diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java index fc5f2602a..540980ab8 100644 --- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java +++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java @@ -4,6 +4,7 @@ import static java.lang.String.join; import static java.util.stream.Collectors.toSet; import static li.strolch.privilege.base.PrivilegeConstants.*; import static li.strolch.utils.helper.StringHelper.isEmpty; +import static li.strolch.utils.helper.StringHelper.isNotEmpty; import javax.naming.NamingException; import javax.naming.directory.Attributes; @@ -21,6 +22,7 @@ import li.strolch.utils.dbc.DBC; public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler { private Locale defaultLocale; + private Map ldapToLocalLocationMap; private JsonObject ldapGroupConfigs; private Set ldapGroupNames; private String realm; @@ -61,6 +63,15 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler { if (!configJ.has("ldapGroupConfigs") || !configJ.get("ldapGroupConfigs").isJsonObject()) throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!"); + this.ldapToLocalLocationMap = new HashMap<>(); + if (configJ.has("locationMappings")) { + JsonObject locationMappingsJ = configJ.get("locationMappings").getAsJsonObject(); + for (String ldapL : locationMappingsJ.keySet()) { + String localL = locationMappingsJ.get(ldapL).getAsString(); + this.ldapToLocalLocationMap.put(ldapL, localL); + } + } + this.ldapGroupConfigs = configJ.get("ldapGroupConfigs").getAsJsonObject(); this.ldapGroupNames = ldapGroupConfigs.keySet(); if (this.ldapGroupNames.isEmpty()) @@ -151,12 +162,22 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler { @Override protected Map buildProperties(String username, Attributes attrs, Set ldapGroups, - Set strolchRoles) { + Set strolchRoles) throws NamingException { String primaryLocation = ""; Set secondaryLocations = new HashSet<>(); Set locations = new HashSet<>(); + // first see if we can find the primaryLocation from the department attribute: + String department = getLdapString(attrs, "department"); + if (isNotEmpty(department)) { + if (this.ldapToLocalLocationMap.containsKey(department)) { + String localL = this.ldapToLocalLocationMap.get(department); + logger.info("Using primary location " + localL + " for LDAP department " + department); + primaryLocation = localL; + } + } + for (String ldapGroup : ldapGroups) { JsonObject mappingJ = this.ldapGroupConfigs.get(ldapGroup).getAsJsonObject(); mappingJ.get(LOCATION).getAsJsonArray().forEach(e -> locations.add(e.getAsString())); @@ -166,9 +187,13 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler { if (primaryLocation.isEmpty()) { primaryLocation = primaryLocationJ.getAsString(); } else { - logger.warn("Primary location already set by previous LDAP Group config for LDAP Group " + ldapGroup - + ", adding to secondary locations."); - secondaryLocations.add(primaryLocationJ.getAsString()); + String location = primaryLocationJ.getAsString(); + if (!secondaryLocations.contains(location)) { + logger.warn( + "Primary location already set by previous LDAP Group config for LDAP Group " + ldapGroup + + ", adding to secondary locations."); + secondaryLocations.add(location); + } } }