Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Stardust/Knowledge Base/Security/Authentication/Property File Based User Login Provider"
m (→Our User Store) |
m (→Our User Store) |
||
| Line 42: | Line 42: | ||
public class PropertiesFileBasedExternalUserRepository implements | public class PropertiesFileBasedExternalUserRepository implements | ||
| − | ExternalUserRepository { | + | ExternalUserRepository, ExternalLoginProvider { |
static Properties users; | static Properties users; | ||
Revision as of 07:58, 11 May 2012
As you know, actual tasks/activities in Stardust are performed by users. These can be created in the Stardust using Admin perspective or Stardust can pull in the users from existing user repository like Exchange Server or any user store.
To achieve second option above, Stardust provides call back mechanism where we can provide our custom implementation to link users and credentials from existing system to Stardust roles and organizations.
This process is called as user synchronization. It has three parts. First is, authenticating users from external user registry. Second part is, synchronizing users along with their properties. And third is authorization of the users from external user repository. Even, there is forth part, applying a suitable strategy of when and how frequently users should be synced into Stardust. We will discuss this forth element in a separate article.
For Stardust, it doesn’t matter from which or what types of external user repository users are authenticated. The logic/code to pull users from external repo various, but once user data is fetched, how it is supplied to the Stardust engine remains constant.
In this article, to make our learning easier, we will use simple in-memory user store.
This article assumes that reader is already familiar with modeling basics and how user management and role assignment works in Stardust.
Contents
Our User Store
As promised, here is the user store, and all it is made up of is a single java class and a properties file.
users.properties
motu = Administrator john = Employee ken = Employee,Manager
Java Class
package com.sungard.user.repo; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; import java.util.StringTokenizer; import org.eclipse.stardust.engine.core.spi.security.ExternalLoginResult; public class PropertiesFileBasedExternalUserRepository implements ExternalUserRepository, ExternalLoginProvider { static Properties users; static { users = new Properties(); String propFileName = "users.properties"; InputStream inputStream = PropertiesFileBasedExternalUserRepository.class .getClassLoader().getResourceAsStream(propFileName); try { if (inputStream == null) { throw new FileNotFoundException("property file '" + propFileName + "' not found in the classpath"); } users.load(inputStream); } catch (FileNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } } public boolean authenticateUser(String user, String pwd) throws RuntimeException { if (users.getProperty(user) != null && user.equals(pwd)) { // In our case, password must be same as user id return true; } return false; } public User getUser(String user) throws RuntimeException { if (users.getProperty(user) != null) { User theUser = new User(); theUser.setAccount(user); theUser.setName(user); //set the user grants String roles = users.getProperty(user); Map<String, List<String>> userRoles = new HashMap<String, List<String>>(); StringTokenizer stringTokenizer = new StringTokenizer(roles, ","); while (stringTokenizer.hasMoreTokens()){ userRoles.put(stringTokenizer.nextToken(), null); } theUser.setAuths(userRoles); return theUser; } else return null; } public ExternalLoginResult login(String id, String password, Map properties) { boolean authenticateUser = authenticateUser(id, password); if (authenticateUser) { return ExternalLoginResult.testifySuccess(); } else { return ExternalLoginResult.testifyFailure(null); } } }