Mercurial > lada > lada-server
changeset 180:cfa61bb7a86f
New package and classes for LDAP authentication.
| author | Raimund Renkert <rrenkert@intevation.de> |
|---|---|
| date | Thu, 27 Jun 2013 15:00:41 +0200 |
| parents | 8492b8f2efaf |
| children | bca4bda93a98 |
| files | src/main/java/de/intevation/lada/authentication/Authentication.java src/main/java/de/intevation/lada/authentication/AuthenticationException.java src/main/java/de/intevation/lada/authentication/AuthenticationResponse.java src/main/java/de/intevation/lada/authentication/LdapAuthentication.java |
| diffstat | 4 files changed, 163 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/Authentication.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,10 @@ +package de.intevation.lada.authentication; + +import javax.ws.rs.core.HttpHeaders; + +public interface Authentication +{ + public AuthenticationResponse authorizedGroups(HttpHeaders headers) + throws AuthenticationException; + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/AuthenticationException.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,8 @@ +package de.intevation.lada.authentication; + + +public class AuthenticationException +extends Exception +{ + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/AuthenticationResponse.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,38 @@ +package de.intevation.lada.authentication; + +import java.util.List; + + +public class AuthenticationResponse +{ + private String user; + private List<String> mst; + private List<String> netzbetreiber; + + public AuthenticationResponse() { + } + + public String getUser() { + return user; + } + + public void setUser(String user) { + this.user = user; + } + + public List<String> getMst() { + return mst; + } + + public void setMst(List<String> mst) { + this.mst = mst; + } + + public List<String> getNetzbetreiber() { + return netzbetreiber; + } + + public void setNetzbetreiber(List<String> netzbetreiber) { + this.netzbetreiber = netzbetreiber; + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/main/java/de/intevation/lada/authentication/LdapAuthentication.java Thu Jun 27 15:00:41 2013 +0200 @@ -0,0 +1,107 @@ +package de.intevation.lada.authentication; + +import java.util.ArrayList; +import java.util.List; + +import javax.enterprise.context.RequestScoped; +import javax.inject.Inject; +import javax.inject.Named; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import javax.persistence.EntityManager; +import javax.persistence.criteria.CriteriaBuilder; +import javax.persistence.criteria.CriteriaQuery; +import javax.persistence.criteria.Predicate; +import javax.persistence.criteria.Root; +import javax.ws.rs.core.HttpHeaders; + +import de.intevation.lada.model.Auth; + +@RequestScoped +@Named("ldapauth") +public class LdapAuthentication +implements Authentication +{ + @Inject + private EntityManager em; + + @Override + public AuthenticationResponse authorizedGroups(HttpHeaders headers) + throws AuthenticationException { + List<String> groups = new ArrayList<String>(); + try { + LdapName ldap = extractLdapName(headers); + List<Rdn> rdns = ldap.getRdns(); + for (Rdn rdn: rdns) { + String value = (String)rdn.getValue(); + if (rdn.getType().equals("cn")) { + groups.add(value); + } + } + } + catch(InvalidNameException ine) { + throw new AuthenticationException(); + } + AuthenticationResponse response = getDatabaseAtributes(groups); + String user = extractUser(headers); + if (user == null) { + throw new AuthenticationException(); + } + response.setUser(user); + return response; + } + + private String extractUser(HttpHeaders headers) { + List<String> user = headers.getRequestHeader("x-ldap-user"); + if (user == null || user.isEmpty()) { + return null; + } + return user.get(0); + } + + private LdapName extractLdapName(HttpHeaders headers) throws InvalidNameException { + List<String> attributes = headers.getRequestHeader("x-ldap-groups"); + if (attributes == null ||attributes.isEmpty()) { + return new LdapName(""); + } + LdapName ldap = new LdapName(""); + String all = attributes.get(0); + String[] groups = all.split(";"); + for (int i = 0; i < groups.length; i++) { + String[] items = groups[i].trim().split(","); + for (int j = 0; j < items.length; j++) { + ldap.add(items[j]); + } + } + return ldap; + } + + private AuthenticationResponse getDatabaseAtributes(List<String> groups) { + CriteriaBuilder builder = em.getCriteriaBuilder(); + CriteriaQuery<Auth> criteria = builder.createQuery(Auth.class); + Root<Auth> member = criteria.from(Auth.class); + List<Predicate> orFilter = new ArrayList<Predicate>(); + for (String group: groups) { + orFilter.add(builder.equal(member.get("ldapGroup"), group)); + } + Predicate orf = builder.or(orFilter.toArray(new Predicate[orFilter.size()])); + criteria.where(orf); + List<Auth> result = em.createQuery(criteria).getResultList(); + List<String> mst = new ArrayList<String>(); + List<String> nb = new ArrayList<String>(); + for (Auth a: result) { + if (a.getSMessStelle() != null) { + mst.add(a.getSMessStelle().getMstId()); + } + if (a.getSNetzBetreiber() != null) { + nb.add(a.getSNetzBetreiber().getNetzbetreiberId()); + } + } + AuthenticationResponse response = new AuthenticationResponse(); + response.setMst(mst); + response.setNetzbetreiber(nb); + return response; + } + +}