Author: bdaw Date: 2010-02-02 05:36:54 -0500 (Tue, 02 Feb 2010) New Revision: 1498 Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/Config.java portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipImpl.java portal/trunk/component/identity/src/test/java/conf/portal/idm-configuration.xml portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml Log: - PicketLink IDM integration - enable mapping between GateIn MembershipType and PLIDM association Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/Config.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/Config.java 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/Config.java 2010-02-02 10:36:54 UTC (rev 1498) @@ -43,6 +43,11 @@ private boolean forceMembershipOfMappedTypes = false; + private String associationMembershipType; + + private boolean ignoreMappedMembershipType = true; + + public Config() { } @@ -227,4 +232,24 @@ { this.forceMembershipOfMappedTypes = forceMembershipOfMappedTypes; } + + public String getAssociationMembershipType() + { + return associationMembershipType; + } + + public void setAssociationMembershipType(String associationMembershipType) + { + this.associationMembershipType = associationMembershipType; + } + + public boolean isIgnoreMappedMembershipType() + { + return ignoreMappedMembershipType; + } + + public void setIgnoreMappedMembershipType(boolean ignoreMappedMembershipType) + { + this.ignoreMappedMembershipType = ignoreMappedMembershipType; + } } Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/GroupDAOImpl.java 2010-02-02 10:36:54 UTC (rev 1498) @@ -176,10 +176,26 @@ Set<Group> exoGroups = new HashSet<Group>(); + MembershipDAOImpl mmm = (MembershipDAOImpl)orgService.getMembershipHandler(); + for (org.picketlink.idm.api.Role role : allRoles) { - exoGroups.add(convertGroup(role.getGroup())); + if (mmm.isCreateMembership(role.getRoleType().getName())) + { + exoGroups.add(convertGroup(role.getGroup())); + } + } + if (mmm.isAssociationMapped() && mmm.getAssociationMapping().equals(membershipType)) + { + Collection<org.picketlink.idm.api.Group> groups = + getIdentitySession().getRelationshipManager().findAssociatedGroups(userName, null); + + for (org.picketlink.idm.api.Group group : groups) + { + exoGroups.add(convertGroup(group)); + } + } // UI has hardcoded casts to List @@ -427,9 +443,13 @@ return id + jbidGroup.getName(); } - //As there is special root group this shouldn't happen: - throw new IllegalStateException("Group present that is not connected to the root: " + jbidGroup.getName()); + // All groups not connected to the root should be just below the root + return "/" + jbidGroup.getName(); + + //TODO: make it configurable + // throw new IllegalStateException("Group present that is not connected to the root: " + jbidGroup.getName()); + } String parentGroupId = getGroupId(((org.picketlink.idm.api.Group)parents.iterator().next())); Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipDAOImpl.java 2010-02-02 10:36:54 UTC (rev 1498) @@ -32,8 +32,10 @@ import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.LinkedList; import java.util.List; +import java.util.Set; import javax.naming.InvalidNameException; @@ -96,18 +98,28 @@ + " because membership type is null"); } - if (getIdentitySession().getRoleManager().getRoleType(mt.getName()) == null) + String groupId = + getIdentitySession().getPersistenceManager(). + createGroupKey(g.getGroupName(), orgService.getConfiguration().getGroupType(g.getParentId())); + + + if (isCreateMembership(mt.getName())) { - getIdentitySession().getRoleManager().createRoleType(mt.getName()); + if (getIdentitySession().getRoleManager().getRoleType(mt.getName()) == null) + { + getIdentitySession().getRoleManager().createRoleType(mt.getName()); + } + + + if (getIdentitySession().getRoleManager().hasRole(user.getUserName(), groupId, mt.getName())) + { + return; + } } - String groupId = - getIdentitySession().getPersistenceManager(). - createGroupKey(g.getGroupName(), orgService.getConfiguration().getGroupType(g.getParentId())); - - if (getIdentitySession().getRoleManager().hasRole(user.getUserName(), groupId, mt.getName())) + if (isAssociationMapped() && getAssociationMapping().equals(mt.getName())) { - return; + getIdentitySession().getRelationshipManager().associateUserByKeys(groupId, user.getUserName()); } MembershipImpl membership = new MembershipImpl(); @@ -145,8 +157,16 @@ preSave(m, false); } - getIdentitySession().getRoleManager().createRole(m.getMembershipType(), m.getUserName(), groupId); + if (isCreateMembership(m.getMembershipType())) + { + getIdentitySession().getRoleManager().createRole(m.getMembershipType(), m.getUserName(), groupId); + } + if (isAssociationMapped() && getAssociationMapping().equals(m.getMembershipType())) + { + getIdentitySession().getRelationshipManager().associateUserByKeys(groupId, m.getUserName()); + } + if (broadcast) { postSave(m, false); @@ -172,8 +192,20 @@ preDelete(m); } - getIdentitySession().getRoleManager().removeRole(m.getMembershipType(), m.getUserName(), groupId); + if (isCreateMembership(m.getMembershipType())) + { + getIdentitySession().getRoleManager().removeRole(m.getMembershipType(), m.getUserName(), groupId); + } + + if (isAssociationMapped() && getAssociationMapping().equals(m.getMembershipType()) && + getIdentitySession().getRelationshipManager().isAssociatedByKeys(m.getGroupId(), m.getUserName())) + { + Set<String> keys = new HashSet<String>(); + keys.add(m.getUserName()); + getIdentitySession().getRelationshipManager().disassociateUsersByKeys(groupId, keys); + } + if (broadcast) { postDelete(m); @@ -186,8 +218,7 @@ Collection<Role> roles = getIdentitySession().getRoleManager().findRoles(userName, null); - //TODO: Exo UI has hardcoded casts to List - List<Membership> memberships = new LinkedList<Membership>(); + HashSet<MembershipImpl> memberships = new HashSet<MembershipImpl>(); for (Role role : roles) { @@ -212,8 +243,25 @@ } - return memberships; + if (isAssociationMapped()) + { + Collection<org.picketlink.idm.api.Group> groups = + getIdentitySession().getRelationshipManager().findAssociatedGroups(userName, null); + + Set<String> keys = new HashSet<String>(); + keys.add(userName); + + for (org.picketlink.idm.api.Group group : groups) + { + getIdentitySession().getRelationshipManager().disassociateUsersByKeys(group.getKey(), keys); + } + + } + + //TODO: Exo UI has hardcoded casts to List + return new LinkedList(memberships); + } public Membership findMembershipByUserGroupAndType(String userName, String groupId, String type) throws Exception @@ -222,19 +270,38 @@ getIdentitySession().getPersistenceManager(). createGroupKey(getGroupNameFromId(groupId), getGroupTypeFromId(groupId)); + boolean hasMembership = false; + + if (isAssociationMapped() && getAssociationMapping().equals(type) && + getIdentitySession().getRelationshipManager().isAssociatedByKeys(gid, userName)) + { + hasMembership = true; + } + + Role role = getIdentitySession().getRoleManager().getRole(type, userName, gid); - if (role == null) + if (role != null && + (!isAssociationMapped() || + !getAssociationMapping().equals(role.getRoleType()) || + !ignoreMappedMembershipType()) + ) { - return null; + hasMembership = true; } - MembershipImpl m = new MembershipImpl(); - m.setGroupId(groupId); - m.setUserName(userName); - m.setMembershipType(type); + if (hasMembership) + { - return m; + + MembershipImpl m = new MembershipImpl(); + m.setGroupId(groupId); + m.setUserName(userName); + m.setMembershipType(type); + + return m; + } + return null; } public Collection findMembershipsByUserAndGroup(String userName, String groupId) throws Exception @@ -251,55 +318,91 @@ Collection<RoleType> roleTypes = getIdentitySession().getRoleManager().findRoleTypes(userName, gid, null); - //TODO: Exo UI has hardcoded casts to List - List<Membership> memberships = new LinkedList<Membership>(); + HashSet<MembershipImpl> memberships = new HashSet<MembershipImpl>(); for (RoleType roleType : roleTypes) { + if (isCreateMembership(roleType.getName())) + { + MembershipImpl m = new MembershipImpl(); + m.setGroupId(groupId); + m.setUserName(userName); + m.setMembershipType(roleType.getName()); + memberships.add(m); + } + } + + if (isAssociationMapped() && + getIdentitySession().getRelationshipManager().isAssociatedByKeys(gid, userName)) + { MembershipImpl m = new MembershipImpl(); m.setGroupId(groupId); m.setUserName(userName); - m.setMembershipType(roleType.getName()); + m.setMembershipType(getAssociationMapping()); memberships.add(m); } - return memberships; + //TODO: Exo UI has hardcoded casts to List + return new LinkedList(memberships); } public Collection findMembershipsByUser(String userName) throws Exception { Collection<Role> roles = getIdentitySession().getRoleManager().findRoles(userName, null); - //TODO: Exo UI has hardcoded casts to List - List<Membership> memberships = new LinkedList<Membership>(); + HashSet<MembershipImpl> memberships = new HashSet<MembershipImpl>(); for (Role role : roles) { - MembershipImpl m = new MembershipImpl(); - Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup()); - m.setGroupId(g.getId()); - m.setUserName(role.getUser().getId()); - m.setMembershipType(role.getRoleType().getName()); - memberships.add(m); + if (isCreateMembership(role.getRoleType().getName())) + { + MembershipImpl m = new MembershipImpl(); + Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup()); + m.setGroupId(g.getId()); + m.setUserName(role.getUser().getId()); + m.setMembershipType(role.getRoleType().getName()); + memberships.add(m); + } } + + if (isAssociationMapped()) + { - return memberships; - } + Collection<org.picketlink.idm.api.Group> groups = + getIdentitySession().getRelationshipManager().findAssociatedGroups(userName, null); - static void removeMembershipEntriesOfGroup(PicketLinkIDMOrganizationServiceImpl orgService, Group group, - IdentitySession session) throws Exception - { - String gid = session.getPersistenceManager(). - createGroupKey(group.getGroupName(), orgService.getConfiguration().getGroupType(group.getParentId())); + for (org.picketlink.idm.api.Group group : groups) + { + MembershipImpl m = new MembershipImpl(); + Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(group); + m.setGroupId(g.getId()); + m.setUserName(userName); + m.setMembershipType(getAssociationMapping()); + memberships.add(m); + } + + } - Collection<Role> roles = session.getRoleManager().findRoles(gid, null); - for (Role role : roles) - { - session.getRoleManager().removeRole(role); - } + return new LinkedList(memberships); } +// static void removeMembershipEntriesOfGroup(PicketLinkIDMOrganizationServiceImpl orgService, Group group, +// IdentitySession session) throws Exception +// { +// String gid = session.getPersistenceManager(). +// createGroupKey(group.getGroupName(), orgService.getConfiguration().getGroupType(group.getParentId())); +// +// Collection<Role> roles = session.getRoleManager().findRoles(gid, null); +// +// for (Role role : roles) +// { +// session.getRoleManager().removeRole(role); +// } +// +// +// } + public Collection findMembershipsByGroup(Group group) throws Exception { return findMembershipsByGroupId(group.getId()); @@ -313,21 +416,41 @@ Collection<Role> roles = getIdentitySession().getRoleManager().findRoles(gid, null); - //TODO: Exo UI has hardcoded casts to List - List<Membership> memberships = new LinkedList<Membership>(); + HashSet<MembershipImpl> memberships = new HashSet<MembershipImpl>(); for (Role role : roles) { - MembershipImpl m = new MembershipImpl(); - Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup()); - m.setGroupId(g.getId()); - m.setUserName(role.getUser().getId()); - m.setMembershipType(role.getRoleType().getName()); - memberships.add(m); + if (isCreateMembership(role.getRoleType().getName())) + { + MembershipImpl m = new MembershipImpl(); + Group g = ((GroupDAOImpl)orgService.getGroupHandler()).convertGroup(role.getGroup()); + m.setGroupId(g.getId()); + m.setUserName(role.getUser().getId()); + m.setMembershipType(role.getRoleType().getName()); + memberships.add(m); + } } - return memberships; + if (isAssociationMapped()) + { + Collection<org.picketlink.idm.api.User> users = + getIdentitySession().getRelationshipManager().findAssociatedUsers(gid, false, null); + + for (org.picketlink.idm.api.User user : users) + { + MembershipImpl m = new MembershipImpl(); + m.setGroupId(groupId); + m.setUserName(user.getId()); + m.setMembershipType(getAssociationMapping()); + memberships.add(m); + } + + } + + //TODO: Exo UI has harcoded casts to List + return new LinkedList(memberships); + } public Membership findMembership(String id) throws Exception @@ -338,11 +461,21 @@ getIdentitySession().getPersistenceManager().createGroupKey(getGroupNameFromId(m.getGroupId()), getGroupTypeFromId(m.getGroupId())); - if (getIdentitySession().getRoleManager().hasRole(m.getUserName(), groupId, m.getMembershipType())) + if (isCreateMembership(m.getMembershipType()) && + getIdentitySession().getRoleManager().hasRole(m.getUserName(), groupId, m.getMembershipType())) { return m; } + if (isAssociationMapped() && getAssociationMapping().equals(m.getMembershipType()) && + getIdentitySession().getRelationshipManager().isAssociatedByKeys(groupId, m.getUserName())) + { + return m; + } + + + + return null; } @@ -401,4 +534,36 @@ return orgService.getConfiguration().getGroupType(parentId); } + + protected boolean isAssociationMapped() + { + String mapping = orgService.getConfiguration().getAssociationMembershipType(); + + if (mapping != null && mapping.length() > 0) + { + return true; + } + return false; + } + + protected String getAssociationMapping() + { + return orgService.getConfiguration().getAssociationMembershipType(); + } + + protected boolean ignoreMappedMembershipType() + { + return orgService.getConfiguration().isIgnoreMappedMembershipType(); + } + + protected boolean isCreateMembership(String typeName) + { + if (isAssociationMapped() && + getAssociationMapping().equals(typeName) && + ignoreMappedMembershipType()) + { + return false; + } + return true; + } } Modified: portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipImpl.java =================================================================== --- portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipImpl.java 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/component/identity/src/main/java/org/exoplatform/services/organization/idm/MembershipImpl.java 2010-02-02 10:36:54 UTC (rev 1498) @@ -103,4 +103,43 @@ { this.groupId = groupId; } + + @Override + public boolean equals(Object o) + { + if (this == o) + { + return true; + } + if (!(o instanceof MembershipImpl)) + { + return false; + } + + MembershipImpl that = (MembershipImpl)o; + + if (groupId != null ? !groupId.equals(that.groupId) : that.groupId != null) + { + return false; + } + if (membershipType != null ? !membershipType.equals(that.membershipType) : that.membershipType != null) + { + return false; + } + if (userName != null ? !userName.equals(that.userName) : that.userName != null) + { + return false; + } + + return true; + } + + @Override + public int hashCode() + { + int result = membershipType != null ? membershipType.hashCode() : 0; + result = 31 * result + (userName != null ? userName.hashCode() : 0); + result = 31 * result + (groupId != null ? groupId.hashCode() : 0); + return result; + } } Modified: portal/trunk/component/identity/src/test/java/conf/portal/idm-configuration.xml =================================================================== --- portal/trunk/component/identity/src/test/java/conf/portal/idm-configuration.xml 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/component/identity/src/test/java/conf/portal/idm-configuration.xml 2010-02-02 10:36:54 UTC (rev 1498) @@ -65,6 +65,18 @@ <!--</entry>--> </map> </field> + <!-- If this option is used then each Membership created with MembrshipType that is + equal to value specified here will be stored in PicketLink IDM as simple + Group-User association--> + <field name="associationMembershipType"> + <string>member</string> + </field> + <!-- if "associationMembershipType" option is used and this option is set to true + then Membership with MembershipType configured to be stored as PicketLink IDM association + will not be stored as PicketLink IDM Role --> + <field name="ignoreMappedMembershipType"> + <boolean>false</boolean> + </field> </object> </object-param> </init-params> Modified: portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml =================================================================== --- portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2010-02-02 09:59:12 UTC (rev 1497) +++ portal/trunk/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2010-02-02 10:36:54 UTC (rev 1498) @@ -94,16 +94,30 @@ </entry> <!-- Uncomment for sample LDAP configuration --> - <!--<entry>--> - <!--<key><string>/platform/*</string></key>--> - <!--<value><string>platform_type</string></value>--> - <!--</entry>--> - <!--<entry>--> - <!--<key><string>/organization/*</string></key>--> - <!--<value><string>organization_type</string></value>--> - <!--</entry>--> + <!-- + <entry> + <key><string>/platform/*</string></key> + <value><string>platform_type</string></value> + </entry> + <entry> + <key><string>/organization/*</string></key> + <value><string>organization_type</string></value> + </entry> + --> </map> </field> + <!-- If this option is used then each Membership created with MembrshipType that is + equal to value specified here will be stored in PicketLink IDM as simple + Group-User association--> + <field name="associationMembershipType"> + <string>member</string> + </field> + <!-- if "associationMembershipType" option is used and this option is set to true + then Membership with MembershipType configured to be stored as PicketLink IDM association + will not be stored as PicketLink IDM Role --> + <field name="ignoreMappedMembershipType"> + <boolean>false</boolean> + </field> </object> </object-param> </init-params>