Package opengrok.auth.plugin

Class AbstractLdapPlugin

java.lang.Object

opengrok.auth.plugin.AbstractLdapPlugin

All Implemented Interfaces:

IAuthorizationPlugin

Direct Known Subclasses:

LdapAttrPlugin, LdapFilterPlugin, LdapUserPlugin

public abstract class AbstractLdapPlugin
extends Object
implements IAuthorizationPlugin

Abstract class for all plug-ins working with LDAP. Takes care of

• controlling the established session
• controlling if the session belongs to the user

The intended methods to implement are the checkEntity(HttpServletRequest, Project) and checkEntity(HttpServletRequest, Group).

Author:

Krystof Tulinger

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	CONFIGURATION_PARAM
protected static long	nextId	This is used to ensure that every instance of this plug-in has its own unique name for its session parameters.
protected String	sessionEstablished
protected String	sessionUsername

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AbstractLdapPlugin()

Method Summary

Modifier and Type	Method	Description
abstract boolean	checkEntity(jakarta.servlet.http.HttpServletRequest request, Group group)	Decide if the group should be allowed for this request.
abstract boolean	checkEntity(jakarta.servlet.http.HttpServletRequest request, Project project)	Decide if the project should be allowed for this request.
abstract void	fillSession(jakarta.servlet.http.HttpServletRequest req, User user)	Fill the session with some information related to the subclass.
Configuration	getConfiguration()	Return the configuration object.
protected Configuration	getConfiguration(String configurationPath)	Return the configuration for the given path.
AbstractLdapProvider	getLdapProvider()	Return the LDAP provider.
boolean	isAllowed(jakarta.servlet.http.HttpServletRequest request, Group group)	This method should decide if given request should be allowed to view or display the group.
boolean	isAllowed(jakarta.servlet.http.HttpServletRequest request, Project project)	This method should decide if given request should be allowed to view or display the project.
protected boolean	isSameUser(String sessionUsername, String authUser)	Check if the session user corresponds to the authenticated user.
void	load(Map<String,Object> parameters)	Loads the configuration into memory.
protected boolean	sessionExists(jakarta.servlet.http.HttpServletRequest req)	Check if the session exists and contains all necessary fields required by this plug-in.
protected void	setSessionEstablished(jakarta.servlet.http.HttpServletRequest req, Boolean value)	Set session established flag into the session.
protected void	setSessionUsername(jakarta.servlet.http.HttpServletRequest req, String value)	Set session username for the user.
void	unload()	Closes the LDAP connections.
protected void	updateSession(jakarta.servlet.http.HttpServletRequest req, String username, boolean established)	Fill the session with new values.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

nextId

protected static long nextId

This is used to ensure that every instance of this plug-in has its own unique name for its session parameters.

CONFIGURATION_PARAM

protected static final String CONFIGURATION_PARAM

See Also:

• Constant Field Values

sessionUsername

protected String sessionUsername

sessionEstablished

protected String sessionEstablished

Constructor Details

AbstractLdapPlugin

protected AbstractLdapPlugin()

Method Details

fillSession

public abstract void fillSession(jakarta.servlet.http.HttpServletRequest req,
 User user)

Fill the session with some information related to the subclass.

Parameters:

req - the current request

user - user decoded from the headers

checkEntity

public abstract boolean checkEntity(jakarta.servlet.http.HttpServletRequest request,
 Project project)

Decide if the project should be allowed for this request.

Parameters:

request - the request

project - the project

Returns:

true if yes; false otherwise

checkEntity

public abstract boolean checkEntity(jakarta.servlet.http.HttpServletRequest request,
 Group group)

Decide if the group should be allowed for this request.

Parameters:

request - the request

group - the group

Returns:

true if yes; false otherwise

load

public void load(Map<String,Object> parameters)

Loads the configuration into memory.

Specified by:

load in interface IAuthorizationPlugin

Parameters:

parameters - parameters specified in the configuration

getConfiguration

protected Configuration getConfiguration(String configurationPath)
                                  throws IOException

Return the configuration for the given path. If the configuration is already loaded, use that one. Otherwise try to load the file into the configuration.

Parameters:

configurationPath - the path to the file with the configuration

Returns:

the object (new or from cache)

Throws:

IOException - when any IO error occurs

unload

public void unload()

Closes the LDAP connections.

Specified by:

unload in interface IAuthorizationPlugin

getConfiguration

public Configuration getConfiguration()

Return the configuration object.

Returns:

the configuration

getLdapProvider

public AbstractLdapProvider getLdapProvider()

Return the LDAP provider.

Returns:

the LDAP provider

isSameUser

protected boolean isSameUser(String sessionUsername,
 String authUser)

Check if the session user corresponds to the authenticated user.

Parameters:

sessionUsername - user from the session

authUser - user from the request

Returns:

true if it does; false otherwise

sessionExists

protected boolean sessionExists(jakarta.servlet.http.HttpServletRequest req)

Check if the session exists and contains all necessary fields required by this plug-in.

Parameters:

req - the HTTP request

Returns:

true if it does; false otherwise

updateSession

protected void updateSession(jakarta.servlet.http.HttpServletRequest req,
 String username,
 boolean established)

Fill the session with new values.

Parameters:

req - the request

username - new username

established - new value for established

setSessionEstablished

protected void setSessionEstablished(jakarta.servlet.http.HttpServletRequest req,
 Boolean value)

Set session established flag into the session.

Parameters:

req - request containing the session

value - the value

setSessionUsername

protected void setSessionUsername(jakarta.servlet.http.HttpServletRequest req,
 String value)

Set session username for the user.

Parameters:

req - request containing the session

value - the value

isAllowed

public boolean isAllowed(jakarta.servlet.http.HttpServletRequest request,
 Project project)

Description copied from interface: IAuthorizationPlugin

This method should decide if given request should be allowed to view or display the project. It is up to the implementor if the standard request attributes like session, user principal and others are used or not.

Specified by:

isAllowed in interface IAuthorizationPlugin

Parameters:

request - servlet request

project - project to test

Returns:

true if request is allowed to see this project

isAllowed

public boolean isAllowed(jakarta.servlet.http.HttpServletRequest request,
 Group group)

Description copied from interface: IAuthorizationPlugin

This method should decide if given request should be allowed to view or display the group. It is up to the implementor if the standard request attributes like session, user principal and others are used or not. VERY IMPORTANT NOTE: Allowing particular group does not allow its projects, repositories. You must include those in the isAllowed method for project if you want to display content of the group.

Specified by:

isAllowed in interface IAuthorizationPlugin

Parameters:

request - servlet request

group - group to test

Returns:

true if request is allowed to see this group of projects