jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

introduced possibility to fallback to different principalSuffix to combine different users together

Browse Source
This commit is contained in:
Joern Muehlencord
2018-11-06 00:40:28 +01:00
parent 14e4c2cc6e
commit b95ffdb417
1 changed files with 56 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java
View File

@ -24,35 +24,51 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
private boolean permissionsLookupEnabled = true; private boolean permissionsLookupEnabled = true;
protected String fallbackPrincipalSuffix = null;
@Override @Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token; UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String userName = getUserName(upToken, principalSuffix);
LdapContext ctx = null; LdapContext ctx = null;
String userName = upToken.getUsername();
try { try {
if (principalSuffix != null) { ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
if (!userName.contains(principalSuffix)) { } catch (NamingException ex) {
userName += principalSuffix; if (fallbackPrincipalSuffix == null) {
} throw ex;
} }
// Binds using the username and password provided by the user.
if (LOGGER.isDebugEnabled()) { if (LOGGER.isDebugEnabled()) {
LOGGER.debug("start creating context"); LOGGER.debug("Lookup with principalSuffix {} failed, falling back to {}", principalSuffix, fallbackPrincipalSuffix);
}
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("User {} LDAP authenticated", userName);
} }
} finally { } finally {
LdapUtils.closeContext(ctx); LdapUtils.closeContext(ctx);
} }
if ((ctx == null) && (fallbackPrincipalSuffix != null)) {
userName = getUserName(upToken, fallbackPrincipalSuffix);
try {
ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
} catch (NamingException ex) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Lookup with fallbackSuffix {} also failed", fallbackPrincipalSuffix);
}
throw ex;
} finally {
LdapUtils.closeContext(ctx);
}
}
if (ctx == null) {
throw new NamingException("Unknown error authenticationing user "+userName+". Context still null. Check implementation");
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("User {} LDAP authenticated", userName);
}
LOGGER.debug("building authentication info"); LOGGER.debug("building authentication info");
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword()); AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
LOGGER.debug("authentifaction info created"); LOGGER.debug("authentifaction info created");
return authInfo; return authInfo;
} }
@ -103,4 +119,31 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
this.permissionsLookupEnabled = permissionsLookupEnabled; this.permissionsLookupEnabled = permissionsLookupEnabled;
} }
public String getFallbackPrincipalSuffix() {
return fallbackPrincipalSuffix;
}
public void setFallbackPrincipalSuffix(String fallbackPrincipalSuffix) {
this.fallbackPrincipalSuffix = fallbackPrincipalSuffix;
}
private String getUserName(UsernamePasswordToken upToken, String suffix) {
String userName = upToken.getUsername();
if (suffix != null) {
if (!userName.contains(suffix)) {
userName += suffix;
}
}
return userName;
}
private LdapContext lookupUser(String userName, Object credentials, LdapContextFactory ldapContextFactory) throws NamingException {
// Binds using the username and password provided by the user.
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("start creating context");
}
return ldapContextFactory.getLdapContext(userName, credentials);
}
} }