]; // what did the user enter?
Connection conn = null;
PreparedStatement ps = null;
commit 3989386b8cf1fa4ff96c973b4f93eefe4df0f902
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Tue Oct 19 12:26:46 2010 -0400
BZ-644344: fix for ldap accounts named 'admin' case insensitive.
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
index e862db9..a821bde 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/JDBCPrincipalCheckLoginModule.java
@@ -87,9 +87,10 @@ public class JDBCPrincipalCheckLoginModule extends
UsernamePasswordLoginModule {
@Override
protected String getUsersPassword() throws LoginException {
String username = getUsername();
- if ("admin".equals(username)) {
+ if ("admin".equalsIgnoreCase(username)) {
throw new FailedLoginException("Cannot log in as overlord");
}
+
String password = getUsernameAndPassword()[1]; // what did the user enter?
Connection conn = null;
PreparedStatement ps = null;