fixed Username AD realm
added missing serail version uid to config service update shiro to 1.3.2
This commit is contained in:
jomu
@ -22,10 +22,10 @@
|
|||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.commons</groupId>
|
<groupId>org.apache.commons</groupId>
|
||||||
<artifactId>commons-lang3</artifactId>
|
<artifactId>commons-lang3</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.freemarker</groupId>
|
<groupId>org.freemarker</groupId>
|
||||||
<artifactId>freemarker</artifactId>
|
<artifactId>freemarker</artifactId>
|
||||||
@ -55,6 +55,16 @@
|
|||||||
<artifactId>mockito-core</artifactId>
|
<artifactId>mockito-core</artifactId>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-log4j12</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>jcl-over-slf4j</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>javax</groupId>
|
<groupId>javax</groupId>
|
||||||
<artifactId>javaee-api</artifactId>
|
<artifactId>javaee-api</artifactId>
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
package de.muehlencord.shared.account.business;
|
package de.muehlencord.shared.account.business;
|
||||||
|
|
||||||
import de.muehlencord.shared.account.entity.ConfigEntity;
|
import de.muehlencord.shared.account.entity.ConfigEntity;
|
||||||
|
import java.io.Serializable;
|
||||||
import javax.annotation.PostConstruct;
|
import javax.annotation.PostConstruct;
|
||||||
import javax.ejb.Singleton;
|
import javax.ejb.Singleton;
|
||||||
import javax.ejb.Startup;
|
import javax.ejb.Startup;
|
||||||
@ -13,7 +14,9 @@ import javax.persistence.PersistenceContext;
|
|||||||
*/
|
*/
|
||||||
@Singleton
|
@Singleton
|
||||||
@Startup
|
@Startup
|
||||||
public class ConfigService {
|
public class ConfigService implements Serializable {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3195224653632853003L;
|
||||||
|
|
||||||
@PersistenceContext
|
@PersistenceContext
|
||||||
EntityManager em;
|
EntityManager em;
|
||||||
@ -32,10 +35,10 @@ public class ConfigService {
|
|||||||
this.maxFailedLogins = Integer.parseInt(configEntity.getConfigValue());
|
this.maxFailedLogins = Integer.parseInt(configEntity.getConfigValue());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getConfigValue (String configKey) {
|
public String getConfigValue(String configKey) {
|
||||||
ConfigEntity configEntity = em.find(ConfigEntity.class, configKey);
|
ConfigEntity configEntity = em.find(ConfigEntity.class, configKey);
|
||||||
return (configEntity == null ? null : configEntity.getConfigValue());
|
return (configEntity == null ? null : configEntity.getConfigValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
/* *** getter *** */
|
/* *** getter *** */
|
||||||
|
|||||||
@ -14,21 +14,23 @@ import org.apache.shiro.realm.ldap.LdapUtils;
|
|||||||
* @author joern.muehlencord
|
* @author joern.muehlencord
|
||||||
*/
|
*/
|
||||||
public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
|
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||||
|
|
||||||
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
|
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
|
||||||
// Binds using the username and password provided by the user.
|
// Binds using the username and password provided by the user.
|
||||||
LdapContext ctx = null;
|
LdapContext ctx = null;
|
||||||
String userName = upToken.getUsername();
|
String userName = upToken.getUsername();
|
||||||
try {
|
try {
|
||||||
if (principalSuffix != null) {
|
if (principalSuffix != null) {
|
||||||
if (!userName.contains(principalSuffix))
|
if (!userName.contains(principalSuffix)) {
|
||||||
userName += principalSuffix;
|
userName += principalSuffix;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx = ldapContextFactory.getLdapContext(userName, String.valueOf(upToken.getPassword()));
|
// use system context (system user / password) to connect to server
|
||||||
|
// ctx = ldapContextFactory.getSystemLdapContext();
|
||||||
|
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
|
||||||
} finally {
|
} finally {
|
||||||
LdapUtils.closeContext(ctx);
|
LdapUtils.closeContext(ctx);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,53 @@
|
|||||||
|
package de.muehlencord.shared.account.util;
|
||||||
|
|
||||||
|
import org.apache.shiro.SecurityUtils;
|
||||||
|
import org.apache.shiro.authc.AuthenticationException;
|
||||||
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||||
|
import org.apache.shiro.config.IniSecurityManagerFactory;
|
||||||
|
import org.apache.shiro.subject.Subject;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.apache.shiro.mgt.SecurityManager;
|
||||||
|
import static org.junit.Assume.assumeNotNull;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @author Joern Muehlencord <joern at muehlencord.de>
|
||||||
|
*/
|
||||||
|
public class UserNameActiveDirectoryRealmTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testUsernameLogin() {
|
||||||
|
String userName = "user.name";
|
||||||
|
String password = "secret";
|
||||||
|
testLogin(userName, password);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEmailaddressLogin() {
|
||||||
|
String userName = "user.name@domain.com";
|
||||||
|
String password = "secret";
|
||||||
|
testLogin(userName, password);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(expected=AuthenticationException.class)
|
||||||
|
public void testWrongUserNamePassword() {
|
||||||
|
String userName = "test123";
|
||||||
|
String password = "secret";
|
||||||
|
testLogin(userName, password);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void testLogin(String userName, String password) throws AuthenticationException {
|
||||||
|
assumeNotNull(UserNameActiveDirectoryRealmTest.class.getResource("/shiro.ini"));
|
||||||
|
|
||||||
|
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
|
||||||
|
SecurityManager securityManager = factory.getInstance();
|
||||||
|
SecurityUtils.setSecurityManager(securityManager);
|
||||||
|
|
||||||
|
UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
|
||||||
|
Subject currentUser = SecurityUtils.getSubject();
|
||||||
|
|
||||||
|
currentUser.login(token);
|
||||||
|
System.out.println("Logged in");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
37
account/src/test/resources/log4j.xml
Normal file
37
account/src/test/resources/log4j.xml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
||||||
|
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"
|
||||||
|
debug="true">
|
||||||
|
|
||||||
|
<appender name="consoleAppender" class="org.apache.log4j.ConsoleAppender">
|
||||||
|
<layout class="org.apache.log4j.PatternLayout">
|
||||||
|
<param name="ConversionPattern" value="%d{ISO8601} %-5p [%c] %m%n" />
|
||||||
|
</layout>
|
||||||
|
</appender>
|
||||||
|
|
||||||
|
<category name="de.muehlencord">
|
||||||
|
<priority value="DEBUG"/>
|
||||||
|
</category>
|
||||||
|
|
||||||
|
<category name="org.apache.shiro">
|
||||||
|
<priority value="DEBUG"/>
|
||||||
|
</category>
|
||||||
|
|
||||||
|
<category name="com.sun">
|
||||||
|
<priority value="WARN"/>
|
||||||
|
</category>
|
||||||
|
|
||||||
|
<category name="javax.xml">
|
||||||
|
<priority value="WARN"/>
|
||||||
|
</category>
|
||||||
|
|
||||||
|
<category name="org.apache.commons">
|
||||||
|
<priority value="WARN"/>
|
||||||
|
</category>
|
||||||
|
|
||||||
|
|
||||||
|
<root>
|
||||||
|
<level value="INFO" />
|
||||||
|
<appender-ref ref="consoleAppender" />
|
||||||
|
</root>
|
||||||
|
</log4j:configuration>
|
||||||
30
account/src/test/resources/shiro.ini.dist
Normal file
30
account/src/test/resources/shiro.ini.dist
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
[main]
|
||||||
|
contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
|
||||||
|
contextFactory.url = ldaps://ldap.domain.com:636
|
||||||
|
contextFactory.systemUsername = user.name@domain.com
|
||||||
|
contextFactory.systemPassword = secret
|
||||||
|
contextFactory.environment[java.naming.security.protocol] = ssl
|
||||||
|
|
||||||
|
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
|
||||||
|
securityManager.cacheManager = $cacheManager
|
||||||
|
|
||||||
|
# HashService
|
||||||
|
hashService = org.apache.shiro.crypto.hash.DefaultHashService
|
||||||
|
hashService.hashIterations = 500000
|
||||||
|
hashService.hashAlgorithmName = SHA-512
|
||||||
|
hashService.generatePublicSalt = true
|
||||||
|
|
||||||
|
# Password service
|
||||||
|
passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
|
||||||
|
passwordService.hashService = $hashService
|
||||||
|
|
||||||
|
# LDAP Realm setup
|
||||||
|
ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm
|
||||||
|
ldapRealm.principalSuffix = @domain.com
|
||||||
|
ldapRealm.ldapContextFactory = $contextFactory
|
||||||
|
ldapRealm.searchBase = dc=domain,dc=com
|
||||||
|
|
||||||
|
# LDAP (authentication) activation
|
||||||
|
authcStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy
|
||||||
|
securityManager.realms = $ldapRealm
|
||||||
|
securityManager.authenticator.authenticationStrategy = $authcStrategy
|
||||||
Reference in New Issue
Block a user