improved logging
This commit is contained in:
@ -10,6 +10,7 @@ import javax.faces.context.ExternalContext;
|
||||
import javax.faces.context.FacesContext;
|
||||
import javax.faces.view.ViewScoped;
|
||||
import javax.inject.Named;
|
||||
import javax.naming.NamingException;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
@ -68,10 +69,19 @@ public class LoginView implements Serializable {
|
||||
String hint = "Error while authenticating user " + username;
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug(hint, ex);
|
||||
} else {
|
||||
LOGGER.error(hint + " Reason: " + ex.toString());
|
||||
}
|
||||
FacesUtil.addGlobalErrorMessage("Login failed", hint);
|
||||
|
||||
if (ex.getMessage() != null) {
|
||||
hint += "Reason: " + ex.getMessage();
|
||||
} else {
|
||||
hint += "Reason: " + ex.toString();
|
||||
}
|
||||
if ((ex.getCause() != null) && (ex.getCause().getMessage() != null)) {
|
||||
hint += "Rootcause: " + ex.getMessage();
|
||||
|
||||
LOGGER.error(hint);
|
||||
}
|
||||
FacesUtil.addGlobalErrorMessage("Login failed", hint);
|
||||
|
||||
AccountEntity account = accountService.getAccountEntity(username, false);
|
||||
if (account != null) {
|
||||
@ -123,7 +133,7 @@ public class LoginView implements Serializable {
|
||||
return login();
|
||||
} else {
|
||||
// TODO add email notificaton on failed password reset
|
||||
FacesUtil.addGlobalErrorMessage("Password reset failed", null);
|
||||
FacesUtil.addGlobalErrorMessage("Password reset failed", null);
|
||||
return login();
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,101 +1,106 @@
|
||||
package de.muehlencord.shared.account.util;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import javax.naming.NamingException;
|
||||
import javax.naming.ldap.LdapContext;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm;
|
||||
import org.apache.shiro.realm.ldap.LdapContextFactory;
|
||||
import org.apache.shiro.realm.ldap.LdapUtils;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author joern.muehlencord
|
||||
*/
|
||||
public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
||||
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
|
||||
|
||||
private boolean permissionsLookupEnabled = true;
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
|
||||
|
||||
LdapContext ctx = null;
|
||||
String userName = upToken.getUsername();
|
||||
try {
|
||||
if (principalSuffix != null) {
|
||||
if (!userName.contains(principalSuffix)) {
|
||||
userName += principalSuffix;
|
||||
}
|
||||
}
|
||||
|
||||
// Binds using the username and password provided by the user.
|
||||
LOGGER.debug("start creating context");
|
||||
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
|
||||
LOGGER.debug("context created");
|
||||
} finally {
|
||||
LdapUtils.closeContext(ctx);
|
||||
}
|
||||
|
||||
LOGGER.debug("building authentication info");
|
||||
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
|
||||
LOGGER.debug("authentifaction info created");
|
||||
return authInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by
|
||||
* querying the active directory LDAP context for the groups that a user is
|
||||
* a member of. The groups are then translated to role names by using the
|
||||
* configured {@link #groupRolesMap}.
|
||||
* <p/>
|
||||
* This implementation expects the <tt>principal</tt> argument to be a
|
||||
* String username.
|
||||
* <p/>
|
||||
* Subclasses can override this method to determine authorization data
|
||||
* (roles, permissions, etc) in a more complex way. Note that this default
|
||||
* implementation does not support permissions, only roles.
|
||||
*
|
||||
* @param principals the principal of the Subject whose account is being
|
||||
* retrieved.
|
||||
* @param ldapContextFactory the factory used to create LDAP connections.
|
||||
* @return the AuthorizationInfo for the given Subject principal.
|
||||
* @throws NamingException if an error occurs when searching the LDAP
|
||||
* server.
|
||||
*/
|
||||
@Override
|
||||
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
Set<String> roleNames;
|
||||
if (this.permissionsLookupEnabled) {
|
||||
String username = (String) getAvailablePrincipal(principals);
|
||||
// Perform context search
|
||||
LdapContext ldapContext = ldapContextFactory.getSystemLdapContext();
|
||||
try {
|
||||
roleNames = getRoleNamesForUser(username, ldapContext);
|
||||
} finally {
|
||||
LdapUtils.closeContext(ldapContext);
|
||||
}
|
||||
} else {
|
||||
roleNames = new HashSet<>();
|
||||
}
|
||||
return buildAuthorizationInfo(roleNames);
|
||||
}
|
||||
|
||||
public boolean isPermissionsLookupEnabled() {
|
||||
return permissionsLookupEnabled;
|
||||
}
|
||||
|
||||
public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled) {
|
||||
this.permissionsLookupEnabled = permissionsLookupEnabled;
|
||||
}
|
||||
|
||||
}
|
||||
package de.muehlencord.shared.account.util;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import javax.naming.NamingException;
|
||||
import javax.naming.ldap.LdapContext;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm;
|
||||
import org.apache.shiro.realm.ldap.LdapContextFactory;
|
||||
import org.apache.shiro.realm.ldap.LdapUtils;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author joern.muehlencord
|
||||
*/
|
||||
public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
|
||||
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
|
||||
|
||||
private boolean permissionsLookupEnabled = true;
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
|
||||
|
||||
LdapContext ctx = null;
|
||||
String userName = upToken.getUsername();
|
||||
try {
|
||||
if (principalSuffix != null) {
|
||||
if (!userName.contains(principalSuffix)) {
|
||||
userName += principalSuffix;
|
||||
}
|
||||
}
|
||||
|
||||
// Binds using the username and password provided by the user.
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("start creating context");
|
||||
}
|
||||
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
|
||||
if (LOGGER.isDebugEnabled()) {
|
||||
LOGGER.debug("User {} LDAP authenticated", userName);
|
||||
}
|
||||
} finally {
|
||||
LdapUtils.closeContext(ctx);
|
||||
}
|
||||
|
||||
LOGGER.debug("building authentication info");
|
||||
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
|
||||
|
||||
LOGGER.debug("authentifaction info created");
|
||||
return authInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by
|
||||
* querying the active directory LDAP context for the groups that a user is
|
||||
* a member of. The groups are then translated to role names by using the
|
||||
* configured {@link #groupRolesMap}.
|
||||
* <p/>
|
||||
* This implementation expects the <tt>principal</tt> argument to be a
|
||||
* String username.
|
||||
* <p/>
|
||||
* Subclasses can override this method to determine authorization data
|
||||
* (roles, permissions, etc) in a more complex way. Note that this default
|
||||
* implementation does not support permissions, only roles.
|
||||
*
|
||||
* @param principals the principal of the Subject whose account is being
|
||||
* retrieved.
|
||||
* @param ldapContextFactory the factory used to create LDAP connections.
|
||||
* @return the AuthorizationInfo for the given Subject principal.
|
||||
* @throws NamingException if an error occurs when searching the LDAP
|
||||
* server.
|
||||
*/
|
||||
@Override
|
||||
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException {
|
||||
Set<String> roleNames;
|
||||
if (this.permissionsLookupEnabled) {
|
||||
String username = (String) getAvailablePrincipal(principals);
|
||||
// Perform context search
|
||||
LdapContext ldapContext = ldapContextFactory.getSystemLdapContext();
|
||||
try {
|
||||
roleNames = getRoleNamesForUser(username, ldapContext);
|
||||
} finally {
|
||||
LdapUtils.closeContext(ldapContext);
|
||||
}
|
||||
} else {
|
||||
roleNames = new HashSet<>();
|
||||
}
|
||||
return buildAuthorizationInfo(roleNames);
|
||||
}
|
||||
|
||||
public boolean isPermissionsLookupEnabled() {
|
||||
return permissionsLookupEnabled;
|
||||
}
|
||||
|
||||
public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled) {
|
||||
this.permissionsLookupEnabled = permissionsLookupEnabled;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user