Menu
▾
▴
cobricks-cvscommit
|
From: Wolfgang W. <wo...@us...> - 2006-10-04 10:56:32
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv32061 Added Files: LdapUserHandlerMyTUM.java Log Message: --- NEW FILE: LdapUserHandlerMyTUM.java --- /* * Copyright (c) 2004 Cobricks Group. All rights reserved. * * This file is part of a free software package; you can redistribute * it and/or modify it under the terms of the Cobricks Software Licence; * either version 1.0 of the License, or (at your option) any later * version (see www.cobricks.org). * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. */ package de.tum.cobricks.user; import java.util.*; import javax.naming.*; import javax.naming.directory.*; import org.apache.log4j.Logger; import org.cobricks.core.CoreManager; import org.cobricks.core.util.LogUtil; import org.cobricks.user.*; /** * Basic functionality for a user handler that uses the * Integratum/MyTUM authentication server. * * init() instantiates a DirContext object (with global security * credentials - properties "*.ldap.security.principal" and * "*.ldap.security.credentials") for searches * * handleUnknownUser() create a new user object and sets the * attribute "user.EMAIL" (e.g. wo...@my...) * * handleCheckCredentials() authenticates a user object with the * Integratum/MyTUM auth. server. Since we only have "compare" * rights, the user handler cannot retrieve user attributes other * than the CN. * This method also checks whether the user's authOrganisationseinheit * contains "Informatik" and her authRolle is "tumMitarbeiter". * Of this is the case, the role mitarbeiter is set. * This test is done at every (successful) login. * * Properties for configuring this user handler: * user.domain.mytum.de.ldap.providerurl=ldap://auth.tum.de * user.domain.mytum.de.ldap.security.principal=cn=Inf-Dreh-DN1,ou=bindDNs,ou=auth,ou=integratum,dc=tum,dc=de * user.domain.mytum.de.ldap.security.credentials=<password> * user.domain.mytum.de.ldap.rootdn=ou=users,ou=data,ou=prod,ou=auth,ou=integratum,dc=tum,dc=de * * @author mic...@ac..., wo...@in... * @version $Date: 2006/10/04 10:56:27 $ */ public class LdapUserHandlerMyTUM implements UserHandler { static Logger logger = Logger.getLogger(LdapUserHandler.class); protected CoreManager coreManager; protected UserManager userManager; protected String domain; protected Hashtable env; protected DirContext dirContext; protected String myCN =""; /** * */ public void init(String domain, CoreManager coreManager) throws Exception { logger.info("initializing LdapUserHandlerMyTUM"); this.domain = domain; this.coreManager = coreManager; this.userManager = (UserManager) coreManager.getComponentDirectory().getManager("userManager"); env = System.getProperties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); String providerurl = coreManager.getProperty("user.domain."+domain+".ldap.providerurl"); if (providerurl == null) { logger.error("no provider url for LdapUserHandler for domain " +domain); return; } env.put(Context.PROVIDER_URL, providerurl); /* specify authentication information */ env.put(Context.SECURITY_AUTHENTICATION, "simple"); String securityprincipal = coreManager.getProperty("user.domain."+domain +".ldap.security.principal"); String securitycredentials = coreManager.getProperty("user.domain."+domain +".ldap.security.credentials"); env.put(Context.SECURITY_PRINCIPAL, securityprincipal); env.put(Context.SECURITY_CREDENTIALS, securitycredentials); env.put(Context.SECURITY_PROTOCOL, "ssl"); try { // specify the timeout to be 5 seconds env.put("com.sun.jndi.ldap.connect.timeout", "5000"); dirContext = new InitialDirContext(env); } catch (Exception e) { logger.error(LogUtil. ex("Failed initializing directory context.", e)); throw e; } logger.debug("finished initializing LdapUserHandlerMyTUM"); } /** * */ public User handleUnknownUser(String userlogin, Object credentials) { logger.debug("begin handleUnknownUser"); logger.debug("userlogin = "+userlogin); // At this time, no user attributes can be loaded from MyTUM server // Therefore, set only MyTUM Email address and create new user instance try { // Do not create user object if credentials are wrong if (! checkCredentials (userlogin, credentials.toString())) { logger.debug("No user object created, wrong credentials"); return null; } Map attr = new HashMap(); attr.put(User.EMAIL, userlogin); logger.debug("New user with user.EMAIL = "+userlogin); User user = userManager.createUser(userlogin, attr); user.setCredentials(userManager, credentials); return user; } catch (Exception e) { logger.error(LogUtil.ex("Failed in getUserAttrs("+userlogin+")", e)); } return null; } /** * Load attributes from LDAP directory */ // Does not work with MyTUM server, no rights to load attributes protected Map getUserAttrs(String userlogin) { Map result = new HashMap(); return result; } /** * */ public void handleGetUser(User user) { } /** * */ public boolean handleCheckCredentials(User user, Object credentials) { logger.debug("begin handleCheckCredentials"); String userlogin = user.getUserLogin(); logger.debug("userlogin =" + userlogin); if (! checkCredentials (userlogin, credentials.toString())) return false; // User is authenticated, check status (Mitarbeiter Informatik or not) // by invoking search method once again int userid = user.getUserId(); // Delete Mitarbeiter role first AccessControl ac = userManager.getAccessControl(); AccessRole ar = ac.getAccessRoleByName("mitarbeiter"); int roleid = ar.getId(); ac.removeUser(roleid, userid); logger.debug("Mitarbeiter role deleted"); // Now search user String userbase = coreManager.getProperty("user.domain."+domain +".ldap.rootdn"); String filter ="(&(&(authlogin=" + userlogin + ")"; filter += "(&(authOrganisationseinheit=*Informatik*)(authRolle=tumMitarbeiter*))))"; logger.debug("filter = "+filter); String cn=""; String[] returnAttribut = {"cn"}; // Set up the search controls SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(returnAttribut); // Return attrs ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); // // Invoke search method to retrieve CN try { NamingEnumeration answer = dirContext.search(userbase, filter, ctls); while ( answer.hasMore()) { SearchResult sr = (SearchResult)answer.next(); cn = sr.getName(); logger.debug("cn =" + cn); // CN found -> Mitarbeiter if (cn.equals(myCN)) { // Set Mitarbeiter role ac.addUser(roleid, userid, false); logger.debug("Mitarbeiter role (re-)set"); } } // CN not found with search filter => no Mitarbeiter } catch (Exception e) { logger.debug("Exception while searching DirContext"); } return true; } private boolean checkCredentials (String userlogin, String credentials) { // check authentication try { String userbase = coreManager.getProperty("user.domain."+domain +".ldap.rootdn"); String filter ="(authlogin="+userlogin+")"; String[] returnAttribut = {"cn"}; // Set up the search controls SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(returnAttribut); // Return attrs ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); // // Invoke search method to retrieve CN (needed for authentication) try { NamingEnumeration answer = dirContext.search(userbase, filter, ctls); while ( answer.hasMore()) { SearchResult sr = (SearchResult)answer.next(); myCN = sr.getName(); logger.debug("CN= " + myCN); } } catch (Exception e) {} // New context to authenticate user try { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); String providerurl = coreManager.getProperty("user.domain."+domain+".ldap.providerurl"); env.put(Context.PROVIDER_URL, providerurl); String bindDnUser=myCN+","+userbase; env.put(Context.SECURITY_PRINCIPAL,bindDnUser); env.put(Context.SECURITY_CREDENTIALS, credentials); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PROTOCOL, "ssl"); DirContext ctxUser = new InitialDirContext(env); } catch (AuthenticationException au) { logger.debug("Userauthentication failed "+au.getMessage()); return false; } } catch (Exception u) { logger.debug("Userauthentication failed "+u.getMessage()); return false; } return true; } } |
|
From: Michael K. <ko...@us...> - 2006-10-06 15:26:58
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv11217 Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- LdapUserHandlerMyTUM.java 4 Oct 2006 10:56:27 -0000 1.1 +++ LdapUserHandlerMyTUM.java 6 Oct 2006 15:26:50 -0000 1.2 @@ -140,7 +140,8 @@ } Map attr = new HashMap(); - attr.put(User.EMAIL, userlogin); + attr.put("userclass", "universityuser"); + attr.put(User.EMAILP, userlogin); logger.debug("New user with user.EMAIL = "+userlogin); User user = userManager.createUser(userlogin, attr); user.setCredentials(userManager, credentials); @@ -305,4 +306,4 @@ return true; } -} \ No newline at end of file +} |
|
From: Michael K. <ko...@us...> - 2006-12-07 16:25:45
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv22211 Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- LdapUserHandlerMyTUM.java 6 Oct 2006 15:26:50 -0000 1.2 +++ LdapUserHandlerMyTUM.java 7 Dec 2006 16:25:40 -0000 1.3 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Cobricks Group. All rights reserved. + * Copyright (c) 2004-2006 Cobricks Group. All rights reserved. * * This file is part of a free software package; you can redistribute * it and/or modify it under the terms of the Cobricks Software Licence; @@ -186,7 +186,7 @@ logger.debug("userlogin =" + userlogin); - if (! checkCredentials (userlogin, credentials.toString())) + if (!checkCredentials(userlogin, credentials.toString())) return false; // User is authenticated, check status (Mitarbeiter Informatik or not) @@ -243,15 +243,17 @@ return true; } - private boolean checkCredentials (String userlogin, String credentials) + private boolean checkCredentials(String userlogin, String credentials) { + if (credentials == null || + credentials.length()<1) return false; + // check authentication - try - { - String userbase = coreManager.getProperty("user.domain."+domain - +".ldap.rootdn"); + try { + String userbase = coreManager. + getProperty("user.domain."+domain+".ldap.rootdn"); - String filter ="(authlogin="+userlogin+")"; + String filter ="(authlogin="+userlogin+")"; String[] returnAttribut = {"cn"}; // Set up the search controls @@ -262,25 +264,29 @@ // Invoke search method to retrieve CN (needed for authentication) try { - NamingEnumeration answer = dirContext.search(userbase, filter, ctls); - - while ( answer.hasMore()) - { - SearchResult sr = (SearchResult)answer.next(); + NamingEnumeration answer = + dirContext.search(userbase, filter, ctls); + while (answer.hasMore()) { + SearchResult sr = (SearchResult)answer.next(); myCN = sr.getName(); logger.debug("CN= " + myCN); } } - catch (Exception e) {} + catch (Exception e) { + logger.error(LogUtil.ex("failed", e)); + } // New context to authenticate user try { Hashtable env = new Hashtable(); - env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + env.put(Context.INITIAL_CONTEXT_FACTORY, + "com.sun.jndi.ldap.LdapCtxFactory"); - String providerurl = coreManager.getProperty("user.domain."+domain+".ldap.providerurl"); + String providerurl = + coreManager.getProperty("user.domain."+domain + +".ldap.providerurl"); env.put(Context.PROVIDER_URL, providerurl); String bindDnUser=myCN+","+userbase; @@ -294,13 +300,13 @@ } catch (AuthenticationException au) { - logger.debug("Userauthentication failed "+au.getMessage()); + logger.debug("Userauthentication failed "+au.getMessage()); return false; } } catch (Exception u) { - logger.debug("Userauthentication failed "+u.getMessage()); + logger.debug("Userauthentication failed "+u.getMessage()); return false; } |
|
From: Wolfgang W. <wo...@us...> - 2006-12-08 07:27:52
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv5233/src/de/tum/cobricks/user Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- LdapUserHandlerMyTUM.java 7 Dec 2006 16:25:40 -0000 1.3 +++ LdapUserHandlerMyTUM.java 8 Dec 2006 07:27:46 -0000 1.4 @@ -151,8 +151,8 @@ catch (Exception e) { logger.error(LogUtil.ex("Failed in getUserAttrs("+userlogin+")", e)); + return null; } - return null; } @@ -238,7 +238,11 @@ // CN not found with search filter => no Mitarbeiter } - catch (Exception e) { logger.debug("Exception while searching DirContext"); } + catch (Exception e) + { + logger.debug("Exception while searching DirContext"); + return false; + } return true; } @@ -272,8 +276,11 @@ logger.debug("CN= " + myCN); } } - catch (Exception e) { - logger.error(LogUtil.ex("failed", e)); + catch (Exception e) + { + logger.error(LogUtil.ex("MyTUM: retrieving CN failed: ", e)); + logger.warn("MyTUM, userlogin =" + userlogin); + return false; } // New context to authenticate user @@ -301,12 +308,13 @@ catch (AuthenticationException au) { logger.debug("Userauthentication failed "+au.getMessage()); + logger.warn("MyTUM, auth. failed, userlogin =" + userlogin); return false; } } catch (Exception u) { - logger.debug("Userauthentication failed "+u.getMessage()); + logger.error("MyTUM: exception in user authentication "+u.getMessage()); return false; } |
|
From: Wolfgang W. <wo...@us...> - 2006-12-08 10:22:42
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv6801/src/de/tum/cobricks/user Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- LdapUserHandlerMyTUM.java 8 Dec 2006 07:27:46 -0000 1.4 +++ LdapUserHandlerMyTUM.java 8 Dec 2006 10:22:37 -0000 1.5 @@ -307,7 +307,7 @@ } catch (AuthenticationException au) { - logger.debug("Userauthentication failed "+au.getMessage()); + logger.warn("Userauthentication failed "+au.getMessage()); logger.warn("MyTUM, auth. failed, userlogin =" + userlogin); return false; } |
|
From: Wolfgang W. <wo...@us...> - 2007-01-02 08:31:02
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv13636 Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- LdapUserHandlerMyTUM.java 8 Dec 2006 10:22:37 -0000 1.5 +++ LdapUserHandlerMyTUM.java 2 Jan 2007 08:30:52 -0000 1.6 @@ -21,6 +21,9 @@ import org.cobricks.core.CoreManager; import org.cobricks.core.util.LogUtil; import org.cobricks.user.*; +import org.cobricks.user.User; +import org.cobricks.user.UserManager; + /** |
|
From: Wolfgang W. <wo...@us...> - 2007-02-23 09:52:39
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv7656/src/de/tum/cobricks/user Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- LdapUserHandlerMyTUM.java 2 Jan 2007 08:30:52 -0000 1.6 +++ LdapUserHandlerMyTUM.java 23 Feb 2007 09:52:32 -0000 1.7 @@ -285,7 +285,7 @@ logger.warn("MyTUM, userlogin =" + userlogin); return false; } - + // New context to authenticate user try { @@ -307,12 +307,13 @@ env.put(Context.SECURITY_PROTOCOL, "ssl"); DirContext ctxUser = new InitialDirContext(env); + ctxUser.close(); } catch (AuthenticationException au) { logger.warn("Userauthentication failed "+au.getMessage()); logger.warn("MyTUM, auth. failed, userlogin =" + userlogin); - return false; + return false; } } catch (Exception u) |
|
From: Wolfgang W. <wo...@us...> - 2007-03-20 09:59:35
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv28426/src/de/tum/cobricks/user Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- LdapUserHandlerMyTUM.java 23 Feb 2007 09:52:32 -0000 1.7 +++ LdapUserHandlerMyTUM.java 20 Mar 2007 09:35:13 -0000 1.8 @@ -109,17 +109,10 @@ env.put(Context.SECURITY_PRINCIPAL, securityprincipal); env.put(Context.SECURITY_CREDENTIALS, securitycredentials); env.put(Context.SECURITY_PROTOCOL, "ssl"); + + // specify the timeout to be 5 seconds + env.put("com.sun.jndi.ldap.connect.timeout", "5000"); - try { - // specify the timeout to be 5 seconds - env.put("com.sun.jndi.ldap.connect.timeout", "5000"); - dirContext = new InitialDirContext(env); - } catch (Exception e) { - logger.error(LogUtil. - ex("Failed initializing directory context.", e)); - throw e; - } - logger.debug("finished initializing LdapUserHandlerMyTUM"); } @@ -182,7 +175,7 @@ /** * */ - public boolean handleCheckCredentials(User user, Object credentials) + public boolean handleCheckCredentials(User user, Object credentials) { logger.debug("begin handleCheckCredentials"); String userlogin = user.getUserLogin(); @@ -217,7 +210,17 @@ SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(returnAttribut); // Return attrs ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); // - + + // Init. dirContext + try { + dirContext = new InitialDirContext(env); + } catch (Exception e) { + logger.error(LogUtil. + ex("Failed initializing directory context.", e)); + return false; + } + + // Invoke search method to retrieve CN try { @@ -247,6 +250,16 @@ return false; } + // Close dirContext + try + { + dirContext.close(); + } + catch (Exception u) + { + logger.error("MyTUM: exception when closing dirContext "+u.getMessage()); + } + return true; } @@ -267,7 +280,16 @@ SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(returnAttribut); // Return attrs ctls.setSearchScope(SearchControls.SUBTREE_SCOPE); // - + + // Init. dirContext + try { + dirContext = new InitialDirContext(env); + } catch (Exception e) { + logger.error(LogUtil. + ex("Failed initializing directory context.", e)); + throw e; + } + // Invoke search method to retrieve CN (needed for authentication) try { @@ -322,6 +344,16 @@ return false; } + // Close dirContext + try + { + dirContext.close(); + } + catch (Exception u) + { + logger.error("MyTUM: exception when closing dirContext "+u.getMessage()); + } + return true; } } |
|
From: Wolfgang W. <wo...@us...> - 2009-08-07 06:17:02
|
Update of /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv23623/src/de/tum/cobricks/user Modified Files: LdapUserHandlerMyTUM.java Log Message: Index: LdapUserHandlerMyTUM.java =================================================================== RCS file: /cvsroot/cobricks/drehscheibe-in/src/de/tum/cobricks/user/LdapUserHandlerMyTUM.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- LdapUserHandlerMyTUM.java 20 Mar 2007 09:35:13 -0000 1.8 +++ LdapUserHandlerMyTUM.java 7 Aug 2009 06:16:52 -0000 1.9 @@ -200,8 +200,11 @@ String userbase = coreManager.getProperty("user.domain."+domain +".ldap.rootdn"); - String filter ="(&(&(authlogin=" + userlogin + ")"; - filter += "(&(authOrganisationseinheit=*Informatik*)(authRolle=tumMitarbeiter*))))"; + // String filter ="(&(&(authlogin=" + userlogin + ")"; + // filter += "(&(authOrganisationseinheit=*Informatik*)(authRolle=tumMitarbeiter*))))"; + + String filter ="(&(imEmailAdressen=" + userlogin + ")(imOrgZugMitarbeiter=TUIN*))"; // 07.08.09 + logger.debug("filter = "+filter); String cn=""; String[] returnAttribut = {"cn"}; @@ -273,7 +276,10 @@ String userbase = coreManager. getProperty("user.domain."+domain+".ldap.rootdn"); - String filter ="(authlogin="+userlogin+")"; + // String filter ="(authlogin="+userlogin+")"; + + String filter = "(imEmailAdressen="+userlogin+")"; // 07.08.09 + String[] returnAttribut = {"cn"}; // Set up the search controls |
Thanks for helping keep SourceForge clean.
X