new entity LdapUser
This commit is contained in:
Peter Hormanns
parent
53867f47ce
commit
34a7464aa0
116
hsarback/src/de/hsadmin/core/model/LdapDAO.java
Normal file
116
hsarback/src/de/hsadmin/core/model/LdapDAO.java
Normal file
@ -0,0 +1,116 @@
|
||||
package de.hsadmin.core.model;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Properties;
|
||||
|
||||
import javax.naming.Context;
|
||||
import javax.naming.NamingException;
|
||||
import javax.naming.directory.Attributes;
|
||||
import javax.naming.ldap.InitialLdapContext;
|
||||
import javax.naming.ldap.StartTlsRequest;
|
||||
import javax.naming.ldap.StartTlsResponse;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
|
||||
import de.hsadmin.core.util.Config;
|
||||
|
||||
public class LdapDAO {
|
||||
|
||||
private InitialLdapContext ctx;
|
||||
private StartTlsResponse tls;
|
||||
|
||||
public LdapUser read(final String uid) throws TechnicalException {
|
||||
if (uid == null) {
|
||||
throw new TechnicalException("uid is null");
|
||||
}
|
||||
try {
|
||||
String ldapDC = "dc=hostsharing,dc=net";
|
||||
connect();
|
||||
if (uid.length() == 2) {
|
||||
ldapDC = "uid=" + uid + ",ou=users,ou=admins";
|
||||
} else if (uid.length() > 4 && uid.charAt(3) == '-') {
|
||||
ldapDC = "uid=" + uid + ",ou=users,ou=" + uid.substring(0, 3) + ",ou=customers";
|
||||
} else {
|
||||
throw new TechnicalException("no valid uid " + uid);
|
||||
}
|
||||
final LdapUser ldapUser = new LdapUser();
|
||||
final Attributes ldapAttrs = ctx.getAttributes(ldapDC);
|
||||
ldapUser.setUid(getSingleAttributValue(ldapAttrs, "uid"));
|
||||
ldapUser.setNickname(getSingleAttributValue(ldapAttrs, "nickName"));
|
||||
ldapUser.setSurname(getSingleAttributValue(ldapAttrs, "sn"));
|
||||
ldapUser.setGivenname(getSingleAttributValue(ldapAttrs, "givenName"));
|
||||
ldapUser.setMail(getSingleAttributValue(ldapAttrs, "mail"));
|
||||
return ldapUser;
|
||||
} catch (NamingException e) {
|
||||
throw new TechnicalException(e);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new TechnicalException(e);
|
||||
} catch (IOException e) {
|
||||
throw new TechnicalException(e);
|
||||
} finally {
|
||||
close();
|
||||
}
|
||||
}
|
||||
|
||||
private void connect() throws NamingException, GeneralSecurityException, IOException {
|
||||
final Config conf = Config.getInstance();
|
||||
final String ldapConnectString = conf.getProperty("ldap.connect.url");
|
||||
final String bind = conf.getProperty("ldap.connect.bind");
|
||||
final String passwd = conf.getProperty("ldap.connect.password");
|
||||
final Properties env = new Properties();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
env.put("com.sun.jndi.ldap.connect.pool", "true");
|
||||
env.put(Context.PROVIDER_URL, ldapConnectString);
|
||||
ctx = new InitialLdapContext(env, null);
|
||||
tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
|
||||
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
|
||||
final TrustManager tm = new X509TrustManager() {
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
|
||||
}
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
|
||||
}
|
||||
@Override
|
||||
public X509Certificate[] getAcceptedIssuers() {
|
||||
return new X509Certificate[0];
|
||||
}
|
||||
};
|
||||
sc.init(null, new TrustManager[] { tm } , new SecureRandom());
|
||||
final SSLSocketFactory ssf = sc.getSocketFactory();
|
||||
tls.negotiate(ssf);
|
||||
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
String principal = bind;
|
||||
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
|
||||
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, passwd);
|
||||
ctx.reconnect(null);
|
||||
}
|
||||
|
||||
private String getSingleAttributValue(final Attributes ldapAttrs, final String attributeName) throws NamingException {
|
||||
return ldapAttrs.get(attributeName).getAll().next().toString();
|
||||
}
|
||||
|
||||
private void close() {
|
||||
if (tls != null) {
|
||||
try {
|
||||
tls.close();
|
||||
} catch (IOException e) {
|
||||
// dont care
|
||||
}
|
||||
}
|
||||
if (ctx != null) {
|
||||
try {
|
||||
ctx.close();
|
||||
} catch (NamingException e) {
|
||||
// dont care
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
76
hsarback/src/de/hsadmin/core/model/LdapUser.java
Normal file
76
hsarback/src/de/hsadmin/core/model/LdapUser.java
Normal file
@ -0,0 +1,76 @@
|
||||
package de.hsadmin.core.model;
|
||||
|
||||
public class LdapUser implements AuthenticatedUser {
|
||||
|
||||
private String uid;
|
||||
private String nickname;
|
||||
private String surname;
|
||||
private String givenname;
|
||||
private String mail;
|
||||
|
||||
@Override
|
||||
public long id() {
|
||||
return -1L;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return uid;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasHostmasterRole() {
|
||||
return uid != null && uid.length() == 2;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasPacAdminRoleFor(AbstractEntity pac) {
|
||||
return hasHostmasterRole();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasCustomerRoleFor(AbstractEntity customer) {
|
||||
return hasHostmasterRole();
|
||||
}
|
||||
|
||||
public String getUid() {
|
||||
return uid;
|
||||
}
|
||||
|
||||
public String getNickname() {
|
||||
return nickname;
|
||||
}
|
||||
|
||||
public String getSurname() {
|
||||
return surname;
|
||||
}
|
||||
|
||||
public String getGivenname() {
|
||||
return givenname;
|
||||
}
|
||||
|
||||
public String getMail() {
|
||||
return mail;
|
||||
}
|
||||
|
||||
public void setUid(String uid) {
|
||||
this.uid = uid;
|
||||
}
|
||||
|
||||
public void setNickname(String nickname) {
|
||||
this.nickname = nickname;
|
||||
}
|
||||
|
||||
public void setSurname(String surname) {
|
||||
this.surname = surname;
|
||||
}
|
||||
|
||||
public void setGivenname(String givenname) {
|
||||
this.givenname = givenname;
|
||||
}
|
||||
|
||||
public void setMail(String mail) {
|
||||
this.mail = mail;
|
||||
}
|
||||
|
||||
}
|
||||
@ -90,7 +90,6 @@ public class Transaction {
|
||||
for (String hive : taskStores.keySet()) {
|
||||
QueueTaskStore store = taskStores.get(hive);
|
||||
String queueName = "hsadminSystem-" + hive;
|
||||
// queueName = "hsadminSystem-h99"; // FIXME nicht committen !!!
|
||||
Queue jmsSystemQueue = lookupJMSQueue(queueName);
|
||||
QueueClient qClient = null;
|
||||
try {
|
||||
@ -176,7 +175,12 @@ public class Transaction {
|
||||
public AuthenticatedUser getLoginUser() {
|
||||
String loginName = getRunas();
|
||||
if (loginName != null && loginName.length() == 2) {
|
||||
loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
|
||||
final LdapDAO ldapDAO = new LdapDAO();
|
||||
return ldapDAO.read(loginName);
|
||||
}
|
||||
if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
|
||||
final LdapDAO ldapDAO = new LdapDAO();
|
||||
return ldapDAO.read(loginName);
|
||||
}
|
||||
if (loginName != null && loginName.length() == 3) {
|
||||
loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user