Ejemplo n.º 1
0
  /**
   * Metodo que obtiene los ids de los grupos a los que pertenece el usuario
   *
   * @param conn
   * @param attributesUser
   * @param ldapDef
   * @param attributes
   * @param entidad
   * @return
   * @throws SecurityException
   */
  public List getListGroupOfUser(
      LdapConnection conn,
      LDAPAuthenticationUser attributesUser,
      LDAPDef ldapDef,
      String attributes[],
      String entidad)
      throws SecurityException {
    List result = new ArrayList();
    String attr[] = {attributes[0]};
    try {
      String group = null;
      String filter = null;
      LdapSearch search = null;
      LDAPAuthenticationUser attributesGroup = null;
      List groups = null;
      int scope =
          new Integer(
                  LDAPRBUtil.getInstance(null)
                      .getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
              .intValue();
      groups = attributesUser.getGroupList();
      if (log.isDebugEnabled()) {
        log.debug("groups [" + groups + "] con el log [" + log + "]");
      }
      for (int i = 0; i < groups.size(); i++) {
        group = (String) groups.get(i);
        filter =
            LDAPRBUtil.getInstance(null)
                .getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
        search = new LdapSearch();
        search.initialize(conn, group, scope, filter, attr);
        search.execute();
        if (search.next()) {
          attributesGroup = getUserAttributes(search, attributes);
          attributesGroup.setGuidStringFormat(
              LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));

          Integer idGroup = getIdGroup(attributesGroup.getGuidStringFormat(), entidad);

          if (idGroup != null) {
            result.add(idGroup);
          }
        }
      }
    } catch (SecurityException e) {
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    } catch (Exception e) {
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    } finally {
      try {
        conn.close();
      } catch (Exception e) {
      }
    }
    return result;
  }
Ejemplo n.º 2
0
  public List connectionVerification(
      LDAPAuthenticationUser attributesUser,
      String password,
      LDAPDef ldapDef,
      String attributes[],
      String entidad)
      throws SecurityException {

    Integer deptId = null;
    List deptList = new ArrayList();
    String attr[] = {attributes[0]};
    LdapConnection conn = null;
    try {
      String group = null;
      String filter = null;
      LdapSearch search = null;
      LDAPAuthenticationUser attributesGroup = null;
      if (log.isDebugEnabled()) {
        log.debug("dn [" + attributesUser.getDn() + "] con el log [" + log + "]");
      }
      conn = new LdapConnection();
      LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
      ldapConfig.setProvider(1);
      // conn.open(ldapConfig, ldapDef.getLdapUser(), password, 1);
      conn.open(ldapConfig, ldapConfig.getUser(), password);

      List groups = null;
      int scope =
          new Integer(
                  LDAPRBUtil.getInstance(null)
                      .getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
              .intValue();
      if (ldapDef.getLdapEngine() == 1) {
        groups = attributesUser.getGroupList();
        if (log.isDebugEnabled()) {
          log.debug(" groups [" + groups + "] con el log [" + log + "]");
        }

        filter =
            LDAPRBUtil.getInstance(null)
                .getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
        if (log.isDebugEnabled()) {
          log.debug(" filter [" + filter + "] con el log [" + log + "]");
        }

        for (int i = 0; i < groups.size(); i++) {

          group = (String) groups.get(i);

          search = new LdapSearch();
          search.initialize(conn, group, scope, filter, attr);
          search.execute();
          if (search.next()) {
            attributesGroup = getUserAttributes(search, attributes);
            attributesGroup.setGuidStringFormat(
                LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));
            deptId = getRegisterDeptOfic(attributesGroup.getGuidStringFormat(), entidad);

            if (deptId != null) {
              deptList.add(deptId);
              if (log.isDebugEnabled()) {
                log.debug(" deptId [" + deptId + "] con el log [" + log + "]");
              }
              // break;
            }
          }
        }
      } else {
        filter =
            MessageFormat.format(
                LDAPRBUtil.getInstance(null)
                    .getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine()),
                new String[] {attributesUser.getDn()});
        if (log.isDebugEnabled()) {
          log.debug(" filter [" + filter + "] con el log [" + log + "]");
        }
        List list = new ArrayList();
        list = getUserGroupGuidsIp(conn, ldapDef.getLdapRoot(), scope, filter, attr);
        if (log.isDebugEnabled()) {
          log.debug(" groups [" + list + "] con el log [" + log + "]");
        }

        String groupGuid = null;
        for (int i = 0; i < list.size(); i++) {
          groupGuid = (String) list.get(i);
          deptId = getRegisterDeptOfic(groupGuid, entidad);

          if (deptId != null) {
            if (log.isDebugEnabled()) {
              log.debug(" deptId [" + deptId + "] con el log [" + log + "]");
            }
            deptList.add(deptId);
            // break;
          }
        }
      }
    } catch (SecurityException e) {
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    } catch (Exception e) {
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    } finally {
      try {
        conn.close();
      } catch (Exception e) {
      }
    }
    return deptList;
  }
Ejemplo n.º 3
0
  public List connectionVerification(
      LdapConnection conn,
      LDAPAuthenticationUser attributesUser,
      LDAPDef ldapDef,
      String attributes[],
      String entidad,
      List groupList)
      throws SecurityException {
    Integer deptId = null;
    List deptList = new ArrayList();
    String attr[] = {attributes[0]};
    try {
      String group = null;
      String filter = null;
      LdapSearch search = null;
      LDAPAuthenticationUser attributesGroup = null;
      List groups = null;
      int scope =
          new Integer(
                  LDAPRBUtil.getInstance(null)
                      .getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
              .intValue();
      groups = attributesUser.getGroupList();
      if (log.isDebugEnabled()) {
        log.debug("groups [" + groups + "] con el log [" + log + "]");
      }
      for (int i = 0; i < groups.size(); i++) {
        group = (String) groups.get(i);
        filter =
            LDAPRBUtil.getInstance(null)
                .getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
        search = new LdapSearch();
        search.initialize(conn, group, scope, filter, attr);
        search.execute();
        if (search.next()) {
          attributesGroup = getUserAttributes(search, attributes);
          attributesGroup.setGuidStringFormat(
              LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));

          // obtiene los grupos
          Integer idGroup = getIdGroup(attributesGroup.getGuidStringFormat(), entidad);

          if (idGroup != null) {
            groupList.add(idGroup);
          }

          deptId = getRegisterDeptOfic(attributesGroup.getGuidStringFormat(), entidad);

          if (deptId != null) {
            deptList.add(deptId);
          }
        }
      }
    } catch (SecurityException e) {
      log.error("Error connectionVerification: " + e.getMessage(), e);
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    } catch (Exception e) {
      log.error("Error connectionVerification: " + e.getMessage(), e);
      throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
    }
    return deptList;
  }
Ejemplo n.º 4
0
  public AuthenticationUser validate(String login, String password, String entidad)
      throws SecurityException, ValidationException {
    AuthenticationUser user = null;
    validateParameters(login, password);
    LDAPAuthenticationUser attributesUser = null;

    try {
      LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
      if (log.isDebugEnabled()) {
        log.debug("LDAPDef [" + ldapDef + "] con el log [" + log + "]");
      }
      if (ldapDef.getLdapEngine() == 0) {
        throw new SecurityException(SecurityException.ERROR_AUTHENTICATION_POLICY_NOTFOUND);
      }

      // String dn = ldapDef.getLdapUser();
      String attrID =
          LDAPRBUtil.getInstance(null).getProperty(LDAP_ATTRIBUTES + ldapDef.getLdapEngine());
      String attributes[] = parseAttributes(attrID);
      String passwordDecrypt = CryptoUtils.decryptPasswordLDAP(ldapDef.getLdapPassword());
      LdapConnection conn = new LdapConnection();
      LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
      ldapConfig.setProvider(1);
      String dn = ldapConfig.getUser();
      conn.open(ldapConfig, dn, passwordDecrypt);

      LdapSearch search = getSearch(login, conn, ldapDef, attributes);
      attributesUser = getUserAttributes(search, attributes);
      attributesUser.setGuidStringFormat(LdapBasicFns.formatGuid(conn, attributesUser.getGuid()));
      if (log.isDebugEnabled()) {
        log.debug("attributesUser [" + attributesUser + "] con el log [" + log + "]");
      }

      conn.close();

      // se valida al usuario logueado y su contraseña
      validateUserPassword(ldapDef, attributesUser.getDn(), password);

      Integer userId = userVerification(attributesUser, entidad);
      //			Integer deptId = connectionVerification(attributesUser, passwordDecrypt,
      //					ldapDef, attributes, entidad);

      Integer deptId = null;

      // List deptList = connectionVerification(attributesUser, passwordDecrypt, ldapDef,
      // attributes, entidad);
      // obtiene los departamentos del usuario
      List deptListLDAP =
          connectionVerification(attributesUser, passwordDecrypt, ldapDef, attributes, entidad);
      // obtenemos las oficinas del usuario
      List deptList = getUserDeptList(userId, entidad, deptListLDAP);
      // obtenemos los ids de los grupos a los que pertenece el usuario
      List groupList =
          getListGroupOfUser(attributesUser, passwordDecrypt, ldapDef, attributes, entidad);

      user = new AuthenticationUser();

      if (deptList != null && deptList.size() > 0) {
        deptId = (Integer) deptList.get(0);
        user.setDeptList(deptList);
      }

      user.setId(userId);
      user.setName(attributesUser.getFullName());
      user.setDeptid(deptId);
      user.setDeptIdOriginal(deptId);
      user.setGroupList(groupList);

    } catch (NamingException e) {
      throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
    } catch (SecurityException e) {
      throw e;
    } catch (Exception e) {
      throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
    }

    return user;
  }
Ejemplo n.º 5
0
  public LdapSearch getSearch(
      String login, LdapConnection conn, LDAPDef ldapDef, String[] attributes)
      throws SecurityException {
    String filter = null;
    LdapSearch search = null;
    try {
      // busqueda por dn
      filter =
          MessageFormat.format(
              LDAPRBUtil.getInstance(null).getProperty(LDAP_SCOPE_BASE + ldapDef.getLdapEngine()),
              new String[] {login});
      if (log.isDebugEnabled()) {
        log.debug("filter [" + filter + "] con el log [" + log + "]");
        log.debug("dn [" + login + "] con el log [" + log + "]");
      }
      search = new LdapSearch();
      search.initialize(
          conn, ldapDef.getLdapRoot(), SearchControls.OBJECT_SCOPE, filter, attributes);
      search.execute();
      if (!search.next()) {
        // Busqueda por UniqueName
        filter =
            MessageFormat.format(
                LDAPRBUtil.getInstance(null)
                    .getProperty(LDAP_SCOPE_SUBTREE1 + ldapDef.getLdapEngine()),
                new String[] {login});
        if (log.isDebugEnabled()) {
          log.debug("filter [" + filter + "] con el log [" + log + "]");
          log.debug("UniqueName [" + login + "] con el log [" + log + "]");
        }
        search = new LdapSearch();
        search.initialize(
            conn, ldapDef.getLdapRoot(), SearchControls.SUBTREE_SCOPE, filter, attributes);
        search.execute();
        if (!search.next()) {
          // Busqueda por número de cuenta sAMAccountName
          filter =
              MessageFormat.format(
                  LDAPRBUtil.getInstance(null)
                      .getProperty(LDAP_SCOPE_SUBTREE2 + ldapDef.getLdapEngine()),
                  new String[] {login});
          if (log.isDebugEnabled()) {
            log.debug("filter [" + filter + "] con el log [" + log + "]");
            log.debug("sAMAccountName [" + login + "] con el log [" + log + "]");
          }
          if (!filter.equals("")) {
            search = new LdapSearch();
            search.initialize(
                conn, ldapDef.getLdapRoot(), SearchControls.SUBTREE_SCOPE, filter, attributes);
            search.execute();
            if (!search.next()) {
              throw new SecurityException(SecurityException.ERROR_NAME_INCORRECT);
            }
          }
        }
      }
      if (search.getM_srAttrs() == null) {
        throw new SecurityException(SecurityException.ERROR_NAME_INCORRECT);
      }
    } catch (SecurityException e) {
      throw e;
    } catch (Exception e) {
      throw new SecurityException(SecurityException.ERROR_CAN_NOT_FIND_USER_ATTRIBUTES_LDAP);
    }

    return search;
  }
Ejemplo n.º 6
0
  public AuthenticationUser validate(String userDn, String entidad)
      throws SecurityException, ValidationException {
    AuthenticationUser user = null;
    LDAPAuthenticationUser attributesUser = null;

    LdapConnection conn = new LdapConnection();
    try {
      // String decodedDn = CryptoUtils.getDecodeDn(userDn);
      String decodedDn = userDn;
      LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
      if (log.isDebugEnabled()) {
        log.debug("LDAPDef [" + ldapDef + "] con el log [" + log + "]");
      }
      if (ldapDef.getLdapEngine() == 0) {
        throw new SecurityException(SecurityException.ERROR_AUTHENTICATION_POLICY_NOTFOUND);
      }

      // String dn = ldapDef.getLdapUser();
      String attrID =
          LDAPRBUtil.getInstance(null).getProperty(LDAP_ATTRIBUTES + ldapDef.getLdapEngine());
      String attributes[] = parseAttributes(attrID);
      String passwordDecrypt = CryptoUtils.decryptPasswordLDAP(ldapDef.getLdapPassword());
      LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
      String dn = ldapConfig.getUser();
      ldapConfig.setProvider(1);
      conn.open(ldapConfig, dn, passwordDecrypt);

      LdapSearch search = getSearchSSO(decodedDn, conn, ldapDef, attributes);
      attributesUser = getUserAttributes(search, attributes);
      attributesUser.setGuidStringFormat(LdapBasicFns.formatGuid(conn, attributesUser.getGuid()));
      if (log.isDebugEnabled()) {
        log.debug("attributesUser [" + attributesUser + "] con el log [" + log + "]");
      }

      Integer userId = userVerification(attributesUser, entidad);
      //			Integer deptId = connectionVerification(conn, attributesUser, ldapDef, attributes,
      // entidad);

      Integer deptId = null;

      List groupList = new ArrayList();
      List deptList =
          connectionVerification(conn, attributesUser, ldapDef, attributes, entidad, groupList);
      // se deja comentado este punto porque es nuevo y soluciona el error detectado con el boton
      // cambiar oficina por SSO

      deptList = getUserDeptList(userId, entidad, deptList);

      user = new AuthenticationUser();

      if (deptList != null && deptList.size() > 0) {
        deptId = (Integer) deptList.get(0);
        user.setDeptList(deptList);
      }

      user.setId(userId);
      user.setName(attributesUser.getFullName());
      user.setDeptid(deptId);
      user.setGroupList(groupList);

      return user;

    } catch (NamingException e) {
      throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
    } catch (SecurityException e) {
      throw e;
    } catch (Exception e) {
      throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
    } finally {
      try {
        conn.close();
      } catch (Exception e) {
        if (log.isDebugEnabled()) {
          log.debug("Error al cerrar conexión LDAP", e);
        }
      }
    }
  }
Ejemplo n.º 7
0
 public static boolean isLdap(String entidad) {
   LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
   boolean isLdap = false;
   if (ldapDef.getLdapEngine() != 0) isLdap = true;
   return isLdap;
 }