Example #1
0
 public static void main(String[] args) {
   try {
     new JNDITomcat();
   } catch (Exception ex) {
     ex.printStackTrace();
   }
 }
Example #2
0
 /**
  * Test
  *
  * @param args ignored
  */
 public static void main(String[] args) {
   try {
     validate("ldap://dc.compiere.org", "compiere.org", "jjanke", "ikeepforgetting");
   } catch (Exception e) {
     e.printStackTrace();
   }
 } //	main
  @Override
  public ResponseType execute(PasswordRequest passwordRequest) throws ConnectorDataException {
    ResponseType respType = new ResponseType();
    respType.setStatus(StatusCodeType.SUCCESS);

    ConnectorConfiguration config =
        getConfiguration(passwordRequest.getTargetID(), ConnectorConfiguration.class);
    ManagedSysEntity managedSys = config.getManagedSys();
    LdapContext ldapctx = this.connect(managedSys);

    try {
      ManagedSystemObjectMatch matchObj =
          getMatchObject(passwordRequest.getTargetID(), ManagedSystemObjectMatch.USER);
      String identity = passwordRequest.getObjectIdentity();

      // Check identity on CN format or not
      String identityPatternStr =
          MessageFormat.format(DN_IDENTITY_MATCH_REGEXP, matchObj.getKeyField());
      Pattern pattern = Pattern.compile(identityPatternStr);
      Matcher matcher = pattern.matcher(identity);
      String objectBaseDN;

      if (matcher.matches()) {
        identity = matcher.group(1);
        String CN = matchObj.getKeyField() + "=" + identity;
        objectBaseDN = passwordRequest.getObjectIdentity().substring(CN.length() + 1);

      } else {
        // if identity is not in DN format try to find OU info in attributes
        // MVL 20141211 String OU = getOU(passwordRequest.getExtensibleObject());
        String OU = getAttrValue(passwordRequest.getExtensibleObject(), OU_ATTRIBUTE);
        if (StringUtils.isNotEmpty(OU)) {
          objectBaseDN = OU + "," + matchObj.getBaseDn();
        } else {
          objectBaseDN = matchObj.getBaseDn();
        }
      }

      NamingEnumeration results = null;
      try {
        log.debug("Looking for user with identity=" + identity + " in " + objectBaseDN);
        results = lookupSearch(managedSys, matchObj, ldapctx, identity, null, objectBaseDN);

      } catch (NameNotFoundException nnfe) {
        log.debug("results=NULL");
        log.debug(" results has more elements=0");
        respType.setStatus(StatusCodeType.FAILURE);
        return respType;
      }

      String identityDN = null;
      int count = 0;
      while (results != null && results.hasMoreElements()) {
        SearchResult sr = (SearchResult) results.next();
        identityDN = sr.getNameInNamespace();
        count++;
      }

      if (count == 0) {
        String err = String.format("User %s was not found in %s", identity, objectBaseDN);
        log.error(err);
        respType.setStatus(StatusCodeType.FAILURE);
        return respType;
      } else if (count > 1) {
        String err = String.format("More then one user %s was found in %s", identity, objectBaseDN);
        log.error(err);
        respType.setStatus(StatusCodeType.FAILURE);
        return respType;
      }

      if (StringUtils.isNotEmpty(identityDN)) {
        log.debug("New password will be reset for user " + identityDN);
        Directory dirSpecificImp =
            DirectorySpecificImplFactory.create(config.getManagedSys().getHandler5());
        ModificationItem[] mods = dirSpecificImp.resetPassword(passwordRequest);
        ldapctx.modifyAttributes(identityDN, mods);
        log.debug("New password has been reset for user " + identityDN);
      }

    } catch (NamingException ne) {
      log.error(ne.getMessage(), ne);
      log.debug("Returning response object from reset password with Status of Failure...");
      ConnectorDataException ex = null;
      if (ne instanceof OperationNotSupportedException) {
        ex =
            new ConnectorDataException(
                ErrorCode.OPERATION_NOT_SUPPORTED_EXCEPTION, ne.getMessage());
      } else {
        ex = new ConnectorDataException(ErrorCode.DIRECTORY_ERROR, ne.getMessage());
      }
      throw ex;
    } catch (Exception ne) {
      log.error(ne.getMessage(), ne);
      throw new ConnectorDataException(ErrorCode.OTHER_ERROR, ne.getMessage());
    } finally {
      /* close the connection to the directory */
      this.closeContext(ldapctx);
    }
    return respType;
  }
  /**
   * Clear out all the old editors, and get new editors corresponding to the new object classes.
   *
   * @param entry the entry to be displayed by all the editors
   * @param ds the datasource the editors may use for more info
   * @param ocs the object classes (in order) to find editors for.
   */
  protected void setEditors(DXEntry entry, DataBrokerQueryInterface ds, Vector ocs) {

    try {
      clearPluggableEditors(); // clear all extra editors

      // search for unique structural editors...

      if ("false".equalsIgnoreCase(JXConfig.getProperty("plugins.ignoreUniqueness"))) {
        if (ocs == null) // TE: may happen if virtual entry.
        return;

        int size = ocs.size();

        for (int i = 0; i < size; i++) {
          Object objectClass = ocs.get(i);
          if (objectClass != null) {
            PluggableEditor ed = getEditor(objectClass.toString());
            if (ed != null && ed.isUnique() == true) // found a unique editor
            { // so clear old ones,
              addUniqueEditor(ed); // and use the unique one
              refreshEditors(entry, ds); // to display the data
              setCurrentEditor(ed);
              return; // ... and exit.
            }
          }
        }
      } else log.warning("skipping uniqueness test for pluggable editors");

      boolean newEdSet = false;

      // search for non-unique structural editors
      for (int i = 0; i < ocs.size(); i++) {
        Object objectClass = ocs.get(i);
        if (objectClass != null) {
          PluggableEditor ed = getEditor(objectClass.toString());
          if (ed != null) {
            addEditor(ed);

            // Force the displayed editor to be the first pluggable one...
            if (newEdSet == false) {
              setCurrentEditor(ed);
              newEdSet = true;
            }
          }
        }
      }

      // search for non-structural editors
      try {
        Attribute allOCs = entry.getAllObjectClasses();
        if (allOCs != null) {
          Enumeration vals = allOCs.getAll();
          while (vals.hasMoreElements()) {
            Object oc = vals.nextElement();
            if (oc != null) {
              String ocName = oc.toString();
              if (ocs.contains(ocName)
                  == false) // don't bother with struct objectclasses dealt with above
              {
                PluggableEditor ed = getEditor(ocName);

                if (ed != null) {
                  addEditor(ed);

                  if (ed.isUnique()) // a special service to users...
                  log.warning(
                        "WARNING: Illegal unique editor defined for oc: "
                            + ocName
                            + " not allowed - (oc not in primary structural inheritance chain)");
                }
              }
            }
          }
        }
      } catch (NamingException e) {
        log.log(
            Level.WARNING,
            "WARNING: non-fatal exception getting object classes for plugin editors. ",
            e);
      }

      addEditor(templateDisplay); // and always add old faithfulls...
      // XXX
      if (entry.getStatus() != DXEntry.NEW) // well, almost always...
      addEditor(tableDisplay);
    } catch (Exception e) {
      log.warning("Unexpected Exception in AttributeDisplay\n" + e);
      e.printStackTrace();
    }
  }
  /** default constructor reads in the configuration file and parses values */
  public AuthenticationService() {
    // read in the properties file
    try {
      // go get the properties for this LDAP connection
      Properties configFile = new Properties();
      // load the file from the class path (moved there by ant task)
      configFile.load(this.getClass().getClassLoader().getResourceAsStream("./ldap.properties"));

      // send ouput to console
      //	enumerateContents(configFile.propertyNames());

      this.INITIAL_CONTEXT_FACTORY = configFile.getProperty("INITIAL_CONTEXT_FACTORY");

      this.SECURITY_AUTHENTICATION = configFile.getProperty("SECURITY_AUTHENTICATION");

      this.PROVIDER_TYPE = configFile.getProperty("PROVIDER_TYPE");

      if (this.PROVIDER_TYPE.equals("AD")) {
        this.PROVIDER_URL = configFile.getProperty("AD_PROVIDER_URL");
        this.AD_DOMAIN = configFile.getProperty("AD_DOMAIN");
        this.BASE_DN = configFile.getProperty("AD_BASE_DN");
        this.GROUPS_LOC = configFile.getProperty("AD_GROUPS_LOC");
        this.USERS_LOC = configFile.getProperty("AD_USERS_LOC");
        this.AD_ANON_BIND_UNAME = configFile.getProperty("AD_ANON_BIND_UNAME");
        this.AD_ANON_BIND_PWORD = configFile.getProperty("AD_ANON_BIND_PWORD");
        this.ATTRIBUTE_NAME_KEYFOB_ID = configFile.getProperty("ATTRIBUTE_NAME_KEYFOB_ID");
        this.ATTRIBUTE_NAME_UNAME = configFile.getProperty("ATTRIBUTE_NAME_UNAME");
      } else if (this.PROVIDER_TYPE.equals("LDAP")) {
        this.PROVIDER_URL = configFile.getProperty("LDAP_PROVIDER_URL");
        this.BASE_DN = configFile.getProperty("LDAP_BASE_DN");
        this.GROUPS_LOC = configFile.getProperty("LDAP_GROUPS_LOC");
        this.USERS_LOC = configFile.getProperty("LDAP_USERS_LOC");
      } else {
        throw new Exception("Provider type not found.");
      }

      // get override info
      this.LDAP_OVERRIDE = Boolean.parseBoolean(configFile.getProperty("LDAP_OVERRIDE"));
      this.LDAP_OVERRIDE_UNAME = configFile.getProperty("LDAP_OVERRIDE_UNAME");
      this.LDAP_OVERRIDE_PWORD = configFile.getProperty("LDAP_OVERRIDE_PWORD");

      // init the array list
      groups = new HashMap<String, String>();
      // load the groups into a String array
      for (Enumeration e = configFile.propertyNames(); e.hasMoreElements(); ) {
        String key = e.nextElement().toString();
        if (key.indexOf("GROUP_") == 0) { // ie key in key=value pair matches "GROUP_"
          // append the group name to the array list for checking later
          groups.put(key, configFile.getProperty(key));
        }
      }

    } catch (FileNotFoundException e) {
      //	e.printStackTrace();
      System.err.println("FileNotFoundException: " + e.getMessage());
      errorStack += e.getMessage() + "\n";
    } catch (IOException e) {
      /** @TODO set defaults, or just give up? */
      //	e.printStackTrace();
      System.err.println("IOException: " + e.getMessage());
      errorStack += e.getMessage() + "\n";
    } catch (Exception e) {
      //	e.printStackTrace();
      System.err.println("Exception: " + e.getMessage());
      errorStack += e.getMessage() + "\n";
    }
  }
  /**
   * This method will test if a user has access to the LDAP, if so it will then check the list of
   * groups and check for is access
   *
   * @param String username as named via a uid in the LDAP
   * @param String password clear text in LDAP
   * @return Hashtable authenticate object
   */
  public Hashtable authenticate(String username, String password, String keyfob_id) {

    Hashtable authHT = new Hashtable();

    if (keyfob_id != null) {
      System.out.println("attempted keyfob value: " + keyfob_id);
      // we need to bind with our anon bind user
      username = this.AD_ANON_BIND_UNAME;
      password = this.AD_ANON_BIND_PWORD;
    }

    // assume they will not pass the test
    boolean authenticated = false;

    // first check to see if we even need to hit LDAP (not overridden)
    if (this.LDAP_OVERRIDE) {
      System.out.println("Override Authentication");
      // just check against stored username/password, put in all groups
      if (username.equals(this.LDAP_OVERRIDE_UNAME) && password.equals(this.LDAP_OVERRIDE_PWORD)) {
        authenticated = true;
        // just add then to each group
        for (String key : groups.keySet()) {
          // push the name of the group and access to it boolean
          authHT.put(key, true); // method throws NamingException
        }
      }

    } else {
      // authenticate agianst creditials server
      System.err.println("Trying " + this.PROVIDER_TYPE + " authentication by: " + username);

      try {

        // build a hash table to pass as a bindable event
        // Set up environment for creating initial context
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, this.INITIAL_CONTEXT_FACTORY);

        env.put(Context.SECURITY_AUTHENTICATION, this.SECURITY_AUTHENTICATION);
        // we take the uid to authenticate, pair it with the username, and append the base location
        env.put(Context.PROVIDER_URL, this.PROVIDER_URL);

        if (this.PROVIDER_TYPE.equals("AD")) {
          env.put(Context.SECURITY_PRINCIPAL, username + "@" + this.AD_DOMAIN);
        } else if (this.PROVIDER_TYPE.equals("LDAP")) {
          env.put(
              Context.SECURITY_PRINCIPAL, "uid=" + username + "," + this.USERS_LOC + this.BASE_DN);
        } // we don't need to throw errors here because first try/catch finds it

        env.put(Context.SECURITY_CREDENTIALS, password);

        // send env assigments to console
        // enumerateContents(env.elements());

        /** now that we have our hash values lets go authenticate */

        // first we want to connect to the LDAP Server and create initial context
        // making sure the user name and password are valid
        ctx =
            new InitialDirContext(
                env); // Throws AuthenticationException if not valid username/password
        // WE NEVER GO PAST HERE IF AuthenticationException THROWN
        System.err.println("connection and creditials valid");

        /**
         * we just split the two paths of AD and LDAP authentication because the LDAP way worked and
         * we are migrating to AD. However we want to be able to easily switch back until the LDAP
         * service is discontinued. Theoretically both services should be 'searchable' the same way
         * at some point the LDAP code should be removed or universal code written
         */
        if (this.PROVIDER_TYPE.equals("AD")) {
          /** AD way, get the group list, if they match add */
          SearchControls constraints = new SearchControls();
          constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

          // either search by user name or by keyfob id. either way will return a user if one is
          // found
          NamingEnumeration results = null;
          if (keyfob_id != null) {
            // we don't challenge on keyfob. assumed if you have keyfob you are that user
            System.out.println("searching for keyfob id: >" + keyfob_id + "<");
            results =
                ctx.search(
                    this.USERS_LOC + this.BASE_DN,
                    "(" + this.ATTRIBUTE_NAME_KEYFOB_ID + "=" + keyfob_id + ")",
                    constraints);
            authHT.put("keyfob_id", keyfob_id); // pass it back as proof positive we found it
          } else {
            results =
                ctx.search(
                    this.USERS_LOC + this.BASE_DN,
                    "(" + this.ATTRIBUTE_NAME_UNAME + "=" + username + ")",
                    constraints);
          }

          while (results != null && results.hasMore()) {
            SearchResult sr = (SearchResult) results.next();
            String dn = sr.getName() + ", " + this.USERS_LOC + this.BASE_DN;

            Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
            if (ar == null) {
              // we need the user to have attributes
              throw new Exception("Entry " + dn + " has none of the specified attributes\n");
            }
            for (int i = 0; i < MY_ATTRS.length; i++) {
              Attribute attr = ar.get(MY_ATTRS[i]);
              if (attr == null) {
                continue;
              }
              System.out.println(MY_ATTRS[i] + ":");
              for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) {
                String temp_next_element = vals.nextElement().toString(); // returns generic Object
                System.out.println("\t" + temp_next_element);

                // push the attributes to the auth HT
                if (!(authHT.containsKey(MY_ATTRS[i]))) {
                  // push the name of the group and access to it boolean
                  authHT.put(MY_ATTRS[i], temp_next_element);
                }

                // see if this element value matches any of my groups
                for (String key : groups.keySet()) {
                  if (temp_next_element
                      .toLowerCase()
                      .startsWith("cn=" + groups.get(key).toLowerCase())) {
                    // push the name of the group and access to it boolean
                    authHT.put(key, true);

                    // if user is found in ANY of the predefined groups they are 'authenticated' to
                    // login.
                    // RolemManager.as handles ACL
                    authenticated = true;
                  }
                }
              }
            }
          }

          // now for any groups not found, set them to false
          for (String key : groups.keySet()) {
            if (!(authHT.containsKey(key))) {
              // push the name of the group and access to it boolean
              authHT.put(key, false);
            }
          }

          // end AD WAY

        } else if (this.PROVIDER_TYPE.equals("LDAP")) {
          // authenticated only in the sense they are a valid AD user
          authenticated = true;

          // now that we have verified they are a valid user, lets see what type of access they have
          // groups are specified in the config file as "GROUP_<name>" key=value pairs where value
          // is the LDAP group name
          // and key is what we are looking for in the scheduling app
          for (String key : groups.keySet()) {
            // push the name of the group and access to it boolean
            authHT.put(
                key,
                new Boolean(
                    userInGroup(username, groups.get(key)))); // method throws NamingException
          }
        } else {
          throw new Exception("Provider type not found.");
        }

        // Close the context when we're done
        ctx.close();
      } catch (AuthenticationException e) {
        // binding to LDAP server with provided username/password failed
        // e.printStackTrace();
        System.err.println(
            "AuthenticationException: "
                + e.getMessage()); // outputs -> [LDAP: error code 49 - Invalid Credentials]
        errorStack += e.getMessage() + "\n";
      } catch (NamingException e) {
        // catches invalid DN. Should not be thrown unless changes made to DN
        // Could also fail from the context of the called method userInGroup
        System.err.println("NamingException: " + e.getMessage());
        // e.printStackTrace();
        errorStack += e.getMessage() + "\n";
      } catch (Exception e) {
        e.printStackTrace();
        System.err.println("Exception: " + e.getMessage());
        errorStack += e.getMessage() + "\n";
      } finally { // make sure our connection is closed if relevant
        if (ctx != null) {
          try {
            ctx.close();
          } catch (NamingException e) {
            throw new RuntimeException(e);
          }
        }
      }
    }

    // push whether or not it was authenticated
    authHT.put("authenticated", new Boolean(authenticated));

    // spill contents to catalina.out file
    enumerateContents(authHT.keys());
    enumerateContents(authHT.elements());

    return (authHT);
  }
Example #7
0
  public static void inviteNewMember(
      @Required String nom,
      @Required String prenom,
      @Required String mail,
      @Required String langue) {

    try {
      String login = normalize(prenom) + '.' + normalize(nom);
      String url = "";
      String signature = "";
      String community = "Hypertopic";
      //
      String mailGodfather = "";
      String firstNameGodfather = "";
      String lastNameGodfather = "";
      int flag = -1;

      if (session.get("username").equals("admin")) {
        firstNameGodfather = "l'administrateur";
        mailGodfather = "Hypertopic Team <*****@*****.**>";
      } else {
        HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username"));
        mailGodfather = infos.get("mail");
        firstNameGodfather = infos.get("firstName");
        lastNameGodfather = infos.get("lastName");
        firstNameGodfather =
            firstNameGodfather.substring(0, 1).toUpperCase()
                + firstNameGodfather.substring(1).toLowerCase();
        lastNameGodfather =
            lastNameGodfather.substring(0, 1).toUpperCase()
                + lastNameGodfather.substring(1).toLowerCase();
      }
      flag = Invitation.verifyMaliciousPassword(login, mail);
      if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) {

        System.out.println("invitenewmember");
        try {
          url = "http://" + request.domain;
          if (request.port != 80) url += ":" + request.port;
          url +=
              "/inscription?firstname="
                  + URLEncoder.encode(prenom, "UTF-8")
                  + "&lastname="
                  + URLEncoder.encode(nom, "UTF-8")
                  + "&email="
                  + URLEncoder.encode(mail, "UTF-8");
          signature = Crypto.sign(prenom + nom + mail);
          url += "&signature=" + signature;
          System.out.println("url in inviteNewMember: " + url);
        } catch (UnsupportedEncodingException uee) {
          System.err.println(uee);
        }
        if (validation.hasErrors()) {
          render("Invitation/index.html");
        } else {
          if (renderArgs.get("domainName") != null) {
            community = renderArgs.get("domainName").toString();
          }

          System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer");
          if (langue.equals("fr")) {
            Mails.inviteFr(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          } else {
            Mails.inviteEn(
                "Hypertopic Team <*****@*****.**>",
                mail,
                prenom,
                nom,
                url,
                community,
                firstNameGodfather,
                lastNameGodfather,
                mailGodfather);
          }
          flash.success(Messages.get("invitation_success"));
          System.out.println("community: " + community);

          session.remove("nom");
          session.remove("prenom");
          session.remove("mail");
          Invitation.invitation();
        }

      } else {
        if (langue.equals("fr")) {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        } else {
          flash.error(Messages.get("invitation_mailadresse_no_match"));
        }

        Invitation.invitation();
      }
    } catch (Exception e) {
      System.out.println("An exception occurred in Invitation.inviteNewMember");
      e.printStackTrace();
      render("Invitation/index.html");
    }
  }