[gatein-commits] gatein SVN: r1656 - in portal/trunk: component/identity/src/main/java/org/exoplatform/services/organization/idm and 2 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Fri Feb 12 03:01:39 EST 2010
Author: bdaw
Date: 2010-02-12 03:01:39 -0500 (Fri, 12 Feb 2010)
New Revision: 1656
Added:
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml
Modified:
portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java
portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/IDMUserListAccess.java
portal/trunk/pom.xml
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/organization-configuration.xml
portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml
Log:
- PLIDM 1.1.0.Beta4
- Better mapping of IDM types
- First draft of active directory example config
Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java
===================================================================
--- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java 2010-02-12 08:01:39 UTC (rev 1656)
@@ -355,7 +355,23 @@
{
if (!group.equals(root))
{
- exoGroups.add(convertGroup(group));
+ Group g = convertGroup(group);
+
+ // If membership of mapped types is forced then we need to exclude those that are not direct child
+ if (orgService.getConfiguration().isForceMembershipOfMappedTypes())
+ {
+ String id = g.getParentId();
+ if ((parent == null && id == null)
+ || (id != null && id.equals(parent.getId())))
+ {
+ exoGroups.add(g);
+ continue;
+ }
+ }
+ else
+ {
+ exoGroups.add(g);
+ }
}
}
@@ -560,14 +576,17 @@
log.info("Identity operation error: ", e);
}
- if (parents.size() > 1)
- {
- throw new IllegalStateException("Group has more than one parent: " + jbidGroup.getName());
- }
- if (parents.size() == 0)
+ if (parents.size() == 0 || parents.size() > 1)
{
+ if (parents.size() > 1)
+ {
+ log.info("PLIDM Group has more than one parent: " + jbidGroup.getName() + "; Will try to use parent path " +
+ "defined by type mappings or just place it under root /");
+ }
+
+
String id = orgService.getConfiguration().getParentId(jbidGroup.getGroupType());
if (id != null && orgService.getConfiguration().isForceMembershipOfMappedTypes())
Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/IDMUserListAccess.java
===================================================================
--- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/IDMUserListAccess.java 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/IDMUserListAccess.java 2010-02-12 08:01:39 UTC (rev 1656)
@@ -21,6 +21,7 @@
import org.exoplatform.commons.utils.ListAccess;
import org.exoplatform.services.organization.User;
+import org.picketlink.idm.api.SortOrder;
import org.picketlink.idm.api.query.UserQuery;
import org.picketlink.idm.api.query.UserQueryBuilder;
@@ -54,7 +55,7 @@
public User[] load(int index, int length) throws Exception, IllegalArgumentException
{
userQueryBuilder.page(index, length);
- UserQuery query = userQueryBuilder.createQuery();
+ UserQuery query = userQueryBuilder.sort(SortOrder.ASCENDING).createQuery();
List<org.picketlink.idm.api.User> users = idmService.getIdentitySession().list(query);
User[] exoUsers = new User[users.size()];
Modified: portal/trunk/pom.xml
===================================================================
--- portal/trunk/pom.xml 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/pom.xml 2010-02-12 08:01:39 UTC (rev 1656)
@@ -47,7 +47,7 @@
<org.gatein.common.version>2.0.0-CR03</org.gatein.common.version>
<org.gatein.wci.version>2.0.0-CR02</org.gatein.wci.version>
<org.gatein.pc.version>2.1.0-CR02</org.gatein.pc.version>
- <org.picketlink.idm>1.1.0.Beta3</org.picketlink.idm>
+ <org.picketlink.idm>1.1.0.Beta4</org.picketlink.idm>
<org.gatein.wsrp.version>1.0.0-Beta06</org.gatein.wsrp.version>
<org.gatein.mop.version>1.0.0-Beta16</org.gatein.mop.version>
<org.slf4j.version>1.5.6</org.slf4j.version>
Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2010-02-12 08:01:39 UTC (rev 1656)
@@ -60,6 +60,9 @@
<!--ACME LDAP Example-->
<!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>-->
+
+ <!--MSAD Read Only LDAP Example-->
+ <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>-->
</value-param>
<value-param>
<name>portalRealm</name>
@@ -141,6 +144,14 @@
<value><string>acme_ou_type</string></value>
</entry>
-->
+
+ <!-- Uncomment for MSAD ReadOnly LDAP example -->
+ <!--
+ <entry>
+ <key><string>/acme/roles/*</string></key>
+ <value><string>msad_roles_type</string></value>
+ </entry>
+ -->
</map>
</field>
<!-- If this option is used then each Membership created with MembrshipType that is
Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/organization-configuration.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/organization-configuration.xml 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/organization-configuration.xml 2010-02-12 08:01:39 UTC (rev 1656)
@@ -35,7 +35,7 @@
<value-param>
<name>checkDatabaseAlgorithm</name>
<description>check database</description>
- <value>empty</value>
+ <value>entry</value>
</value-param>
<value-param>
<name>printInformation</name>
Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml 2010-02-12 06:15:20 UTC (rev 1655)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml 2010-02-12 08:01:39 UTC (rev 1656)
@@ -230,15 +230,6 @@
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
- <attribute>
- <name>email</name>
- <mapping>mail</mapping>
- <type>text</type>
- <isRequired>false</isRequired>
- <isMultivalued>false</isMultivalued>
- <isReadOnly>false</isReadOnly>
- <isUnique>true</isUnique>
- </attribute>
</attributes>
<options>
<option>
@@ -306,15 +297,6 @@
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
- <attribute>
- <name>email</name>
- <mapping>mail</mapping>
- <type>text</type>
- <isRequired>false</isRequired>
- <isMultivalued>false</isMultivalued>
- <isReadOnly>false</isReadOnly>
- <isUnique>true</isUnique>
- </attribute>
</attributes>
<options>
<option>
Copied: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml (from rev 1621, portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml)
===================================================================
--- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml (rev 0)
+++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml 2010-02-12 08:01:39 UTC (rev 1656)
@@ -0,0 +1,326 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (C) 2009 eXo Platform SAS.
+
+ This is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ This software is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this software; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+
+-->
+
+<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
+ <realms>
+ <realm>
+ <id>realm</id>
+ <repository-id-ref>PortalRepository</repository-id-ref>
+ <identity-type-mappings>
+ <user-mapping>USER</user-mapping>
+ </identity-type-mappings>
+ </realm>
+ <realm>
+ <id>realm_portal</id>
+ <repository-id-ref>PortalRepository</repository-id-ref>
+ <identity-type-mappings>
+ <user-mapping>USER</user-mapping>
+ </identity-type-mappings>
+ </realm>
+ <realm>
+ <id>realm_sample-portal</id>
+ <repository-id-ref>SamplePortalRepository</repository-id-ref>
+ <identity-type-mappings>
+ <user-mapping>USER</user-mapping>
+ </identity-type-mappings>
+ </realm>
+ </realms>
+ <repositories>
+ <repository>
+ <id>PortalRepository</id>
+ <class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>HibernateStore</default-identity-store-id>
+ <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+ <identity-store-mappings>
+ <identity-store-mapping>
+ <identity-store-id>PortalLDAPStore</identity-store-id>
+ <identity-object-types>
+ <identity-object-type>USER</identity-object-type>
+ <identity-object-type>msad_roles_type</identity-object-type>
+ </identity-object-types>
+ <options>
+ <option>
+ <name>readOnly</name>
+ <value>true</value>
+ </option>
+ </options>
+ </identity-store-mapping>
+ </identity-store-mappings>
+ <options>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ </options>
+ </repository>
+ <repository>
+ <id>SamplePortalRepository</id>
+ <class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
+ <external-config/>
+ <default-identity-store-id>HibernateStore</default-identity-store-id>
+ <default-attribute-store-id>HibernateStore</default-attribute-store-id>
+ </repository>
+ </repositories>
+ <stores>
+ <attribute-stores/>
+ <identity-stores>
+ <identity-store>
+ <id>HibernateStore</id>
+ <class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ <name>USER</name>
+ <relationships/>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ </credentials>
+ <attributes/>
+ <options/>
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>hibernateSessionFactoryRegistryName</name>
+ <value>hibernateSessionFactory</value>
+ </option>
+ <option>
+ <name>populateRelationshipTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>populateIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedIdentityObjectTypes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowNotDefinedAttributes</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>isRealmAware</name>
+ <value>true</value>
+ </option>
+ </options>
+ </identity-store>
+ <identity-store>
+ <id>PortalLDAPStore</id>
+ <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
+ <external-config/>
+ <supported-relationship-types>
+ <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
+ </supported-relationship-types>
+ <supported-identity-object-types>
+ <identity-object-type>
+ <name>USER</name>
+ <relationships/>
+ <credentials>
+ <credential-type>PASSWORD</credential-type>
+ </credentials>
+ <attributes>
+ <attribute>
+ <name>firstName</name>
+ <mapping>givenName</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>lastName</name>
+ <mapping>sn</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>email</name>
+ <mapping>mail</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ <isUnique>true</isUnique>
+ </attribute>
+ </attributes>
+ <options>
+ <option>
+ <name>idAttributeName</name>
+ <value>sAMAccountName</value>
+ </option>
+ <option>
+ <name>entrySearchFilter</name>
+ <value><![CDATA[(&(sAMAccountName={0})(objectClass=User))]]></value>
+ </option>
+ <option>
+ <name>passwordAttributeName</name>
+ <value>unicodePwd</value>
+ </option>
+ <option>
+ <name>enclosePasswordWith</name>
+ <value>"</value>
+ </option>
+ <option>
+ <name>passwordEncoding</name>
+ <value>UTF-16LE</value>
+ </option>
+ <option>
+ <name>ctxDNs</name>
+ <value>CN=Users,DC=test,DC=domain</value>
+ </option>
+ <option>
+ <name>allowCreateEntry</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>createEntryAttributeValues</name>
+ <value>objectClass=top</value>
+ <value>objectClass=inetOrgPerson</value>
+ <value>sn= </value>
+ <value>userAccountControl=514</value>
+ <!--<value>cn= </value>-->
+ </option>
+ <option>
+ <name>passwordUpdateAttributeValues</name>
+ <value>userAccountControl=512</value>
+ </option>
+ </options>
+ </identity-object-type>
+ <identity-object-type>
+ <name>msad_roles_type</name>
+ <relationships>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>USER</identity-object-type-ref>
+ </relationship>
+ <relationship>
+ <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
+ <identity-object-type-ref>msad_roles_type</identity-object-type-ref>
+ </relationship>
+ </relationships>
+ <credentials/>
+ <attributes>
+ <attribute>
+ <name>label</name>
+ <mapping>cn</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>true</isReadOnly>
+ </attribute>
+ <attribute>
+ <name>description</name>
+ <mapping>description</mapping>
+ <type>text</type>
+ <isRequired>false</isRequired>
+ <isMultivalued>false</isMultivalued>
+ <isReadOnly>false</isReadOnly>
+ </attribute>
+ </attributes>
+ <options>
+ <option>
+ <name>idAttributeName</name>
+ <value>cn</value>
+ </option>
+ <option>
+ <name>ctxDNs</name>
+ <value>CN=Users,DC=test,DC=domain</value>
+ </option>
+ <option>
+ <name>entrySearchFilter</name>
+ <value><![CDATA[(&(sAMAccountName={0})(objectClass=group))]]></value>
+ </option>
+ <option>
+ <name>allowCreateEntry</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>parentMembershipAttributeName</name>
+ <value>member</value>
+ </option>
+ <option>
+ <name>isParentMembershipAttributeDN</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>allowEmptyMemberships</name>
+ <value>true</value>
+ </option>
+ <option>
+ <name>createEntryAttributeValues</name>
+ <value>objectClass=top</value>
+ <value>objectClass=group</value>
+ <value>groupType=8</value>
+ </option>
+ </options>
+ </identity-object-type>
+ </supported-identity-object-types>
+ <options>
+ <option>
+ <name>providerURL</name>
+ <value>ldap://192.168.0.12:389</value>
+ </option>
+ <!--<option>-->
+ <!--<name>providerURL</name>-->
+ <!--<value>ldaps://msad-host:636</value>-->
+ <!--</option>-->
+ <option>
+ <name>adminDN</name>
+ <value>TEST\Administrator</value>
+ </option>
+ <option>
+ <name>adminPassword</name>
+ <value>!Q at W3e4r</value>
+ </option>
+ <option>
+ <name>authenticationMethod</name>
+ <value>simple</value>
+ </option>
+ <!--<option>-->
+ <!--<name>customSystemProperties</name>-->
+ <!--<value>javax.net.ssl.trustStore=/home/root/msad.truststore</value>-->
+ <!--<value>javax.net.ssl.trustStorePassword=password</value>-->
+ <!--</option>-->
+ <option>
+ <name>searchTimeLimit</name>
+ <value>10000</value>
+ </option>
+ <option>
+ <name>createMissingContexts</name>
+ <value>false</value>
+ </option>
+ </options>
+ </identity-store>
+ </identity-stores>
+ </stores>
+</jboss-identity>
\ No newline at end of file
More information about the gatein-commits
mailing list