001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Arnaud Kervern 018 */ 019 020package org.nuxeo.ecm.platform.shibboleth.computedgroups; 021 022import java.util.ArrayList; 023import java.util.List; 024 025import org.nuxeo.ecm.core.api.DocumentModel; 026import org.nuxeo.ecm.core.api.DocumentModelList; 027import org.nuxeo.ecm.directory.Session; 028import org.nuxeo.ecm.directory.api.DirectoryService; 029import org.nuxeo.ecm.platform.computedgroups.AbstractGroupComputer; 030import org.nuxeo.ecm.platform.shibboleth.ShibbolethConstants; 031import org.nuxeo.ecm.platform.shibboleth.ShibbolethGroupHelper; 032import org.nuxeo.ecm.platform.usermanager.NuxeoPrincipalImpl; 033import org.nuxeo.runtime.api.Framework; 034 035public class ShibbolethGroupComputer extends AbstractGroupComputer { 036 037 protected String getDirectoryName() { 038 return ShibbolethConstants.SHIBBOLETH_DIRECTORY; 039 } 040 041 @Override 042 public List<String> getAllGroupIds() { 043 List<String> groupsId = new ArrayList<>(); 044 for (DocumentModel group : getAllGroups()) { 045 groupsId.add(group.getId()); 046 } 047 return groupsId; 048 } 049 050 @Override 051 public List<String> getGroupMembers(String arg0) { 052 // Cannot retrieve group member for a specific group, cause it's 053 // assigned at user login. 054 return null; 055 } 056 057 @Override 058 public List<String> getGroupsForUser(NuxeoPrincipalImpl nxPrincipal) { 059 List<String> groupsId = new ArrayList<>(); 060 for (DocumentModel group : getAllGroups()) { 061 String el = (String) group.getPropertyValue(ShibbolethConstants.SHIBBOLETH_SCHEMA + ":" 062 + ShibbolethConstants.GROUP_EL_PROPERTY); 063 if (ELGroupComputerHelper.isUserInGroup(nxPrincipal.getModel(), el)) { 064 groupsId.add(group.getId()); 065 } 066 } 067 return groupsId; 068 } 069 070 @Override 071 public List<String> getParentsGroupNames(String arg0) { 072 return ShibbolethGroupHelper.getParentsGroups(arg0); 073 } 074 075 @Override 076 public List<String> getSubGroupsNames(String arg0) { 077 return null; 078 } 079 080 /** 081 * Get current Directory Service 082 */ 083 private DirectoryService getDS() { 084 return Framework.getService(DirectoryService.class); 085 } 086 087 /** 088 * List all Shibboleth Group in a DocumentModelList 089 */ 090 private DocumentModelList getAllGroups() { 091 try (Session shibGroupDirectory = getDS().open(getDirectoryName())) { 092 return shibGroupDirectory.getEntries(); 093 } 094 } 095}