jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

improved logging

Browse Source
This commit is contained in:
Joern Muehlencord
2018-10-29 12:35:35 +01:00
parent 4eb6bb77e2
commit f07467fd3e
2 changed files with 120 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
account/src/main/java/de/muehlencord/shared/account/presentation/LoginView.java
View File

@ -10,6 +10,7 @@ import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext; import javax.faces.context.FacesContext;
import javax.faces.view.ViewScoped; import javax.faces.view.ViewScoped;
import javax.inject.Named; import javax.inject.Named;
import javax.naming.NamingException;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
@ -68,10 +69,19 @@ public class LoginView implements Serializable {
String hint = "Error while authenticating user " + username; String hint = "Error while authenticating user " + username;
if (LOGGER.isDebugEnabled()) { if (LOGGER.isDebugEnabled()) {
LOGGER.debug(hint, ex); LOGGER.debug(hint, ex);
} else {
LOGGER.error(hint + " Reason: " + ex.toString());
} }
FacesUtil.addGlobalErrorMessage("Login failed", hint);
if (ex.getMessage() != null) {
hint += "Reason: " + ex.getMessage();
} else {
hint += "Reason: " + ex.toString();
}
if ((ex.getCause() != null) && (ex.getCause().getMessage() != null)) {
hint += "Rootcause: " + ex.getMessage();
LOGGER.error(hint);
}
FacesUtil.addGlobalErrorMessage("Login failed", hint);
AccountEntity account = accountService.getAccountEntity(username, false); AccountEntity account = accountService.getAccountEntity(username, false);
if (account != null) { if (account != null) {
@ -123,7 +133,7 @@ public class LoginView implements Serializable {
return login(); return login();
} else { } else {
// TODO add email notificaton on failed password reset // TODO add email notificaton on failed password reset
FacesUtil.addGlobalErrorMessage("Password reset failed", null); FacesUtil.addGlobalErrorMessage("Password reset failed", null);
return login(); return login();
} }
} }

207
account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java
View File

@ -1,101 +1,106 @@
package de.muehlencord.shared.account.util; package de.muehlencord.shared.account.util;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import javax.naming.NamingException; import javax.naming.NamingException;
import javax.naming.ldap.LdapContext; import javax.naming.ldap.LdapContext;
import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm; import org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm;
import org.apache.shiro.realm.ldap.LdapContextFactory; import org.apache.shiro.realm.ldap.LdapContextFactory;
import org.apache.shiro.realm.ldap.LdapUtils; import org.apache.shiro.realm.ldap.LdapUtils;
import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
/** /**
* *
* @author joern.muehlencord * @author joern.muehlencord
*/ */
public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm { public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class); private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
private boolean permissionsLookupEnabled = true; private boolean permissionsLookupEnabled = true;
@Override @Override
protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException { protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token; UsernamePasswordToken upToken = (UsernamePasswordToken) token;
LdapContext ctx = null; LdapContext ctx = null;
String userName = upToken.getUsername(); String userName = upToken.getUsername();
try { try {
if (principalSuffix != null) { if (principalSuffix != null) {
if (!userName.contains(principalSuffix)) { if (!userName.contains(principalSuffix)) {
userName += principalSuffix; userName += principalSuffix;
} }
} }
// Binds using the username and password provided by the user. // Binds using the username and password provided by the user.
LOGGER.debug("start creating context"); if (LOGGER.isDebugEnabled()) {
ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials()); LOGGER.debug("start creating context");
LOGGER.debug("context created"); }
} finally { ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
LdapUtils.closeContext(ctx); if (LOGGER.isDebugEnabled()) {
} LOGGER.debug("User {} LDAP authenticated", userName);
}
LOGGER.debug("building authentication info"); } finally {
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword()); LdapUtils.closeContext(ctx);
LOGGER.debug("authentifaction info created"); }
return authInfo;
} LOGGER.debug("building authentication info");
AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
/**
* Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by LOGGER.debug("authentifaction info created");
* querying the active directory LDAP context for the groups that a user is return authInfo;
* a member of. The groups are then translated to role names by using the }
* configured {@link #groupRolesMap}.
* <p/> /**
* This implementation expects the <tt>principal</tt> argument to be a * Builds an {@link org.apache.shiro.authz.AuthorizationInfo} object by
* String username. * querying the active directory LDAP context for the groups that a user is
* <p/> * a member of. The groups are then translated to role names by using the
* Subclasses can override this method to determine authorization data * configured {@link #groupRolesMap}.
* (roles, permissions, etc) in a more complex way. Note that this default * <p/>
* implementation does not support permissions, only roles. * This implementation expects the <tt>principal</tt> argument to be a
* * String username.
* @param principals the principal of the Subject whose account is being * <p/>
* retrieved. * Subclasses can override this method to determine authorization data
* @param ldapContextFactory the factory used to create LDAP connections. * (roles, permissions, etc) in a more complex way. Note that this default
* @return the AuthorizationInfo for the given Subject principal. * implementation does not support permissions, only roles.
* @throws NamingException if an error occurs when searching the LDAP *
* server. * @param principals the principal of the Subject whose account is being
*/ * retrieved.
@Override * @param ldapContextFactory the factory used to create LDAP connections.
protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException { * @return the AuthorizationInfo for the given Subject principal.
Set<String> roleNames; * @throws NamingException if an error occurs when searching the LDAP
if (this.permissionsLookupEnabled) { * server.
String username = (String) getAvailablePrincipal(principals); */
// Perform context search @Override
LdapContext ldapContext = ldapContextFactory.getSystemLdapContext(); protected AuthorizationInfo queryForAuthorizationInfo(PrincipalCollection principals, LdapContextFactory ldapContextFactory) throws NamingException {
try { Set<String> roleNames;
roleNames = getRoleNamesForUser(username, ldapContext); if (this.permissionsLookupEnabled) {
} finally { String username = (String) getAvailablePrincipal(principals);
LdapUtils.closeContext(ldapContext); // Perform context search
} LdapContext ldapContext = ldapContextFactory.getSystemLdapContext();
} else { try {
roleNames = new HashSet<>(); roleNames = getRoleNamesForUser(username, ldapContext);
} } finally {
return buildAuthorizationInfo(roleNames); LdapUtils.closeContext(ldapContext);
} }
} else {
public boolean isPermissionsLookupEnabled() { roleNames = new HashSet<>();
return permissionsLookupEnabled; }
} return buildAuthorizationInfo(roleNames);
}
public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled) {
this.permissionsLookupEnabled = permissionsLookupEnabled; public boolean isPermissionsLookupEnabled() {
} return permissionsLookupEnabled;
}
}
public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled) {
this.permissionsLookupEnabled = permissionsLookupEnabled;
}
}