fixed Username AD realm

added missing serail version uid to config service update shiro to 1.3.2
2016-09-27 22:21:59 +00:00
parent 2471221bda
commit 1a9c4ced6e
6 changed files with 150 additions and 15 deletions
--- a/account/src/main/java/de/muehlencord/shared/account/business/ConfigService.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/ConfigService.java
@ -1,6 +1,7 @@
 package de.muehlencord.shared.account.business;

 import de.muehlencord.shared.account.entity.ConfigEntity;
+import java.io.Serializable;
 import javax.annotation.PostConstruct;
 import javax.ejb.Singleton;
 import javax.ejb.Startup;
@ -13,7 +14,9 @@ import javax.persistence.PersistenceContext;
 */
@Singleton
@Startup
-public class ConfigService {
+public class ConfigService implements Serializable {
+
+    private static final long serialVersionUID = -3195224653632853003L;

    @PersistenceContext
    EntityManager em;
@ -32,10 +35,10 @@ public class ConfigService {
            this.maxFailedLogins = Integer.parseInt(configEntity.getConfigValue());
        }
    }
-    
-    public String getConfigValue (String configKey) {
-        ConfigEntity configEntity =  em.find(ConfigEntity.class, configKey);        
-        return (configEntity == null ? null : configEntity.getConfigValue()); 
+
+    public String getConfigValue(String configKey) {
+        ConfigEntity configEntity = em.find(ConfigEntity.class, configKey);
+        return (configEntity == null ? null : configEntity.getConfigValue());
    }

    /* *** getter *** */
--- a/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java
+++ b/account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java
@ -14,21 +14,23 @@ import org.apache.shiro.realm.ldap.LdapUtils;
 * @author joern.muehlencord
 */
 public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
-    
+
    @Override
    protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
-
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        // Binds using the username and password provided by the user.
        LdapContext ctx = null;
        String userName = upToken.getUsername();
-        try {            
+        try {
            if (principalSuffix != null) {
-                if (!userName.contains(principalSuffix))
+                if (!userName.contains(principalSuffix)) {
                    userName += principalSuffix;
+                }
            }
-            
-            ctx = ldapContextFactory.getLdapContext(userName, String.valueOf(upToken.getPassword()));
+
+            // use system context (system user / password) to connect to server
+            // ctx = ldapContextFactory.getSystemLdapContext();
+            ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
        } finally {
            LdapUtils.closeContext(ctx);
        }
--- a/account/src/test/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealmTest.java
+++ b/account/src/test/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealmTest.java
@ -0,0 +1,53 @@
+package de.muehlencord.shared.account.util;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.subject.Subject;
+import org.junit.Test;
+import org.apache.shiro.mgt.SecurityManager;
+import static org.junit.Assume.assumeNotNull;
+
+/**
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+public class UserNameActiveDirectoryRealmTest {
+
+    @Test
+    public void testUsernameLogin() {
+        String userName = "user.name";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    @Test
+    public void testEmailaddressLogin() {
+        String userName = "user.name@domain.com";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    @Test(expected=AuthenticationException.class)
+    public void testWrongUserNamePassword() {
+        String userName = "test123";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    private void testLogin(String userName, String password) throws AuthenticationException {
+        assumeNotNull(UserNameActiveDirectoryRealmTest.class.getResource("/shiro.ini"));
+
+        IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
+        SecurityManager securityManager = factory.getInstance();
+        SecurityUtils.setSecurityManager(securityManager);
+
+        UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
+        Subject currentUser = SecurityUtils.getSubject();
+
+        currentUser.login(token);
+        System.out.println("Logged in");
+    }
+
+}
--- a/account/src/test/resources/log4j.xml
+++ b/account/src/test/resources/log4j.xml
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>  
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">  
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"  
+                     debug="true">  
+        
+    <appender name="consoleAppender" class="org.apache.log4j.ConsoleAppender">
+        <layout class="org.apache.log4j.PatternLayout">           
+            <param name="ConversionPattern" value="%d{ISO8601} %-5p [%c] %m%n" />
+        </layout>
+    </appender>    
+    
+    <category name="de.muehlencord">
+        <priority value="DEBUG"/>
+    </category>   
+    
+    <category name="org.apache.shiro">
+        <priority value="DEBUG"/>
+    </category>       
+            
+    <category name="com.sun">
+        <priority value="WARN"/>
+    </category>        
+    
+    <category name="javax.xml">
+        <priority value="WARN"/>
+    </category>   
+    
+    <category name="org.apache.commons">
+        <priority value="WARN"/>
+    </category>   
+                       
+                      
+    <root>
+        <level value="INFO" />
+        <appender-ref ref="consoleAppender" />     
+    </root>
+</log4j:configuration>
--- a/account/src/test/resources/shiro.ini.dist
+++ b/account/src/test/resources/shiro.ini.dist
@ -0,0 +1,30 @@
+[main]
+contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
+contextFactory.url = ldaps://ldap.domain.com:636
+contextFactory.systemUsername = user.name@domain.com
+contextFactory.systemPassword = secret
+contextFactory.environment[java.naming.security.protocol] = ssl
+
+cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
+securityManager.cacheManager = $cacheManager
+
+# HashService
+hashService = org.apache.shiro.crypto.hash.DefaultHashService
+hashService.hashIterations = 500000
+hashService.hashAlgorithmName = SHA-512
+hashService.generatePublicSalt = true
+
+# Password service
+passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
+passwordService.hashService = $hashService
+
+# LDAP Realm setup
+ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm
+ldapRealm.principalSuffix = @domain.com
+ldapRealm.ldapContextFactory = $contextFactory
+ldapRealm.searchBase = dc=domain,dc=com
+
+# LDAP (authentication) activation
+authcStrategy  = org.apache.shiro.authc.pam.AllSuccessfulStrategy
+securityManager.realms = $ldapRealm
+securityManager.authenticator.authenticationStrategy = $authcStrategy