[Engine-patches] Change in ovirt-engine[master]: [WIP] Add temporary LDAP authenticator

Thu, 13 Jun 2013 05:13:31 -0700 

Juan Hernandez has uploaded a new change for review.

Change subject: [WIP] Add temporary LDAP authenticator
......................................................................

[WIP] Add temporary LDAP authenticator

This change adds a new temporary LDAP authenticator provider intended to
serve as a bridge between the new authenticator interface introduced in
a previous change and the existing LDAP infrastructure. This bridge will
exist while the LDAP engine is migrated step by step to use the new
interfaces.

Change-Id: I9a0374d788f46ad7989cad5200babe03213b44aa
Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com>
---
A 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticator.java
A 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticatorProvider.java
M 
backend/manager/modules/bll/src/main/resources/META-INF/services/org.ovirt.engine.core.bll.auth.AuthenticatorSpi
3 files changed, 113 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/62/15662/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticator.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticator.java
new file mode 100644
index 0000000..94babb7
--- /dev/null
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticator.java
@@ -0,0 +1,72 @@
+package org.ovirt.engine.core.bll.auth.ldap;
+
+import org.apache.log4j.Logger;
+import org.ovirt.engine.core.bll.adbroker.AdActionType;
+import org.ovirt.engine.core.bll.adbroker.LdapBroker;
+import org.ovirt.engine.core.bll.adbroker.LdapFactory;
+import org.ovirt.engine.core.bll.adbroker.LdapReturnValueBase;
+import org.ovirt.engine.core.bll.adbroker.LdapUserPasswordBaseParameters;
+import org.ovirt.engine.core.bll.adbroker.UserAuthenticationResult;
+import org.ovirt.engine.core.bll.auth.Authenticator;
+
+/**
+ * This authenticator implementation is a bridge between the new directory
+ * interface and the existing LDAP infrastructure. It will exist only while the
+ * engine is migrated to use the new authenticator interface, then it will be
+ * removed.
+ */
+public class ProvisionalLdapAuthenticator implements Authenticator {
+    // The log:
+    private Logger log = Logger.getLogger(ProvisionalLdapAuthenticator.class);
+
+    // The name of the domain:
+    private String domain;
+
+    public ProvisionalLdapAuthenticator(String domain) {
+        this.domain = domain;
+    }
+
+    @Override
+    public String getName() {
+        return domain;
+    }
+
+    @Override
+    public boolean authenticate(String name, Object credentials) {
+        // Check that the provided credential is a string, as the only
+        // credentials that we that we support in this authenticator is a
+        // password contained in a string:
+        if (credentials == null) {
+            log.error(
+                "Can't authenticate user \"" + name + "\", no credentials " +
+                "have been provided."
+            );
+            return false;
+        }
+        String password = null;
+        if (!(credentials instanceof String)) {
+            log.error(
+                "Can't authenticate user \"" + name + "\", the credentials " +
+                "should be a password contained in a string but they are of " +
+                "type \"" + credentials.getClass().getName() + "\"."
+            );
+            return false;
+        }
+
+        // Perform the authentication using the old mechanism:
+        LdapBroker ldapBroker = LdapFactory.getInstance(domain);
+        LdapReturnValueBase ldapResult = ldapBroker.RunAdAction(
+            AdActionType.AuthenticateUser,
+            new LdapUserPasswordBaseParameters(domain, name, password)
+        );
+        UserAuthenticationResult authResult = (UserAuthenticationResult) 
ldapResult.getReturnValue();
+        if (authResult != null && authResult.isSuccessful()) {
+            log.info("The user \"" + name + "\" has been successfully 
authenticated.");
+            return true;
+        }
+        else {
+            log.info("The user \"" + name + "\" failed to authenticate.");
+            return false;
+        }
+    }
+}
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticatorProvider.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticatorProvider.java
new file mode 100644
index 0000000..a58e7cf
--- /dev/null
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/auth/ldap/ProvisionalLdapAuthenticatorProvider.java
@@ -0,0 +1,40 @@
+package org.ovirt.engine.core.bll.auth.ldap;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.ovirt.engine.core.bll.adbroker.LdapBrokerUtils;
+import org.ovirt.engine.core.bll.auth.Authenticator;
+import org.ovirt.engine.core.bll.auth.AuthenticatorSpi;
+
+public class ProvisionalLdapAuthenticatorProvider implements AuthenticatorSpi {
+    // The list of authenticators managed by this implementation (will be 
lazily
+    // initialized later:
+    private volatile List<Authenticator> authenticators;
+
+    @Override
+    public List<Authenticator> getAuthenticators() {
+        if (authenticators == null) {
+            synchronized (ProvisionalLdapAuthenticatorProvider.class) {
+                if (authenticators == null) {
+                    authenticators = loadAuthenticators();
+                }
+            }
+        }
+        return authenticators;
+    }
+
+    /**
+     * Get the list of domains using the old mechanism, excluding the internal
+     * domain, then create an implementation for each one.
+     */
+    private List<Authenticator> loadAuthenticators() {
+        List<String> domains = LdapBrokerUtils.getDomainsList(true);
+        List<Authenticator> result = new 
ArrayList<Authenticator>(domains.size());
+        for (String domain : domains) {
+            ProvisionalLdapAuthenticator authenticator = new 
ProvisionalLdapAuthenticator(domain);
+            result.add(authenticator);
+        }
+        return result;
+    }
+}
diff --git 
a/backend/manager/modules/bll/src/main/resources/META-INF/services/org.ovirt.engine.core.bll.auth.AuthenticatorSpi
 
b/backend/manager/modules/bll/src/main/resources/META-INF/services/org.ovirt.engine.core.bll.auth.AuthenticatorSpi
index fd1091e..c59b9af 100644
--- 
a/backend/manager/modules/bll/src/main/resources/META-INF/services/org.ovirt.engine.core.bll.auth.AuthenticatorSpi
+++ 
b/backend/manager/modules/bll/src/main/resources/META-INF/services/org.ovirt.engine.core.bll.auth.AuthenticatorSpi
@@ -1 +1,2 @@
 org.ovirt.engine.core.bll.auth.internal.InternalAuthenticatorProvider
+org.ovirt.engine.core.bll.auth.ldap.ProvisionalLdapAuthenticatorProvider


-- 
To view, visit http://gerrit.ovirt.org/15662
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9a0374d788f46ad7989cad5200babe03213b44aa
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to