diff options
author | Nils Schwabe | 2014-04-08 12:23:58 +0200 |
---|---|---|
committer | Nils Schwabe | 2014-04-08 12:23:58 +0200 |
commit | c5c204b42ef294ecaf5ff7b048d26e117ddb8c57 (patch) | |
tree | e3aa563b42e631994818ca624796a076cbe50725 /src/main/java/org/openslx/imagemaster/db | |
parent | Initial Commit (diff) | |
download | masterserver-c5c204b42ef294ecaf5ff7b048d26e117ddb8c57.tar.gz masterserver-c5c204b42ef294ecaf5ff7b048d26e117ddb8c57.tar.xz masterserver-c5c204b42ef294ecaf5ff7b048d26e117ddb8c57.zip |
LDAP functionallity
- added apache ldap client api to pom.xml
- added the LDAP user which authenticates to the LDAP server
- added testAuthentication to AppTest
- users get inserted into db after authenticating
- added log4j properties to filter unuseful debug messages
Diffstat (limited to 'src/main/java/org/openslx/imagemaster/db')
4 files changed, 206 insertions, 18 deletions
diff --git a/src/main/java/org/openslx/imagemaster/db/DbSatellite.java b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java new file mode 100644 index 0000000..da20fbc --- /dev/null +++ b/src/main/java/org/openslx/imagemaster/db/DbSatellite.java @@ -0,0 +1,36 @@ +package org.openslx.imagemaster.db; + +public class DbSatellite { + /* + * Get row from mysql db and + */ + + private String organization, address, name; + + // needs to be public in order to be found by MySQL + public DbSatellite(String organization, String address, String name) { + this.organization = organization; + this.address = address; + this.name = name; + } + + public static DbSatellite createDbSatellite(String organization) { + return MySQL + .findUniqueOrNull( + DbSatellite.class, + "SELECT satellite.organization, satellite.address, satellite.name FROM satellite WHERE satellite.organization = ? LIMIT 1", + organization); + } + + public String getAddress() { + return address; + } + + public String getName() { + return name; + } + + public String getOrganization() { + return organization; + } +}
\ No newline at end of file diff --git a/src/main/java/org/openslx/imagemaster/db/DbUser.java b/src/main/java/org/openslx/imagemaster/db/DbUser.java index f8400a9..9370f40 100644 --- a/src/main/java/org/openslx/imagemaster/db/DbUser.java +++ b/src/main/java/org/openslx/imagemaster/db/DbUser.java @@ -1,30 +1,45 @@ package org.openslx.imagemaster.db; +import org.apache.log4j.Logger; +import org.openslx.imagemaster.session.Authenticator; import org.openslx.imagemaster.session.User; - -public class DbUser extends User -{ - public DbUser(String username, String password, String organization, String firstName, String lastName, String eMail, - String satelliteAddress) - { - super( username, password, organization, firstName, lastName, eMail, satelliteAddress ); +public class DbUser extends User { + private static Logger log = Logger.getLogger( Authenticator.class ); + + public DbUser(String username, String password, String organization, + String firstName, String lastName, String eMail, + String satelliteAddress) { + super(username, password, organization, firstName, lastName, eMail, + satelliteAddress); } /** * Query database for user with given login - * @param login (user@organization) - * @return instance of DbUser for matching entry from DB, or null if not found + * + * @param login + * (user@organization) + * @return instance of DbUser for matching entry from DB, or null if not + * found */ - public static DbUser forLogin( final String login ) - { - final String[] parts = login.split( "@" ); - if ( parts.length != 2 ) + public static DbUser forLogin(final String login) { + final String[] parts = login.split("@"); + if (parts.length != 2) return null; - return MySQL.findUniqueOrNull( DbUser.class, - "SELECT user.username, user.password, user.organization, user.firstname, user.lastname, user.email, satellite.address FROM user" + - " LEFT JOIN satellite USING (organization)" + - " WHERE user.username = ? AND user.organization = ? LIMIT 1", parts[0], parts[1] ); + return MySQL + .findUniqueOrNull( + DbUser.class, + "SELECT user.username, user.password, user.organization, user.firstname, user.lastname, user.email, satellite.address FROM user" + + " LEFT JOIN satellite USING (organization)" + + " WHERE user.username = ? AND user.organization = ? LIMIT 1", + parts[0], parts[1]); + } + + public static boolean insertOrUpdate(User user) { + log.debug("Inserted user '" + user.username + "' into db."); + MySQL.update("INSERT INTO user (username, password, organization, firstname, lastname, email) VALUES (?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE password=VALUES(password), organization=VALUES(organization), firstname=VALUES(firstname), lastname=VALUES(lastname), email=VALUES(email)", + user.username, user.password, user.organization, user.firstName, user.lastName, user.eMail); + return false; } } diff --git a/src/main/java/org/openslx/imagemaster/db/LDAPUser.java b/src/main/java/org/openslx/imagemaster/db/LDAPUser.java new file mode 100644 index 0000000..ae8d38d --- /dev/null +++ b/src/main/java/org/openslx/imagemaster/db/LDAPUser.java @@ -0,0 +1,134 @@ +package org.openslx.imagemaster.db; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.X509TrustManager; + +import org.apache.directory.api.ldap.model.cursor.CursorException; +import org.apache.directory.api.ldap.model.cursor.EntryCursor; +import org.apache.directory.api.ldap.model.entry.Entry; +import org.apache.directory.api.ldap.model.exception.LdapException; +import org.apache.directory.api.ldap.model.message.SearchScope; +import org.apache.directory.ldap.client.api.LdapConnectionConfig; +import org.apache.directory.ldap.client.api.LdapNetworkConnection; +import org.openslx.imagemaster.session.User; +import org.openslx.imagemaster.thrift.iface.AuthenticationException; +import org.openslx.imagemaster.util.Sha512Crypt; + +/* + * This TrustManager is used to accept custom certificates. + */ +class MyTrustManager implements X509TrustManager { + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException {} + + @Override + public void checkServerTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException {} + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + +} + +public class LDAPUser extends User { + + protected LDAPUser(String username, String password, String organization, + String firstName, String lastName, String eMail, + String satelliteAddress) { + super(username, password, organization, firstName, lastName, eMail, + satelliteAddress); + } + + /** + * Query LDAP for user with given login + * @param login (user@organization) + * @return instance of LDAPUser for matching entry from LDAP, or null if not found + */ + @SuppressWarnings("finally") + public static LDAPUser forLogin( final String login, final String password ) throws AuthenticationException { + String username, organization, firstName, lastName, eMail, satelliteAddress; + + LdapConnectionConfig ldapConfig = new LdapConnectionConfig(); + ldapConfig.setTrustManagers(new MyTrustManager()); + ldapConfig.setLdapPort(636); + ldapConfig.setLdapHost("bv1.ruf.uni-freiburg.de"); + ldapConfig.setUseSsl(true); + + LdapNetworkConnection connection = new LdapNetworkConnection( ldapConfig ); + + // bind connection + try { + connection.bind("uid=" + login + ",ou=people,dc=uni-freiburg,dc=de", password); + } catch (LdapException e1) { + try { + connection.unBind(); + connection.close(); + } catch (LdapException | IOException e) { + } finally { + AuthenticationException ae = new AuthenticationException(); + ae.message = "Could not bind to LDAP server. Invalid credentials."; + throw ae; + } + } + + // test authorization + if (!connection.isConnected() || !connection.isAuthenticated()) { + try { + connection.unBind(); + connection.close(); + } catch (LdapException | IOException e) { + } finally { + AuthenticationException ae = new AuthenticationException(); + ae.message = "Could not connect / authenticate to LDAP server. Invalid credentials?"; + throw ae; + } + } + + // make search query + try { + EntryCursor cursor = connection.search("ou=people,dc=uni-freiburg,dc=de", "(&(objectclass=person)(uid=" + + login + "))", SearchScope.SUBTREE); + // only use the first result + cursor.next(); + Entry entry = cursor.get(); + username = entry.get("uid").getString(); + organization = "Test Organization"; // will be filled with bwIDM LDAP server + firstName = entry.get("givenName").getString(); + lastName = entry.get("sn").getString(); + eMail = entry.get("rufPreferredMail").getString(); + // get the satellite address from db + DbSatellite dbSatellite = DbSatellite.createDbSatellite(organization); + if (dbSatellite != null) { + satelliteAddress = dbSatellite.getAddress(); + } else { + /* + * Organization is not known.. + * TODO: Handle this + */ + satelliteAddress = "addressNotKown"; + } + } catch (LdapException | CursorException e1) { + return null; + } finally { + // close connection + try { + connection.unBind(); + } catch (LdapException e) { + return null; + } + try { + connection.close(); + } catch (IOException e) { + return null; + } + } + return new LDAPUser(username, Sha512Crypt.Sha512_crypt(password, null, 0), organization, firstName, lastName, eMail, satelliteAddress); + } +} diff --git a/src/main/java/org/openslx/imagemaster/db/MySQL.java b/src/main/java/org/openslx/imagemaster/db/MySQL.java index 15bf5e2..a31046d 100644 --- a/src/main/java/org/openslx/imagemaster/db/MySQL.java +++ b/src/main/java/org/openslx/imagemaster/db/MySQL.java @@ -76,5 +76,8 @@ class MySQL { return db.findUniqueOrNull( clazz, sql, args ); } - + + protected static int update(String query, Object... args) { + return db.update(query, args); + } } |