[New] Added an override for users to LDAP groups
This commit is contained in:
parent
384db5e23e
commit
79ad9d3423
|
@ -24,6 +24,7 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
private JsonObject configJ;
|
private JsonObject configJ;
|
||||||
private Set<String> ldapGroupNames;
|
private Set<String> ldapGroupNames;
|
||||||
private String realm;
|
private String realm;
|
||||||
|
private HashMap<String, String> userLdapGroupOverrides;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public synchronized void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
|
public synchronized void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
|
||||||
|
@ -56,6 +57,9 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate the configuration
|
// validate the configuration
|
||||||
|
if (!this.configJ.has("ldapGroupConfigs") || !this.configJ.get("ldapGroupConfigs").isJsonObject())
|
||||||
|
throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!");
|
||||||
|
|
||||||
this.ldapGroupNames = this.configJ.keySet();
|
this.ldapGroupNames = this.configJ.keySet();
|
||||||
if (this.ldapGroupNames.isEmpty())
|
if (this.ldapGroupNames.isEmpty())
|
||||||
throw new IllegalStateException(
|
throw new IllegalStateException(
|
||||||
|
@ -73,6 +77,16 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
throw new IllegalStateException("LDAP Group " + name
|
throw new IllegalStateException("LDAP Group " + name
|
||||||
+ " is missing a roles attribute, or it is not an array or the array is empty");
|
+ " is missing a roles attribute, or it is not an array or the array is empty");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
this.userLdapGroupOverrides = new HashMap<>();
|
||||||
|
if (this.configJ.has("userLdapGroupOverrides")) {
|
||||||
|
JsonObject userLdapGroupOverrides = this.configJ.get("userLdapGroupOverrides").getAsJsonObject();
|
||||||
|
for (String username : userLdapGroupOverrides.keySet()) {
|
||||||
|
String group = userLdapGroupOverrides.get(username).getAsString();
|
||||||
|
logger.info("Registered LDAP group override for user " + username + " to group " + group);
|
||||||
|
this.userLdapGroupOverrides.put(username, group);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -98,6 +112,13 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
|
||||||
logger.info("User " + username + " has LDAP Groups: ");
|
logger.info("User " + username + " has LDAP Groups: ");
|
||||||
ldapGroups.forEach(s -> logger.info("- " + s));
|
ldapGroups.forEach(s -> logger.info("- " + s));
|
||||||
|
|
||||||
|
if (this.userLdapGroupOverrides.containsKey(username)) {
|
||||||
|
String overrideGroup = this.userLdapGroupOverrides.get(username);
|
||||||
|
ldapGroups.clear();
|
||||||
|
ldapGroups.add(overrideGroup);
|
||||||
|
logger.info("Overriding LDAP group for user " + username + " to " + overrideGroup);
|
||||||
|
}
|
||||||
|
|
||||||
Set<String> relevantLdapGroups = ldapGroups.stream().filter(s -> this.ldapGroupNames.contains(s))
|
Set<String> relevantLdapGroups = ldapGroups.stream().filter(s -> this.ldapGroupNames.contains(s))
|
||||||
.collect(toSet());
|
.collect(toSet());
|
||||||
if (relevantLdapGroups.isEmpty())
|
if (relevantLdapGroups.isEmpty())
|
||||||
|
|
Loading…
Reference in New Issue