All Articles

Manage Roles and Groups using Gatein Organisation Service

Managing groups and roles/permission in Gatein Picketlink using Organisation Service.

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

import org.apache.log4j.Logger;
import org.exoplatform.commons.utils.secure.SecureSet;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.PortalContainer;
import org.exoplatform.container.RootContainer;
import org.exoplatform.container.component.ComponentRequestLifecycle;
import org.exoplatform.container.component.RequestLifeCycle;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.services.organization.Group;
import org.exoplatform.services.organization.Membership;
import org.exoplatform.services.organization.MembershipType;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.idm.ExtGroup;
import org.exoplatform.services.organization.User;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.IdentityRegistry;
import org.exoplatform.services.security.MembershipEntry;

@ManagedBean
@SessionScoped
/**
 * An utility class to manage user's roles and group assignment in exoplatform gatein container.
 * 
 * @author Sachin Handiekar
 */
public class OrganizationServiceUtil {
	private static final Logger LOGGER = Logger.getLogger(OrganizationServiceUtil.class);

	private static final String MEMBERSHIP_TYPE = "member";

	private static final String PLATFORM_PREFIX = "/platform/";

	public synchronized void refreshUserGroups(String userName) throws OrganizationServiceUtilException {

		List<String> usersGroupList = getUserGroups(userName);

		LOGGER.info("Removing currently assigned groups from platform....");
		removeUserFromAllGroups(userName);

		// Add the groups into platforms
		for (String groupName : usersGroupList) {
			LOGGER.info("Adding user into " + groupName);
			addUserToPicketLinkGroup(userName, groupName);
		}

		addUserToPicketLinkGroup(userName, "users");

	}

	/**
	 * A method which returns a list of user's group. The groups should be
	 * defined in LDAP. Please see the usage guide on Picketlink Groups in
	 * Gatein.
	 * 
	 * @param userName current logged in user's username
	 * @return a list of user groups.
	 */
	private List<String> getUserGroups(String userName) throws OrganizationServiceUtilException {

		/**
		 * A web=service can be called in this method to retrieve a list of
		 * groups which are stored in the database
		 */
		List<String> groupList = new ArrayList<String>();

		groupList.add("SampleGroup1");
		groupList.add("SampleGroup2");
		groupList.add("SampleGroup3");

		return groupList;

	}

	/**
	 * Refresh the permission of the current logged in user. The userName will
	 * be taken from the Future's Content Bean.
	 * 
	 * @param userName userName of the user whose permission's need to get
	 * refreshed.
	 * @throws OrganizationServiceUtilException if any error occurs
	 */
	public synchronized void refreshUserPermissions(String userName) throws OrganizationServiceUtilException {

		List<String> userPermissions = null;
		try {
			userPermissions = getUserPermissions(userName);

			LOGGER.info(":: userPermissions :: ");
			for (String perm : userPermissions) {
				LOGGER.info("Permission :: " + perm);

			}

			getIdentity(userName).setRoles(userPermissions);
		}
		catch (Exception ex) {
			LOGGER.error("An error occurred while getting permission for user (" + userName + ")", ex);
		}

	}

	/**
	 * A method which returns a list of permission/roles. This method can be
	 * used to call a webservice to retrieve a list of roles for a given
	 * username.
	 * 
	 * @throws ServiceRuntimeFault
	 * @throws RoleExpiredFault
	 * @throws RoleNotFoundFault
	 */
	private synchronized List<String> getUserPermissions(String userName) {

		List<String> userPerms = new ArrayList<String>();

		userPerms.add("PERMISSION_1");
		userPerms.add("PERMISSION_2");
		userPerms.add("PERMISSION_3");
		userPerms.add("PERMISSION_4");

		return userPerms;
	}

	/**
	 * Add a role/permission from the User Identity object.
	 * 
	 * @param userName userName of the user
	 * @param permissionName name of the permission.
	 */
	public synchronized void addUserPermission(String userName, String permissionName) {

		getIdentity(userName).getRoles().add(permissionName);
	}

	/**
	 * Remove a role/permission from the User Identity object.
	 * 
	 * @param userName userName of the user
	 * @param permissionName name of the permission.
	 */
	public synchronized void removeUserPermission(String userName, String permissionName) {
		getIdentity(userName).getRoles().remove(permissionName);
	}

	public void printAllGroups(String userName) {
		printSet(getIdentity(userName).getMemberships());
	}

	public void printAllPermissions(String userName) {
		LOGGER.info(":: Printing Roles/Permissions for user - " + userName);

		SecureSet<String> secureSet1 = (SecureSet<String>) getIdentity(userName).getRoles();

		Iterator<String> itr1 = secureSet1.iterator();

		while (itr1.hasNext()) {
			LOGGER.info("Role/Permission Name : " + itr1.next());
		}

	}

	private void printSet(Collection<MembershipEntry> membershipSet) {
		SecureSet<MembershipEntry> membershipEntrySet = (SecureSet<MembershipEntry>) membershipSet;

		Iterator<MembershipEntry> membershipEntryIterator = membershipEntrySet.iterator();

		while (membershipEntryIterator.hasNext()) {

			MembershipEntry membershipEntry = membershipEntryIterator.next();
			LOGGER.info("Group :: " + membershipEntry.getGroup());
			LOGGER.info("MembershipType :: " + membershipEntry.getMembershipType());

		}
	}

	public synchronized void removeUserFromPicketLinkGroup(String userName, String groupName) {
		OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
				OrganizationService.class);
		final String groupNameVal = PLATFORM_PREFIX + groupName;

		try {
			begin(orgService);

			Membership membership = orgService.getMembershipHandler().findMembershipByUserGroupAndType(userName,
					groupNameVal, MEMBERSHIP_TYPE);

			orgService.getMembershipHandler().removeMembership(membership.getId(), true);

		}
		catch (Exception e) {
			LOGGER.error("Failed to remove user (" + userName + ") from group (" + groupNameVal + ").", e);
		}
		finally {
			end(orgService);
		}
	}

public synchronized void addUserToPicketLinkGroup(String userName, String groupName) throws Exception {
		OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
				OrganizationService.class);

		final String groupNameVal = PLATFORM_PREFIX + groupName;

		try {
			begin(orgService);
			User user = orgService.getUserHandler().findUserByName(userName);

			MembershipType memberType = orgService.getMembershipTypeHandler().findMembershipType(MEMBERSHIP_TYPE);

			
			Group platformUserGroup = orgService.getGroupHandler().findGroupById("/platform");

			Group userGroup = orgService.getGroupHandler().findGroupById(groupNameVal);

			// If the group is not present, then create one
			if(userGroup == null) {
				Group tmpGroup = new ExtGroup();
				
				tmpGroup.setGroupName(groupName);
				tmpGroup.setLabel(groupName);

				orgService.getGroupHandler().addChild(platformUserGroup, tmpGroup, false);
				
				userGroup = orgService.getGroupHandler().findGroupById(groupNameVal);
			}
			
			orgService.getMembershipHandler().linkMembership(user, userGroup, memberType, true);

		}
		catch (Exception e) {
			log.error("Failed to add user " + userName + " to group " + groupNameVal + ".", e);
		}
		finally {
			end(orgService);
		}
	}

	@SuppressWarnings("unchecked")
	public synchronized void removeUserFromAllGroups(String userName) {
		OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
				OrganizationService.class);
		LOGGER.info(":: removeUserFromAllGroups ::  ");
		try {
			begin(orgService);

			Collection<Membership> membershipList = orgService.getMembershipHandler().findMembershipsByUser(userName);

			LOGGER.debug("Membership List Size :  " + membershipList.size());

			for (Membership member : membershipList) {
				LOGGER.info("Id : " + member.getId());
				LOGGER.info("GroupId : " + member.getGroupId());
				LOGGER.info("Membership Type : " + member.getMembershipType());
				LOGGER.info("GroupId : " + member.getUserName());

			}

			orgService.getMembershipHandler().removeMembershipByUser(userName, true);

		}
		catch (Exception e) {
			LOGGER.error("Failed to remove groups for user " + userName + ".", e);
		}
		finally {
			end(orgService);
		}

	}

	/**
	 * Begin the lifecycle of Organization Service.
	 * 
	 * @param orgService organization service
	 */
	private void begin(OrganizationService orgService) {
		if (orgService instanceof ComponentRequestLifecycle) {
			RequestLifeCycle.begin((ComponentRequestLifecycle) orgService);
		}
	}

	/**
	 * End the lifecycle of Organization Service.
	 * 
	 * @param orgService organization service
	 */
	private void end(OrganizationService orgService) {
		if (orgService instanceof ComponentRequestLifecycle) {
			RequestLifeCycle.end();
		}
	}

	/**
	 * @return Gives the {@link ExoContainer} that fits best with the current
	 * context
	 */
	private ExoContainer getContainer() {
		ExoContainer container = ExoContainerContext.getCurrentContainer();
		if (container instanceof RootContainer) {
			// The top container is a RootContainer, thus we assume that we are
			// in a portal mode
			PortalRequestContext portalRequestContext = PortalRequestContext.getCurrentInstance();

			container = PortalContainer.getCurrentInstance(portalRequestContext.getRequest().getSession()
					.getServletContext());

			if (container == null) {
				container = ExoContainerContext.getTopContainer();
			}
		}
		// The container is a PortalContainer or a StandaloneContainer
		return container;
	}

	private Identity getIdentity(String userName) {
		IdentityRegistry identityRegistry = (IdentityRegistry) PortalContainer.getInstance()
				.getComponentInstanceOfType(IdentityRegistry.class);
		return identityRegistry.getIdentity(userName);
	}

}
view rawOrganizationServiceUtil.java hosted with ❤ by GitHub
public class OrganizationServiceUtilException extends Exception {

	private static final long serialVersionUID = 1L;

	public OrganizationServiceUtilException() {
		super();
	}

	public OrganizationServiceUtilException(String message) {
		super(message);
	}

	public OrganizationServiceUtilException(Throwable cause) {
		super(cause);
	}

	public OrganizationServiceUtilException(String message, Throwable cause) {
		super(message, cause);
	}
}