zeppelin git commit: ZEPPELIN-3570. Fix for doing user search for LDAPRealm

Thu, 05 Jul 2018 00:05:31 -0700 

Repository: zeppelin
Updated Branches:
  refs/heads/branch-0.8 a1de33298 -> 3ee7c192a


ZEPPELIN-3570. Fix for doing user search for LDAPRealm

To enable user search for LdapRealm.

Bug Fix

https://issues.apache.org/jira/browse/ZEPPELIN-3570

For the below config
```
[main]
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.userDnTemplate = cn={0},ou=Users,dc=company,dc=com
ldapRealm.contextFactory.url = ldap://<ldap-server-host>:389
ldapRealm.contextFactory.authenticationMechanism = SIMPLE
ldapRealm.searchBase = dc=company,dc=com
ldapRealm.userSearchBase = dc=company,dc=com
ldapRealm.groupSearchBase = dc=company,dc=com
ldapRealm.userSearchAttributeName = uid

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[urls]
/api/version = anon
/** = authc
```
user search in notebook/interpreter should work for partial string.

Author: Supreeth Sharma <ssharma@HW11607.local>

Closes #3045 from ssharma555/ZEPPELIN-3570 and squashes the following commits:

6a5a38e67 [Supreeth Sharma] ZEPPELIN-3570. Fix for doing user search for 
LDAPRealm

Change-Id: I46fd67b44f2632c430a0d2b9c7545a30974cc3a5
(cherry picked from commit 36f7d3da7af273a4458905727bfeda6473b16be9)
Signed-off-by: Prabhjyot Singh <prabhjyotsi...@gmail.com>

# Conflicts:
#       
zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
#       
zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/3ee7c192
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/3ee7c192
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/3ee7c192

Branch: refs/heads/branch-0.8
Commit: 3ee7c192afc8b04bf771c8744d3f092a2325437d
Parents: a1de332
Author: Supreeth Sharma <ssharma@HW11607.local>
Authored: Fri Jun 29 15:35:48 2018 +0530
Committer: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Committed: Thu Jul 5 12:34:35 2018 +0530

----------------------------------------------------------------------
 .../realm/ActiveDirectoryGroupRealm.java        | 39 ++++++++++----------
 .../org/apache/zeppelin/rest/GetUserList.java   | 13 ++++---
 .../apache/zeppelin/rest/SecurityRestApi.java   | 11 ++++--
 3 files changed, 34 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/3ee7c192/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
----------------------------------------------------------------------
diff --git 
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
 
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
index 79e5a66..bad501d 100644
--- 
a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
+++ 
b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
@@ -16,7 +16,23 @@
  */
 package org.apache.zeppelin.realm;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
 import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.LdapContext;
 import org.apache.commons.lang.StringUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
@@ -34,24 +50,6 @@ import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.LdapContext;
-
 
 /**
  * A {@link org.apache.shiro.realm.Realm} that authenticates with an active 
directory LDAP
@@ -256,12 +254,13 @@ public class ActiveDirectoryGroupRealm extends 
AbstractLdapRealm {
     return new SimpleAuthorizationInfo(roleNames);
   }
 
-  public List<String> searchForUserName(String containString, LdapContext 
ldapContext) throws
-      NamingException {
+  public List<String> searchForUserName(String containString, LdapContext 
ldapContext,
+      int numUsersToFetch) throws NamingException {
     List<String> userNameList = new ArrayList<>();
 
     SearchControls searchCtls = new SearchControls();
     searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+    searchCtls.setCountLimit(numUsersToFetch);
 
     String searchFilter = "(&(objectClass=*)(userPrincipalName=*" + 
containString + "*))";
     Object[] searchArguments = new Object[]{containString};

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/3ee7c192/zeppelin-server/src/main/java/org/apache/zeppelin/rest/GetUserList.java
----------------------------------------------------------------------
diff --git 
a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/GetUserList.java 
b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/GetUserList.java
index 954ee1a..5876de2 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/GetUserList.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/GetUserList.java
@@ -90,7 +90,7 @@ public class GetUserList {
   /**
    * function to extract users from LDAP
    */
-  public List<String> getUserList(JndiLdapRealm r, String searchText) {
+  public List<String> getUserList(JndiLdapRealm r, String searchText, int 
numUsersToFetch) {
     List<String> userList = new ArrayList<>();
     String userDnTemplate = r.getUserDnTemplate();
     String userDn[] = userDnTemplate.split(",", 2);
@@ -100,6 +100,7 @@ public class GetUserList {
     try {
       LdapContext ctx = CF.getSystemLdapContext();
       SearchControls constraints = new SearchControls();
+      constraints.setCountLimit(numUsersToFetch);
       constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
       String[] attrIDs = {userDnPrefix};
       constraints.setReturningAttributes(attrIDs);
@@ -122,7 +123,7 @@ public class GetUserList {
   /**
    * function to extract users from Zeppelin LdapRealm
    */
-  public List<String> getUserList(LdapRealm r, String searchText) {
+  public List<String> getUserList(LdapRealm r, String searchText, int 
numUsersToFetch) {
     List<String> userList = new ArrayList<>();
     if (LOG.isDebugEnabled()) {
       LOG.debug("SearchText: " + searchText);
@@ -135,11 +136,12 @@ public class GetUserList {
       LdapContext ctx = CF.getSystemLdapContext();
       SearchControls constraints = new SearchControls();
       constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
+      constraints.setCountLimit(numUsersToFetch);
       String[] attrIDs = {userAttribute};
       constraints.setReturningAttributes(attrIDs);
       NamingEnumeration result = ctx.search(userSearchRealm, "(&(objectclass=" 
+ 
             userObjectClass + ")(" 
-            + userAttribute + "=" + searchText + "))", constraints);
+            + userAttribute + "=*" + searchText + "*))", constraints);
       while (result.hasMore()) {
         Attributes attrs = ((SearchResult) result.next()).getAttributes();
         if (attrs.get(userAttribute) != null) {
@@ -186,11 +188,12 @@ public class GetUserList {
   }
   
 
-  public List<String> getUserList(ActiveDirectoryGroupRealm r, String 
searchText) {
+  public List<String> getUserList(ActiveDirectoryGroupRealm r, String 
searchText,
+      int numUsersToFetch) {
     List<String> userList = new ArrayList<>();
     try {
       LdapContext ctx = r.getLdapContextFactory().getSystemLdapContext();
-      userList = r.searchForUserName(searchText, ctx);
+      userList = r.searchForUserName(searchText, ctx, numUsersToFetch);
     } catch (Exception e) {
       LOG.error("Error retrieving User list from ActiveDirectory Realm", e);
     }

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/3ee7c192/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
----------------------------------------------------------------------
diff --git 
a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java 
b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
index 2255c1a..484bccb 100644
--- 
a/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
+++ 
b/zeppelin-server/src/main/java/org/apache/zeppelin/rest/SecurityRestApi.java
@@ -99,6 +99,7 @@ public class SecurityRestApi {
   @Path("userlist/{searchText}")
   public Response getUserList(@PathParam("searchText") final String 
searchText) {
 
+    final int numUsersToFetch = 5;
     List<String> usersList = new ArrayList<>();
     List<String> rolesList = new ArrayList<>();
     try {
@@ -115,13 +116,15 @@ public class SecurityRestApi {
             usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
             rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
           } else if (name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
-            usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) realm, 
searchText));
+            usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) realm, 
searchText,
+                numUsersToFetch));
           } else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
-            usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText));
+            usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, 
searchText,
+                numUsersToFetch));
             rolesList.addAll(getUserListObj.getRolesList((LdapRealm) realm));
           } else if 
(name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
             
usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
-                searchText));
+                searchText, numUsersToFetch));
           } else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
             usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
           }
@@ -151,7 +154,7 @@ public class SecurityRestApi {
         autoSuggestUserList.add(user);
         maxLength++;
       }
-      if (maxLength == 5) {
+      if (maxLength == numUsersToFetch) {
         break;
       }
     }

Reply via email to