in gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java [1502:1587]
protected boolean hasShiroProviderErrors(Topology topology, boolean groupLookup) {
// First let's define the variables that represent the ShiroProvider params
String mainLdapRealm = "main.ldapRealm";
String contextFactory = mainLdapRealm + ".contextFactory";
String groupContextFactory = "main.ldapGroupContextFactory";
String authorizationEnabled = mainLdapRealm + ".authorizationEnabled";
String userSearchAttributeName = mainLdapRealm + ".userSearchAttributeName";
String userObjectClass = mainLdapRealm + ".userObjectClass";
String searchBase = mainLdapRealm + ".searchBase";
String groupSearchBase = mainLdapRealm + ".groupSearchBase";
String userSearchBase = mainLdapRealm + ".userSearchBase";
String groupObjectClass = mainLdapRealm + ".groupObjectClass";
String memberAttribute = mainLdapRealm + ".memberAttribute";
String memberAttributeValueTemplate = mainLdapRealm + ".memberAttributeValueTemplate";
String systemUsername = contextFactory + ".systemUsername";
String systemPassword = contextFactory + ".systemPassword";
String url = contextFactory + ".url";
String userDnTemplate = mainLdapRealm + ".userDnTemplate";
Provider shiro = topology.getProvider("authentication", "ShiroProvider");
if(shiro != null) {
Map<String, String> params = shiro.getParams();
int errs = 0;
if(groupLookup) {
int errors = 0;
errors += hasParam(params, groupContextFactory, true) ? 0 : 1;
errors += hasParam(params, groupObjectClass, true) ? 0 : 1;
errors += hasParam(params, memberAttributeValueTemplate, true) ? 0 : 1;
errors += hasParam(params, memberAttribute, true) ? 0 : 1;
errors += hasParam(params, authorizationEnabled, true) ? 0 : 1;
errors += hasParam(params, systemUsername, true) ? 0 : 1;
errors += hasParam(params, systemPassword, true) ? 0 : 1;
errors += hasParam(params, userSearchBase, true) ? 0 : 1;
errors += hasParam(params, groupSearchBase, true) ? 0 : 1;
errs += errors;
} else {
// Realm + Url is always required.
errs += hasParam(params, mainLdapRealm, true) ? 0 : 1;
errs += hasParam(params, url, true) ? 0 : 1;
if(hasParam(params, authorizationEnabled, false)) {
int errors = 0;
int searchBaseErrors = 0;
errors += hasParam(params, systemUsername, true) ? 0 : 1;
errors += hasParam(params, systemPassword, true) ? 0 : 1;
searchBaseErrors += hasParam(params, searchBase, false) ? 0 : hasParam(params, userSearchBase, false) ? 0 : 1;
if (searchBaseErrors > 0) {
out.println("Warn: Both " + searchBase + " and " + userSearchBase + " are missing from the topology");
}
errors += searchBaseErrors;
errs += errors;
}
// If any one of these is present they must all be present
if( hasParam(params, userSearchAttributeName, false) ||
hasParam(params, userObjectClass, false) ||
hasParam(params, searchBase, false) ||
hasParam(params, userSearchBase, false)) {
int errors = 0;
errors += hasParam(params, userSearchAttributeName, true) ? 0 : 1;
errors += hasParam(params, userObjectClass, true) ? 0 : 1;
errors += hasParam(params, searchBase, false) ? 0 : hasParam(params, userSearchBase, false) ? 0 : 1;
errors += hasParam(params, systemUsername, true) ? 0 : 1;
errors += hasParam(params, systemPassword, true) ? 0 : 1;
if(errors > 0) {
out.println(userSearchAttributeName + " or " + userObjectClass + " or " + searchBase + " or " + userSearchBase + " was found in the topology");
out.println("If any one of the above params is present then " + userSearchAttributeName +
" and " + userObjectClass + " must both be present and either " + searchBase + " or " + userSearchBase + " must also be present.");
}
errs += errors;
} else {
errs += hasParam(params, userDnTemplate, true) ? 0 : 1;
}
}
return (errs > 0);
} else {
out.println("Could not obtain ShiroProvider");
return true;
}
}