From: Alessandro Boch Date: Wed, 12 Jun 2013 19:24:41 +0000 (-0700) Subject: UserManager as role coordinator X-Git-Tag: releasepom-0.1.0~372^2 X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=commitdiff_plain;h=8edbf27645702fb43144e8fbcb6e0720e4de29fc;hp=37ff82351675cc5c279dfe88c6daf10cbbf9f48b UserManager as role coordinator - UM to expose API to check if a role name is already in use - Included search in local authorization configurations when querying for roles on user, getUserRoles() - Added local authorization code to Junit to exercise the above - Minor code refactoring to resuse getUserRoles() to avoid code duplication - Downgrade and changed log level on cache allocation when cache is already present - Removed new line in UM log messages to be in line with other bundles Signed-off-by: Alessandro Boch --- diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java index ed23b5f067..85a97f0b85 100644 --- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java +++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java @@ -267,6 +267,18 @@ public interface IUserManager extends UserDetailsService { */ public ISessionManager getSessionManager(); + /** + * Checks if the specified role belongs to any application. Usually an + * application will call this function when configuring a role, to check if + * that role is already being used by another application. + * + * @param role + * The role to check + * @return true if the specified role belongs to any application or if the + * role is a well-known controller role, false otherwise. + */ + public boolean isRoleInUse(String role); + /* non-Javadoc * Returns the password for a given user * diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java index 5ddf6be6c5..e835887606 100644 --- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java +++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java @@ -156,9 +156,9 @@ public class UserManagerImpl implements IUserManager, IObjectReader, "usermanager.authorizationSaveConfigEvent", EnumSet.of(IClusterServices.cacheMode.NON_TRANSACTIONAL)); } catch (CacheConfigException cce) { - logger.error("\nCache configuration invalid - check cache mode"); + logger.error("Cache configuration invalid - check cache mode"); } catch (CacheExistException ce) { - logger.error("\nCache already exits - destroy and recreate if needed"); + logger.debug("Skipping cache creation as already present"); } } @@ -172,43 +172,43 @@ public class UserManagerImpl implements IUserManager, IObjectReader, activeUsers = (ConcurrentMap) clusterGlobalService .getCache("usermanager.activeUsers"); if (activeUsers == null) { - logger.error("\nFailed to get cache for activeUsers"); + logger.error("Failed to get cache for activeUsers"); } localUserConfigList = (ConcurrentMap) clusterGlobalService .getCache("usermanager.localUserConfigList"); if (localUserConfigList == null) { - logger.error("\nFailed to get cache for localUserConfigList"); + logger.error("Failed to get cache for localUserConfigList"); } remoteServerConfigList = (ConcurrentMap) clusterGlobalService .getCache("usermanager.remoteServerConfigList"); if (remoteServerConfigList == null) { - logger.error("\nFailed to get cache for remoteServerConfigList"); + logger.error("Failed to get cache for remoteServerConfigList"); } authorizationConfList = (ConcurrentMap) clusterGlobalService .getCache("usermanager.authorizationConfList"); if (authorizationConfList == null) { - logger.error("\nFailed to get cache for authorizationConfList"); + logger.error("Failed to get cache for authorizationConfList"); } localUserListSaveConfigEvent = (ConcurrentMap) clusterGlobalService .getCache("usermanager.localUserSaveConfigEvent"); if (localUserListSaveConfigEvent == null) { - logger.error("\nFailed to get cache for localUserSaveConfigEvent"); + logger.error("Failed to get cache for localUserSaveConfigEvent"); } remoteServerSaveConfigEvent = (ConcurrentMap) clusterGlobalService .getCache("usermanager.remoteServerSaveConfigEvent"); if (remoteServerSaveConfigEvent == null) { - logger.error("\nFailed to get cache for remoteServerSaveConfigEvent"); + logger.error("Failed to get cache for remoteServerSaveConfigEvent"); } authorizationSaveConfigEvent = (ConcurrentMap) clusterGlobalService .getCache("usermanager.authorizationSaveConfigEvent"); if (authorizationSaveConfigEvent == null) { - logger.error("\nFailed to get cache for authorizationSaveConfigEvent"); + logger.error("Failed to get cache for authorizationSaveConfigEvent"); } } @@ -866,29 +866,29 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public List getUserRoles(String userName) { - if (userName == null) { - return new ArrayList(0); + List roles = null; + if (userName != null) { + /* + * First look in active users then in local configured users, + * finally in local authorized users + */ + if (activeUsers.containsKey(userName)) { + roles = activeUsers.get(userName).getUserRoles(); + } else if (localUserConfigList.containsKey(userName)) { + roles = localUserConfigList.get(userName).getRoles(); + } else if (authorizationConfList.containsKey(userName)) { + roles = authorizationConfList.get(userName).getRoles(); + } } - AuthenticatedUser locatedUser = activeUsers.get(userName); - return (locatedUser == null) ? new ArrayList(0) : locatedUser - .getUserRoles(); + return (roles == null) ? new ArrayList(0) : roles; } @Override public UserLevel getUserLevel(String username) { - // Returns the controller well-know user level for the passed user - List rolesNames = null; - - // First check in active users then in local configured users - if (activeUsers.containsKey(username)) { - List roles = activeUsers.get(username).getUserRoles(); - rolesNames = (roles == null || roles.isEmpty()) ? null : roles; - } else if (localUserConfigList.containsKey(username)) { - UserConfig config = localUserConfigList.get(username); - rolesNames = (config == null) ? null : config.getRoles(); - } + // Returns the highest controller user level for the passed user + List rolesNames = getUserRoles(username); - if (rolesNames == null) { + if (rolesNames.isEmpty()) { return UserLevel.NOUSER; } @@ -926,19 +926,11 @@ public class UserManagerImpl implements IUserManager, IObjectReader, @Override public List getUserLevels(String username) { - // Returns the controller well-know user levels for the passed user - List rolesNames = null; + // Returns the controller user levels for the passed user + List rolesNames = getUserRoles(username); List levels = new ArrayList(); - if (activeUsers.containsKey(username)) { - List roles = activeUsers.get(username).getUserRoles(); - rolesNames = (roles == null || roles.isEmpty()) ? null : roles; - } else if (localUserConfigList.containsKey(username)) { - UserConfig config = localUserConfigList.get(username); - rolesNames = (config == null) ? null : config.getRoles(); - } - - if (rolesNames == null) { + if (rolesNames.isEmpty()) { return levels; } @@ -1075,7 +1067,7 @@ public class UserManagerImpl implements IUserManager, IObjectReader, } - // following are setters for use in unit testing + // Following are setters for use in unit testing void setLocalUserConfigList(ConcurrentMap ucl) { if (ucl != null) { this.localUserConfigList = ucl; @@ -1119,4 +1111,32 @@ public class UserManagerImpl implements IUserManager, IObjectReader, public String getPassword(String username) { return localUserConfigList.get(username).getPassword(); } + + @Override + public boolean isRoleInUse(String role) { + if (role == null || role.isEmpty()) { + return false; + } + // Check against controller roles + if (role.equals(UserLevel.SYSTEMADMIN.toString()) + || role.equals(UserLevel.NETWORKADMIN.toString()) + || role.equals(UserLevel.NETWORKOPERATOR.toString())) { + return true; + } + // Check if container roles + if (containerAuthorizationClient != null) { + if (containerAuthorizationClient.isApplicationRole(role)) { + return true; + } + } + // Finally if application role + if (applicationAuthorizationClients != null) { + for (IResourceAuthorization client : this.applicationAuthorizationClients) { + if (client.isApplicationRole(role)) { + return true; + } + } + } + return false; + } } diff --git a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java index 626011bd69..df421e4fe6 100644 --- a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java +++ b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java @@ -55,14 +55,17 @@ public class UserManagerImplTest { // Server config can't be empty static final long serialVersionUID = 8645L; + @Override public String getAddress() { return "1.1.1.1"; } + @Override public String getSecret() { return "secret"; } + @Override public String getProtocol() { return "IPv4"; } @@ -80,11 +83,21 @@ public class UserManagerImplTest { "7029,7455,8165,7029,7881", roles)); } }); + + um.setAuthorizationConfList(new ConcurrentHashMap() { + static final long serialVersionUID = 2L; + { + List roles = new ArrayList(3); + roles.add(UserLevel.NETWORKOPERATOR.toString()); + roles.add("Container1-Admin"); + roles.add("Application2-User"); + + put("Andrew", new AuthorizationConfig("Andrew", roles)); + } + }); // instantiate an empty activeUser collection um.setActiveUsers(new ConcurrentHashMap()); - } - } /** @@ -97,11 +110,13 @@ public class UserManagerImplTest { // instantiate an anonymous AAAProvider IAAAProvider a3p = new IAAAProvider() { + @Override public AuthResponse authService(String userName, String password, String server, String secretKey) { return new AuthResponse(); }; + @Override public String getName() { return "dummyAAAProvider"; } @@ -254,6 +269,9 @@ public class UserManagerImplTest { Assert.assertTrue(um.getUserLevel("Jack") == UserLevel.SYSTEMADMIN); // Run the check on configured users Assert.assertTrue(um.getUserLevel("John") == UserLevel.NETWORKOPERATOR); - Assert.assertTrue(um.getUserLevel("Andrew") == UserLevel.NOUSER); + // Run the check on local authorized users + Assert.assertTrue(um.getUserLevel("Andrew") == UserLevel.NETWORKOPERATOR); + // Non locally known user + Assert.assertTrue(um.getUserLevel("Tom") == UserLevel.NOUSER); } }