diff options
Diffstat (limited to 'src/main/java/org/openslx/imagemaster/db/LdapUser.java')
| -rw-r--r-- | src/main/java/org/openslx/imagemaster/db/LdapUser.java | 103 |
1 files changed, 56 insertions, 47 deletions
diff --git a/src/main/java/org/openslx/imagemaster/db/LdapUser.java b/src/main/java/org/openslx/imagemaster/db/LdapUser.java index 0a18565..08eb127 100644 --- a/src/main/java/org/openslx/imagemaster/db/LdapUser.java +++ b/src/main/java/org/openslx/imagemaster/db/LdapUser.java @@ -28,21 +28,27 @@ import org.openslx.imagemaster.util.Sha512Crypt; * actually verify the cert, or we could just stop using ssl * altogether. */ -class MyTrustManager implements X509TrustManager { +class MyTrustManager implements X509TrustManager +{ @Override - public void checkClientTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException {} + public void checkClientTrusted( X509Certificate[] arg0, String arg1 ) + throws CertificateException + { + } @Override - public void checkServerTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException {} + public void checkServerTrusted( X509Certificate[] arg0, String arg1 ) + throws CertificateException + { + } @Override - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; + public X509Certificate[] getAcceptedIssuers() + { + return new X509Certificate[ 0 ]; } - + } /** @@ -52,101 +58,104 @@ class MyTrustManager implements X509TrustManager { */ public class LdapUser extends User { + private static final Logger log = Logger.getLogger( LdapUser.class ); - - protected LdapUser(int userId, String username, String password, String organization, - String firstName, String lastName, String eMail, - String satelliteAddress) { - super(userId, username, password, organization, firstName, lastName, eMail, - satelliteAddress); + + protected LdapUser(int userId, String username, String password, String organization, String firstName, String lastName, String eMail, String satelliteAddress) + { + super( userId, username, password, organization, firstName, lastName, eMail, + satelliteAddress ); } - + /** * Query LDAP for user with given login - * @param login Login of user in the form "user@organization.com" + * + * @param login Login of user in the form "user@organization.com" * @return instance of LDAPUser for matching entry from LDAP, or null if not found */ - public static LdapUser forLogin( final String login, final String password ) throws AuthenticationException { + public static LdapUser forLogin( final String login, final String password ) throws AuthenticationException + { String username, organization, firstName, lastName, eMail, satelliteAddress; - - String[] temp = login.split("@"); - if (temp.length != 2) throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Login must be in form user@organization.com"); + + String[] temp = login.split( "@" ); + if ( temp.length != 2 ) + throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Login must be in form user@organization.com" ); username = temp[0]; - + LdapConnectionConfig ldapConfig = new LdapConnectionConfig(); - ldapConfig.setTrustManagers(new MyTrustManager()); - ldapConfig.setLdapPort(Globals.getPropertyInt( Globals.PropInt.LDAPPORT )); - ldapConfig.setLdapHost(Globals.getPropertyString( Globals.PropString.LDAPHOST )); - ldapConfig.setUseSsl(Globals.getPropertyBool( PropBool.LDAPSSL )); - + ldapConfig.setTrustManagers( new MyTrustManager() ); + ldapConfig.setLdapPort( Globals.getPropertyInt( Globals.PropInt.LDAPPORT ) ); + ldapConfig.setLdapHost( Globals.getPropertyString( Globals.PropString.LDAPHOST ) ); + ldapConfig.setUseSsl( Globals.getPropertyBool( PropBool.LDAPSSL ) ); + LdapNetworkConnection connection = new LdapNetworkConnection( ldapConfig ); - + // bind connection try { if ( connection.connect() ) { - String name = Globals.getPropertyString( PropString.LDAPBINDQUERY ).replace("%", username); - connection.bind(name, password); + String name = Globals.getPropertyString( PropString.LDAPBINDQUERY ).replace( "%", username ); + connection.bind( name, password ); } - } catch (LdapException e1) { + } catch ( LdapException e1 ) { log.warn( "Connection to LDAP failed: " + e1.getMessage() ); } - + if ( !connection.isConnected() ) { try { connection.unBind(); connection.close(); - } catch (LdapException | IOException e) { + } catch ( LdapException | IOException e ) { // Not doing anything here, as ldap already failed... } throw new AuthenticationException( AuthenticationError.GENERIC_ERROR, "Could not connect to LDAP server." ); } - + // test authorization if ( !connection.isAuthenticated() ) { try { connection.unBind(); connection.close(); - } catch (LdapException | IOException e) { + } catch ( LdapException | IOException e ) { // Failing disconnect... Can't do much about it, just go on } throw new AuthenticationException( AuthenticationError.INVALID_CREDENTIALS, "Could not authenticate to LDAP server. Invalid credentials?" ); } - + // make search query try { - EntryCursor cursor = connection.search(Globals.getPropertyString( Globals.PropString.LDAPSEARCHBASEDN ), - Globals.getPropertyString( Globals.PropString.LDAPSEARCHFILTER ).replace("%", username), SearchScope.SUBTREE); + EntryCursor cursor = connection.search( Globals.getPropertyString( Globals.PropString.LDAPSEARCHBASEDN ), + Globals.getPropertyString( Globals.PropString.LDAPSEARCHFILTER ).replace( "%", username ), SearchScope.SUBTREE ); // only use the first result cursor.next(); Entry entry = cursor.get(); - username = entry.get("uid").getString(); + username = entry.get( "uid" ).getString(); organization = "Test Organization"; // will be filled with bwIDM LDAP server - firstName = entry.get("givenName").getString(); - lastName = entry.get("sn").getString(); - eMail = entry.get("rufPreferredMail").getString(); + firstName = entry.get( "givenName" ).getString(); + lastName = entry.get( "sn" ).getString(); + eMail = entry.get( "rufPreferredMail" ).getString(); // get the satellite address from db - DbSatellite dbSatellite = DbSatellite.fromOrganization(organization); - if (dbSatellite != null) { + DbSatellite dbSatellite = DbSatellite.fromOrganization( organization ); + if ( dbSatellite != null ) { satelliteAddress = dbSatellite.getAddress(); } else { // TODO: Organization is not known.. Handle this satelliteAddress = "addressNotKown"; } - } catch (LdapException | CursorException e1) { + } catch ( LdapException | CursorException e1 ) { return null; } finally { // close connection try { connection.unBind(); - } catch (LdapException e) { + } catch ( LdapException e ) { return null; } try { connection.close(); - } catch (IOException e) { + } catch ( IOException e ) { return null; } } - return new LdapUser(0, username, Sha512Crypt.Sha512_crypt(password, null, 0), organization, firstName, lastName, eMail, satelliteAddress); + return new LdapUser( 0, username, Sha512Crypt.Sha512_crypt( password, null, 0 ), organization, firstName, lastName, eMail, satelliteAddress ); } } |