modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml | 22 modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java | 38 + modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java | 56 + modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java | 128 ++++ modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java | 27 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsAction.java | 87 +++ modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsForm.java | 139 ++++ modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java | 148 +++++ modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveLdapGroupsAction.java | 54 + modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveResourceGroupsForm.java | 21 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RoleAdminPortalAction.java | 18 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/ViewAction.java | 11 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java | 13 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateNewPackageUIBean.java | 1 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateRepoUIBean.java | 1 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/AttrConstants.java | 12 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/ParamConstants.java | 6 modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties | 8 modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/struts-config.xml | 42 + modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/tiles/admin-def.xml | 4 modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp | 27 modules/enterprise/gui/portal-war/src/main/webapp/admin/role/AddLdapRoleGroups.jsp | 30 + modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp | 39 + modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventAlertJSON.jsp | 4 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventConfigJSON.jsp | 2 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp | 6 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventCreateDeleteChildJSON.jsp | 4 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventEventsJSON.jsp | 4 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventOperationsJSON.jsp | 4 modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventPluginConfigJSON.jsp | 2 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java | 5 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java | 1 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java | 102 +++ modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java | 9 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/ContentSourceManagerBean.java | 1 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerBean.java | 51 - modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerLocal.java | 11 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/CustomJaasDeploymentService.java | 2 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java | 281 ++++++++++ modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.java | 25 modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/content/test/RepoManagerBeanTest.java | 25 modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/plugin/pc/content/ContentProviderManagerSyncContentProviderTest.java | 5 modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/resource/metadata/test/UpdateResourceTypeSubsystemTest.java | 2 43 files changed, 1394 insertions(+), 84 deletions(-)
New commits: commit 6f270263dacffd680dbe180824ca00d6e9ef4d39 Author: Ian P. Springer <ips@jetengine.(none)> Date: Fri Mar 26 14:50:41 2010 -0400
get rid of createCandidateRepo() SLSB method (createRepo() can be used instead); fix some failing content tests
diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateNewPackageUIBean.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateNewPackageUIBean.java index a520b21..3db7ce6 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateNewPackageUIBean.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateNewPackageUIBean.java @@ -469,6 +469,7 @@ public class CreateNewPackageUIBean { RepoManagerLocal repoManager = LookupUtil.getRepoManagerLocal();
Repo newRepo = new Repo(newRepoName); + newRepo.setCandidate(false); newRepo = repoManager.createRepo(subject, newRepo);
repoId = Integer.toString(newRepo.getId()); diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateRepoUIBean.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateRepoUIBean.java index 06c41fd..9173dec 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateRepoUIBean.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/content/CreateRepoUIBean.java @@ -44,6 +44,7 @@ public class CreateRepoUIBean { RepoManagerLocal manager = LookupUtil.getRepoManagerLocal();
try { + newRepo.setCandidate(false); Repo created = manager.createRepo(subject, newRepo); FacesContextUtility.addMessage(FacesMessage.SEVERITY_INFO, "Saved [" + created.getName() + "] with the ID of [" + created.getId() + "]"); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/ContentSourceManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/ContentSourceManagerBean.java index 7b35cad..20ad6bc 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/ContentSourceManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/ContentSourceManagerBean.java @@ -417,6 +417,7 @@ public class ContentSourceManagerBean implements ContentSourceManagerLocal { }
Repo repo = new Repo(repoName); + repo.setCandidate(false); repo.setDescription(createMe.getDescription());
try { diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerBean.java index b7e13c7..0a37901 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerBean.java @@ -344,30 +344,23 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { @RequiredPermission(Permission.MANAGE_INVENTORY) public Repo createRepo(Subject subject, Repo repo) throws RepoException { validateRepo(repo); - repo.setCandidate(false);
log.debug("User [" + subject + "] is creating [" + repo + "]..."); entityManager.persist(repo); - log.debug("User [" + subject + "] created [" + repo + "]"); + log.debug("User [" + subject + "] created [" + repo + "].");
- // Schedule the repo sync job. - try { - ContentServerPluginContainer pc = ContentManagerHelper.getPluginContainer(); - // Schedule a job for the future - pc.scheduleRepoSyncJob(repo); - } catch (Exception e) { - log.error("Failed to schedule repository synchronization job for [" + repo + "].", e); - throw new RuntimeException(e); + // If this repo is imported, schedule the repo sync job. + if ( ! repo.isCandidate()) { + try { + ContentServerPluginContainer pc = ContentManagerHelper.getPluginContainer(); + pc.scheduleRepoSyncJob(repo); + } catch (Exception e) { + log.error("Failed to schedule repository synchronization job for [" + repo + "].", e); + throw new RuntimeException(e); + } }
- return repo; // now has the ID set - } - - @RequiredPermission(Permission.MANAGE_INVENTORY) - public Repo createCandidateRepo(Subject subject, Repo repo) throws RepoException { - validateRepo(repo); - entityManager.persist(repo); - return repo; + return repo; // now has the id set }
@SuppressWarnings("unchecked") @@ -388,6 +381,10 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { public void processRepoImportReport(Subject subject, RepoImportReport report, int contentSourceId, StringBuilder result) {
+ // TODO: The below line was added to simplify things for JON (i.e. patches from JBoss CSP) - remove it if we + // need more flexibility for other use cases. (ips, 03/26/10) + boolean autoImport = (report.getRepoGroups().isEmpty() && report.getRepos().size() == 1); + // Import groups first List<RepoGroupDetails> repoGroups = report.getRepoGroups();
@@ -446,7 +443,7 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { for (RepoDetails createMe : repos) { if (createMe.getParentRepoName() == null) { try { - if (addCandidateRepo(contentSourceId, createMe)) { + if (addCandidateRepo(contentSourceId, createMe, autoImport)) { importedRepos.add(createMe); } removeRepoFromList(createMe.getName(), candidatesForThisProvider); @@ -469,7 +466,7 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { for (RepoDetails createMe : repos) { if (createMe.getParentRepoName() != null) { try { - if (addCandidateRepo(contentSourceId, createMe)) { + if (addCandidateRepo(contentSourceId, createMe, autoImport)) { importedRepos.add(createMe); } removeRepoFromList(createMe.getName(), candidatesForThisProvider); @@ -494,8 +491,8 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { for (Repo deleteMe : candidatesForThisProvider) { deleteRepo(subject, deleteMe.getId()); } - result.append("Deleted the following ").append(candidatesForThisProvider.size()).append("obsolete repository(s): "). - append(candidatesForThisProvider).append('\n'); + result.append("Deleted the following ").append(candidatesForThisProvider.size()). + append(" obsolete repository(s): ").append(candidatesForThisProvider).append('\n'); } }
@@ -873,10 +870,12 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { * @param contentSourceId identifies the content provider that introduced the candidate into the system * @param createMe describes the candidate to be created * + * @param autoImport whether or not to import the repo + * * @throws Exception if there is an error associating the content source with the repo or if the repo * indicates a parent or repo group that does not exist */ - private boolean addCandidateRepo(int contentSourceId, RepoDetails createMe) throws Exception { + private boolean addCandidateRepo(int contentSourceId, RepoDetails createMe, boolean autoImport) throws Exception {
Subject overlord = subjectManager.getOverlord(); String name = createMe.getName(); @@ -893,9 +892,7 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote {
// The repo doesn't exist yet in the system - create it. Repo addMe = new Repo(name); - // TODO: The below line was added to simplify things for JON (i.e. patches from JBoss CSP) - remove it if we - // need more flexibility for other use cases. (ips, 03/24/10) - addMe.setCandidate(false); // auto-import + addMe.setCandidate(!autoImport); addMe.setDescription(createMe.getDescription());
String createMeGroup = createMe.getRepoGroup(); @@ -905,7 +902,7 @@ public class RepoManagerBean implements RepoManagerLocal, RepoManagerRemote { }
// Add the new candidate to the database - addMe = createCandidateRepo(overlord, addMe); + addMe = createRepo(overlord, addMe);
// Associate the content provider that introduced the candidate with the repo addContentSourcesToRepo(overlord, addMe.getId(), new int[] { contentSourceId }); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerLocal.java index aea0ef2..503e514 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/content/RepoManagerLocal.java @@ -162,17 +162,6 @@ public interface RepoManagerLocal { void addRepoRelationship(Subject subject, int repoId, int relatedRepoId, String relationshipTypeName);
/** - * Functions similar to {@link RepoManagerRemote#createRepo(Subject, Repo)} except that it will ensure - * the candidate bit on the repo parameter is correctly set. - * - * @param subject user creating the repo - * @param repo repo data to create - * @return persisted repo (ID will be populated) - * @throws RepoException if the repo contains invalid data - */ - Repo createCandidateRepo(Subject subject, Repo repo) throws RepoException; - - /** * Removes candidate repos whose only content source is the indicated content source. * * @param subject user performing the delete diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/content/test/RepoManagerBeanTest.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/content/test/RepoManagerBeanTest.java index be68961..a98c6de 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/content/test/RepoManagerBeanTest.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/content/test/RepoManagerBeanTest.java @@ -151,7 +151,7 @@ public class RepoManagerBeanTest extends AbstractEJB3Test { @Test(enabled = ENABLED) public void createFindDeleteCandidateRepo() throws Exception { // Setup - Repo repo = new Repo("test candidate repo"); + Repo repo = new Repo("test create candidate repo");
PageList<Repo> importedRepos = repoManager.findRepos(overlord, new PageControl()); int origSize = 0; @@ -160,13 +160,14 @@ public class RepoManagerBeanTest extends AbstractEJB3Test { }
// Test - repo = repoManager.createCandidateRepo(overlord, repo); + repo.setCandidate(true); + repo = repoManager.createRepo(overlord, repo);
// Verify try { assert repo.isCandidate();
- // Should not be returned from this call since its a candidate repo + // Should not be returned from this call since it's a candidate repo importedRepos = repoManager.findRepos(overlord, new PageControl()); assert importedRepos.size() == origSize; assert repoManager.getRepo(overlord, repo.getId()) != null; @@ -302,8 +303,9 @@ public class RepoManagerBeanTest extends AbstractEJB3Test {
// Create a candidate repo associated with that source Repo candidateRepo = new Repo(candidateRepoName); + candidateRepo.setCandidate(true); candidateRepo.addContentSource(contentSource); - candidateRepo = repoManager.createCandidateRepo(overlord, candidateRepo); + candidateRepo = repoManager.createRepo(overlord, candidateRepo);
// Test RepoCriteria criteria = new RepoCriteria(); @@ -329,7 +331,8 @@ public class RepoManagerBeanTest extends AbstractEJB3Test { public void importCandidateRepo() throws Exception { // Setup Repo candidate = new Repo("create me"); - Repo created = repoManager.createCandidateRepo(overlord, candidate); + candidate.setCandidate(true); + Repo created = repoManager.createRepo(overlord, candidate);
// Test List<Integer> repoIds = new ArrayList<Integer>(1); @@ -395,24 +398,28 @@ public class RepoManagerBeanTest extends AbstractEJB3Test {
// -> Only has source to delete, should be deleted Repo repo1 = new Repo("repo1"); + repo1.setCandidate(true); repo1.addContentSource(source1);
// -> Has different source, should not be deleted Repo repo2 = new Repo("repo2"); + repo2.setCandidate(true); repo2.addContentSource(source2);
// -> Has source to delete and another source, should not be deleted Repo repo3 = new Repo("repo3"); + repo3.setCandidate(true); repo3.addContentSource(source1); repo3.addContentSource(source2);
// -> No sources, should not be deleted Repo repo4 = new Repo("repo4"); + repo4.setCandidate(true);
- repo1 = repoManager.createCandidateRepo(overlord, repo1); - repo2 = repoManager.createCandidateRepo(overlord, repo2); - repo3 = repoManager.createCandidateRepo(overlord, repo3); - repo4 = repoManager.createCandidateRepo(overlord, repo4); + repo1 = repoManager.createRepo(overlord, repo1); + repo2 = repoManager.createRepo(overlord, repo2); + repo3 = repoManager.createRepo(overlord, repo3); + repo4 = repoManager.createRepo(overlord, repo4);
// Test repoManager.deleteCandidatesWithOnlyContentSource(overlord, source1.getId()); diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/plugin/pc/content/ContentProviderManagerSyncContentProviderTest.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/plugin/pc/content/ContentProviderManagerSyncContentProviderTest.java index 7e374d0..c3bec3a 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/plugin/pc/content/ContentProviderManagerSyncContentProviderTest.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/plugin/pc/content/ContentProviderManagerSyncContentProviderTest.java @@ -200,13 +200,13 @@ public class ContentProviderManagerSyncContentProviderTest extends AbstractEJB3T Repo existingCandidateRepo = new Repo(TestContentProvider.EXISTING_CANDIDATE_REPO_NAME); existingCandidateRepo.setCandidate(true); existingCandidateRepo.addContentSource(syncSource); - repoManager.createCandidateRepo(overlord, existingCandidateRepo); + repoManager.createRepo(overlord, existingCandidateRepo);
// -> Simulate a candidate repo from a previous import that will *NOT* be in this report Repo previousRepo = new Repo(PREVIOUS_CANDIDATE_REPO_NAME); previousRepo.setCandidate(true); previousRepo.addContentSource(syncSource); - repoManager.createCandidateRepo(overlord, previousRepo); + repoManager.createRepo(overlord, previousRepo);
// Test // -------------------------------------------- @@ -300,6 +300,5 @@ public class ContentProviderManagerSyncContentProviderTest extends AbstractEJB3T // -> Non-existent repo retrievedRepos = repoManager.getRepoByName("testRepoFoo"); assert retrievedRepos.size() == 0; - } } diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/resource/metadata/test/UpdateResourceTypeSubsystemTest.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/resource/metadata/test/UpdateResourceTypeSubsystemTest.java index ec239d0..04e26fc 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/resource/metadata/test/UpdateResourceTypeSubsystemTest.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/resource/metadata/test/UpdateResourceTypeSubsystemTest.java @@ -90,7 +90,7 @@ public class UpdateResourceTypeSubsystemTest extends UpdateSubsytemTestBase { } }
- // @Test TODO further work on this + @Test // TODO further work on this public void testMoveResoureType() throws Exception { System.out.println("testUpdatePlugin2 --- start"); getTransactionManager().begin();
commit 97cf95d24d0872fcef444a7d2f068bfc37436ffc Merge: 73ce59b... 413a2fc... Author: Ian P. Springer <ips@jetengine.(none)> Date: Fri Mar 26 11:30:43 2010 -0400
Merge branch 'bugfixes' of ssh://git.fedorahosted.org/git/rhq/rhq into bugfixes
commit 73ce59b4d83556f106d7c08e4bba12abee8afbae Merge: 6345fd4... bf2ad7a... Author: Ian P. Springer <ips@jetengine.(none)> Date: Thu Mar 25 18:06:17 2010 -0400
Merge branch 'master' into bugfixes
commit bf2ad7ab6e9532e4869f4373712fcbc0c04f8618 Author: Simeon Pinder spinder@redhat.com Date: Wed Mar 24 05:04:01 2010 -0400
added null ptr check before retrieval for JSON population.
diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp index 093c943..61a7505 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp @@ -67,9 +67,11 @@
%> { "start" : "<%=sdf.format(new Date(installedPackage.getTimestamp()))%>", - "title" : "<%= (""+installedPackage.getPackageVersion().getDisplayName() + " " + installedPackage.getPackageVersion().getDisplayVersion()).replaceAll("["']","").trim()%>", + "title" : "<% out.write( + (installedPackage.getPackageVersion().getDisplayName()==null ? null : installedPackage.getPackageVersion().getDisplayName().replaceAll("["']","")) + " " + + (installedPackage.getPackageVersion().getDisplayVersion() ==null ? null : installedPackage.getPackageVersion().getDisplayVersion().replaceAll("["']","")));%>", "link" : "<%=link%>", - "description" : "<b>User:</b> <%= (""+installedPackage.getContentServiceRequest() == null ? "-Detected-" : installedPackage.getContentServiceRequest().getSubjectName()).replaceAll("["']","").trim()%><br/> <b>Version: <%= (""+installedPackage.getPackageVersion().getDisplayVersion()).replaceAll("["']","").trim()%></b> <br/><b>Status:</b> <%=(""+installedPackage.getStatus()).replaceAll("["']","").trim()%>", + "description" : "<b>User:</b> <% out.write((installedPackage.getContentServiceRequest() == null ? "-Detected- " : installedPackage.getContentServiceRequest().getSubjectName().replaceAll("["']","").trim())+"<br/> <b>Version: "+(installedPackage.getPackageVersion().getDisplayVersion() ==null ? null :installedPackage.getPackageVersion().getDisplayVersion().replaceAll("["']","").trim())+" </b> <br/><b>Status:</b> "+installedPackage.getStatus());%>", "icon" : "<%=icon%>", "color" : "<%=(installedPackage.getStatus() != InstalledPackageHistoryStatus.FAILED ? "#4EB84E" : "#DD5656")%>" }
commit 7002a02a713675e1deec633096094120838a6473 Author: Simeon Pinder spinder@redhat.com Date: Tue Mar 23 18:59:22 2010 -0400
added single and double quote removal code to *JSON jsps to guard against creating invalid runtime javascript
diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventAlertJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventAlertJSON.jsp index 5cebe5d..2cc3da3 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventAlertJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventAlertJSON.jsp @@ -59,9 +59,9 @@ %>
{ "start" : "<%=sdf.format(new Date(alert.getCtime()))%>", - "title" : "<%=alert.getAlertDefinition().getName()%>", + "title" : "<%= (""+alert.getAlertDefinition().getName()).replaceAll("["']","").trim()%>", "link" : "<%=link%>", - "description" : "<%=buf.toString()%>", + "description" : "<%= (""+buf.toString()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(alert.getAlertDefinition().getPriority() == AlertPriority.LOW ? "#4EB84E" : "#DD5656")%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventConfigJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventConfigJSON.jsp index b64cb55..6bb34c4 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventConfigJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventConfigJSON.jsp @@ -49,7 +49,7 @@ { "start" : "<%=sdf.format(configUpdate.getCreatedTime())%>", "title" : "Configuration Change", "link" : "<%=link%>", - "description" : "<b>User:</b> <%=configUpdate.getSubjectName()%><br/><b>Status:</b> <%=configUpdate.getStatus()%>", + "description" : "<b>User:</b> <%= (""+configUpdate.getSubjectName()).replaceAll("["']","").trim()%><br/><b>Status:</b> <%= (""+configUpdate.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(configUpdate.getStatus() != ConfigurationUpdateStatus.FAILURE ? "#4EB84E" : "#DD5656")%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp index ccb197b..093c943 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventContentJSON.jsp @@ -67,9 +67,9 @@
%> { "start" : "<%=sdf.format(new Date(installedPackage.getTimestamp()))%>", - "title" : "<%=installedPackage.getPackageVersion().getDisplayName() + " " + installedPackage.getPackageVersion().getDisplayVersion()%>", + "title" : "<%= (""+installedPackage.getPackageVersion().getDisplayName() + " " + installedPackage.getPackageVersion().getDisplayVersion()).replaceAll("["']","").trim()%>", "link" : "<%=link%>", - "description" : "<b>User:</b> <%= installedPackage.getContentServiceRequest() == null ? "-Detected-" : installedPackage.getContentServiceRequest().getSubjectName()%><br/> <b>Version: <%=installedPackage.getPackageVersion().getDisplayVersion()%></b> <br/><b>Status:</b> <%=installedPackage.getStatus()%>", + "description" : "<b>User:</b> <%= (""+installedPackage.getContentServiceRequest() == null ? "-Detected-" : installedPackage.getContentServiceRequest().getSubjectName()).replaceAll("["']","").trim()%><br/> <b>Version: <%= (""+installedPackage.getPackageVersion().getDisplayVersion()).replaceAll("["']","").trim()%></b> <br/><b>Status:</b> <%=(""+installedPackage.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(installedPackage.getStatus() != InstalledPackageHistoryStatus.FAILED ? "#4EB84E" : "#DD5656")%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventCreateDeleteChildJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventCreateDeleteChildJSON.jsp index 5e139db..46f3480 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventCreateDeleteChildJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventCreateDeleteChildJSON.jsp @@ -65,7 +65,7 @@ { "start" : "<%=sdf.format(entry.getCreatedTime())%>", "title" : "Child resource created", "link" : "<%=link%>", - "description" : "<b>User:</b> <%=entry.getSubjectName()%><br/><b>Status:</b> <%=entry.getStatus()%>", + "description" : "<b>User:</b> <%=(""+entry.getSubjectName()).replaceAll("["']","").trim()%><br/><b>Status:</b> <%=(""+entry.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(entry.getStatus() != CreateResourceStatus.FAILURE ? "#4EB84E" : "#DD5656")%>" } @@ -101,7 +101,7 @@ { "start" : "<%=sdf.format(entry.getCreatedTime())%>", "title" : "Child resource deleted", "link" : "<%=link%>", - "description" : "<b>User:</b> <%=entry.getSubjectName()%><br/><b>Status:</b> <%=entry.getStatus()%>", + "description" : "<b>User:</b> <%=(""+entry.getSubjectName()).replaceAll("["']","").trim()%><br/><b>Status:</b> <%=(""+entry.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(entry.getStatus() != DeleteResourceStatus.FAILURE ? "#4EB84E" : "#DD5656")%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventEventsJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventEventsJSON.jsp index e575df5..87a791d 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventEventsJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventEventsJSON.jsp @@ -178,9 +178,9 @@ %>
{ "start" : "<%=sdf.format(event.getTimestamp())%>", - "title" : "<%= title%>", + "title" : "<%= (""+title).replaceAll("["']","").trim()%>", "link" : "<%=link%>", - "description" : "<%=detail%>", + "description" : "<%=(""+detail).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=color%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventOperationsJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventOperationsJSON.jsp index d42c09c..0846050 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventOperationsJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventOperationsJSON.jsp @@ -58,9 +58,9 @@ %>
{ "start" : "<%=sdf.format(new Date(operation.getCreatedTime()))%>", - "title" : "Operation: <%=operation.getOperationDefinition().getName()%>", + "title" : "Operation: <%=(""+operation.getOperationDefinition().getName()).replaceAll("["']","").trim()%>", "link" : "<%=link%>", - "description" : "<b>User:</b> <%=operation.getSubjectName()%><br/><b>Status:</b> <%=operation.getStatus()%>", + "description" : "<b>User:</b> <%=(""+operation.getSubjectName()).replaceAll("["']","").trim()%><br/><b>Status:</b> <%=(""+operation.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(operation.getStatus() == OperationRequestStatus.SUCCESS ? "#4EB84E" : "#DD5656")%>" } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventPluginConfigJSON.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventPluginConfigJSON.jsp index 9f8ce1d..06ff3aa 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventPluginConfigJSON.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/resource/common/monitor/events/EventPluginConfigJSON.jsp @@ -60,7 +60,7 @@ { "start" : "<%=sdf.format(configUpdate.getCreatedTime())%>", "title" : "Plugin Configuration Change", "link" : "<%=link%>", - "description" : "<b>User:</b> <%=configUpdate.getSubjectName()%><br/><b>Status:</b> <%=configUpdate.getStatus()%>", + "description" : "<b>User:</b> <%=(""+configUpdate.getSubjectName()).replaceAll("["']","").trim()%><br/><b>Status:</b> <%=(""+configUpdate.getStatus()).replaceAll("["']","").trim()%>", "icon" : "<%=icon%>", "color" : "<%=(configUpdate.getStatus() != ConfigurationUpdateStatus.FAILURE ? "#4EB84E" : "#DD5656")%>" }
commit 59ef9c778f809c2723d3764c8dcd5bdf7660f909 Merge: d6c56f6... eb64c17... Author: John Sanda jsanda@redhat.com Date: Tue Mar 23 11:43:37 2010 -0400
Merge branch 'master' into ldap
commit d6c56f6ad3a3bbd9cc9d4ce20ef339623359da82 Merge: 8f0337b... 6bf9398... Author: Partha Aji paji@redhat.com Date: Tue Mar 9 10:31:32 2010 -0500
Merge branch 'linux-config' into ldap
commit 8f0337b2df94be73adf900606e276b4d372dfa2a Author: Partha Aji paji@redhat.com Date: Tue Mar 9 02:26:00 2010 -0500
Added code to handle ldap group queries
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java index 4f3aaea..f2734a3 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java @@ -20,6 +20,7 @@ package org.rhq.enterprise.server.authz;
import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -509,6 +510,9 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { }
private List<Role> findRolesByLdapGroupNames(List<String> ldapGroupNames) { + if (ldapGroupNames.isEmpty()) { + return Collections.EMPTY_LIST; + } Query query = entityManager.createNamedQuery(LdapGroup.FIND_BY_ROLES_GROUP_NAMES); query.setParameter("names", ldapGroupNames); return (List<Role>) query.getResultList(); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java index 3820a63..eb20236 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java @@ -19,7 +19,6 @@
package org.rhq.enterprise.server.resource.group;
-import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -28,6 +27,8 @@ import java.util.Set;
import javax.naming.Context; import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attribute; import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.InitialLdapContext; @@ -58,121 +59,110 @@ public class LdapGroupManager {
public Set<Map<String, String>> findAvailableGroups() { SystemManagerLocal manager = LookupUtil.getSystemManager(); - manager.getSystemConfiguration(); - Set<Map<String, String>> ldapSet = new HashSet<Map<String, String>>(); - String[] names = { "bar", "foo" }; - - for (String name : names) { - Map<String, String> group = new HashMap<String, String>(); - group.put("id", name); - group.put("name", name); - group.put("description", name); - ldapSet.add(group); - } - return ldapSet; + + Properties options = manager.getSystemConfiguration(); + String groupFilter = (String) options.get(RHQConstants.LDAPGroupFilter); + String filter = String.format("(%s)", groupFilter); + + return buildGroup(options, filter); }
public Set<String> findAvailableGroupsFor(String userName) { SystemManagerLocal manager = LookupUtil.getSystemManager(); - manager.getSystemConfiguration(); - Set<String> ldapSet = new HashSet<String>(); - String[] names = { "foo" };
- for (String name : names) { - ldapSet.add(name); + Properties options = manager.getSystemConfiguration(); + String groupFilter = (String) options.get(RHQConstants.LDAPGroupFilter); + String groupMember = (String) options.get(RHQConstants.LDAPGroupMember); + String userDN = getUserDN(options, userName); + String filter = String.format("(&(%s)(%s=%s))", groupFilter, groupMember, userDN); + + Set<Map<String, String>> matched = buildGroup(options, filter); + + Set<String> ldapSet = new HashSet<String>(); + for (Map<String, String> match : matched) { + ldapSet.add(match.get("id")); } return ldapSet; }
- /* - * - {BindDN=uid=shaggy,ou=People, dc=rhndev, dc=redhat, dc=com, - java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, jboss.security.security_domain=JON, - LoginProperty=uid, BaseDN=dc=rhndev,dc=redhat,dc=com, java.naming.provider.url=ldap://fjs-0-16.rhndev.redhat.com, - java.naming.security.protocol=, BindPW=dog8code} - */ - protected boolean test() throws Exception { - + private String getUserDN(Properties options, String userName) { // Load our LDAP specific properties - Properties env = null;// getProperties(); + Properties env = getProperties(options);
// Load the BaseDN - String baseDN = "dc=rhndev,dc=redhat,dc=com"; + // Load the BaseDN + String baseDN = (String) options.get(RHQConstants.LDAPBaseDN);
// Load the LoginProperty - String loginProperty = "uid"; - - // Load any search filter - - // Find the user that is calling us - String userName = "sdoo"; - + String loginProperty = (String) options.get(RHQConstants.LDAPLoginProperty); + if (loginProperty == null) { + // Use the default + loginProperty = "cn"; + } // Load any information we may need to bind - String bindDN = "uid=shaggy,ou=People, dc=rhndev, dc=redhat, dc=com"; - String bindPW = "dog8code"; + String bindDN = (String) options.get(RHQConstants.LDAPBindDN); + String bindPW = (String) options.get(RHQConstants.LDAPBindPW);
+ // Load any search filter + String searchFilter = (String) options.get(RHQConstants.LDAPFilter); if (bindDN != null) { env.setProperty(Context.SECURITY_PRINCIPAL, bindDN); env.setProperty(Context.SECURITY_CREDENTIALS, bindPW); env.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); } - InitialLdapContext ctx = new InitialLdapContext(env, null); - SearchControls searchControls = getSearchControls(); - - // Add the search filter if specified. This only allows for a single search filter.. i.e. foo=bar. - String filter; - /* if ((searchFilter != null) && (searchFilter.length() != 0)) { - filter = "(&(" + loginProperty + "=" + userName + ")" + "(" + searchFilter + "))"; - } else { - filter = "(" + loginProperty + "=" + userName + ")"; + + try { + InitialLdapContext ctx = new InitialLdapContext(env, null); + SearchControls searchControls = getSearchControls(); + + // Add the search filter if specified. This only allows for a single search filter.. i.e. foo=bar. + String filter; + if ((searchFilter != null) && (searchFilter.length() != 0)) { + filter = "(&(" + loginProperty + "=" + userName + ")" + "(" + searchFilter + "))"; + } else { + filter = "(" + loginProperty + "=" + userName + ")"; + } + + log.debug("Using LDAP filter=" + filter); + + // Loop through each configured base DN. It may be useful + // in the future to allow for a filter to be configured for + // each BaseDN, but for now the filter will apply to all. + String[] baseDNs = baseDN.split(BASEDN_DELIMITER); + for (int x = 0; x < baseDNs.length; x++) { + NamingEnumeration answer = ctx.search(baseDNs[x], filter, searchControls); + if (!answer.hasMore()) { + log.debug("User " + userName + " not found for BaseDN " + baseDNs[x]); + // Nothing found for this DN, move to the next one if we have one. + continue; } - */ - //filter = "(" + loginProperty + "=" + userName + ")"; - filter = "(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=" + userName - + ",ou=People, dc=rhndev, dc=redhat, dc=com))"; - - // Loop through each configured base DN. It may be useful - // in the future to allow for a filter to be configured for - // each BaseDN, but for now the filter will apply to all. - String[] baseDNs = baseDN.split(BASEDN_DELIMITER); - log.info(Arrays.asList(baseDNs)); - for (int x = 0; x < baseDNs.length; x++) { - NamingEnumeration answer = ctx.search(baseDNs[x], filter, searchControls); - log.info(answer.hasMore()); - while (answer.hasMore()) { + // We use the first match SearchResult si = (SearchResult) answer.next(); - log.info(si); - - /* - // Construct the UserDN - String userDN = si.getName() + "," + baseDNs[x]; - print (userDN); - ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); - ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, "dog8code"); - ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); - ctx.reconnect(null);*/ + + // Construct the UserDN + String userDN = si.getName() + "," + baseDNs[x]; + return userDN; }
+ // If we try all the BaseDN's and have not found a match, return false + return ""; + } catch (NamingException e) { + throw new RuntimeException(e); } - - // If we try all the BaseDN's and have not found a match, return false - return false; }
/** + * @throws NamingException * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword(java.lang.String,java.lang.String) */ - protected void buildGroup(Properties options, String userName) { + protected Set<Map<String, String>> buildGroup(Properties options, String filter) { + Set<Map<String, String>> ret = new HashSet<Map<String, String>>(); // Load our LDAP specific properties Properties env = getProperties(options);
// Load the BaseDN String baseDN = (String) options.get(RHQConstants.LDAPBaseDN); - if (baseDN == null) { - // If the BaseDN is not specified, log an error and refuse the login attempt - log.info("BaseDN is not set, refusing login"); - }
// Load the LoginProperty String loginProperty = (String) options.get(RHQConstants.LDAPLoginProperty); @@ -180,54 +170,46 @@ public class LdapGroupManager { // Use the default loginProperty = "cn"; } - - String groupFilter = (String) options.get("groupFilter"); - String groupMember = (String) options.get("groupMember"); - // Load any information we may need to bind - String bindDN = (String) options.get("BindDN"); - String bindPW = (String) options.get("BindPW"); + String bindDN = (String) options.get(RHQConstants.LDAPBindDN); + String bindPW = (String) options.get(RHQConstants.LDAPBindPW); if (bindDN != null) { env.setProperty(Context.SECURITY_PRINCIPAL, bindDN); env.setProperty(Context.SECURITY_CREDENTIALS, bindPW); env.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); } - try { InitialLdapContext ctx = new InitialLdapContext(env, null); SearchControls searchControls = getSearchControls(); - String filter = "(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=" + userName - + ",ou=People, dc=rhndev, dc=redhat, dc=com))"; - // Load any search filter - String searchFilter = (String) options.get("Filter"); - // Add the search filter if specified. This only allows for a single search filter.. i.e. foo=bar. - if ((searchFilter != null) && (searchFilter.length() != 0)) { - filter = "(&(" + loginProperty + "=" + userName + ")" + "(" + searchFilter + "))"; - } else { - filter = "(" + loginProperty + "=" + userName + ")"; - } + /*String filter = "(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=" + userName + + ",ou=People, dc=rhndev, dc=redhat, dc=com))";*/
// Loop through each configured base DN. It may be useful // in the future to allow for a filter to be configured for // each BaseDN, but for now the filter will apply to all. String[] baseDNs = baseDN.split(BASEDN_DELIMITER); + for (int x = 0; x < baseDNs.length; x++) { NamingEnumeration answer = ctx.search(baseDNs[x], filter, searchControls); - if (!answer.hasMore()) { - log.debug("User " + userName + " not found for BaseDN " + baseDNs[x]); - - // Nothing found for this DN, move to the next one if we have one. - continue; + while (answer.hasMore()) { + // We use the first match + SearchResult si = (SearchResult) answer.next(); + Map<String, String> entry = new HashMap<String, String>(); + String name = (String) si.getAttributes().get("cn").get(); + Attribute desc = si.getAttributes().get("description"); + String description = desc != null ? (String) desc.get() : ""; + entry.put("id", name); + entry.put("name", name); + entry.put("description", description); + ret.add(entry); } - - // We use the first match - SearchResult si = (SearchResult) answer.next(); - } - - } catch (Exception e) { - log.info("Failed to validate password: " + e.getMessage()); + } catch (NamingException e) { + // TODO Auto-generated catch block + throw new RuntimeException(e); } + + return ret; }
/** @@ -240,13 +222,11 @@ public class LdapGroupManager { private Properties getProperties(Properties options) { Properties env = new Properties(options); // Set our default factory name if one is not given - String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY); - if (factoryName == null) { - env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); - } + String factoryName = env.getProperty(RHQConstants.LDAPFactory); + env.setProperty(Context.INITIAL_CONTEXT_FACTORY, factoryName);
// Setup SSL if requested - String protocol = env.getProperty(Context.SECURITY_PROTOCOL); + String protocol = env.getProperty(RHQConstants.LDAPProtocol); if ((protocol != null) && protocol.equals("ssl")) { String ldapSocketFactory = env.getProperty("java.naming.ldap.factory.socket"); if (ldapSocketFactory == null) { @@ -256,7 +236,7 @@ public class LdapGroupManager { }
// Set the LDAP url - String providerUrl = env.getProperty(Context.PROVIDER_URL); + String providerUrl = env.getProperty(RHQConstants.LDAPUrl); if (providerUrl == null) { providerUrl = "ldap://localhost:" + (((protocol != null) && protocol.equals("ssl")) ? "636" : "389"); }
commit 08e009091f9fbea25e5b08c3ab8b0bb82fa2c71d Author: Partha Aji paji@redhat.com Date: Mon Mar 8 14:51:08 2010 -0500
Added the logic to sync roles to ldap users on login
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java b/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java index 78fa9dc..b8e2beb 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java @@ -43,13 +43,16 @@ import org.rhq.core.domain.authz.Role; * */ @Entity -@NamedQueries( { @NamedQuery(name = LdapGroup.DELETE_BY_ID, query = "DELETE FROM LdapGroup an WHERE an.id IN ( :ids )") }) +@NamedQueries( { + @NamedQuery(name = LdapGroup.DELETE_BY_ID, query = "DELETE FROM LdapGroup an WHERE an.id IN ( :ids )"), + @NamedQuery(name = LdapGroup.FIND_BY_ROLES_GROUP_NAMES, query = "SELECT distinct l.role FROM LdapGroup l WHERE l.name in (:names)") }) @Table(name = "RHQ_ROLE_LDAP_GROUP") @SequenceGenerator(name = "id", sequenceName = "RHQ_ROLE_LDAP_GROUP_ID_SEQ", allocationSize = 100) @XmlAccessorType(XmlAccessType.FIELD) public class LdapGroup implements Serializable { private static final long serialVersionUID = 1L; public static final String DELETE_BY_ID = "LdapGroup.deleteById"; + public static final String FIND_BY_ROLES_GROUP_NAMES = "LdapGroup.findRolesByGroupNames"; @Id @Column(name = "ID", nullable = false) @GeneratedValue(strategy = GenerationType.AUTO, generator = "id") diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java index 1c8b5a0..2c6db30 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/user/RegisterAction.java @@ -18,7 +18,9 @@ */ package org.rhq.enterprise.gui.admin.user;
+import java.util.ArrayList; import java.util.HashMap; +import java.util.List;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -37,7 +39,10 @@ import org.rhq.enterprise.gui.legacy.WebUser; import org.rhq.enterprise.gui.legacy.action.BaseAction; import org.rhq.enterprise.gui.legacy.util.RequestUtils; import org.rhq.enterprise.gui.legacy.util.SessionUtils; +import org.rhq.enterprise.server.RHQConstants; import org.rhq.enterprise.server.auth.SubjectManagerLocal; +import org.rhq.enterprise.server.authz.RoleManagerLocal; +import org.rhq.enterprise.server.resource.group.LdapGroupManager; import org.rhq.enterprise.server.util.LookupUtil;
/** @@ -106,6 +111,14 @@ public class RegisterAction extends BaseAction { HashMap parms = new HashMap(1); parms.put(Constants.USER_PARAM, newSubject.getId());
+ String provider = LookupUtil.getSystemManager().getSystemConfiguration().getProperty(RHQConstants.JAASProvider); + if (RHQConstants.LDAPJAASProvider.equals(provider)) { + List<String> groupNames = new ArrayList(LdapGroupManager.getInstance().findAvailableGroupsFor( + newSubject.getName())); + RoleManagerLocal roleManager = LookupUtil.getRoleManager(); + roleManager.assignRolesToLdapSubject(newSubject.getId(), groupNames); + + } return returnSuccess(request, mapping, parms, false); } } \ No newline at end of file diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java index bcf7738..4f3aaea 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java @@ -174,6 +174,14 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { */ @RequiredPermission(Permission.MANAGE_SECURITY) public void addRolesToSubject(Subject subject, int subjectId, int[] roleIds) { + addRolesToSubject(subject, subjectId, roleIds, false); + } + + /** + * @see org.rhq.enterprise.server.authz.RoleManagerLocal#addRolesToSubject(Subject, int, int[]) + */ + @RequiredPermission(Permission.MANAGE_SECURITY) + public void addRolesToSubject(Subject subject, int subjectId, int[] roleIds, boolean isLdap) { if (roleIds != null) { Subject subjectToModify = subjectManager.getSubjectById(subjectId); // attach it if (subjectToModify == null) { @@ -194,10 +202,11 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { + "], but role was not found"); } role.addSubject(subjectToModify); + if (isLdap) { + role.addLdapSubject(subjectToModify); + } } } - - return; }
/** @@ -499,6 +508,23 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } }
+ private List<Role> findRolesByLdapGroupNames(List<String> ldapGroupNames) { + Query query = entityManager.createNamedQuery(LdapGroup.FIND_BY_ROLES_GROUP_NAMES); + query.setParameter("names", ldapGroupNames); + return (List<Role>) query.getResultList(); + } + + public void assignRolesToLdapSubject(int subjectId, List<String> ldapGroupNames) { + Subject sub = entityManager.find(Subject.class, subjectId); + List<Role> roles = findRolesByLdapGroupNames(ldapGroupNames); + sub.getRoles().clear(); + sub.getLdapRoles().clear(); + for (Role role : roles) { + sub.addRole(role); + sub.addLdapRole(role); + } + } + private void processDependentPermissions(Role role) { /* * if you can control user/roles, then you can give yourself permissions, too; so we might as well diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java index 34b81e0..30dcceb 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java @@ -219,4 +219,5 @@ public interface RoleManagerLocal {
PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria);
+ void assignRolesToLdapSubject(int subjectId, List<String> ldapGroupNames); } \ No newline at end of file diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java index 1875475..3820a63 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java @@ -72,18 +72,14 @@ public class LdapGroupManager { return ldapSet; }
- public Set<Map<String, String>> findAvailableGroupsFor(String userName) { + public Set<String> findAvailableGroupsFor(String userName) { SystemManagerLocal manager = LookupUtil.getSystemManager(); manager.getSystemConfiguration(); - Set<Map<String, String>> ldapSet = new HashSet<Map<String, String>>(); - String[] names = { "bar", "foo" }; + Set<String> ldapSet = new HashSet<String>(); + String[] names = { "foo" };
for (String name : names) { - Map<String, String> group = new HashMap<String, String>(); - group.put("id", name); - group.put("name", name); - group.put("description", name); - ldapSet.add(group); + ldapSet.add(name); } return ldapSet; }
commit ac2479467dc65ab832e240749582df68183be033 Author: Partha Aji paji@redhat.com Date: Mon Mar 8 12:07:05 2010 -0500
Added methods to get 2 kinds of ldap groups
diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java index c673cb5..78b1f1f 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java @@ -81,8 +81,7 @@ public class AddLdapGroupsFormPrepareAction extends TilesAction {
log.trace("getting pending groups for role [" + roleId + ")"); String name = "foo"; - Set<Map<String, String>> allGroups = LdapGroupManager.getInstance().findAvailableGroupsByRole(whoami, - role.getId()); + Set<Map<String, String>> allGroups = LdapGroupManager.getInstance().findAvailableGroups(); RoleManagerLocal roleManager = LookupUtil.getRoleManager();
PageList<LdapGroup> assignedList = roleManager.findLdapGroupsByRole(role.getId(), PageControl diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java index 86bd8b4..1875475 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java @@ -35,7 +35,6 @@ import javax.naming.ldap.InitialLdapContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory;
-import org.rhq.core.domain.auth.Subject; import org.rhq.enterprise.server.RHQConstants; import org.rhq.enterprise.server.system.SystemManagerLocal; import org.rhq.enterprise.server.util.LookupUtil; @@ -57,7 +56,23 @@ public class LdapGroupManager { return INSTANCE; }
- public Set<Map<String, String>> findAvailableGroupsByRole(Subject subject, int roleId) { + public Set<Map<String, String>> findAvailableGroups() { + SystemManagerLocal manager = LookupUtil.getSystemManager(); + manager.getSystemConfiguration(); + Set<Map<String, String>> ldapSet = new HashSet<Map<String, String>>(); + String[] names = { "bar", "foo" }; + + for (String name : names) { + Map<String, String> group = new HashMap<String, String>(); + group.put("id", name); + group.put("name", name); + group.put("description", name); + ldapSet.add(group); + } + return ldapSet; + } + + public Set<Map<String, String>> findAvailableGroupsFor(String userName) { SystemManagerLocal manager = LookupUtil.getSystemManager(); manager.getSystemConfiguration(); Set<Map<String, String>> ldapSet = new HashSet<Map<String, String>>();
commit 4730f9bdaf6da619e1b4b5b61936bb3d5450725d Merge: c4d4879... 3fcd671... Author: Partha Aji paji@redhat.com Date: Mon Mar 8 09:50:22 2010 -0500
Merge branch 'linux-config' into ldap
commit c4d48792e4876666f24ed0159562cb00eba3d3b0 Author: Partha Aji paji@redhat.com Date: Mon Mar 8 09:49:26 2010 -0500
Added functionality to deal with roles
diff --git a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml index 6e0a31e..fc59516 100644 --- a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml +++ b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml @@ -27,16 +27,16 @@ </constraint> </table>
- <table name="RHQ_ROLE_LDAP_GROUP_MAP"> + <table name="RHQ_ROLE_LDAP_GROUP"> + <column name="ID" default="sequence-only" initial="10001" + primarykey="true" required="true" type="INTEGER"/> <column name="ROLE_ID" required="true" type="INTEGER" references="RHQ_ROLE"/> - <column name="LDAP_GROUP_NAME" required="true" type="VARCHAR2"/> + <column name="LDAP_GROUP_NAME" size="128" required="true" type="VARCHAR2"/>
- <constraint name="RHQ_ROLE_LDAP_GROUP_MAP_KEY"> - <primaryKey> - <field ref="ROLE_ID"/> - <field ref="LDAP_GROUP_NAME"/> - </primaryKey> - </constraint> + <index name="RHQ_ROLE_LDAP_GROUP_IDX" unique="true"> + <field ref="ROLE_ID"/> + <field ref="LDAP_GROUP_NAME"/> + </index> </table>
<table name="RHQ_PERMISSION"> diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 9b991cd..beb1703 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -240,6 +240,7 @@ public class Subject implements Externalizable {
private void init() { roles = new HashSet<Role>(); + ldapRoles = new HashSet<Role>(); }
/** @@ -376,8 +377,15 @@ public class Subject implements Externalizable { this.roles = roles; }
- public void addRole(Role role) { + public void addRole(Role role, boolean isLdap) { getRoles().add(role); + if (isLdap) { + getLdapRoles().add(role); + } + } + + public void addRole(Role role) { + addRole(role, false); }
public void removeRole(Role role) { diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index b7004bd..ada89a8 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -37,6 +37,7 @@ import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.OneToMany; import javax.persistence.SequenceGenerator; import javax.persistence.Table;
@@ -46,6 +47,7 @@ import org.hibernate.annotations.CollectionOfElements; import org.jetbrains.annotations.NotNull;
import org.rhq.core.domain.auth.Subject; +import org.rhq.core.domain.resource.group.LdapGroup;
/** * A role has zero or more {@link org.rhq.core.domain.resource.group.ResourceGroup}s assigned to it. You can assign a @@ -110,6 +112,9 @@ public class Role implements Serializable { @ManyToMany(mappedBy = "ldapRoles") private java.util.Set<Subject> ldapSubjects = new HashSet<Subject>();
+ @OneToMany(mappedBy = "role", cascade = javax.persistence.CascadeType.ALL) + private Set<LdapGroup> ldapGroups = new HashSet<LdapGroup>(); + @ManyToMany(mappedBy = "roles") private java.util.Set<org.rhq.core.domain.resource.group.ResourceGroup> resourceGroups = new HashSet<org.rhq.core.domain.resource.group.ResourceGroup>();
@@ -181,6 +186,26 @@ public class Role implements Serializable { return this.permissions.remove(permission); }
+ public Set<LdapGroup> getLdapGroups() { + if (ldapGroups == null) { + ldapGroups = new HashSet<LdapGroup>(); + } + return this.ldapGroups; + } + + public void setLdapGroups(Set<LdapGroup> groups) { + this.ldapGroups = groups; + } + + public void addLdapGroup(LdapGroup ldapGroup) { + ldapGroup.setRole(this); + this.ldapGroups.add(ldapGroup); + } + + public boolean removeLdapGroup(LdapGroup ldapGroup) { + return this.ldapGroups.remove(ldapGroup); + } + public java.util.Set<Subject> getSubjects() { return subjects; } diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java b/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java new file mode 100644 index 0000000..78fa9dc --- /dev/null +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/resource/group/LdapGroup.java @@ -0,0 +1,125 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2009 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +package org.rhq.core.domain.resource.group; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; +import javax.persistence.SequenceGenerator; +import javax.persistence.Table; +import javax.persistence.Transient; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; + +import org.rhq.core.domain.authz.Role; + +/** + * @author paji + * + */ +@Entity +@NamedQueries( { @NamedQuery(name = LdapGroup.DELETE_BY_ID, query = "DELETE FROM LdapGroup an WHERE an.id IN ( :ids )") }) +@Table(name = "RHQ_ROLE_LDAP_GROUP") +@SequenceGenerator(name = "id", sequenceName = "RHQ_ROLE_LDAP_GROUP_ID_SEQ", allocationSize = 100) +@XmlAccessorType(XmlAccessType.FIELD) +public class LdapGroup implements Serializable { + private static final long serialVersionUID = 1L; + public static final String DELETE_BY_ID = "LdapGroup.deleteById"; + @Id + @Column(name = "ID", nullable = false) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "id") + private Integer id; + + @ManyToOne + @JoinColumn(name = "ROLE_ID", referencedColumnName = "ID", nullable = false) + private Role role; + + @Column(name = "LDAP_GROUP_NAME", nullable = false) + private String name; + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + @Transient + private String description = ""; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public Role getRole() { + return role; + } + + public void setRole(Role role) { + this.role = role; + } + + @Override + public int hashCode() { + return getName().hashCode() + 17 * ((role != null) ? role.hashCode() : 0); + } + + @Override + public boolean equals(Object o) { + if (o == this) { + return true; + } + + if (!(o instanceof LdapGroup)) { + return false; + } + LdapGroup grp = (LdapGroup) o; + if (!getName().equals(grp.getName())) { + return false; + } + + if (getRole() != null) { + return getRole().equals(grp.getRole()); + } + + return grp.getRole() == null; + } + + public Integer getId() { + return id; + } + + public void setId(Integer id) { + this.id = id; + } +} diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java index 4f35fe6..237858d 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java @@ -568,7 +568,7 @@ public class SystemConfigForm extends BaseValidatorForm { public void setLdapSearchFilter(String s) { ldapSearchFilter = s; } - + public String getLdapGroupFilter() { return ldapGroupFilter; } @@ -578,7 +578,7 @@ public class SystemConfigForm extends BaseValidatorForm { }
public String getLdapGroupMember() { - return ldapGroupFilter; + return ldapGroupMember; }
public void setLdapGroupMember(String s) { @@ -609,7 +609,6 @@ public class SystemConfigForm extends BaseValidatorForm { this.reindex = reindex; }
- /* (non-Javadoc) * @see org.apache.struts.action.ActionForm#validate(org.apache.struts.action.ActionMapping, * javax.servlet.http.HttpServletRequest) diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsAction.java new file mode 100644 index 0000000..fe91d46 --- /dev/null +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsAction.java @@ -0,0 +1,87 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2008 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +package org.rhq.enterprise.gui.admin.role; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.struts.action.ActionForm; +import org.apache.struts.action.ActionForward; +import org.apache.struts.action.ActionMapping; + +import org.rhq.enterprise.gui.legacy.Constants; +import org.rhq.enterprise.gui.legacy.action.BaseAction; +import org.rhq.enterprise.gui.legacy.action.BaseValidatorForm; +import org.rhq.enterprise.gui.legacy.util.RequestUtils; +import org.rhq.enterprise.gui.legacy.util.SessionUtils; +import org.rhq.enterprise.server.authz.RoleManagerLocal; +import org.rhq.enterprise.server.util.LookupUtil; + +/** + * An Action that adds resource groups for a role. + */ +public class AddLdapGroupsAction extends BaseAction { + public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, + HttpServletResponse response) throws Exception { + Log log = LogFactory.getLog(AddLdapGroupsAction.class.getName()); + HttpSession session = request.getSession(); + + AddLdapGroupsForm addForm = (AddLdapGroupsForm) form; + Integer roleId = addForm.getR(); + + ActionForward forward = checkSubmit(request, mapping, form, Constants.ROLE_PARAM, roleId); + if (forward != null) { + BaseValidatorForm spiderForm = (BaseValidatorForm) form; + + if (spiderForm.isCancelClicked() || spiderForm.isResetClicked()) { + log.debug("removing pending group list"); + SessionUtils.removeList(session, Constants.PENDING_RESGRPS_SES_ATTR); + } else if (spiderForm.isAddClicked()) { + log.debug("adding to pending group list"); + SessionUtils.addToList(session, Constants.PENDING_RESGRPS_SES_ATTR, addForm.getAvailableGroups()); + } else if (spiderForm.isRemoveClicked()) { + log.debug("removing from pending group list"); + SessionUtils.removeFromList(session, Constants.PENDING_RESGRPS_SES_ATTR, addForm.getPendingGroups()); + } + + return forward; + } + + log.debug("getting pending group list"); + List<String> pendingGroupIds = SessionUtils.getListAsListStr(request.getSession(), + Constants.PENDING_RESGRPS_SES_ATTR); + for (String id : pendingGroupIds) { + log.debug("adding group [" + id + "] for role [" + roleId + "]"); + } + + RoleManagerLocal roleManager = LookupUtil.getRoleManager(); + roleManager.addLdapGroupsToRole(RequestUtils.getSubject(request), roleId, pendingGroupIds); + + log.debug("removing pending group list"); + SessionUtils.removeList(session, Constants.PENDING_RESGRPS_SES_ATTR); + + RequestUtils.setConfirmation(request, "admin.role.confirm.AddLdapGroups"); + return returnSuccess(request, mapping, Constants.ROLE_PARAM, roleId); + } +} \ No newline at end of file diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsForm.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsForm.java new file mode 100644 index 0000000..4740012 --- /dev/null +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsForm.java @@ -0,0 +1,139 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2008 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +package org.rhq.enterprise.gui.admin.role; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.struts.action.ActionMapping; + +import org.rhq.enterprise.gui.legacy.action.BaseValidatorForm; + +/** + * A subclass of <code>Spider</code> representing the <em>Add Role Resource Groups</em> form. + */ +public class AddLdapGroupsForm extends BaseValidatorForm { + //-------------------------------------instance variables + + private String[] availableGroups; + private String[] pendingGroups; + private Integer psa; + private Integer psp; + private Integer r; + + //-------------------------------------constructors + + public AddLdapGroupsForm() { + super(); + } + + //-------------------------------------public methods + + public String[] getAvailableGroup() { + return this.availableGroups; + } + + public String[] getAvailableGroups() { + return getAvailableGroup(); + } + + public void setAvailableGroup(String[] availableGroups) { + this.availableGroups = availableGroups; + } + + public void setAvailableGroups(String[] availableGroups) { + setAvailableGroup(availableGroups); + } + + public String[] getPendingGroup() { + return this.pendingGroups; + } + + public String[] getPendingGroups() { + return getPendingGroup(); + } + + public void setPendingGroup(String[] pendingGroups) { + this.pendingGroups = pendingGroups; + } + + public void setPendingGroups(String[] pendingGroups) { + setPendingGroup(pendingGroups); + } + + public Integer getPsa() { + return this.psa; + } + + public void setPsa(Integer ps) { + this.psa = ps; + } + + public Integer getPsp() { + return this.psp; + } + + public void setPsp(Integer ps) { + this.psp = ps; + } + + public Integer getR() { + return this.r; + } + + public void setR(Integer r) { + this.r = r; + } + + public void reset(ActionMapping mapping, HttpServletRequest request) { + super.reset(mapping, request); + this.psa = null; + this.psp = null; + this.r = null; + this.pendingGroups = new String[0]; + this.availableGroups = new String[0]; + } + + public String toString() { + StringBuilder s = new StringBuilder(super.toString()); + s.append("r=" + r + " "); + s.append("psa=" + psa + " "); + s.append("psp=" + psp + " "); + + s.append("availableGroups={"); + listToString(s, availableGroups); + s.append("} "); + + s.append("pendingGroups={"); + listToString(s, pendingGroups); + s.append("}"); + + return s.toString(); + } + + private void listToString(StringBuilder s, String[] l) { + if (l != null) { + for (int i = 0; i < l.length; i++) { + s.append(l[i]); + if (i < (l.length - 1)) { + s.append(", "); + } + } + } + } +} \ No newline at end of file diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java new file mode 100644 index 0000000..c673cb5 --- /dev/null +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/AddLdapGroupsFormPrepareAction.java @@ -0,0 +1,149 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2008 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +package org.rhq.enterprise.gui.admin.role; + +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.struts.action.ActionForm; +import org.apache.struts.action.ActionForward; +import org.apache.struts.action.ActionMapping; +import org.apache.struts.tiles.ComponentContext; +import org.apache.struts.tiles.actions.TilesAction; + +import org.rhq.core.domain.auth.Subject; +import org.rhq.core.domain.authz.Role; +import org.rhq.core.domain.resource.group.LdapGroup; +import org.rhq.core.domain.util.PageControl; +import org.rhq.core.domain.util.PageList; +import org.rhq.enterprise.gui.legacy.Constants; +import org.rhq.enterprise.gui.legacy.util.RequestUtils; +import org.rhq.enterprise.gui.legacy.util.SessionUtils; +import org.rhq.enterprise.gui.util.WebUtility; +import org.rhq.enterprise.server.authz.RoleManagerLocal; +import org.rhq.enterprise.server.resource.group.LdapGroupManager; +import org.rhq.enterprise.server.util.LookupUtil; + +/** + * An Action that retrieves data to facilitate display of the form for adding groups to a role. + */ +public class AddLdapGroupsFormPrepareAction extends TilesAction { + public ActionForward execute(ComponentContext context, ActionMapping mapping, ActionForm form, + HttpServletRequest request, HttpServletResponse response) throws Exception { + Log log = LogFactory.getLog(AddLdapGroupsFormPrepareAction.class.getName()); + + Subject whoami = RequestUtils.getSubject(request); + AddLdapGroupsForm addForm = (AddLdapGroupsForm) form; + Integer roleId = addForm.getR(); + + if (roleId == null) { + roleId = RequestUtils.getRoleId(request); + } + + Role role = (Role) request.getAttribute(Constants.ROLE_ATTR); + if (role == null) { + RequestUtils.setError(request, Constants.ERR_ROLE_NOT_FOUND); + return null; + } + + addForm.setR(role.getId()); + + PageControl pca = WebUtility.getPageControl(request, "a"); + PageControl pcp = WebUtility.getPageControl(request, "p"); + + /* pending groups are those on the right side of the "add + * to list" widget- awaiting association with the rolewhen the form's "ok" button is clicked. */ + List<String> pendingGroupIds = SessionUtils.getListAsListStr(request.getSession(), + Constants.PENDING_RESGRPS_SES_ATTR); + + log.trace("getting pending groups for role [" + roleId + ")"); + String name = "foo"; + Set<Map<String, String>> allGroups = LdapGroupManager.getInstance().findAvailableGroupsByRole(whoami, + role.getId()); + RoleManagerLocal roleManager = LookupUtil.getRoleManager(); + + PageList<LdapGroup> assignedList = roleManager.findLdapGroupsByRole(role.getId(), PageControl + .getUnlimitedInstance()); + + allGroups = filterExisting(assignedList, allGroups); + Set<String> pendingIds = new HashSet<String>(pendingGroupIds); + + Set<Map<String, String>> pendingSet = findPendingGroups(pendingIds, allGroups); + PageList<Map<String, String>> pendingGroups = new PageList<Map<String, String>>(pendingSet, pendingSet.size(), + pcp); + + request.setAttribute(Constants.PENDING_RESGRPS_ATTR, pendingGroups); + request.setAttribute(Constants.NUM_PENDING_RESGRPS_ATTR, new Integer(pendingGroups.getTotalSize())); + + /* available groups are all groups in the system that are not + * associated with the role and are not pending + */ + log.trace("getting available groups for role [" + roleId + "]"); + + Set<Map<String, String>> availableGroupsSet = findAvailableGroups(pendingIds, allGroups); + PageList<Map<String, String>> availableGroups = new PageList<Map<String, String>>(availableGroupsSet, + availableGroupsSet.size(), pca); + request.setAttribute(Constants.AVAIL_RESGRPS_ATTR, availableGroups); + request.setAttribute(Constants.NUM_AVAIL_RESGRPS_ATTR, new Integer(availableGroups.getTotalSize())); + + return null; + } + + private Set<Map<String, String>> findPendingGroups(Set<String> pending, Set<Map<String, String>> allGroups) { + Set<Map<String, String>> ret = new HashSet<Map<String, String>>(); + for (Map<String, String> group : allGroups) { + if (pending.contains(group.get("name"))) { + ret.add(group); + } + } + return ret; + } + + private Set<Map<String, String>> findAvailableGroups(Set<String> pending, Set<Map<String, String>> allGroups) { + Set<Map<String, String>> ret = new HashSet<Map<String, String>>(); + for (Map<String, String> group : allGroups) { + if (!pending.contains(group.get("name"))) { + ret.add(group); + } + } + return ret; + } + + private Set<Map<String, String>> filterExisting(List<LdapGroup> pendingItems, Set<Map<String, String>> allGroups) { + Set<String> pending = new HashSet<String>(); + for (LdapGroup group : pendingItems) { + pending.add(group.getName()); + } + + Set<Map<String, String>> ret = new HashSet<Map<String, String>>(); + for (Map<String, String> group : allGroups) { + if (!pending.contains(group.get("name"))) { + ret.add(group); + } + } + return ret; + } +} \ No newline at end of file diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveLdapGroupsAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveLdapGroupsAction.java new file mode 100644 index 0000000..fb359c6 --- /dev/null +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveLdapGroupsAction.java @@ -0,0 +1,54 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2008 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +package org.rhq.enterprise.gui.admin.role; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.struts.action.ActionForm; +import org.apache.struts.action.ActionForward; +import org.apache.struts.action.ActionMapping; + +import org.rhq.core.util.collection.ArrayUtils; +import org.rhq.enterprise.gui.legacy.Constants; +import org.rhq.enterprise.gui.legacy.action.BaseAction; +import org.rhq.enterprise.gui.legacy.util.RequestUtils; +import org.rhq.enterprise.server.util.LookupUtil; + +/** + * An Action that retrieves data to facilitate display of the form for removing groups to a role. + */ +public class RemoveLdapGroupsAction extends BaseAction { + public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, + HttpServletResponse response) throws Exception { + Log log = LogFactory.getLog(RemoveLdapGroupsAction.class.getName()); + + RemoveResourceGroupsForm rmForm = (RemoveResourceGroupsForm) form; + int roleId = rmForm.getR(); + int[] groupIds = ArrayUtils.unwrapArray(rmForm.getLdapGroups()); + + log.debug("removing groups " + groupIds + "] for role [" + roleId + "]"); + LookupUtil.getRoleManager().removeLdapGroupsFromRole(RequestUtils.getSubject(request), roleId, groupIds); + + RequestUtils.setConfirmation(request, "admin.role.confirm.RemoveLdapGroups"); + return returnSuccess(request, mapping, Constants.ROLE_PARAM, roleId); + } +} \ No newline at end of file diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveResourceGroupsForm.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveResourceGroupsForm.java index 578136d..3ce789d 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveResourceGroupsForm.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RemoveResourceGroupsForm.java @@ -19,7 +19,9 @@ package org.rhq.enterprise.gui.admin.role;
import javax.servlet.http.HttpServletRequest; + import org.apache.struts.action.ActionMapping; + import org.rhq.enterprise.gui.legacy.action.BaseValidatorForm;
/** @@ -28,6 +30,9 @@ import org.rhq.enterprise.gui.legacy.action.BaseValidatorForm; public class RemoveResourceGroupsForm extends BaseValidatorForm { //-------------------------------------instance variables
+ private Integer[] ldapGroups; + private Integer ldapGroupPageSize; + private Integer[] groups; private Integer r;
@@ -51,6 +56,14 @@ public class RemoveResourceGroupsForm extends BaseValidatorForm { this.groups = groups; }
+ public void setLdapGroups(Integer[] groups) { + this.ldapGroups = groups; + } + + public Integer[] getLdapGroups() { + return ldapGroups; + } + public Integer getPsg() { return getPs(); } @@ -59,6 +72,14 @@ public class RemoveResourceGroupsForm extends BaseValidatorForm { setPs(pageSize); }
+ public Integer getPsldapGroups() { + return ldapGroupPageSize; + } + + public void setPsldapGroups(Integer pageSize) { + ldapGroupPageSize = pageSize; + } + public Integer getR() { return this.r; } diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RoleAdminPortalAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RoleAdminPortalAction.java index 2918c1d..b637b98 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RoleAdminPortalAction.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/RoleAdminPortalAction.java @@ -20,14 +20,17 @@ package org.rhq.enterprise.gui.admin.role;
import java.util.HashMap; import java.util.Properties; + import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.struts.action.ActionForm; import org.apache.struts.action.ActionForward; import org.apache.struts.action.ActionMapping; + import org.rhq.core.domain.authz.Role; import org.rhq.enterprise.gui.legacy.Constants; import org.rhq.enterprise.gui.legacy.Portal; @@ -55,6 +58,9 @@ public class RoleAdminPortalAction extends BaseDispatchAction { private static final String TITLE_ADD_GROUPS = "admin.role.AddRoleGroupsTitle"; private static final String PORTLET_ADD_GROUPS = ".admin.role.AddGroups";
+ private static final String TITLE_ADD_LDAP_GROUPS = "admin.role.AddRoleLdapGroupsTitle"; + private static final String PORTLET_ADD_LDAP_GROUPS = ".admin.role.AddLdapGroups"; + private static final String TITLE_EDIT = "admin.role.EditRoleTitle";
private static final String PORTLET_EDIT = ".admin.role.Edit"; @@ -78,6 +84,7 @@ public class RoleAdminPortalAction extends BaseDispatchAction { keyMethodMap.setProperty(Constants.MODE_LIST, "listRoles"); keyMethodMap.setProperty(Constants.MODE_ADD_USERS, "addRoleUsers"); keyMethodMap.setProperty(Constants.MODE_ADD_GROUPS, "addRoleGroups"); + keyMethodMap.setProperty(Constants.MODE_ADD_LDAP_GROUPS, "addLdapGroups"); keyMethodMap.setProperty(Constants.MODE_EDIT, "editRole"); keyMethodMap.setProperty(Constants.MODE_NEW, "newRole"); keyMethodMap.setProperty(Constants.MODE_VIEW, "viewRole"); @@ -121,6 +128,17 @@ public class RoleAdminPortalAction extends BaseDispatchAction { return null; }
+ public ActionForward addLdapGroups(ActionMapping mapping, ActionForm form, HttpServletRequest request, + HttpServletResponse response) throws Exception { + setRole(request); + + Portal portal = Portal.createPortal(TITLE_ADD_LDAP_GROUPS, PORTLET_ADD_LDAP_GROUPS); + portal.setDialog(true); + request.setAttribute(Constants.PORTAL_KEY, portal); + + return null; + } + public ActionForward editRole(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { setRole(request); diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/ViewAction.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/ViewAction.java index dd53eed..3414dab 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/ViewAction.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/role/ViewAction.java @@ -35,6 +35,7 @@ import org.apache.struts.tiles.ComponentContext; import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; +import org.rhq.core.domain.resource.group.LdapGroup; import org.rhq.core.domain.resource.group.ResourceGroup; import org.rhq.core.domain.util.AuthzConstants; import org.rhq.core.domain.util.PageControl; @@ -69,8 +70,10 @@ public class ViewAction extends WorkflowPrepareAction { Subject whoami = RequestUtils.getSubject(request); PageControl pcu = WebUtility.getPageControl(request, "u"); PageControl pcg = WebUtility.getPageControl(request, "g"); + PageControl pcldap = WebUtility.getPageControl(request, "l"); log.trace("user page control: " + pcu); log.trace("group page control: " + pcg); + log.trace("ldap group page control: " + pcldap);
RoleManagerLocal roleManager = LookupUtil.getRoleManager(); ResourceGroupManagerLocal groupManager = LookupUtil.getResourceGroupManager(); @@ -101,6 +104,14 @@ public class ViewAction extends WorkflowPrepareAction { request.setAttribute(Constants.NUM_RESGRPS_ATTR, new Integer(groups.getTotalSize())); }
+ PageList<LdapGroup> ldapGroups = roleManager.findLdapGroupsByRole(roleId, pcldap); + request.setAttribute(Constants.ROLE_LDAPGRPS_ATTR, ldapGroups); + if (ldapGroups == null) { + request.setAttribute(Constants.NUM_LDAPGRPS_ATTR, new Integer(0)); + } else { + request.setAttribute(Constants.NUM_LDAPGRPS_ATTR, new Integer(ldapGroups.getTotalSize())); + } + // create and initialize the remove users form RemoveUsersForm rmUsersForm = new RemoveUsersForm(); rmUsersForm.setR(roleId); diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/AttrConstants.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/AttrConstants.java index 5c82d46..6c87a4f 100755 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/AttrConstants.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/AttrConstants.java @@ -233,6 +233,12 @@ public interface AttrConstants { public static final String ROLE_RESGRPS_ATTR = "RoleResGrps";
/** + * The request scope attribute under which actions store the <code>List</code> of <code>LDAPGroupValue</code> + * objects for the requested role. + */ + public static final String ROLE_LDAPGRPS_ATTR = "RoleLdapGrps"; + + /** * The request scope attribute under which actions store the number of <code>AuthzSubjectValue</code> objects in the * associated <code>List</code>. */ @@ -298,6 +304,12 @@ public interface AttrConstants { public static final String NUM_RESGRPS_ATTR = "NumResGrps";
/** + * The request scope attribute under which actions store the number of <code>LdapGroupValue</code> objects in + * the associated <code>List</code>. + */ + public static final String NUM_LDAPGRPS_ATTR = "NumLdapGrps"; + + /** * The request scope attribute under which actions store the full <code>List</code> of <code> * ResourceGroupValue</code> objects. */ diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/ParamConstants.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/ParamConstants.java index a659e89..8847962 100755 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/ParamConstants.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/legacy/ParamConstants.java @@ -457,6 +457,12 @@ public interface ParamConstants {
/** * a value for a standard request paramater mode.<br> + * signify adding ldap groups for a role. + */ + public static final String MODE_ADD_LDAP_GROUPS = "addLdapGroups"; + + /** + * a value for a standard request paramater mode.<br> * signify displaying a list of items */ public static final String MODE_ADD = "add"; diff --git a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties index e95869f..62af674 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties +++ b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties @@ -280,6 +280,7 @@ admin.role.ViewRoleTitle=${product.shortName} View Role - {0} admin.role.EditRoleTitle=${product.shortName} Edit Role Properties and Permissions - {0} admin.role.AddRoleUsersTitle=${product.shortName} Edit Role Assign Users To Role - {0} admin.role.AddRoleGroupsTitle=${product.shortName} Edit Role Assign Groups To Role - {0} +admin.role.AddRoleLdapGroupsTitle=${product.shortName} Edit Role Assign LDAP Groups To Role - {0} admin.role.AlertNotificationTimeRangeTitle=${product.shortName} Edit Role Alert Notification Time Range - {0} admin.role.ChangeRoleOwnerTitle=${product.shortName} Change Owner - {0} admin.role.error.StaticRole=You cannot alter the roles for one or more of these users @@ -342,7 +343,8 @@ admin.role.add.users=Edit {0}: Assign Users to Role admin.role.groups.GroupsTab=Groups admin.role.groups.AssignToRoleTab=Assign To Role admin.role.groups.NewResourceGroupButton=New Group... -admin.role.groups.AssignedGroupsTab=Assigned Groups +admin.role.groups.AssignedGroupsTab=Assigned Resource Groups +admin.role.groups.AssignedLdapGroupsTab=Assigned LDAP Groups # admin.role.list.NameTH=Name admin.role.list.OwnerTH=Owner @@ -362,9 +364,11 @@ admin.role.confirm.Create=Role {0} has been created. admin.role.confirm.Edit=Your changes have been saved. admin.role.confirm.AddUsers=The requested users have been assigned to the role. admin.role.confirm.AddResourceGroups=The requested groups have been assigned to the role. +admin.role.confirm.AddLdapGroups=The requested groups have been assigned to the role. admin.role.confirm.Remove=The requested roles have been removed. admin.role.confirm.RemoveUsers=The requested users have been removed. admin.role.confirm.RemoveResourceGroups=The requested groups have been removed. +admin.role.confirm.RemoveLdapGroups=The requested groups have been removed. admin.role.confirm.ChangeOwner=The owner has been changed. # admin.role.error.RoleNotFound=The specified role does not exist. diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/struts-config.xml b/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/struts-config.xml index 76321ce..d18f2d4 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/struts-config.xml +++ b/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/struts-config.xml @@ -30,6 +30,8 @@ type="org.rhq.enterprise.gui.admin.role.RemoveUsersForm"/> <form-bean name="AddRoleResourceGroupsForm" type="org.rhq.enterprise.gui.admin.role.AddResourceGroupsForm"/> + <form-bean name="AddRoleLdapGroupsForm" + type="org.rhq.enterprise.gui.admin.role.AddLdapGroupsForm"/> <form-bean name="RemoveRoleResourceGroupsForm" type="org.rhq.enterprise.gui.admin.role.RemoveResourceGroupsForm"/> <!-- / --> @@ -546,6 +548,46 @@ <forward name="failure" path="/admin/role/RoleAdmin.do?mode=view"/> <forward name="success" path="/admin/role/RoleAdmin.do?mode=view"/> </action> + + + <action path="/admin/role/AddLdapGroupsFormPrepare" + name="AddRoleLdapGroupsForm" + scope="request" + type="org.rhq.enterprise.gui.admin.role.AddLdapGroupsFormPrepareAction"> + <set-property property="title" value="Add+Resource+Group"/> + </action> + + <action path="/admin/role/AddLdapGroups" + type="org.rhq.enterprise.gui.admin.role.AddLdapGroupsAction" + name="AddRoleLdapGroupsForm" + scope="request" + input="/admin/role/RoleAdmin.do?mode=addLdapGroups"> + <set-property property="workflow" value="role/ViewUser"/> + <forward name="cancel" path="/admin/role/RoleAdmin.do?mode=view" + redirect="true"/> + <forward name="reset" path="/admin/role/RoleAdmin.do?mode=addLdapGroups" + redirect="true"/> + <forward name="new" path="/resource/group/Inventory.do?mode=new" redirect="true"/> + <forward name="add" path="/admin/role/RoleAdmin.do?mode=addLdapGroups"/> + <forward name="remove" path="/admin/role/RoleAdmin.do?mode=addLdapGroups"/> + <forward name="failure" path="/admin/role/RoleAdmin.do?mode=addLdapGroups"/> + <forward name="success" path="/admin/role/RoleAdmin.do?mode=view"/> + </action> + + <action path="/admin/role/RemoveLdapGroups" + type="org.rhq.enterprise.gui.admin.role.RemoveLdapGroupsAction" + name="RemoveRoleResourceGroupsForm" + scope="request" + input="/admin/role/RoleAdmin.do?mode=view"> + <forward name="failure" path="/admin/role/RoleAdmin.do?mode=view"/> + <forward name="success" path="/admin/role/RoleAdmin.do?mode=view"/> + </action> + + + + + + <!-- / -->
<action path="/admin/role/ChangeOwnerFormPrepare" diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/tiles/admin-def.xml b/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/tiles/admin-def.xml index 6dac0a0..0559198 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/tiles/admin-def.xml +++ b/modules/enterprise/gui/portal-war/src/main/webapp/WEB-INF/tiles/admin-def.xml @@ -73,6 +73,10 @@ controllerUrl="/admin/role/AddResourceGroupsFormPrepare.do" path="/admin/role/AddRoleGroups.jsp"/>
+ <definition name=".admin.role.AddLdapGroups" + controllerUrl="/admin/role/AddLdapGroupsFormPrepare.do" + path="/admin/role/AddLdapRoleGroups.jsp"/> + <definition name=".admin.role.ChangeOwner" controllerUrl="/admin/role/ChangeOwnerFormPrepare.do" path="/admin/role/ChangeRoleOwner.jsp"/> diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/AddLdapRoleGroups.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/AddLdapRoleGroups.jsp new file mode 100644 index 0000000..93ec22e --- /dev/null +++ b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/AddLdapRoleGroups.jsp @@ -0,0 +1,30 @@ +<%@ page language="java" %> +<%@ page errorPage="/common/Error.jsp" %> +<%@ taglib uri="http://jakarta.apache.org/struts/tags-tiles" prefix="tiles" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> +<%@ taglib uri="http://jakarta.apache.org/struts/tags-html-el" prefix="html" %> + +<html:form action="/admin/role/AddLdapGroups" method="POST"> + +<tiles:insert definition=".page.title.admin.role"> + <tiles:put name="titleName" beanName="Role" beanProperty="name"/> +</tiles:insert> + +<tiles:insert definition=".portlet.error"/> + +<tiles:insert page="/admin/role/RoleGroupsForm.jsp"> + <tiles:put name="availableResGrps" beanName="AvailableResGrps"/> + <tiles:put name="numAvailableResGrps" beanName="NumAvailableResGrps"/> + <tiles:put name="pendingResGrps" beanName="PendingResGrps"/> + <tiles:put name="numPendingResGrps" beanName="NumPendingResGrps"/> +</tiles:insert> + +<tiles:insert definition=".form.buttons"> + <tiles:put name="addToList" value="true"/> +</tiles:insert> + +<tiles:insert definition=".page.footer"/> + +<html:hidden property="r"/> +</html:form> diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp index 1909ec5..ff4d6f6 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp @@ -12,12 +12,15 @@ <script language="JavaScript" src="<html:rewrite page="/js/listWidget.js"/>" type="text/javascript"></script> <c:set var="userWidgetInstanceName" value="assignedUsers"/> <c:set var="groupWidgetInstanceName" value="assignedGroups"/> +<c:set var="ldapGroupWidgetInstanceName" value="assignedLdapGroups"/> <script type="text/javascript"> var pageData = new Array(); initializeWidgetProperties('<c:out value="${userWidgetInstanceName}"/>'); userWidgetProperties = getWidgetProperties('<c:out value="${userWidgetInstanceName}"/>'); initializeWidgetProperties('<c:out value="${groupWidgetInstanceName}"/>'); groupWidgetProperties = getWidgetProperties('<c:out value="${groupWidgetInstanceName}"/>'); +initializeWidgetProperties('<c:out value="${ldapGroupWidgetInstanceName}"/>'); +ldapGroupWidgetProperties = getWidgetProperties('<c:out value="${ldapGroupWidgetInstanceName}"/>'); </script>
<c:url var="selfPuAction" value="/admin/role/RoleAdmin.do"> @@ -179,25 +182,24 @@ groupWidgetProperties = getWidgetProperties('<c:out value="${groupWidgetInstance <html:form method="POST" action="/admin/role/RemoveLdapGroups">
<tiles:insert definition=".header.tab"> - <tiles:put name="tabKey" value="admin.role.groups.AssignedGroupsTab"/> + <tiles:put name="tabKey" value="admin.role.groups.AssignedLdapGroupsTab"/> </tiles:insert>
<display:table items="${RoleLdapGrps}" var="group" action="${selfPgAction}" - postfix="g" + postfix="ldapGroups" width="100%" cellpadding="0" cellspacing="0">
- <display:column width="1%" property="id" title="<input type="checkbox" onclick="ToggleAll(this, groupWidgetProperties, true)" name="listToggleAll">" isLocalizedTitle="false" styleClass="ListCellCheckbox" headerStyleClass="ListHeaderCheckbox" > - <display:checkboxdecorator name="g" onclick="ToggleSelection(this, groupWidgetProperties, true)" styleClass="listMember"/> + <display:column width="1%" property="id" title="<input type="checkbox" onclick="ToggleAll(this, ldapGroupWidgetProperties, true)" name="listToggleAll">" isLocalizedTitle="false" styleClass="ListCellCheckbox" headerStyleClass="ListHeaderCheckbox" > + <display:checkboxdecorator name="ldapGroups" onclick="ToggleSelection(this, ldapGroupWidgetProperties, true)" styleClass="listMember"/> </display:column>
- <display:column width="25%" property="name" href="/rhq/group/inventory/view.xhtml?category=${group.groupCategory.name}&groupId=${group.id}" title="common.header.Group" - sortAttr="r.name"/> - <display:column width="75%" property="description" title="common.header.Description"/> + <display:column property="name" title="common.header.Group" sortAttr="r.name"/> + </display:table>
<tiles:insert definition=".toolbar.addToList"> <tiles:put name="addToListUrl" value="/admin/role/RoleAdmin.do?mode=addLdapGroups"/> - <tiles:put name="widgetInstanceName" beanName="groupWidgetInstanceName"/> + <tiles:put name="widgetInstanceName" beanName="ldapGroupWidgetInstanceName"/> <tiles:put name="addToListParamName" value="r"/> <tiles:put name="addToListParamValue" beanName="Role" beanProperty="id"/> <tiles:put name="pageList" beanName="RoleLdapGrps"/> diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java index 8762845..bcf7738 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java @@ -21,6 +21,7 @@ package org.rhq.enterprise.server.authz; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; +import java.util.LinkedList; import java.util.List; import java.util.Set;
@@ -38,6 +39,7 @@ import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; import org.rhq.core.domain.criteria.RoleCriteria; +import org.rhq.core.domain.resource.group.LdapGroup; import org.rhq.core.domain.resource.group.ResourceGroup; import org.rhq.core.domain.util.PageControl; import org.rhq.core.domain.util.PageList; @@ -88,6 +90,15 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { return roles; }
+ @Override + public PageList<LdapGroup> findLdapGroupsByRole(int roleId, PageControl pageControl) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Could not find role[" + roleId + "] to lookup ldap Groups on"); + } + return new PageList<LdapGroup>(role.getLdapGroups(), role.getLdapGroups().size(), pageControl); + } + /** * @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRoles(PageControl) */ @@ -431,6 +442,63 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote { } }
+ /** + * @see org.rhq.enterprise.server.authz.RoleManagerLocal#addResourceGroupsToRole(Subject, int, int[]) + */ + @RequiredPermission(Permission.MANAGE_SECURITY) + public void addLdapGroupsToRole(Subject subject, int roleId, List<String> groupIds) { + if ((groupIds != null) && (groupIds.size() > 0)) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Could not find role[" + roleId + "] to add resourceGroups to"); + } + role.getLdapGroups().size(); // load them in + + for (String groupId : groupIds) { + LdapGroup group = new LdapGroup(); + group.setName(groupId); + if (role == null) { + throw new IllegalArgumentException("Tried to add ldapGroup[" + groupId + "] to role[" + roleId + + "], but resourceGroup was not found"); + } + role.addLdapGroup(group); + } + } + } + + /** + * @see org.rhq.enterprise.server.authz.RoleManagerLocal#removeLdapGroupsFromRole(Subject, int, int[]) + */ + + @RequiredPermission(Permission.MANAGE_SECURITY) + public void removeLdapGroupsFromRole(Subject subject, int roleId, int[] groupIds) { + if ((groupIds != null) && (groupIds.length > 0)) { + Role role = entityManager.find(Role.class, roleId); + if (role == null) { + throw new IllegalArgumentException("Could not find role[" + roleId + "] to remove resourceGroups from"); + } + role.getLdapGroups().size(); // load them in + + for (Integer groupId : groupIds) { + LdapGroup doomedGroup = entityManager.find(LdapGroup.class, groupId); + if (doomedGroup == null) { + throw new IllegalArgumentException("Tried to remove doomedGroup[" + groupId + "] from role[" + + roleId + "], but subject was not found"); + } + role.removeLdapGroup(doomedGroup); + } + + Query purgeQuery = entityManager.createNamedQuery(LdapGroup.DELETE_BY_ID); + + List<Integer> ids = new LinkedList<Integer>(); + for (int i : groupIds) { + ids.add(i); + } + purgeQuery.setParameter("ids", ids); + purgeQuery.executeUpdate(); + } + } + private void processDependentPermissions(Role role) { /* * if you can control user/roles, then you can give yourself permissions, too; so we might as well diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java index 58f962a..34b81e0 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java @@ -18,6 +18,7 @@ */ package org.rhq.enterprise.server.authz;
+import java.util.List; import java.util.Set;
import javax.ejb.Local; @@ -26,6 +27,7 @@ import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; import org.rhq.core.domain.criteria.RoleCriteria; +import org.rhq.core.domain.resource.group.LdapGroup; import org.rhq.core.domain.util.PageControl; import org.rhq.core.domain.util.PageList;
@@ -159,6 +161,8 @@ public interface RoleManagerLocal {
Role getRole(Subject subject, int roleId);
+ PageList<LdapGroup> findLdapGroupsByRole(int roleId, PageControl pageControl); + PageList<Role> findSubjectAssignedRoles(Subject subject, int subjectId, PageControl pc);
//This is a proxy of getAvailableRolesForSubject but without pendingRoleIds as required by remote spec @@ -198,6 +202,8 @@ public interface RoleManagerLocal {
void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds);
+ void addLdapGroupsToRole(Subject subject, int roleId, List<String> groupIds); + /** * Removes the given resource groups from the given role. * @@ -209,6 +215,8 @@ public interface RoleManagerLocal {
void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds);
+ void removeLdapGroupsFromRole(Subject subject, int roleId, int[] groupIds); + PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria);
} \ No newline at end of file diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/CustomJaasDeploymentService.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/CustomJaasDeploymentService.java index 12d0787..2c98b0a 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/CustomJaasDeploymentService.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/CustomJaasDeploymentService.java @@ -166,6 +166,8 @@ public class CustomJaasDeploymentService implements CustomJaasDeploymentServiceM configOptions.put(Context.SECURITY_PROTOCOL, conf.getProperty(RHQConstants.LDAPProtocol)); configOptions.put("LoginProperty", conf.getProperty(RHQConstants.LDAPLoginProperty)); configOptions.put("Filter", conf.getProperty(RHQConstants.LDAPFilter)); + configOptions.put("GroupFilter", conf.getProperty(RHQConstants.LDAPGroupFilter)); + configOptions.put("GroupMemberFilter", conf.getProperty(RHQConstants.LDAPGroupMember)); configOptions.put("BaseDN", conf.getProperty(RHQConstants.LDAPBaseDN)); configOptions.put("BindDN", conf.getProperty(RHQConstants.LDAPBindDN)); configOptions.put("BindPW", conf.getProperty(RHQConstants.LDAPBindPW)); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java new file mode 100644 index 0000000..86bd8b4 --- /dev/null +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManager.java @@ -0,0 +1,290 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2009 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +package org.rhq.enterprise.server.resource.group; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import javax.naming.Context; +import javax.naming.NamingEnumeration; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; +import javax.naming.ldap.InitialLdapContext; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.rhq.core.domain.auth.Subject; +import org.rhq.enterprise.server.RHQConstants; +import org.rhq.enterprise.server.system.SystemManagerLocal; +import org.rhq.enterprise.server.util.LookupUtil; +import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory; + +/** + * @author paji + * + */ +public class LdapGroupManager { + private static final LdapGroupManager INSTANCE = new LdapGroupManager(); + private static final String BASEDN_DELIMITER = ";"; + private Log log = LogFactory.getLog(LdapGroupManager.class); + + private LdapGroupManager() { + } + + public static LdapGroupManager getInstance() { + return INSTANCE; + } + + public Set<Map<String, String>> findAvailableGroupsByRole(Subject subject, int roleId) { + SystemManagerLocal manager = LookupUtil.getSystemManager(); + manager.getSystemConfiguration(); + Set<Map<String, String>> ldapSet = new HashSet<Map<String, String>>(); + String[] names = { "bar", "foo" }; + + for (String name : names) { + Map<String, String> group = new HashMap<String, String>(); + group.put("id", name); + group.put("name", name); + group.put("description", name); + ldapSet.add(group); + } + return ldapSet; + } + + /* + * + {BindDN=uid=shaggy,ou=People, dc=rhndev, dc=redhat, dc=com, + java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, jboss.security.security_domain=JON, + LoginProperty=uid, BaseDN=dc=rhndev,dc=redhat,dc=com, java.naming.provider.url=ldap://fjs-0-16.rhndev.redhat.com, + java.naming.security.protocol=, BindPW=dog8code} + */ + protected boolean test() throws Exception { + + // Load our LDAP specific properties + Properties env = null;// getProperties(); + + // Load the BaseDN + String baseDN = "dc=rhndev,dc=redhat,dc=com"; + + // Load the LoginProperty + String loginProperty = "uid"; + + // Load any search filter + + // Find the user that is calling us + String userName = "sdoo"; + + // Load any information we may need to bind + String bindDN = "uid=shaggy,ou=People, dc=rhndev, dc=redhat, dc=com"; + String bindPW = "dog8code"; + + if (bindDN != null) { + env.setProperty(Context.SECURITY_PRINCIPAL, bindDN); + env.setProperty(Context.SECURITY_CREDENTIALS, bindPW); + env.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); + } + InitialLdapContext ctx = new InitialLdapContext(env, null); + SearchControls searchControls = getSearchControls(); + + // Add the search filter if specified. This only allows for a single search filter.. i.e. foo=bar. + String filter; + /* if ((searchFilter != null) && (searchFilter.length() != 0)) { + filter = "(&(" + loginProperty + "=" + userName + ")" + "(" + searchFilter + "))"; + } else { + filter = "(" + loginProperty + "=" + userName + ")"; + } + */ + //filter = "(" + loginProperty + "=" + userName + ")"; + filter = "(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=" + userName + + ",ou=People, dc=rhndev, dc=redhat, dc=com))"; + + // Loop through each configured base DN. It may be useful + // in the future to allow for a filter to be configured for + // each BaseDN, but for now the filter will apply to all. + String[] baseDNs = baseDN.split(BASEDN_DELIMITER); + log.info(Arrays.asList(baseDNs)); + for (int x = 0; x < baseDNs.length; x++) { + NamingEnumeration answer = ctx.search(baseDNs[x], filter, searchControls); + log.info(answer.hasMore()); + while (answer.hasMore()) { + // We use the first match + SearchResult si = (SearchResult) answer.next(); + log.info(si); + + /* + // Construct the UserDN + String userDN = si.getName() + "," + baseDNs[x]; + print (userDN); + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); + ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, "dog8code"); + ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); + ctx.reconnect(null);*/ + } + + } + + // If we try all the BaseDN's and have not found a match, return false + return false; + } + + /** + * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword(java.lang.String,java.lang.String) + */ + protected void buildGroup(Properties options, String userName) { + // Load our LDAP specific properties + Properties env = getProperties(options); + + // Load the BaseDN + String baseDN = (String) options.get(RHQConstants.LDAPBaseDN); + if (baseDN == null) { + // If the BaseDN is not specified, log an error and refuse the login attempt + log.info("BaseDN is not set, refusing login"); + } + + // Load the LoginProperty + String loginProperty = (String) options.get(RHQConstants.LDAPLoginProperty); + if (loginProperty == null) { + // Use the default + loginProperty = "cn"; + } + + String groupFilter = (String) options.get("groupFilter"); + String groupMember = (String) options.get("groupMember"); + + // Load any information we may need to bind + String bindDN = (String) options.get("BindDN"); + String bindPW = (String) options.get("BindPW"); + if (bindDN != null) { + env.setProperty(Context.SECURITY_PRINCIPAL, bindDN); + env.setProperty(Context.SECURITY_CREDENTIALS, bindPW); + env.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); + } + + try { + InitialLdapContext ctx = new InitialLdapContext(env, null); + SearchControls searchControls = getSearchControls(); + String filter = "(&(objectclass=groupOfUniqueNames)(uniqueMember=uid=" + userName + + ",ou=People, dc=rhndev, dc=redhat, dc=com))"; + // Load any search filter + String searchFilter = (String) options.get("Filter"); + // Add the search filter if specified. This only allows for a single search filter.. i.e. foo=bar. + if ((searchFilter != null) && (searchFilter.length() != 0)) { + filter = "(&(" + loginProperty + "=" + userName + ")" + "(" + searchFilter + "))"; + } else { + filter = "(" + loginProperty + "=" + userName + ")"; + } + + // Loop through each configured base DN. It may be useful + // in the future to allow for a filter to be configured for + // each BaseDN, but for now the filter will apply to all. + String[] baseDNs = baseDN.split(BASEDN_DELIMITER); + for (int x = 0; x < baseDNs.length; x++) { + NamingEnumeration answer = ctx.search(baseDNs[x], filter, searchControls); + if (!answer.hasMore()) { + log.debug("User " + userName + " not found for BaseDN " + baseDNs[x]); + + // Nothing found for this DN, move to the next one if we have one. + continue; + } + + // We use the first match + SearchResult si = (SearchResult) answer.next(); + + } + + } catch (Exception e) { + log.info("Failed to validate password: " + e.getMessage()); + } + } + + /** + * Load a default set of properties to use when connecting to the LDAP server. If basic authentication is needed, + * the caller must set Context.SECURITY_PRINCIPAL, Context.SECURITY_CREDENTIALS and Context.SECURITY_AUTHENTICATION + * appropriately. + * + * @return properties that are to be used when connecting to LDAP server + */ + private Properties getProperties(Properties options) { + Properties env = new Properties(options); + // Set our default factory name if one is not given + String factoryName = env.getProperty(Context.INITIAL_CONTEXT_FACTORY); + if (factoryName == null) { + env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + } + + // Setup SSL if requested + String protocol = env.getProperty(Context.SECURITY_PROTOCOL); + if ((protocol != null) && protocol.equals("ssl")) { + String ldapSocketFactory = env.getProperty("java.naming.ldap.factory.socket"); + if (ldapSocketFactory == null) { + env.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName()); + } + env.put(Context.SECURITY_PROTOCOL, "ssl"); + } + + // Set the LDAP url + String providerUrl = env.getProperty(Context.PROVIDER_URL); + if (providerUrl == null) { + providerUrl = "ldap://localhost:" + (((protocol != null) && protocol.equals("ssl")) ? "636" : "389"); + } + + env.setProperty(Context.PROVIDER_URL, providerUrl); + + // Follow referrals automatically + env.setProperty(Context.REFERRAL, "follow"); + + return env; + } + + /** + * A simple method to construct a SearchControls object for use when doing LDAP searches. All of the defaults are + * used, with the exception of the scope, which is set to SUBTREE rather than the default of ONE_LEVEL + * + * @return controls what is searched in LDAP + */ + private SearchControls getSearchControls() { + // Set the scope to subtree, default is one-level + int scope = SearchControls.SUBTREE_SCOPE; + + // No limit on the time waiting for a response + int timeLimit = 0; + + // No limit on the number of entries returned + long countLimit = 0; + + // Attributes to return. + String[] returnedAttributes = null; + + // Don't return the object + boolean returnObject = false; + + // No dereferencing during the search + boolean deference = false; + + SearchControls constraints = new SearchControls(scope, countLimit, timeLimit, returnedAttributes, returnObject, + deference); + return constraints; + } +} diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.java index 7a76b01..2315ee8 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/RoleManagerBeanTest.java @@ -27,6 +27,7 @@ import org.testng.annotations.Test; import org.rhq.core.domain.auth.Subject; import org.rhq.core.domain.authz.Permission; import org.rhq.core.domain.authz.Role; +import org.rhq.core.domain.resource.group.LdapGroup; import org.rhq.core.domain.util.PageControl; import org.rhq.core.domain.util.PageList; import org.rhq.enterprise.server.auth.SubjectManagerLocal; @@ -243,4 +244,28 @@ public class RoleManagerBeanTest extends AbstractEJB3Test { getTransactionManager().rollback(); } } + + /** + * Test creating, assigning, removing and deleting roles. + * + * @throws Exception + */ + public void testLdapGroups() throws Exception { + getTransactionManager().begin(); + + try { + Subject superuser = subjectManager.getOverlord(); + createSession(superuser); + + Role role = new Role("role-manager-role"); + role.setFsystem(false); + role = roleManager.createRole(superuser, role); + LdapGroup group = new LdapGroup(); + group.setName("Foo"); + role.addLdapGroup(group); + assert roleManager.findLdapGroupsByRole(role.getId(), PageControl.getUnlimitedInstance()).size() == 1 : "Ldap Group Foo Should be assigned"; + } finally { + getTransactionManager().rollback(); + } + } } \ No newline at end of file
commit 98ea3e7acbf13e94808a796a5478b5195fe59204 Merge: 71e2d92... cbb2b49... Author: Partha Aji paji@redhat.com Date: Thu Mar 4 20:02:34 2010 -0500
Merge branch 'linux-config' into ldap
commit 71e2d920463a909506ffee19dfa73c26f074578a Merge: 308b9d3... 6445fb2... Author: Partha Aji paji@redhat.com Date: Mon Mar 1 09:49:24 2010 -0500
Merge branch 'linux-config' into ldap
commit 308b9d3b2caa2f344368d713551c12f879448171 Author: Partha Aji paji@redhat.com Date: Mon Mar 1 09:48:27 2010 -0500
whateve
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java index 029a2b9..ad8ae65 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java @@ -47,6 +47,7 @@ public class AuthorizationManagerBean implements AuthorizationManagerLocal {
@SuppressWarnings("unchecked") public Set<Permission> getExplicitGlobalPermissions(Subject subject) { + entityManager.flush(); Query query = entityManager.createNamedQuery(Subject.QUERY_GET_GLOBAL_PERMISSIONS); query.setParameter("subject", subject); List<Permission> results = query.getResultList();
commit c84a76b89d8c197a3cd3f5dca03ac23e5cf519d5 Merge: 84c5d00... 991b94d... Author: Partha Aji paji@redhat.com Date: Fri Feb 26 11:47:33 2010 -0500
Merge branch 'linux-config' into ldap
commit 84c5d0010c7855544018cdc08e8a0f6c4099703e Author: Shannon Hughes shughes@scooby.rdu.redhat.com Date: Thu Feb 25 16:12:53 2010 -0500
initial ldap group block
diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp index 017e832..1909ec5 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/admin/role/ViewRole.jsp @@ -173,6 +173,43 @@ groupWidgetProperties = getWidgetProperties('<c:out value="${groupWidgetInstance </c:if> </c:if>
+<c:if test="${not Role.fsystem}"> +<c:if test="${useroperations['MANAGE_SECURITY']}"> + +<html:form method="POST" action="/admin/role/RemoveLdapGroups"> + +<tiles:insert definition=".header.tab"> + <tiles:put name="tabKey" value="admin.role.groups.AssignedGroupsTab"/> +</tiles:insert> + +<display:table items="${RoleLdapGrps}" var="group" action="${selfPgAction}" + postfix="g" + width="100%" cellpadding="0" cellspacing="0"> + + <display:column width="1%" property="id" title="<input type="checkbox" onclick="ToggleAll(this, groupWidgetProperties, true)" name="listToggleAll">" isLocalizedTitle="false" styleClass="ListCellCheckbox" headerStyleClass="ListHeaderCheckbox" > + <display:checkboxdecorator name="g" onclick="ToggleSelection(this, groupWidgetProperties, true)" styleClass="listMember"/> + </display:column> + + <display:column width="25%" property="name" href="/rhq/group/inventory/view.xhtml?category=${group.groupCategory.name}&groupId=${group.id}" title="common.header.Group" + sortAttr="r.name"/> + <display:column width="75%" property="description" title="common.header.Description"/> +</display:table> + +<tiles:insert definition=".toolbar.addToList"> + <tiles:put name="addToListUrl" value="/admin/role/RoleAdmin.do?mode=addLdapGroups"/> + <tiles:put name="widgetInstanceName" beanName="groupWidgetInstanceName"/> + <tiles:put name="addToListParamName" value="r"/> + <tiles:put name="addToListParamValue" beanName="Role" beanProperty="id"/> + <tiles:put name="pageList" beanName="RoleLdapGrps"/> + <tiles:put name="pageAction" beanName="selfPgAction"/> + <tiles:put name="postfix" value="g"/> +</tiles:insert> + +<html:hidden property="r"/> +</html:form> +</c:if> +</c:if> + <tiles:insert definition=".page.return"> <tiles:put name="returnUrl" value="/admin/role/RoleAdmin.do?mode=list"/> <tiles:put name="returnKey" value="admin.role.view.ReturnToRoles"/>
commit 3e1622402c2fa5724f505065c5b89512fa7da664 Merge: 59a906f... a986379... Author: Partha Aji paji@redhat.com Date: Thu Feb 25 10:19:20 2010 -0500
Merge branch 'linux-config' into ldap
commit 59a906f82c207c0128ad5be30dfc4c112775dbf9 Author: Partha Aji paji@redhat.com Date: Wed Feb 24 19:41:44 2010 -0500
Removed the unused is_ldap column from RHQ_SUBJECT_ROLE_MAP since we are using RHQ_SUBJECT_ROLE_LDAP_MAP for that information
diff --git a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml index 1eaa6f8..6e0a31e 100644 --- a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml +++ b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml @@ -72,7 +72,6 @@ <table name="RHQ_SUBJECT_ROLE_MAP"> <column name="SUBJECT_ID" required="true" type="INTEGER" references="RHQ_SUBJECT"/> <column name="ROLE_ID" required="true" type="INTEGER" references="RHQ_ROLE"/> - <column name="IS_LDAP" required="true" type="BOOLEAN" default="false"/>
<constraint name="RHQ_SUBJECT_ROLE_MAPPING_KEY"> <primaryKey>
commit b9287ab8a2ff37eed95fc7883504db0a7130c7c1 Author: Partha Aji paji@redhat.com Date: Wed Feb 24 19:32:04 2010 -0500
Mapping For Solution 2 Done
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index c7d895b..9b991cd 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -40,7 +40,6 @@ import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; import javax.persistence.OneToOne; import javax.persistence.QueryHint; import javax.persistence.SequenceGenerator; @@ -228,18 +227,19 @@ public class Subject implements Externalizable { @OneToOne(cascade = { CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.MERGE }) private Configuration configuration;
- @OneToMany(mappedBy = "subject") - private Set<SubjectRoleEntity> subjectRoles; + @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) + @ManyToMany + private java.util.Set<Role> roles;
+ @JoinTable(name = "RHQ_SUBJECT_ROLE_LDAP_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) @ManyToMany - @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) - private Set<Role> roles = new HashSet<Role>(); + private java.util.Set<Role> ldapRoles;
@Transient private Integer sessionId = null;
private void init() { - subjectRoles = new HashSet<SubjectRoleEntity>(); + roles = new HashSet<Role>(); }
/** @@ -364,51 +364,44 @@ public class Subject implements Externalizable { this.configuration = configuration; }
- public Set<SubjectRoleEntity> getSubjectRoles() { - if (subjectRoles == null) { - subjectRoles = new HashSet<SubjectRoleEntity>(); + public java.util.Set<Role> getRoles() { + if (this.roles == null) { + this.roles = new HashSet<Role>(); } - return subjectRoles; - } - - public void setSubjectRoles(Set<SubjectRoleEntity> subjectRolesIn) { - subjectRoles = subjectRolesIn; - }
- public Set<Role> getRoles() { - if (roles == null) { - roles = new HashSet<Role>(); - } - return roles; + return this.roles; }
public void setRoles(Set<Role> roles) { this.roles = roles; }
- public void addRole(Role role, boolean ldap) { - SubjectRoleEntity s = new SubjectRoleEntity(); - s.setSubject(this); - s.setRole(role); - s.setLdap(ldap); - getSubjectRoles().add(s); - } - public void addRole(Role role) { - addRole(role, false); + getRoles().add(role); }
public void removeRole(Role role) { - SubjectRoleEntity toRemove = null; - for (SubjectRoleEntity s : getSubjectRoles()) { - if (s.getSubject().equals(this) && s.getRole().equals(role)) { - toRemove = s; - break; - } - } - if (toRemove != null) { - getSubjectRoles().remove(toRemove); + getRoles().remove(role); + } + + public java.util.Set<Role> getLdapRoles() { + if (this.ldapRoles == null) { + this.ldapRoles = new HashSet<Role>(); } + + return this.ldapRoles; + } + + public void setLdapRoles(Set<Role> roles) { + this.ldapRoles = roles; + } + + public void addLdapRole(Role role) { + getLdapRoles().add(role); + } + + public void removeLdapRole(Role role) { + getLdapRoles().remove(role); }
@Override @@ -517,7 +510,7 @@ public class Subject implements Externalizable { this.factive = in.readBoolean(); this.fsystem = in.readBoolean(); this.configuration = (Configuration) in.readObject(); - setRoles((Set<Role>) in.readObject()); + this.roles = (Set<Role>) in.readObject(); this.sessionId = in.readInt(); }
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java deleted file mode 100644 index 3636fb5..0000000 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * RHQ Management Platform - * Copyright (C) 2005-2008 Red Hat, Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2, as - * published by the Free Software Foundation, and/or the GNU Lesser - * General Public License, version 2.1, also as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License and the GNU Lesser General Public License - * for more details. - * - * You should have received a copy of the GNU General Public License - * and the GNU Lesser General Public License along with this program; - * if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ -package org.rhq.core.domain.auth; - -import java.io.Serializable; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.Id; -import javax.persistence.IdClass; -import javax.persistence.Table; - -import org.rhq.core.domain.authz.Role; - -@Entity -@IdClass(SubjectRolePK.class) -@Table(name = "RHQ_SUBJECT_ROLE_MAP") -public class SubjectRoleEntity implements Serializable { - - /** - * - */ - private static final long serialVersionUID = 1L; - - @Id - private Subject subject; - - @Id - private Role role; - - @Column(name = "IS_LDAP") - private boolean isLdap; - - public Subject getSubject() { - return subject; - } - - public void setSubject(Subject subject) { - this.subject = subject; - } - - public Role getRole() { - return role; - } - - public void setRole(Role role) { - this.role = role; - } - - public boolean isLdap() { - return isLdap; - } - - public void setLdap(boolean isLdap) { - this.isLdap = isLdap; - } - - @Override - public int hashCode() { - final int PRIME = 31; - int result = 1; - result = (PRIME * result) + ((subject == null) ? 0 : subject.hashCode()); - result = (PRIME * result) + ((role == null) ? 0 : role.hashCode()); - result = (PRIME * result) + ((isLdap) ? 0 : PRIME); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - - if ((obj == null) || !(obj instanceof SubjectRoleEntity)) { - return false; - } - - final SubjectRoleEntity other = (SubjectRoleEntity) obj; - if (subject == null) { - if (other.subject != null) { - return false; - } - } else if (!subject.equals(other.subject)) { - return false; - } - - if (role == null) { - if (other.role != null) { - return false; - } - } else if (!role.equals(other.role)) { - return false; - } - - return isLdap == other.isLdap; - } -} diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java deleted file mode 100644 index 8b6259c..0000000 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * RHQ Management Platform - * Copyright (C) 2005-2009 Red Hat, Inc. - * All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -package org.rhq.core.domain.auth; - -import java.io.Serializable; - -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; - -import org.rhq.core.domain.authz.Role; - -/** - * @author paji - * - */ -public class SubjectRolePK implements Serializable { - /** - * - */ - private static final long serialVersionUID = 1L; - - @ManyToOne - @JoinColumn(name = "USER_ID", referencedColumnName = "ID") - private Subject subject; - - @ManyToOne - @JoinColumn(name = "ROLE_ID", referencedColumnName = "ID") - private Role role; -} diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index 5267fca..b7004bd 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -37,7 +37,6 @@ import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; -import javax.persistence.OneToMany; import javax.persistence.SequenceGenerator; import javax.persistence.Table;
@@ -47,7 +46,6 @@ import org.hibernate.annotations.CollectionOfElements; import org.jetbrains.annotations.NotNull;
import org.rhq.core.domain.auth.Subject; -import org.rhq.core.domain.auth.SubjectRoleEntity;
/** * A role has zero or more {@link org.rhq.core.domain.resource.group.ResourceGroup}s assigned to it. You can assign a @@ -106,11 +104,11 @@ public class Role implements Serializable { @Column(name = "FSYSTEM") private Boolean fsystem;
- @OneToMany(mappedBy = "role") - private java.util.Set<SubjectRoleEntity> roleSubjects; - @ManyToMany(mappedBy = "roles") - private Set<Subject> subjects = new HashSet<Subject>(); + private java.util.Set<Subject> subjects = new HashSet<Subject>(); + + @ManyToMany(mappedBy = "ldapRoles") + private java.util.Set<Subject> ldapSubjects = new HashSet<Subject>();
@ManyToMany(mappedBy = "roles") private java.util.Set<org.rhq.core.domain.resource.group.ResourceGroup> resourceGroups = new HashSet<org.rhq.core.domain.resource.group.ResourceGroup>(); @@ -183,52 +181,56 @@ public class Role implements Serializable { return this.permissions.remove(permission); }
- public Set<SubjectRoleEntity> getRoleSubjects() { - if (roleSubjects == null) { - roleSubjects = new HashSet<SubjectRoleEntity>(); - } - return roleSubjects; + public java.util.Set<Subject> getSubjects() { + return subjects; }
- public void setRoleSubjects(Set<SubjectRoleEntity> subjectsIn) { - roleSubjects = subjectsIn; + public void setSubjects(Set<Subject> subjects) { + this.subjects = subjects; }
- public java.util.Set<Subject> getSubjects() { - if (subjects == null) { - subjects = new HashSet<Subject>(); + public void addSubject(Subject subject) { + if (this.subjects == null) { + this.subjects = new HashSet<Subject>(); } - return subjects; + + subject.addRole(this); + this.subjects.add(subject); }
- public void setSubjects(Set<Subject> subjects) { - this.subjects = subjects; + public void removeSubject(Subject subject) { + if (this.subjects == null) { + this.subjects = new HashSet<Subject>(); + } + + subject.removeRole(this); + this.subjects.remove(subject); }
- public void addSubject(Subject subject, boolean ldap) { - SubjectRoleEntity s = new SubjectRoleEntity(); - s.setSubject(subject); - s.setRole(this); - s.setLdap(ldap); - getRoleSubjects().add(s); + public java.util.Set<Subject> getLdapSubjects() { + return ldapSubjects; }
- public void addSubject(Subject subject) { - addSubject(subject, false); + public void setLdapSubjects(Set<Subject> subjects) { + this.ldapSubjects = subjects; }
- public void removeSubject(Subject subject) { - SubjectRoleEntity toRemove = null; - for (SubjectRoleEntity s : getRoleSubjects()) { - if (s.getSubject().equals(subject) && s.getRole().equals(this)) { - toRemove = s; - break; - } + public void addLdapSubject(Subject subject) { + if (this.ldapSubjects == null) { + this.ldapSubjects = new HashSet<Subject>(); } - if (toRemove != null) { - getRoleSubjects().remove(toRemove); - subject.removeRole(this); + + subject.addLdapRole(this); + this.ldapSubjects.add(subject); + } + + public void removeLdapSubject(Subject subject) { + if (this.ldapSubjects == null) { + this.ldapSubjects = new HashSet<Subject>(); } + + subject.removeLdapRole(this); + this.ldapSubjects.remove(subject); }
public Set<org.rhq.core.domain.resource.group.ResourceGroup> getResourceGroups() {
commit 8d87c981864acc5720869f0f651c9890f8653b0b Author: Partha Aji paji@redhat.com Date: Wed Feb 24 19:05:22 2010 -0500
Initial commit for solution 2
diff --git a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml index dcb993b..1eaa6f8 100644 --- a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml +++ b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml @@ -82,4 +82,14 @@ </constraint> </table>
+ <table name="RHQ_SUBJECT_ROLE_LDAP_MAP"> + <column name="SUBJECT_ID" required="true" type="INTEGER" references="RHQ_SUBJECT"/> + <column name="ROLE_ID" required="true" type="INTEGER" references="RHQ_ROLE"/> + <constraint name="RHQ_SUBJECT_ROLE_LDAP_MAPPING_KEY"> + <primaryKey> + <field ref="SUBJECT_ID"/> + <field ref="ROLE_ID"/> + </primaryKey> + </constraint> + </table> </dbsetup>
commit 04fad7aae80087e6c5a0e9981d1115159873af8f Author: Partha Aji paji@redhat.com Date: Wed Feb 24 16:06:01 2010 -0500
Added back the Many To Many roles magic to preserve roles variable
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 73d074a..c7d895b 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -36,6 +36,8 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; +import javax.persistence.JoinTable; +import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; @@ -229,6 +231,10 @@ public class Subject implements Externalizable { @OneToMany(mappedBy = "subject") private Set<SubjectRoleEntity> subjectRoles;
+ @ManyToMany + @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) + private Set<Role> roles = new HashSet<Role>(); + @Transient private Integer sessionId = null;
@@ -370,22 +376,14 @@ public class Subject implements Externalizable { }
public Set<Role> getRoles() { - Set<Role> r = new HashSet<Role>(); - for (SubjectRoleEntity s : getSubjectRoles()) { - r.add(s.getRole()); + if (roles == null) { + roles = new HashSet<Role>(); } - return r; + return roles; }
public void setRoles(Set<Role> roles) { - Set<SubjectRoleEntity> sroles = getSubjectRoles(); - sroles.clear(); - for (Role r : roles) { - SubjectRoleEntity s = new SubjectRoleEntity(); - s.setSubject(this); - s.setRole(r); - sroles.add(s); - } + this.roles = roles; }
public void addRole(Role role, boolean ldap) { @@ -501,7 +499,7 @@ public class Subject implements Externalizable { out.writeBoolean(factive); out.writeBoolean(fsystem); out.writeObject(configuration); - out.writeObject(getRoles()); + out.writeObject(roles); // not supplied by remote: subjectNotifications out.writeInt(this.sessionId == null ? 0 : this.sessionId); } diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index d549027..5267fca 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -110,6 +110,9 @@ public class Role implements Serializable { private java.util.Set<SubjectRoleEntity> roleSubjects;
@ManyToMany(mappedBy = "roles") + private Set<Subject> subjects = new HashSet<Subject>(); + + @ManyToMany(mappedBy = "roles") private java.util.Set<org.rhq.core.domain.resource.group.ResourceGroup> resourceGroups = new HashSet<org.rhq.core.domain.resource.group.ResourceGroup>();
@Cascade( { CascadeType.ALL }) @@ -192,22 +195,14 @@ public class Role implements Serializable { }
public java.util.Set<Subject> getSubjects() { - Set<Subject> s = new HashSet<Subject>(); - for (SubjectRoleEntity sre : getRoleSubjects()) { - s.add(sre.getSubject()); + if (subjects == null) { + subjects = new HashSet<Subject>(); } - return s; + return subjects; }
public void setSubjects(Set<Subject> subjects) { - Set<SubjectRoleEntity> sroles = getRoleSubjects(); - sroles.clear(); - for (Subject subject : subjects) { - SubjectRoleEntity s = new SubjectRoleEntity(); - s.setRole(this); - s.setSubject(subject); - sroles.add(s); - } + this.subjects = subjects; }
public void addSubject(Subject subject, boolean ldap) {
commit 09f0af7201c726cd1806d232164d2ea40c1470d2 Author: Shannon Hughes shughes@scooby.rdu.redhat.com Date: Wed Feb 24 14:16:54 2010 -0500
added ldap group member txt field for ldap configs
diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java index 6e95ef7..4f35fe6 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java @@ -61,6 +61,7 @@ public class SystemConfigForm extends BaseValidatorForm { private String ldapSearchBase = ""; private String ldapSearchFilter = ""; private String ldapGroupFilter = ""; + private String ldapGroupMember = ""; private String ldapUsername = ""; private String ldapPassword = ""; private Boolean ldapEnabled = null; @@ -85,6 +86,7 @@ public class SystemConfigForm extends BaseValidatorForm { buf.append(" ldapUsername=").append(ldapUsername); buf.append(" ldapPassword=").append(ldapPassword); buf.append(" ldapGroupFilter=").append(ldapGroupFilter); + buf.append(" ldapGroupMember=").append(ldapGroupMember);
return buf.toString(); } @@ -128,6 +130,7 @@ public class SystemConfigForm extends BaseValidatorForm { ldapUsername = ""; ldapPassword = ""; ldapGroupFilter = ""; + ldapGroupMember = "";
super.reset(mapping, request); } @@ -217,6 +220,7 @@ public class SystemConfigForm extends BaseValidatorForm { ldapSearchBase = prop.getProperty(RHQConstants.LDAPBaseDN); ldapSearchFilter = prop.getProperty(RHQConstants.LDAPFilter); ldapGroupFilter = prop.getProperty(RHQConstants.LDAPGroupFilter); + ldapGroupMember = prop.getProperty(RHQConstants.LDAPGroupMember); ldapUsername = prop.getProperty(RHQConstants.LDAPBindDN); ldapPassword = prop.getProperty(RHQConstants.LDAPBindPW);
@@ -317,6 +321,7 @@ public class SystemConfigForm extends BaseValidatorForm { prop.setProperty(RHQConstants.LDAPBaseDN, ldapSearchBase); prop.setProperty(RHQConstants.LDAPFilter, ldapSearchFilter); prop.setProperty(RHQConstants.LDAPGroupFilter, ldapGroupFilter); + prop.setProperty(RHQConstants.LDAPGroupMember, ldapGroupMember); prop.setProperty(RHQConstants.LDAPBindDN, ldapUsername); prop.setProperty(RHQConstants.LDAPBindPW, ldapPassword); prop.setProperty(RHQConstants.LDAPProtocol, ldapSsl ? "ssl" : ""); @@ -572,6 +577,14 @@ public class SystemConfigForm extends BaseValidatorForm { ldapGroupFilter = s; }
+ public String getLdapGroupMember() { + return ldapGroupFilter; + } + + public void setLdapGroupMember(String s) { + ldapGroupMember = s; + } + public String getLdapUsername() { return ldapUsername; } diff --git a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties index c65317a..e95869f 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties +++ b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties @@ -631,6 +631,7 @@ admin.settings.LDAPHostNameLabel=LDAP Host Name: admin.settings.LDAPUsernameLabel=Username: admin.settings.LDAPSearchFilterLabel=Search Filter: admin.settings.LDAPGroupSearchLabel=Group Search Filter: +admin.settings.LDAPGroupMemberLabel=Group Member Filter: admin.settings.LDAPPortLabel=LDAP Port: admin.settings.LDAPUrlLabel=URL: admin.settings.LDAPSslLabel=SSL: diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp index fbf6955..17f0a20 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp @@ -33,27 +33,34 @@ <tr> <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPUrlLabel"/></td> <td width="30%" class="BlockContent"><html:text size="31" property="ldapUrl"/></td> - <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPSslLabel"/></td> - <td width="30%" class="BlockContent"><html:checkbox property="ldapSsl"/></td> - </tr> - <tr> - <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPUsernameLabel"/></td> - <td width="30%" class="BlockContent"><html:text size="31" property="ldapUsername"/></td> - <td width="20%" class="BlockLabel"><fmt:message key="common.label.Password"/></td> - <td width="30%" class="BlockContent"><html:password size="31" property="ldapPassword" redisplay="true"/></td> - </tr> - <tr> - <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPSearchBaseLabel"/></td> - <td width="30%" class="BlockContent"><html:text size="31" property="ldapSearchBase"/></td> <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPSearchFilterLabel"/></td> <td width="30%" class="BlockContent"><html:text size="31" property="ldapSearchFilter"/></td> </tr> <tr> + <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPSearchBaseLabel"/></td> + <td width="30%" class="BlockContent"><html:text size="31" property="ldapSearchBase"/></td> <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPLoginPropertyLabel"/></td> <td width="30%" class="BlockContent"><html:text size="31" property="ldapLoginProperty"/></td> + </tr> + <tr> + <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPUsernameLabel"/></td> + <td width="30%" class="BlockContent"><html:text size="31" property="ldapUsername"/></td> <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPGroupSearchLabel"/></td> <td width="30%" class="BlockContent"><html:text size="31" property="ldapGroupFilter"/></td> </tr> + <tr> + <td width="20%" class="BlockLabel"><fmt:message key="common.label.Password"/></td> + <td width="30%" class="BlockContent"><html:password size="31" property="ldapPassword" redisplay="true"/></td> + <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPGroupMemberLabel"/></td> + <td width="30%" class="BlockContent"><html:text size="31" property="ldapGroupMember"/></td> + </tr> + <tr> + <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPSslLabel"/></td> + <td width="30%" class="BlockContent"><html:checkbox property="ldapSsl"/></td> + <td width="20%" class="BlockLabel"> </td> + <td width="30%" class="BlockContent"> </td> + </tr> +
<tr> <td colspan="4" class="BlockBottomLine"><html:img page="/images/spacer.gif" width="1" height="1" border="0"/></td> diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java index 8a94231..7bb1d72 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java @@ -47,6 +47,7 @@ public class RHQConstants { public static final String LDAPLoginProperty = "CAM_LDAP_LOGIN_PROPERTY"; public static final String LDAPFilter = "CAM_LDAP_FILTER"; public static final String LDAPGroupFilter = "CAM_LDAP_GROUP_FILTER"; + public static final String LDAPGroupMember = "CAM_LDAP_GROUP_MEMBER"; public static final String LDAPBaseDN = "CAM_LDAP_BASE_DN"; public static final String LDAPBindDN = "CAM_LDAP_BIND_DN"; public static final String LDAPBindPW = "CAM_LDAP_BIND_PW";
commit 9e4ca33363b357405733065e27f98e66d46535c1 Author: Partha Aji paji@redhat.com Date: Wed Feb 24 12:51:22 2010 -0500
More updates on the Mapping
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 191106e..73d074a 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -226,7 +226,7 @@ public class Subject implements Externalizable { @OneToOne(cascade = { CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.MERGE }) private Configuration configuration;
- @OneToMany(mappedBy = "user") + @OneToMany(mappedBy = "subject") private Set<SubjectRoleEntity> subjectRoles;
@Transient diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java index ea110f7..3636fb5 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java @@ -37,6 +37,11 @@ import org.rhq.core.domain.authz.Role; @Table(name = "RHQ_SUBJECT_ROLE_MAP") public class SubjectRoleEntity implements Serializable {
+ /** + * + */ + private static final long serialVersionUID = 1L; + @Id private Subject subject;
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java index e881b5b..8b6259c 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java @@ -19,6 +19,8 @@
package org.rhq.core.domain.auth;
+import java.io.Serializable; + import javax.persistence.JoinColumn; import javax.persistence.ManyToOne;
@@ -28,7 +30,12 @@ import org.rhq.core.domain.authz.Role; * @author paji * */ -public class SubjectRolePK { +public class SubjectRolePK implements Serializable { + /** + * + */ + private static final long serialVersionUID = 1L; + @ManyToOne @JoinColumn(name = "USER_ID", referencedColumnName = "ID") private Subject subject;
commit c5ad7ab61a62cc4ad847a7ea43e30d9dbcf81c48 Merge: 17a885c... 073abeb... Author: Partha Aji paji@redhat.com Date: Wed Feb 24 11:32:03 2010 -0500
Merge branch 'linux-config' into ldap
commit 17a885cd48cf2fed8723b6253154fe2173d4cd58 Author: Partha Aji paji@redhat.com Date: Wed Feb 24 11:30:56 2010 -0500
Added a more accurate mapping for SubjectRoleEntity
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 023faa3..191106e 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -36,7 +36,6 @@ import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; -import javax.persistence.JoinTable; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; @@ -227,8 +226,7 @@ public class Subject implements Externalizable { @OneToOne(cascade = { CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.MERGE }) private Configuration configuration;
- @OneToMany - @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }) + @OneToMany(mappedBy = "user") private Set<SubjectRoleEntity> subjectRoles;
@Transient diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java index fc0b0ed..ea110f7 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java @@ -25,20 +25,22 @@ package org.rhq.core.domain.auth; import java.io.Serializable;
import javax.persistence.Column; -import javax.persistence.JoinColumn; -import javax.persistence.ManyToOne; +import javax.persistence.Entity; +import javax.persistence.Id; +import javax.persistence.IdClass; import javax.persistence.Table;
import org.rhq.core.domain.authz.Role;
+@Entity +@IdClass(SubjectRolePK.class) @Table(name = "RHQ_SUBJECT_ROLE_MAP") public class SubjectRoleEntity implements Serializable { - @ManyToOne - @JoinColumn(name = "SUBJECT_ID", referencedColumnName = "ID") + + @Id private Subject subject;
- @ManyToOne - @JoinColumn(name = "ROLE_ID", referencedColumnName = "ID") + @Id private Role role;
@Column(name = "IS_LDAP") diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java new file mode 100644 index 0000000..e881b5b --- /dev/null +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRolePK.java @@ -0,0 +1,39 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2009 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +package org.rhq.core.domain.auth; + +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; + +import org.rhq.core.domain.authz.Role; + +/** + * @author paji + * + */ +public class SubjectRolePK { + @ManyToOne + @JoinColumn(name = "USER_ID", referencedColumnName = "ID") + private Subject subject; + + @ManyToOne + @JoinColumn(name = "ROLE_ID", referencedColumnName = "ID") + private Role role; +} diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index 1e66029..d549027 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -106,8 +106,7 @@ public class Role implements Serializable { @Column(name = "FSYSTEM") private Boolean fsystem;
- @OneToMany - @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "ROLE_ID") }) + @OneToMany(mappedBy = "role") private java.util.Set<SubjectRoleEntity> roleSubjects;
@ManyToMany(mappedBy = "roles")
commit 7789e66b5e5a114e67e2d0bb2bedc3641a33abc0 Author: Partha Aji paji@redhat.com Date: Tue Feb 23 13:21:49 2010 -0500
Updated the addSubject/removeSubject stuff from Role to use SubjectRoleEntity bean
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index 121f555..023faa3 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -231,13 +231,11 @@ public class Subject implements Externalizable { @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }) private Set<SubjectRoleEntity> subjectRoles;
- private Set<Role> roles; - @Transient private Integer sessionId = null;
private void init() { - roles = new HashSet<Role>(); + subjectRoles = new HashSet<SubjectRoleEntity>(); }
/** @@ -505,7 +503,7 @@ public class Subject implements Externalizable { out.writeBoolean(factive); out.writeBoolean(fsystem); out.writeObject(configuration); - out.writeObject(roles); + out.writeObject(getRoles()); // not supplied by remote: subjectNotifications out.writeInt(this.sessionId == null ? 0 : this.sessionId); } @@ -523,7 +521,7 @@ public class Subject implements Externalizable { this.factive = in.readBoolean(); this.fsystem = in.readBoolean(); this.configuration = (Configuration) in.readObject(); - this.roles = (Set<Role>) in.readObject(); + setRoles((Set<Role>) in.readObject()); this.sessionId = in.readInt(); }
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index 4e157c6..1e66029 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -110,8 +110,6 @@ public class Role implements Serializable { @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "ROLE_ID") }) private java.util.Set<SubjectRoleEntity> roleSubjects;
- private java.util.Set<Subject> subjects = new HashSet<Subject>(); - @ManyToMany(mappedBy = "roles") private java.util.Set<org.rhq.core.domain.resource.group.ResourceGroup> resourceGroups = new HashSet<org.rhq.core.domain.resource.group.ResourceGroup>();
@@ -183,30 +181,60 @@ public class Role implements Serializable { return this.permissions.remove(permission); }
+ public Set<SubjectRoleEntity> getRoleSubjects() { + if (roleSubjects == null) { + roleSubjects = new HashSet<SubjectRoleEntity>(); + } + return roleSubjects; + } + + public void setRoleSubjects(Set<SubjectRoleEntity> subjectsIn) { + roleSubjects = subjectsIn; + } + public java.util.Set<Subject> getSubjects() { - return subjects; + Set<Subject> s = new HashSet<Subject>(); + for (SubjectRoleEntity sre : getRoleSubjects()) { + s.add(sre.getSubject()); + } + return s; }
public void setSubjects(Set<Subject> subjects) { - this.subjects = subjects; + Set<SubjectRoleEntity> sroles = getRoleSubjects(); + sroles.clear(); + for (Subject subject : subjects) { + SubjectRoleEntity s = new SubjectRoleEntity(); + s.setRole(this); + s.setSubject(subject); + sroles.add(s); + } }
- public void addSubject(Subject subject) { - if (this.subjects == null) { - this.subjects = new HashSet<Subject>(); - } + public void addSubject(Subject subject, boolean ldap) { + SubjectRoleEntity s = new SubjectRoleEntity(); + s.setSubject(subject); + s.setRole(this); + s.setLdap(ldap); + getRoleSubjects().add(s); + }
- subject.addRole(this); - this.subjects.add(subject); + public void addSubject(Subject subject) { + addSubject(subject, false); }
public void removeSubject(Subject subject) { - if (this.subjects == null) { - this.subjects = new HashSet<Subject>(); + SubjectRoleEntity toRemove = null; + for (SubjectRoleEntity s : getRoleSubjects()) { + if (s.getSubject().equals(subject) && s.getRole().equals(this)) { + toRemove = s; + break; + } + } + if (toRemove != null) { + getRoleSubjects().remove(toRemove); + subject.removeRole(this); } - - subject.removeRole(this); - this.subjects.remove(subject); }
public Set<org.rhq.core.domain.resource.group.ResourceGroup> getResourceGroups() {
commit dcb59bb828983e2879cac829852437e00e0f29d8 Author: Partha Aji paji@redhat.com Date: Tue Feb 23 11:03:16 2010 -0500
More clean up work on Subjects and SubjectRoleEntity
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index f7f6ac2..121f555 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -229,9 +229,9 @@ public class Subject implements Externalizable {
@OneToMany @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }) - private java.util.Set<SubjectRoleEntity> subjectRoles; + private Set<SubjectRoleEntity> subjectRoles;
- private java.util.Set<Role> roles; + private Set<Role> roles;
@Transient private Integer sessionId = null; @@ -362,14 +362,18 @@ public class Subject implements Externalizable { this.configuration = configuration; }
- public java.util.Set<SubjectRoleEntity> getSubjectRoles() { + public Set<SubjectRoleEntity> getSubjectRoles() { if (subjectRoles == null) { subjectRoles = new HashSet<SubjectRoleEntity>(); } return subjectRoles; }
- public java.util.Set<Role> getRoles() { + public void setSubjectRoles(Set<SubjectRoleEntity> subjectRolesIn) { + subjectRoles = subjectRolesIn; + } + + public Set<Role> getRoles() { Set<Role> r = new HashSet<Role>(); for (SubjectRoleEntity s : getSubjectRoles()) { r.add(s.getRole()); @@ -378,15 +382,39 @@ public class Subject implements Externalizable { }
public void setRoles(Set<Role> roles) { - this.roles = roles; + Set<SubjectRoleEntity> sroles = getSubjectRoles(); + sroles.clear(); + for (Role r : roles) { + SubjectRoleEntity s = new SubjectRoleEntity(); + s.setSubject(this); + s.setRole(r); + sroles.add(s); + } + } + + public void addRole(Role role, boolean ldap) { + SubjectRoleEntity s = new SubjectRoleEntity(); + s.setSubject(this); + s.setRole(role); + s.setLdap(ldap); + getSubjectRoles().add(s); }
public void addRole(Role role) { - getRoles().add(role); + addRole(role, false); }
public void removeRole(Role role) { - getRoles().remove(role); + SubjectRoleEntity toRemove = null; + for (SubjectRoleEntity s : getSubjectRoles()) { + if (s.getSubject().equals(this) && s.getRole().equals(role)) { + toRemove = s; + break; + } + } + if (toRemove != null) { + getSubjectRoles().remove(toRemove); + } }
@Override diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java index 369b491..fc0b0ed 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java @@ -1,3 +1,25 @@ +/* + * RHQ Management Platform + * Copyright (C) 2005-2008 Red Hat, Inc. + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 2, as + * published by the Free Software Foundation, and/or the GNU Lesser + * General Public License, version 2.1, also as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License and the GNU Lesser General Public License + * for more details. + * + * You should have received a copy of the GNU General Public License + * and the GNU Lesser General Public License along with this program; + * if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ package org.rhq.core.domain.auth;
import java.io.Serializable; @@ -11,7 +33,6 @@ import org.rhq.core.domain.authz.Role;
@Table(name = "RHQ_SUBJECT_ROLE_MAP") public class SubjectRoleEntity implements Serializable { - @ManyToOne @JoinColumn(name = "SUBJECT_ID", referencedColumnName = "ID") private Subject subject; @@ -47,4 +68,43 @@ public class SubjectRoleEntity implements Serializable { this.isLdap = isLdap; }
+ @Override + public int hashCode() { + final int PRIME = 31; + int result = 1; + result = (PRIME * result) + ((subject == null) ? 0 : subject.hashCode()); + result = (PRIME * result) + ((role == null) ? 0 : role.hashCode()); + result = (PRIME * result) + ((isLdap) ? 0 : PRIME); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + + if ((obj == null) || !(obj instanceof SubjectRoleEntity)) { + return false; + } + + final SubjectRoleEntity other = (SubjectRoleEntity) obj; + if (subject == null) { + if (other.subject != null) { + return false; + } + } else if (!subject.equals(other.subject)) { + return false; + } + + if (role == null) { + if (other.role != null) { + return false; + } + } else if (!role.equals(other.role)) { + return false; + } + + return isLdap == other.isLdap; + } }
commit 2e83a0cc092f8feef995642502447389152d598e Merge: 3f91c1c... 4c82f06... Author: Partha Aji paji@redhat.com Date: Tue Feb 23 10:20:31 2010 -0500
Merge branch 'linux-config' into ldap
commit 3f91c1ca64b04ae174d42ca3839fa1cdaa99dbbc Author: Partha Aji paji@redhat.com Date: Tue Feb 23 10:09:47 2010 -0500
Adding initial mapping change needed for ldap
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index f13d6ef..f7f6ac2 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -37,7 +37,6 @@ import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.JoinTable; -import javax.persistence.ManyToMany; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; @@ -161,8 +160,7 @@ import org.rhq.core.domain.util.serial.ExternalizableStrategy; + " AND s.fsystem = FALSE " // + " AND s.factive = TRUE"), // @NamedQuery(name = Subject.QUERY_DYNAMIC_CONFIG_VALUES, query = "" // - + "SELECT s.name, s.name FROM Subject AS s WHERE s.fsystem = false") -}) + + "SELECT s.name, s.name FROM Subject AS s WHERE s.fsystem = false") }) @SequenceGenerator(name = "RHQ_SUBJECT_ID_SEQ", sequenceName = "RHQ_SUBJECT_ID_SEQ") @Table(name = "RHQ_SUBJECT") /*@Cache(usage= CacheConcurrencyStrategy.TRANSACTIONAL)*/ @@ -229,8 +227,10 @@ public class Subject implements Externalizable { @OneToOne(cascade = { CascadeType.PERSIST, CascadeType.REMOVE, CascadeType.MERGE }) private Configuration configuration;
- @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") }) - @ManyToMany + @OneToMany + @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "SUBJECT_ID") }) + private java.util.Set<SubjectRoleEntity> subjectRoles; + private java.util.Set<Role> roles;
@Transient @@ -362,12 +362,19 @@ public class Subject implements Externalizable { this.configuration = configuration; }
- public java.util.Set<Role> getRoles() { - if (this.roles == null) { - this.roles = new HashSet<Role>(); + public java.util.Set<SubjectRoleEntity> getSubjectRoles() { + if (subjectRoles == null) { + subjectRoles = new HashSet<SubjectRoleEntity>(); } + return subjectRoles; + }
- return this.roles; + public java.util.Set<Role> getRoles() { + Set<Role> r = new HashSet<Role>(); + for (SubjectRoleEntity s : getSubjectRoles()) { + r.add(s.getRole()); + } + return r; }
public void setRoles(Set<Role> roles) { diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java new file mode 100644 index 0000000..369b491 --- /dev/null +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/SubjectRoleEntity.java @@ -0,0 +1,50 @@ +package org.rhq.core.domain.auth; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; + +import org.rhq.core.domain.authz.Role; + +@Table(name = "RHQ_SUBJECT_ROLE_MAP") +public class SubjectRoleEntity implements Serializable { + + @ManyToOne + @JoinColumn(name = "SUBJECT_ID", referencedColumnName = "ID") + private Subject subject; + + @ManyToOne + @JoinColumn(name = "ROLE_ID", referencedColumnName = "ID") + private Role role; + + @Column(name = "IS_LDAP") + private boolean isLdap; + + public Subject getSubject() { + return subject; + } + + public void setSubject(Subject subject) { + this.subject = subject; + } + + public Role getRole() { + return role; + } + + public void setRole(Role role) { + this.role = role; + } + + public boolean isLdap() { + return isLdap; + } + + public void setLdap(boolean isLdap) { + this.isLdap = isLdap; + } + +} diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java index 35772bd..4e157c6 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java @@ -47,6 +47,7 @@ import org.hibernate.annotations.CollectionOfElements; import org.jetbrains.annotations.NotNull;
import org.rhq.core.domain.auth.Subject; +import org.rhq.core.domain.auth.SubjectRoleEntity;
/** * A role has zero or more {@link org.rhq.core.domain.resource.group.ResourceGroup}s assigned to it. You can assign a @@ -78,8 +79,7 @@ import org.rhq.core.domain.auth.Subject; + " JOIN ss.roles AS rr " // + " WHERE ss.id = :subjectId )"), // @NamedQuery(name = Role.QUERY_DYNAMIC_CONFIG_VALUES, query = "" // - + "SELECT r.name, r.name FROM Role AS r") -}) + + "SELECT r.name, r.name FROM Role AS r") }) @SequenceGenerator(name = "RHQ_ROLE_ID_SEQ", sequenceName = "RHQ_ROLE_ID_SEQ") @Table(name = "RHQ_ROLE") public class Role implements Serializable { @@ -106,7 +106,10 @@ public class Role implements Serializable { @Column(name = "FSYSTEM") private Boolean fsystem;
- @ManyToMany(mappedBy = "roles") + @OneToMany + @JoinTable(name = "RHQ_SUBJECT_ROLE_MAP", joinColumns = { @JoinColumn(name = "ROLE_ID") }) + private java.util.Set<SubjectRoleEntity> roleSubjects; + private java.util.Set<Subject> subjects = new HashSet<Subject>();
@ManyToMany(mappedBy = "roles")
commit 204c6b7de81df429eae5a506c36a84f0ddb7bdc2 Merge: e09efb0... 2ae22a1... Author: Partha Aji paji@redhat.com Date: Mon Feb 22 13:06:45 2010 -0500
Merge branch 'linux-config' into ldap
commit e09efb07b5c91f0a7889d2a6bb58ba41c1ac25c6 Author: Partha Aji paji@redhat.com Date: Mon Feb 22 12:59:31 2010 -0500
Intial config setup for LDAP stuff..
diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java index c636aa2..6e95ef7 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/admin/config/SystemConfigForm.java @@ -60,6 +60,7 @@ public class SystemConfigForm extends BaseValidatorForm { private String ldapLoginProperty = ""; private String ldapSearchBase = ""; private String ldapSearchFilter = ""; + private String ldapGroupFilter = ""; private String ldapUsername = ""; private String ldapPassword = ""; private Boolean ldapEnabled = null; @@ -83,6 +84,7 @@ public class SystemConfigForm extends BaseValidatorForm { buf.append(" ldapSearchFilter=").append(ldapSearchFilter); buf.append(" ldapUsername=").append(ldapUsername); buf.append(" ldapPassword=").append(ldapPassword); + buf.append(" ldapGroupFilter=").append(ldapGroupFilter);
return buf.toString(); } @@ -125,6 +127,7 @@ public class SystemConfigForm extends BaseValidatorForm { ldapSearchFilter = ""; ldapUsername = ""; ldapPassword = ""; + ldapGroupFilter = "";
super.reset(mapping, request); } @@ -213,6 +216,7 @@ public class SystemConfigForm extends BaseValidatorForm { ldapLoginProperty = prop.getProperty(RHQConstants.LDAPLoginProperty); ldapSearchBase = prop.getProperty(RHQConstants.LDAPBaseDN); ldapSearchFilter = prop.getProperty(RHQConstants.LDAPFilter); + ldapGroupFilter = prop.getProperty(RHQConstants.LDAPGroupFilter); ldapUsername = prop.getProperty(RHQConstants.LDAPBindDN); ldapPassword = prop.getProperty(RHQConstants.LDAPBindPW);
@@ -312,6 +316,7 @@ public class SystemConfigForm extends BaseValidatorForm { prop.setProperty(RHQConstants.LDAPLoginProperty, ldapLoginProperty); prop.setProperty(RHQConstants.LDAPBaseDN, ldapSearchBase); prop.setProperty(RHQConstants.LDAPFilter, ldapSearchFilter); + prop.setProperty(RHQConstants.LDAPGroupFilter, ldapGroupFilter); prop.setProperty(RHQConstants.LDAPBindDN, ldapUsername); prop.setProperty(RHQConstants.LDAPBindPW, ldapPassword); prop.setProperty(RHQConstants.LDAPProtocol, ldapSsl ? "ssl" : ""); @@ -558,6 +563,14 @@ public class SystemConfigForm extends BaseValidatorForm { public void setLdapSearchFilter(String s) { ldapSearchFilter = s; } + + public String getLdapGroupFilter() { + return ldapGroupFilter; + } + + public void setLdapGroupFilter(String s) { + ldapGroupFilter = s; + }
public String getLdapUsername() { return ldapUsername; diff --git a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties index 571cf22..1565fe3 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties +++ b/modules/enterprise/gui/portal-war/src/main/webapp-filtered/WEB-INF/classes/ApplicationResources.properties @@ -630,6 +630,7 @@ admin.settings.LDAPConfigPropTab=LDAP Configuration Properties admin.settings.LDAPHostNameLabel=LDAP Host Name: admin.settings.LDAPUsernameLabel=Username: admin.settings.LDAPSearchFilterLabel=Search Filter: +admin.settings.LDAPGroupSearchLabel=Group Search Filter: admin.settings.LDAPPortLabel=LDAP Port: admin.settings.LDAPUrlLabel=URL: admin.settings.LDAPSslLabel=SSL: diff --git a/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp b/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp index a0ea5ff..fbf6955 100644 --- a/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp +++ b/modules/enterprise/gui/portal-war/src/main/webapp/admin/config/LDAPForm.jsp @@ -51,8 +51,8 @@ <tr> <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPLoginPropertyLabel"/></td> <td width="30%" class="BlockContent"><html:text size="31" property="ldapLoginProperty"/></td> - <td width="20%" class="BlockLabel"> </td> - <td width="30%" class="BlockContent"> </td> + <td width="20%" class="BlockLabel"><fmt:message key="admin.settings.LDAPGroupSearchLabel"/></td> + <td width="30%" class="BlockContent"><html:text size="31" property="ldapGroupFilter"/></td> </tr>
<tr> diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java index 5411acc..8a94231 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/RHQConstants.java @@ -46,6 +46,7 @@ public class RHQConstants { public static final String LDAPProtocol = "CAM_LDAP_PROTOCOL"; public static final String LDAPLoginProperty = "CAM_LDAP_LOGIN_PROPERTY"; public static final String LDAPFilter = "CAM_LDAP_FILTER"; + public static final String LDAPGroupFilter = "CAM_LDAP_GROUP_FILTER"; public static final String LDAPBaseDN = "CAM_LDAP_BASE_DN"; public static final String LDAPBindDN = "CAM_LDAP_BIND_DN"; public static final String LDAPBindPW = "CAM_LDAP_BIND_PW"; @@ -61,7 +62,8 @@ public class RHQConstants { // Are we allowing automatic AgentUpdate binary download public static final String EnableAgentAutoUpdate = "ENABLE_AGENT_AUTO_UPDATE";
- // Are we rendering a special "debug" menu for administrators? + + // Are we rendering a special "debug" menu for administrators? public static final String EnableDebugMode = "ENABLE_DEBUG_MODE";
// How long do we keep data compressed in hourly intervals?
commit 0df397dd638fdfbd953fb6838f2fd00c274e3de3 Author: Shannon Hughes shughes@fred.hughes.lan Date: Mon Feb 22 10:25:46 2010 -0500
initial schema for ldap group feature
diff --git a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml index 13a4bc5..dcb993b 100644 --- a/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml +++ b/modules/core/dbutils/src/main/scripts/dbsetup/authz-schema.xml @@ -27,6 +27,18 @@ </constraint> </table>
+ <table name="RHQ_ROLE_LDAP_GROUP_MAP"> + <column name="ROLE_ID" required="true" type="INTEGER" references="RHQ_ROLE"/> + <column name="LDAP_GROUP_NAME" required="true" type="VARCHAR2"/> + + <constraint name="RHQ_ROLE_LDAP_GROUP_MAP_KEY"> + <primaryKey> + <field ref="ROLE_ID"/> + <field ref="LDAP_GROUP_NAME"/> + </primaryKey> + </constraint> + </table> + <table name="RHQ_PERMISSION"> <column name="ROLE_ID" type="INTEGER" references="RHQ_ROLE" required="true"/> <column name="OPERATION" type="INTEGER" required="true"/> @@ -60,6 +72,7 @@ <table name="RHQ_SUBJECT_ROLE_MAP"> <column name="SUBJECT_ID" required="true" type="INTEGER" references="RHQ_SUBJECT"/> <column name="ROLE_ID" required="true" type="INTEGER" references="RHQ_ROLE"/> + <column name="IS_LDAP" required="true" type="BOOLEAN" default="false"/>
<constraint name="RHQ_SUBJECT_ROLE_MAPPING_KEY"> <primaryKey>
rhq-commits@lists.fedorahosted.org