new entity LdapUser

This commit is contained in:
Peter Hormanns 2018-09-17 18:11:17 +02:00
parent 53867f47ce
commit 34a7464aa0
3 changed files with 198 additions and 2 deletions

View File

@ -0,0 +1,116 @@
package de.hsadmin.core.model;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import de.hsadmin.core.util.Config;
public class LdapDAO {
private InitialLdapContext ctx;
private StartTlsResponse tls;
public LdapUser read(final String uid) throws TechnicalException {
if (uid == null) {
throw new TechnicalException("uid is null");
}
try {
String ldapDC = "dc=hostsharing,dc=net";
connect();
if (uid.length() == 2) {
ldapDC = "uid=" + uid + ",ou=users,ou=admins";
} else if (uid.length() > 4 && uid.charAt(3) == '-') {
ldapDC = "uid=" + uid + ",ou=users,ou=" + uid.substring(0, 3) + ",ou=customers";
} else {
throw new TechnicalException("no valid uid " + uid);
}
final LdapUser ldapUser = new LdapUser();
final Attributes ldapAttrs = ctx.getAttributes(ldapDC);
ldapUser.setUid(getSingleAttributValue(ldapAttrs, "uid"));
ldapUser.setNickname(getSingleAttributValue(ldapAttrs, "nickName"));
ldapUser.setSurname(getSingleAttributValue(ldapAttrs, "sn"));
ldapUser.setGivenname(getSingleAttributValue(ldapAttrs, "givenName"));
ldapUser.setMail(getSingleAttributValue(ldapAttrs, "mail"));
return ldapUser;
} catch (NamingException e) {
throw new TechnicalException(e);
} catch (GeneralSecurityException e) {
throw new TechnicalException(e);
} catch (IOException e) {
throw new TechnicalException(e);
} finally {
close();
}
}
private void connect() throws NamingException, GeneralSecurityException, IOException {
final Config conf = Config.getInstance();
final String ldapConnectString = conf.getProperty("ldap.connect.url");
final String bind = conf.getProperty("ldap.connect.bind");
final String passwd = conf.getProperty("ldap.connect.password");
final Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put("com.sun.jndi.ldap.connect.pool", "true");
env.put(Context.PROVIDER_URL, ldapConnectString);
ctx = new InitialLdapContext(env, null);
tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
final TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
sc.init(null, new TrustManager[] { tm } , new SecureRandom());
final SSLSocketFactory ssf = sc.getSocketFactory();
tls.negotiate(ssf);
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
String principal = bind;
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, passwd);
ctx.reconnect(null);
}
private String getSingleAttributValue(final Attributes ldapAttrs, final String attributeName) throws NamingException {
return ldapAttrs.get(attributeName).getAll().next().toString();
}
private void close() {
if (tls != null) {
try {
tls.close();
} catch (IOException e) {
// dont care
}
}
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// dont care
}
}
}
}

View File

@ -0,0 +1,76 @@
package de.hsadmin.core.model;
public class LdapUser implements AuthenticatedUser {
private String uid;
private String nickname;
private String surname;
private String givenname;
private String mail;
@Override
public long id() {
return -1L;
}
@Override
public String getName() {
return uid;
}
@Override
public boolean hasHostmasterRole() {
return uid != null && uid.length() == 2;
}
@Override
public boolean hasPacAdminRoleFor(AbstractEntity pac) {
return hasHostmasterRole();
}
@Override
public boolean hasCustomerRoleFor(AbstractEntity customer) {
return hasHostmasterRole();
}
public String getUid() {
return uid;
}
public String getNickname() {
return nickname;
}
public String getSurname() {
return surname;
}
public String getGivenname() {
return givenname;
}
public String getMail() {
return mail;
}
public void setUid(String uid) {
this.uid = uid;
}
public void setNickname(String nickname) {
this.nickname = nickname;
}
public void setSurname(String surname) {
this.surname = surname;
}
public void setGivenname(String givenname) {
this.givenname = givenname;
}
public void setMail(String mail) {
this.mail = mail;
}
}

View File

@ -90,7 +90,6 @@ public class Transaction {
for (String hive : taskStores.keySet()) { for (String hive : taskStores.keySet()) {
QueueTaskStore store = taskStores.get(hive); QueueTaskStore store = taskStores.get(hive);
String queueName = "hsadminSystem-" + hive; String queueName = "hsadminSystem-" + hive;
// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!!
Queue jmsSystemQueue = lookupJMSQueue(queueName); Queue jmsSystemQueue = lookupJMSQueue(queueName);
QueueClient qClient = null; QueueClient qClient = null;
try { try {
@ -176,7 +175,12 @@ public class Transaction {
public AuthenticatedUser getLoginUser() { public AuthenticatedUser getLoginUser() {
String loginName = getRunas(); String loginName = getRunas();
if (loginName != null && loginName.length() == 2) { if (loginName != null && loginName.length() == 2) {
loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName; final LdapDAO ldapDAO = new LdapDAO();
return ldapDAO.read(loginName);
}
if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
final LdapDAO ldapDAO = new LdapDAO();
return ldapDAO.read(loginName);
} }
if (loginName != null && loginName.length() == 3) { if (loginName != null && loginName.length() == 3) {
loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName; loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;