Example #1
0
  /**
   * Validate User
   *
   * @param ldapURL provider url - e.g. ldap://dc.compiere.org
   * @param domain domain name = e.g. compiere.org
   * @param userName user name - e.g. jjanke
   * @param password password
   * @return true if validated with ldap
   */
  public static boolean validate(String ldapURL, String domain, String userName, String password) {
    Hashtable<String, String> env = new Hashtable<String, String>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    //	ldap://dc.compiere.org
    env.put(Context.PROVIDER_URL, ldapURL);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    //	[email protected]
    StringBuffer principal = new StringBuffer(userName).append("@").append(domain);
    env.put(Context.SECURITY_PRINCIPAL, principal.toString());
    env.put(Context.SECURITY_CREDENTIALS, password);
    //
    try {
      // Create the initial context
      InitialLdapContext ctx = new InitialLdapContext(env, null);
      //	DirContext ctx = new InitialDirContext(env);

      //	Test - Get the attributes
      Attributes answer = ctx.getAttributes("");

      // Print the answer
      if (false) dump(answer);
    } catch (AuthenticationException e) {
      log.info("Error: " + principal + " - " + e.getLocalizedMessage());
      return false;
    } catch (Exception e) {
      log.log(Level.SEVERE, ldapURL + " - " + principal, e);
      return false;
    }
    log.info("OK: " + principal);
    return true;
  } //	validate
Example #2
0
  /**
   * Returns a list of AD Groups using the service account
   *
   * @return list of AD Groups
   */
  public static List<String> getADGroupsByServiceAccount() {

    String username = MessageUtils.getMessage("ldap.service.account.username");
    String password = MessageUtils.getMessage("ldap.service.account.password");
    List<String> awsAllGroups = null;

    logger.debug("Starting.....");
    if (username == null || password == null) {
      return new ArrayList<String>();
    }
    Hashtable<String, String> env = new Hashtable<String, String>();
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, MessageUtils.getMessage("ldap.service.account.url"));
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, username);
    env.put(Context.SECURITY_CREDENTIALS, password);
    DirContext ctx = null;

    try {
      logger.debug("Getting AWS groups using service account");
      ctx = new InitialDirContext(env);
      logger.debug("After InitialDirContext");
      SearchControls controls = new SearchControls();
      controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
      String attr[] = {"samaccountname"};
      controls.setReturningAttributes(attr);
      NamingEnumeration<SearchResult> result =
          ctx.search(
              MessageUtils.getMessage("ldap.service.account.conf.name"),
              MessageUtils.getMessage("ldap.service.account.conf.filter"),
              controls);
      awsAllGroups = new ArrayList<String>();

      SearchResult sr = null;
      // Loop through the search results
      while (result.hasMoreElements()) {
        sr = (SearchResult) result.next();
        awsAllGroups.add(sr.getName().substring(3));
      }

      return awsAllGroups;
    } catch (AuthenticationException e) {
      logger.error("Service account details are not correct." + e.getMessage());
      return null;
    } catch (NamingException e) {
      logger.error("Unable to connect" + e.getMessage());
      return new ArrayList<String>();
    } finally {
      if (ctx != null) {
        try {
          ctx.close();
        } catch (NamingException e) {

        }
      }
    }
  }
  private Subject login() throws AuthenticationException {
    try {
      LoginContext lc =
          new LoginContext(
              KerberosLdapContextSource.class.getSimpleName(), null, null, this.loginConfig);

      lc.login();

      return lc.getSubject();
    } catch (LoginException e) {
      AuthenticationException ae = new AuthenticationException(e.getMessage());
      ae.initCause(e);
      throw ae;
    }
  }
Example #4
0
 // Code to add comments for Jira Issue
 public static void RestAddComment(String strComment, String strIssueID) {
   try {
     String auth = new String(Base64.encode("admin:admin"));
     String createCommentData = "{\"body\": \"" + strComment + "\"}\"";
     String comment =
         invokePostMethod(
             auth, BASE_URL + "/rest/api/2/issue/" + strIssueID + "/comment", createCommentData);
     System.out.println(comment);
     JSONObject issueObj = new JSONObject(comment);
     String newKey = issueObj.getString("id");
     System.out.println("id:" + newKey);
   } catch (AuthenticationException e) {
     System.out.println("Username or Password wrong!");
     e.printStackTrace();
   } catch (ClientHandlerException e) {
     System.out.println("Error invoking REST method");
     e.printStackTrace();
   } catch (JSONException e) {
     System.out.println("Invalid JSON output");
     e.printStackTrace();
   }
 }
Example #5
0
  protected boolean canConnect(VDS vds) {
    // execute the connectivity and id uniqueness validation for VDS type hosts
    if (!getParameters().isPending()
        && !getParameters().isProvisioned()
        && Config.<Boolean>getValue(ConfigValues.InstallVds)) {
      try (final EngineSSHClient sshclient = getSSHClient()) {
        sshclient.connect();
        sshclient.authenticate();

        String hostUUID = getInstalledVdsIdIfExists(sshclient);
        if (hostUUID != null && vdsDao.getAllWithUniqueId(hostUUID).size() != 0) {
          return failValidation(EngineMessage.ACTION_TYPE_FAILED_VDS_WITH_SAME_UUID_EXIST);
        }

        return isValidGlusterPeer(sshclient, vds.getClusterId());
      } catch (AuthenticationException e) {
        log.error(
            "Failed to authenticate session with host '{}': {}", vds.getName(), e.getMessage());
        log.debug("Exception", e);
        return failValidation(EngineMessage.VDS_CANNOT_AUTHENTICATE_TO_SERVER);
      } catch (SecurityException e) {
        log.error(
            "Failed to connect to host '{}', fingerprint '{}': {}",
            vds.getName(),
            vds.getSshKeyFingerprint(),
            e.getMessage());
        log.debug("Exception", e);
        addValidationMessage(EngineMessage.VDS_SECURITY_CONNECTION_ERROR);
        addValidationMessageVariable("ErrorMessage", e.getMessage());
        return failValidation(EngineMessage.VDS_CANNOT_AUTHENTICATE_TO_SERVER);
      } catch (Exception e) {
        log.error("Failed to establish session with host '{}': {}", vds.getName(), e.getMessage());
        log.debug("Exception", e);

        return failValidation(EngineMessage.VDS_CANNOT_CONNECT_TO_SERVER);
      }
    }
    return true;
  }
 public User getUser(String uid) throws DataSourceException, ConfigException {
   try {
     String s =
         "(&(objectClass="
             + source.getUsersObjectClassValue()
             + ")("
             + source.getUsersIdKey()
             + "="
             + uid
             + "))";
     List<SearchResult> r = this.search(s, SecurityEntityType.USER);
     if (!r.isEmpty()) {
       return newUser(r.get(0).getAttributes());
     } else {
       return null;
     }
   } catch (javax.naming.AuthenticationException e) {
     e.printStackTrace();
     throw new ConfigException(e, "LDAP connection failed, please check your settings");
   } catch (NamingException e) {
     throw new DataSourceException(e, "LDAP Exception : " + e.getMessage());
   }
 }
  /** {@inheritDoc} */
  public boolean login() throws LoginException {
    try {
      final NameCallback nameCb = new NameCallback("Enter user: "******"Enter user password: "******"Authentication failed", authEx);
        }
        throw new LoginException(authEx != null ? authEx.getMessage() : "Authentication failed");
      } else {
        if (this.setLdapPrincipal) {
          final LdapPrincipal lp = new LdapPrincipal(nameCb.getName());
          if (attrs != null) {
            lp.getLdapAttributes().addAttributes(attrs);
          }
          this.principals.add(lp);
        }

        final String loginDn = this.auth.getDn(nameCb.getName());
        if (loginDn != null && this.setLdapDnPrincipal) {
          final LdapDnPrincipal lp = new LdapDnPrincipal(loginDn);
          if (attrs != null) {
            lp.getLdapAttributes().addAttributes(attrs);
          }
          this.principals.add(lp);
        }
        if (this.setLdapCredential) {
          this.credentials.add(new LdapCredential(passCb.getPassword()));
        }
        this.storeCredentials(nameCb, passCb, loginDn);
      }
    } catch (NamingException e) {
      if (this.logger.isDebugEnabled()) {
        this.logger.debug("Error occured attempting authentication", e);
      }
      this.loginSuccess = false;
      throw new LoginException(e != null ? e.getMessage() : "Authentication Error");
    } finally {
      this.auth.close();
    }
    return true;
  }
  /**
   * This method will test if a user has access to the LDAP, if so it will then check the list of
   * groups and check for is access
   *
   * @param String username as named via a uid in the LDAP
   * @param String password clear text in LDAP
   * @return Hashtable authenticate object
   */
  public Hashtable authenticate(String username, String password, String keyfob_id) {

    Hashtable authHT = new Hashtable();

    if (keyfob_id != null) {
      System.out.println("attempted keyfob value: " + keyfob_id);
      // we need to bind with our anon bind user
      username = this.AD_ANON_BIND_UNAME;
      password = this.AD_ANON_BIND_PWORD;
    }

    // assume they will not pass the test
    boolean authenticated = false;

    // first check to see if we even need to hit LDAP (not overridden)
    if (this.LDAP_OVERRIDE) {
      System.out.println("Override Authentication");
      // just check against stored username/password, put in all groups
      if (username.equals(this.LDAP_OVERRIDE_UNAME) && password.equals(this.LDAP_OVERRIDE_PWORD)) {
        authenticated = true;
        // just add then to each group
        for (String key : groups.keySet()) {
          // push the name of the group and access to it boolean
          authHT.put(key, true); // method throws NamingException
        }
      }

    } else {
      // authenticate agianst creditials server
      System.err.println("Trying " + this.PROVIDER_TYPE + " authentication by: " + username);

      try {

        // build a hash table to pass as a bindable event
        // Set up environment for creating initial context
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, this.INITIAL_CONTEXT_FACTORY);

        env.put(Context.SECURITY_AUTHENTICATION, this.SECURITY_AUTHENTICATION);
        // we take the uid to authenticate, pair it with the username, and append the base location
        env.put(Context.PROVIDER_URL, this.PROVIDER_URL);

        if (this.PROVIDER_TYPE.equals("AD")) {
          env.put(Context.SECURITY_PRINCIPAL, username + "@" + this.AD_DOMAIN);
        } else if (this.PROVIDER_TYPE.equals("LDAP")) {
          env.put(
              Context.SECURITY_PRINCIPAL, "uid=" + username + "," + this.USERS_LOC + this.BASE_DN);
        } // we don't need to throw errors here because first try/catch finds it

        env.put(Context.SECURITY_CREDENTIALS, password);

        // send env assigments to console
        // enumerateContents(env.elements());

        /** now that we have our hash values lets go authenticate */

        // first we want to connect to the LDAP Server and create initial context
        // making sure the user name and password are valid
        ctx =
            new InitialDirContext(
                env); // Throws AuthenticationException if not valid username/password
        // WE NEVER GO PAST HERE IF AuthenticationException THROWN
        System.err.println("connection and creditials valid");

        /**
         * we just split the two paths of AD and LDAP authentication because the LDAP way worked and
         * we are migrating to AD. However we want to be able to easily switch back until the LDAP
         * service is discontinued. Theoretically both services should be 'searchable' the same way
         * at some point the LDAP code should be removed or universal code written
         */
        if (this.PROVIDER_TYPE.equals("AD")) {
          /** AD way, get the group list, if they match add */
          SearchControls constraints = new SearchControls();
          constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);

          // either search by user name or by keyfob id. either way will return a user if one is
          // found
          NamingEnumeration results = null;
          if (keyfob_id != null) {
            // we don't challenge on keyfob. assumed if you have keyfob you are that user
            System.out.println("searching for keyfob id: >" + keyfob_id + "<");
            results =
                ctx.search(
                    this.USERS_LOC + this.BASE_DN,
                    "(" + this.ATTRIBUTE_NAME_KEYFOB_ID + "=" + keyfob_id + ")",
                    constraints);
            authHT.put("keyfob_id", keyfob_id); // pass it back as proof positive we found it
          } else {
            results =
                ctx.search(
                    this.USERS_LOC + this.BASE_DN,
                    "(" + this.ATTRIBUTE_NAME_UNAME + "=" + username + ")",
                    constraints);
          }

          while (results != null && results.hasMore()) {
            SearchResult sr = (SearchResult) results.next();
            String dn = sr.getName() + ", " + this.USERS_LOC + this.BASE_DN;

            Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
            if (ar == null) {
              // we need the user to have attributes
              throw new Exception("Entry " + dn + " has none of the specified attributes\n");
            }
            for (int i = 0; i < MY_ATTRS.length; i++) {
              Attribute attr = ar.get(MY_ATTRS[i]);
              if (attr == null) {
                continue;
              }
              System.out.println(MY_ATTRS[i] + ":");
              for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) {
                String temp_next_element = vals.nextElement().toString(); // returns generic Object
                System.out.println("\t" + temp_next_element);

                // push the attributes to the auth HT
                if (!(authHT.containsKey(MY_ATTRS[i]))) {
                  // push the name of the group and access to it boolean
                  authHT.put(MY_ATTRS[i], temp_next_element);
                }

                // see if this element value matches any of my groups
                for (String key : groups.keySet()) {
                  if (temp_next_element
                      .toLowerCase()
                      .startsWith("cn=" + groups.get(key).toLowerCase())) {
                    // push the name of the group and access to it boolean
                    authHT.put(key, true);

                    // if user is found in ANY of the predefined groups they are 'authenticated' to
                    // login.
                    // RolemManager.as handles ACL
                    authenticated = true;
                  }
                }
              }
            }
          }

          // now for any groups not found, set them to false
          for (String key : groups.keySet()) {
            if (!(authHT.containsKey(key))) {
              // push the name of the group and access to it boolean
              authHT.put(key, false);
            }
          }

          // end AD WAY

        } else if (this.PROVIDER_TYPE.equals("LDAP")) {
          // authenticated only in the sense they are a valid AD user
          authenticated = true;

          // now that we have verified they are a valid user, lets see what type of access they have
          // groups are specified in the config file as "GROUP_<name>" key=value pairs where value
          // is the LDAP group name
          // and key is what we are looking for in the scheduling app
          for (String key : groups.keySet()) {
            // push the name of the group and access to it boolean
            authHT.put(
                key,
                new Boolean(
                    userInGroup(username, groups.get(key)))); // method throws NamingException
          }
        } else {
          throw new Exception("Provider type not found.");
        }

        // Close the context when we're done
        ctx.close();
      } catch (AuthenticationException e) {
        // binding to LDAP server with provided username/password failed
        // e.printStackTrace();
        System.err.println(
            "AuthenticationException: "
                + e.getMessage()); // outputs -> [LDAP: error code 49 - Invalid Credentials]
        errorStack += e.getMessage() + "\n";
      } catch (NamingException e) {
        // catches invalid DN. Should not be thrown unless changes made to DN
        // Could also fail from the context of the called method userInGroup
        System.err.println("NamingException: " + e.getMessage());
        // e.printStackTrace();
        errorStack += e.getMessage() + "\n";
      } catch (Exception e) {
        e.printStackTrace();
        System.err.println("Exception: " + e.getMessage());
        errorStack += e.getMessage() + "\n";
      } finally { // make sure our connection is closed if relevant
        if (ctx != null) {
          try {
            ctx.close();
          } catch (NamingException e) {
            throw new RuntimeException(e);
          }
        }
      }
    }

    // push whether or not it was authenticated
    authHT.put("authenticated", new Boolean(authenticated));

    // spill contents to catalina.out file
    enumerateContents(authHT.keys());
    enumerateContents(authHT.elements());

    return (authHT);
  }