[New] Try and use LDAP department for primaryLocation
This commit is contained in:
parent
baecbd5312
commit
24c305564b
|
@ -4,6 +4,7 @@ import static java.lang.String.join;
|
||||||
import static java.util.stream.Collectors.toSet;
|
import static java.util.stream.Collectors.toSet;
|
||||||
import static li.strolch.privilege.base.PrivilegeConstants.*;
|
import static li.strolch.privilege.base.PrivilegeConstants.*;
|
||||||
import static li.strolch.utils.helper.StringHelper.isEmpty;
|
import static li.strolch.utils.helper.StringHelper.isEmpty;
|
||||||
|
import static li.strolch.utils.helper.StringHelper.isNotEmpty;
|
||||||
|
|
||||||
import javax.naming.NamingException;
|
import javax.naming.NamingException;
|
||||||
import javax.naming.directory.Attributes;
|
import javax.naming.directory.Attributes;
|
||||||
|
@ -21,6 +22,7 @@ import li.strolch.utils.dbc.DBC;
|
||||||
public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
|
|
||||||
private Locale defaultLocale;
|
private Locale defaultLocale;
|
||||||
|
private Map<String, String> ldapToLocalLocationMap;
|
||||||
private JsonObject ldapGroupConfigs;
|
private JsonObject ldapGroupConfigs;
|
||||||
private Set<String> ldapGroupNames;
|
private Set<String> ldapGroupNames;
|
||||||
private String realm;
|
private String realm;
|
||||||
|
@ -61,6 +63,15 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
if (!configJ.has("ldapGroupConfigs") || !configJ.get("ldapGroupConfigs").isJsonObject())
|
if (!configJ.has("ldapGroupConfigs") || !configJ.get("ldapGroupConfigs").isJsonObject())
|
||||||
throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!");
|
throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!");
|
||||||
|
|
||||||
|
this.ldapToLocalLocationMap = new HashMap<>();
|
||||||
|
if (configJ.has("locationMappings")) {
|
||||||
|
JsonObject locationMappingsJ = configJ.get("locationMappings").getAsJsonObject();
|
||||||
|
for (String ldapL : locationMappingsJ.keySet()) {
|
||||||
|
String localL = locationMappingsJ.get(ldapL).getAsString();
|
||||||
|
this.ldapToLocalLocationMap.put(ldapL, localL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
this.ldapGroupConfigs = configJ.get("ldapGroupConfigs").getAsJsonObject();
|
this.ldapGroupConfigs = configJ.get("ldapGroupConfigs").getAsJsonObject();
|
||||||
this.ldapGroupNames = ldapGroupConfigs.keySet();
|
this.ldapGroupNames = ldapGroupConfigs.keySet();
|
||||||
if (this.ldapGroupNames.isEmpty())
|
if (this.ldapGroupNames.isEmpty())
|
||||||
|
@ -151,12 +162,22 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Map<String, String> buildProperties(String username, Attributes attrs, Set<String> ldapGroups,
|
protected Map<String, String> buildProperties(String username, Attributes attrs, Set<String> ldapGroups,
|
||||||
Set<String> strolchRoles) {
|
Set<String> strolchRoles) throws NamingException {
|
||||||
|
|
||||||
String primaryLocation = "";
|
String primaryLocation = "";
|
||||||
Set<String> secondaryLocations = new HashSet<>();
|
Set<String> secondaryLocations = new HashSet<>();
|
||||||
Set<String> locations = new HashSet<>();
|
Set<String> locations = new HashSet<>();
|
||||||
|
|
||||||
|
// first see if we can find the primaryLocation from the department attribute:
|
||||||
|
String department = getLdapString(attrs, "department");
|
||||||
|
if (isNotEmpty(department)) {
|
||||||
|
if (this.ldapToLocalLocationMap.containsKey(department)) {
|
||||||
|
String localL = this.ldapToLocalLocationMap.get(department);
|
||||||
|
logger.info("Using primary location " + localL + " for LDAP department " + department);
|
||||||
|
primaryLocation = localL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
for (String ldapGroup : ldapGroups) {
|
for (String ldapGroup : ldapGroups) {
|
||||||
JsonObject mappingJ = this.ldapGroupConfigs.get(ldapGroup).getAsJsonObject();
|
JsonObject mappingJ = this.ldapGroupConfigs.get(ldapGroup).getAsJsonObject();
|
||||||
mappingJ.get(LOCATION).getAsJsonArray().forEach(e -> locations.add(e.getAsString()));
|
mappingJ.get(LOCATION).getAsJsonArray().forEach(e -> locations.add(e.getAsString()));
|
||||||
|
@ -166,9 +187,13 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
if (primaryLocation.isEmpty()) {
|
if (primaryLocation.isEmpty()) {
|
||||||
primaryLocation = primaryLocationJ.getAsString();
|
primaryLocation = primaryLocationJ.getAsString();
|
||||||
} else {
|
} else {
|
||||||
logger.warn("Primary location already set by previous LDAP Group config for LDAP Group " + ldapGroup
|
String location = primaryLocationJ.getAsString();
|
||||||
+ ", adding to secondary locations.");
|
if (!secondaryLocations.contains(location)) {
|
||||||
secondaryLocations.add(primaryLocationJ.getAsString());
|
logger.warn(
|
||||||
|
"Primary location already set by previous LDAP Group config for LDAP Group " + ldapGroup
|
||||||
|
+ ", adding to secondary locations.");
|
||||||
|
secondaryLocations.add(location);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue