libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-1300 Added FullNameLDAPFederationMapper

Browse source
This commit is contained in:
mposolda 2015-05-18 19:31:00 +02:00
parent 1490f106f2
commit 975337f225
8 changed files with 288 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
federation/ldap/src/main/java/org/keycloak/federation/ldap/LDAPUtils.java
View file

@ -9,7 +9,6 @@ import org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.federation.ldap.mappers.LDAPFederationMapper; import org.keycloak.federation.ldap.mappers.LDAPFederationMapper;
import org.keycloak.models.ModelException; import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapper;
import org.keycloak.models.UserFederationMapperModel; import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
@ -179,4 +178,9 @@ public class LDAPUtils {
String usernameAttr = config.getUsernameLdapAttribute(); String usernameAttr = config.getUsernameLdapAttribute();
return (String) ldapUser.getAttribute(usernameAttr); return (String) ldapUser.getAttribute(usernameAttr);
} }
public static boolean parseBooleanParameter(UserFederationMapperModel mapperModel, String paramName) {
String readOnly = mapperModel.getConfig().get(paramName);
return Boolean.parseBoolean(readOnly);
}
} }

2
federation/ldap/src/main/java/org/keycloak/federation/ldap/idm/query/internal/LDAPIdentityQuery.java
View file

@ -186,7 +186,7 @@ public class LDAPIdentityQuery {
} }
public Set<Condition> getConditions() { public Set<Condition> getConditions() {
return unmodifiableSet(this.conditions); return this.conditions;
} }
} }

84
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/TxAwareLDAPUserModelDelegate.java → federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/AbstractTxAwareLDAPUserModelDelegate.java
View file

@ -1,12 +1,8 @@
package org.keycloak.federation.ldap.mappers; package org.keycloak.federation.ldap.mappers;
import java.util.HashMap;
import java.util.Map;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.federation.ldap.LDAPFederationProvider; import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.idm.model.LDAPObject; import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakTransaction; import org.keycloak.models.KeycloakTransaction;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.utils.UserModelDelegate; import org.keycloak.models.utils.UserModelDelegate;
@ -14,71 +10,57 @@ import org.keycloak.models.utils.UserModelDelegate;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/ */
public class TxAwareLDAPUserModelDelegate extends UserModelDelegate { public abstract class AbstractTxAwareLDAPUserModelDelegate extends UserModelDelegate {
private static final Logger logger = Logger.getLogger(TxAwareLDAPUserModelDelegate.class); public static final Logger logger = Logger.getLogger(AbstractTxAwareLDAPUserModelDelegate.class);
protected LDAPFederationProvider provider; protected LDAPFederationProvider provider;
protected LDAPObject ldapObject; protected LDAPObject ldapObject;
protected LDAPTransaction transaction; private final LDAPTransaction transaction;
// Map of allowed writable UserModel attributes to LDAP attributes. Includes UserModel properties (firstName, lastName, email, ...) public AbstractTxAwareLDAPUserModelDelegate(UserModel delegate, LDAPFederationProvider provider, LDAPObject ldapObject) {
private final Map<String, String> mappedAttributes = new HashMap<String, String>();
public TxAwareLDAPUserModelDelegate(UserModel delegate, LDAPFederationProvider provider, LDAPObject ldapObject) {
super(delegate); super(delegate);
this.provider = provider; this.provider = provider;
this.ldapObject = ldapObject; this.ldapObject = ldapObject;
this.transaction = findOrCreateTransaction();
} }
public void addMappedAttribute(String userModelAttrName, String ldapAttrName) { public LDAPTransaction getTransaction() {
mappedAttributes.put(userModelAttrName, ldapAttrName); return transaction;
} }
@Override // Try to find transaction in any delegate. We want to enlist just single transaction per all delegates
public void setAttribute(String name, String value) { protected LDAPTransaction findOrCreateTransaction() {
setLDAPAttribute(name, value); UserModelDelegate delegate = this;
while (true) {
super.setAttribute(name, value); UserModel deleg = delegate.getDelegate();
} if (!(deleg instanceof UserModelDelegate)) {
// Existing transaction not available. Need to create new
@Override return new LDAPTransaction();
public void setEmail(String email) { } else {
setLDAPAttribute(UserModel.EMAIL, email); delegate = (UserModelDelegate) deleg;
super.setEmail(email);
}
@Override
public void setLastName(String lastName) {
setLDAPAttribute(UserModel.LAST_NAME, lastName);
super.setLastName(lastName);
}
@Override
public void setFirstName(String firstName) {
setLDAPAttribute(UserModel.FIRST_NAME, firstName);
super.setFirstName(firstName);
}
protected void setLDAPAttribute(String modelAttrName, String value) {
String ldapAttrName = mappedAttributes.get(modelAttrName);
if (ldapAttrName != null) {
if (logger.isTraceEnabled()) {
logger.tracef("Pushing user attribute to LDAP. Model attribute name: %s, LDAP attribute name: %s, Attribute value: %s", modelAttrName, ldapAttrName, value);
} }
if (transaction == null) { // Check if it's transaction aware delegate
transaction = new LDAPTransaction(); if (delegate instanceof AbstractTxAwareLDAPUserModelDelegate) {
provider.getSession().getTransaction().enlistAfterCompletion(transaction); AbstractTxAwareLDAPUserModelDelegate txDelegate = (AbstractTxAwareLDAPUserModelDelegate) delegate;
return txDelegate.getTransaction();
} }
ldapObject.setAttribute(ldapAttrName, value);
} }
} }
protected void ensureTransactionStarted() {
if (transaction.state == TransactionState.NOT_STARTED) {
if (logger.isTraceEnabled()) {
logger.trace("Starting and enlisting transaction for object " + ldapObject.getDn().toString());
}
this.provider.getSession().getTransaction().enlistAfterCompletion(transaction);
}
}
protected class LDAPTransaction implements KeycloakTransaction { protected class LDAPTransaction implements KeycloakTransaction {
protected TransactionState state = TransactionState.NOT_STARTED; protected TransactionState state = TransactionState.NOT_STARTED;

174
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/FullNameLDAPFederationMapper.java Normal file
View file

@ -0,0 +1,174 @@
package org.keycloak.federation.ldap.mappers;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.QueryParameter;
import org.keycloak.federation.ldap.idm.query.internal.EqualCondition;
import org.keycloak.federation.ldap.idm.query.internal.LDAPIdentityQuery;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
/**
* Mapper useful for the LDAP deployments when some attribute (usually CN) is mapped to full name of user
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class FullNameLDAPFederationMapper extends AbstractLDAPFederationMapper {
public static final String LDAP_FULL_NAME_ATTRIBUTE = "ldap.full.name.attribute";
public static final String READ_ONLY = "read.only";
@Override
public String getHelpText() {
return "Some help text - full name mapper - TODO";
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return null;
}
@Override
public String getId() {
return "full-name-ldap-mapper";
}
@Override
public void importUserFromLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapObject, UserModel user, boolean isCreate) {
String ldapFullNameAttrName = getLdapFullNameAttrName(mapperModel);
String fullName = (String) ldapObject.getAttribute(ldapFullNameAttrName);
fullName = fullName.trim();
if (fullName != null) {
int lastSpaceIndex = fullName.lastIndexOf(" ");
if (lastSpaceIndex == -1) {
user.setLastName(fullName);
} else {
user.setFirstName(fullName.substring(0, lastSpaceIndex));
user.setLastName(fullName.substring(lastSpaceIndex + 1));
}
}
}
@Override
public void registerUserToLDAP(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapObject, UserModel localUser) {
String ldapFullNameAttrName = getLdapFullNameAttrName(mapperModel);
String fullName = getFullName(localUser.getFirstName(), localUser.getLastName());
ldapObject.setAttribute(ldapFullNameAttrName, fullName);
if (isReadOnly(mapperModel)) {
ldapObject.addReadOnlyAttributeName(ldapFullNameAttrName);
}
}
@Override
public UserModel proxy(final UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapObject, UserModel delegate) {
if (ldapProvider.getEditMode() == UserFederationProvider.EditMode.WRITABLE && !isReadOnly(mapperModel)) {
AbstractTxAwareLDAPUserModelDelegate txDelegate = new AbstractTxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapObject) {
@Override
public void setFirstName(String firstName) {
super.setFirstName(firstName);
setFullNameToLDAPObject();
}
@Override
public void setLastName(String lastName) {
super.setLastName(lastName);
setFullNameToLDAPObject();
}
private void setFullNameToLDAPObject() {
String fullName = getFullName(getFirstName(), getLastName());
if (logger.isTraceEnabled()) {
logger.tracef("Pushing full name attribute to LDAP. Full name: %s", fullName);
}
ensureTransactionStarted();
String ldapFullNameAttrName = getLdapFullNameAttrName(mapperModel);
ldapObject.setAttribute(ldapFullNameAttrName, fullName);
}
};
return txDelegate;
} else {
return delegate;
}
}
@Override
public void beforeLDAPQuery(UserFederationMapperModel mapperModel, LDAPIdentityQuery query) {
String ldapFullNameAttrName = getLdapFullNameAttrName(mapperModel);
query.addReturningLdapAttribute(ldapFullNameAttrName);
// Change conditions and compute condition for fullName from the conditions for firstName and lastName. Right now just "equal" condition is supported
EqualCondition firstNameCondition = null;
EqualCondition lastNameCondition = null;
Set<Condition> conditionsCopy = new HashSet<Condition>(query.getConditions());
for (Condition condition : conditionsCopy) {
QueryParameter param = condition.getParameter();
if (param != null) {
if (param.getName().equals(UserModel.FIRST_NAME)) {
firstNameCondition = (EqualCondition) condition;
query.getConditions().remove(condition);
} else if (param.getName().equals(UserModel.LAST_NAME)) {
lastNameCondition = (EqualCondition) condition;
query.getConditions().remove(condition);
} else if (param.getName().equals(LDAPConstants.GIVENNAME)) {
// Some previous mapper already converted it
firstNameCondition = (EqualCondition) condition;
} else if (param.getName().equals(LDAPConstants.SN)) {
// Some previous mapper already converted it
lastNameCondition = (EqualCondition) condition;
}
}
}
String fullName = null;
if (firstNameCondition != null && lastNameCondition != null) {
fullName = firstNameCondition.getValue() + " " + lastNameCondition.getValue();
} else if (firstNameCondition != null) {
fullName = (String) firstNameCondition.getValue();
} else if (firstNameCondition != null) {
fullName = (String) lastNameCondition.getValue();
} else {
return;
}
EqualCondition fullNameCondition = new EqualCondition(new QueryParameter(ldapFullNameAttrName), fullName);
query.getConditions().add(fullNameCondition);
}
protected String getLdapFullNameAttrName(UserFederationMapperModel mapperModel) {
String ldapFullNameAttrName = mapperModel.getConfig().get(LDAP_FULL_NAME_ATTRIBUTE);
return ldapFullNameAttrName == null ? LDAPConstants.CN : ldapFullNameAttrName;
}
protected String getFullName(String firstName, String lastName) {
if (firstName != null && lastName != null) {
return firstName + " " + lastName;
} else if (firstName != null) {
return firstName;
} else if (lastName != null) {
return lastName;
} else {
return LDAPConstants.EMPTY_ATTRIBUTE_VALUE;
}
}
private boolean isReadOnly(UserFederationMapperModel mapperModel) {
return LDAPUtils.parseBooleanParameter(mapperModel, READ_ONLY);
}
}

64
federation/ldap/src/main/java/org/keycloak/federation/ldap/mappers/UserAttributeLDAPFederationMapper.java
View file

@ -6,6 +6,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import org.keycloak.federation.ldap.LDAPFederationProvider; import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPObject; import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.idm.query.Condition; import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.QueryParameter; import org.keycloak.federation.ldap.idm.query.QueryParameter;
@ -42,6 +43,8 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
public static final String USER_MODEL_ATTRIBUTE = "user.model.attribute"; public static final String USER_MODEL_ATTRIBUTE = "user.model.attribute";
public static final String LDAP_ATTRIBUTE = "ldap.attribute"; public static final String LDAP_ATTRIBUTE = "ldap.attribute";
// TODO: Merge with fullname mapper
public static final String READ_ONLY = "read.only"; public static final String READ_ONLY = "read.only";
@Override @Override
@ -56,7 +59,7 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
@Override @Override
public String getId() { public String getId() {
return "ldap-user-attribute-mapper"; return "user-attribute-ldap-mapper";
} }
@Override @Override
@ -104,18 +107,52 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
public UserModel proxy(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapObject, UserModel delegate) { public UserModel proxy(UserFederationMapperModel mapperModel, LDAPFederationProvider ldapProvider, LDAPObject ldapObject, UserModel delegate) {
if (ldapProvider.getEditMode() == UserFederationProvider.EditMode.WRITABLE && !isReadOnly(mapperModel)) { if (ldapProvider.getEditMode() == UserFederationProvider.EditMode.WRITABLE && !isReadOnly(mapperModel)) {
// This assumes that mappers are sorted by type! Maybe improve... final String userModelAttrName = mapperModel.getConfig().get(USER_MODEL_ATTRIBUTE);
TxAwareLDAPUserModelDelegate txDelegate; final String ldapAttrName = mapperModel.getConfig().get(LDAP_ATTRIBUTE);
if (delegate instanceof TxAwareLDAPUserModelDelegate) {
// We will reuse already existing delegate and just register our mapped attribute in existing transaction.
txDelegate = (TxAwareLDAPUserModelDelegate) delegate;
} else {
txDelegate = new TxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapObject);
}
String userModelAttrName = mapperModel.getConfig().get(USER_MODEL_ATTRIBUTE); AbstractTxAwareLDAPUserModelDelegate txDelegate = new AbstractTxAwareLDAPUserModelDelegate(delegate, ldapProvider, ldapObject) {
String ldapAttrName = mapperModel.getConfig().get(LDAP_ATTRIBUTE);
txDelegate.addMappedAttribute(userModelAttrName, ldapAttrName); @Override
public void setAttribute(String name, String value) {
setLDAPAttribute(name, value);
super.setAttribute(name, value);
}
@Override
public void setEmail(String email) {
setLDAPAttribute(UserModel.EMAIL, email);
super.setEmail(email);
}
@Override
public void setLastName(String lastName) {
setLDAPAttribute(UserModel.LAST_NAME, lastName);
super.setLastName(lastName);
}
@Override
public void setFirstName(String firstName) {
setLDAPAttribute(UserModel.FIRST_NAME, firstName);
super.setFirstName(firstName);
}
protected void setLDAPAttribute(String modelAttrName, String value) {
if (modelAttrName.equals(userModelAttrName)) {
if (logger.isTraceEnabled()) {
logger.tracef("Pushing user attribute to LDAP. Model attribute name: %s, LDAP attribute name: %s, Attribute value: %s", modelAttrName, ldapAttrName, value);
}
ensureTransactionStarted();
ldapObject.setAttribute(ldapAttrName, value);
}
}
};
return txDelegate; return txDelegate;
} else { } else {
@ -144,7 +181,6 @@ public class UserAttributeLDAPFederationMapper extends AbstractLDAPFederationMap
} }
private boolean isReadOnly(UserFederationMapperModel mapperModel) { private boolean isReadOnly(UserFederationMapperModel mapperModel) {
String readOnly = mapperModel.getConfig().get(READ_ONLY); return LDAPUtils.parseBooleanParameter(mapperModel, READ_ONLY);
return Boolean.parseBoolean(readOnly);
} }
} }

3
federation/ldap/src/main/resources/META-INF/services/org.keycloak.models.UserFederationMapper
View file

@ -1 +1,2 @@
org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper
org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper

3
model/api/src/main/java/org/keycloak/models/utils/UserModelDelegate.java
View file

@ -227,4 +227,7 @@ public class UserModelDelegate implements UserModel {
return delegate.revokeConsentForClient(clientId); return delegate.revokeConsentForClient(clientId);
} }
public UserModel getDelegate() {
return delegate;
}
} }

28
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmAdapter.java vendored
View file

@ -957,26 +957,38 @@ public class RealmAdapter implements RealmModel {
public List<UserFederationMapperModel> getUserFederationMappers() { public List<UserFederationMapperModel> getUserFederationMappers() {
// TODO: Some hardcoded stuff... // TODO: Some hardcoded stuff...
List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>(); List<UserFederationMapperModel> mappers = new ArrayList<UserFederationMapperModel>();
mappers.add(createMapperModel("usn", "usernameMapper", "ldap-user-attribute-mapper",
mappers.add(createMapperModel("usn", "usernameMapper", "user-attribute-ldap-mapper",
"user.model.attribute", UserModel.USERNAME, "user.model.attribute", UserModel.USERNAME,
"ldap.attribute", LDAPConstants.UID)); "ldap.attribute", LDAPConstants.UID));
mappers.add(createMapperModel("fn", "firstNameMapper", "ldap-user-attribute-mapper",
// Uncomment this for CN + SN config
/*mappers.add(createMapperModel("fn", "firstNameMapper", "user-attribute-ldap-mapper",
"user.model.attribute", UserModel.FIRST_NAME, "user.model.attribute", UserModel.FIRST_NAME,
"ldap.attribute", LDAPConstants.CN)); "ldap.attribute", LDAPConstants.CN));*/
mappers.add(createMapperModel("ln", "lastNameMapper", "ldap-user-attribute-mapper",
// Uncomment this for CN + SN + givenname config
mappers.add(createMapperModel("fn", "firstNameMapper", "user-attribute-ldap-mapper",
"user.model.attribute", UserModel.FIRST_NAME,
"ldap.attribute", LDAPConstants.GIVENNAME));
mappers.add(createMapperModel("fulln", "fullNameMapper", "full-name-ldap-mapper",
"ldap.full.name.attribute", LDAPConstants.CN));
mappers.add(createMapperModel("ln", "lastNameMapper", "user-attribute-ldap-mapper",
"user.model.attribute", UserModel.LAST_NAME, "user.model.attribute", UserModel.LAST_NAME,
"ldap.attribute", LDAPConstants.SN)); "ldap.attribute", LDAPConstants.SN));
mappers.add(createMapperModel("emailMpr", "emailMapper", "ldap-user-attribute-mapper",
mappers.add(createMapperModel("emailMpr", "emailMapper", "user-attribute-ldap-mapper",
"user.model.attribute", UserModel.EMAIL, "user.model.attribute", UserModel.EMAIL,
"ldap.attribute", LDAPConstants.EMAIL)); "ldap.attribute", LDAPConstants.EMAIL));
mappers.add(createMapperModel("postalCodeMpr", "postalCodeMapper", "ldap-user-attribute-mapper", mappers.add(createMapperModel("postalCodeMpr", "postalCodeMapper", "user-attribute-ldap-mapper",
"user.model.attribute", "postal_code", "user.model.attribute", "postal_code",
"ldap.attribute", LDAPConstants.POSTAL_CODE)); "ldap.attribute", LDAPConstants.POSTAL_CODE));
mappers.add(createMapperModel("createdDateMpr", "createTimeStampMapper", "ldap-user-attribute-mapper", mappers.add(createMapperModel("createdDateMpr", "createTimeStampMapper", "user-attribute-ldap-mapper",
"user.model.attribute", LDAPConstants.CREATE_TIMESTAMP, "user.model.attribute", LDAPConstants.CREATE_TIMESTAMP,
"ldap.attribute", LDAPConstants.CREATE_TIMESTAMP, "ldap.attribute", LDAPConstants.CREATE_TIMESTAMP,
"read.only", "true")); "read.only", "true"));
mappers.add(createMapperModel("modifyDateMpr", "modifyTimeStampMapper", "ldap-user-attribute-mapper", mappers.add(createMapperModel("modifyDateMpr", "modifyTimeStampMapper", "user-attribute-ldap-mapper",
"user.model.attribute", LDAPConstants.MODIFY_TIMESTAMP, "user.model.attribute", LDAPConstants.MODIFY_TIMESTAMP,
"ldap.attribute", LDAPConstants.MODIFY_TIMESTAMP, "ldap.attribute", LDAPConstants.MODIFY_TIMESTAMP,
"read.only", "true")); "read.only", "true"));