fixed Username AD realm

added missing serail version uid to config service
update shiro to 1.3.2

account/pom.xml

@@ -22,10 +22,10 @@
     </properties>
 
     <dependencies>
-            <dependency>
-                <groupId>org.apache.commons</groupId>
-                <artifactId>commons-lang3</artifactId>
-            </dependency> 
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+        </dependency> 
         <dependency>
             <groupId>org.freemarker</groupId>
             <artifactId>freemarker</artifactId>
@@ -55,6 +55,16 @@
             <artifactId>mockito-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>           
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>            
+            <scope>test</scope>
+        </dependency>        
         <dependency>
             <groupId>javax</groupId>
             <artifactId>javaee-api</artifactId>

account/src/main/java/de/muehlencord/shared/account/business/ConfigService.java

@@ -1,6 +1,7 @@
 package de.muehlencord.shared.account.business;
 
 import de.muehlencord.shared.account.entity.ConfigEntity;
+import java.io.Serializable;
 import javax.annotation.PostConstruct;
 import javax.ejb.Singleton;
 import javax.ejb.Startup;
@@ -13,7 +14,9 @@ import javax.persistence.PersistenceContext;
  */
 @Singleton
 @Startup
-public class ConfigService {
+public class ConfigService implements Serializable {
+
+    private static final long serialVersionUID = -3195224653632853003L;
 
     @PersistenceContext
     EntityManager em;
@@ -33,8 +36,8 @@ public class ConfigService {
         }
     }
 
-    public String getConfigValue (String configKey) {
-        ConfigEntity configEntity =  em.find(ConfigEntity.class, configKey);        
+    public String getConfigValue(String configKey) {
+        ConfigEntity configEntity = em.find(ConfigEntity.class, configKey);
         return (configEntity == null ? null : configEntity.getConfigValue());
     }
 

account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java

@@ -17,18 +17,20 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
 
     @Override
     protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
-
         UsernamePasswordToken upToken = (UsernamePasswordToken) token;
         // Binds using the username and password provided by the user.
         LdapContext ctx = null;
         String userName = upToken.getUsername();
         try {
             if (principalSuffix != null) {
-                if (!userName.contains(principalSuffix))
+                if (!userName.contains(principalSuffix)) {
                     userName += principalSuffix;
+                }
             }
 
-            ctx = ldapContextFactory.getLdapContext(userName, String.valueOf(upToken.getPassword()));
+            // use system context (system user / password) to connect to server
+            // ctx = ldapContextFactory.getSystemLdapContext();
+            ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
         } finally {
             LdapUtils.closeContext(ctx);
         }

account/src/test/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealmTest.java

@@ -0,0 +1,53 @@
+package de.muehlencord.shared.account.util;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.subject.Subject;
+import org.junit.Test;
+import org.apache.shiro.mgt.SecurityManager;
+import static org.junit.Assume.assumeNotNull;
+
+/**
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+public class UserNameActiveDirectoryRealmTest {
+
+    @Test
+    public void testUsernameLogin() {
+        String userName = "user.name";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    @Test
+    public void testEmailaddressLogin() {
+        String userName = "user.name@domain.com";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    @Test(expected=AuthenticationException.class)
+    public void testWrongUserNamePassword() {
+        String userName = "test123";
+        String password = "secret";
+        testLogin(userName, password);
+    }
+
+    private void testLogin(String userName, String password) throws AuthenticationException {
+        assumeNotNull(UserNameActiveDirectoryRealmTest.class.getResource("/shiro.ini"));
+
+        IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:shiro.ini");
+        SecurityManager securityManager = factory.getInstance();
+        SecurityUtils.setSecurityManager(securityManager);
+
+        UsernamePasswordToken token = new UsernamePasswordToken(userName, password);
+        Subject currentUser = SecurityUtils.getSubject();
+
+        currentUser.login(token);
+        System.out.println("Logged in");
+    }
+
+}

account/src/test/resources/log4j.xml

@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>  
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">  
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"  
+                     debug="true">  
+        
+    <appender name="consoleAppender" class="org.apache.log4j.ConsoleAppender">
+        <layout class="org.apache.log4j.PatternLayout">           
+            <param name="ConversionPattern" value="%d{ISO8601} %-5p [%c] %m%n" />
+        </layout>
+    </appender>    
+    
+    <category name="de.muehlencord">
+        <priority value="DEBUG"/>
+    </category>   
+    
+    <category name="org.apache.shiro">
+        <priority value="DEBUG"/>
+    </category>       
+            
+    <category name="com.sun">
+        <priority value="WARN"/>
+    </category>        
+    
+    <category name="javax.xml">
+        <priority value="WARN"/>
+    </category>   
+    
+    <category name="org.apache.commons">
+        <priority value="WARN"/>
+    </category>   
+                       
+                      
+    <root>
+        <level value="INFO" />
+        <appender-ref ref="consoleAppender" />     
+    </root>
+</log4j:configuration>

account/src/test/resources/shiro.ini.dist

@@ -0,0 +1,30 @@
+[main]
+contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory
+contextFactory.url = ldaps://ldap.domain.com:636
+contextFactory.systemUsername = user.name@domain.com
+contextFactory.systemPassword = secret
+contextFactory.environment[java.naming.security.protocol] = ssl
+
+cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
+securityManager.cacheManager = $cacheManager
+
+# HashService
+hashService = org.apache.shiro.crypto.hash.DefaultHashService
+hashService.hashIterations = 500000
+hashService.hashAlgorithmName = SHA-512
+hashService.generatePublicSalt = true
+
+# Password service
+passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
+passwordService.hashService = $hashService
+
+# LDAP Realm setup
+ldapRealm = de.muehlencord.shared.account.util.UserNameActiveDirectoryRealm
+ldapRealm.principalSuffix = @domain.com
+ldapRealm.ldapContextFactory = $contextFactory
+ldapRealm.searchBase = dc=domain,dc=com
+
+# LDAP (authentication) activation
+authcStrategy  = org.apache.shiro.authc.pam.AllSuccessfulStrategy
+securityManager.realms = $ldapRealm
+securityManager.authenticator.authenticationStrategy = $authcStrategy