/**
* Reads configured roles.
*
* @param request HTTP request.
* @param response HTTP response.
* @param context request context
* @throws IdentityException if a system error occurs
*/
private void executeReadConfigureRoles(
HttpServletRequest request, HttpServletResponse response, RequestContext context)
throws Exception {
String mimeType = "application/json";
String rolesJson = " { \"configuredRoles\" : [";
Roles roles = buildSelectableRoles(context);
ArrayList<String> sortedKeys = new ArrayList<String>(roles.keySet());
Collections.sort(sortedKeys);
boolean firstRole = true;
for (int i = 0; i < sortedKeys.size(); i++) {
Role role = roles.get(sortedKeys.get(i));
String roleDn = Val.chkStr(role.getDistinguishedName());
String roleKey = Val.chkStr(role.getKey());
String roleName = msgBroker.retrieveMessage(Val.chkStr(role.getResKey()));
if (!role.isManage()) continue;
if (!firstRole) {
rolesJson += ",";
} else {
firstRole = false;
}
rolesJson +=
" { \"roleName\" : \""
+ Val.escapeStrForJson(roleName)
+ "\" , \"roleDn\" : \""
+ Val.escapeStrForJson(roleDn)
+ "\" , \"roleKey\" : \""
+ Val.escapeStrForJson(roleKey)
+ "\" }";
}
rolesJson += " ] } ";
writeCharacterResponse(response, rolesJson, "UTF-8", mimeType + ";charset=UTF-8");
}
/**
* Executes a remove member action.
*
* @param request HTTP request.
* @param response HTTP response.
* @param context request context
* @throws Exception if an exception occurs
*/
protected void executeRemoveMember(
HttpServletRequest request, HttpServletResponse response, RequestContext context)
throws Exception {
try {
String[] parts = request.getRequestURI().toString().split("/");
String member = Val.chkStr(request.getParameter("member"));
String attempt = Val.chkStr(request.getParameter("attempt"));
IdentityAdapter idAdapter = context.newIdentityAdapter();
User user = new User();
user.setDistinguishedName(member);
idAdapter.readUserProfile(user);
if (parts.length > 0) {
String groupIdentifier = URLDecoder.decode(parts[5].trim(), "UTF-8");
if (!groupIdentifier.endsWith(groupDIT)) {
IdentityConfiguration idConfig = context.getIdentityConfiguration();
Roles configuredRoles = idConfig.getConfiguredRoles();
Role roleRegistered = configuredRoles.get(groupIdentifier);
groupIdentifier = roleRegistered.getDistinguishedName();
}
boolean isSelf = checkSelf(context, member);
if ((isSelf && attempt.equals("2")) || !isSelf) {
boolean checkGroupConfigured = true;
if (checkIfAllowConfigured(context)) {
checkGroupConfigured = checkIfConfigured(context, groupIdentifier);
}
boolean isAllowedToManage = true;
isAllowedToManage = checkIfAllowedToManage(context, groupIdentifier);
if (checkGroupConfigured) {
if (isAllowedToManage) {
idAdapter.removeUserFromGroup(user, groupIdentifier);
response
.getWriter()
.write(msgBroker.retrieveMessage("catalog.identity.removeRole.success"));
} else {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST,
"{ \"error\":\""
+ groupIdentifier
+ " is not allowed to be managed in geoportal. \"}");
return;
}
} else {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST,
"{ \"error\":\"" + groupIdentifier + " is not configured in geoportal. \"}");
return;
}
} else {
response.getWriter().write("prompt");
}
}
} finally {
}
}
/**
* Serializes list of ldap users matching filter.
*
* @param context the current request context
* @param filter the user search filter for ldap
* @return the list of users as json
* @throws IdentityException if a system error occurs preventing the action
* @throws NamingException if an LDAP naming exception occurs
* @throws SQLException
*/
protected String serializeUsersAsJson(
RequestContext context, String filter, String attributeName, boolean isMemberSearch)
throws IdentityException, NamingException, SQLException {
Users users = new Users();
int totalMatches = 0;
if (!isMemberSearch) {
HashMap<String, Object> resultsMap = buildUsersList(context, filter, null);
users = (Users) resultsMap.get("topUserMatches");
totalMatches = (Integer) resultsMap.get("totalMatches");
} else if (isMemberSearch && attributeName != null) {
Roles configuredRoles = context.getIdentityConfiguration().getConfiguredRoles();
Role role = configuredRoles.get(attributeName);
String sDn = role.getDistinguishedName();
IdentityAdapter idAdapter = context.newIdentityAdapter();
users = idAdapter.readGroupMembers(sDn);
totalMatches = users.size();
users.sort();
} else {
IdentityAdapter idAdapter = context.newIdentityAdapter();
Users members = idAdapter.readGroupMembers(filter);
for (User u : members.values()) {
users.add(u);
}
users.sort();
totalMatches = users.size();
}
String usersJson =
"{ \"totalUsers\" : \""
+ totalMatches
+ "\" ,\"topUsers\" : \""
+ users.size()
+ "\" , \"users\": [";
boolean firstUser = true;
for (User user : users.values()) {
String userName = user.getName();
String dn = user.getKey();
if (!firstUser) {
usersJson += ",";
} else {
firstUser = false;
}
usersJson +=
" { \"dn\" : \""
+ dn
+ "\" , \"userName\" : \""
+ Val.escapeStrForJson(userName)
+ "\" }";
}
usersJson += " ] }";
return usersJson;
}
/**
* Checks if group is allowed to manage.
*
* @param context
* @param groupIdentifier
* @return true if group is allowed to manage in geoportal
*/
protected boolean checkIfAllowedToManage(RequestContext context, String groupIdentifier) {
boolean isAllowedToManage = false;
Roles roles = buildSelectableRoles(context);
for (Role role : roles.values()) {
if (groupIdentifier.endsWith(groupDIT)) {
if (role.getDistinguishedName().equalsIgnoreCase(groupIdentifier) && role.isManage()) {
isAllowedToManage = true;
break;
}
} else {
if (role.getKey().equalsIgnoreCase(groupIdentifier) && role.isManage()) {
isAllowedToManage = true;
break;
}
}
}
return isAllowedToManage;
}
/**
* Serializes user information from ldap to json string.
*
* @param context request context
* @param user the user to be serialized
* @return the user profile information serialized as json string.
* @throws IdentityException if a system error occurs preventing the action
* @throws NamingException if an LDAP naming exception occurs
*/
protected String serializeUserAsJson(RequestContext context, User user)
throws IdentityException, NamingException {
String usersJson = "{ \"attributes\": [";
UserAttributeMap attributes = user.getProfile();
boolean first = true;
List<String> sortedKeys = new ArrayList<String>(attributes.keySet());
// Collections.sort(sortedKeys); TODO to sort or not ?
for (int i = 0; i < sortedKeys.size(); i++) {
UserAttribute attr = attributes.get(sortedKeys.get(i));
String key =
Val.chkStr(msgBroker.retrieveMessage("catalog.identity.profile.label." + attr.getKey()));
String value = "";
value = Val.chkStr(attr.getValue());
if (attr.getKey().equalsIgnoreCase("password")) continue;
if (!first) {
usersJson += ",";
} else {
first = false;
}
usersJson +=
" { \"key\" : \""
+ Val.escapeStrForJson(key)
+ "\" , \"value\" : \""
+ Val.escapeStrForJson(value)
+ "\" }";
}
usersJson += " ] , ";
usersJson += " \"userDn\" : \"" + user.getDistinguishedName() + " \" , ";
String groupsJson = " \"groups\" : [";
Groups groups = user.getGroups();
groups.sort();
boolean firstGroup = true;
for (Group group : groups.values()) {
String gkey = Val.chkStr(group.getKey());
String name = Val.chkStr(group.getName());
String dn = Val.chkStr(group.getDistinguishedName());
if (!firstGroup) {
groupsJson += ",";
} else {
firstGroup = false;
}
groupsJson +=
" { \"key\" : \""
+ Val.escapeStrForJson(gkey)
+ "\" , \"name\" : \""
+ Val.escapeStrForJson(name)
+ "\" , \"dn\" : \""
+ Val.escapeStrForJson(dn)
+ "\" }";
}
groupsJson += " ] , ";
String rolesJson = " \"selectableRoles\" : [";
Roles roles = buildSelectableRoles(context);
sortedKeys = new ArrayList<String>(roles.keySet());
Collections.sort(sortedKeys);
boolean firstRole = true;
for (int i = 0; i < sortedKeys.size(); i++) {
Role role = roles.get(sortedKeys.get(i));
String roleDn = Val.chkStr(role.getDistinguishedName());
String roleKey = Val.chkStr(role.getKey());
String roleName = msgBroker.retrieveMessage(Val.chkStr(role.getResKey()));
if (!role.isManage()) continue;
boolean hasRole = false;
for (Group group : groups.values()) {
String groupDn = Val.chkStr(group.getDistinguishedName());
if (roleDn.equals(groupDn)) {
hasRole = true;
break;
}
}
if (!firstRole) {
rolesJson += ",";
} else {
firstRole = false;
}
rolesJson +=
" { \"roleName\" : \""
+ Val.escapeStrForJson(roleName)
+ "\" , \"roleDn\" : \""
+ Val.escapeStrForJson(roleDn)
+ "\" , \"roleKey\" : \""
+ Val.escapeStrForJson(roleKey)
+ "\" , \"hasRole\" : \""
+ hasRole
+ "\" }";
}
rolesJson += " ] } ";
String json = usersJson + groupsJson + rolesJson;
return json;
}
