View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.adminauthenticationwsso.util;
35  
36  import fr.paris.lutece.plugins.adminauthenticationwsso.AdminWssoAuthentication;
37  import fr.paris.lutece.plugins.adminauthenticationwsso.AdminWssoUser;
38  import fr.paris.lutece.portal.service.util.AppLogService;
39  import fr.paris.lutece.portal.service.util.AppPropertiesService;
40  import fr.paris.lutece.util.ldap.LdapUtil;
41  import java.text.MessageFormat;
42  import java.util.ArrayList;
43  import java.util.List;
44  import javax.naming.CommunicationException;
45  import javax.naming.NamingEnumeration;
46  import javax.naming.NamingException;
47  import javax.naming.directory.Attribute;
48  import javax.naming.directory.Attributes;
49  import javax.naming.directory.DirContext;
50  import javax.naming.directory.SearchControls;
51  import javax.naming.directory.SearchResult;
52  
53  
54  public class WssoLdapUtil
55  {
56      private static final String CONSTANT_WILDCARD = "*";
57      
58      private static final String PROPERTY_USER_DN_SEARCH_FILTER_BY_CRITERIA = "adminauthenticationwsso.ldap.userSearch.criteria";
59      private static final String PROPERTY_INITIAL_CONTEXT_PROVIDER = "adminauthenticationwsso.ldap.initialContextProvider";
60      private static final String PROPERTY_PROVIDER_URL = "adminauthenticationwsso.ldap.connectionUrl";
61      private static final String PROPERTY_BIND_DN = "adminauthenticationwsso.ldap.connectionName";
62      private static final String PROPERTY_BIND_PASSWORD = "adminauthenticationwsso.ldap.connectionPassword";
63      private static final String PROPERTY_USER_DN_SEARCH_BASE = "adminauthenticationwsso.ldap.userBase";
64      private static final String PROPERTY_USER_DN_SEARCH_FILTER_BY_GUID = "adminauthenticationwsso.ldap.userSearch.guid";
65      private static final String PROPERTY_USER_SUBTREE = "adminauthenticationwsso.ldap.userSubtree";
66      private static final String PROPERTY_DN_ATTRIBUTE_GUID = "adminauthenticationwsso.ldap.dn.attributeName.wssoGuid";
67      private static final String PROPERTY_DN_ATTRIBUTE_FAMILY_NAME = "adminauthenticationwsso.ldap.dn.attributeName.familyName";
68      private static final String PROPERTY_DN_ATTRIBUTE_GIVEN_NAME = "adminauthenticationwsso.ldap.dn.attributeName.givenName";
69      private static final String PROPERTY_DN_ATTRIBUTE_EMAIL = "adminauthenticationwsso.ldap.dn.attributeName.email";
70      private static final String ATTRIBUTE_GUID = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_GUID );
71      private static final String ATTRIBUTE_FAMILY_NAME = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_FAMILY_NAME );
72      private static final String ATTRIBUTE_GIVEN_NAME = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_GIVEN_NAME );
73      private static final String ATTRIBUTE_EMAIL = AppPropertiesService.getProperty( PROPERTY_DN_ATTRIBUTE_EMAIL );
74      
75      public static DirContext getNewContext( )
76      {
77          try
78          {
79             return LdapUtil.getContext( getInitialContextProvider(  ), getProviderUrl(  ), getBindDn(  ),
80                      getBindPassword(  ) ); 
81          }
82          catch( Exception e)
83          {
84              AppLogService.error( "Unable to open a new connection to LDAP to "+ getProviderUrl(  ), e );
85              return null;
86          }
87      }
88      
89      public static List<AdminWssoUser> getWssoUserListFromEmail( DirContext context, String strEmailSearch )
90      {
91          ArrayList<AdminWssoUser> userList = new ArrayList<AdminWssoUser>(  );
92          SearchResult sr = null;
93  
94          Object[] messageFormatParam = new Object[3];
95  
96          messageFormatParam[0] = checkSyntax( "" + CONSTANT_WILDCARD );
97          messageFormatParam[1] = checkSyntax( "" + CONSTANT_WILDCARD );
98          messageFormatParam[2] = checkSyntax( strEmailSearch + CONSTANT_WILDCARD );
99          
100         String strUserSearchFilter = MessageFormat.format( getUserDnSearchFilterByCriteria(  ), messageFormatParam );
101 
102         try
103         {
104             SearchControls scUserSearchControls = new SearchControls(  );
105             scUserSearchControls.setSearchScope( getUserDnSearchScope(  ) );
106             scUserSearchControls.setReturningObjFlag( true );
107             scUserSearchControls.setCountLimit( 0 );
108 
109             NamingEnumeration userResults = LdapUtil.searchUsers( context, strUserSearchFilter, getUserDnSearchBase(  ), "", scUserSearchControls );
110 
111             AppLogService.debug( AdminWssoUser.class.toString(  ) + " : Search users - Email : " + strUserSearchFilter );
112 
113             while ( ( userResults != null ) && userResults.hasMore(  ) )
114             {
115                 sr = (SearchResult) userResults.next(  );
116 
117                 Attributes attributes = sr.getAttributes(  );
118 
119                 //Last Name
120                 Attribute attributeLastName = attributes.get( ATTRIBUTE_FAMILY_NAME );
121                 String strLastName = "";
122 
123                 if ( attributeLastName != null )
124                 {
125                     strLastName = attributes.get( ATTRIBUTE_FAMILY_NAME ).get(  ).toString(  );
126                 }
127                 else
128                 {
129                     AppLogService.error( "Error while searching for users '" + attributes.toString(  ) +
130                         "' with search filter : " +  strUserSearchFilter  + " - last name is null" );
131                 }
132 
133                 //First Name
134                 Attribute attributeFirstName = attributes.get( ATTRIBUTE_GIVEN_NAME );
135                 String strFirstName = "";
136 
137                 if ( attributeLastName != null )
138                 {
139                     strFirstName = attributeFirstName.get(  ).toString(  );
140                 }
141                 else
142                 {
143                     AppLogService.error( "Error while searching for users '" + attributes.toString(  ) +
144                         "' with search filter : " + strUserSearchFilter + " - first name is null" );
145                 }
146 
147                 //Email
148                 Attribute attributeEmail = attributes.get( ATTRIBUTE_EMAIL );
149                 String strEmail = "";
150 
151                 if ( attributeLastName != null )
152                 {
153                     strEmail = attributeEmail.get(  ).toString(  );
154                 }
155                 else
156                 {
157                     AppLogService.error( "Error while searching for users '" + attributes.toString(  ) +
158                         "' with search filter : " + strUserSearchFilter + " - e-mail is null" );
159                 }
160 
161                 //guid
162                 Attribute attributeGuId = attributes.get( ATTRIBUTE_GUID );
163                 String strWssoId = "";
164 
165                 if ( attributeGuId != null )
166                 {
167                     strWssoId = attributeGuId.get(  ).toString(  );
168                     
169                     AdminWssoUser user = null;
170                     user = new AdminWssoUser( strWssoId, new AdminWssoAuthentication( ) );
171                     user.setLastName( strLastName );
172                     user.setFirstName( strFirstName );
173                     user.setEmail( strEmail );
174                     userList.add( user );
175                     AppLogService.debug( WssoLdapUtil.class.toString(  ) + " : Result " +
176                             "- LastName : " +  user.getLastName(  ) + 
177                             "- FirstName : " + user.getFirstName(  ) + 
178                             "- Email : " + user.getEmail(  ) );
179                 }
180                 else
181                 {
182                     AppLogService.error( "Error while searching for users '" + attributes.toString(  ) +
183                         "' with search filter : " +  strUserSearchFilter + " - guid is null" );
184                 }
185             }
186             return userList;
187         }
188         catch ( CommunicationException e )
189         {
190             AppLogService.error( "Error while searching for users '" + "' with search filter : " + strUserSearchFilter , e );
191             return userList;
192         }
193         catch ( NamingException e )
194         {
195             AppLogService.error( "Error while searching for users", e );
196             return userList;
197         }
198     }
199     
200     
201     public static String checkSyntax( String in )
202     {
203         return ( ( ( in == null ) || ( in.equals( "" ) ) ) ? "*" : in );
204     }
205     
206     public static String getUserDnSearchFilterByCriteria(  )
207     {
208         return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_FILTER_BY_CRITERIA );
209     }
210     
211     public static String getInitialContextProvider(  )
212     {
213         return AppPropertiesService.getProperty( PROPERTY_INITIAL_CONTEXT_PROVIDER );
214     }
215 
216     public static String getProviderUrl(  )
217     {
218         return AppPropertiesService.getProperty( PROPERTY_PROVIDER_URL );
219     }
220 
221     public static String getUserDnSearchBase(  )
222     {
223         return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_BASE );
224     }
225 
226     public static String getUserDnSearchFilterByGUID(  )
227     {
228         return AppPropertiesService.getProperty( PROPERTY_USER_DN_SEARCH_FILTER_BY_GUID );
229     }
230 
231     public static int getUserDnSearchScope(  )
232     {
233         String strSearchScope = AppPropertiesService.getProperty( PROPERTY_USER_SUBTREE );
234 
235         if ( strSearchScope.equalsIgnoreCase( "true" ) )
236         {
237             return SearchControls.SUBTREE_SCOPE;
238         }
239 
240         return SearchControls.ONELEVEL_SCOPE;
241     }
242 
243     public static String getBindDn(  )
244     {
245         return AppPropertiesService.getProperty( PROPERTY_BIND_DN );
246     }
247 
248     public static String getBindPassword(  )
249     {
250         return AppPropertiesService.getProperty( PROPERTY_BIND_PASSWORD );
251     }
252     
253 }