| 1 |
|
|
| 2 |
|
|
| 3 |
|
|
| 4 |
|
package org.itracker.services.authentication.adsson; |
| 5 |
|
|
| 6 |
|
import java.security.PrivilegedAction; |
| 7 |
|
import java.util.Enumeration; |
| 8 |
|
import java.util.Hashtable; |
| 9 |
|
|
| 10 |
|
import javax.naming.Context; |
| 11 |
|
import javax.naming.NamingEnumeration; |
| 12 |
|
import javax.naming.NamingException; |
| 13 |
|
import javax.naming.PartialResultException; |
| 14 |
|
import javax.naming.directory.Attributes; |
| 15 |
|
import javax.naming.directory.DirContext; |
| 16 |
|
import javax.naming.directory.InitialDirContext; |
| 17 |
|
import javax.naming.directory.SearchControls; |
| 18 |
|
import javax.naming.directory.SearchResult; |
| 19 |
|
|
| 20 |
|
import org.apache.log4j.Logger; |
| 21 |
|
import org.itracker.model.User; |
| 22 |
|
|
| 23 |
|
|
| 24 |
|
|
| 25 |
|
|
| 26 |
|
|
| 27 |
|
@author |
| 28 |
|
|
|
|
|
| 0% |
Uncovered Elements: 84 (84) |
Complexity: 15 |
Complexity Density: 0.24 |
|
| 29 |
|
public class GetUserModelFromADPrivilegedAction implements PrivilegedAction<Object> { |
| 30 |
|
|
| 31 |
|
private static String ITRACKER_SUPER_USERS_GROUP = "ITracker Super Users"; |
| 32 |
|
|
| 33 |
|
private final Logger logger; |
| 34 |
|
private String login; |
| 35 |
|
private String providerUrl; |
| 36 |
|
private String baseBranch; |
| 37 |
|
|
|
|
|
| 0% |
Uncovered Elements: 4 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
|
| 38 |
0
|
 public GetUserModelFromADPrivilegedAction(String login, String baseBranch, String providerUrl) {... |
| 39 |
0
|
this.logger = Logger.getLogger(getClass()); |
| 40 |
0
|
this.login = login; |
| 41 |
0
|
this.providerUrl = providerUrl; |
| 42 |
0
|
this.baseBranch = baseBranch; |
| 43 |
|
} |
| 44 |
|
|
|
|
|
| 0% |
Uncovered Elements: 4 (4) |
Complexity: 2 |
Complexity Density: 0.5 |
|
| 45 |
0
|
public Object run() {... |
| 46 |
0
|
try { |
| 47 |
0
|
return getUserInfo(login); |
| 48 |
|
} catch (NamingException e) { |
| 49 |
0
|
logger.error(e.getMessage()); |
| 50 |
0
|
return (null); |
| 51 |
|
} |
| 52 |
|
} |
| 53 |
|
|
|
|
|
| 0% |
Uncovered Elements: 73 (73) |
Complexity: 12 |
Complexity Density: 0.22 |
|
| 54 |
0
|
private User getUserInfo(String login) throws NamingException {... |
| 55 |
|
|
| 56 |
0
|
Hashtable<String,String> env = new Hashtable<String,String>(11); |
| 57 |
0
|
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); |
| 58 |
|
|
| 59 |
0
|
env.put(Context.PROVIDER_URL, providerUrl); |
| 60 |
|
|
| 61 |
|
|
| 62 |
0
|
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); |
| 63 |
|
|
| 64 |
|
|
| 65 |
0
|
DirContext ctx = new InitialDirContext(env); |
| 66 |
|
|
| 67 |
0
|
SearchControls sc = new SearchControls(); |
| 68 |
0
|
sc.setCountLimit(1); |
| 69 |
0
|
sc.setSearchScope(SearchControls.SUBTREE_SCOPE); |
| 70 |
0
|
String filter = "(&(objectclass=user)(sAMAccountName=" + login + "))"; |
| 71 |
0
|
NamingEnumeration<?> answer = ctx.search(baseBranch, filter, sc); |
| 72 |
|
|
| 73 |
0
|
if (!answer.hasMoreElements()) { |
| 74 |
0
|
logger.error("A.D. had no info on " + login); |
| 75 |
0
|
return (null); |
| 76 |
|
} |
| 77 |
|
|
| 78 |
0
|
SearchResult sr; |
| 79 |
0
|
try { |
| 80 |
0
|
sr = (SearchResult) answer.next(); |
| 81 |
0
|
logger.info("A.D. had info on " + login); |
| 82 |
|
} catch (PartialResultException e) { |
| 83 |
0
|
logger.error("A.D. had no info on " + login); |
| 84 |
0
|
return (null); |
| 85 |
|
} |
| 86 |
|
|
| 87 |
0
|
Attributes attributes = sr.getAttributes(); |
| 88 |
0
|
String mail = ""; |
| 89 |
0
|
String firstName = ""; |
| 90 |
0
|
String lastName = ""; |
| 91 |
|
|
| 92 |
|
|
| 93 |
|
|
| 94 |
0
|
if ((attributes.get("givenName") == null) || (attributes.get("sn") == null)) { |
| 95 |
0
|
logger.error("AD didn't return proper attributes. Check that it has at least [mail, givenName , sn]"); |
| 96 |
0
|
return (null); |
| 97 |
|
} |
| 98 |
|
|
| 99 |
0
|
if (attributes.get("mail") != null) { |
| 100 |
0
|
mail = (String) attributes.get("Mail").get(); |
| 101 |
|
} |
| 102 |
0
|
if (attributes.get("givenName") != null) |
| 103 |
0
|
firstName = (String) attributes.get("givenName").get(); |
| 104 |
0
|
if (attributes.get("sn") != null) { |
| 105 |
0
|
lastName = (String) attributes.get("sn").get(); |
| 106 |
|
} |
| 107 |
0
|
logger.info("Got at least givenName and sn from A.D. for user " + login); |
| 108 |
|
|
| 109 |
|
|
| 110 |
0
|
User user = new User(); |
| 111 |
|
|
| 112 |
0
|
user.setEmail(mail); |
| 113 |
0
|
user.setFirstName(firstName); |
| 114 |
0
|
user.setLastName(lastName); |
| 115 |
0
|
user.setLogin(login); |
| 116 |
0
|
user.setPassword("notused="); |
| 117 |
|
|
| 118 |
|
|
| 119 |
|
|
| 120 |
0
|
user.setSuperUser(false); |
| 121 |
|
|
| 122 |
0
|
logger.info("About to check if user " + login + " is a super user"); |
| 123 |
0
|
logger.debug("User attributes for user " + login + " " + attributes); |
| 124 |
0
|
if (attributes.get("memberOf") != null) { |
| 125 |
0
|
for (Enumeration<?> groups = attributes.get("memberOf").getAll(); groups.hasMoreElements();) { |
| 126 |
0
|
String group = (String) groups.nextElement(); |
| 127 |
0
|
logger.info(login + " belongs to NT Group " + group); |
| 128 |
0
|
if (group.indexOf(ITRACKER_SUPER_USERS_GROUP) > 0) { |
| 129 |
0
|
user.setSuperUser(true); |
| 130 |
0
|
logger.info("User " + user.getLogin() + " was made an administrator "); |
| 131 |
|
} |
| 132 |
|
} |
| 133 |
|
} else { |
| 134 |
0
|
logger.info("User attributes didn't contain memberOf...Looks like the A.D. user you specified in the adauth.properties properties file doesn't have enough permissions to check group membership for other users. Give that user enough privileges to read the memberOf attribute from A.D."); |
| 135 |
|
} |
| 136 |
|
|
| 137 |
0
|
if (user.isSuperUser()) { |
| 138 |
0
|
logger.info(login + " is a super user"); |
| 139 |
|
} else { |
| 140 |
0
|
logger.info(login + " is not a super user"); |
| 141 |
|
} |
| 142 |
|
|
| 143 |
0
|
ctx.close(); |
| 144 |
|
|
| 145 |
0
|
return user; |
| 146 |
|
} |
| 147 |
|
} |
