[jboss-user] [jBPM Users] - Re: identities from LDAP example pls!
p4w3l
do-not-reply at jboss.com
Thu Oct 29 05:20:24 EDT 2009
Thank you very much shiva0. I have managed to test it in my environment. I have modified your code for two important reasons:
- all strings and especially search strings are moved to properties file now. This allows to change search strings for different directories: MS Active Directory , IBM Lotus Domino, etc.
- I have changed the way it search for user groups - it is now looking for members in group record instead of looking for memberOf's in user record. I think it is better attampt and the only possible for IBM Lotus Domino
Below is jbpm.cfg.xml that I am still not sure if it is ok for pluged IdentitySession
| <?xml version="1.0" encoding="UTF-8"?>
| <jbpm-configuration>
| <import resource="jbpm.default.cfg.xml" />
| <import resource="jbpm.tx.hibernate.cfg.xml" />
| <import resource="jbpm.jpdl.cfg.xml" />
| <!-- <import resource="jbpm.identity.cfg.xml" /> -->
| <process-engine-context>
| <identity-service/>
| </process-engine-context>
| <transaction-context>
| <object class="sam.IdentitySessionImpl" />
| </transaction-context>
| </jbpm-configuration>
|
Now the class and then ldap.properties for MS Active Directory and IBM Lotus Domino. I have both of them so parameters are TESTED:
| package sam;
|
| import java.io.FileInputStream;
| import java.io.IOException;
| import java.util.List;
| import java.util.ArrayList;
| import java.util.Hashtable;
| import java.util.StringTokenizer;
| import java.util.Properties;
|
| import javax.naming.*;
| import javax.naming.directory.*;
|
| import org.apache.commons.logging.Log;
| import org.apache.commons.logging.LogFactory;
|
| import org.jbpm.api.identity.Group;
| import org.jbpm.api.identity.User;
| import org.jbpm.pvm.internal.identity.impl.GroupImpl;
| import org.jbpm.pvm.internal.identity.impl.UserImpl;
| import org.jbpm.pvm.internal.identity.spi.IdentitySession;
|
|
| public class IdentitySessionImpl implements IdentitySession {
|
| private Log log = LogFactory.getLog(getClass());
| private static Properties props = null;
| private SearchControls lSearchControls = null;
|
| public IdentitySessionImpl() {
|
| lSearchControls = new SearchControls();
| lSearchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
| // set time limit for query. Useful for preventing the application from being blocked
| try{
| lSearchControls.setTimeLimit( new Integer(getProps().getProperty("timeout")).intValue() );
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| lSearchControls.setReturningObjFlag( true );
| }
|
| public Group findGroupById(String iGroupId) {
|
| InitialDirContext lContext = null;
| GroupImpl lGroup = null;
|
| try
| {
| lContext = getLDAPContext();
|
| NamingEnumeration<SearchResult> lResults = lContext.search(
| getProps().getProperty("roleBase"),
| getProps().getProperty("findGroupByIdSearch"),
| new Object[]{ iGroupId },
| lSearchControls );
|
| if ( lResults.hasMore() )
| lGroup = getGroup(lResults.next());
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| finally
| {
| try { if (lContext != null ) lContext.close(); } catch (NamingException e) { }
| }
|
| return lGroup;
| }
|
| public List<Group> findGroupsByUser(String iUserId) {
|
| InitialDirContext lContext = null;
| List<Group> lGroups = new ArrayList<Group>();
|
| try
| {
| lContext = getLDAPContext();
|
| NamingEnumeration<SearchResult> lResults = lContext.search(
| getProps().getProperty("roleBase"),
| getProps().getProperty("findGroupsByUserSearch"),
| new Object[]{ findUserById(iUserId).toString() },
| lSearchControls );
|
| while ( lResults.hasMore() )
| lGroups.add( getGroup(lResults.next()) );
|
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| finally
| {
| try { if (lContext != null ) lContext.close(); } catch (NamingException e) { }
| }
|
| return lGroups;
| }
|
| public List<Group> findGroupsByUserAndGroupType(String iUserId, String iGroupType) {
| return findGroupsByUser(iUserId);
| }
|
| public User findUserById(String iUserId) {
|
| InitialDirContext lContext = null;
| UserImpl lUser = null;
|
| try
| {
| lContext = getLDAPContext();
|
| NamingEnumeration<SearchResult> lResults = lContext.search(
| getProps().getProperty("userBase"),
| getProps().getProperty("findUserByIdSearch"),
| new Object[]{ iUserId },
| lSearchControls );
|
| if ( lResults.hasMore() )
| lUser = getUser(lResults.next());
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| finally
| {
| try { if (lContext != null ) lContext.close(); } catch (NamingException e) { }
| }
|
| return lUser;
| }
|
| public List<User> findUsers() {
|
| List<User> lUsers = new ArrayList<User>();
| InitialDirContext lContext = null;
|
| try
| {
| lContext = getLDAPContext();
|
| NamingEnumeration<SearchResult> lResults = lContext.search(
| getProps().getProperty("userBase"),
| getProps().getProperty("findUsersSearch"),
| lSearchControls );
|
| while ( lResults.hasMore() )
| lUsers.add( getUser(lResults.next()) );
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| finally
| {
| try { if (lContext != null ) lContext.close(); } catch (NamingException e) { }
| }
|
| return lUsers;
| }
|
| public List<User> findUsersById(String... iUserIds) {
|
| List<User> lUsers = new ArrayList<User>(iUserIds.length);
|
| try
| {
| for (String lUserId : iUserIds) {
| lUsers.add( findUserById(lUserId) );
| }
| }
| finally
| {
|
| }
|
| return lUsers;
| }
|
| public List<User> findUsersByGroup(String iGroup) {
|
| InitialDirContext lContext = null;
| List<User> lUsers = new ArrayList<User>();
|
| try
| {
| lContext = getLDAPContext();
|
| NamingEnumeration<SearchResult> lResults = lContext.search(
| getProps().getProperty("roleBase"),
| getProps().getProperty("findUsersByGroupSearch"),
| new Object[]{ iGroup },
| lSearchControls );
|
| while ( lResults.hasMore() )
| lUsers.add( getUser(lResults.next()) );
| }
| catch (Throwable e)
| {
| throw new RuntimeException(e);
| }
| finally
| {
| try { if (lContext != null ) lContext.close(); } catch (NamingException e) { }
| }
|
| return lUsers;
| }
|
| private UserImpl getUser(SearchResult iResult) throws NamingException, IOException {
|
| final String iUserId = getAttributeValue(iResult, getProps().getProperty("userIdAttr"));
| final String lEmail = getAttributeValue(iResult, getProps().getProperty("userEmailAttr"));
| final String lFirstname = getAttributeValue(iResult, getProps().getProperty("userFirstNameAttr"));
| final String lLastname = getAttributeValue(iResult, getProps().getProperty("userLastNameAttr"));
|
| final UserImpl lUser = new UserImpl(iUserId, lFirstname, lLastname);
| lUser.setBusinessEmail(lEmail);
|
| return lUser;
| }
|
| private List<User> getUsers(SearchResult iResult) throws NamingException, IOException {
| NamingEnumeration<?> lAllAttrValues = null;
|
| final List<User> lUsers = new ArrayList<User>();
| final Attribute lAttr = iResult.getAttributes().get(getProps().getProperty("memberOfAttr"));
|
| if ( lAttr != null )
| lAllAttrValues = lAttr.getAll();
|
| while ( lAllAttrValues.hasMore() )
| {
| String lUserDN = (String) lAllAttrValues.next();
| lUsers.add( findUserById(getExtractedIdFromDN(lUserDN)) );
| }
| return lUsers;
| }
|
| private GroupImpl getGroup(SearchResult iResult) throws NamingException, IOException {
|
| final String iGroupId = getAttributeValue(iResult, getProps().getProperty("groupIdAttr"));
| final GroupImpl lGroup = new GroupImpl(iGroupId);
|
| return lGroup;
| }
|
| private String getExtractedIdFromDN(String iGroupDN) {
| StringTokenizer lTok = new StringTokenizer(iGroupDN, ",");
|
| String lGroupCN = lTok.nextToken();
|
| return lGroupCN.substring(3);
| }
|
| private String getAttributeValue(SearchResult iResult, String iAttributeName) throws NamingException {
| NamingEnumeration<?> lAllAttrValues = null;
| Attribute lAttr = iResult.getAttributes().get(iAttributeName);
|
| if ( lAttr != null )
| lAllAttrValues = lAttr.getAll();
|
| if ( lAllAttrValues != null && lAllAttrValues.hasMore() )
| return (String) lAllAttrValues.next();
| else
| return null;
| }
|
| private InitialDirContext getLDAPContext() throws NamingException, IOException {
| InitialDirContext lLdapCtx = null;
|
| // Set up LDAP configuration settings
| Hashtable<String, String> lContextValues = new Hashtable<String, String>();
|
| lContextValues.put("java.naming.ldap.version", getProps().getProperty("ldapVersion"));
| lContextValues.put( Context.INITIAL_CONTEXT_FACTORY, getProps().getProperty("initialContextFactory"));
| lContextValues.put( Context.SECURITY_AUTHENTICATION, getProps().getProperty("authentication"));
| lContextValues.put( Context.REFERRAL, getProps().getProperty("referral"));
| lContextValues.put( Context.PROVIDER_URL, getProps().getProperty("connectionURL"));
| lContextValues.put( Context.SECURITY_PRINCIPAL, getProps().getProperty("connectionUsername"));
| lContextValues.put( Context.SECURITY_CREDENTIALS, getProps().getProperty("connectionPassword"));
|
| // Make LDAP connection
| lLdapCtx = new InitialDirContext(lContextValues);
|
| return lLdapCtx;
| }
|
| private static Properties getProps() throws IOException
| {
| if ( props == null )
| {
| props = new Properties();
| props.load( ClassLoader.getSystemClassLoader().getResourceAsStream("ldap.properties") );
| }
|
| return props;
| }
|
| /* The following methods won't be implemented */
| public String createGroup(String arg0, String arg1, String arg2) {
| throw new UnsupportedOperationException();
| }
|
| public void createMembership(String arg0, String arg1, String arg2) {
| throw new UnsupportedOperationException();
| }
|
| public String createUser(String arg0, String arg1, String arg2, String arg3) {
| throw new UnsupportedOperationException();
| }
|
| public void deleteGroup(String arg0) {
| throw new UnsupportedOperationException();
| }
|
| public void deleteMembership(String arg0, String arg1, String arg2) {
| throw new UnsupportedOperationException();
| }
|
| public void deleteUser(String arg0) {
| throw new UnsupportedOperationException();
| }
| }
|
ldap.properties
| initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
| connectionURL=ldap://server
| authentication=simple
| connectionUsername=Username
| connectionPassword=Password
| timeout=3000
| referral=follow
| ldapVersion=3
|
| userIdAttr=uid
| userEmailAttr=mail
| userFirstNameAttr=givenname
| userLastNameAttr=sn
| userDNAttr=cn
| memberOfAttr=member
| groupIdAttr=cn
|
| # Lotus Domino
| userBase="ou=BBBXXX_PL,o=BBBXXX"
| roleBase=
|
| findGroupByIdSearch=(&(cn={0})(objectclass=dominoGroup))
| findGroupIdsByUserSearch=
| findGroupsByUserSearch=(&(member=cn={0},ou=BBBXXX_PL,o=BBBXXX)(objectclass=dominoGroup))
| findUserByIdSearch=(&(cn={0})(objectclass=dominoPerson))
| findUsersSearch=(&(objectclass=dominoPerson))
| findUsersByGroupSearch=(&(cn={0})(objectclass=dominoGroup))
|
| # Active Directory
| #userBase="cn=users,dc=int,dc=bbbxxx,dc=pl"
| #roleBase="cn=users,dc=int,dc=bbbxxx,dc=pl"
|
| #findGroupByIdSearch=(&(cn={0})(objectclass=group))
| #findGroupIdsByUserSearch=
| #findGroupsByUserSearch=(&(member=cn={0},CN=Users,DC=int,DC=bbbxxx,DC=pl)(objectclass=group))
| #findUserByIdSearch=(&(|(cn={0})(samAccountName={0}))(objectclass=user))
| #findUsersSearch=(&(objectclass=user))
| #findUsersByGroupSearch=(&(cn={0})(objectclass=group))
| [list=][list=]
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262872#4262872
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262872
More information about the jboss-user
mailing list