Commit d27b3f4c authored by benjamin.ertl's avatar benjamin.ertl

update ldap user

parent a887be1d
......@@ -31,6 +31,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
......
/* Copyright 2016 Karlsruhe Institute of Technology (KIT)
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
public class AuthenticationController {
private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);
@Value("${oauth2.authorizeUri}")
private String oauth2AuthorizeUri;
@Value("${oauth2.redirectUri}")
private String oauth2RedirectUri;
@Value("${oauth2.clientId}")
private String oauth2ClientId;
@RequestMapping("/login")
public String login(Model model) {
String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
redirectUrl += "?response_type=code&scope=openid&client_id=";
redirectUrl += oauth2ClientId;
redirectUrl += "&redirect_uri=";
redirectUrl += oauth2RedirectUri;
log.debug("Redirect to {}", redirectUrl);
return "redirect:" + redirectUrl;
}
@RequestMapping(path = "/oauth2")
public String oauth2Authentication(@RequestParam(value = "code", required = true) String code, Model model) {
log.debug(code);
model.addAttribute("code", code);
return "index";
}
}
......@@ -9,8 +9,12 @@
package edu.kit.scc;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -22,15 +26,16 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.token.AccessToken;
import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
import edu.kit.scc.dto.GroupDTO;
import edu.kit.scc.dto.UserDTO;
import edu.kit.scc.http.HttpClient;
import edu.kit.scc.http.HttpResponse;
import edu.kit.scc.ldap.LdapClient;
......@@ -64,13 +69,6 @@ public class RestServiceController {
@Autowired
private LdapClient ldapClient;
@RequestMapping(path = "/oauth2")
@ResponseBody
public String oauth2Authentication(@RequestParam(value = "code") String code) {
log.debug(code);
return code;
}
// expected body e.g.
// password=password
// password=https%3A%2F%2F512eebd9%3Fk%3D49806e48a5cd2941604eb9dfe321c3bc
......@@ -87,43 +85,93 @@ public class RestServiceController {
throw new UnauthorizedException();
}
log.debug(body);
log.debug("Request body {}", body);
// REG-APP
HttpResponse response = httpClient.makeHttpPostRequest(restUser, restPassword, body, serviceUrl + regId);
log.debug("Try reg-app authentication");
String regAppUrl = serviceUrl.replaceAll("/$", "");
regAppUrl += "/" + regId;
HttpResponse response = httpClient.makeHttpPostRequest(restUser, restPassword, body, regAppUrl);
if (response != null && response.statusCode == 200) {
log.debug("Reg-app authentication success");
// TODO harmonize
return;
}
// OIDC
JSONObject oidcJson = new JSONObject();
log.debug("Try OIDC authentication");
OIDCTokens tokens = null;
try {
String token = body.split("=")[1];
// oidcJson = oidcClient.requestUserInfo(token);
OIDCTokens tokens = oidcClient.requestTokens(token);
JWT jwt = tokens.getIDToken();
JWTClaimsSet claimsSet = jwt.getJWTClaimsSet();
log.debug(claimsSet.toJSONObject().toJSONString());
tokens = oidcClient.requestTokens(token);
} catch (ArrayIndexOutOfBoundsException e) {
log.error(e.getMessage());
throw new UnauthorizedException();
} catch (ParseException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (oidcJson != null && !oidcJson.isNull("error")) {
throw new UnauthorizedException(oidcJson.optString("error_description"));
String subject = null;
if (tokens != null) {
try {
JWT jwt = tokens.getIDToken();
JWTClaimsSet claimsSet = jwt.getJWTClaimsSet();
log.debug(claimsSet.toJSONObject().toJSONString());
AccessToken accessToken = tokens.getAccessToken();
oidcClient.requestUserInfo(accessToken.getValue());
subject = claimsSet.getSubject();
log.debug("OIDC authentication success");
} catch (ParseException e) {
log.error(e.getMessage());
throw new UnauthorizedException();
}
}
// SCIM
String name = oidcJson.optString("name");
JSONObject scimJson = scimClient.getUser(name);
UserDTO user = new UserDTO();
List<GroupDTO> groups = new ArrayList<GroupDTO>();
// we are looking for "roles" in the SCIM response and sync with LDAP
// SCIM
// we are looking for "roles" in the SCIM response, representing the
// user's groups, and the user information itself
log.debug("Try to get SCIM user information");
if (subject != null) {
JSONObject userJson = scimClient.getUser(subject);
if (userJson != null) {
try {
JSONArray resources = userJson.getJSONArray("Resources");
JSONObject userResource = resources.getJSONObject(0);
String userName = userResource.getString("userName");
user.setUid(userName);
JSONObject names = userResource.getJSONObject("name");
user.setCommonName(names.getString("givenName"));
user.setSurName(names.getString("familyName"));
user.setDescription(userResource.getString("id"));
log.debug(user.toString());
JSONArray roles = userResource.getJSONArray("groups");
for (int i = 0; i < roles.length(); i++) {
JSONObject role = roles.getJSONObject(i);
GroupDTO group = new GroupDTO();
group.setCommonName(role.getString("display"));
groups.add(group);
log.debug(group.toString());
}
} catch (JSONException e) {
// no additional user information
log.error(e.getMessage());
}
}
UserDTO ldapUser = ldapClient.getLdapUser(user.getUid());
}
// if nothing succeeded, fail
// if nothing succeeded, fail ... gracefully
throw new UnauthorizedException();
}
......
......@@ -15,7 +15,7 @@ import edu.kit.scc.dto.GroupDTO;
public interface GroupDAO {
public List<GroupDTO> getAllGroups();
public List<GroupDTO> getGroupDetails(String commonName);
public List<GroupDTO> getGroupDetails(int gidNumber);
public void insertGroup(GroupDTO groupDTO);
......
......@@ -10,10 +10,13 @@ package edu.kit.scc.dto;
public class UserDTO {
String uid;
String commonName;
String lastName;
String surName;
String homeDirectory;
String description;
String uid;
int uidNumber;
int gidNumber;
public String getUid() {
return uid;
......@@ -31,6 +34,22 @@ public class UserDTO {
this.commonName = commonName;
}
public String getSurName() {
return surName;
}
public void setSurName(String surName) {
this.surName = surName;
}
public String getHomeDirectory() {
return homeDirectory;
}
public void setHomeDirectory(String homeDirectory) {
this.homeDirectory = homeDirectory;
}
public String getDescription() {
return description;
}
......@@ -39,19 +58,29 @@ public class UserDTO {
this.description = description;
}
public String getLastName() {
return lastName;
public int getUidNumber() {
return uidNumber;
}
public void setUidNumber(int uidNumber) {
this.uidNumber = uidNumber;
}
public int getGidNumber() {
return gidNumber;
}
public void setLastName(String lastName) {
this.lastName = lastName;
public void setGidNumber(int gidNumber) {
this.gidNumber = gidNumber;
}
@Override
public String toString() {
return "UserDTO [" + (commonName != null ? "commonName=" + commonName + ", " : "")
+ (lastName != null ? "lastName=" + lastName + ", " : "")
+ (description != null ? "description=" + description + ", " : "") + (uid != null ? "uid=" + uid : "")
+ "]";
return "UserDTO [" + (uid != null ? "uid=" + uid + ", " : "")
+ (commonName != null ? "commonName=" + commonName + ", " : "")
+ (surName != null ? "surName=" + surName + ", " : "")
+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+ (description != null ? "description=" + description + ", " : "") + "uidNumber=" + uidNumber
+ ", gidNumber=" + gidNumber + "]";
}
}
\ No newline at end of file
......@@ -27,6 +27,7 @@ public class GroupAttributeMapper implements AttributesMapper<GroupDTO> {
Attribute gidNumber = attributes.get("gidNumber");
if (gidNumber != null)
groupDTO.setGidNumber(Integer.valueOf((String) gidNumber.get()));
return groupDTO;
}
......
......@@ -88,6 +88,25 @@ public class LdapClient {
@Autowired
private LdapGroupDAO ldapGroup;
/**
* Gets the user specified from the LDAP server.
*
* @param uid
* the user's uid
* @return a {@link UserDTO} with the LDAP user information
*/
public UserDTO getLdapUser(String uid) {
List<UserDTO> userList = ldapUser.getUserDetails(uid);
UserDTO user = null;
if (!userList.isEmpty()) {
user = userList.get(0);
log.info(user.toString());
}
return user;
}
/**
* Gets all users from the LDAP server.
*
......@@ -123,15 +142,25 @@ public class LdapClient {
* the user's common name
* @param sn
* the user's sure name
* @param uidNumber
* the user's uid number
* @param gidNumber
* the user's gid number
* @param homeDirectory
* the user's home directory
* @param description
* the user's description
*/
public void createUser(String uid, String cn, String sn, String description) {
public void createUser(String uid, String cn, String sn, int uidNumber, int gidNumber, String homeDirectory,
String description) {
UserDTO user = new UserDTO();
user.setCommonName(cn);
user.setDescription(description);
user.setLastName(sn);
user.setSurName(sn);
user.setUid(uid);
user.setGidNumber(gidNumber);
user.setUidNumber(uidNumber);
user.setHomeDirectory(homeDirectory);
ldapUser.insertUser(user);
}
}
......@@ -48,9 +48,9 @@ public class LdapGroupDAO implements GroupDAO {
}
@Override
public List<GroupDTO> getGroupDetails(String commonName) {
public List<GroupDTO> getGroupDetails(int gidNumber) {
AndFilter andFilter = new AndFilter();
andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("cn", commonName));
andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("gidNumber", gidNumber));
log.debug("LDAP query {}", andFilter.encode());
return ldapTemplate.search(groupBase, andFilter.encode(), new GroupAttributeMapper());
......
......@@ -44,13 +44,13 @@ public class LdapUserDAO implements UserDAO {
@Override
public List<UserDTO> getAllUsers() {
return ldapTemplate.search(userBase, "(objectclass=inetOrgPerson)", new UserAttributeMapper());
return ldapTemplate.search(userBase, "(objectclass=posixAccount)", new UserAttributeMapper());
}
@Override
public List<UserDTO> getUserDetails(String uid) {
AndFilter andFilter = new AndFilter();
andFilter.and(new EqualsFilter("objectclass", "inetOrgPerson")).and(new EqualsFilter("uid", uid));
andFilter.and(new EqualsFilter("objectclass", "posixAccount")).and(new EqualsFilter("uid", uid));
log.debug("LDAP query {}", andFilter.encode());
return ldapTemplate.search("", andFilter.encode(), new UserAttributeMapper());
......@@ -60,13 +60,17 @@ public class LdapUserDAO implements UserDAO {
public void insertUser(UserDTO userDTO) {
BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
personBasicAttribute.add("inetOrgPerson");
personBasicAttribute.add("posixAccount");
Attributes personAttributes = new BasicAttributes();
personAttributes.put(personBasicAttribute);
personAttributes.put("cn", userDTO.getCommonName());
personAttributes.put("sn", userDTO.getLastName());
personAttributes.put("sn", userDTO.getSurName());
personAttributes.put("description", userDTO.getDescription());
personAttributes.put("uid", userDTO.getUid());
personAttributes.put("uidNumber", String.valueOf(userDTO.getUidNumber()));
personAttributes.put("gidNumber", String.valueOf(userDTO.getGidNumber()));
personAttributes.put("homeDirectory", userDTO.getHomeDirectory());
LdapName newUserDN = LdapUtils.emptyLdapName();
try {
......@@ -84,13 +88,16 @@ public class LdapUserDAO implements UserDAO {
public void updateUser(UserDTO userDTO) {
BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
personBasicAttribute.add("inetOrgPerson");
personBasicAttribute.add("posixAccount");
Attributes personAttributes = new BasicAttributes();
personAttributes.put(personBasicAttribute);
personAttributes.put("cn", userDTO.getCommonName());
personAttributes.put("sn", userDTO.getLastName());
personAttributes.put("sn", userDTO.getSurName());
personAttributes.put("description", userDTO.getDescription());
personAttributes.put("uid", userDTO.getUid());
personAttributes.put("uidNumber", String.valueOf(userDTO.getUidNumber()));
personAttributes.put("gidNumber", String.valueOf(userDTO.getGidNumber()));
personAttributes.put("homeDirectory", userDTO.getHomeDirectory());
LdapName newUserDN = LdapUtils.emptyLdapName();
try {
......
......@@ -27,12 +27,21 @@ public class UserAttributeMapper implements AttributesMapper<UserDTO> {
String commonName = (String) attributes.get("cn").get();
if (commonName != null)
userDTO.setCommonName(commonName);
String lastName = (String) attributes.get("sn").get();
if (lastName != null)
userDTO.setLastName(lastName);
String surName = (String) attributes.get("sn").get();
if (surName != null)
userDTO.setSurName(surName);
String homeDirectory = (String) attributes.get("homeDirectory").get();
if (homeDirectory != null)
userDTO.setHomeDirectory(homeDirectory);
Attribute description = attributes.get("description");
if (description != null)
userDTO.setDescription((String) description.get());
Attribute gidNumber = attributes.get("gidNumber");
if (gidNumber != null)
userDTO.setGidNumber(Integer.valueOf((String) gidNumber.get()));
Attribute uidNumber = attributes.get("uidNumber");
if (uidNumber != null)
userDTO.setUidNumber(Integer.valueOf((String) uidNumber.get()));
return userDTO;
}
......
......@@ -52,7 +52,7 @@ public class ScimClient {
public JSONObject getUser(String name) {
JSONObject json = null;
HttpClient client = new HttpClient();
String url = userEndpoint + "?filter=userNameEq" + name;
String url = userEndpoint + "?userNameEq" + name;
HttpResponse response = client.makeHttpsGetRequest(user, password, url);
if (response != null) {
......
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>OAuth2 Access</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<p th:text="'Your authorization code is ' + ${code}" />
</body>
</html>
\ No newline at end of file
......@@ -36,6 +36,14 @@ public class LdapClientTest {
@Test
public void createLdapUserTest() {
ldapClient.createUser("newUser", "newUser", "newUser", "newUser");
String cn = "newPosixUser1";
String sn = "newPosixUser1";
String description = "new posix user";
String homeDirectory = "/home/newPosixUser1";
String uid = "newPosixUser1";
int uidNumber = 6001;
int gidNumber = 2222;
ldapClient.createUser(uid, cn, sn, uidNumber, gidNumber, homeDirectory, description);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment