0 Replies Latest reply on Nov 26, 2013 11:15 AM by Edward Mann

    Picketlink IDM Group List

    Edward Mann Newbie

      I was able to get LDAP authentication to work via the code below.

       

      import static org.picketlink.common.constants.LDAPConstants.CN;
      import static org.picketlink.common.constants.LDAPConstants.CREATE_TIMESTAMP;
      import static org.picketlink.common.constants.LDAPConstants.EMAIL;
      import static org.picketlink.common.constants.LDAPConstants.GROUP_OF_NAMES;
      import static org.picketlink.common.constants.LDAPConstants.SN;
      import static org.picketlink.common.constants.LDAPConstants.UID;
      
      import javax.enterprise.context.ApplicationScoped;
      import javax.enterprise.inject.Produces;
      
      import org.picketlink.idm.config.IdentityConfiguration;
      import org.picketlink.idm.config.IdentityConfigurationBuilder;
      import org.picketlink.idm.model.basic.Agent;
      import org.picketlink.idm.model.basic.Grant;
      import org.picketlink.idm.model.basic.Group;
      import org.picketlink.idm.model.basic.GroupMembership;
      import org.picketlink.idm.model.basic.Role;
      import org.picketlink.idm.model.basic.User;
      
      /**
      * @author Edward Mann
      *
      */
      @ApplicationScoped
      public class IDMConfiguration {
      
          private static final String BASE_DN = "dc=example,dc=com";
          private static final String LDAP_URL = "ldap://127.0.0.1:389";
          private static final String GROUP_DN_SUFFIX = "ou=Groups,dc=example,dc=com";
          private static final String USER_DN_SUFFIX = "ou=People,dc=example,dc=com";
          private static final String AGENT_DN_SUFFIX = "ou=People,dc=example,dc=com";
      
          /**
           * <p>
           * We use this method to produce a {@link IdentityConfiguration} configured
           * with a LDAP store.
           * </p>
           *
           * @return
           */
          @Produces
          public IdentityConfiguration configure() {
          return initLDAP();
          }
         
          private IdentityConfiguration initLDAP(){
          IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();
              builder.named("ldap.config")
                  .stores()
                  .ldap().supportAllFeatures()
                  .baseDN(BASE_DN)
                  .bindDN("uid=manager,ou=special users, dc=example, dc=com")
                  .bindCredential("somepassword").url(LDAP_URL)
                  .supportCredentials(true)
                  .mapping(Agent.class).baseDN(AGENT_DN_SUFFIX)
                  .objectClasses("inetOrgPerson")
                  .attribute("loginName", UID, true)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                  .mapping(User.class).baseDN(USER_DN_SUFFIX)
                  .objectClasses("inetOrgPerson")
                  .attribute("loginName", UID, true).attribute("firstName", "givenname")
                  .attribute("lastName", SN).attribute("email", EMAIL)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                  .mapping(Group.class).baseDN(GROUP_DN_SUFFIX)
                  .objectClasses("groupofuniquenames", "posixgroup").attribute("name", CN, true)
                  .readOnlyAttribute("createdDate", CREATE_TIMESTAMP).parentMembershipAttributeName("uniquemember")
                          .mapping(GroupMembership.class)
                              .forMapping(Group.class)
                              .attribute("member", "uniquemember");
      
              return builder.build();
          }
      }
      
      

      I am using initLDAP because i have another method to initAD because it requires some other options, i did not include that method here as i am only trying to get my 389 Directory server group lists. After i figure that out i feel confident that i can get AD to work.

       

      Here is my login controller.

      import java.util.List;
      
      import javax.enterprise.context.RequestScoped;
      import javax.faces.application.FacesMessage;
      import javax.faces.context.FacesContext;
      import javax.inject.Inject;
      import javax.inject.Named;
      
      import org.picketlink.Identity;
      import org.picketlink.Identity.AuthenticationResult;
      import org.picketlink.idm.IdentityManager;
      import org.picketlink.idm.model.basic.Group;
      import org.picketlink.idm.query.IdentityQuery;
      
      
      
      /**
      * @author Edward Mann
      *
      */
      @Named
      @RequestScoped
      public class LoginController {
      
          @Inject
          private Identity identity;
      
          @Inject
          private FacesContext facesContext;
         
          @Inject
          private IdentityManager identityManager;
      
          public String login() {
              // let's authenticate the user. the credentials were provided by populating the <code>loginCredentials</code>
              // named bean directly.
              AuthenticationResult result = identity.login();
         
              String ref = null;
             
             
              if (AuthenticationResult.FAILED.equals(result)) {
                  ref = "/home.xhtml";
              } else {
                  this.facesContext.addMessage(null, new FacesMessage(
                          "Authentication was unsuccessful. Please check your username and password " + "before trying again."));
              }
      
              return ref;
          }
      
          public String logout() {
              this.identity.logout();
              return "/login.xhtml";
          }
         
      /**
      * Trying to find groups configured in ldap server
      */
          public List<Group> getGroups(){
          IdentityQuery<Group> query = identityManager.createIdentityQuery(Group.class);
              List<Group> groups = query.getResultList();
              return groups;
           
           
          }
      }
      
      

       

      When i call the getGroups method it returns empty. Can someone give me some clues as to how i can get picketlink to return all (as many as ldap server will return) groups in the system? I will also like to be able to filter those. I know with the query i can set parameters. But first  i just want to see if i can get a list of groups returned.

       

      I am using picketlink-2.5.3.Beta1

       

      Thanks