Class: Crowd

Inherits:
Object
  • Object
show all
Includes:
SOAP
Defined in:
lib/crowd/version.rb,
lib/crowd.rb,
lib/crowd/user_attribute_keys.rb

Overview

:nodoc:

Defined Under Namespace

Modules: UserAttributeKeys, Version Classes: AuthenticationConnectionException, AuthenticationException, AuthenticationInvalidCredentialException, AuthenticationInvalidException, AuthenticationObjectNotFoundException

Class Method Summary collapse

Class Method Details

.add_attribute_principal(username, attributes) ⇒ Object

Add attribute to principal



309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
 
# File 'lib/crowd.rb', line 309

def self.add_attribute_principal(username, attributes)
  attributes.each do |key, val|
    response = authenticated_connection do
      if(val.class == Array)
        valArray = ArrayOfString.new(val)
      else
        valArray = ArrayOfString.new
        valArray << val
      end

      tuple = SOAPAttribute.new(key, valArray)
      arg = AddAttributeToPrincipal.new(@@application_token, username, tuple)
      
      server.addAttributeToPrincipal(arg)
    end

    case response
      when AddAttributeToPrincipalResponse
        # Burying it because this means it was successful
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
  
  true
end

.add_principal(username, password, description, is_active, attributes) ⇒ Object

Add Principal



191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
 
# File 'lib/crowd.rb', line 191

def self.add_principal(username, password, description, is_active, attributes)
  response = authenticated_connection do
    
    attrs = ArrayOfSOAPAttribute.new()
    attributes.each do |key, val|
      if (val.class == Array)
        attrVal = ArrayOfString.new(val)
      else
        attrVal = ArrayOfString.new
        attrVal << val
      end
      attrs << SOAPAttribute.new(key, attrVal)
    end

    principal = SOAPPrincipal.new(nil, is_active, attrs, nil, description, nil, nil, username)
    pword = PasswordCredential.new(password, false)
    arg = AddPrincipal.new(@@application_token, principal, pword)

    server.addPrincipal(arg)
  end
  
  case response
    when AddPrincipalResponse
      return true
    when InvalidCredentialException
      raise AuthenticationInvalidCredentalException
    when InvalidUserException
      raise AuthenticationInvalidException, response
    else
      raise AuthenticationException, response
  end
end

.add_principal_to_role(username, role) ⇒ Object

Add Principal to Role



444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
 
# File 'lib/crowd.rb', line 444

def self.add_principal_to_role(username, role)    
  response = authenticated_connection do         
    arg = AddPrincipalToRole.new(@@application_token, username, role)
    #raise arg.to_yaml
    server.addPrincipalToRole(arg)
  end
  
  case response
    when AddPrincipalToRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.add_role(name, description, is_active) ⇒ Object

Add Role



425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
 
# File 'lib/crowd.rb', line 425

def self.add_role(name, description, is_active)
  response = authenticated_connection do 
    role = SOAPRole.new(nil, is_active, nil, nil, description, nil, nil, nil, name)
    arg = AddRole.new(@@application_token, role)
    server.addRole(arg)
  end
  
  case response
    when AddRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.application_tokenObject 



85
 
# File 'lib/crowd.rb', line 85

def self.application_token; @@application_token; end

.application_token=(value) ⇒ Object

for testing



84
 
# File 'lib/crowd.rb', line 84

def self.application_token=(value); @@application_token = value; end

.authenticate_application(validation_factors = {}) ⇒ Object

Authenticates an application client to the Crowd security server.



112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/crowd.rb', line 112

def self.authenticate_application(validation_factors = {})
  pword = PasswordCredential.new(@@crowd_app_pword, false)
  aovf = helper_validation_factors(validation_factors)
  ctx = ApplicationAuthenticationContext.new(pword, @@crowd_app_name, aovf)
  arg = AuthenticateApplication.new(ctx)
  begin
    response = server.authenticateApplication(arg)
  rescue Errno::ECONNREFUSED => e
    raise AuthenticationConnectionException, e
  end
  @@application_token = response.out
end

.authenticate_principal(username, password, validation_factors = {}) ⇒ Object

Authenticates a principal verses the calling who is in the application’s assigned directory.

To use SSO, set:

validation_factors = { 'USER_AGENT' => '...', 'REMOTE_ADDRESS' => '...' }
for proxy users { 'X_FORWARDED_FOR" => '...' } might be useful as well.



131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/crowd.rb', line 131

def self.authenticate_principal(username, password, validation_factors = {})
  response = authenticated_connection do
    pword = PasswordCredential.new(password, false)
    aovf = helper_validation_factors(validation_factors)
    ctx = UserAuthenticationContext.new(@@application_token.name, pword, username, aovf)
    arg = AuthenticatePrincipal.new(@@application_token, ctx)

    server.authenticatePrincipal(arg)      
  end    
  
  #evaluate the response.  ideally, the authenticatePrincipal call should
  #return an AuthenticationInvalidCredentialException and we can handle it more
  #nicely below.
  case response
    when AuthenticatePrincipalResponse        
      return response.out
    when InvalidAuthenticationException
      return nil      
    when InactiveAccountException
      return nil
    when nil #no reponse      
      raise AuthenticationInvalidCredentialException, response
    when ::AuthenticationException
      raise AuthenticationInvalidCredentialException, response
    else
      raise AuthenticationException, response
  end
end

.create_principal_token(username, validation_factors = {}) ⇒ Object

Authenticates a principal without validating a password.



163
164
165
166
167
168
169
170
 
# File 'lib/crowd.rb', line 163

def self.create_principal_token(username, validation_factors = {})
  response = authenticated_connection do
    aovf = helper_validation_factors(validation_factors)
    arg = CreatePrincipalToken.new(@@application_token, username, aovf)
    server.createPrincipalToken(arg)
  end
  response.out
end

.crowd_app_nameObject 



87
 
# File 'lib/crowd.rb', line 87

def self.crowd_app_name; @@crowd_app_name; end

.crowd_app_name=(value) ⇒ Object 



53
 
# File 'lib/crowd.rb', line 53

def self.crowd_app_name=(value); @@crowd_app_name = value; end

.crowd_app_pwordObject 



88
 
# File 'lib/crowd.rb', line 88

def self.crowd_app_pword; @@crowd_app_pword; end

.crowd_app_pword=(value) ⇒ Object 



59
 
# File 'lib/crowd.rb', line 59

def self.crowd_app_pword=(value); @@crowd_app_pword = value; end

.crowd_session_lastvalidationObject 



92
 
# File 'lib/crowd.rb', line 92

def self.crowd_session_lastvalidation; @@crowd_session_lastvalidation; end

.crowd_session_lastvalidation=(value) ⇒ Object 



81
 
# File 'lib/crowd.rb', line 81

def self.crowd_session_lastvalidation=(value); @@crowd_session_lastvalidation = value; end

.crowd_session_tokenkeyObject 



90
 
# File 'lib/crowd.rb', line 90

def self.crowd_session_tokenkey; @@crowd_session_tokenkey; end

.crowd_session_tokenkey=(value) ⇒ Object 



75
 
# File 'lib/crowd.rb', line 75

def self.crowd_session_tokenkey=(value); @@crowd_session_tokenkey = value; end

.crowd_session_validationintervalObject 



91
 
# File 'lib/crowd.rb', line 91

def self.crowd_session_validationinterval; @@crowd_session_validationinterval; end

.crowd_session_validationinterval=(value) ⇒ Object 



69
 
# File 'lib/crowd.rb', line 69

def self.crowd_session_validationinterval=(value); @@crowd_session_validationinterval = value; end

.crowd_urlObject 



86
 
# File 'lib/crowd.rb', line 86

def self.crowd_url; @@crowd_url; end

.crowd_url=(value) ⇒ Object 



47
 
# File 'lib/crowd.rb', line 47

def self.crowd_url=(value); @@crowd_url = value; end

.find_all_group_namesObject 



535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
 
# File 'lib/crowd.rb', line 535

def self.find_all_group_names
  response = authenticated_connection do 
    arg = FindAllGroupNames.new(@@application_token)
    server.findAllGroupNames(arg)
  end
  
  case response
    when FindAllGroupNamesResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.find_all_groups_for_principal(username) ⇒ Object 



551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
 
# File 'lib/crowd.rb', line 551

def self.find_all_groups_for_principal(username)
   response = authenticated_connection do 
     arg = FindGroupMemberships.new(@@application_token, username)
     server.findGroupMemberships(arg)
   end
   
   case response
     when FindGroupMembershipsResponse
       return response.out
     when ObjectNotFoundException
       return AuthenticationObjectNotFoundException
     else
       raise AuthenticationException, response
   end
end

.find_all_principal_namesObject

Find all principal names



389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
 
# File 'lib/crowd.rb', line 389

def self.find_all_principal_names    
  response = authenticated_connection do
    arg = FindAllPrincipalNames.new(@@application_token)
    server.findAllPrincipalNames(arg)
  end
  
  case response
    when FindAllPrincipalNamesResponse
      return response.out
    when ObjectNotFoundException
      return {}
    else
      raise AuthenticationException, response
  end
end

.find_all_role_namesObject

Find all role names



407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
 
# File 'lib/crowd.rb', line 407

def self.find_all_role_names
  response = authenticated_connection do 
    arg = FindAllRoleNames.new(@@application_token)
    server.findAllRoleNames(arg)
  end
  
  case response
    when FindAllRoleNamesResponse
      return response.out
    when ObjectNotFoundException
      return {}
    else
      raise AuthenticationException, response
  end
end

.find_principal_by_token(token) ⇒ Object

Find Principal via token



246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
 
# File 'lib/crowd.rb', line 246

def self.find_principal_by_token(token)
  response = authenticated_connection do
    arg = FindPrincipalByToken.new(@@application_token, token)
    server.findPrincipalByToken(arg)      
  end
  case response
    when FindPrincipalByTokenResponse
      return parse_principal(response.out)
    when ObjectNotFoundException
      return nil
    else
      raise AuthenticationException, response
  end 
rescue AuthenticationObjectNotFoundException
  return nil
rescue AuthenticationException => e
  nil
rescue ::SOAP::FaultError => e
  raise AuthenticationException, e.message
end

.find_principal_by_username(username) ⇒ Object

Find Principal via username



226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
 
# File 'lib/crowd.rb', line 226

def self.find_principal_by_username(username)    
  response = authenticated_connection do
    arg = FindPrincipalByName.new(@@application_token, username)
    server.findPrincipalByName(arg)      
  end
  
  case response
    when FindPrincipalByNameResponse
      return parse_principal(response.out)
    when ObjectNotFoundException
      return nil
    else
      raise AuthenticationException, response
  end
rescue AuthenticationException => e
  raise AuthenticationObjectNotFoundException, e    
end

.get_group(name) ⇒ Object 



567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
 
# File 'lib/crowd.rb', line 567

def self.get_group(name)
  response = authenticated_connection do 
     arg = FindGroupByName.new(@@application_token, name)
     server.findGroupByName(arg)
   end
   
   case response
     when FindGroupByNameResponse
       return response.out
     when ObjectNotFoundException
       return AuthenticationObjectNotFoundException
     else
       raise AuthenticationException, response
   end
end

.invalidate_principal_token(token) ⇒ Object

Invalidate Principal Token



269
270
271
272
273
274
275
276
277
278
279
280
281
 
# File 'lib/crowd.rb', line 269

def self.invalidate_principal_token(token)
  response = authenticated_connection do 
    arg = InvalidatePrincipalToken.new(@@application_token, token)
    server.invalidatePrincipalToken(arg)
  end
  
  case response
    when InvalidatePrincipalTokenResponse
      return true
    else
      raise AuthenticationException, response
  end
end

.is_group_member(username, group) ⇒ Object

Is Group Member



519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
 
# File 'lib/crowd.rb', line 519

def self.is_group_member(username, group)
  response = authenticated_connection do 
    arg = IsGroupMember.new(@@application_token, group, username )
    server.isGroupMember(arg)
  end
  
  case response
    when IsGroupMemberResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.is_role_member(username, role) ⇒ Object

Is Role Member



481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
 
# File 'lib/crowd.rb', line 481

def self.is_role_member(username, role)
  response = authenticated_connection do 
    arg = IsRoleMember.new(@@application_token, username, role )
    server.isRoleMember(arg)
  end
  
  case response
    when IsRoleMemberResponse
      return response.out
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.is_valid_principal_token?(principal_token, validation_factors = {}) ⇒ Boolean

Checks if the principal’s current token is still valid.

Returns:

  • (Boolean) 


174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
# File 'lib/crowd.rb', line 174

def self.is_valid_principal_token?(principal_token, validation_factors = {})
  response = authenticated_connection do
    aovf = helper_validation_factors(validation_factors)
    arg = IsValidPrincipalToken.new(@@application_token, principal_token, aovf)
    server.isValidPrincipalToken(arg)      
  end    
  
  case response
    when IsValidPrincipalTokenResponse        
      return response.out
    else
      raise AuthenticationException, response
  end
end

.remove_attribute_principal(username, attributes) ⇒ Object

Remove principal attribute



285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
 
# File 'lib/crowd.rb', line 285

def self.remove_attribute_principal(username, attributes)    
  if(attributes.class != Array)
    attributes = [attributes]
  end
  
  attributes.each do |attr|
    response = authenticated_connection do
      arg = RemoveAttributeFromPrincipal.new(@@application_token, username, attr)
      server.removeAttributeFromPrincipal(arg)
    end

    case response
      when RemoveAttributeFromPrincipalResponse
        # Burying as this means it succeeded
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
end

.remove_principal(username) ⇒ Object

Remove principal



371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
 
# File 'lib/crowd.rb', line 371

def self.remove_principal(username)
  response = authenticated_connection do
    arg = RemovePrincipal.new(@@application_token, username)        
    server.removePrincipal(arg)
  end
  
  case response
    when RemovePrincipalResponse
      return true
    when ObjectNotFoundException
      raise AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end    
end

.remove_principal_from_role(username, role) ⇒ Object

Remove Principal form Role



463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
 
# File 'lib/crowd.rb', line 463

def self.remove_principal_from_role(username, role)
  response = authenticated_connection do 
    arg = RemovePrincipalFromRole.new(@@application_token, username, role)
    server.removePrincipalFromRole(arg)
  end
  
  case response
    when RemovePrincipalFromRoleResponse
      return true
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.remove_role(role) ⇒ Object

Remove Role



501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
 
# File 'lib/crowd.rb', line 501

def self.remove_role(role)
  response = authenticated_connection do 
    arg = RemoveRole.new(@@application_token, role)
    server.removeRole(arg)
  end
  
  case response
    when RemoveRoleResponse
      return true        
    when ObjectNotFoundException
      return AuthenticationObjectNotFoundException
    else
      raise AuthenticationException, response
  end
end

.update_attribute_principal(username, attributes) ⇒ Object

Update attribute on principal



340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
 
# File 'lib/crowd.rb', line 340

def self.update_attribute_principal(username, attributes)    
  attributes.each do |key, val|
    response = authenticated_connection do
      if val.is_a?(Array)
        valArray = ArrayOfString.new(val)
      else
        valArray = ArrayOfString.new
        valArray << val
      end

      tuple = SOAPAttribute.new(key, valArray)
      arg = UpdatePrincipalAttribute.new(@@application_token, username, tuple)
      
      server.updatePrincipalAttribute(arg)
    end

    case response
      when UpdatePrincipalAttributeResponse
        # Burying as it worked
      when ObjectNotFoundException
        raise AuthenticationObjectNotFoundException
      else
        raise AuthenticationException, response
    end
  end
  
  true
end