Manage Roles and Groups using Gatein Organisation Service

Managing groups and roles/permission in Gatein Picketlink using Organisation Service.

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;

import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;

import org.apache.log4j.Logger;
import org.exoplatform.commons.utils.secure.SecureSet;
import org.exoplatform.container.ExoContainer;
import org.exoplatform.container.ExoContainerContext;
import org.exoplatform.container.PortalContainer;
import org.exoplatform.container.RootContainer;
import org.exoplatform.container.component.ComponentRequestLifecycle;
import org.exoplatform.container.component.RequestLifeCycle;
import org.exoplatform.portal.application.PortalRequestContext;
import org.exoplatform.services.organization.Group;
import org.exoplatform.services.organization.Membership;
import org.exoplatform.services.organization.MembershipType;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.idm.ExtGroup;
import org.exoplatform.services.organization.User;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.IdentityRegistry;
import org.exoplatform.services.security.MembershipEntry;

@ManagedBean
@SessionScoped
/**
 * An utility class to manage user's roles and group assignment in exoplatform gatein container.
 * 
 * @author Sachin Handiekar
 */
public class OrganizationServiceUtil {
    private static final Logger LOGGER = Logger.getLogger(OrganizationServiceUtil.class);

    private static final String MEMBERSHIP_TYPE = "member";

    private static final String PLATFORM_PREFIX = "/platform/";

    public synchronized void refreshUserGroups(String userName) throws OrganizationServiceUtilException {

        List<String> usersGroupList = getUserGroups(userName);

        LOGGER.info("Removing currently assigned groups from platform....");
        removeUserFromAllGroups(userName);

        // Add the groups into platforms
        for (String groupName : usersGroupList) {
            LOGGER.info("Adding user into " + groupName);
            addUserToPicketLinkGroup(userName, groupName);
        }

        addUserToPicketLinkGroup(userName, "users");

    }

    /**
     * A method which returns a list of user's group. The groups should be
     * defined in LDAP. Please see the usage guide on Picketlink Groups in
     * Gatein.
     * 
     * @param userName current logged in user's username
     * @return a list of user groups.
     */
    private List<String> getUserGroups(String userName) throws OrganizationServiceUtilException {

        /**
         * A web=service can be called in this method to retrieve a list of
         * groups which are stored in the database
         */
        List<String> groupList = new ArrayList<String>();

        groupList.add("SampleGroup1");
        groupList.add("SampleGroup2");
        groupList.add("SampleGroup3");

        return groupList;

    }

    /**
     * Refresh the permission of the current logged in user. The userName will
     * be taken from the Future's Content Bean.
     * 
     * @param userName userName of the user whose permission's need to get
     * refreshed.
     * @throws OrganizationServiceUtilException if any error occurs
     */
    public synchronized void refreshUserPermissions(String userName) throws OrganizationServiceUtilException {

        List<String> userPermissions = null;
        try {
            userPermissions = getUserPermissions(userName);

            LOGGER.info(":: userPermissions :: ");
            for (String perm : userPermissions) {
                LOGGER.info("Permission :: " + perm);

            }

            getIdentity(userName).setRoles(userPermissions);
        }
        catch (Exception ex) {
            LOGGER.error("An error occurred while getting permission for user (" + userName + ")", ex);
        }

    }

    /**
     * A method which returns a list of permission/roles. This method can be
     * used to call a webservice to retrieve a list of roles for a given
     * username.
     * 
     * @throws ServiceRuntimeFault
     * @throws RoleExpiredFault
     * @throws RoleNotFoundFault
     */
    private synchronized List<String> getUserPermissions(String userName) {

        List<String> userPerms = new ArrayList<String>();

        userPerms.add("PERMISSION_1");
        userPerms.add("PERMISSION_2");
        userPerms.add("PERMISSION_3");
        userPerms.add("PERMISSION_4");

        return userPerms;
    }

    /**
     * Add a role/permission from the User Identity object.
     * 
     * @param userName userName of the user
     * @param permissionName name of the permission.
     */
    public synchronized void addUserPermission(String userName, String permissionName) {

        getIdentity(userName).getRoles().add(permissionName);
    }

    /**
     * Remove a role/permission from the User Identity object.
     * 
     * @param userName userName of the user
     * @param permissionName name of the permission.
     */
    public synchronized void removeUserPermission(String userName, String permissionName) {
        getIdentity(userName).getRoles().remove(permissionName);
    }

    public void printAllGroups(String userName) {
        printSet(getIdentity(userName).getMemberships());
    }

    public void printAllPermissions(String userName) {
        LOGGER.info(":: Printing Roles/Permissions for user - " + userName);

        SecureSet<String> secureSet1 = (SecureSet<String>) getIdentity(userName).getRoles();

        Iterator<String> itr1 = secureSet1.iterator();

        while (itr1.hasNext()) {
            LOGGER.info("Role/Permission Name : " + itr1.next());
        }

    }

    private void printSet(Collection<MembershipEntry> membershipSet) {
        SecureSet<MembershipEntry> membershipEntrySet = (SecureSet<MembershipEntry>) membershipSet;

        Iterator<MembershipEntry> membershipEntryIterator = membershipEntrySet.iterator();

        while (membershipEntryIterator.hasNext()) {

            MembershipEntry membershipEntry = membershipEntryIterator.next();
            LOGGER.info("Group :: " + membershipEntry.getGroup());
            LOGGER.info("MembershipType :: " + membershipEntry.getMembershipType());

        }
    }

    public synchronized void removeUserFromPicketLinkGroup(String userName, String groupName) {
        OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
                OrganizationService.class);
        final String groupNameVal = PLATFORM_PREFIX + groupName;

        try {
            begin(orgService);

            Membership membership = orgService.getMembershipHandler().findMembershipByUserGroupAndType(userName,
                    groupNameVal, MEMBERSHIP_TYPE);

            orgService.getMembershipHandler().removeMembership(membership.getId(), true);

        }
        catch (Exception e) {
            LOGGER.error("Failed to remove user (" + userName + ") from group (" + groupNameVal + ").", e);
        }
        finally {
            end(orgService);
        }
    }

public synchronized void addUserToPicketLinkGroup(String userName, String groupName) throws Exception {
        OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
                OrganizationService.class);

        final String groupNameVal = PLATFORM_PREFIX + groupName;

        try {
            begin(orgService);
            User user = orgService.getUserHandler().findUserByName(userName);

            MembershipType memberType = orgService.getMembershipTypeHandler().findMembershipType(MEMBERSHIP_TYPE);


            Group platformUserGroup = orgService.getGroupHandler().findGroupById("/platform");

            Group userGroup = orgService.getGroupHandler().findGroupById(groupNameVal);

            // If the group is not present, then create one
            if(userGroup == null) {
                Group tmpGroup = new ExtGroup();

                tmpGroup.setGroupName(groupName);
                tmpGroup.setLabel(groupName);

                orgService.getGroupHandler().addChild(platformUserGroup, tmpGroup, false);

                userGroup = orgService.getGroupHandler().findGroupById(groupNameVal);
            }

            orgService.getMembershipHandler().linkMembership(user, userGroup, memberType, true);

        }
        catch (Exception e) {
            log.error("Failed to add user " + userName + " to group " + groupNameVal + ".", e);
        }
        finally {
            end(orgService);
        }
    }

    @SuppressWarnings("unchecked")
    public synchronized void removeUserFromAllGroups(String userName) {
        OrganizationService orgService = (OrganizationService) getContainer().getComponentInstanceOfType(
                OrganizationService.class);
        LOGGER.info(":: removeUserFromAllGroups ::  ");
        try {
            begin(orgService);

            Collection<Membership> membershipList = orgService.getMembershipHandler().findMembershipsByUser(userName);

            LOGGER.debug("Membership List Size :  " + membershipList.size());

            for (Membership member : membershipList) {
                LOGGER.info("Id : " + member.getId());
                LOGGER.info("GroupId : " + member.getGroupId());
                LOGGER.info("Membership Type : " + member.getMembershipType());
                LOGGER.info("GroupId : " + member.getUserName());

            }

            orgService.getMembershipHandler().removeMembershipByUser(userName, true);

        }
        catch (Exception e) {
            LOGGER.error("Failed to remove groups for user " + userName + ".", e);
        }
        finally {
            end(orgService);
        }

    }

    /**
     * Begin the lifecycle of Organization Service.
     * 
     * @param orgService organization service
     */
    private void begin(OrganizationService orgService) {
        if (orgService instanceof ComponentRequestLifecycle) {
            RequestLifeCycle.begin((ComponentRequestLifecycle) orgService);
        }
    }

    /**
     * End the lifecycle of Organization Service.
     * 
     * @param orgService organization service
     */
    private void end(OrganizationService orgService) {
        if (orgService instanceof ComponentRequestLifecycle) {
            RequestLifeCycle.end();
        }
    }

    /**
     * @return Gives the {@link ExoContainer} that fits best with the current
     * context
     */
    private ExoContainer getContainer() {
        ExoContainer container = ExoContainerContext.getCurrentContainer();
        if (container instanceof RootContainer) {
            // The top container is a RootContainer, thus we assume that we are
            // in a portal mode
            PortalRequestContext portalRequestContext = PortalRequestContext.getCurrentInstance();

            container = PortalContainer.getCurrentInstance(portalRequestContext.getRequest().getSession()
                    .getServletContext());

            if (container == null) {
                container = ExoContainerContext.getTopContainer();
            }
        }
        // The container is a PortalContainer or a StandaloneContainer
        return container;
    }

    private Identity getIdentity(String userName) {
        IdentityRegistry identityRegistry = (IdentityRegistry) PortalContainer.getInstance()
                .getComponentInstanceOfType(IdentityRegistry.class);
        return identityRegistry.getIdentity(userName);
    }

}
view rawOrganizationServiceUtil.java hosted with ❤ by GitHub
public class OrganizationServiceUtilException extends Exception {

    private static final long serialVersionUID = 1L;

    public OrganizationServiceUtilException() {
        super();
    }

    public OrganizationServiceUtilException(String message) {
        super(message);
    }

    public OrganizationServiceUtilException(Throwable cause) {
        super(cause);
    }

    public OrganizationServiceUtilException(String message, Throwable cause) {
        super(message, cause);
    }
}

Did you find this article valuable?

Support Sachin Handiekar by becoming a sponsor. Any amount is appreciated!