Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/auth/LdapAuthentication.java @ 292:49d0becf3c65
New method to get user name in authentication module.
| author | Raimund Renkert <rrenkert@intevation.de> |
|---|---|
| date | Wed, 14 Aug 2013 16:10:05 +0200 |
| parents | 0d3966077415 |
| children | 183f8116d9a6 |
| rev | line source |
|---|---|
|
232
d8a3d188046f
Renamed package authentication to auth.
Raimund Renkert <rrenkert@intevation.de>
parents:
223
diff
changeset
|
1 package de.intevation.lada.auth; |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
2 |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
3 import java.util.ArrayList; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
4 import java.util.List; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
5 |
|
213
8fdb699405aa
Refactored repositories to avoid race conditions.
Raimund Renkert <rrenkert@intevation.de>
parents:
210
diff
changeset
|
6 import javax.enterprise.context.ApplicationScoped; |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
7 import javax.inject.Inject; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
8 import javax.inject.Named; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
9 import javax.naming.InvalidNameException; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
10 import javax.naming.ldap.LdapName; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
11 import javax.naming.ldap.Rdn; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
12 import javax.persistence.EntityManager; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
13 import javax.persistence.criteria.CriteriaBuilder; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
14 import javax.persistence.criteria.CriteriaQuery; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
15 import javax.persistence.criteria.Predicate; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
16 import javax.persistence.criteria.Root; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
17 import javax.ws.rs.core.HttpHeaders; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
18 |
|
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
19 import de.intevation.lada.data.QueryBuilder; |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
20 import de.intevation.lada.model.Auth; |
|
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
21 import de.intevation.lada.model.LProbe; |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
22 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
23 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
24 * This implementation of the authentication interface reads LDAP users |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
25 * and groups from HTTP headers and validates the groups using a database. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
26 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
27 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
28 */ |
|
213
8fdb699405aa
Refactored repositories to avoid race conditions.
Raimund Renkert <rrenkert@intevation.de>
parents:
210
diff
changeset
|
29 @ApplicationScoped |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
30 @Named("ldapauth") |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
31 public class LdapAuthentication |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
32 implements Authentication |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
33 { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
34 @Inject |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
35 private EntityManager em; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
36 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
37 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
38 * Determine if the header contains information about a valid user. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
39 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
40 * @param headers The HTTP header containing LDAP user information. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
41 */ |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
42 @Override |
|
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
43 public boolean isAuthorizedUser(HttpHeaders headers) |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
44 throws AuthenticationException { |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
45 AuthenticationResponse auth = authorizedGroups(headers); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
46 if (auth.getMst().isEmpty() || |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
47 auth.getNetzbetreiber().isEmpty()) { |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
48 return false; |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
49 } |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
50 return true; |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
51 } |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
52 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
53 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
54 * Synchronize LDAP user and groups with database. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
55 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
56 * @param headers The HTTP header containing LDAP user information. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
57 */ |
|
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
58 @Override |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
59 public AuthenticationResponse authorizedGroups(HttpHeaders headers) |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
60 throws AuthenticationException { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
61 List<String> groups = new ArrayList<String>(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
62 try { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
63 LdapName ldap = extractLdapName(headers); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
64 List<Rdn> rdns = ldap.getRdns(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
65 for (Rdn rdn: rdns) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
66 String value = (String)rdn.getValue(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
67 if (rdn.getType().equals("cn")) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
68 groups.add(value); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
69 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
70 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
71 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
72 catch(InvalidNameException ine) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
73 throw new AuthenticationException(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
74 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
75 AuthenticationResponse response = getDatabaseAtributes(groups); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
76 String user = extractUser(headers); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
77 if (user == null) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
78 throw new AuthenticationException(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
79 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
80 response.setUser(user); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
81 return response; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
82 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
83 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
84 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
85 * Determine if the user has the permission to access a probe. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
86 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
87 * @param headers The HTTP header containing LDAP user information. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
88 * @param probeId The LProbe id. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
89 */ |
|
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
90 public boolean hasAccess (HttpHeaders headers, String probeId) |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
91 throws AuthenticationException { |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
92 QueryBuilder<LProbe> builder = new QueryBuilder<LProbe>(em, LProbe.class); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
93 builder.and("probeId", probeId); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
94 List<LProbe> probe = em.createQuery(builder.getQuery()).getResultList(); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
95 if (probe.isEmpty()) { |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
96 return false; |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
97 } |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
98 String nbId = probe.get(0).getNetzbetreiberId(); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
99 String mstId = probe.get(0).getMstId(); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
100 AuthenticationResponse auth = authorizedGroups(headers); |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
101 if (auth.getNetzbetreiber().contains(nbId) && |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
102 auth.getMst().contains(mstId)) { |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
103 return true; |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
104 } |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
105 return false; |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
106 } |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
107 |
|
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
108 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
109 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
110 * Get the user from HTTP header. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
111 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
112 * @param headers The HTTP header containing user information. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
113 * @return The user name. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
114 */ |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
115 private String extractUser(HttpHeaders headers) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
116 List<String> user = headers.getRequestHeader("x-ldap-user"); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
117 if (user == null || user.isEmpty()) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
118 return null; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
119 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
120 return user.get(0); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
121 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
122 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
123 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
124 * Extract LDAP information from HTTP header. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
125 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
126 * @param headers The HTTP header containing ldap information. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
127 * @return The Ldap object. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
128 * @throws InvalidNameException |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
129 */ |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
130 private LdapName extractLdapName(HttpHeaders headers) throws InvalidNameException { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
131 List<String> attributes = headers.getRequestHeader("x-ldap-groups"); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
132 if (attributes == null ||attributes.isEmpty()) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
133 return new LdapName(""); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
134 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
135 LdapName ldap = new LdapName(""); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
136 String all = attributes.get(0); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
137 String[] groups = all.split(";"); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
138 for (int i = 0; i < groups.length; i++) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
139 String[] items = groups[i].trim().split(","); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
140 for (int j = 0; j < items.length; j++) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
141 ldap.add(items[j]); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
142 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
143 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
144 return ldap; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
145 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
146 |
|
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
147 /** |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
148 * Get the 'Messstellen' and 'Netzbetreiber' from database using the |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
149 * LDAP groups. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
150 * |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
151 * @param groups List of LDAP groups. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
152 * @return AuthenticationResponse object. |
|
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
153 */ |
|
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
154 private AuthenticationResponse getDatabaseAtributes(List<String> groups) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
155 CriteriaBuilder builder = em.getCriteriaBuilder(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
156 CriteriaQuery<Auth> criteria = builder.createQuery(Auth.class); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
157 Root<Auth> member = criteria.from(Auth.class); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
158 List<Predicate> orFilter = new ArrayList<Predicate>(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
159 for (String group: groups) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
160 orFilter.add(builder.equal(member.get("ldapGroup"), group)); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
161 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
162 Predicate orf = builder.or(orFilter.toArray(new Predicate[orFilter.size()])); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
163 criteria.where(orf); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
164 List<Auth> result = em.createQuery(criteria).getResultList(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
165 List<String> mst = new ArrayList<String>(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
166 List<String> nb = new ArrayList<String>(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
167 for (Auth a: result) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
168 if (a.getSMessStelle() != null) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
169 mst.add(a.getSMessStelle().getMstId()); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
170 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
171 if (a.getSNetzBetreiber() != null) { |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
172 nb.add(a.getSNetzBetreiber().getNetzbetreiberId()); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
173 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
174 } |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
175 AuthenticationResponse response = new AuthenticationResponse(); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
176 response.setMst(mst); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
177 response.setNetzbetreiber(nb); |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
178 return response; |
|
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
179 } |
|
292
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
180 |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
181 /** |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
182 * Returns the username specified in the header. |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
183 * |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
184 * @param headers The HTTP header. |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
185 */ |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
186 public String getUserName(HttpHeaders headers) |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
187 throws AuthenticationException { |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
188 return extractUser(headers); |
|
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
189 } |
|
220
f0482fa04e2b
Code documentation and minor code style.
Raimund Renkert <rrenkert@intevation.de>
parents:
213
diff
changeset
|
190 } |