/** * Creates an {@link Experimenter} based on the supplied LDAP username. * Enforces user password validation. * * @param username * The user's LDAP username. * @param password * The user's LDAP password, not null. * @return The newly created {@link Experimenter} object. */ public Experimenter createUser(String username, String password) { return createUser(username, password, true); }
private String getLdapDN(String user) { try { String dn = ldapUtil.findDN(user); if (log.isDebugEnabled()) { log.debug(String.format("findDN(%s)=%s", user, dn)); } return dn; } catch (ApiUsageException e) { if (log.isDebugEnabled()) { log.debug(String.format("findDN(%s) is empty", user)); } return null; } } }
@RolesAllowed("system") public String findDN(String username) { PersonContextMapper mapper = getPersonContextMapper(); return mapper.getDn(findExperimenter(username)); }
@RolesAllowed("system") public Experimenter findExperimenter(String username) { PersonContextMapper mapper = getPersonContextMapper(); return mapUserName(username, mapper); }
@RolesAllowed("system") public ExperimenterGroup findGroup(String groupname) { GroupContextMapper mapper = getGroupContextMapper(); return mapGroupName(groupname, mapper); }
/** * Only returns if the user is already in the database and has a DN value in * the password table. Note: after a call to * {@link #checkPassword(String, String, boolean)} with this same user value, this * method might begin to return {@code true} due to a call to * {@link LdapImpl#createUser(String, String)}. */ @Override public boolean hasPassword(String user) { if (ldapUtil.getSetting()) { Long id = util.userId(user); if (id != null) { String dn = ldapUtil.lookupLdapAuthExperimenter(id); if (dn != null) { return true; } } } return false; }
@Override public Boolean checkPassword(String user, String password, boolean readOnly) { if (!ldapUtil.getSetting()) { return null; // EARLY EXIT! throw new IllegalStateException("Cannot create user!"); Experimenter experimenter = ldapUtil.createUser(user, password); String dn = ldapUtil.lookupLdapAuthExperimenter(id); if (dn != null) { return loginAttempt(user, ldapUtil.validatePassword(dn, password));
public void synchronizeLdapUser(String username) { if (!config.isSyncOnLogin()) { if (getBeanHelper().getLogger().isTraceEnabled()) { getBeanHelper().getLogger().trace("sync_on_login=false"); Experimenter ldapExp = findExperimenter(username); String ldapDN = getPersonContextMapper().getDn(ldapExp); DistinguishedName dn = new DistinguishedName(ldapDN); GroupLoader loader = new GroupLoader(username, dn); modifyGroups(omeExp, currentLdapGroups, ldapGroups, false); modifyGroups(omeExp, ldapGroups, currentLdapGroups, true); getBeanHelper().getLogger().info( String.format("Nulling %s for %s, was:", fieldname, username, ome)); getBeanHelper().getLogger().info( String.format("Changing %s for %s: %s -> %s", fieldname, username, ome, ldap));
@Override public Boolean checkPassword(String user, String password, boolean readOnly) { if (!ldapUtil.getSetting()) { return null; // EARLY EXIT! throw new IllegalStateException("Cannot create user!"); Experimenter experimenter = ldapUtil.createUser(user, password); ldapUtil.synchronizeLdapUser(user); return loginAttempt(user, ldapUtil.validatePassword(dn1, password));
Experimenter exp = findExperimenter(username); String ldapDn = getPersonContextMapper().getDn(exp); DistinguishedName dn = new DistinguishedName(ldapDn); access = validatePassword(dn.toString(), password);
@RolesAllowed("system") public String findGroupDN(String groupname) { GroupContextMapper mapper = getGroupContextMapper(); return mapper.getDn(findGroup(groupname)); }
@RolesAllowed("system") public List<Experimenter> discover() { List<Experimenter> discoveredExperimenters = Lists.newArrayList(); Roles r = getSecuritySystem().getSecurityRoles(); List<Experimenter> localExperimenters = iQuery.findAllByQuery( "select distinct e from Experimenter e " + "where id not in (:ids) and ldap = :ldap", new Parameters() .addIds(Lists.newArrayList(r.getRootId(), r.getGuestId())) .addBoolean("ldap", false)); for (Experimenter e : localExperimenters) { try { findExperimenter(e.getOmeName()); } catch (ApiUsageException aue) { // This user doesn't have an LDAP account continue; } discoveredExperimenters.add(e); } return discoveredExperimenters; }
@RolesAllowed("system") public List<ExperimenterGroup> discoverGroups() { List<ExperimenterGroup> discoveredGroups = Lists.newArrayList(); Roles r = getSecuritySystem().getSecurityRoles(); List<ExperimenterGroup> localGroups = iQuery.findAllByQuery( "select distinct g from ExperimenterGroup g " + "where id not in (:ids) and ldap = :ldap", new Parameters().addIds( Lists.newArrayList(r.getGuestGroupId(), r.getSystemGroupId(), r.getUserGroupId())) .addBoolean("ldap", false)); for (ExperimenterGroup g : localGroups) { try { findGroup(g.getName()); } catch (ApiUsageException aue) { // This group doesn't exist in the LDAP server continue; } discoveredGroups.add(g); } return discoveredGroups; }
@RolesAllowed("system") public Experimenter searchByDN(String dns) { DistinguishedName dn = new DistinguishedName(dns); return (Experimenter) ldap.lookup(dn, getPersonContextMapper()); }
private PersonContextMapper getPersonContextMapper() { return new PersonContextMapper(config, getBase()); }
final Logger log = getBeanHelper().getLogger(); Set<Long> ids = new HashSet<Long>(base);
/** * Only returns if the user is already in the database and has a DN value in * the password table. Note: after a call to * {@link #checkPassword(String, String,boolean)} with this same user value, this * method might begin to return {@code true} due to a call to * {@link LdapImpl#createUser(String, String)}. */ @Override public boolean hasPassword(String user) { if (ldapUtil.getSetting()) { Long id = util.userId(user); if (id != null) { String dn = ldapUtil.lookupLdapAuthExperimenter(id); if (dn != null) { return true; } } } return false; }
@SuppressWarnings("unchecked") @RolesAllowed("system") public List<Experimenter> searchAll() { return ldap.search(DistinguishedName.EMPTY_PATH, config.getUserFilter() .encode(), getPersonContextMapper()); }
private PersonContextMapper getPersonContextMapper(String attr) { return new PersonContextMapper(config, getBase(), attr); }
@SuppressWarnings("unchecked") @RolesAllowed("system") public List<Experimenter> searchByAttribute(String dns, String attr, String value) { DistinguishedName dn; if (dns == null) { dn = DistinguishedName.EMPTY_PATH; } else { dn = new DistinguishedName(dns); } if (attr != null && !attr.equals("") && value != null && !value.equals("")) { AndFilter filter = new AndFilter(); filter.and(config.getUserFilter()); filter.and(new EqualsFilter(attr, value)); return ldap.search(dn, filter.encode(), getPersonContextMapper()); } else { return Collections.emptyList(); } }