yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-08-21 15:48:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add more logging for ldap login, refactor some authentication code

Browse Source
This commit is contained in:
Yi Wang 2017-04-05 11:21:20 -07:00 committed by Mars Lan
parent ae902f1f57
commit 577f0d0c1b
2 changed files with 34 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/app/controllers/Application.java
View File

@ -192,9 +192,6 @@ public class Application extends Controller
@BodyParser.Of(BodyParser.Json.class) @BodyParser.Of(BodyParser.Json.class)
public static Result authenticate() { public static Result authenticate() {
// Create a new response ObjectNode to return when authenticate
// request is successful
ObjectNode response = Json.newObject();
JsonNode json = request().body().asJson(); JsonNode json = request().body().asJson();
// Extract username and password as String from JsonNode, // Extract username and password as String from JsonNode,
// null if they are not strings // null if they are not strings
@ -224,16 +221,17 @@ public class Application extends Controller
return badRequest("Invalid credentials"); return badRequest("Invalid credentials");
} }
// Adds the username to the session cookie // Adds the username to the session cookie
session("user", username); session("user", username);
// Contruct an ObjectNode with the username and uuid token to be sent with the response // Construct an ObjectNode with the username and uuid token to be sent with the response
ObjectNode data = Json.newObject(); ObjectNode data = Json.newObject();
data.put("username", username); data.put("username", username);
data.put("uuid", uuid); data.put("uuid", uuid);
response.put("status", "ok");
response.put("data", data);
// Create a new response ObjectNode to return when authenticate request is successful
ObjectNode response = Json.newObject();
response.put("status", "ok");
response.set("data", data);
return ok(response); return ok(response);
} }

61
web/app/security/AuthenticationManager.java
View File

@ -39,38 +39,42 @@ import javax.naming.directory.SearchResult;
public class AuthenticationManager { public class AuthenticationManager {
public static String MASTER_LDAP_URL_KEY = "authentication.ldap.url"; private static final String MASTER_LDAP_URL_KEY = "authentication.ldap.url";
public static String MASTER_PRINCIPAL_DOMAIN_KEY = "authentication.principal.domain"; private static final String MASTER_PRINCIPAL_DOMAIN_KEY = "authentication.principal.domain";
public static String LDAP_CONTEXT_FACTORY_CLASS_KEY = "authentication.ldap.context_factory_class"; private static final String LDAP_CONTEXT_FACTORY_CLASS_KEY = "authentication.ldap.context_factory_class";
public static String LDAP_SEARCH_BASE_KEY = "authentication.ldap.search.base"; private static final String LDAP_SEARCH_BASE_KEY = "authentication.ldap.search.base";
public static String LDAP_DISPLAY_NAME_KEY = "displayName"; private static final String LDAP_DISPLAY_NAME_KEY = "displayName";
public static String LDAP_MAIL_KEY = "mail"; private static final String LDAP_MAIL_KEY = "mail";
public static String LDAP_DEPARTMENT_NUMBER_KEY = "departmentNumber"; private static final String LDAP_DEPARTMENT_NUMBER_KEY = "departmentNumber";
public static void authenticateUser(String userName, String password) private static final String contextFactories =
throws NamingException, SQLException { Play.application().configuration().getString(LDAP_CONTEXT_FACTORY_CLASS_KEY);
/* three LDAP properties, each is a '|' separated string of same number of tokens. e.g.
Url: "ldaps://ldap1.abc.com:1234|ldap://ldap2.abc.com:5678"
Principal Domain: "@abc.com|@abc.cn"
Search Base: "ou=Staff Users,dc=abc,dc=com|ou=Staff Users,dc=abc,dc=cn"
*/
private static final String[] ldapUrls =
Play.application().configuration().getString(MASTER_LDAP_URL_KEY).split("\\s*\\|\\s*");
private static final String[] principalDomains =
Play.application().configuration().getString(MASTER_PRINCIPAL_DOMAIN_KEY).split("\\s*\\|\\s*");
private static final String[] ldapSearchBase =
Play.application().configuration().getString(LDAP_SEARCH_BASE_KEY).split("\\s*\\|\\s*");
public static void authenticateUser(String userName, String password) throws NamingException, SQLException {
if (userName == null || userName.isEmpty() || password == null || password.isEmpty()) { if (userName == null || userName.isEmpty() || password == null || password.isEmpty()) {
throw new IllegalArgumentException("Username and password can not be blank."); throw new IllegalArgumentException("Username and password can not be blank.");
} }
// authenticate through WhereHows DB
if (UserDAO.authenticate(userName, password)) { if (UserDAO.authenticate(userName, password)) {
UserDAO.insertLoginHistory(userName, "default", "SUCCESS", null); UserDAO.insertLoginHistory(userName, "default", "SUCCESS", null);
return; return;
} }
final String contextFactories = Play.application().configuration().getString(LDAP_CONTEXT_FACTORY_CLASS_KEY); // authenticate through each LDAP servers
/* three LDAP properties, each is a '|' separated string of same number of tokens. e.g.
Url: "ldaps://ldap1.abc.com:1234|ldap://ldap2.abc.com:5678"
Principal Domain: "@abc.com|@abc.cn"
Search Base: "ou=Staff Users,dc=abc,dc=com|ou=Staff Users,dc=abc,dc=cn"
*/
final String[] ldapUrls = Play.application().configuration().getString(MASTER_LDAP_URL_KEY).split("\\s*\\|\\s*");
final String[] principalDomains =
Play.application().configuration().getString(MASTER_PRINCIPAL_DOMAIN_KEY).split("\\s*\\|\\s*");
final String[] ldapSearchBase =
Play.application().configuration().getString(LDAP_SEARCH_BASE_KEY).split("\\s*\\|\\s*");
DirContext ctx = null; DirContext ctx = null;
int i; int i;
for (i = 0; i < ldapUrls.length; i++) { for (i = 0; i < ldapUrls.length; i++) {
@ -84,7 +88,7 @@ public class AuthenticationManager {
} }
break; break;
} catch (NamingException e) { } catch (NamingException e) {
// Logger.error("Ldap authentication failed for user " + userName + " - " + principalDomains[i] + " - " + ldapUrls[i], e); Logger.warn("Ldap authentication failed for: " + userName + " - " + ldapUrls[i], e.toString());
// if exhausted all ldap options and can't authenticate user // if exhausted all ldap options and can't authenticate user
if (i >= ldapUrls.length - 1) { if (i >= ldapUrls.length - 1) {
@ -114,9 +118,8 @@ public class AuthenticationManager {
return env; return env;
} }
public static Map<String, String> getUserAttributes(DirContext ctx, String searchBase, String userName, private static Map<String, String> getUserAttributes(DirContext ctx, String searchBase, String userName,
String principalDomain, String... attributeNames) String principalDomain, String... attributeNames) throws NamingException {
throws NamingException {
if (StringUtils.isBlank(userName)) { if (StringUtils.isBlank(userName)) {
throw new IllegalArgumentException("Username and password can not be blank."); throw new IllegalArgumentException("Username and password can not be blank.");
} }
@ -131,12 +134,7 @@ public class AuthenticationManager {
NamingEnumeration<? extends SearchResult> searchResult = ctx.search(searchBase, matchAttr, attributeNames); NamingEnumeration<? extends SearchResult> searchResult = ctx.search(searchBase, matchAttr, attributeNames);
if (ctx != null) {
ctx.close();
}
Map<String, String> result = new HashMap<>(); Map<String, String> result = new HashMap<>();
if (searchResult.hasMore()) { if (searchResult.hasMore()) {
NamingEnumeration<? extends Attribute> attributes = searchResult.next().getAttributes().getAll(); NamingEnumeration<? extends Attribute> attributes = searchResult.next().getAttributes().getAll();
@ -151,9 +149,8 @@ public class AuthenticationManager {
return result; return result;
} }
public static User getAttributes(DirContext ctx, String searchBase, String userName, String principalDomain) private static User getAttributes(DirContext ctx, String searchBase, String userName, String principalDomain)
throws NamingException, SQLException { throws NamingException, SQLException {
Map<String, String> userDetailMap = Map<String, String> userDetailMap =
getUserAttributes(ctx, searchBase, userName, principalDomain, LDAP_DISPLAY_NAME_KEY, LDAP_MAIL_KEY, getUserAttributes(ctx, searchBase, userName, principalDomain, LDAP_DISPLAY_NAME_KEY, LDAP_MAIL_KEY,
LDAP_DEPARTMENT_NUMBER_KEY); LDAP_DEPARTMENT_NUMBER_KEY);