| | |
|---|
| | | public UserModel authenticate(String username, char[] password) {
|
|---|
| | | String simpleUsername = getSimpleUsername(username);
|
|---|
| | |
|
|---|
| | | LDAPConnection ldapConnection = getLdapConnection(); |
|---|
| | | LDAPConnection ldapConnection = getLdapConnection();
|
|---|
| | | if (ldapConnection != null) {
|
|---|
| | | // Find the logging in user's DN
|
|---|
| | | String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
|
|---|
| | | String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
|
|---|
| | | accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
|
|---|
| | | try {
|
|---|
| | | // Find the logging in user's DN
|
|---|
| | | String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");
|
|---|
| | | String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");
|
|---|
| | | accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
|
|---|
| | |
|
|---|
| | | SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
|
|---|
| | | if (result != null && result.getEntryCount() == 1) {
|
|---|
| | | SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
|
|---|
| | | String loggingInUserDN = loggingInUser.getDN();
|
|---|
| | | |
|---|
| | | if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
|
|---|
| | | logger.debug("LDAP authenticated: " + username);
|
|---|
| | | |
|---|
| | | UserModel user = getUserModel(simpleUsername);
|
|---|
| | | if (user == null) // create user object for new authenticated user
|
|---|
| | | user = new UserModel(simpleUsername);
|
|---|
| | | SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);
|
|---|
| | | if (result != null && result.getEntryCount() == 1) {
|
|---|
| | | SearchResultEntry loggingInUser = result.getSearchEntries().get(0);
|
|---|
| | | String loggingInUserDN = loggingInUser.getDN();
|
|---|
| | |
|
|---|
| | | // create a user cookie
|
|---|
| | | if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
|
|---|
| | | user.cookie = StringUtils.getSHA1(user.username + new String(password));
|
|---|
| | | if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {
|
|---|
| | | logger.debug("LDAP authenticated: " + username);
|
|---|
| | |
|
|---|
| | | UserModel user = getUserModel(simpleUsername);
|
|---|
| | | if (user == null) // create user object for new authenticated user
|
|---|
| | | user = new UserModel(simpleUsername);
|
|---|
| | |
|
|---|
| | | // create a user cookie
|
|---|
| | | if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
|
|---|
| | | user.cookie = StringUtils.getSHA1(user.username + new String(password));
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | if (!supportsTeamMembershipChanges())
|
|---|
| | | getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
|
|---|
| | |
|
|---|
| | | // Get User Attributes
|
|---|
| | | setUserAttributes(user, loggingInUser);
|
|---|
| | |
|
|---|
| | | // Push the ldap looked up values to backing file
|
|---|
| | | super.updateUserModel(user);
|
|---|
| | | if (!supportsTeamMembershipChanges()) {
|
|---|
| | | for (TeamModel userTeam : user.teams)
|
|---|
| | | updateTeamModel(userTeam);
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | if (!supportsTeamMembershipChanges())
|
|---|
| | | getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);
|
|---|
| | | |
|---|
| | | // Get User Attributes
|
|---|
| | | setUserAttributes(user, loggingInUser);
|
|---|
| | |
|
|---|
| | | // Push the ldap looked up values to backing file
|
|---|
| | | super.updateUserModel(user);
|
|---|
| | | if (!supportsTeamMembershipChanges()) {
|
|---|
| | | for (TeamModel userTeam : user.teams)
|
|---|
| | | updateTeamModel(userTeam);
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | return user;
|
|---|
| | | }
|
|---|
| | | } finally {
|
|---|
| | | ldapConnection.close();
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | /**
|
|---|
| | | * Set the admin attribute from team memberships retrieved from LDAP.
|
|---|
| | | * If we are not storing teams in LDAP and/or we have not defined any
|
|---|
| | | * administrator teams, then do not change the admin flag.
|
|---|
| | | * |
|---|
| | | * @param user
|
|---|
| | | */
|
|---|
| | | private void setAdminAttribute(UserModel user) {
|
|---|
| | | user.canAdmin = false;
|
|---|
| | | List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
|
|---|
| | | for (String admin : admins) {
|
|---|
| | | if (admin.startsWith("@")) { // Team
|
|---|
| | | if (user.getTeam(admin.substring(1)) != null)
|
|---|
| | | user.canAdmin = true;
|
|---|
| | | } else
|
|---|
| | | if (user.getName().equalsIgnoreCase(admin))
|
|---|
| | | user.canAdmin = true;
|
|---|
| | | }
|
|---|
| | | if (!supportsTeamMembershipChanges()) {
|
|---|
| | | List<String> admins = settings.getStrings(Keys.realm.ldap.admins);
|
|---|
| | | // if we have defined administrative teams, then set admin flag
|
|---|
| | | // otherwise leave admin flag unchanged
|
|---|
| | | if (!ArrayUtils.isEmpty(admins)) {
|
|---|
| | | user.canAdmin = false;
|
|---|
| | | for (String admin : admins) {
|
|---|
| | | if (admin.startsWith("@")) { // Team
|
|---|
| | | if (user.getTeam(admin.substring(1)) != null)
|
|---|
| | | user.canAdmin = true;
|
|---|
| | | } else
|
|---|
| | | if (user.getName().equalsIgnoreCase(admin))
|
|---|
| | | user.canAdmin = true;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | |
|
|---|
| | | private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {
|
|---|
