Feature #20108 implemented

feature/20108
Massimiliano Assante 3 years ago
parent fef9dd13bc
commit e439b4a947

@ -0,0 +1,21 @@
# Changelog for user-registration-hook
All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [v2.0.2-SNAPSHOT] - 2020-11-13
Feature #20108, remove user deletion from ldap upon remove account (offloaded to keycloak)
## [v2.0.0] - 2017-11-29
Ported to git
## [v1.1.0] - 2016-07-30
Update for Liferay 6.2.5
## [v1.0.0] - 2015-06-30
First release

@ -13,7 +13,7 @@
<artifactId>user-registration-hook</artifactId>
<packaging>war</packaging>
<name>user-registration-hook Hook</name>
<version>2.0.1</version>
<version>2.0.2-SNAPSHOT</version>
<scm>
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>

@ -1,152 +0,0 @@
package org.gcube.portal.removeaccount.thread;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.util.List;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.Property;
import org.gcube.common.resources.gcore.utils.Group;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.resources.discovery.client.api.DiscoveryClient;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
/**
*
* @author Massimiliano Assante ISTI-CNR
*
*/
public class RemovedUserFromLDAPThread implements Runnable {
private static Log _log = LogFactoryUtil.getLog(RemovedUserFromLDAPThread.class);
private static final String LDAP_SERVER_NAME = "LDAPServer";
private static final String LDAP_SERVER_PRINCPAL_NAME = "ldapPrincipal";
private static final String USER_CONTEXT = ",ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org";
private String portalName;
private String ldapUrl;
private String principal;
private String ldapPassword;
private String username2Delete;
public RemovedUserFromLDAPThread(String username2Delete) {
this.username2Delete = username2Delete;
}
@SuppressWarnings("deprecation")
@Override
public void run() {
portalName = PortalContext.getPortalInstanceName();
PortalContext context = PortalContext.getConfiguration();
String scope = "/" + context.getInfrastructureName();
ScopeProvider.instance.set(scope);
SimpleQuery query = queryFor(ServiceEndpoint.class);
query.addCondition("$resource/Profile/Category/text() eq 'Portal'");
query.addCondition("$resource/Profile/Name/text() eq '" + portalName + "'");
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
List<ServiceEndpoint> list = client.submit(query);
if (list == null || list.isEmpty()) {
_log.error("Could not find any Service endpoint registred in the infrastructure for this portal: " + portalName);
}
else if (list.size() > 1) {
_log.warn("Found more than one Service endpoint registred in the infrastructure for this portal: " + portalName);
}
else {
for (ServiceEndpoint res : list) {
Group<AccessPoint> apGroup = res.profile().accessPoints();
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
for (int i = 0; i < accessPoints.length; i++) {
if (accessPoints[i].name().compareTo(LDAP_SERVER_NAME) == 0) {
_log.info("Found credentials for " + LDAP_SERVER_NAME);
AccessPoint found = accessPoints[i];
ldapUrl = found.address();
String encrPassword = found.password();
try {
ldapPassword = StringEncrypter.getEncrypter().decrypt( encrPassword);
} catch (Exception e) {
_log.error("Something went wrong while decrypting password for " + LDAP_SERVER_NAME);
e.printStackTrace();
}
Group<Property> propGroup = found.properties();
Property[] props = (Property[]) propGroup.toArray(new Property[propGroup.size()]);
for (int j = 0; j < props.length; j++) {
if (props[j].name().compareTo(LDAP_SERVER_PRINCPAL_NAME) == 0) {
_log.info("\tFound properties of " + LDAP_SERVER_PRINCPAL_NAME);
String encrValue = props[j].value();
try {
principal = StringEncrypter.getEncrypter().decrypt(encrValue);
} catch (Exception e) {
_log.error("Something went wrong while decrypting value for " + LDAP_SERVER_PRINCPAL_NAME);
e.printStackTrace();
}
}
}
}
}
}
_log.debug("Got LDAP connection info from IS Resource ...");
/*************** */
_log.debug("Initializing LDAP connection ...");
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
try {
Context ctx = new InitialContext(env);
String userCtx2Delete = getSubContext(username2Delete);
// Remove the binding
_log.debug("***** trying delete userCtx=" + userCtx2Delete);
ctx.unbind(userCtx2Delete);
// Check that it is gone
Object obj = null;
try {
obj = ctx.lookup(userCtx2Delete);
} catch (NameNotFoundException ne) {
_log.info("unbind successful for "+userCtx2Delete);
return;
}
_log.error("unbind failed; object still there: " + obj);
// Close the context when we're done
ctx.close();
} catch (NamingException e) {
_log.error("Something went Wrong during LDAP remove user");
e.printStackTrace();
} catch (Exception es) {
_log.error("Something went Wrong during LDAP remove user in retrieving Liferay Organization");
es.printStackTrace();
}
}
}
/**
*
* @param username
* @return the single user subContext
*/
private String getSubContext(String username) {
return "uid="+username+USER_CONTEXT;
}
}

@ -7,7 +7,6 @@ import org.gcube.common.portal.PortalContext;
import org.gcube.portal.notifications.thread.NewUserAccountNotificationThread;
import org.gcube.portal.removeaccount.thread.RemoveUserTokenFromInfraThread;
import org.gcube.portal.removeaccount.thread.RemovedUserAccountThread;
import org.gcube.portal.removeaccount.thread.RemovedUserFromLDAPThread;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@ -78,10 +77,6 @@ public class MyCreateUserAccountListener extends BaseModelListener<User> {
Thread dropUserWorkspaceThread = new Thread(new RemovedUserAccountThread(username2Delete, theAdminToken, rolesString));
dropUserWorkspaceThread.start();
_log.info("Trying to remove user from LDAP ...");
Thread removeFromLDAPThread = new Thread(new RemovedUserFromLDAPThread(username2Delete));
removeFromLDAPThread.start();
_log.info("Trying to remove user from Auth ...");
Thread deleteAllUserAuthThread = new Thread(new RemoveUserTokenFromInfraThread(username2Delete));
deleteAllUserAuthThread.start();

@ -1,6 +1,6 @@
name=user-registration-hook
module-group-id=liferay
module-incremental-version=3
module-incremental-version=4
tags=
short-description=
change-log=

Loading…
Cancel
Save