Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.seagate.rd.auth;
- import java.security.MessageDigest;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.util.ArrayList;
- import java.util.HashSet;
- import java.util.Hashtable;
- import java.util.List;
- import java.util.Set;
- import javax.naming.AuthenticationException;
- import javax.naming.InitialContext;
- import javax.naming.NamingException;
- import javax.naming.directory.InitialDirContext;
- import javax.sql.DataSource;
- import com.seagate.mes.rhg.dao.JdbcTemplate;
- import com.seagate.mes.rhg.dao.RowMapper;
- public class AuthService {
- private JdbcTemplate jdbcTemplete;
- private static final String LDAP_PROVIDER_URL = "ldaps://ldap.seagate.com:636"; // get from MES_PROPERTIES table
- public AuthService()
- {
- DataSource dataSource = getDataSource("");
- jdbcTemplete = new JdbcTemplate(dataSource);
- }
- public User authenticate(String globalId, String password)
- {
- String name = getName(globalId);
- try {
- ldapAuthenticate(globalId, password);
- updateLdapPasswordInDB(globalId, password);
- User user = new User();
- user.setGlobalId(globalId);
- user.setName(name);
- setUserRolesAndAttributes(user);
- return user;
- }
- catch(NamingException ex) {
- boolean ok = authenticateWithDB(globalId, password);
- if(!ok) {
- throw new RuntimeException("user not found in DB");
- }
- User user = new User();
- user.setGlobalId(globalId);
- user.setName(name);
- setUserRolesAndAttributes(user);
- return user;
- }
- catch(Exception ex)
- {
- throw new RuntimeException(ex);
- }
- }
- private boolean authenticateWithDB(String globalId, String password) {
- String sql = "SELECT NAME_FIRST as name FROM EMP_EMPLOYEE, EMP_PASSWD WHERE EMP_EMPLOYEE.EMPLOYEE_ID_LOCAL = EMP_PASSWD.GLOBAL_ID AND EMP_PASSWD.GLOBAL_ID = ? AND PASSWD = ? ";
- StringRowMapper mapper = new StringRowMapper("name");
- jdbcTemplete.query(sql, mapper, new String[]{globalId, password});
- return mapper.getValue() == null ? false : true;
- }
- private void updateLdapPasswordInDB(String globalId, String pwd) {
- String sql = "UPDATE EMP_PASSWD SET PASSWD = ? WHERE GLOBAL_ID = ?";
- int updateCount = jdbcTemplete.execute(sql, new String[] {sha(pwd), globalId});
- if(updateCount == 0) {
- throw new RuntimeException("ldap password is not update to DB");
- }
- }
- public boolean ldapAuthenticate(String globalId, String ldapPassword) throws Exception {
- if (globalId == null || globalId == "") {
- throw new NullPointerException("globalId cannot be null or empty");
- }
- if (ldapPassword == null || ldapPassword == "") {
- throw new NullPointerException("ldapPassword cannot be null or empty");
- }
- try {
- StringBuilder dn = new StringBuilder();
- dn.append("uid=");
- dn.append(globalId);
- dn.append(",ou=people,o=seagate.com,o=SDS");
- Hashtable<String, String> env = new Hashtable<>();
- env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
- env.put("java.naming.provider.url", LDAP_PROVIDER_URL);
- env.put("java.naming.security.authentication", "simple");
- env.put("java.naming.security.principal", dn.toString());
- env.put("java.naming.security.credentials", ldapPassword);
- new InitialDirContext(env); // initial context to check if is valid user
- }
- catch(AuthenticationException ex) {
- throw new AuthenticationException("The password entered does not match with myseagate.com password");
- }
- catch (Exception ex) {
- throw ex;
- }
- return true;
- }
- public String getName(String globalId) {
- String sql = "SELECT NAME_FIRST || ' ' || NAME_MIDDLE || ' ' || NAME_LAST as name FROM EMP_EMPLOYEE WHERE EMPLOYEE_ID_LOCAL = ? ";
- RowMapper<String> mapper = new RowMapper<String>() {
- final List<String> list = new ArrayList<>();
- @Override
- public List<String> getList() {
- return list;
- }
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String name = rs.getString("name");
- list.add(name);
- }
- };
- jdbcTemplete.query(sql, mapper, new String[]{globalId});
- return mapper.getList().isEmpty()? null: mapper.getList().get(0);
- }
- public void setUserRolesAndAttributes(User user) {
- setRoleAndPermission(user);
- if(user.isSuperUser()) {
- setSuperUserAttributes(user);
- }
- else {
- setNormalUserAttributes(user);
- }
- }
- public void setRoleAndPermission(User user) {
- List<Role> roles = getRoleWithPermissionNameOnly(user.getGlobalId());
- if(roles.isEmpty()) {
- List<Role> guestList = getGuestRoleWithPermissionName();
- user.setRoleList(guestList);
- }
- for (Role role : roles) {
- List<String> permissionName = role.getPermissionNameList();
- for (String name : permissionName) {
- List<String> permissionAttributes = getPermissionAttributes(name);
- Permission permission = new Permission();
- permission.setPermissionName(name);
- permission.setPermissionScopeAttributeNameList(permissionAttributes);
- role.addPermission(permission);
- }
- }
- user.setRoleList(roles);
- }
- public void setNormalUserAttributes(User user) {
- List<UserAttribute> userAttributes = getUserAttributes(user);
- user.setUserAttributesList(userAttributes);
- }
- public List<UserAttribute> getUserAttributes(User user) {
- String sql = "SELECT ATTRIBUTE_NAME, ATTRIBUTE_VALUE FROM AUTH_USER_SCOPE_ATT_VALUES WHERE GLOBAL_ID = ?";
- RowMapper<UserAttribute> mapper = new RowMapper<UserAttribute>() {
- final List<KeyValue> list = new ArrayList<>();
- @Override
- public List<UserAttribute> getList() {
- List<NameListValue<String>> result = transform(list);
- List<UserAttribute> list = new ArrayList<>();
- for (NameListValue<String> nlv : result) {
- UserAttribute r = new UserAttribute();
- r.setUserAttributeName(nlv.name);
- r.setAttributeValueList(nlv.list);
- list.add(r);
- }
- return list;
- }
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String name = rs.getString("ATTRIBUTE_NAME");
- String permission = rs.getString("ATTRIBUTE_VALUE");
- list.add(new KeyValue(name, permission));
- }
- };
- jdbcTemplete.query(sql, mapper, new String[]{user.getGlobalId()});
- return mapper.getList();
- }
- // set the "ALL" to user attr and attr list
- public void setSuperUserAttributes(User user) {
- UserAttribute ua = new UserAttribute();
- ua.setUserAttributeName("ALL");
- List<String> vl = new ArrayList<>();
- vl.add("ALL");
- ua.setAttributeValueList(vl);
- List<UserAttribute> userAttributesList = new ArrayList<>();
- userAttributesList.add(ua);
- user.setUserAttributesList(userAttributesList);
- }
- public DataSource getDataSource(String jndiName) {
- try {
- InitialContext ic = new InitialContext();
- DataSource ds = (DataSource) ic.lookup(jndiName);
- return ds;
- }
- catch (NamingException e) {
- throw new RuntimeException(e);
- }
- }
- public List<Role> getRoleWithPermissionNameOnly(String gid) {
- String sql = "select a.global_id, a.role_name, b.permission_name from auth_user_roles a, auth_role_permissions where a.role_name = b.role_name and a.global_id = ?";
- RowMapper<Role> mapper = new RowMapper<Role>() {
- final List<KeyValue> list = new ArrayList<>();
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String name = rs.getString("ROLE_NAME");
- String permission = rs.getString("PERMISSION_NAME");
- list.add(new KeyValue(name, permission));
- }
- @Override
- public List<Role> getList() {
- List<NameListValue<String>> result = transform(list);
- List<Role> list = new ArrayList<>();
- for (NameListValue<String> nlv : result) {
- Role r = new Role();
- r.setRoleName(nlv.name);
- r.setPermissionNameList(nlv.list);
- list.add(r);
- }
- return list;
- }
- };
- jdbcTemplete.query(sql, mapper, new String[]{gid});
- return mapper.getList();
- }
- public List<Role> getGuestRoleWithPermissionName() {
- String sql = "select role_name, permission_name from auth_role_permissions where role_name = 'GUEST'";
- RowMapper<Role> mapper = new RowMapper<Role>() {
- final List<KeyValue> list = new ArrayList<>();
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String name = rs.getString("ROLE_NAME");
- String permission = rs.getString("PERMISSION_NAME");
- list.add(new KeyValue(name, permission));
- }
- @Override
- public List<Role> getList() {
- List<NameListValue<String>> result = transform(list);
- List<Role> list = new ArrayList<>();
- for (NameListValue<String> nlv : result) {
- Role r = new Role();
- r.setRoleName(nlv.name);
- r.setPermissionNameList(nlv.list);
- list.add(r);
- }
- return list;
- }
- };
- jdbcTemplete.query(sql, mapper);
- return mapper.getList();
- }
- public List<String> getPermissionAttributes(String permissionName) {
- String sql = "SELECT ATTRIBUTE_NAME FROM AUTH_PERM_SCOPE_ATTS WHERE PERMISSION_NAME = ?";
- RowMapper<String> mapper = new RowMapper<String>() {
- final List<String> list = new ArrayList<>();
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String name = rs.getString("ATTRIBUTE_NAME");
- list.add(name);
- }
- @Override
- public List<String> getList() {
- return list;
- }
- };
- jdbcTemplete.query(sql, mapper, new String[]{permissionName});
- return mapper.getList();
- }
- public String sha(String value) {
- try {
- MessageDigest sha = MessageDigest.getInstance("SHA");
- byte[] bytes = value.getBytes();
- sha.update(bytes);
- byte[] hashPasswd = sha.digest(bytes);
- String hash = new String(hashPasswd);
- return hash;
- } catch (Exception ex) {
- throw new RuntimeException(ex);
- }
- }
- public List<NameListValue<String>> transform(List<KeyValue> list) {
- List<NameListValue<String>> result = new ArrayList<>();
- Set<String> nameAdded = new HashSet<>();
- for (KeyValue kv : list) {
- String name = kv.key;
- NameListValue<String> obj = new NameListValue<>(name);
- // if duplicate name, skip
- if(nameAdded.contains(name)) {
- continue;
- }
- nameAdded.add(name);
- for (KeyValue k2 : list) {
- if(name.equals(k2.key)) {
- obj.add(k2.value);
- }
- }
- result.add(obj);
- }
- return result;
- }
- private class NameListValue<T> {
- public final String name;
- public final List<T> list = new ArrayList<>();
- public NameListValue(String name) {
- this.name = name;
- }
- public void add(T t) {
- list.add(t);
- }
- }
- private class KeyValue {
- public final String key;
- public final String value;
- public KeyValue(String key, String value) {
- this.key = key;
- this.value = value;
- }
- }
- // move to Utils service
- public String getPropertyFromDB(String name) {
- String sql = "SELECT value FROM MES_PROPERTIES WHERE name = ?";
- StringRowMapper mapper = new StringRowMapper("value");
- jdbcTemplete.query(sql, mapper, new String[]{name});
- return mapper.getValue();
- }
- public static class StringRowMapper implements RowMapper<String> {
- private final List<String> list = new ArrayList<>();
- private final String column;
- public StringRowMapper(String column) {
- this.column = column;
- }
- @Override
- public void mapRow(ResultSet rs, int rowNum) throws SQLException {
- String value = rs.getString(column);
- list.add(value);
- }
- @Override
- public List<String> getList() {
- return list;
- }
- public String getValue() {
- return list.isEmpty()? null : list.get(0);
- }
- }
- }
Add Comment
Please, Sign In to add comment