hookldappam.groovy (no debugging) - Report Server 2.2.1-5602

1. package ldap
2.  
3. import javax.naming.AuthenticationException
4. import javax.naming.Context
5. import javax.naming.InvalidNameException
6. import javax.naming.NamingException
7. import javax.naming.directory.InitialDirContext
8. import javax.persistence.NoResultException
9.  
10. import net.datenwerke.rs.authenticator.client.login.dto.UserPasswordAuthToken
11. import net.datenwerke.rs.authenticator.client.login.pam.UserPasswordClientPAM
12. import net.datenwerke.rs.utils.crypto.PasswordHasher;
13. import net.datenwerke.security.client.login.AuthToken
14. import net.datenwerke.security.service.authenticator.AuthenticationResult
15. import net.datenwerke.security.service.authenticator.ReportServerPAM
16. import net.datenwerke.security.service.authenticator.hooks.PAMHook
17. import net.datenwerke.security.service.usermanager.UserManagerService
18. import net.datenwerke.security.service.usermanager.entities.User
19.  
20. import com.google.inject.Inject
21.  
22. final LdapPAM ldapPam = GLOBALS.injector.getInstance(LdapPAM.class);
23. GLOBALS.services.callbackRegistry.attachHook("LDAP_PAM", PAMHook.class, new PAMHook(){
24.    
25.     public void beforeStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
26.         pams.add(ldapPam);
27.     }
28.     public void afterStaticPamConfig(LinkedHashSet<ReportServerPAM> pams){
29.        
30.     }
31.    
32. });
33.  
34.  
35. public class LdapPAM implements ReportServerPAM {
36.    
37.     private static final String CLIENT_MODULE_NAME = UserPasswordClientPAM.class.getName();
38.     private UserManagerService userManagerService;
39.     private PasswordHasher passwordHasher;
40.  
41.     @Inject
42.     public LdapPAM(UserManagerService userManagerService, PasswordHasher passwordHasher) {
43.         this.userManagerService = userManagerService;
44.         this.passwordHasher = passwordHasher;
45.     }
46.    
47.    
48.     public AuthenticationResult authenticate(AuthToken[] tokens) {
49.         for(Object token : tokens){
50.             if(token instanceof UserPasswordAuthToken){
51.                 UserPasswordAuthToken credentials = (UserPasswordAuthToken) token;
52.                 User u = authenticate(credentials.getUsername(), credentials.getPassword());
53.                 if(null != u){
54.                     return new AuthenticationResult(true, u, true);
55.                 }else{
56.                     User usr = getUserOrNull(credentials.getUsername());
57.                     boolean authoritive = (null == usr || (null != usr.getOrigin() && usr.getOrigin().toLowerCase().startsWith("ldap://")) || (null != usr.getPassword() && !usr.getPassword().isEmpty()));
58.                     return new AuthenticationResult(false, usr, authoritive);
59.                 }
60.             }
61.         }
62.  
63.         return new AuthenticationResult(false, null, false);
64.     }
65.    
66.    
67.     protected User getUserOrNull(String username){
68.         try{
69.             return userManagerService.getUserByName(username);
70.         }catch(NoResultException ex){
71.             return null;
72.         }
73.     }
74.    
75.    
76.     public User authenticate(String username, String cleartextPassword){
77.         User user = getUserOrNull(username);
78.         if(null == user)
79.             return null;
80.        
81.         if(null != user.getPassword() && !user.getPassword().isEmpty() && passwordHasher.validatePassword(user.getPassword(), cleartextPassword)){
82.  
83.             return user;
84.         }else{
85.  
86.         }      
87.            
88.         LdapAuthenticator authenticator = new LdapAuthenticator(); 
89.         if(authenticator.authenticate(user, cleartextPassword)){
90.  
91.             return user;
92.         }else{
93.  
94.             return null;
95.         }
96.     }
97.    
98.     public String getClientModuleName() {
99.         return CLIENT_MODULE_NAME;
100.     }
101.  
102. }
103.  
104.  
105. public class LdapAuthenticator {
106.    
107.     public boolean authenticate(User user, String password){
108.         if(null == user.getOrigin() || null == user.getGuid())
109.             return false;
110.        
111.         Properties props = new Properties();
112.  
113.         props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
114.         props.setProperty(Context.PROVIDER_URL, getProvider(user));
115.         props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
116.         props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
117.  
118.         props.setProperty(Context.SECURITY_PRINCIPAL, getPrincipal(user));
119.         props.setProperty(Context.SECURITY_CREDENTIALS, password);
120.        
121.         try {
122.             InitialDirContext ctx = new InitialDirContext(props);
123.             ctx.getAttributes(getPrincipal(user));
124.             return true;
125.         } catch (AuthenticationException e) {
126.             return false;
127.         } catch (InvalidNameException e) {
128.             throw new RuntimeException(e);
129.         } catch (NamingException e) {
130.             if(e.getMessage().contains("LdapErr: DSID-0C0906E8")){
131.                 return false;
132.             }
133.            
134.         }
135.  
136.     }
137.  
138.     private String getProvider(User user) {
139.         String origin = user.getOrigin();
140.         int i = origin.lastIndexOf("/");
141.        
142.         return origin.substring(0, i);
143.     }
144.  
145.     private String getPrincipal(User user) {
146.         String origin = user.getOrigin();
147.            
148.         int i = user.getOrigin().lastIndexOf("/");
149.         return origin.substring(i + 1);
150.     }
151.    
152. }