Authorization plugins
The authorization framework would be useless without set of plugins. OpenGrok ships with basic set of plugins that allow for definition of flexible authorization stacks.
All LDAP plugins can use distinct LDAP server configuration. The configuration is put info effect by using the setup property, for example:
<void property="setup">
<void method="put">
<string>configuration</string>
<string>/opengrok/auth/config/ldap-plugin-config-corp.xml</string>
</void>
</void>and the ldap-plugin-config-corp.xml file can have these contents:
<?xml version="1.0" encoding="UTF-8"?>
<java version="1.8.0_65" class="java.beans.XMLDecoder">
<object class="opengrok.auth.plugin.configuration.Configuration">
<void property="interval">
<int>900000</int>
</void>
<void property="searchBase">
<string>dc=foo,dc=com</string>
</void>
<void property="webHooks">
<object class="opengrok.auth.plugin.util.WebHooks">
<void property="fail">
<object class="opengrok.auth.plugin.util.WebHook">
<void property="URI">
<string>http://localhost:8080/source/api/v1/messages</string>
</void>
<void property="content">
<string>{ "tags": [ "main" ], "cssClass": "class", "text": "corporate LDAP failed", "duration": "PT10M" }</string>
</void>
</object>
</void>
</object>
</void>
<void property="countLimit">
<int>10</int>
</void>
<void property="connectTimeout">
<int>3000</int>
</void>
<void property="searchTimeout">
<int>3000</int>
</void>
<void property="servers">
<void method="add">
<object class="opengrok.auth.plugin.ldap.LdapServer">
<void property="name">
<string>ldap://ldap.foo.com</string>
</void>
<void property="connectTimeout">
<int>3000</int>
</void>
</object>
</void>
</void>
</object>
</java>Here is the list of top-level properties:
| property | Type/unit | Description |
|---|---|---|
| interval | miliseconds | when the whole server pool is down, wait for this amount before trying again |
| searchBase | string | LDAP search base |
| webHooks | object | list of web hooks |
| countLimit | integer | retry count of connect attempts |
| connectTimeout | miliseconds | per server pool connect timeout |
| searchTimeout | miliseconds | per server pool search timeout |
| servers | object | list of LDAP servers |
List of webHooks properties:
| property | Type/unit | Description |
|---|---|---|
| URI | string | URI to post HTTP request to |
| content | string | the content of the request |
Server properties:
| property | Type/unit | Description |
|---|---|---|
| name | string | URL of the server |
| connectTimeout | milisecond | per server connect timeout |
The handy thing about the setup is that it can be placed right underneath the pluginStack definition, so that it can be shared by all LDAP plugins.
