/src/main/java/de/theit/hudson/crowd/CrowdConfigurationService.java

https://github.com/theit/hudson-crowd2-plugin · Java · 243 lines · 147 code · 25 blank · 71 comment · 22 complexity · 8688b14fbb71d0ea7cdb11568f99b922 MD5 · raw file 

    

  1. /*
    2. 

  2.  * @(#)CrowdConfigurationService.java
    3. 

  3.  * Copyright (C)2011 Thorsten Heit.
    4. 

  4.  * All rights reserved.
    5. 

  5.  */
    6. 

  6. package de.theit.hudson.crowd;
    7. 

  7. 

  8. import static de.theit.hudson.crowd.ErrorMessages.applicationPermission;
    9. 

  9. import static de.theit.hudson.crowd.ErrorMessages.groupNotFound;
    10. 

  10. import static de.theit.hudson.crowd.ErrorMessages.invalidAuthentication;
    11. 

  11. import static de.theit.hudson.crowd.ErrorMessages.operationFailed;
    12. 

  12. import static de.theit.hudson.crowd.ErrorMessages.specifyGroup;
    13. 

  13. import static de.theit.hudson.crowd.ErrorMessages.userNotFound;
    14. 

  14. 

  15. import java.util.Collection;
    16. 

  16. import java.util.Comparator;
    17. 

  17. import java.util.HashSet;
    18. 

  18. import java.util.List;
    19. 

  19. import java.util.TreeSet;
    20. 

  20. import java.util.logging.Level;
    21. 

  21. import java.util.logging.Logger;
    22. 

  22. 

  23. import org.acegisecurity.GrantedAuthority;
    24. 

  24. import org.acegisecurity.GrantedAuthorityImpl;
    25. 

  25. 

  26. import com.atlassian.crowd.exception.ApplicationPermissionException;
    27. 

  27. import com.atlassian.crowd.exception.GroupNotFoundException;
    28. 

  28. import com.atlassian.crowd.exception.InvalidAuthenticationException;
    29. 

  29. import com.atlassian.crowd.exception.OperationFailedException;
    30. 

  30. import com.atlassian.crowd.exception.UserNotFoundException;
    31. 

  31. import com.atlassian.crowd.integration.http.CrowdHttpAuthenticator;
    32. 

  32. import com.atlassian.crowd.integration.http.util.CrowdHttpTokenHelper;
    33. 

  33. import com.atlassian.crowd.model.group.Group;
    34. 

  34. import com.atlassian.crowd.service.client.ClientProperties;
    35. 

  35. import com.atlassian.crowd.service.client.CrowdClient;
    36. 

  36. 

  37. /**
    38. 

  38.  * This class contains all objects that are necessary to access the REST
    39. 

  39.  * services on the remote Crowd server. In addition to this it contains some
    40. 

  40.  * helper methods
    41. 

  41.  * 
    42. 

  42.  * @author <a href="mailto:theit@gmx.de">Thorsten Heit (theit@gmx.de)</a>
    43. 

  43.  * @since 08.09.2011
    44. 

  44.  * @version $Id$
    45. 

  45.  */
    46. 

  46. public class CrowdConfigurationService {
    47. 

  47. 	/** Used for logging purposes. */
    48. 

  48. 	private static final Logger LOG = Logger
    49. 

  49. 			.getLogger(CrowdConfigurationService.class.getName());
    50. 

  50. 

  51. 	/**
    52. 

  52. 	 * The maximum number of groups that can be fetched from the Crowd server
    53. 

  53. 	 * for a user in one request.
    54. 

  54. 	 */
    55. 

  55. 	private static final int MAX_GROUPS = 500;
    56. 

  56. 

  57. 	/** Holds the Crowd client properties. */
    58. 

  58. 	ClientProperties clientProperties;
    59. 

  59. 

  60. 	/** The Crowd client to access the REST services on the remote Crowd server. */
    61. 

  61. 	CrowdClient crowdClient;
    62. 

  62. 

  63. 	/** The helper class for Crowd SSO token operations. */
    64. 

  64. 	CrowdHttpTokenHelper tokenHelper;
    65. 

  65. 

  66. 	/**
    67. 

  67. 	 * The interface used to manage HTTP authentication and web/SSO
    68. 

  68. 	 * authentication integration.
    69. 

  69. 	 */
    70. 

  70. 	CrowdHttpAuthenticator crowdHttpAuthenticator;
    71. 

  71. 

  72. 	/** The group name a user must belong to to be allowed to login into Hudson. */
    73. 

  73. 	private String groupName;
    74. 

  74. 

  75. 	/** Specifies whether nested groups may be used. */
    76. 

  76. 	private boolean nestedGroups;
    77. 

  77. 

  78. 	/**
    79. 

  79. 	 * Creates a new Crowd configuration object.
    80. 

  80. 	 * 
    81. 

  81. 	 * @param pGroupName
    82. 

  82. 	 *            The group name to use when authenticating Crowd users. May not
    83. 

  83. 	 *            be <code>null</code>.
    84. 

  84. 	 * @param pNestedGroups
    85. 

  85. 	 *            Specifies whether nested groups should be used when validating
    86. 

  86. 	 *            users against the group name.
    87. 

  87. 	 */
    88. 

  88. 	public CrowdConfigurationService(String pGroupName, boolean pNestedGroups) {
    89. 

  89. 		this.groupName = pGroupName.trim();
    90. 

  90. 		if (0 == this.groupName.length()) {
    91. 

  91. 			throw new IllegalArgumentException(specifyGroup());
    92. 

  92. 		}
    93. 

  93. 

  94. 		this.nestedGroups = pNestedGroups;
    95. 

  95. 	}
    96. 

  96. 

  97. 	/**
    98. 

  98. 	 * Checks whether the user is a member of a certain Crowd group whose
    99. 

  99. 	 * members are allowed to login into Hudson.
    100. 

  100. 	 * 
    101. 

  101. 	 * @param username
    102. 

  102. 	 *            The name of the user to check. May not be <code>null</code>.
    103. 

  103. 	 * @return <code>true</code> if and only if the group exists, is active and
    104. 

  104. 	 *         the user is either a direct group member or, if nested groups may
    105. 

  105. 	 *         be used, a nested group member. <code>false</code> else.
    106. 

  106. 	 */
    107. 

  107. 	public boolean isGroupMember(String username) {
    108. 

  108. 		boolean retval = false;
    109. 

  109. 

  110. 		try {
    111. 

  111. 			if (this.crowdClient.isUserDirectGroupMember(username,
    112. 

  112. 					this.groupName)) {
    113. 

  113. 				retval = true;
    114. 

  114. 			} else if (this.nestedGroups
    115. 

  115. 					&& this.crowdClient.isUserNestedGroupMember(username,
    116. 

  116. 							this.groupName)) {
    117. 

  117. 				retval = true;
    118. 

  118. 			}
    119. 

  119. 		} catch (ApplicationPermissionException ex) {
    120. 

  120. 			LOG.log(Level.WARNING, applicationPermission(), ex);
    121. 

  121. 		} catch (InvalidAuthenticationException ex) {
    122. 

  122. 			LOG.log(Level.WARNING, invalidAuthentication(), ex);
    123. 

  123. 		} catch (OperationFailedException ex) {
    124. 

  124. 			LOG.log(Level.SEVERE, operationFailed(), ex);
    125. 

  125. 		}
    126. 

  126. 

  127. 		return retval;
    128. 

  128. 	}
    129. 

  129. 

  130. 	/**
    131. 

  131. 	 * Checks if the group exists on the remote Crowd server and is active.
    132. 

  132. 	 * 
    133. 

  133. 	 * @return <code>true</code> if and only if:
    134. 

  134. 	 *         <ul>
    135. 

  135. 	 *         <li>The group name is empty or</li>
    136. 

  136. 	 *         <li>The group name is not empty, does exist on the remote Crowd
    137. 

  137. 	 *         server and is active.</li>
    138. 

  138. 	 *         </ul>
    139. 

  139. 	 *         <code>false</code> else.
    140. 

  140. 	 */
    141. 

  141. 	public boolean isGroupActive() {
    142. 

  142. 		boolean retval = false;
    143. 

  143. 		try {
    144. 

  144. 			Group group = this.crowdClient.getGroup(this.groupName);
    145. 

  145. 			if (null != group) {
    146. 

  146. 				retval = group.isActive();
    147. 

  147. 			}
    148. 

  148. 		} catch (GroupNotFoundException ex) {
    149. 

  149. 			LOG.log(Level.INFO, groupNotFound(), ex);
    150. 

  150. 		} catch (InvalidAuthenticationException ex) {
    151. 

  151. 			LOG.log(Level.WARNING, invalidAuthentication(), ex);
    152. 

  152. 		} catch (ApplicationPermissionException ex) {
    153. 

  153. 			LOG.log(Level.WARNING, applicationPermission(), ex);
    154. 

  154. 		} catch (OperationFailedException ex) {
    155. 

  155. 			LOG.log(Level.SEVERE, operationFailed(), ex);
    156. 

  156. 		}
    157. 

  157. 

  158. 		return retval;
    159. 

  159. 	}
    160. 

  160. 

  161. 	/**
    162. 

  162. 	 * Retrieves the list of all (nested) groups from the Crowd server that the
    163. 

  163. 	 * user is a member of.
    164. 

  164. 	 * 
    165. 

  165. 	 * @param username
    166. 

  166. 	 *            The name of the user. May not be <code>null</code>.
    167. 

  167. 	 * @return The list of all groups that the user is a member of. Always
    168. 

  168. 	 *         non-null.
    169. 

  169. 	 */
    170. 

  170. 	public Collection<GrantedAuthority> getAuthoritiesForUser(String username) {
    171. 

  171. 		Collection<GrantedAuthority> authorities = new TreeSet<GrantedAuthority>(
    172. 

  172. 				new Comparator<GrantedAuthority>() {
    173. 

  173. 					@Override
    174. 

  174. 					public int compare(GrantedAuthority ga1,
    175. 

  175. 							GrantedAuthority ga2) {
    176. 

  176. 						return ga1.getAuthority().compareTo(ga2.getAuthority());
    177. 

  177. 					}
    178. 

  178. 				});
    179. 

  179. 

  180. 		HashSet<String> groupNames = new HashSet<String>();
    181. 

  181. 

  182. 		// load the names of all groups the user is a direct member of
    183. 

  183. 		try {
    184. 

  184. 			int index = 0;
    185. 

  185. 			while (true) {
    186. 

  186. 				List<Group> groups = this.crowdClient.getGroupsForUser(
    187. 

  187. 						username, index, MAX_GROUPS);
    188. 

  188. 				if (null == groups || groups.isEmpty()) {
    189. 

  189. 					break;
    190. 

  190. 				}
    191. 

  191. 				for (Group group : groups) {
    192. 

  192. 					if (group.isActive()) {
    193. 

  193. 						groupNames.add(group.getName());
    194. 

  194. 					}
    195. 

  195. 				}
    196. 

  196. 				index += MAX_GROUPS;
    197. 

  197. 			}
    198. 

  198. 		} catch (UserNotFoundException ex) {
    199. 

  199. 			LOG.log(Level.INFO, userNotFound(), ex);
    200. 

  200. 		} catch (InvalidAuthenticationException ex) {
    201. 

  201. 			LOG.log(Level.WARNING, invalidAuthentication(), ex);
    202. 

  202. 		} catch (ApplicationPermissionException ex) {
    203. 

  203. 			LOG.log(Level.WARNING, applicationPermission(), ex);
    204. 

  204. 		} catch (OperationFailedException ex) {
    205. 

  205. 			LOG.log(Level.SEVERE, operationFailed(), ex);
    206. 

  206. 		}
    207. 

  207. 

  208. 		// load the names of all groups the user is a nester member of
    209. 

  209. 		if (this.nestedGroups) {
    210. 

  210. 			try {
    211. 

  211. 				int index = 0;
    212. 

  212. 				while (true) {
    213. 

  213. 					List<Group> groups = this.crowdClient
    214. 

  214. 							.getGroupsForNestedUser(username, index, MAX_GROUPS);
    215. 

  215. 					if (null == groups || groups.isEmpty()) {
    216. 

  216. 						break;
    217. 

  217. 					}
    218. 

  218. 					for (Group group : groups) {
    219. 

  219. 						if (group.isActive()) {
    220. 

  220. 							groupNames.add(group.getName());
    221. 

  221. 						}
    222. 

  222. 					}
    223. 

  223. 					index += MAX_GROUPS;
    224. 

  224. 				}
    225. 

  225. 			} catch (UserNotFoundException ex) {
    226. 

  226. 				LOG.log(Level.INFO, userNotFound(), ex);
    227. 

  227. 			} catch (InvalidAuthenticationException ex) {
    228. 

  228. 				LOG.log(Level.WARNING, invalidAuthentication(), ex);
    229. 

  229. 			} catch (ApplicationPermissionException ex) {
    230. 

  230. 				LOG.log(Level.WARNING, applicationPermission(), ex);
    231. 

  231. 			} catch (OperationFailedException ex) {
    232. 

  232. 				LOG.log(Level.SEVERE, operationFailed(), ex);
    233. 

  233. 			}
    234. 

  234. 		}
    235. 

  235. 

  236. 		// now create the list of authorities
    237. 

  237. 		for (String str : groupNames) {
    238. 

  238. 			authorities.add(new GrantedAuthorityImpl(str));
    239. 

  239. 		}
    240. 

  240. 

  241. 		return authorities;
    242. 

  242. 	}
    243. 

  243. }
    244.