# HG changeset patch # User Raimund Renkert # Date 1372338041 -7200 # Node ID cfa61bb7a86fc73a2c50936462a1bb021176798d # Parent 8492b8f2efaf57a2933a12fcb71356fb0b2230c2 New package and classes for LDAP authentication. diff -r 8492b8f2efaf -r cfa61bb7a86f src/main/java/de/intevation/lada/authentication/Authentication.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/Authentication.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,10 @@ +package de.intevation.lada.authentication; + +import javax.ws.rs.core.HttpHeaders; + +public interface Authentication +{ + public AuthenticationResponse authorizedGroups(HttpHeaders headers) + throws AuthenticationException; + +} diff -r 8492b8f2efaf -r cfa61bb7a86f src/main/java/de/intevation/lada/authentication/AuthenticationException.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/AuthenticationException.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,8 @@ +package de.intevation.lada.authentication; + + +public class AuthenticationException +extends Exception +{ + +} diff -r 8492b8f2efaf -r cfa61bb7a86f src/main/java/de/intevation/lada/authentication/AuthenticationResponse.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/AuthenticationResponse.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,38 @@ +package de.intevation.lada.authentication; + +import java.util.List; + + +public class AuthenticationResponse +{ + private String user; + private List mst; + private List netzbetreiber; + + public AuthenticationResponse() { + } + + public String getUser() { + return user; + } + + public void setUser(String user) { + this.user = user; + } + + public List getMst() { + return mst; + } + + public void setMst(List mst) { + this.mst = mst; + } + + public List getNetzbetreiber() { + return netzbetreiber; + } + + public void setNetzbetreiber(List netzbetreiber) { + this.netzbetreiber = netzbetreiber; + } +} diff -r 8492b8f2efaf -r cfa61bb7a86f src/main/java/de/intevation/lada/authentication/LdapAuthentication.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,107 @@ +package de.intevation.lada.authentication; + +import java.util.ArrayList; +import java.util.List; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.inject.Named; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import javax.persistence.EntityManager; +import javax.persistence.criteria.CriteriaBuilder; +import javax.persistence.criteria.CriteriaQuery; +import javax.persistence.criteria.Predicate; +import javax.persistence.criteria.Root; +import javax.ws.rs.core.HttpHeaders; + +import de.intevation.lada.model.Auth; + +@RequestScoped +@Named("ldapauth") +public class LdapAuthentication +implements Authentication +{ + @Inject + private EntityManager em; + + @Override + public AuthenticationResponse authorizedGroups(HttpHeaders headers) + throws AuthenticationException { + List groups = new ArrayList(); + try { + LdapName ldap = extractLdapName(headers); + List rdns = ldap.getRdns(); + for (Rdn rdn: rdns) { + String value = (String)rdn.getValue(); + if (rdn.getType().equals("cn")) { + groups.add(value); + } + } + } + catch(InvalidNameException ine) { + throw new AuthenticationException(); + } + AuthenticationResponse response = getDatabaseAtributes(groups); + String user = extractUser(headers); + if (user == null) { + throw new AuthenticationException(); + } + response.setUser(user); + return response; + } + + private String extractUser(HttpHeaders headers) { + List user = headers.getRequestHeader("x-ldap-user"); + if (user == null || user.isEmpty()) { + return null; + } + return user.get(0); + } + + private LdapName extractLdapName(HttpHeaders headers) throws InvalidNameException { + List attributes = headers.getRequestHeader("x-ldap-groups"); + if (attributes == null ||attributes.isEmpty()) { + return new LdapName(""); + } + LdapName ldap = new LdapName(""); + String all = attributes.get(0); + String[] groups = all.split(";"); + for (int i = 0; i < groups.length; i++) { + String[] items = groups[i].trim().split(","); + for (int j = 0; j < items.length; j++) { + ldap.add(items[j]); + } + } + return ldap; + } + + private AuthenticationResponse getDatabaseAtributes(List groups) { + CriteriaBuilder builder = em.getCriteriaBuilder(); + CriteriaQuery criteria = builder.createQuery(Auth.class); + Root member = criteria.from(Auth.class); + List orFilter = new ArrayList(); + for (String group: groups) { + orFilter.add(builder.equal(member.get("ldapGroup"), group)); + } + Predicate orf = builder.or(orFilter.toArray(new Predicate[orFilter.size()])); + criteria.where(orf); + List result = em.createQuery(criteria).getResultList(); + List mst = new ArrayList(); + List nb = new ArrayList(); + for (Auth a: result) { + if (a.getSMessStelle() != null) { + mst.add(a.getSMessStelle().getMstId()); + } + if (a.getSNetzBetreiber() != null) { + nb.add(a.getSNetzBetreiber().getNetzbetreiberId()); + } + } + AuthenticationResponse response = new AuthenticationResponse(); + response.setMst(mst); + response.setNetzbetreiber(nb); + return response; + } + +}