new entity LdapUser
This commit is contained in:
parent
53867f47ce
commit
34a7464aa0
116
hsarback/src/de/hsadmin/core/model/LdapDAO.java
Normal file
116
hsarback/src/de/hsadmin/core/model/LdapDAO.java
Normal file
@ -0,0 +1,116 @@
|
|||||||
|
package de.hsadmin.core.model;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
import javax.naming.Context;
|
||||||
|
import javax.naming.NamingException;
|
||||||
|
import javax.naming.directory.Attributes;
|
||||||
|
import javax.naming.ldap.InitialLdapContext;
|
||||||
|
import javax.naming.ldap.StartTlsRequest;
|
||||||
|
import javax.naming.ldap.StartTlsResponse;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
|
import de.hsadmin.core.util.Config;
|
||||||
|
|
||||||
|
public class LdapDAO {
|
||||||
|
|
||||||
|
private InitialLdapContext ctx;
|
||||||
|
private StartTlsResponse tls;
|
||||||
|
|
||||||
|
public LdapUser read(final String uid) throws TechnicalException {
|
||||||
|
if (uid == null) {
|
||||||
|
throw new TechnicalException("uid is null");
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
String ldapDC = "dc=hostsharing,dc=net";
|
||||||
|
connect();
|
||||||
|
if (uid.length() == 2) {
|
||||||
|
ldapDC = "uid=" + uid + ",ou=users,ou=admins";
|
||||||
|
} else if (uid.length() > 4 && uid.charAt(3) == '-') {
|
||||||
|
ldapDC = "uid=" + uid + ",ou=users,ou=" + uid.substring(0, 3) + ",ou=customers";
|
||||||
|
} else {
|
||||||
|
throw new TechnicalException("no valid uid " + uid);
|
||||||
|
}
|
||||||
|
final LdapUser ldapUser = new LdapUser();
|
||||||
|
final Attributes ldapAttrs = ctx.getAttributes(ldapDC);
|
||||||
|
ldapUser.setUid(getSingleAttributValue(ldapAttrs, "uid"));
|
||||||
|
ldapUser.setNickname(getSingleAttributValue(ldapAttrs, "nickName"));
|
||||||
|
ldapUser.setSurname(getSingleAttributValue(ldapAttrs, "sn"));
|
||||||
|
ldapUser.setGivenname(getSingleAttributValue(ldapAttrs, "givenName"));
|
||||||
|
ldapUser.setMail(getSingleAttributValue(ldapAttrs, "mail"));
|
||||||
|
return ldapUser;
|
||||||
|
} catch (NamingException e) {
|
||||||
|
throw new TechnicalException(e);
|
||||||
|
} catch (GeneralSecurityException e) {
|
||||||
|
throw new TechnicalException(e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new TechnicalException(e);
|
||||||
|
} finally {
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void connect() throws NamingException, GeneralSecurityException, IOException {
|
||||||
|
final Config conf = Config.getInstance();
|
||||||
|
final String ldapConnectString = conf.getProperty("ldap.connect.url");
|
||||||
|
final String bind = conf.getProperty("ldap.connect.bind");
|
||||||
|
final String passwd = conf.getProperty("ldap.connect.password");
|
||||||
|
final Properties env = new Properties();
|
||||||
|
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||||
|
env.put("com.sun.jndi.ldap.connect.pool", "true");
|
||||||
|
env.put(Context.PROVIDER_URL, ldapConnectString);
|
||||||
|
ctx = new InitialLdapContext(env, null);
|
||||||
|
tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
|
||||||
|
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
|
||||||
|
final TrustManager tm = new X509TrustManager() {
|
||||||
|
@Override
|
||||||
|
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public X509Certificate[] getAcceptedIssuers() {
|
||||||
|
return new X509Certificate[0];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
sc.init(null, new TrustManager[] { tm } , new SecureRandom());
|
||||||
|
final SSLSocketFactory ssf = sc.getSocketFactory();
|
||||||
|
tls.negotiate(ssf);
|
||||||
|
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
|
||||||
|
String principal = bind;
|
||||||
|
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
|
||||||
|
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, passwd);
|
||||||
|
ctx.reconnect(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getSingleAttributValue(final Attributes ldapAttrs, final String attributeName) throws NamingException {
|
||||||
|
return ldapAttrs.get(attributeName).getAll().next().toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
private void close() {
|
||||||
|
if (tls != null) {
|
||||||
|
try {
|
||||||
|
tls.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
// dont care
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ctx != null) {
|
||||||
|
try {
|
||||||
|
ctx.close();
|
||||||
|
} catch (NamingException e) {
|
||||||
|
// dont care
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
76
hsarback/src/de/hsadmin/core/model/LdapUser.java
Normal file
76
hsarback/src/de/hsadmin/core/model/LdapUser.java
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
package de.hsadmin.core.model;
|
||||||
|
|
||||||
|
public class LdapUser implements AuthenticatedUser {
|
||||||
|
|
||||||
|
private String uid;
|
||||||
|
private String nickname;
|
||||||
|
private String surname;
|
||||||
|
private String givenname;
|
||||||
|
private String mail;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public long id() {
|
||||||
|
return -1L;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getName() {
|
||||||
|
return uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasHostmasterRole() {
|
||||||
|
return uid != null && uid.length() == 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasPacAdminRoleFor(AbstractEntity pac) {
|
||||||
|
return hasHostmasterRole();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean hasCustomerRoleFor(AbstractEntity customer) {
|
||||||
|
return hasHostmasterRole();
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUid() {
|
||||||
|
return uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getNickname() {
|
||||||
|
return nickname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getSurname() {
|
||||||
|
return surname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGivenname() {
|
||||||
|
return givenname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMail() {
|
||||||
|
return mail;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUid(String uid) {
|
||||||
|
this.uid = uid;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setNickname(String nickname) {
|
||||||
|
this.nickname = nickname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setSurname(String surname) {
|
||||||
|
this.surname = surname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setGivenname(String givenname) {
|
||||||
|
this.givenname = givenname;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMail(String mail) {
|
||||||
|
this.mail = mail;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -90,7 +90,6 @@ public class Transaction {
|
|||||||
for (String hive : taskStores.keySet()) {
|
for (String hive : taskStores.keySet()) {
|
||||||
QueueTaskStore store = taskStores.get(hive);
|
QueueTaskStore store = taskStores.get(hive);
|
||||||
String queueName = "hsadminSystem-" + hive;
|
String queueName = "hsadminSystem-" + hive;
|
||||||
// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!!
|
|
||||||
Queue jmsSystemQueue = lookupJMSQueue(queueName);
|
Queue jmsSystemQueue = lookupJMSQueue(queueName);
|
||||||
QueueClient qClient = null;
|
QueueClient qClient = null;
|
||||||
try {
|
try {
|
||||||
@ -176,7 +175,12 @@ public class Transaction {
|
|||||||
public AuthenticatedUser getLoginUser() {
|
public AuthenticatedUser getLoginUser() {
|
||||||
String loginName = getRunas();
|
String loginName = getRunas();
|
||||||
if (loginName != null && loginName.length() == 2) {
|
if (loginName != null && loginName.length() == 2) {
|
||||||
loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
|
final LdapDAO ldapDAO = new LdapDAO();
|
||||||
|
return ldapDAO.read(loginName);
|
||||||
|
}
|
||||||
|
if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
|
||||||
|
final LdapDAO ldapDAO = new LdapDAO();
|
||||||
|
return ldapDAO.read(loginName);
|
||||||
}
|
}
|
||||||
if (loginName != null && loginName.length() == 3) {
|
if (loginName != null && loginName.length() == 3) {
|
||||||
loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;
|
loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;
|
||||||
|
Loading…
Reference in New Issue
Block a user