Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor LDAP user store provider APIs #56

Merged
merged 2 commits into from
Jan 13, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 13 additions & 42 deletions auth-ballerina/listener_ldap_user_store_basic_auth_provider.bal
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import ballerina/crypto;
import ballerina/java;

// TODO: Group the configuration under connection, user, group sections
# Represents the configurations that are required for an LDAP auth store.
# Represents the configurations that are required for an LDAP user store.
#
# + domainName - Unique name to identify the user store
# + connectionURL - Connection URL of the LDAP server
Expand Down Expand Up @@ -73,11 +73,8 @@ public type SecureSocket record {|
string trustedCertFile?;
|};

# Represets the LDAP connection.
#
# + instanceId - Instance ID of the endpoint
public type LdapConnection record {|
string instanceId;
// Represents the LDAP connection.
type LdapConnection record {|
|};

# Represents the LDAP based listener Basic Auth provider. This connects to an active directory or an LDAP,
Expand All @@ -102,18 +99,15 @@ public class ListenerLdapUserStoreBasicAuthProvider {

*ListenerBasicAuthProvider;

string instanceId;
LdapConnection ldapConnection;
LdapUserStoreConfig ldapUserStoreConfig;

# Creates an LDAP auth store with the provided configurations.
#
# + ldapUserStoreConfig - The `auth:LdapUserStoreConfig` instance
# + instanceId - Instance ID of the endpoint
public isolated function init(LdapUserStoreConfig ldapUserStoreConfig, string instanceId) {
self.instanceId = instanceId;
public isolated function init(LdapUserStoreConfig ldapUserStoreConfig) {
self.ldapUserStoreConfig = ldapUserStoreConfig;
LdapConnection|Error ldapConnection = initLdapConnection(self.ldapUserStoreConfig, instanceId);
LdapConnection|Error ldapConnection = initLdapConnection(self.ldapUserStoreConfig);
if (ldapConnection is LdapConnection) {
self.ldapConnection = ldapConnection;
} else {
Expand Down Expand Up @@ -150,45 +144,22 @@ public class ListenerLdapUserStoreBasicAuthProvider {
}
}

# Retrieves the group(s) of the user related to the provided username.
# ```ballerina
# string[]|auth:Error groups = auth:getGroups(ldapConnection, username);
# ```
#
# + ldapConnection - The `auth:LdapConnection` instance
# + username - Username of the user to be checked for the groups
# + return - Array of groups of the provided user or else an `auth:Error` if it fails
public isolated function getLdapGroups(LdapConnection ldapConnection, string username)
returns string[]|Error = @java:Method {
// Retrieves the group(s) of the user related to the provided username.
isolated function getLdapGroups(LdapConnection ldapConnection, string username) returns string[]|Error = @java:Method {
name: "getGroups",
'class: "org.ballerinalang.stdlib.auth.ldap.nativeimpl.GetGroups"
} external;

# Authenticates with the provided username and password.
# ```ballerina
# boolean|auth:Error result = auth:authenticateWithLdap(ldapConnection, username, password);
# ```
#
# + ldapConnection - The `auth:LdapConnection` instance
# + username - Username of the user to be authenticated
# + password - Password of the user to be authenticated
# + return - `true` if authentication is successful, `false` otherwise, or else an `auth:Error` if an error occurred
public isolated function authenticateWithLdap(LdapConnection ldapConnection, string username, string password)
returns boolean|Error = @java:Method {
// Authenticates with the provided username and password.
isolated function authenticateWithLdap(LdapConnection ldapConnection, string username, string password)
returns boolean|Error = @java:Method {
name: "authenticate",
'class: "org.ballerinalang.stdlib.auth.ldap.nativeimpl.Authenticate"
} external;

# Initailizes the LDAP connection.
# ```ballerina
# auth:LdapConnection|auth:Error connection = auth:initLdapConnection(ldapUserStoreConfig, instanceId);
# ```
#
# + ldapUserStoreConfig - The `auth:LdapUserStoreConfig` instance
# + instanceId - Instance ID of the endpoint
# + return - The `auth:LdapConnection` instance or else an `auth:Error` if an error occurred
public isolated function initLdapConnection(LdapUserStoreConfig ldapUserStoreConfig, string instanceId)
returns LdapConnection|Error = @java:Method {
// Initializes the LDAP connection.
isolated function initLdapConnection(LdapUserStoreConfig ldapUserStoreConfig)
returns LdapConnection|Error = @java:Method {
name: "initLdapConnection",
'class: "org.ballerinalang.stdlib.auth.ldap.nativeimpl.InitLdapConnection"
} external;
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;

import javax.naming.NamingException;
import javax.naming.directory.DirContext;
Expand All @@ -50,9 +51,10 @@
*/
public class InitLdapConnection {

public static Object initLdapConnection(BMap<BString, Object> authProviderConfig, BString instanceId) {
public static Object initLdapConnection(BMap<BString, Object> authProviderConfig) {
CommonLdapConfiguration commonLdapConfiguration = new CommonLdapConfiguration();

String instanceId = UUID.randomUUID().toString();
commonLdapConfiguration.setDomainName(authProviderConfig.getStringValue(
StringUtils.fromString(LdapConstants.DOMAIN_NAME)).getValue());
commonLdapConfiguration.setConnectionURL(authProviderConfig.getStringValue(
Expand Down Expand Up @@ -101,8 +103,8 @@ public static Object initLdapConnection(BMap<BString, Object> authProviderConfig
StringUtils.fromString(LdapConstants.SECURE_AUTH_STORE_CONFIG)) : null;
try {
if (sslConfig != null) {
setSslConfig(sslConfig, commonLdapConfiguration, instanceId.getValue());
LdapUtils.setServiceName(instanceId.getValue());
setSslConfig(sslConfig, commonLdapConfiguration, instanceId);
LdapUtils.setServiceName(instanceId);
}
ConnectionContext connectionSource = new ConnectionContext(commonLdapConfiguration);
DirContext dirContext = connectionSource.getContext();
Expand All @@ -112,9 +114,7 @@ public static Object initLdapConnection(BMap<BString, Object> authProviderConfig
ldapConnectionRecord.addNativeData(LdapConstants.LDAP_CONFIGURATION, commonLdapConfiguration);
ldapConnectionRecord.addNativeData(LdapConstants.LDAP_CONNECTION_SOURCE, connectionSource);
ldapConnectionRecord.addNativeData(LdapConstants.LDAP_CONNECTION_CONTEXT, dirContext);
ldapConnectionRecord.addNativeData(LdapConstants.ENDPOINT_INSTANCE_ID, instanceId.getValue());
ldapConnectionRecord.put(StringUtils.fromString(LdapConstants.ENDPOINT_INSTANCE_ID),
StringUtils.fromString(instanceId.getValue()));
ldapConnectionRecord.addNativeData(LdapConstants.ENDPOINT_INSTANCE_ID, instanceId);
return ldapConnectionRecord;
} catch (KeyStoreException | KeyManagementException | NoSuchAlgorithmException
| CertificateException | NamingException | IOException | IllegalArgumentException e) {
Expand Down