/**
* Metodo que obtiene los ids de los grupos a los que pertenece el usuario
*
* @param conn
* @param attributesUser
* @param ldapDef
* @param attributes
* @param entidad
* @return
* @throws SecurityException
*/
public List getListGroupOfUser(
LdapConnection conn,
LDAPAuthenticationUser attributesUser,
LDAPDef ldapDef,
String attributes[],
String entidad)
throws SecurityException {
List result = new ArrayList();
String attr[] = {attributes[0]};
try {
String group = null;
String filter = null;
LdapSearch search = null;
LDAPAuthenticationUser attributesGroup = null;
List groups = null;
int scope =
new Integer(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
.intValue();
groups = attributesUser.getGroupList();
if (log.isDebugEnabled()) {
log.debug("groups [" + groups + "] con el log [" + log + "]");
}
for (int i = 0; i < groups.size(); i++) {
group = (String) groups.get(i);
filter =
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
search = new LdapSearch();
search.initialize(conn, group, scope, filter, attr);
search.execute();
if (search.next()) {
attributesGroup = getUserAttributes(search, attributes);
attributesGroup.setGuidStringFormat(
LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));
Integer idGroup = getIdGroup(attributesGroup.getGuidStringFormat(), entidad);
if (idGroup != null) {
result.add(idGroup);
}
}
}
} catch (SecurityException e) {
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
} catch (Exception e) {
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
} finally {
try {
conn.close();
} catch (Exception e) {
}
}
return result;
}
public List connectionVerification(
LDAPAuthenticationUser attributesUser,
String password,
LDAPDef ldapDef,
String attributes[],
String entidad)
throws SecurityException {
Integer deptId = null;
List deptList = new ArrayList();
String attr[] = {attributes[0]};
LdapConnection conn = null;
try {
String group = null;
String filter = null;
LdapSearch search = null;
LDAPAuthenticationUser attributesGroup = null;
if (log.isDebugEnabled()) {
log.debug("dn [" + attributesUser.getDn() + "] con el log [" + log + "]");
}
conn = new LdapConnection();
LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
ldapConfig.setProvider(1);
// conn.open(ldapConfig, ldapDef.getLdapUser(), password, 1);
conn.open(ldapConfig, ldapConfig.getUser(), password);
List groups = null;
int scope =
new Integer(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
.intValue();
if (ldapDef.getLdapEngine() == 1) {
groups = attributesUser.getGroupList();
if (log.isDebugEnabled()) {
log.debug(" groups [" + groups + "] con el log [" + log + "]");
}
filter =
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
if (log.isDebugEnabled()) {
log.debug(" filter [" + filter + "] con el log [" + log + "]");
}
for (int i = 0; i < groups.size(); i++) {
group = (String) groups.get(i);
search = new LdapSearch();
search.initialize(conn, group, scope, filter, attr);
search.execute();
if (search.next()) {
attributesGroup = getUserAttributes(search, attributes);
attributesGroup.setGuidStringFormat(
LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));
deptId = getRegisterDeptOfic(attributesGroup.getGuidStringFormat(), entidad);
if (deptId != null) {
deptList.add(deptId);
if (log.isDebugEnabled()) {
log.debug(" deptId [" + deptId + "] con el log [" + log + "]");
}
// break;
}
}
}
} else {
filter =
MessageFormat.format(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine()),
new String[] {attributesUser.getDn()});
if (log.isDebugEnabled()) {
log.debug(" filter [" + filter + "] con el log [" + log + "]");
}
List list = new ArrayList();
list = getUserGroupGuidsIp(conn, ldapDef.getLdapRoot(), scope, filter, attr);
if (log.isDebugEnabled()) {
log.debug(" groups [" + list + "] con el log [" + log + "]");
}
String groupGuid = null;
for (int i = 0; i < list.size(); i++) {
groupGuid = (String) list.get(i);
deptId = getRegisterDeptOfic(groupGuid, entidad);
if (deptId != null) {
if (log.isDebugEnabled()) {
log.debug(" deptId [" + deptId + "] con el log [" + log + "]");
}
deptList.add(deptId);
// break;
}
}
}
} catch (SecurityException e) {
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
} catch (Exception e) {
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
} finally {
try {
conn.close();
} catch (Exception e) {
}
}
return deptList;
}
public List connectionVerification(
LdapConnection conn,
LDAPAuthenticationUser attributesUser,
LDAPDef ldapDef,
String attributes[],
String entidad,
List groupList)
throws SecurityException {
Integer deptId = null;
List deptList = new ArrayList();
String attr[] = {attributes[0]};
try {
String group = null;
String filter = null;
LdapSearch search = null;
LDAPAuthenticationUser attributesGroup = null;
List groups = null;
int scope =
new Integer(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPEGROUP + ldapDef.getLdapEngine()))
.intValue();
groups = attributesUser.getGroupList();
if (log.isDebugEnabled()) {
log.debug("groups [" + groups + "] con el log [" + log + "]");
}
for (int i = 0; i < groups.size(); i++) {
group = (String) groups.get(i);
filter =
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_BASESUBTREE_GROUP + ldapDef.getLdapEngine());
search = new LdapSearch();
search.initialize(conn, group, scope, filter, attr);
search.execute();
if (search.next()) {
attributesGroup = getUserAttributes(search, attributes);
attributesGroup.setGuidStringFormat(
LdapBasicFns.formatGuid(conn, attributesGroup.getGuid()));
// obtiene los grupos
Integer idGroup = getIdGroup(attributesGroup.getGuidStringFormat(), entidad);
if (idGroup != null) {
groupList.add(idGroup);
}
deptId = getRegisterDeptOfic(attributesGroup.getGuidStringFormat(), entidad);
if (deptId != null) {
deptList.add(deptId);
}
}
}
} catch (SecurityException e) {
log.error("Error connectionVerification: " + e.getMessage(), e);
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
} catch (Exception e) {
log.error("Error connectionVerification: " + e.getMessage(), e);
throw new SecurityException(SecurityException.ERROR_PASSWORD_INCORRECT);
}
return deptList;
}
public AuthenticationUser validate(String login, String password, String entidad)
throws SecurityException, ValidationException {
AuthenticationUser user = null;
validateParameters(login, password);
LDAPAuthenticationUser attributesUser = null;
try {
LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
if (log.isDebugEnabled()) {
log.debug("LDAPDef [" + ldapDef + "] con el log [" + log + "]");
}
if (ldapDef.getLdapEngine() == 0) {
throw new SecurityException(SecurityException.ERROR_AUTHENTICATION_POLICY_NOTFOUND);
}
// String dn = ldapDef.getLdapUser();
String attrID =
LDAPRBUtil.getInstance(null).getProperty(LDAP_ATTRIBUTES + ldapDef.getLdapEngine());
String attributes[] = parseAttributes(attrID);
String passwordDecrypt = CryptoUtils.decryptPasswordLDAP(ldapDef.getLdapPassword());
LdapConnection conn = new LdapConnection();
LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
ldapConfig.setProvider(1);
String dn = ldapConfig.getUser();
conn.open(ldapConfig, dn, passwordDecrypt);
LdapSearch search = getSearch(login, conn, ldapDef, attributes);
attributesUser = getUserAttributes(search, attributes);
attributesUser.setGuidStringFormat(LdapBasicFns.formatGuid(conn, attributesUser.getGuid()));
if (log.isDebugEnabled()) {
log.debug("attributesUser [" + attributesUser + "] con el log [" + log + "]");
}
conn.close();
// se valida al usuario logueado y su contraseña
validateUserPassword(ldapDef, attributesUser.getDn(), password);
Integer userId = userVerification(attributesUser, entidad);
// Integer deptId = connectionVerification(attributesUser, passwordDecrypt,
// ldapDef, attributes, entidad);
Integer deptId = null;
// List deptList = connectionVerification(attributesUser, passwordDecrypt, ldapDef,
// attributes, entidad);
// obtiene los departamentos del usuario
List deptListLDAP =
connectionVerification(attributesUser, passwordDecrypt, ldapDef, attributes, entidad);
// obtenemos las oficinas del usuario
List deptList = getUserDeptList(userId, entidad, deptListLDAP);
// obtenemos los ids de los grupos a los que pertenece el usuario
List groupList =
getListGroupOfUser(attributesUser, passwordDecrypt, ldapDef, attributes, entidad);
user = new AuthenticationUser();
if (deptList != null && deptList.size() > 0) {
deptId = (Integer) deptList.get(0);
user.setDeptList(deptList);
}
user.setId(userId);
user.setName(attributesUser.getFullName());
user.setDeptid(deptId);
user.setDeptIdOriginal(deptId);
user.setGroupList(groupList);
} catch (NamingException e) {
throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
} catch (SecurityException e) {
throw e;
} catch (Exception e) {
throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
}
return user;
}
public LdapSearch getSearch(
String login, LdapConnection conn, LDAPDef ldapDef, String[] attributes)
throws SecurityException {
String filter = null;
LdapSearch search = null;
try {
// busqueda por dn
filter =
MessageFormat.format(
LDAPRBUtil.getInstance(null).getProperty(LDAP_SCOPE_BASE + ldapDef.getLdapEngine()),
new String[] {login});
if (log.isDebugEnabled()) {
log.debug("filter [" + filter + "] con el log [" + log + "]");
log.debug("dn [" + login + "] con el log [" + log + "]");
}
search = new LdapSearch();
search.initialize(
conn, ldapDef.getLdapRoot(), SearchControls.OBJECT_SCOPE, filter, attributes);
search.execute();
if (!search.next()) {
// Busqueda por UniqueName
filter =
MessageFormat.format(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_SUBTREE1 + ldapDef.getLdapEngine()),
new String[] {login});
if (log.isDebugEnabled()) {
log.debug("filter [" + filter + "] con el log [" + log + "]");
log.debug("UniqueName [" + login + "] con el log [" + log + "]");
}
search = new LdapSearch();
search.initialize(
conn, ldapDef.getLdapRoot(), SearchControls.SUBTREE_SCOPE, filter, attributes);
search.execute();
if (!search.next()) {
// Busqueda por número de cuenta sAMAccountName
filter =
MessageFormat.format(
LDAPRBUtil.getInstance(null)
.getProperty(LDAP_SCOPE_SUBTREE2 + ldapDef.getLdapEngine()),
new String[] {login});
if (log.isDebugEnabled()) {
log.debug("filter [" + filter + "] con el log [" + log + "]");
log.debug("sAMAccountName [" + login + "] con el log [" + log + "]");
}
if (!filter.equals("")) {
search = new LdapSearch();
search.initialize(
conn, ldapDef.getLdapRoot(), SearchControls.SUBTREE_SCOPE, filter, attributes);
search.execute();
if (!search.next()) {
throw new SecurityException(SecurityException.ERROR_NAME_INCORRECT);
}
}
}
}
if (search.getM_srAttrs() == null) {
throw new SecurityException(SecurityException.ERROR_NAME_INCORRECT);
}
} catch (SecurityException e) {
throw e;
} catch (Exception e) {
throw new SecurityException(SecurityException.ERROR_CAN_NOT_FIND_USER_ATTRIBUTES_LDAP);
}
return search;
}
public AuthenticationUser validate(String userDn, String entidad)
throws SecurityException, ValidationException {
AuthenticationUser user = null;
LDAPAuthenticationUser attributesUser = null;
LdapConnection conn = new LdapConnection();
try {
// String decodedDn = CryptoUtils.getDecodeDn(userDn);
String decodedDn = userDn;
LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
if (log.isDebugEnabled()) {
log.debug("LDAPDef [" + ldapDef + "] con el log [" + log + "]");
}
if (ldapDef.getLdapEngine() == 0) {
throw new SecurityException(SecurityException.ERROR_AUTHENTICATION_POLICY_NOTFOUND);
}
// String dn = ldapDef.getLdapUser();
String attrID =
LDAPRBUtil.getInstance(null).getProperty(LDAP_ATTRIBUTES + ldapDef.getLdapEngine());
String attributes[] = parseAttributes(attrID);
String passwordDecrypt = CryptoUtils.decryptPasswordLDAP(ldapDef.getLdapPassword());
LdapConnCfg ldapConfig = LdapConfigUtils.createLdapConnConfig(ldapDef);
String dn = ldapConfig.getUser();
ldapConfig.setProvider(1);
conn.open(ldapConfig, dn, passwordDecrypt);
LdapSearch search = getSearchSSO(decodedDn, conn, ldapDef, attributes);
attributesUser = getUserAttributes(search, attributes);
attributesUser.setGuidStringFormat(LdapBasicFns.formatGuid(conn, attributesUser.getGuid()));
if (log.isDebugEnabled()) {
log.debug("attributesUser [" + attributesUser + "] con el log [" + log + "]");
}
Integer userId = userVerification(attributesUser, entidad);
// Integer deptId = connectionVerification(conn, attributesUser, ldapDef, attributes,
// entidad);
Integer deptId = null;
List groupList = new ArrayList();
List deptList =
connectionVerification(conn, attributesUser, ldapDef, attributes, entidad, groupList);
// se deja comentado este punto porque es nuevo y soluciona el error detectado con el boton
// cambiar oficina por SSO
deptList = getUserDeptList(userId, entidad, deptList);
user = new AuthenticationUser();
if (deptList != null && deptList.size() > 0) {
deptId = (Integer) deptList.get(0);
user.setDeptList(deptList);
}
user.setId(userId);
user.setName(attributesUser.getFullName());
user.setDeptid(deptId);
user.setGroupList(groupList);
return user;
} catch (NamingException e) {
throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
} catch (SecurityException e) {
throw e;
} catch (Exception e) {
throw new SecurityException(SecurityException.ERROR_USER_NOTFOUND);
} finally {
try {
conn.close();
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Error al cerrar conexión LDAP", e);
}
}
}
}
public static boolean isLdap(String entidad) {
LDAPDef ldapDef = RepositoryLDAP.getInstance(entidad).getLDAPInfo();
boolean isLdap = false;
if (ldapDef.getLdapEngine() != 0) isLdap = true;
return isLdap;
}