Commit c63d4314 authored by Daniel Henninger's avatar Daniel Henninger Committed by dhenninger

[JM-1252] Built full lockout and security audit providers for clearspace. Need testing.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9943 b35dd754-fafc-0310-a699-88a17e54d16e
parent cb3b8de0
...@@ -12,6 +12,15 @@ package org.jivesoftware.openfire.clearspace; ...@@ -12,6 +12,15 @@ package org.jivesoftware.openfire.clearspace;
import org.jivesoftware.openfire.lockout.LockOutProvider; import org.jivesoftware.openfire.lockout.LockOutProvider;
import org.jivesoftware.openfire.lockout.LockOutFlag; import org.jivesoftware.openfire.lockout.LockOutFlag;
import org.jivesoftware.openfire.lockout.NotLockedOutException; import org.jivesoftware.openfire.lockout.NotLockedOutException;
import org.jivesoftware.openfire.user.UserNotFoundException;
import static org.jivesoftware.openfire.clearspace.ClearspaceManager.HttpType.GET;
import static org.jivesoftware.openfire.clearspace.ClearspaceManager.HttpType.PUT;
import org.jivesoftware.util.Log;
import org.dom4j.Node;
import org.dom4j.Element;
import org.dom4j.Document;
import org.dom4j.DocumentHelper;
/** /**
* The ClearspaceLockOutProvider uses the UserService web service inside of Clearspace * The ClearspaceLockOutProvider uses the UserService web service inside of Clearspace
...@@ -23,11 +32,16 @@ import org.jivesoftware.openfire.lockout.NotLockedOutException; ...@@ -23,11 +32,16 @@ import org.jivesoftware.openfire.lockout.NotLockedOutException;
*/ */
public class ClearspaceLockOutProvider implements LockOutProvider { public class ClearspaceLockOutProvider implements LockOutProvider {
protected static final String USER_URL_PREFIX = "userService/";
private ClearspaceManager manager;
/** /**
* Generate a ClearspaceLockOutProvider instance. * Generate a ClearspaceLockOutProvider instance.
*/ */
public ClearspaceLockOutProvider() { public ClearspaceLockOutProvider() {
// Gets the manager
manager = ClearspaceManager.getInstance();
} }
/** /**
...@@ -35,16 +49,27 @@ public class ClearspaceLockOutProvider implements LockOutProvider { ...@@ -35,16 +49,27 @@ public class ClearspaceLockOutProvider implements LockOutProvider {
* @see org.jivesoftware.openfire.lockout.LockOutProvider#getDisabledStatus(String) * @see org.jivesoftware.openfire.lockout.LockOutProvider#getDisabledStatus(String)
*/ */
public LockOutFlag getDisabledStatus(String username) throws NotLockedOutException { public LockOutFlag getDisabledStatus(String username) throws NotLockedOutException {
// TODO: Will need to retrieve disabled status and return it. try {
// Retrieve the disabled status, translate it into a LockOutFlag, and return it.
return checkUserDisabled(getUserByUsername(username));
}
catch (UserNotFoundException e) {
// Not a valid user? We will leave it up to the user provider to handle rejecting this user.
return null; return null;
} }
}
/** /**
* The ClearspaceLockOutProvider will set lockouts in Clearspace itself. * The ClearspaceLockOutProvider will set lockouts in Clearspace itself.
* @see org.jivesoftware.openfire.lockout.LockOutProvider#setDisabledStatus(org.jivesoftware.openfire.lockout.LockOutFlag) * @see org.jivesoftware.openfire.lockout.LockOutProvider#setDisabledStatus(org.jivesoftware.openfire.lockout.LockOutFlag)
*/ */
public void setDisabledStatus(LockOutFlag flag) { public void setDisabledStatus(LockOutFlag flag) {
// TODO: Will need to set disabled status. try {
setUserData(setEnabledStatus(getUserByUsername(flag.getUsername()), false));
}
catch (UserNotFoundException e) {
Log.error("Unable to set disabled status for Clearspace user: "+flag.getUsername());
}
} }
/** /**
...@@ -52,7 +77,12 @@ public class ClearspaceLockOutProvider implements LockOutProvider { ...@@ -52,7 +77,12 @@ public class ClearspaceLockOutProvider implements LockOutProvider {
* @see org.jivesoftware.openfire.lockout.LockOutProvider#unsetDisabledStatus(String) * @see org.jivesoftware.openfire.lockout.LockOutProvider#unsetDisabledStatus(String)
*/ */
public void unsetDisabledStatus(String username) { public void unsetDisabledStatus(String username) {
// TODO: Will need to unset disabled status. try {
setUserData(setEnabledStatus(getUserByUsername(username), true));
}
catch (UserNotFoundException e) {
Log.error("Unable to set enabled status for Clearspace user: "+username);
}
} }
/** /**
...@@ -79,4 +109,92 @@ public class ClearspaceLockOutProvider implements LockOutProvider { ...@@ -79,4 +109,92 @@ public class ClearspaceLockOutProvider implements LockOutProvider {
return false; return false;
} }
/**
* Modifies the XML returned about a user to indicate whether they are enabled or disabled.
* It is important for this to incorporate the existing user data and only tweak the field
* that we want to change.
*
* @param responseNode The node returned from user data request.
* @param enabled Whether the account should be enabled or disabled.
* @return A modified user data node with appropriate settings for whether they are disabled or enabled.
*/
private Node setEnabledStatus(Node responseNode, Boolean enabled) {
Node userNode = responseNode.selectSingleNode("return");
// Sets the enabled status
userNode.selectSingleNode("enabled").setText(enabled ? "true" : "false");
// Returns the modified node.
return userNode;
}
/**
* Examines the XML returned about a user to find out if they are enabled or disabled, throwing
* a NotLockedOutException if they are.
*
* @param responseNode Element returned from REST service. (@see #getUserByUsername)
* @return Either a LockOutFlag indicating that the user is disabled, or an exception is thrown.
* @throws NotLockedOutException if the user is not currently locked out.
*/
private LockOutFlag checkUserDisabled(Node responseNode) throws NotLockedOutException {
Node userNode = responseNode.selectSingleNode("return");
// Gets the username
String username = userNode.selectSingleNode("username").getText();
// Gets the enabled field
boolean isEnabled = Boolean.valueOf(userNode.selectSingleNode("enabled").getText());
if (isEnabled) {
// We're good, indicate that they're not locked out.
throw new NotLockedOutException();
}
else {
// Creates the lock out flag
return new LockOutFlag(username, null, null);
}
}
/**
* Retrieves user properties for a Clearspace user in XML format.
*
* @param username Username to look up.
* @return XML Element including information about the user.
* @throws UserNotFoundException The user was not found in the Clearspace database.
*/
private Element getUserByUsername(String username) throws UserNotFoundException {
try {
// Requests the user
String path = USER_URL_PREFIX + "users/" + username;
// return the response
return manager.executeRequest(GET, path);
}
catch (Exception e) {
// It is not supported exception, wrap it into an UserNotFoundException
throw new UserNotFoundException("Error loading the user", e);
}
}
/**
* Sets user properties data for a Clearspace user.
*
* @param node XML data to send to Clearspace REST service.
*/
private void setUserData(Node node) {
try {
// Requests the user
String path = USER_URL_PREFIX + "users";
// Creates the XML with the data
Document userDoc = DocumentHelper.createDocument();
Element rootE = userDoc.addElement("updateUser");
rootE.add(node);
manager.executeRequest(PUT, path, userDoc.asXML());
}
catch (Exception e) {
// Error while setting properties?
Log.error("Unable to set user data via REST service in Clearspace:", e);
}
}
} }
...@@ -12,6 +12,11 @@ package org.jivesoftware.openfire.clearspace; ...@@ -12,6 +12,11 @@ package org.jivesoftware.openfire.clearspace;
import org.jivesoftware.openfire.security.SecurityAuditProvider; import org.jivesoftware.openfire.security.SecurityAuditProvider;
import org.jivesoftware.openfire.security.SecurityAuditEvent; import org.jivesoftware.openfire.security.SecurityAuditEvent;
import org.jivesoftware.openfire.security.EventNotFoundException; import org.jivesoftware.openfire.security.EventNotFoundException;
import static org.jivesoftware.openfire.clearspace.ClearspaceManager.HttpType.POST;
import org.jivesoftware.util.Log;
import org.dom4j.Document;
import org.dom4j.DocumentHelper;
import org.dom4j.Element;
import java.util.List; import java.util.List;
import java.util.Date; import java.util.Date;
...@@ -25,11 +30,16 @@ import java.util.Date; ...@@ -25,11 +30,16 @@ import java.util.Date;
*/ */
public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider { public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
protected static final String AUDIT_URL_PREFIX = "auditService/";
private ClearspaceManager manager;
/** /**
* Generate a ClearspaceSecurityAuditProvider instance. * Generate a ClearspaceSecurityAuditProvider instance.
*/ */
public ClearspaceSecurityAuditProvider() { public ClearspaceSecurityAuditProvider() {
// Gets the manager
manager = ClearspaceManager.getInstance();
} }
/** /**
...@@ -38,7 +48,23 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider { ...@@ -38,7 +48,23 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
* @see org.jivesoftware.openfire.security.SecurityAuditProvider#logEvent(String, String, String) * @see org.jivesoftware.openfire.security.SecurityAuditProvider#logEvent(String, String, String)
*/ */
public void logEvent(String username, String summary, String details) { public void logEvent(String username, String summary, String details) {
// TODO: Will need to log event. try {
// Request to log event
String path = AUDIT_URL_PREFIX + "auditMethodCall";
// Creates the XML with the data
Document auditDoc = DocumentHelper.createDocument();
Element rootE = auditDoc.addElement("auditMethodCall");
rootE.addElement("username").addText(username);
rootE.addElement("description").addText(summary);
rootE.addElement("details").addText(details);
manager.executeRequest(POST, path, auditDoc.asXML());
}
catch (Exception e) {
// Error while setting properties?
Log.error("Unable to send audit log via REST service to Clearspace:", e);
}
} }
/** /**
...@@ -76,8 +102,14 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider { ...@@ -76,8 +102,14 @@ public class ClearspaceSecurityAuditProvider implements SecurityAuditProvider {
* @see org.jivesoftware.openfire.security.SecurityAuditProvider#getAuditURL() * @see org.jivesoftware.openfire.security.SecurityAuditProvider#getAuditURL()
*/ */
public String getAuditURL() { public String getAuditURL() {
// TODO: Retrieve proper URL and set. String url = ClearspaceManager.getInstance().getConnectionURI();
if (url != null) {
url += "/view-audit-log.jsp";
return url;
}
else {
return null; return null;
} }
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment