Skip to main content
Jump to: navigation, search

Difference between revisions of "Stardust/Knowledge Base/Security/Authentication/Property File Based User Login Provider"

m (Our User Store)
m (Our User Store)
Line 39: Line 39:
 
import java.util.StringTokenizer;
 
import java.util.StringTokenizer;
  
 +
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginProvider;
 
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginResult;
 
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginResult;
  

Revision as of 07:59, 11 May 2012

As you know, actual tasks/activities in Stardust are performed by users. These can be created in the Stardust using Admin perspective or Stardust can pull in the users from existing user repository like Exchange Server or any user store.

To achieve second option above, Stardust provides call back mechanism where we can provide our custom implementation to link users and credentials from existing system to Stardust roles and organizations.

This process is called as user synchronization. It has three parts. First is, authenticating users from external user registry. Second part is, synchronizing users along with their properties. And third is authorization of the users from external user repository. Even, there is forth part, applying a suitable strategy of when and how frequently users should be synced into Stardust. We will discuss this forth element in a separate article.

For Stardust, it doesn’t matter from which or what types of external user repository users are authenticated. The logic/code to pull users from external repo various, but once user data is fetched, how it is supplied to the Stardust engine remains constant.

In this article, to make our learning easier, we will use simple in-memory user store.

This article assumes that reader is already familiar with modeling basics and how user management and role assignment works in Stardust.


Our User Store

As promised, here is the user store, and all it is made up of is a single java class and a properties file.

users.properties

motu = Administrator
john = Employee
ken = Employee,Manager


Java Class

package com.sungard.user.repo;
 
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
 
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginProvider;
import org.eclipse.stardust.engine.core.spi.security.ExternalLoginResult;
 
public class PropertiesFileBasedExternalUserRepository implements
		ExternalUserRepository, ExternalLoginProvider {
 
	static Properties users;
	static {
		users = new Properties();
		String propFileName = "users.properties";
		InputStream inputStream = PropertiesFileBasedExternalUserRepository.class
				.getClassLoader().getResourceAsStream(propFileName);
		try {
			if (inputStream == null) {
				throw new FileNotFoundException("property file '"
						+ propFileName + "' not found in the classpath");
			}
			users.load(inputStream);
		} catch (FileNotFoundException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IOException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
 
	public boolean authenticateUser(String user, String pwd)
			throws RuntimeException {
		if (users.getProperty(user) != null && user.equals(pwd)) {
			// In our case, password must be same as user id
			return true;
		}
		return false;
	}
 
	public User getUser(String user) throws RuntimeException {
		if (users.getProperty(user) != null) {
			User theUser = new User();
			theUser.setAccount(user);
			theUser.setName(user);
 
			//set the user grants			
			String roles = users.getProperty(user);
			Map<String, List<String>> userRoles = new HashMap<String, List<String>>();
			StringTokenizer stringTokenizer = new StringTokenizer(roles, ",");
			while (stringTokenizer.hasMoreTokens()){
				userRoles.put(stringTokenizer.nextToken(), null);
			}
 
			theUser.setAuths(userRoles);
			return theUser;
		} else
			return null;
	}
 
	public ExternalLoginResult login(String id, String password, Map properties) {
		boolean authenticateUser = authenticateUser(id, password);
		if (authenticateUser) {
			return ExternalLoginResult.testifySuccess();
		} else {
			return ExternalLoginResult.testifyFailure(null);
		}
 
	}
 
}

Authenticating the User

Synchronizing User Details

Synchronizing User Grants

Back to the top