Пример #1
0
  protected int authenticate(
      long companyId, String emailAddress, String screenName, long userId, String password)
      throws Exception {

    LDAPAuthConfiguration ldapAuthConfiguration =
        _ldapAuthConfigurationProvider.getConfiguration(companyId);

    if (!ldapAuthConfiguration.enabled()) {
      if (_log.isDebugEnabled()) {
        _log.debug("Authenticator is not enabled");
      }

      return SUCCESS;
    }

    if (_log.isDebugEnabled()) {
      _log.debug("Authenticator is enabled");
    }

    int preferredLDAPServerResult =
        authenticateAgainstPreferredLDAPServer(
            companyId, emailAddress, screenName, userId, password);

    LDAPImportConfiguration ldapImportConfiguration =
        _ldapImportConfigurationProvider.getConfiguration(companyId);

    if (preferredLDAPServerResult == SUCCESS) {
      if (ldapImportConfiguration.importUserPasswordEnabled()) {
        return preferredLDAPServerResult;
      }

      return Authenticator.SKIP_LIFERAY_CHECK;
    }

    List<LDAPServerConfiguration> ldapServerConfigurations =
        _ldapServerConfigurationProvider.getConfigurations(companyId);

    for (LDAPServerConfiguration ldapServerConfiguration : ldapServerConfigurations) {

      int result =
          authenticate(
              ldapServerConfiguration.ldapServerId(),
              companyId,
              emailAddress,
              screenName,
              userId,
              password);

      if (result == SUCCESS) {
        if (ldapImportConfiguration.importUserPasswordEnabled()) {
          return result;
        }

        return Authenticator.SKIP_LIFERAY_CHECK;
      }
    }

    return authenticateRequired(companyId, userId, emailAddress, screenName, true, FAILURE);
  }
Пример #2
0
  protected int authenticateAgainstPreferredLDAPServer(
      long companyId, String emailAddress, String screenName, long userId, String password)
      throws Exception {

    int result = DNE;

    User user = null;

    try {
      if (userId > 0) {
        user = _userLocalService.getUserById(companyId, userId);
      } else if (Validator.isNotNull(emailAddress)) {
        user = _userLocalService.getUserByEmailAddress(companyId, emailAddress);
      } else if (Validator.isNotNull(screenName)) {
        user = _userLocalService.getUserByScreenName(companyId, screenName);
      } else {
        if (_log.isDebugEnabled()) {
          _log.debug("Unable to get preferred LDAP server");
        }

        return result;
      }
    } catch (NoSuchUserException nsue) {
      if (_log.isDebugEnabled()) {
        _log.debug("Unable to get preferred LDAP server", nsue);
      }

      return result;
    }

    long ldapServerId = user.getLdapServerId();

    if (ldapServerId < 0) {
      return result;
    }

    LDAPServerConfiguration ldapServerConfiguration =
        _ldapServerConfigurationProvider.getConfiguration(companyId, ldapServerId);

    String providerUrl = ldapServerConfiguration.baseProviderURL();

    if (Validator.isNull(providerUrl)) {
      return result;
    }

    if (_log.isDebugEnabled()) {
      _log.debug(
          "Using LDAP server ID " + ldapServerId + " to authenticate user " + user.getUserId());
    }

    result = authenticate(ldapServerId, companyId, emailAddress, screenName, userId, password);

    return result;
  }
Пример #3
0
  protected int authenticate(
      long ldapServerId,
      long companyId,
      String emailAddress,
      String screenName,
      long userId,
      String password)
      throws Exception {

    LdapContext ldapContext = _portalLDAP.getContext(ldapServerId, companyId);

    if (ldapContext == null) {
      return FAILURE;
    }

    NamingEnumeration<SearchResult> enu = null;

    try {
      LDAPServerConfiguration ldapServerConfiguration =
          _ldapServerConfigurationProvider.getConfiguration(companyId, ldapServerId);

      String baseDN = ldapServerConfiguration.baseDN();

      //  Process LDAP auth search filter

      String filter =
          _ldapSettings.getAuthSearchFilter(
              ldapServerId, companyId, emailAddress, screenName, String.valueOf(userId));

      Properties userMappings = _ldapSettings.getUserMappings(ldapServerId, companyId);

      String userMappingsScreenName = GetterUtil.getString(userMappings.getProperty("screenName"));

      userMappingsScreenName = StringUtil.toLowerCase(userMappingsScreenName);

      SearchControls searchControls =
          new SearchControls(
              SearchControls.SUBTREE_SCOPE,
              1,
              0,
              new String[] {userMappingsScreenName},
              false,
              false);

      enu = ldapContext.search(baseDN, filter, searchControls);

      if (enu.hasMoreElements()) {
        if (_log.isDebugEnabled()) {
          _log.debug("Search filter returned at least one result");
        }

        SearchResult result = enu.nextElement();

        String fullUserDN = _portalLDAP.getNameInNamespace(ldapServerId, companyId, result);

        Attributes attributes =
            _portalLDAP.getUserAttributes(ldapServerId, companyId, ldapContext, fullUserDN);

        // Get user or create from LDAP

        User user =
            _ldapUserImporter.importUser(
                ldapServerId, companyId, ldapContext, attributes, password);

        // Authenticate

        LDAPAuthResult ldapAuthResult =
            authenticate(ldapContext, companyId, attributes, fullUserDN, password);

        // Process LDAP failure codes

        String errorMessage = ldapAuthResult.getErrorMessage();

        if (errorMessage != null) {
          SystemLDAPConfiguration systemLDAPConfiguration =
              _systemLDAPConfigurationProvider.getConfiguration(companyId);

          int pos = errorMessage.indexOf(systemLDAPConfiguration.errorUserLockout());

          if (pos != -1) {
            throw new UserLockoutException.LDAPLockout(fullUserDN, errorMessage);
          }

          pos = errorMessage.indexOf(systemLDAPConfiguration.errorPasswordExpired());

          if (pos != -1) {
            throw new PasswordExpiredException();
          }
        }

        if (!ldapAuthResult.isAuthenticated()) {
          return FAILURE;
        }

        // Process LDAP success codes

        String resultCode = ldapAuthResult.getResponseControl();

        if (resultCode.equals(LDAPAuth.RESULT_PASSWORD_RESET)) {
          _userLocalService.updatePasswordReset(user.getUserId(), true);
        }
      } else {
        if (_log.isDebugEnabled()) {
          _log.debug("Search filter did not return any results");
        }

        return DNE;
      }
    } catch (Exception e) {
      if (e instanceof LDAPFilterException
          || e instanceof PasswordExpiredException
          || e instanceof UserLockoutException) {

        throw e;
      }

      _log.error("Problem accessing LDAP server", e);

      return FAILURE;
    } finally {
      if (enu != null) {
        enu.close();
      }

      if (ldapContext != null) {
        ldapContext.close();
      }
    }

    return SUCCESS;
  }