1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.adminauthenticationwsso;
35
36 import fr.paris.lutece.portal.business.user.AdminUser;
37 import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
38 import fr.paris.lutece.portal.service.util.AppLogService;
39 import fr.paris.lutece.portal.service.util.AppPropertiesService;
40 import fr.paris.lutece.util.ldap.LdapUtil;
41
42 import java.text.MessageFormat;
43
44 import java.util.ArrayList;
45 import java.util.Collection;
46 import java.util.Collections;
47 import java.util.Comparator;
48
49 import javax.naming.CommunicationException;
50 import javax.naming.NamingEnumeration;
51 import javax.naming.NamingException;
52 import javax.naming.directory.Attribute;
53 import javax.naming.directory.Attributes;
54 import javax.naming.directory.DirContext;
55 import javax.naming.directory.SearchControls;
56 import javax.naming.directory.SearchResult;
57
58 import javax.security.auth.login.LoginException;
59
60 import javax.servlet.http.Cookie;
61 import javax.servlet.http.HttpServletRequest;
62
63
64
65
66
67 public class AdminWssoAuthentication implements AdminAuthentication
68 {
69
70 private static final String CONSTANT_WILDCARD = "*";
71
72
73 private static final String PROPERTY_AUTH_SERVICE_NAME = "adminauthenticationwsso.service.name";
74 private static final String PROPERTY_COOKIE_AUTHENTIFICATION = "adminauthenticationwsso.cookie.authenticationMode";
75 private static final String PROPERTY_COOKIE_WSSOGUID = "adminauthenticationwsso.cookie.wssoguid";
76 private static final String PROPERTY_COOKIE_LASTNAME = "adminauthenticationwsso.cookie.lastname";
77 private static final String PROPERTY_COOKIE_FIRSTNAME = "adminauthenticationwsso.cookie.firstname";
78 private static final String PROPERTY_COOKIE_EMAIL = "adminauthenticationwsso.cookie.email";
79
80 public static final String WSSO_CHANGE_PASSWORD_URL = "adminauthenticationwsso.url.changePassword";
81
82
83 private static final String PROPERTY_INITIAL_CONTEXT_PROVIDER = "adminauthenticationwsso.ldap.initialContextProvider";
84 private static final String PROPERTY_PROVIDER_URL = "adminauthenticationwsso.ldap.connectionUrl";
85 private static final String PROPERTY_BIND_DN = "adminauthenticationwsso.ldap.connectionName";
86 private static final String PROPERTY_BIND_PASSWORD = "adminauthenticationwsso.ldap.connectionPassword";
87 private static final String PROPERTY_USER_DN_SEARCH_BASE = "adminauthenticationwsso.ldap.userBase";
88 private static final String PROPERTY_USER_DN_SEARCH_FILTER_BY_GUID = "adminauthenticationwsso.ldap.userSearch.guid";
89 private static final String PROPERTY_USER_DN_SEARCH_FILTER_BY_CRITERIA = "adminauthenticationwsso.ldap.userSearch.criteria";
90 private static final String PROPERTY_USER_SUBTREE = "adminauthenticationwsso.ldap.userSubtree";
91 private static final String PROPERTY_DN_ATTRIBUTE_GUID = "adminauthenticationwsso.ldap.dn.attributeName.wssoGuid";
92 private static final String PROPERTY_DN_ATTRIBUTE_FAMILY_NAME = "adminauthenticationwsso.ldap.dn.attributeName.familyName";
93 private static final String PROPERTY_DN_ATTRIBUTE_GIVEN_NAME = "adminauthenticationwsso.ldap.dn.attributeName.givenName";
94 private static final String PROPERTY_DN_ATTRIBUTE_EMAIL = "adminauthenticationwsso.ldap.dn.attributeName.email";
95 private static final String ATTRIBUTE_GUID = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_GUID );
96 private static final String ATTRIBUTE_FAMILY_NAME = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_FAMILY_NAME );
97 private static final String ATTRIBUTE_GIVEN_NAME = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_GIVEN_NAME );
98 private static final String ATTRIBUTE_EMAIL = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_EMAIL );
99
100
101 private static final Comparator<AdminWssoUser> COMPARATOR_USER = new Comparator<AdminWssoUser>( )
102 {
103 public int compare( AdminWssoUser./../../../fr/paris/lutece/plugins/adminauthenticationwsso/AdminWssoUser.html#AdminWssoUser">AdminWssoUser user1, AdminWssoUser user2 )
104 {
105 int nOrder = user1.getLastName( ).toUpperCase( ).compareTo( user2.getLastName( ).toUpperCase( ) );
106
107 if ( nOrder == 0 )
108 {
109 nOrder = user1.getFirstName( ).toUpperCase( ).compareTo( user2.getFirstName( ).toUpperCase( ) );
110
111 if ( nOrder == 0 )
112 {
113 nOrder = user1.getEmail( ).toUpperCase( ).compareTo( user2.getEmail( ).toUpperCase( ) );
114 }
115 }
116
117 return nOrder;
118 }
119 };
120
121
122
123
124 private SearchControls _scUserSearchControls;
125
126
127
128
129 public AdminWssoAuthentication( )
130 {
131 super( );
132 }
133
134
135
136
137 public String getAuthServiceName( )
138 {
139 return AppPropertiesService.getProperty( PROPERTY_AUTH_SERVICE_NAME );
140 }
141
142
143
144
145 public String getAuthType( HttpServletRequest request )
146 {
147 Cookie[] cookies = request.getCookies( );
148 String strAuthType = request.getAuthType( );
149
150 for ( int i = 0; i < cookies.length; i++ )
151 {
152 Cookie cookie = cookies[i];
153
154 if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_AUTHENTIFICATION ) ) )
155 {
156 strAuthType = cookie.getValue( );
157 }
158 }
159
160 return strAuthType;
161 }
162
163
164
165
166 public AdminUser login( String strAccessCode, String strUserPassword, HttpServletRequest request )
167 throws LoginException
168 {
169
170 return getHttpAuthenticatedUser( request );
171 }
172
173
174
175
176 public void logout( AdminUser user )
177 {
178
179 }
180
181
182
183
184 public AdminUser getAnonymousUser( )
185 {
186 throw new java.lang.UnsupportedOperationException(
187 "La methode getAnonymousUser() n'est pas encore implementee." );
188 }
189
190
191
192
193
194 public boolean isExternalAuthentication( )
195 {
196 return true;
197 }
198
199
200
201
202 public AdminUser getHttpAuthenticatedUser( HttpServletRequest request )
203 {
204 Cookie[] cookies = request.getCookies( );
205 AdminWssoUser user = null;
206 String strUserID = null;
207 String strFamilyName = null;
208 String strGivenName = null;
209 String strEmail = "";
210
211 for ( int i = 0; i < cookies.length; i++ )
212 {
213 Cookie cookie = cookies[i];
214
215 if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_WSSOGUID ) ) )
216 {
217 strUserID = cookie.getValue( );
218 }
219 else if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_LASTNAME ) ) )
220 {
221 strFamilyName = cookie.getValue( );
222 }
223 else if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_FIRSTNAME ) ) )
224 {
225 strGivenName = cookie.getValue( );
226 }
227 else if ( cookie.getName( ).equals( AppPropertiesService.getProperty( PROPERTY_COOKIE_EMAIL ) ) )
228 {
229 strEmail = cookie.getValue( );
230 }
231 }
232
233 if ( strUserID != null )
234 {
235 user = new AdminWssoUser( strUserID, this );
236 user.setLastName( strFamilyName );
237 user.setFirstName( strGivenName );
238 user.setEmail( strEmail );
239 }
240
241 return user;
242 }
243
244
245
246
247 public String getLoginPageUrl( )
248 {
249 return null;
250 }
251
252
253
254
255 public String getChangePasswordPageUrl( )
256 {
257 return WSSO_CHANGE_PASSWORD_URL;
258 }
259
260
261
262
263 public String getDoLoginUrl( )
264 {
265
266 return null;
267 }
268
269
270
271
272 public String getDoLogoutUrl( )
273 {
274
275 return null;
276 }
277
278
279
280
281 public String getNewAccountPageUrl( )
282 {
283
284 return null;
285 }
286
287
288
289
290 public String getViewAccountPageUrl( )
291 {
292
293 return null;
294 }
295
296
297
298
299 public String getLostPasswordPageUrl( )
300 {
301
302 return null;
303 }
304
305
306
307
308 public String getLostLoginPageUrl( )
309 {
310
311 return null;
312 }
313
314
315
316
317 public Collection getUserList( String strParameterLastName, String strParameterFirstName, String strParameterEmail )
318 {
319 ArrayList<AdminWssoUser> userList = new ArrayList<AdminWssoUser>( );
320 SearchResult sr = null;
321 Object[] messageFormatParam = new Object[3];
322
323 DirContext context = null;
324
325 messageFormatParam[0] = checkSyntax( strParameterLastName + CONSTANT_WILDCARD );
326 messageFormatParam[1] = checkSyntax( strParameterFirstName + CONSTANT_WILDCARD );
327 messageFormatParam[2] = checkSyntax( strParameterEmail + CONSTANT_WILDCARD );
328
329 String strUserSearchFilter = MessageFormat.format( getUserDnSearchFilterByCriteria( ), messageFormatParam );
330
331 try
332 {
333 _scUserSearchControls = new SearchControls( );
334 _scUserSearchControls.setSearchScope( getUserDnSearchScope( ) );
335 _scUserSearchControls.setReturningObjFlag( true );
336 _scUserSearchControls.setCountLimit( 0 );
337
338 context = LdapUtil.getContext( getInitialContextProvider( ), getProviderUrl( ), getBindDn( ),
339 getBindPassword( ) );
340
341 NamingEnumeration userResults = LdapUtil.searchUsers( context, strUserSearchFilter,
342 getUserDnSearchBase( ), "", _scUserSearchControls );
343
344 AppLogService.debug( this.getClass( ).toString( ) + " : Search users - LastName : " +
345 messageFormatParam[0] + "- FirstName : " + messageFormatParam[1] + "- Email : " +
346 messageFormatParam[2] );
347
348 while ( ( userResults != null ) && userResults.hasMore( ) )
349 {
350 sr = (SearchResult) userResults.next( );
351
352 Attributes attributes = sr.getAttributes( );
353
354
355 Attribute attributeLastName = attributes.get( ATTRIBUTE_FAMILY_NAME );
356 String strLastName = "";
357
358 if ( attributeLastName != null )
359 {
360 strLastName = attributes.get( ATTRIBUTE_FAMILY_NAME ).get( ).toString( );
361 }
362 else
363 {
364 AppLogService.error( "Error while searching for users '" + attributes.toString( ) +
365 "' with search filter : " + getDebugInfo( strUserSearchFilter ) + " - last name is null" );
366 }
367
368
369 Attribute attributeFirstName = attributes.get( ATTRIBUTE_GIVEN_NAME );
370 String strFirstName = "";
371
372 if ( attributeLastName != null )
373 {
374 strFirstName = attributeFirstName.get( ).toString( );
375 }
376 else
377 {
378 AppLogService.error( "Error while searching for users '" + attributes.toString( ) +
379 "' with search filter : " + getDebugInfo( strUserSearchFilter ) + " - first name is null" );
380 }
381
382
383 Attribute attributeEmail = attributes.get( ATTRIBUTE_EMAIL );
384 String strEmail = "";
385
386 if ( attributeLastName != null )
387 {
388 strEmail = attributeEmail.get( ).toString( );
389 }
390 else
391 {
392 AppLogService.error( "Error while searching for users '" + attributes.toString( ) +
393 "' with search filter : " + getDebugInfo( strUserSearchFilter ) + " - e-mail is null" );
394 }
395
396
397 Attribute attributeGuId = attributes.get( ATTRIBUTE_GUID );
398 String strWssoId = "";
399
400 if ( attributeGuId != null )
401 {
402 strWssoId = attributeGuId.get( ).toString( );
403
404 AdminWssoUseruthenticationwsso/AdminWssoUser.html#AdminWssoUser">AdminWssoUser user = new AdminWssoUser( strWssoId, this );
405 user.setLastName( strLastName );
406 user.setFirstName( strFirstName );
407 user.setEmail( strEmail );
408 userList.add( user );
409 AppLogService.debug( this.getClass( ).toString( ) + " : Result - LastName : " +
410 user.getLastName( ) + "- FirstName : " + user.getFirstName( ) + "- Email : " +
411 user.getEmail( ) );
412 }
413 else
414 {
415 AppLogService.error( "Error while searching for users '" + attributes.toString( ) +
416 "' with search filter : " + getDebugInfo( strUserSearchFilter ) + " - guid is null" );
417 }
418 }
419
420 Collections.sort( userList, COMPARATOR_USER );
421
422 return userList;
423 }
424 catch ( CommunicationException e )
425 {
426 AppLogService.error( "Error while searching for users '" + "' with search filter : " +
427 getDebugInfo( strUserSearchFilter ), e );
428
429 return null;
430 }
431 catch ( NamingException e )
432 {
433 AppLogService.error( "Error while searching for users", e );
434
435 return null;
436 }
437 finally
438 {
439 try
440 {
441 LdapUtil.freeContext( context );
442 }
443 catch ( NamingException naming )
444 {
445
446 }
447 }
448 }
449
450
451
452
453 public AdminUser getUserPublicData( String strId )
454 {
455 AdminWssoUser user = null;
456 SearchResult sr = null;
457 Object[] messageFormatParam = new Object[1];
458
459 DirContext context = null;
460
461 messageFormatParam[0] = strId;
462
463 String strUserSearchFilter = MessageFormat.format( getUserDnSearchFilterByGUID( ), messageFormatParam );
464
465 try
466 {
467 _scUserSearchControls = new SearchControls( );
468 _scUserSearchControls.setSearchScope( getUserDnSearchScope( ) );
469 _scUserSearchControls.setReturningObjFlag( true );
470 _scUserSearchControls.setCountLimit( 0 );
471
472 context = LdapUtil.getContext( getInitialContextProvider( ), getProviderUrl( ), getBindDn( ),
473 getBindPassword( ) );
474
475 NamingEnumeration userResults = LdapUtil.searchUsers( context, strUserSearchFilter,
476 getUserDnSearchBase( ), "", _scUserSearchControls );
477 AppLogService.debug( this.getClass( ).toString( ) + " : create user - GUID : " + messageFormatParam[0] );
478
479 int count = 0;
480
481 while ( ( userResults != null ) && userResults.hasMore( ) )
482 {
483 sr = (SearchResult) userResults.next( );
484
485 Attributes attributes = sr.getAttributes( );
486 String strWssoId = attributes.get( ATTRIBUTE_GUID ).get( ).toString( );
487 String strLastName = attributes.get( ATTRIBUTE_FAMILY_NAME ).get( ).toString( );
488 String strFirstName = attributes.get( ATTRIBUTE_GIVEN_NAME ).get( ).toString( );
489 String strEmail = attributes.get( ATTRIBUTE_EMAIL ).get( ).toString( );
490
491 user = new AdminWssoUser( strWssoId, this );
492 user.setLastName( strLastName );
493 user.setFirstName( strFirstName );
494 user.setEmail( strEmail );
495 count++;
496 AppLogService.debug( this.getClass( ).toString( ) + " : Result - LastName : " + user.getLastName( ) +
497 "- FirstName : " + user.getFirstName( ) + "- Email : " + user.getEmail( ) );
498 }
499
500
501 if ( count > 1 )
502 {
503 AppLogService.error( "More than one entry in the directory for id " + strId );
504
505 return null;
506 }
507
508 return user;
509 }
510 catch ( CommunicationException e )
511 {
512 AppLogService.error( "Error while searching for users '" + "' with search filter : " +
513 getDebugInfo( strUserSearchFilter ), e );
514
515 return null;
516 }
517 catch ( NamingException e )
518 {
519 AppLogService.error( "Error while searching for users", e );
520
521 return null;
522 }
523 finally
524 {
525 try
526 {
527 LdapUtil.freeContext( context );
528 }
529 catch ( NamingException naming )
530 {
531
532 }
533 }
534 }
535
536 private String checkSyntax( String in )
537 {
538 return ( ( ( in == null ) || ( in.equals( "" ) ) ) ? "*" : in );
539 }
540
541 private String getDebugInfo( String strUserSearchFilter )
542 {
543 StringBuffer sb = new StringBuffer( );
544 sb.append( "userBase : " );
545 sb.append( getUserDnSearchBase( ) );
546 sb.append( "\nuserSearch : " );
547 sb.append( strUserSearchFilter );
548
549 return sb.toString( );
550 }
551
552 private String getInitialContextProvider( )
553 {
554 return AppPropertiesService.getProperty( PROPERTY_INITIAL_CONTEXT_PROVIDER );
555 }
556
557 private String getProviderUrl( )
558 {
559 return AppPropertiesService.getProperty( PROPERTY_PROVIDER_URL );
560 }
561
562 private String getUserDnSearchBase( )
563 {
564 return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_BASE );
565 }
566
567 private String getUserDnSearchFilterByGUID( )
568 {
569 return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_FILTER_BY_GUID );
570 }
571
572 private String getUserDnSearchFilterByCriteria( )
573 {
574 return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_FILTER_BY_CRITERIA );
575 }
576
577 private int getUserDnSearchScope( )
578 {
579 String strSearchScope = AppPropertiesService.getProperty( PROPERTY_USER_SUBTREE );
580
581 if ( strSearchScope.equalsIgnoreCase( "true" ) )
582 {
583 return SearchControls.SUBTREE_SCOPE;
584 }
585
586 return SearchControls.ONELEVEL_SCOPE;
587 }
588
589 private String getBindDn( )
590 {
591 return AppPropertiesService.getProperty( PROPERTY_BIND_DN );
592 }
593
594 private String getBindPassword( )
595 {
596 return AppPropertiesService.getProperty( PROPERTY_BIND_PASSWORD );
597 }
598 }