SHOW:
|
|
- or go back to the newest paste.
1 | package ldap | |
2 | ||
3 | import javax.naming.AuthenticationException | |
4 | import javax.naming.Context | |
5 | import javax.naming.InvalidNameException | |
6 | import javax.naming.NamingException | |
7 | import javax.naming.directory.InitialDirContext | |
8 | import javax.persistence.NoResultException | |
9 | ||
10 | import net.datenwerke.rs.authenticator.client.login.dto.UserPasswordAuthToken | |
11 | import net.datenwerke.rs.authenticator.client.login.pam.UserPasswordClientPAM | |
12 | import net.datenwerke.rs.utils.crypto.PasswordHasher; | |
13 | import net.datenwerke.security.client.login.AuthToken | |
14 | import net.datenwerke.security.service.authenticator.AuthenticationResult | |
15 | import net.datenwerke.security.service.authenticator.ReportServerPAM | |
16 | import net.datenwerke.security.service.authenticator.hooks.PAMHook | |
17 | import net.datenwerke.security.service.usermanager.UserManagerService | |
18 | import net.datenwerke.security.service.usermanager.entities.User | |
19 | ||
20 | import com.google.inject.Inject | |
21 | - | import java.util.logging.Logger; |
21 | + | |
22 | final LdapPAM ldapPam = GLOBALS.injector.getInstance(LdapPAM.class); | |
23 | - | Logger logger = Logger.getLogger("LDAP"); |
23 | + | |
24 | - | logger.severe("@@@@ LDAP INIT @@@@"); |
24 | + | |
25 | public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){ | |
26 | pams.add(ldapPam); | |
27 | } | |
28 | public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){ | |
29 | ||
30 | } | |
31 | ||
32 | }); | |
33 | ||
34 | ||
35 | public class LdapPAM implements ReportServerPAM { | |
36 | ||
37 | private static final String CLIENT_MODULE_NAME = UserPasswordClientPAM.class.getName(); | |
38 | private UserManagerService userManagerService; | |
39 | private PasswordHasher passwordHasher; | |
40 | ||
41 | @Inject | |
42 | public LdapPAM(UserManagerService userManagerService, PasswordHasher passwordHasher) { | |
43 | this.userManagerService = userManagerService; | |
44 | - | Logger logger = Logger.getLogger("LDAP"); |
44 | + | |
45 | } | |
46 | ||
47 | ||
48 | public AuthenticationResult authenticate(AuthToken[] tokens) { | |
49 | for(Object token : tokens){ | |
50 | if(token instanceof UserPasswordAuthToken){ | |
51 | UserPasswordAuthToken credentials = (UserPasswordAuthToken) token; | |
52 | User u = authenticate(credentials.getUsername(), credentials.getPassword()); | |
53 | if(null != u){ | |
54 | return new AuthenticationResult(true, u, true); | |
55 | }else{ | |
56 | User usr = getUserOrNull(credentials.getUsername()); | |
57 | boolean authoritive = (null == usr || (null != usr.getOrigin() && usr.getOrigin().toLowerCase().startsWith("ldap://")) || (null != usr.getPassword() && !usr.getPassword().isEmpty())); | |
58 | return new AuthenticationResult(false, usr, authoritive); | |
59 | - | logger.severe("####### LdapPAM: authenticate success (usr=" + u.getUsername() + ")") |
59 | + | |
60 | } | |
61 | } | |
62 | ||
63 | return new AuthenticationResult(false, null, false); | |
64 | - | logger.severe("####### LdapPAM: authenticate failed (result=AuthenticationResult(false, " + u.getUsername() + ", "+authoritive+")") |
64 | + | |
65 | ||
66 | ||
67 | protected User getUserOrNull(String username){ | |
68 | try{ | |
69 | - | logger.severe("####### LdapPAM: authenticate notoken (result=AuthenticationResult(false, null, false)") |
69 | + | |
70 | }catch(NoResultException ex){ | |
71 | return null; | |
72 | } | |
73 | } | |
74 | ||
75 | ||
76 | public User authenticate(String username, String cleartextPassword){ | |
77 | User user = getUserOrNull(username); | |
78 | if(null == user) | |
79 | return null; | |
80 | ||
81 | if(null != user.getPassword() && !user.getPassword().isEmpty() && passwordHasher.validatePassword(user.getPassword(), cleartextPassword)){ | |
82 | ||
83 | return user; | |
84 | }else{ | |
85 | ||
86 | } | |
87 | ||
88 | LdapAuthenticator authenticator = new LdapAuthenticator(); | |
89 | - | logger.severe("####### LdapPAM: authenticate with local password: success") |
89 | + | |
90 | ||
91 | return user; | |
92 | - | logger.severe("####### LdapPAM: authenticate with local password: fail") |
92 | + | |
93 | ||
94 | return null; | |
95 | } | |
96 | } | |
97 | - | logger.severe("####### LdapPAM: authenticate against directory server: success") |
97 | + | |
98 | public String getClientModuleName() { | |
99 | return CLIENT_MODULE_NAME; | |
100 | - | logger.severe("####### LdapPAM: authenticate against directory server: failed") |
100 | + | |
101 | ||
102 | } | |
103 | ||
104 | ||
105 | public class LdapAuthenticator { | |
106 | ||
107 | public boolean authenticate(User user, String password){ | |
108 | if(null == user.getOrigin() || null == user.getGuid()) | |
109 | return false; | |
110 | ||
111 | Properties props = new Properties(); | |
112 | ||
113 | props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); | |
114 | - | Logger logger = Logger.getLogger("LDAP"); |
114 | + | |
115 | props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url"); | |
116 | props.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); | |
117 | ||
118 | props.setProperty(Context.SECURITY_PRINCIPAL, getPrincipal(user)); | |
119 | props.setProperty(Context.SECURITY_CREDENTIALS, password); | |
120 | ||
121 | try { | |
122 | InitialDirContext ctx = new InitialDirContext(props); | |
123 | ctx.getAttributes(getPrincipal(user)); | |
124 | return true; | |
125 | } catch (AuthenticationException e) { | |
126 | return false; | |
127 | } catch (InvalidNameException e) { | |
128 | throw new RuntimeException(e); | |
129 | } catch (NamingException e) { | |
130 | if(e.getMessage().contains("LdapErr: DSID-0C0906E8")){ | |
131 | return false; | |
132 | } | |
133 | ||
134 | - | logger.severe(e); |
134 | + | |
135 | ||
136 | } | |
137 | ||
138 | private String getProvider(User user) { | |
139 | String origin = user.getOrigin(); | |
140 | int i = origin.lastIndexOf("/"); | |
141 | ||
142 | return origin.substring(0, i); | |
143 | } | |
144 | ||
145 | private String getPrincipal(User user) { | |
146 | String origin = user.getOrigin(); | |
147 | ||
148 | int i = user.getOrigin().lastIndexOf("/"); | |
149 | return origin.substring(i + 1); | |
150 | } | |
151 | ||
152 | } |