public static void main(String[] args) {
try {
new JNDITomcat();
} catch (Exception ex) {
ex.printStackTrace();
}
}
/**
* Test
*
* @param args ignored
*/
public static void main(String[] args) {
try {
validate("ldap://dc.compiere.org", "compiere.org", "jjanke", "ikeepforgetting");
} catch (Exception e) {
e.printStackTrace();
}
} // main
@Override
public ResponseType execute(PasswordRequest passwordRequest) throws ConnectorDataException {
ResponseType respType = new ResponseType();
respType.setStatus(StatusCodeType.SUCCESS);
ConnectorConfiguration config =
getConfiguration(passwordRequest.getTargetID(), ConnectorConfiguration.class);
ManagedSysEntity managedSys = config.getManagedSys();
LdapContext ldapctx = this.connect(managedSys);
try {
ManagedSystemObjectMatch matchObj =
getMatchObject(passwordRequest.getTargetID(), ManagedSystemObjectMatch.USER);
String identity = passwordRequest.getObjectIdentity();
// Check identity on CN format or not
String identityPatternStr =
MessageFormat.format(DN_IDENTITY_MATCH_REGEXP, matchObj.getKeyField());
Pattern pattern = Pattern.compile(identityPatternStr);
Matcher matcher = pattern.matcher(identity);
String objectBaseDN;
if (matcher.matches()) {
identity = matcher.group(1);
String CN = matchObj.getKeyField() + "=" + identity;
objectBaseDN = passwordRequest.getObjectIdentity().substring(CN.length() + 1);
} else {
// if identity is not in DN format try to find OU info in attributes
// MVL 20141211 String OU = getOU(passwordRequest.getExtensibleObject());
String OU = getAttrValue(passwordRequest.getExtensibleObject(), OU_ATTRIBUTE);
if (StringUtils.isNotEmpty(OU)) {
objectBaseDN = OU + "," + matchObj.getBaseDn();
} else {
objectBaseDN = matchObj.getBaseDn();
}
}
NamingEnumeration results = null;
try {
log.debug("Looking for user with identity=" + identity + " in " + objectBaseDN);
results = lookupSearch(managedSys, matchObj, ldapctx, identity, null, objectBaseDN);
} catch (NameNotFoundException nnfe) {
log.debug("results=NULL");
log.debug(" results has more elements=0");
respType.setStatus(StatusCodeType.FAILURE);
return respType;
}
String identityDN = null;
int count = 0;
while (results != null && results.hasMoreElements()) {
SearchResult sr = (SearchResult) results.next();
identityDN = sr.getNameInNamespace();
count++;
}
if (count == 0) {
String err = String.format("User %s was not found in %s", identity, objectBaseDN);
log.error(err);
respType.setStatus(StatusCodeType.FAILURE);
return respType;
} else if (count > 1) {
String err = String.format("More then one user %s was found in %s", identity, objectBaseDN);
log.error(err);
respType.setStatus(StatusCodeType.FAILURE);
return respType;
}
if (StringUtils.isNotEmpty(identityDN)) {
log.debug("New password will be reset for user " + identityDN);
Directory dirSpecificImp =
DirectorySpecificImplFactory.create(config.getManagedSys().getHandler5());
ModificationItem[] mods = dirSpecificImp.resetPassword(passwordRequest);
ldapctx.modifyAttributes(identityDN, mods);
log.debug("New password has been reset for user " + identityDN);
}
} catch (NamingException ne) {
log.error(ne.getMessage(), ne);
log.debug("Returning response object from reset password with Status of Failure...");
ConnectorDataException ex = null;
if (ne instanceof OperationNotSupportedException) {
ex =
new ConnectorDataException(
ErrorCode.OPERATION_NOT_SUPPORTED_EXCEPTION, ne.getMessage());
} else {
ex = new ConnectorDataException(ErrorCode.DIRECTORY_ERROR, ne.getMessage());
}
throw ex;
} catch (Exception ne) {
log.error(ne.getMessage(), ne);
throw new ConnectorDataException(ErrorCode.OTHER_ERROR, ne.getMessage());
} finally {
/* close the connection to the directory */
this.closeContext(ldapctx);
}
return respType;
}
/**
* Clear out all the old editors, and get new editors corresponding to the new object classes.
*
* @param entry the entry to be displayed by all the editors
* @param ds the datasource the editors may use for more info
* @param ocs the object classes (in order) to find editors for.
*/
protected void setEditors(DXEntry entry, DataBrokerQueryInterface ds, Vector ocs) {
try {
clearPluggableEditors(); // clear all extra editors
// search for unique structural editors...
if ("false".equalsIgnoreCase(JXConfig.getProperty("plugins.ignoreUniqueness"))) {
if (ocs == null) // TE: may happen if virtual entry.
return;
int size = ocs.size();
for (int i = 0; i < size; i++) {
Object objectClass = ocs.get(i);
if (objectClass != null) {
PluggableEditor ed = getEditor(objectClass.toString());
if (ed != null && ed.isUnique() == true) // found a unique editor
{ // so clear old ones,
addUniqueEditor(ed); // and use the unique one
refreshEditors(entry, ds); // to display the data
setCurrentEditor(ed);
return; // ... and exit.
}
}
}
} else log.warning("skipping uniqueness test for pluggable editors");
boolean newEdSet = false;
// search for non-unique structural editors
for (int i = 0; i < ocs.size(); i++) {
Object objectClass = ocs.get(i);
if (objectClass != null) {
PluggableEditor ed = getEditor(objectClass.toString());
if (ed != null) {
addEditor(ed);
// Force the displayed editor to be the first pluggable one...
if (newEdSet == false) {
setCurrentEditor(ed);
newEdSet = true;
}
}
}
}
// search for non-structural editors
try {
Attribute allOCs = entry.getAllObjectClasses();
if (allOCs != null) {
Enumeration vals = allOCs.getAll();
while (vals.hasMoreElements()) {
Object oc = vals.nextElement();
if (oc != null) {
String ocName = oc.toString();
if (ocs.contains(ocName)
== false) // don't bother with struct objectclasses dealt with above
{
PluggableEditor ed = getEditor(ocName);
if (ed != null) {
addEditor(ed);
if (ed.isUnique()) // a special service to users...
log.warning(
"WARNING: Illegal unique editor defined for oc: "
+ ocName
+ " not allowed - (oc not in primary structural inheritance chain)");
}
}
}
}
}
} catch (NamingException e) {
log.log(
Level.WARNING,
"WARNING: non-fatal exception getting object classes for plugin editors. ",
e);
}
addEditor(templateDisplay); // and always add old faithfulls...
// XXX
if (entry.getStatus() != DXEntry.NEW) // well, almost always...
addEditor(tableDisplay);
} catch (Exception e) {
log.warning("Unexpected Exception in AttributeDisplay\n" + e);
e.printStackTrace();
}
}
/** default constructor reads in the configuration file and parses values */
public AuthenticationService() {
// read in the properties file
try {
// go get the properties for this LDAP connection
Properties configFile = new Properties();
// load the file from the class path (moved there by ant task)
configFile.load(this.getClass().getClassLoader().getResourceAsStream("./ldap.properties"));
// send ouput to console
// enumerateContents(configFile.propertyNames());
this.INITIAL_CONTEXT_FACTORY = configFile.getProperty("INITIAL_CONTEXT_FACTORY");
this.SECURITY_AUTHENTICATION = configFile.getProperty("SECURITY_AUTHENTICATION");
this.PROVIDER_TYPE = configFile.getProperty("PROVIDER_TYPE");
if (this.PROVIDER_TYPE.equals("AD")) {
this.PROVIDER_URL = configFile.getProperty("AD_PROVIDER_URL");
this.AD_DOMAIN = configFile.getProperty("AD_DOMAIN");
this.BASE_DN = configFile.getProperty("AD_BASE_DN");
this.GROUPS_LOC = configFile.getProperty("AD_GROUPS_LOC");
this.USERS_LOC = configFile.getProperty("AD_USERS_LOC");
this.AD_ANON_BIND_UNAME = configFile.getProperty("AD_ANON_BIND_UNAME");
this.AD_ANON_BIND_PWORD = configFile.getProperty("AD_ANON_BIND_PWORD");
this.ATTRIBUTE_NAME_KEYFOB_ID = configFile.getProperty("ATTRIBUTE_NAME_KEYFOB_ID");
this.ATTRIBUTE_NAME_UNAME = configFile.getProperty("ATTRIBUTE_NAME_UNAME");
} else if (this.PROVIDER_TYPE.equals("LDAP")) {
this.PROVIDER_URL = configFile.getProperty("LDAP_PROVIDER_URL");
this.BASE_DN = configFile.getProperty("LDAP_BASE_DN");
this.GROUPS_LOC = configFile.getProperty("LDAP_GROUPS_LOC");
this.USERS_LOC = configFile.getProperty("LDAP_USERS_LOC");
} else {
throw new Exception("Provider type not found.");
}
// get override info
this.LDAP_OVERRIDE = Boolean.parseBoolean(configFile.getProperty("LDAP_OVERRIDE"));
this.LDAP_OVERRIDE_UNAME = configFile.getProperty("LDAP_OVERRIDE_UNAME");
this.LDAP_OVERRIDE_PWORD = configFile.getProperty("LDAP_OVERRIDE_PWORD");
// init the array list
groups = new HashMap<String, String>();
// load the groups into a String array
for (Enumeration e = configFile.propertyNames(); e.hasMoreElements(); ) {
String key = e.nextElement().toString();
if (key.indexOf("GROUP_") == 0) { // ie key in key=value pair matches "GROUP_"
// append the group name to the array list for checking later
groups.put(key, configFile.getProperty(key));
}
}
} catch (FileNotFoundException e) {
// e.printStackTrace();
System.err.println("FileNotFoundException: " + e.getMessage());
errorStack += e.getMessage() + "\n";
} catch (IOException e) {
/** @TODO set defaults, or just give up? */
// e.printStackTrace();
System.err.println("IOException: " + e.getMessage());
errorStack += e.getMessage() + "\n";
} catch (Exception e) {
// e.printStackTrace();
System.err.println("Exception: " + e.getMessage());
errorStack += e.getMessage() + "\n";
}
}
/**
* This method will test if a user has access to the LDAP, if so it will then check the list of
* groups and check for is access
*
* @param String username as named via a uid in the LDAP
* @param String password clear text in LDAP
* @return Hashtable authenticate object
*/
public Hashtable authenticate(String username, String password, String keyfob_id) {
Hashtable authHT = new Hashtable();
if (keyfob_id != null) {
System.out.println("attempted keyfob value: " + keyfob_id);
// we need to bind with our anon bind user
username = this.AD_ANON_BIND_UNAME;
password = this.AD_ANON_BIND_PWORD;
}
// assume they will not pass the test
boolean authenticated = false;
// first check to see if we even need to hit LDAP (not overridden)
if (this.LDAP_OVERRIDE) {
System.out.println("Override Authentication");
// just check against stored username/password, put in all groups
if (username.equals(this.LDAP_OVERRIDE_UNAME) && password.equals(this.LDAP_OVERRIDE_PWORD)) {
authenticated = true;
// just add then to each group
for (String key : groups.keySet()) {
// push the name of the group and access to it boolean
authHT.put(key, true); // method throws NamingException
}
}
} else {
// authenticate agianst creditials server
System.err.println("Trying " + this.PROVIDER_TYPE + " authentication by: " + username);
try {
// build a hash table to pass as a bindable event
// Set up environment for creating initial context
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, this.INITIAL_CONTEXT_FACTORY);
env.put(Context.SECURITY_AUTHENTICATION, this.SECURITY_AUTHENTICATION);
// we take the uid to authenticate, pair it with the username, and append the base location
env.put(Context.PROVIDER_URL, this.PROVIDER_URL);
if (this.PROVIDER_TYPE.equals("AD")) {
env.put(Context.SECURITY_PRINCIPAL, username + "@" + this.AD_DOMAIN);
} else if (this.PROVIDER_TYPE.equals("LDAP")) {
env.put(
Context.SECURITY_PRINCIPAL, "uid=" + username + "," + this.USERS_LOC + this.BASE_DN);
} // we don't need to throw errors here because first try/catch finds it
env.put(Context.SECURITY_CREDENTIALS, password);
// send env assigments to console
// enumerateContents(env.elements());
/** now that we have our hash values lets go authenticate */
// first we want to connect to the LDAP Server and create initial context
// making sure the user name and password are valid
ctx =
new InitialDirContext(
env); // Throws AuthenticationException if not valid username/password
// WE NEVER GO PAST HERE IF AuthenticationException THROWN
System.err.println("connection and creditials valid");
/**
* we just split the two paths of AD and LDAP authentication because the LDAP way worked and
* we are migrating to AD. However we want to be able to easily switch back until the LDAP
* service is discontinued. Theoretically both services should be 'searchable' the same way
* at some point the LDAP code should be removed or universal code written
*/
if (this.PROVIDER_TYPE.equals("AD")) {
/** AD way, get the group list, if they match add */
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
// either search by user name or by keyfob id. either way will return a user if one is
// found
NamingEnumeration results = null;
if (keyfob_id != null) {
// we don't challenge on keyfob. assumed if you have keyfob you are that user
System.out.println("searching for keyfob id: >" + keyfob_id + "<");
results =
ctx.search(
this.USERS_LOC + this.BASE_DN,
"(" + this.ATTRIBUTE_NAME_KEYFOB_ID + "=" + keyfob_id + ")",
constraints);
authHT.put("keyfob_id", keyfob_id); // pass it back as proof positive we found it
} else {
results =
ctx.search(
this.USERS_LOC + this.BASE_DN,
"(" + this.ATTRIBUTE_NAME_UNAME + "=" + username + ")",
constraints);
}
while (results != null && results.hasMore()) {
SearchResult sr = (SearchResult) results.next();
String dn = sr.getName() + ", " + this.USERS_LOC + this.BASE_DN;
Attributes ar = ctx.getAttributes(dn, MY_ATTRS);
if (ar == null) {
// we need the user to have attributes
throw new Exception("Entry " + dn + " has none of the specified attributes\n");
}
for (int i = 0; i < MY_ATTRS.length; i++) {
Attribute attr = ar.get(MY_ATTRS[i]);
if (attr == null) {
continue;
}
System.out.println(MY_ATTRS[i] + ":");
for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) {
String temp_next_element = vals.nextElement().toString(); // returns generic Object
System.out.println("\t" + temp_next_element);
// push the attributes to the auth HT
if (!(authHT.containsKey(MY_ATTRS[i]))) {
// push the name of the group and access to it boolean
authHT.put(MY_ATTRS[i], temp_next_element);
}
// see if this element value matches any of my groups
for (String key : groups.keySet()) {
if (temp_next_element
.toLowerCase()
.startsWith("cn=" + groups.get(key).toLowerCase())) {
// push the name of the group and access to it boolean
authHT.put(key, true);
// if user is found in ANY of the predefined groups they are 'authenticated' to
// login.
// RolemManager.as handles ACL
authenticated = true;
}
}
}
}
}
// now for any groups not found, set them to false
for (String key : groups.keySet()) {
if (!(authHT.containsKey(key))) {
// push the name of the group and access to it boolean
authHT.put(key, false);
}
}
// end AD WAY
} else if (this.PROVIDER_TYPE.equals("LDAP")) {
// authenticated only in the sense they are a valid AD user
authenticated = true;
// now that we have verified they are a valid user, lets see what type of access they have
// groups are specified in the config file as "GROUP_<name>" key=value pairs where value
// is the LDAP group name
// and key is what we are looking for in the scheduling app
for (String key : groups.keySet()) {
// push the name of the group and access to it boolean
authHT.put(
key,
new Boolean(
userInGroup(username, groups.get(key)))); // method throws NamingException
}
} else {
throw new Exception("Provider type not found.");
}
// Close the context when we're done
ctx.close();
} catch (AuthenticationException e) {
// binding to LDAP server with provided username/password failed
// e.printStackTrace();
System.err.println(
"AuthenticationException: "
+ e.getMessage()); // outputs -> [LDAP: error code 49 - Invalid Credentials]
errorStack += e.getMessage() + "\n";
} catch (NamingException e) {
// catches invalid DN. Should not be thrown unless changes made to DN
// Could also fail from the context of the called method userInGroup
System.err.println("NamingException: " + e.getMessage());
// e.printStackTrace();
errorStack += e.getMessage() + "\n";
} catch (Exception e) {
e.printStackTrace();
System.err.println("Exception: " + e.getMessage());
errorStack += e.getMessage() + "\n";
} finally { // make sure our connection is closed if relevant
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
throw new RuntimeException(e);
}
}
}
}
// push whether or not it was authenticated
authHT.put("authenticated", new Boolean(authenticated));
// spill contents to catalina.out file
enumerateContents(authHT.keys());
enumerateContents(authHT.elements());
return (authHT);
}
public static void inviteNewMember(
@Required String nom,
@Required String prenom,
@Required String mail,
@Required String langue) {
try {
String login = normalize(prenom) + '.' + normalize(nom);
String url = "";
String signature = "";
String community = "Hypertopic";
//
String mailGodfather = "";
String firstNameGodfather = "";
String lastNameGodfather = "";
int flag = -1;
if (session.get("username").equals("admin")) {
firstNameGodfather = "l'administrateur";
mailGodfather = "Hypertopic Team <*****@*****.**>";
} else {
HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username"));
mailGodfather = infos.get("mail");
firstNameGodfather = infos.get("firstName");
lastNameGodfather = infos.get("lastName");
firstNameGodfather =
firstNameGodfather.substring(0, 1).toUpperCase()
+ firstNameGodfather.substring(1).toLowerCase();
lastNameGodfather =
lastNameGodfather.substring(0, 1).toUpperCase()
+ lastNameGodfather.substring(1).toLowerCase();
}
flag = Invitation.verifyMaliciousPassword(login, mail);
if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) {
System.out.println("invitenewmember");
try {
url = "http://" + request.domain;
if (request.port != 80) url += ":" + request.port;
url +=
"/inscription?firstname="
+ URLEncoder.encode(prenom, "UTF-8")
+ "&lastname="
+ URLEncoder.encode(nom, "UTF-8")
+ "&email="
+ URLEncoder.encode(mail, "UTF-8");
signature = Crypto.sign(prenom + nom + mail);
url += "&signature=" + signature;
System.out.println("url in inviteNewMember: " + url);
} catch (UnsupportedEncodingException uee) {
System.err.println(uee);
}
if (validation.hasErrors()) {
render("Invitation/index.html");
} else {
if (renderArgs.get("domainName") != null) {
community = renderArgs.get("domainName").toString();
}
System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer");
if (langue.equals("fr")) {
Mails.inviteFr(
"Hypertopic Team <*****@*****.**>",
mail,
prenom,
nom,
url,
community,
firstNameGodfather,
lastNameGodfather,
mailGodfather);
} else {
Mails.inviteEn(
"Hypertopic Team <*****@*****.**>",
mail,
prenom,
nom,
url,
community,
firstNameGodfather,
lastNameGodfather,
mailGodfather);
}
flash.success(Messages.get("invitation_success"));
System.out.println("community: " + community);
session.remove("nom");
session.remove("prenom");
session.remove("mail");
Invitation.invitation();
}
} else {
if (langue.equals("fr")) {
flash.error(Messages.get("invitation_mailadresse_no_match"));
} else {
flash.error(Messages.get("invitation_mailadresse_no_match"));
}
Invitation.invitation();
}
} catch (Exception e) {
System.out.println("An exception occurred in Invitation.inviteNewMember");
e.printStackTrace();
render("Invitation/index.html");
}
}