View difference between Paste ID: <a href="/sEknVQnF">sEknVQnF</a> and <a href="/yUV828Qb">yUV828Qb</a>

package ldap
1		package ldap
2
3		import javax.naming.AuthenticationException
4		import javax.naming.Context
5		import javax.naming.InvalidNameException
6		import javax.naming.NamingException
7		import javax.naming.directory.InitialDirContext
8		import javax.persistence.NoResultException
9
10		import net.datenwerke.rs.authenticator.client.login.dto.UserPasswordAuthToken
11		import net.datenwerke.rs.authenticator.client.login.pam.UserPasswordClientPAM
12		import net.datenwerke.rs.utils.crypto.PasswordHasher;
13		import net.datenwerke.security.client.login.AuthToken
14		import net.datenwerke.security.service.authenticator.AuthenticationResult
15		import net.datenwerke.security.service.authenticator.ReportServerPAM
16		import net.datenwerke.security.service.authenticator.hooks.PAMHook
17		import net.datenwerke.security.service.usermanager.UserManagerService
18		import net.datenwerke.security.service.usermanager.entities.User
19
20		import com.google.inject.Inject
21	-	import java.util.logging.Logger;
21	+
22		final LdapPAM ldapPam = GLOBALS.injector.getInstance(LdapPAM.class);
23	-	Logger logger = Logger.getLogger("LDAP");
23	+
24	-	logger.severe("@@@@ LDAP INIT @@@@");
24	+
25		public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
26		pams.add(ldapPam);
27		}
28		public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
29
30		}
31
32		});
33
34
35		public class LdapPAM implements ReportServerPAM {
36
37		private static final String CLIENT_MODULE_NAME = UserPasswordClientPAM.class.getName();
38		private UserManagerService userManagerService;
39		private PasswordHasher passwordHasher;
40
41		@Inject
42		public LdapPAM(UserManagerService userManagerService, PasswordHasher passwordHasher) {
43		this.userManagerService = userManagerService;
44	-	Logger logger = Logger.getLogger("LDAP");
44	+
45		}
46
47
48		public AuthenticationResult authenticate(AuthToken[] tokens) {
49		for(Object token : tokens){
50		if(token instanceof UserPasswordAuthToken){
51		UserPasswordAuthToken credentials = (UserPasswordAuthToken) token;
52		User u = authenticate(credentials.getUsername(), credentials.getPassword());
53		if(null != u){
54		return new AuthenticationResult(true, u, true);
55		}else{
56		User usr = getUserOrNull(credentials.getUsername());
57		boolean authoritive = (null == usr \|\| (null != usr.getOrigin() && usr.getOrigin().toLowerCase().startsWith("ldap://")) \|\| (null != usr.getPassword() && !usr.getPassword().isEmpty()));
58		return new AuthenticationResult(false, usr, authoritive);
59	-	logger.severe("####### LdapPAM: authenticate success (usr=" + u.getUsername() + ")")
59	+
60		}
61		}
62
63		return new AuthenticationResult(false, null, false);
64	-	logger.severe("####### LdapPAM: authenticate failed (result=AuthenticationResult(false, " + u.getUsername() + ", "+authoritive+")")
64	+
65
66
67		protected User getUserOrNull(String username){
68		try{
69	-	logger.severe("####### LdapPAM: authenticate notoken (result=AuthenticationResult(false, null, false)")
69	+
70		}catch(NoResultException ex){
71		return null;
72		}
73		}
74
75
76		public User authenticate(String username, String cleartextPassword){
77		User user = getUserOrNull(username);
78		if(null == user)
79		return null;
80
81		if(null != user.getPassword() && !user.getPassword().isEmpty() && passwordHasher.validatePassword(user.getPassword(), cleartextPassword)){
82
83		return user;
84		}else{
85
86		}
87
88		LdapAuthenticator authenticator = new LdapAuthenticator();
89	-	logger.severe("####### LdapPAM: authenticate with local password: success")
89	+
90
91		return user;
92	-	logger.severe("####### LdapPAM: authenticate with local password: fail")
92	+
93
94		return null;
95		}
96		}
97	-	logger.severe("####### LdapPAM: authenticate against directory server: success")
97	+
98		public String getClientModuleName() {
99		return CLIENT_MODULE_NAME;
100	-	logger.severe("####### LdapPAM: authenticate against directory server: failed")
100	+
101
102		}
103
104
105		public class LdapAuthenticator {
106
107		public boolean authenticate(User user, String password){
108		if(null == user.getOrigin() \|\| null == user.getGuid())
109		return false;
110
111		Properties props = new Properties();
112
113		props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
114	-	Logger logger = Logger.getLogger("LDAP");
114	+
115		props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
116		props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
117
118		props.setProperty(Context.SECURITY_PRINCIPAL, getPrincipal(user));
119		props.setProperty(Context.SECURITY_CREDENTIALS, password);
120
121		try {
122		InitialDirContext ctx = new InitialDirContext(props);
123		ctx.getAttributes(getPrincipal(user));
124		return true;
125		} catch (AuthenticationException e) {
126		return false;
127		} catch (InvalidNameException e) {
128		throw new RuntimeException(e);
129		} catch (NamingException e) {
130		if(e.getMessage().contains("LdapErr: DSID-0C0906E8")){
131		return false;
132		}
133
134	-	logger.severe(e);
134	+
135
136		}
137
138		private String getProvider(User user) {
139		String origin = user.getOrigin();
140		int i = origin.lastIndexOf("/");
141
142		return origin.substring(0, i);
143		}
144
145		private String getPrincipal(User user) {
146		String origin = user.getOrigin();
147
148		int i = user.getOrigin().lastIndexOf("/");
149		return origin.substring(i + 1);
150		}
151
152		}