DefaultLdapRoleMapper.java example

Explorer
pentaho-platform-master
/*
 * This program is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License, version 2 as published by the Free Software
 * Foundation.
 *
 * You should have received a copy of the GNU General Public License along with this
 * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html
 * or from the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU General Public License for more details.
 *
 * Copyright 2013 Pentaho Corporation.  All rights reserved.
 *
 * Copyright 2006 - 2013 Pentaho Corporation.  All rights reserved.
 */

package org.pentaho.platform.engine.security;

import org.pentaho.platform.api.engine.ISystemSettings;
import org.pentaho.platform.api.engine.security.IAuthenticationRoleMapper;
import org.pentaho.platform.engine.core.system.PentahoSystem;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;

/**
 * Map ldap role to pentaho security role
 */
public class DefaultLdapRoleMapper implements IAuthenticationRoleMapper, Serializable {

  Map<String,String> roleMap;

  private final static String DEFAULT_ROLE_ATTRIBUTE_VALUE = "cn";
  private final static String ROLE_ATTRIBUTE_PROPERTY = "allAuthoritiesSearch.roleAttribute";
  private final static String LDAP_PROPERTIES_FILENAME = "applicationContext-security-ldap.properties";

  /**
   *
   */
  public DefaultLdapRoleMapper() {
  }

  /**
   * Get the role attribute from PentahoSystem if not provided to constructor
   *
   * @param newRoleMap
   */
  public DefaultLdapRoleMapper( Map<String, String> newRoleMap ) {
    String roleAttribute = getRoleAttributeFromProperties();
    this.roleMap = new HashMap<String,String>();
    for ( Entry<String, String> roleEntry : newRoleMap.entrySet() ) {
      this.roleMap.put( ldapParseString( roleEntry.getKey(), roleAttribute ), roleEntry.getValue() );
    }
  }

  /**
   *
   * @param newRoleMap
   */
  public DefaultLdapRoleMapper( Map<String, String> newRoleMap, String roleAttribute ) {
    this.roleMap = new HashMap<String, String>();
    for ( Entry<String, String> roleEntry : newRoleMap.entrySet() ) {
      this.roleMap.put( ldapParseString( roleEntry.getKey(), roleAttribute ), roleEntry.getValue() );
    }
  }

  /**
   *
   * @param thirdPartyRole
   * @return
   */
  @Override
  public String toPentahoRole(String thirdPartyRole) {
    if(roleMap.containsKey(thirdPartyRole)) {
      return roleMap.get(thirdPartyRole);
    }
    return thirdPartyRole;
  }

  /**
   * Parse role name from fq ldap designation
   *
   * @param ldapString
   * @return
   */
  private String ldapParseString(String ldapString, String key){
    String[] tokens = ldapString.split(",");

    // should always be the first occurrence of the key, e.g.:
    // CN=MuppetAdmins,CN=pentahoDepartments,CN=Pentaho,DC=muppets,DC=com
    // only return if it matches expected key, likely allAuthoritiesSearch.roleAttribute
    // only return first occurrence if key exists multiple times
    if( tokens.length > 0 ){
    for(String token : tokens){
        if(token.split( "=" )[0].toLowerCase().equals(key.toLowerCase())){
        return token.split("=")[1];
      }
    }
    }

    return "";
  }

  /**
   *
   * @param pentahoRole
   * @return
   */
  @Override
  public String fromPentahoRole(String pentahoRole) {
    if(roleMap.containsValue(pentahoRole)) {
      for(Entry<String, String> roleEntry:roleMap.entrySet()) {
        if(roleEntry.getValue().equals(pentahoRole)) {
          return roleEntry.getKey();
        }
      }
    }
    return pentahoRole;
  }


  /**
   * get role attribute from ldap properties using PentahoSystem
   */
  private String getRoleAttributeFromProperties() {
    Properties ldapProperties = new Properties();

    try {
      File propertiesFile = new File(System.getProperty("PentahoSystemPath") + System.getProperty("line.separator") + LDAP_PROPERTIES_FILENAME);
      InputStream propertiesInputFile = new FileInputStream(propertiesFile);
      ldapProperties.load(propertiesInputFile);

      if (ldapProperties != null) {
        String roleAttribute = (String) ldapProperties.getProperty(ROLE_ATTRIBUTE_PROPERTY);
        if (roleAttribute != null) {
          return roleAttribute;
        }
      }
    } catch (FileNotFoundException e) {
      // just swallow exception and return default
    } catch (IOException e) {

    }

    return DEFAULT_ROLE_ATTRIBUTE_VALUE;
  }
}