diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java index 3f7a3c2b43..e6d45af0f1 100644 --- a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java @@ -66,7 +66,9 @@ import sonia.scm.web.security.AuthenticationResult; import java.io.IOException; +import java.util.Collection; import java.util.Set; +import java.util.TreeSet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -189,10 +191,10 @@ public class ActiveDirectoryAuthenticationHandler implements logger.info("Active Directory domain is " + defaultNamingContext); con = ClassFactory.createConnection(); con.provider("ADsDSOObject"); - con - .open("Active Directory Provider", ""/*default*/, ""/*default*/, -1/*default*/); + con.open("Active Directory Provider", ""/*default*/, ""/*default*/, -1/*default*/); logger.debug("Connected to Active Directory"); - } catch (ExecutionException ex) + } + catch (ExecutionException ex) { logger.error("Failure initializing ADSI connection", ex); } @@ -278,51 +280,40 @@ public class ActiveDirectoryAuthenticationHandler implements .queryInterface(IADsUser.class); if (usr != null) { - User user = new User(username, usr.fullName(), usr.emailAddress()); - user.setType(TYPE); - user.setAdmin(isAdmin(usr, username)); if (!usr.accountDisabled()) { - result = new AuthenticationResult(user); - } else + User user = new User(username, usr.fullName(), usr.emailAddress()); + user.setType(TYPE); + result = new AuthenticationResult(user, getGroups(usr)); + } + else { // Account disabled result = AuthenticationResult.FAILED; } - } else + } + else {// the user name was in fact a group result = AuthenticationResult.NOT_FOUND; } - } catch (ComException e) + } + catch (ComException e) { result = AuthenticationResult.FAILED; } return result; } - private boolean isAdmin(IADsUser usr, String username) + private Collection getGroups(IADsUser usr) { - boolean admin = false; - - Set adminGroups = config.getAdminGroupSet(); - if (!adminGroups.isEmpty()) + Set groups = new TreeSet(); + for (Com4jObject g : usr.groups()) { - for (Com4jObject g : usr.groups()) - { - IADsGroup grp = g.queryInterface(IADsGroup.class); - // cut "CN=" and make that the role name - String groupName = grp.name().substring(3); - if (adminGroups.contains(groupName)) - { - admin = true; - } - } + IADsGroup grp = g.queryInterface(IADsGroup.class); + // cut "CN=" and make that the role name + String groupName = grp.name().substring(3); + groups.add(groupName); } - - if (config.getAdminUserSet().contains(username)) - { - admin = true; - } - return admin; + return groups; } protected String getDnOfUserOrGroup(String userOrGroupname) @@ -336,7 +327,8 @@ public class ActiveDirectoryAuthenticationHandler implements if (!rs.eof()) { dn = rs.fields().item("distinguishedName").value().toString(); - } else + } + else { dn = null; // No such user or group } diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java index 717414d3f2..e2d76d6a23 100644 --- a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java @@ -29,18 +29,12 @@ * */ - - package sonia.scm.activedirectory.auth; //~--- JDK imports ------------------------------------------------------------ -import java.util.HashSet; -import java.util.Set; - import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; /** @@ -50,80 +44,4 @@ import javax.xml.bind.annotation.XmlRootElement; @XmlRootElement(name = "activedirectory-config") @XmlAccessorType(XmlAccessType.FIELD) public class ActiveDirectoryConfig -{ - - /** - * Method description - * - * - * @return - */ - public String getAdminGroups() - { - return adminGroups; - } - - /** - * Method description - * - * - * @return - */ - public String getAdminUsers() - { - return adminUsers; - } - - Set getAdminGroupSet() { - return split(adminGroups); - } - - Set getAdminUserSet() { - return split(adminUsers); - } - - private Set split(String rawString) { - Set tokens = new HashSet(); - for(String token : rawString.split(",")) { - if(token.trim().length() > 0) { - tokens.add(token); - } - } - return tokens; - } - - //~--- set methods ---------------------------------------------------------- - - /** - * Method description - * - * - * @param passwordSuffix - */ - public void setAdminGroups(String adminGroups) - { - this.adminGroups = adminGroups; - } - - /** - * Method description - * - * - * @param passwordSuffix - */ - public void setAdminUsers(String adminUsers) - { - this.adminUsers = adminUsers; - } - - //~--- fields --------------------------------------------------------------- - - /** Field description */ - @XmlElement(name = "admin-groups") - private String adminGroups = ""; - - /** Field description */ - @XmlElement(name = "admin-users") - private String adminUsers = ""; - -} +{} diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java index cd15785441..3ded0dddf8 100644 --- a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java @@ -29,8 +29,6 @@ * */ - - package sonia.scm.activedirectory.auth; //~--- non-JDK imports --------------------------------------------------------