Mercurial > lada > lada-server
annotate src/main/java/de/intevation/lada/auth/LdapAuthentication.java @ 292:49d0becf3c65
New method to get user name in authentication module.
author | Raimund Renkert <rrenkert@intevation.de> |
---|---|
date | Wed, 14 Aug 2013 16:10:05 +0200 |
parents | 0d3966077415 |
children | 183f8116d9a6 |
rev | line source |
---|---|
232
d8a3d188046f
Renamed package authentication to auth.
Raimund Renkert <rrenkert@intevation.de>
parents:
223
diff
changeset
|
1 package de.intevation.lada.auth; |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
2 |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
3 import java.util.ArrayList; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
4 import java.util.List; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
5 |
213
8fdb699405aa
Refactored repositories to avoid race conditions.
Raimund Renkert <rrenkert@intevation.de>
parents:
210
diff
changeset
|
6 import javax.enterprise.context.ApplicationScoped; |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
7 import javax.inject.Inject; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
8 import javax.inject.Named; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
9 import javax.naming.InvalidNameException; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
10 import javax.naming.ldap.LdapName; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
11 import javax.naming.ldap.Rdn; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
12 import javax.persistence.EntityManager; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
13 import javax.persistence.criteria.CriteriaBuilder; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
14 import javax.persistence.criteria.CriteriaQuery; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
15 import javax.persistence.criteria.Predicate; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
16 import javax.persistence.criteria.Root; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
17 import javax.ws.rs.core.HttpHeaders; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
18 |
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
19 import de.intevation.lada.data.QueryBuilder; |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
20 import de.intevation.lada.model.Auth; |
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
21 import de.intevation.lada.model.LProbe; |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
22 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
23 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
24 * This implementation of the authentication interface reads LDAP users |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
25 * and groups from HTTP headers and validates the groups using a database. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
26 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
27 * @author <a href="mailto:rrenkert@intevation.de">Raimund Renkert</a> |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
28 */ |
213
8fdb699405aa
Refactored repositories to avoid race conditions.
Raimund Renkert <rrenkert@intevation.de>
parents:
210
diff
changeset
|
29 @ApplicationScoped |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
30 @Named("ldapauth") |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
31 public class LdapAuthentication |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
32 implements Authentication |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
33 { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
34 @Inject |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
35 private EntityManager em; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
36 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
37 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
38 * Determine if the header contains information about a valid user. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
39 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
40 * @param headers The HTTP header containing LDAP user information. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
41 */ |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
42 @Override |
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
43 public boolean isAuthorizedUser(HttpHeaders headers) |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
44 throws AuthenticationException { |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
45 AuthenticationResponse auth = authorizedGroups(headers); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
46 if (auth.getMst().isEmpty() || |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
47 auth.getNetzbetreiber().isEmpty()) { |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
48 return false; |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
49 } |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
50 return true; |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
51 } |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
52 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
53 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
54 * Synchronize LDAP user and groups with database. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
55 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
56 * @param headers The HTTP header containing LDAP user information. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
57 */ |
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
58 @Override |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
59 public AuthenticationResponse authorizedGroups(HttpHeaders headers) |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
60 throws AuthenticationException { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
61 List<String> groups = new ArrayList<String>(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
62 try { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
63 LdapName ldap = extractLdapName(headers); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
64 List<Rdn> rdns = ldap.getRdns(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
65 for (Rdn rdn: rdns) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
66 String value = (String)rdn.getValue(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
67 if (rdn.getType().equals("cn")) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
68 groups.add(value); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
69 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
70 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
71 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
72 catch(InvalidNameException ine) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
73 throw new AuthenticationException(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
74 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
75 AuthenticationResponse response = getDatabaseAtributes(groups); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
76 String user = extractUser(headers); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
77 if (user == null) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
78 throw new AuthenticationException(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
79 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
80 response.setUser(user); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
81 return response; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
82 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
83 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
84 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
85 * Determine if the user has the permission to access a probe. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
86 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
87 * @param headers The HTTP header containing LDAP user information. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
88 * @param probeId The LProbe id. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
89 */ |
204
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
90 public boolean hasAccess (HttpHeaders headers, String probeId) |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
91 throws AuthenticationException { |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
92 QueryBuilder<LProbe> builder = new QueryBuilder<LProbe>(em, LProbe.class); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
93 builder.and("probeId", probeId); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
94 List<LProbe> probe = em.createQuery(builder.getQuery()).getResultList(); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
95 if (probe.isEmpty()) { |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
96 return false; |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
97 } |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
98 String nbId = probe.get(0).getNetzbetreiberId(); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
99 String mstId = probe.get(0).getMstId(); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
100 AuthenticationResponse auth = authorizedGroups(headers); |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
101 if (auth.getNetzbetreiber().contains(nbId) && |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
102 auth.getMst().contains(mstId)) { |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
103 return true; |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
104 } |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
105 return false; |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
106 } |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
107 |
a43caf307a98
Extended authentication interface and implementaion.
Raimund Renkert <rrenkert@intevation.de>
parents:
180
diff
changeset
|
108 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
109 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
110 * Get the user from HTTP header. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
111 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
112 * @param headers The HTTP header containing user information. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
113 * @return The user name. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
114 */ |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
115 private String extractUser(HttpHeaders headers) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
116 List<String> user = headers.getRequestHeader("x-ldap-user"); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
117 if (user == null || user.isEmpty()) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
118 return null; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
119 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
120 return user.get(0); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
121 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
122 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
123 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
124 * Extract LDAP information from HTTP header. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
125 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
126 * @param headers The HTTP header containing ldap information. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
127 * @return The Ldap object. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
128 * @throws InvalidNameException |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
129 */ |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
130 private LdapName extractLdapName(HttpHeaders headers) throws InvalidNameException { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
131 List<String> attributes = headers.getRequestHeader("x-ldap-groups"); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
132 if (attributes == null ||attributes.isEmpty()) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
133 return new LdapName(""); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
134 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
135 LdapName ldap = new LdapName(""); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
136 String all = attributes.get(0); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
137 String[] groups = all.split(";"); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
138 for (int i = 0; i < groups.length; i++) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
139 String[] items = groups[i].trim().split(","); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
140 for (int j = 0; j < items.length; j++) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
141 ldap.add(items[j]); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
142 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
143 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
144 return ldap; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
145 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
146 |
210
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
147 /** |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
148 * Get the 'Messstellen' and 'Netzbetreiber' from database using the |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
149 * LDAP groups. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
150 * |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
151 * @param groups List of LDAP groups. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
152 * @return AuthenticationResponse object. |
a305412206a3
Code documentation.
Raimund Renkert <rrenkert@intevation.de>
parents:
204
diff
changeset
|
153 */ |
180
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
154 private AuthenticationResponse getDatabaseAtributes(List<String> groups) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
155 CriteriaBuilder builder = em.getCriteriaBuilder(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
156 CriteriaQuery<Auth> criteria = builder.createQuery(Auth.class); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
157 Root<Auth> member = criteria.from(Auth.class); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
158 List<Predicate> orFilter = new ArrayList<Predicate>(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
159 for (String group: groups) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
160 orFilter.add(builder.equal(member.get("ldapGroup"), group)); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
161 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
162 Predicate orf = builder.or(orFilter.toArray(new Predicate[orFilter.size()])); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
163 criteria.where(orf); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
164 List<Auth> result = em.createQuery(criteria).getResultList(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
165 List<String> mst = new ArrayList<String>(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
166 List<String> nb = new ArrayList<String>(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
167 for (Auth a: result) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
168 if (a.getSMessStelle() != null) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
169 mst.add(a.getSMessStelle().getMstId()); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
170 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
171 if (a.getSNetzBetreiber() != null) { |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
172 nb.add(a.getSNetzBetreiber().getNetzbetreiberId()); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
173 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
174 } |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
175 AuthenticationResponse response = new AuthenticationResponse(); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
176 response.setMst(mst); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
177 response.setNetzbetreiber(nb); |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
178 return response; |
cfa61bb7a86f
New package and classes for LDAP authentication.
Raimund Renkert <rrenkert@intevation.de>
parents:
diff
changeset
|
179 } |
292
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
180 |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
181 /** |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
182 * Returns the username specified in the header. |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
183 * |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
184 * @param headers The HTTP header. |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
185 */ |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
186 public String getUserName(HttpHeaders headers) |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
187 throws AuthenticationException { |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
188 return extractUser(headers); |
49d0becf3c65
New method to get user name in authentication module.
Raimund Renkert <rrenkert@intevation.de>
parents:
279
diff
changeset
|
189 } |
220
f0482fa04e2b
Code documentation and minor code style.
Raimund Renkert <rrenkert@intevation.de>
parents:
213
diff
changeset
|
190 } |