0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #571 modify ldap handling

Browse source
This commit is contained in:
Shinsuke Sugaya 2016-07-14 15:53:47 +09:00
parent 3eeb4957c9
commit ab1e2d0adb
6 changed files with 58 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/main/java/org/codelibs/fess/app/web/base/FessSearchAction.java
View file

@ -29,7 +29,7 @@ import org.apache.commons.lang3.StringEscapeUtils;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.net.URLUtil;
import org.codelibs.fess.Constants;
import org.codelibs.fess.app.web.login.LoginAction;
import org.codelibs.fess.app.web.sso.SsoAction;
import org.codelibs.fess.es.client.FessEsClient;
import org.codelibs.fess.helper.LabelTypeHelper;
import org.codelibs.fess.helper.OpenSearchHelper;
@ -206,7 +206,7 @@ public abstract class FessSearchAction extends FessBaseAction {
}
protected HtmlResponse redirectToLogin() {
return redirect(LoginAction.class);
return redirect(SsoAction.class);
}
protected HtmlResponse redirectToRoot() {

10
src/main/java/org/codelibs/fess/app/web/sso/SsoAction.java
View file

@ -15,6 +15,8 @@
*/
package org.codelibs.fess.app.web.sso;
import javax.servlet.http.HttpServletResponse;
import org.codelibs.fess.app.web.base.FessLoginAction;
import org.codelibs.fess.app.web.base.login.EmptyLoginCredential;
import org.codelibs.fess.app.web.base.login.LoginCredential;
@ -24,6 +26,7 @@ import org.codelibs.fess.util.ComponentUtil;
import org.lastaflute.web.Execute;
import org.lastaflute.web.login.exception.LoginFailureException;
import org.lastaflute.web.response.ActionResponse;
import org.lastaflute.web.servlet.filter.RequestLoggingFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -48,7 +51,8 @@ public class SsoAction extends FessLoginAction {
saveError(messages -> messages.addErrorsSsoLoginError(GLOBAL));
return redirect(LoginAction.class);
} else if (loginCredential instanceof EmptyLoginCredential) {
return null;
throw new RequestLoggingFilter.RequestClientErrorException("Your request is not authorized.", "401 Unauthorized",
HttpServletResponse.SC_UNAUTHORIZED);
}
try {
return fessLoginAssist.loginRedirect(loginCredential, op -> {}, () -> {
@ -59,7 +63,9 @@ public class SsoAction extends FessLoginAction {
if (logger.isDebugEnabled()) {
logger.debug("SSO login failure.", lfe);
}
saveError(messages -> messages.addErrorsSsoLoginError(GLOBAL));
if (fessConfig.isSsoEnabled()) {
saveError(messages -> messages.addErrorsSsoLoginError(GLOBAL));
}
return redirect(LoginAction.class);
}
}

11
src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
View file

@ -106,9 +106,14 @@ public class RoleQueryHelper {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
final RequestManager requestManager = ComponentUtil.getRequestManager();
requestManager.findUserBean(FessUserBean.class)
.ifPresent(fessUserBean -> stream(fessUserBean.getPermissions()).of(stream -> stream.forEach(roleList::add)))
.orElse(() -> roleList.addAll(fessConfig.getSearchGuestPermissionList()));
try {
requestManager.findUserBean(FessUserBean.class)
.ifPresent(fessUserBean -> stream(fessUserBean.getPermissions()).of(stream -> stream.forEach(roleList::add)))
.orElse(() -> roleList.addAll(fessConfig.getSearchGuestPermissionList()));
} catch (RuntimeException e) {
requestManager.findLoginManager(FessUserBean.class).ifPresent(manager -> manager.logout());
throw e;
}
if (defaultRoleList != null) {
roleList.addAll(defaultRoleList);

45
src/main/java/org/codelibs/fess/ldap/LdapManager.java
View file

@ -74,21 +74,29 @@ public class LdapManager {
protected Hashtable<String, String> createAdminEnv() {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
return createEnvironment(fessConfig.getLdapAdminInitialContextFactory(), fessConfig.getLdapAdminSecurityAuthentication(),
fessConfig.getLdapAdminProviderUrl(), fessConfig.getLdapAdminSecurityPrincipal(),
return createEnvironment(//
fessConfig.getLdapAdminInitialContextFactory(), //
fessConfig.getLdapAdminSecurityAuthentication(), fessConfig.getLdapAdminProviderUrl(), //
fessConfig.getLdapAdminSecurityPrincipal(), //
fessConfig.getLdapAdminSecurityCredentials());
}
protected Hashtable<String, String> createSearchEnv(final String username, final String password) {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
return createEnvironment(fessConfig.getLdapInitialContextFactory(), fessConfig.getLdapSecurityAuthentication(),
fessConfig.getLdapProviderUrl(), fessConfig.getLdapSecurityPrincipal(username), password);
return createEnvironment(//
fessConfig.getLdapInitialContextFactory(), //
fessConfig.getLdapSecurityAuthentication(), //
fessConfig.getLdapProviderUrl(), //
fessConfig.getLdapSecurityPrincipal(username), password);
}
protected Hashtable<String, String> createSearchEnv() {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
return createEnvironment(fessConfig.getLdapInitialContextFactory(), fessConfig.getLdapSecurityAuthentication(),
fessConfig.getLdapProviderUrl(), fessConfig.getLdapAdminSecurityPrincipal(), fessConfig.getLdapAdminSecurityCredentials());
return createEnvironment(//
fessConfig.getLdapAdminInitialContextFactory(), //
fessConfig.getLdapAdminSecurityAuthentication(), fessConfig.getLdapAdminProviderUrl(), //
fessConfig.getLdapAdminSecurityPrincipal(), //
fessConfig.getLdapAdminSecurityCredentials());
}
public OptionalEntity<FessUser> login(final String username, final String password) {
@ -141,19 +149,18 @@ public class LdapManager {
// LDAP: cn=%s
// AD: (&(objectClass=user)(sAMAccountName=%s))
final String filter = String.format(accountFilter, ldapUser.getName());
search(bindDn, filter, new String[] { fessConfig.getLdapMemberofAttribute() },
() -> createSearchEnv(ldapUser.getName(), ldapUser.getPassword()), result -> {
processSearchRoles(result, (entryDn, name) -> {
final boolean isRole = entryDn.toLowerCase(Locale.ROOT).indexOf("ou=role") != -1;
if (isRole) {
if (fessConfig.isLdapRoleSearchRoleEnabled()) {
roleList.add(systemHelper.getSearchRoleByRole(name));
}
} else if (fessConfig.isLdapRoleSearchGroupEnabled()) {
roleList.add(systemHelper.getSearchRoleByGroup(name));
}
});
});
search(bindDn, filter, new String[] { fessConfig.getLdapMemberofAttribute() }, () -> ldapUser.getEnvironment(), result -> {
processSearchRoles(result, (entryDn, name) -> {
final boolean isRole = entryDn.toLowerCase(Locale.ROOT).indexOf("ou=role") != -1;
if (isRole) {
if (fessConfig.isLdapRoleSearchRoleEnabled()) {
roleList.add(systemHelper.getSearchRoleByRole(name));
}
} else if (fessConfig.isLdapRoleSearchGroupEnabled()) {
roleList.add(systemHelper.getSearchRoleByGroup(name));
}
});
});
return roleList.toArray(new String[roleList.size()]);
}

3
src/main/java/org/codelibs/fess/ldap/LdapUser.java
View file

@ -84,7 +84,4 @@ public class LdapUser implements FessUser {
return env;
}
public String getPassword() {
return getEnvironment().get(Context.SECURITY_CREDENTIALS);
}
}

22
src/main/java/org/codelibs/fess/sso/spnego/SpnegoAuthenticator.java
View file

@ -15,6 +15,7 @@
*/
package org.codelibs.fess.sso.spnego;
import java.io.File;
import java.util.Enumeration;
import javax.annotation.PostConstruct;
@ -22,7 +23,7 @@ import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletResponse;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.io.ResourceUtil;
import org.codelibs.fess.app.web.base.login.EmptyLoginCredential;
import org.codelibs.fess.app.web.base.login.LoginCredential;
import org.codelibs.fess.app.web.base.login.SsoLoginCredential;
@ -100,11 +101,8 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
logger.debug("principal=" + principal);
}
final String username = LaRequestUtil.getOptionalRequest().map(r -> r.getRemoteUser()).orElseGet(() -> null);
if (StringUtil.isBlank(username)) {
return null;
}
return new SsoLoginCredential(username);
final String[] username = principal.getName().split("@", 2);
return new SsoLoginCredential(username[0]);
}).orElseGet(() -> null);
}
@ -128,9 +126,9 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
if (SpnegoHttpFilter.Constants.LOGGER_LEVEL.equals(name)) {
return fessConfig.getSpnegoLoggerLevel();
} else if (SpnegoHttpFilter.Constants.LOGIN_CONF.equals(name)) {
return fessConfig.getSpnegoLoginConf();
return getResourcePath(fessConfig.getSpnegoLoginConf());
} else if (SpnegoHttpFilter.Constants.KRB5_CONF.equals(name)) {
return fessConfig.getSpnegoKrb5Conf();
return getResourcePath(fessConfig.getSpnegoKrb5Conf());
} else if (SpnegoHttpFilter.Constants.CLIENT_MODULE.equals(name)) {
return fessConfig.getSpnegoLoginClientModule();
} else if (SpnegoHttpFilter.Constants.SERVER_MODULE.equals(name)) {
@ -153,6 +151,14 @@ public class SpnegoAuthenticator implements SsoAuthenticator {
return null;
}
protected String getResourcePath(final String path) {
final File file = ResourceUtil.getResourceAsFileNoException(path);
if (file != null) {
return file.getAbsolutePath();
}
return null;
}
@Override
public Enumeration<String> getInitParameterNames() {
throw new UnsupportedOperationException();