public static void main(String[] args) { try { new JNDITomcat(); } catch (Exception ex) { ex.printStackTrace(); } }
/** * Test * * @param args ignored */ public static void main(String[] args) { try { validate("ldap://dc.compiere.org", "compiere.org", "jjanke", "ikeepforgetting"); } catch (Exception e) { e.printStackTrace(); } } // main
/** * This method will test if a user has access to the LDAP, if so it will then check the list of * groups and check for is access * * @param String username as named via a uid in the LDAP * @param String password clear text in LDAP * @return Hashtable authenticate object */ public Hashtable authenticate(String username, String password, String keyfob_id) { Hashtable authHT = new Hashtable(); if (keyfob_id != null) { System.out.println("attempted keyfob value: " + keyfob_id); // we need to bind with our anon bind user username = this.AD_ANON_BIND_UNAME; password = this.AD_ANON_BIND_PWORD; } // assume they will not pass the test boolean authenticated = false; // first check to see if we even need to hit LDAP (not overridden) if (this.LDAP_OVERRIDE) { System.out.println("Override Authentication"); // just check against stored username/password, put in all groups if (username.equals(this.LDAP_OVERRIDE_UNAME) && password.equals(this.LDAP_OVERRIDE_PWORD)) { authenticated = true; // just add then to each group for (String key : groups.keySet()) { // push the name of the group and access to it boolean authHT.put(key, true); // method throws NamingException } } } else { // authenticate agianst creditials server System.err.println("Trying " + this.PROVIDER_TYPE + " authentication by: " + username); try { // build a hash table to pass as a bindable event // Set up environment for creating initial context Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, this.INITIAL_CONTEXT_FACTORY); env.put(Context.SECURITY_AUTHENTICATION, this.SECURITY_AUTHENTICATION); // we take the uid to authenticate, pair it with the username, and append the base location env.put(Context.PROVIDER_URL, this.PROVIDER_URL); if (this.PROVIDER_TYPE.equals("AD")) { env.put(Context.SECURITY_PRINCIPAL, username + "@" + this.AD_DOMAIN); } else if (this.PROVIDER_TYPE.equals("LDAP")) { env.put( Context.SECURITY_PRINCIPAL, "uid=" + username + "," + this.USERS_LOC + this.BASE_DN); } // we don't need to throw errors here because first try/catch finds it env.put(Context.SECURITY_CREDENTIALS, password); // send env assigments to console // enumerateContents(env.elements()); /** now that we have our hash values lets go authenticate */ // first we want to connect to the LDAP Server and create initial context // making sure the user name and password are valid ctx = new InitialDirContext( env); // Throws AuthenticationException if not valid username/password // WE NEVER GO PAST HERE IF AuthenticationException THROWN System.err.println("connection and creditials valid"); /** * we just split the two paths of AD and LDAP authentication because the LDAP way worked and * we are migrating to AD. However we want to be able to easily switch back until the LDAP * service is discontinued. Theoretically both services should be 'searchable' the same way * at some point the LDAP code should be removed or universal code written */ if (this.PROVIDER_TYPE.equals("AD")) { /** AD way, get the group list, if they match add */ SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); // either search by user name or by keyfob id. either way will return a user if one is // found NamingEnumeration results = null; if (keyfob_id != null) { // we don't challenge on keyfob. assumed if you have keyfob you are that user System.out.println("searching for keyfob id: >" + keyfob_id + "<"); results = ctx.search( this.USERS_LOC + this.BASE_DN, "(" + this.ATTRIBUTE_NAME_KEYFOB_ID + "=" + keyfob_id + ")", constraints); authHT.put("keyfob_id", keyfob_id); // pass it back as proof positive we found it } else { results = ctx.search( this.USERS_LOC + this.BASE_DN, "(" + this.ATTRIBUTE_NAME_UNAME + "=" + username + ")", constraints); } while (results != null && results.hasMore()) { SearchResult sr = (SearchResult) results.next(); String dn = sr.getName() + ", " + this.USERS_LOC + this.BASE_DN; Attributes ar = ctx.getAttributes(dn, MY_ATTRS); if (ar == null) { // we need the user to have attributes throw new Exception("Entry " + dn + " has none of the specified attributes\n"); } for (int i = 0; i < MY_ATTRS.length; i++) { Attribute attr = ar.get(MY_ATTRS[i]); if (attr == null) { continue; } System.out.println(MY_ATTRS[i] + ":"); for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) { String temp_next_element = vals.nextElement().toString(); // returns generic Object System.out.println("\t" + temp_next_element); // push the attributes to the auth HT if (!(authHT.containsKey(MY_ATTRS[i]))) { // push the name of the group and access to it boolean authHT.put(MY_ATTRS[i], temp_next_element); } // see if this element value matches any of my groups for (String key : groups.keySet()) { if (temp_next_element .toLowerCase() .startsWith("cn=" + groups.get(key).toLowerCase())) { // push the name of the group and access to it boolean authHT.put(key, true); // if user is found in ANY of the predefined groups they are 'authenticated' to // login. // RolemManager.as handles ACL authenticated = true; } } } } } // now for any groups not found, set them to false for (String key : groups.keySet()) { if (!(authHT.containsKey(key))) { // push the name of the group and access to it boolean authHT.put(key, false); } } // end AD WAY } else if (this.PROVIDER_TYPE.equals("LDAP")) { // authenticated only in the sense they are a valid AD user authenticated = true; // now that we have verified they are a valid user, lets see what type of access they have // groups are specified in the config file as "GROUP_<name>" key=value pairs where value // is the LDAP group name // and key is what we are looking for in the scheduling app for (String key : groups.keySet()) { // push the name of the group and access to it boolean authHT.put( key, new Boolean( userInGroup(username, groups.get(key)))); // method throws NamingException } } else { throw new Exception("Provider type not found."); } // Close the context when we're done ctx.close(); } catch (AuthenticationException e) { // binding to LDAP server with provided username/password failed // e.printStackTrace(); System.err.println( "AuthenticationException: " + e.getMessage()); // outputs -> [LDAP: error code 49 - Invalid Credentials] errorStack += e.getMessage() + "\n"; } catch (NamingException e) { // catches invalid DN. Should not be thrown unless changes made to DN // Could also fail from the context of the called method userInGroup System.err.println("NamingException: " + e.getMessage()); // e.printStackTrace(); errorStack += e.getMessage() + "\n"; } catch (Exception e) { e.printStackTrace(); System.err.println("Exception: " + e.getMessage()); errorStack += e.getMessage() + "\n"; } finally { // make sure our connection is closed if relevant if (ctx != null) { try { ctx.close(); } catch (NamingException e) { throw new RuntimeException(e); } } } } // push whether or not it was authenticated authHT.put("authenticated", new Boolean(authenticated)); // spill contents to catalina.out file enumerateContents(authHT.keys()); enumerateContents(authHT.elements()); return (authHT); }
/** * Clear out all the old editors, and get new editors corresponding to the new object classes. * * @param entry the entry to be displayed by all the editors * @param ds the datasource the editors may use for more info * @param ocs the object classes (in order) to find editors for. */ protected void setEditors(DXEntry entry, DataBrokerQueryInterface ds, Vector ocs) { try { clearPluggableEditors(); // clear all extra editors // search for unique structural editors... if ("false".equalsIgnoreCase(JXConfig.getProperty("plugins.ignoreUniqueness"))) { if (ocs == null) // TE: may happen if virtual entry. return; int size = ocs.size(); for (int i = 0; i < size; i++) { Object objectClass = ocs.get(i); if (objectClass != null) { PluggableEditor ed = getEditor(objectClass.toString()); if (ed != null && ed.isUnique() == true) // found a unique editor { // so clear old ones, addUniqueEditor(ed); // and use the unique one refreshEditors(entry, ds); // to display the data setCurrentEditor(ed); return; // ... and exit. } } } } else log.warning("skipping uniqueness test for pluggable editors"); boolean newEdSet = false; // search for non-unique structural editors for (int i = 0; i < ocs.size(); i++) { Object objectClass = ocs.get(i); if (objectClass != null) { PluggableEditor ed = getEditor(objectClass.toString()); if (ed != null) { addEditor(ed); // Force the displayed editor to be the first pluggable one... if (newEdSet == false) { setCurrentEditor(ed); newEdSet = true; } } } } // search for non-structural editors try { Attribute allOCs = entry.getAllObjectClasses(); if (allOCs != null) { Enumeration vals = allOCs.getAll(); while (vals.hasMoreElements()) { Object oc = vals.nextElement(); if (oc != null) { String ocName = oc.toString(); if (ocs.contains(ocName) == false) // don't bother with struct objectclasses dealt with above { PluggableEditor ed = getEditor(ocName); if (ed != null) { addEditor(ed); if (ed.isUnique()) // a special service to users... log.warning( "WARNING: Illegal unique editor defined for oc: " + ocName + " not allowed - (oc not in primary structural inheritance chain)"); } } } } } } catch (NamingException e) { log.log( Level.WARNING, "WARNING: non-fatal exception getting object classes for plugin editors. ", e); } addEditor(templateDisplay); // and always add old faithfulls... // XXX if (entry.getStatus() != DXEntry.NEW) // well, almost always... addEditor(tableDisplay); } catch (Exception e) { log.warning("Unexpected Exception in AttributeDisplay\n" + e); e.printStackTrace(); } }
public static void inviteNewMember( @Required String nom, @Required String prenom, @Required String mail, @Required String langue) { try { String login = normalize(prenom) + '.' + normalize(nom); String url = ""; String signature = ""; String community = "Hypertopic"; // String mailGodfather = ""; String firstNameGodfather = ""; String lastNameGodfather = ""; int flag = -1; if (session.get("username").equals("admin")) { firstNameGodfather = "l'administrateur"; mailGodfather = "Hypertopic Team <*****@*****.**>"; } else { HashMap<String, String> infos = Ldap.getConnectedUserInfos(session.get("username")); mailGodfather = infos.get("mail"); firstNameGodfather = infos.get("firstName"); lastNameGodfather = infos.get("lastName"); firstNameGodfather = firstNameGodfather.substring(0, 1).toUpperCase() + firstNameGodfather.substring(1).toLowerCase(); lastNameGodfather = lastNameGodfather.substring(0, 1).toUpperCase() + lastNameGodfather.substring(1).toLowerCase(); } flag = Invitation.verifyMaliciousPassword(login, mail); if (flag == Invitation.ADDRESSES_MATCHE || flag == Invitation.USER_NOTEXIST) { System.out.println("invitenewmember"); try { url = "http://" + request.domain; if (request.port != 80) url += ":" + request.port; url += "/inscription?firstname=" + URLEncoder.encode(prenom, "UTF-8") + "&lastname=" + URLEncoder.encode(nom, "UTF-8") + "&email=" + URLEncoder.encode(mail, "UTF-8"); signature = Crypto.sign(prenom + nom + mail); url += "&signature=" + signature; System.out.println("url in inviteNewMember: " + url); } catch (UnsupportedEncodingException uee) { System.err.println(uee); } if (validation.hasErrors()) { render("Invitation/index.html"); } else { if (renderArgs.get("domainName") != null) { community = renderArgs.get("domainName").toString(); } System.out.println("I can arrive heeeeeeeeeeeeeeeeeeeeeeeeer"); if (langue.equals("fr")) { Mails.inviteFr( "Hypertopic Team <*****@*****.**>", mail, prenom, nom, url, community, firstNameGodfather, lastNameGodfather, mailGodfather); } else { Mails.inviteEn( "Hypertopic Team <*****@*****.**>", mail, prenom, nom, url, community, firstNameGodfather, lastNameGodfather, mailGodfather); } flash.success(Messages.get("invitation_success")); System.out.println("community: " + community); session.remove("nom"); session.remove("prenom"); session.remove("mail"); Invitation.invitation(); } } else { if (langue.equals("fr")) { flash.error(Messages.get("invitation_mailadresse_no_match")); } else { flash.error(Messages.get("invitation_mailadresse_no_match")); } Invitation.invitation(); } } catch (Exception e) { System.out.println("An exception occurred in Invitation.inviteNewMember"); e.printStackTrace(); render("Invitation/index.html"); } }