(Stuart Lewis) - Enable ldap.login.specialgroup special group for all LDAP users

git-svn-id: http://scm.dspace.org/svn/repo/branches/dspace-1_5_x@3146 9c30dcfa-912a-0410-8fc2-9e0234be79fd

dspace-api/src/main/java/org/dspace/authenticate/LDAPAuthentication.java

@@ -60,6 +60,7 @@ import org.dspace.core.ConfigurationManager;
 import org.dspace.core.Context;
 import org.dspace.core.LogManager;
 import org.dspace.eperson.EPerson;
+import org.dspace.eperson.Group;
 
 /**
  * Authentication module to authenticate against a flat LDAP tree where
@@ -119,14 +120,42 @@ public class LDAPAuthentication
     }
 
     /*
-     * Nothing here.
+     * Add authenticated users to the group defined in dspace.cfg by
+     * the ldap.login.specialgroup key.
      */
     public int[] getSpecialGroups(Context context, HttpServletRequest request)
     {
-        return new int[0];
+		// Prevents anonymous users from being added to this group, and the second check
+		// ensures they are LDAP users
+		try
+		{
+			if (!context.getCurrentUser().getNetid().equals(""))
+			{
+				String groupName = ConfigurationManager.getProperty("ldap.login.specialgroup");
+				if ((groupName != null) && (!groupName.trim().equals("")))
+				{
+					ldapGroup = Group.findByName(context, groupName);
+					if (ldapGroup == null)
+					{
+						// Oops - the group isn't there.
+						log.warn(LogManager.getHeader(context,
+								"ldap_specialgroup",
+								"Group defined in ldap.login.specialgroup does not exist"));
+						return new int[0];
+					} else
+					{
+						return new int[] { ldapGroup.getID() };
+					}
+				}
+			}
+		}
+		catch (Exception npe) {
+			// The user is not an LDAP user, so we don't need to worry about them
+		}
+		return new int[0];
     }
-
+	
-    /*
+	/*
      * MIT policy on certs and groups, so always short-circuit.
      *
      * @return One of:

dspace/CHANGES

@@ -1,5 +1,6 @@
 (Stuart Lewis)
  - [2057231] Refactor LDAPServlet to use Stackable Authentication
+ - Enable ldap.login.specialgroup special group for all LDAP users
 
 (Stuart Lewis / Chris Yates / Flavio Botelho / Alex Barbieri / Reuben Pasquini)
  - [2057378] Hierarchical LDAP support

dspace/config/dspace.cfg

@@ -426,6 +426,14 @@ ldap.enable = false
 webui.ldap.autoregister = true
 
 
+##### LDAP users group #####
+
+# If required, a group name can be given here, and all users who log in
+# to LDAP will automatically become members of this group. This is useful
+# if you want a group made up of all internal authenticated users.
+#ldap.login.specialgroup = group-name
+
+
 ##### Hierarchical LDAP Settings #####
 
 # If your users are spread out across a hierarchical tree on your
@@ -460,13 +468,6 @@ webui.ldap.autoregister = true
 # to be 'user@example.com
 #ldap.netid_email_domain = @example.com
 
-##### LDAP users group #####
-
-# If required, a group name can be given here, and all users who log in
-# to LDAP will automatically become members of this group. This is useful
-# if you want a group made up of all internal authenticated users.
-#ldap.login.specialgroup = group-name
-
 
 #### Proxy Settings ######
 # uncomment and specify both properties if proxy server required