updated to exploit the remove account library
This commit is contained in:
parent
44b52f72ca
commit
293690dbf9
|
|
@ -4,6 +4,9 @@
|
|||
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
||||
<dependent-module archiveName="remove-account-library-1.0.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/remove-account-library/remove-account-library">
|
||||
<dependency-type>uses</dependency-type>
|
||||
</dependent-module>
|
||||
<property name="java-output-path" value="/RemoveAccount/target/classes"/>
|
||||
<property name="context-root" value="remove-account-portlet"/>
|
||||
</wb-module>
|
||||
|
|
|
|||
7
pom.xml
7
pom.xml
|
|
@ -14,7 +14,7 @@
|
|||
<artifactId>remove-account-portlet</artifactId>
|
||||
<packaging>war</packaging>
|
||||
<name>RemoveAccount Portlet</name>
|
||||
<version>1.1.0-SNAPSHOT</version>
|
||||
<version>1.2.0-SNAPSHOT</version>
|
||||
<description>
|
||||
remove-account-portlet is a component that install in the contro panel userr account as a tab and permits the user to remvoe his or her account
|
||||
</description>
|
||||
|
|
@ -46,6 +46,11 @@
|
|||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.portal</groupId>
|
||||
<artifactId>remove-account-library</artifactId>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources.discovery</groupId>
|
||||
<artifactId>ic-client</artifactId>
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ import javax.portlet.ActionResponse;
|
|||
import javax.portlet.PortletException;
|
||||
import javax.portlet.ProcessAction;
|
||||
|
||||
import org.gcube.portal.removeaccount.D4ScienceRemoveAccountManager;
|
||||
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
import com.liferay.portal.kernel.util.WebKeys;
|
||||
|
|
@ -29,21 +31,10 @@ public class RemoveAccountPortlet extends MVCPortlet {
|
|||
user = PortalUtil.getUser(actionRequest);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
String username2Remove = user.getScreenName();
|
||||
|
||||
_log.info("Trying to remove user from LDAP ...");
|
||||
Thread removeFromLDAPThread = new Thread(new RemovedUserFromLDAPThread(username2Remove));
|
||||
removeFromLDAPThread.start();
|
||||
|
||||
_log.info("Trying to remove user from Liferay DB and JCR and notify infra-managers ...");
|
||||
Thread emailManagersThread = new Thread(new RemovedUserAccountThread(
|
||||
user.getUserId(),
|
||||
username2Remove,
|
||||
user.getFullName(),
|
||||
user.getEmailAddress()));
|
||||
emailManagersThread.start();
|
||||
|
||||
}
|
||||
D4ScienceRemoveAccountManager removeAccountManager = new D4ScienceRemoveAccountManager(user.getScreenName());
|
||||
removeAccountManager.doAsyncRemoveAccount();
|
||||
_log.info("The user "+user.getScreenName()+ " removed her/his account");
|
||||
|
||||
ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
|
||||
response.sendRedirect(themeDisplay.getURLSignOut());
|
||||
|
|
|
|||
|
|
@ -1,74 +0,0 @@
|
|||
package org.gcube.portlets.admin;
|
||||
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
|
||||
import org.gcube.common.storagehub.client.proxies.UserManagerClient;
|
||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Massimiliano Assante ISTI-CNR
|
||||
*
|
||||
*/
|
||||
public class RemoveUserFromJCR {
|
||||
private static Log _log = LogFactoryUtil.getLog(RemoveUserFromJCR.class);
|
||||
|
||||
private String username2Delete;
|
||||
private GroupManager gm;
|
||||
private UserManager uMan;
|
||||
|
||||
public RemoveUserFromJCR(String username2Delete, GroupManager gm, UserManager uMan) {
|
||||
this.username2Delete = username2Delete;
|
||||
this.gm = gm;
|
||||
this.uMan = uMan;
|
||||
}
|
||||
|
||||
public boolean remove() {
|
||||
try {
|
||||
//get the super user
|
||||
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
||||
long groupId = gm.getGroupIdFromInfrastructureScope(infraContext);
|
||||
RoleManager rm = new LiferayRoleManager();
|
||||
long roleId = rm.getRoleId(RemoveAccountPortlet.AUTORISED_INFRA_ROLE, groupId);
|
||||
List<GCubeUser> users = uMan.listUsersByGroupAndRole(groupId, roleId);
|
||||
if (users.isEmpty()) {
|
||||
_log.error("Cannot delete the user: there is no user having role " + RemoveAccountPortlet.AUTORISED_INFRA_ROLE + " on context: " + infraContext);
|
||||
return false;
|
||||
}
|
||||
else {
|
||||
GCubeUser theAdmin = users.get(0);
|
||||
String adminUsername = theAdmin.getUsername();
|
||||
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
|
||||
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
|
||||
List<String> rolesString = new ArrayList<String>();
|
||||
for (GCubeRole gCubeRole : theAdminRoles) {
|
||||
rolesString.add(gCubeRole.getRoleName());
|
||||
}
|
||||
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
||||
SecurityTokenProvider.instance.set(theAdminToken);
|
||||
UserManagerClient userClient = AbstractPlugin.users().build();
|
||||
userClient.removeUser(username2Delete);
|
||||
return true;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
_log.error("Could not delete " + username2Delete + " from JCR ", e);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,131 +0,0 @@
|
|||
package org.gcube.portlets.admin;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.portal.mailing.EmailNotification;
|
||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.exception.RoleRetrievalFault;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||
import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames;
|
||||
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Massimiliano Assante ISTI-CNR
|
||||
*
|
||||
*/
|
||||
public class RemovedUserAccountThread implements Runnable {
|
||||
private static Log _log = LogFactoryUtil.getLog(RemovedUserAccountThread.class);
|
||||
|
||||
final String SUBJECT = "User account REMOVAL notification";
|
||||
|
||||
private String userName;
|
||||
private String fullName;
|
||||
private String emailAddress;
|
||||
private long userId;
|
||||
private GroupManager gm;
|
||||
private UserManager uMan;
|
||||
|
||||
public RemovedUserAccountThread(long userId,String userName, String fullName, String emailAddress) {
|
||||
super();
|
||||
this.userId = userId;
|
||||
this.userName = userName;
|
||||
this.fullName = fullName;
|
||||
this.emailAddress = emailAddress;
|
||||
this.uMan = new LiferayUserManager();
|
||||
this.gm = new LiferayGroupManager();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void run() {
|
||||
try {
|
||||
_log.info("Trying to remove user " + userName + " from JCR first, using storageHub with role: "+RemoveAccountPortlet.AUTORISED_INFRA_ROLE);
|
||||
RemoveUserFromJCR rmJCR = new RemoveUserFromJCR(userName, gm, uMan);
|
||||
boolean result = rmJCR.remove();
|
||||
_log.info("The user " + userName + " has been removed from JCR with success? " + result);
|
||||
|
||||
} catch (Exception e) {
|
||||
_log.error("An error occurred during user workspace removal: ", e);
|
||||
}
|
||||
handleUserRemoval(userId, userName, fullName, emailAddress);
|
||||
}
|
||||
|
||||
private void handleUserRemoval(long userId, String userName, String fullName, String emailAddress) {
|
||||
_log.info("trying removeUser account for " + userName);
|
||||
//first remove the account
|
||||
try {
|
||||
UserLocalServiceUtil.deleteUser(userId);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
_log.info("removeUser account for " + userName + " done with success, now notify the managers ... ");
|
||||
//the notify the managers
|
||||
|
||||
RoleManager rm = new LiferayRoleManager();
|
||||
try {
|
||||
String rootVoName = PortalContext.getConfiguration().getInfrastructureName();
|
||||
long groupId = gm.getGroupIdFromInfrastructureScope("/"+rootVoName);
|
||||
long infraManagerRoleId = -1;
|
||||
try {
|
||||
infraManagerRoleId = rm.getRoleIdByName(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
|
||||
}
|
||||
catch (RoleRetrievalFault e) {
|
||||
_log.warn("There is no (Site) Role " + infraManagerRoleId + " in this portal. Will not notify about removed user accounts.");
|
||||
return;
|
||||
}
|
||||
_log.trace("Root is: " + rootVoName + " Scanning roles ....");
|
||||
|
||||
List<GCubeUser> managers = uMan.listUsersByGroupAndRole(groupId, infraManagerRoleId);
|
||||
if (managers == null || managers.isEmpty()) {
|
||||
_log.warn("There are no users with (Site) Role " + infraManagerRoleId + " on " + rootVoName + " in this portal. Will not notify about removed user accounts.");
|
||||
}
|
||||
else {
|
||||
for (GCubeUser manager : managers) {
|
||||
sendNotification(manager, userName, fullName, emailAddress);
|
||||
_log.info("sent email to manager: " + manager.getEmail());
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
private void sendNotification(GCubeUser manager, String newUserUserName, String newUserFullName, String newUserEmailAddress) {
|
||||
EmailNotification toSend = new EmailNotification(manager.getEmail(), SUBJECT,
|
||||
getHTMLEmail(manager.getFirstName(), newUserUserName, newUserFullName, newUserEmailAddress), null);
|
||||
toSend.sendEmail();
|
||||
}
|
||||
|
||||
private static String getHTMLEmail(String userFirstName, String newUserUserName, String newUserFullName, String newUserEmailAddress) {
|
||||
String sender = newUserFullName + " ("+newUserUserName+") ";
|
||||
|
||||
StringBuilder body = new StringBuilder();
|
||||
|
||||
body.append("<body><br />")
|
||||
.append("<div style=\"color:#000; font-size:13px; font-family:'lucida grande',tahoma,verdana,arial,sans-serif;\">")
|
||||
.append("Dear ").append(userFirstName).append(",") //dear <user>
|
||||
.append("<p>").append(sender).append(" ").append("removed his/her account from the portal with the following email: ") // has done something
|
||||
.append(newUserEmailAddress)
|
||||
.append("</div><br />")
|
||||
.append("<p>You received this email because you are an Infrastructure Manager in this portal</p>")
|
||||
.append("</div></p>")
|
||||
.append("</body>");
|
||||
|
||||
return body.toString();
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,153 +0,0 @@
|
|||
package org.gcube.portlets.admin;
|
||||
|
||||
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
||||
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.InitialContext;
|
||||
import javax.naming.NameNotFoundException;
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import org.gcube.common.encryption.encrypter.StringEncrypter;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||
import org.gcube.common.resources.gcore.ServiceEndpoint.Property;
|
||||
import org.gcube.common.resources.gcore.utils.Group;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
||||
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
||||
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Massimiliano Assante ISTI-CNR
|
||||
*
|
||||
*/
|
||||
public class RemovedUserFromLDAPThread implements Runnable {
|
||||
private static Log _log = LogFactoryUtil.getLog(RemovedUserFromLDAPThread.class);
|
||||
private static final String LDAP_SERVER_NAME = "LDAPServer";
|
||||
private static final String LDAP_SERVER_FILTER_NAME = "filter";
|
||||
private static final String LDAP_SERVER_PRINCPAL_NAME = "ldapPrincipal";
|
||||
private static final String USER_CONTEXT = ",ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org";
|
||||
|
||||
private String portalName;
|
||||
private String ldapUrl;
|
||||
private String principal;
|
||||
private String ldapPassword;
|
||||
|
||||
private String username2Delete;
|
||||
|
||||
public RemovedUserFromLDAPThread(String username2Delete) {
|
||||
this.username2Delete = username2Delete;
|
||||
}
|
||||
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
@Override
|
||||
public void run() {
|
||||
portalName = PortalContext.getPortalInstanceName();
|
||||
|
||||
PortalContext context = PortalContext.getConfiguration();
|
||||
String scope = "/" + context.getInfrastructureName();
|
||||
ScopeProvider.instance.set(scope);
|
||||
|
||||
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||
query.addCondition("$resource/Profile/Category/text() eq 'Portal'");
|
||||
query.addCondition("$resource/Profile/Name/text() eq '" + portalName + "'");
|
||||
|
||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||
|
||||
List<ServiceEndpoint> list = client.submit(query);
|
||||
if (list == null || list.isEmpty()) {
|
||||
_log.error("Could not find any Service endpoint registred in the infrastructure for this portal: " + portalName);
|
||||
}
|
||||
else if (list.size() > 1) {
|
||||
_log.warn("Found more than one Service endpoint registred in the infrastructure for this portal: " + portalName);
|
||||
}
|
||||
else {
|
||||
for (ServiceEndpoint res : list) {
|
||||
Group<AccessPoint> apGroup = res.profile().accessPoints();
|
||||
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
|
||||
for (int i = 0; i < accessPoints.length; i++) {
|
||||
if (accessPoints[i].name().compareTo(LDAP_SERVER_NAME) == 0) {
|
||||
_log.info("Found credentials for " + LDAP_SERVER_NAME);
|
||||
AccessPoint found = accessPoints[i];
|
||||
ldapUrl = found.address();
|
||||
String encrPassword = found.password();
|
||||
try {
|
||||
ldapPassword = StringEncrypter.getEncrypter().decrypt( encrPassword);
|
||||
} catch (Exception e) {
|
||||
_log.error("Something went wrong while decrypting password for " + LDAP_SERVER_NAME);
|
||||
e.printStackTrace();
|
||||
}
|
||||
Group<Property> propGroup = found.properties();
|
||||
Property[] props = (Property[]) propGroup.toArray(new Property[propGroup.size()]);
|
||||
for (int j = 0; j < props.length; j++) {
|
||||
if (props[j].name().compareTo(LDAP_SERVER_PRINCPAL_NAME) == 0) {
|
||||
_log.info("\tFound properties of " + LDAP_SERVER_PRINCPAL_NAME);
|
||||
String encrValue = props[j].value();
|
||||
try {
|
||||
principal = StringEncrypter.getEncrypter().decrypt(encrValue);
|
||||
} catch (Exception e) {
|
||||
_log.error("Something went wrong while decrypting value for " + LDAP_SERVER_PRINCPAL_NAME);
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
_log.debug("Got LDAP connection info from IS Resource ...");
|
||||
/*************** */
|
||||
_log.debug("Initializing LDAP connection ...");
|
||||
|
||||
Properties env = new Properties();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
|
||||
env.put(Context.PROVIDER_URL, ldapUrl);
|
||||
env.put(Context.SECURITY_PRINCIPAL, principal);
|
||||
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
|
||||
|
||||
try {
|
||||
Context ctx = new InitialContext(env);
|
||||
String userCtx2Delete = getSubContext(username2Delete);
|
||||
// Remove the binding
|
||||
_log.debug("***** trying delete userCtx=" + userCtx2Delete);
|
||||
ctx.unbind(userCtx2Delete);
|
||||
// Check that it is gone
|
||||
Object obj = null;
|
||||
try {
|
||||
obj = ctx.lookup(userCtx2Delete);
|
||||
} catch (NameNotFoundException ne) {
|
||||
_log.info("unbind successful for "+userCtx2Delete);
|
||||
return;
|
||||
}
|
||||
_log.error("unbind failed; object still there: " + obj);
|
||||
// Close the context when we're done
|
||||
ctx.close();
|
||||
} catch (NamingException e) {
|
||||
_log.error("Something went Wrong during LDAP remove user");
|
||||
e.printStackTrace();
|
||||
} catch (Exception es) {
|
||||
_log.error("Something went Wrong during LDAP remove user in retrieving Liferay Organization");
|
||||
es.printStackTrace();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param username
|
||||
* @return the single user subContext
|
||||
*/
|
||||
private String getSubContext(String username) {
|
||||
return "uid="+username+USER_CONTEXT;
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue