Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

read roles from shiro.ini

Browse source
This commit is contained in:
Prabhjyot Singh 2016-06-09 23:36:00 +05:30
parent e8f1f97756
commit ed54a92194
2 changed files with 18 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
zeppelin-server/src/main/java/org/apache/zeppelin/server/LdapGroupRealm.java
View file

@ -31,6 +31,7 @@ import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;
@ -55,8 +56,7 @@ public class LdapGroupRealm extends JndiLdapRealm {
LdapContext ldapContext,
String userDnTemplate) throws NamingException {
try {
Set<String> roleNames;
roleNames = new LinkedHashSet<String>();
Set<String> roleNames = new LinkedHashSet<String>();
SearchControls searchCtls = new SearchControls();
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
@ -89,6 +89,6 @@ public class LdapGroupRealm extends JndiLdapRealm {
LOG.error("Error", e);
}
return null;
return new HashSet<>();
}
}

50
zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
View file

@ -17,25 +17,17 @@
package org.apache.zeppelin.utils;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.realm.ldap.JndiLdapRealm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.server.ActiveDirectoryGroupRealm;
import org.apache.zeppelin.server.LdapGroupRealm;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.*;
/**
* Tools for securing Zeppelin
@ -93,6 +85,7 @@ public class SecurityUtils {
public static HashSet<String> getRoles() {
Subject subject = org.apache.shiro.SecurityUtils.getSubject();
HashSet<String> roles = new HashSet<>();
Map allRoles = new HashMap();
if (subject.isAuthenticated()) {
Collection realmsList = SecurityUtils.getRealmsList();
@ -100,33 +93,20 @@ public class SecurityUtils {
Realm realm = iterator.next();
String name = realm.getName();
if (name.equals("iniRealm")) {
for (String role : Arrays.asList("role1", "role2", "role3")) {
if (subject.hasRole(role)) {
roles.add(role);
}
}
} else if (name.equals("ldapRealm")) {
JndiLdapRealm r = (JndiLdapRealm) realm;
JndiLdapContextFactory CF = (JndiLdapContextFactory) r.getContextFactory();
try {
LdapContext ctx = CF.getSystemLdapContext();
LdapGroupRealm ldapGroupRealm = new LdapGroupRealm();
String userDnTemplate = r.getUserDnTemplate();
return (HashSet<String>) ldapGroupRealm.getRoleNamesForUser(
subject.getPrincipal().toString(), ctx, userDnTemplate);
} catch (NamingException e) {
e.printStackTrace();
}
} else if (name.equals("activeDirectoryRealm")) {
ActiveDirectoryGroupRealm r = (ActiveDirectoryGroupRealm) realm;
try {
return (HashSet<String>) r.getRoleNamesForUser(subject.getPrincipal().toString(),
r.ensureContextFactory().getSystemLdapContext());
} catch (NamingException e) {
e.printStackTrace();
}
IniRealm r = (IniRealm) realm;
allRoles = r.getIni().get("roles");
break;
}
}
Iterator it = allRoles.entrySet().iterator();
while (it.hasNext()) {
Map.Entry pair = (Map.Entry) it.next();
if (subject.hasRole((String) pair.getKey())) {
roles.add((String) pair.getKey());
}
}
}
return roles;
}