update ldap user

pom.xml

@@ -31,6 +31,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>

src/main/java/edu/kit/scc/AuthenticationController.java

+/*   Copyright 2016 Karlsruhe Institute of Technology (KIT)
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+ */
+package edu.kit.scc;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Controller
+public class AuthenticationController {
+
+	private static final Logger log = LoggerFactory.getLogger(AuthenticationController.class);
+
+	@Value("${oauth2.authorizeUri}")
+	private String oauth2AuthorizeUri;
+
+	@Value("${oauth2.redirectUri}")
+	private String oauth2RedirectUri;
+
+	@Value("${oauth2.clientId}")
+	private String oauth2ClientId;
+
+	@RequestMapping("/login")
+	public String login(Model model) {
+		String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
+		redirectUrl += "?response_type=code&scope=openid&client_id=";
+		redirectUrl += oauth2ClientId;
+		redirectUrl += "&redirect_uri=";
+		redirectUrl += oauth2RedirectUri;
+		log.debug("Redirect to {}", redirectUrl);
+
+		return "redirect:" + redirectUrl;
+	}
+
+	@RequestMapping(path = "/oauth2")
+	public String oauth2Authentication(@RequestParam(value = "code", required = true) String code, Model model) {
+		log.debug(code);
+		model.addAttribute("code", code);
+		return "index";
+	}
+}

src/main/java/edu/kit/scc/RestServiceController.java

@@ -9,8 +9,12 @@
 package edu.kit.scc;
 
 import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.List;
 
 import org.apache.commons.codec.binary.Base64;
+import org.json.JSONArray;
+import org.json.JSONException;
 import org.json.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -22,15 +26,16 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.oauth2.sdk.token.AccessToken;
 import com.nimbusds.openid.connect.sdk.token.OIDCTokens;
 
+import edu.kit.scc.dto.GroupDTO;
+import edu.kit.scc.dto.UserDTO;
 import edu.kit.scc.http.HttpClient;
 import edu.kit.scc.http.HttpResponse;
 import edu.kit.scc.ldap.LdapClient;
@@ -64,13 +69,6 @@ public class RestServiceController {
 	@Autowired
 	private LdapClient ldapClient;
 
-	@RequestMapping(path = "/oauth2")
-	@ResponseBody
-	public String oauth2Authentication(@RequestParam(value = "code") String code) {
-		log.debug(code);
-		return code;
-	}
-
 	// expected body e.g.
 	// password=password
 	// password=https%3A%2F%2F512eebd9%3Fk%3D49806e48a5cd2941604eb9dfe321c3bc
@@ -87,43 +85,93 @@ public class RestServiceController {
 			throw new UnauthorizedException();
 		}
 
-		log.debug(body);
+		log.debug("Request body {}", body);
 
 		// REG-APP
-		HttpResponse response = httpClient.makeHttpPostRequest(restUser, restPassword, body, serviceUrl + regId);
+		log.debug("Try reg-app authentication");
+		String regAppUrl = serviceUrl.replaceAll("/$", "");
+		regAppUrl += "/" + regId;
+		HttpResponse response = httpClient.makeHttpPostRequest(restUser, restPassword, body, regAppUrl);
 		if (response != null && response.statusCode == 200) {
 			log.debug("Reg-app authentication success");
+			// TODO harmonize
 			return;
 		}
 
 		// OIDC
-		JSONObject oidcJson = new JSONObject();
+		log.debug("Try OIDC authentication");
+		OIDCTokens tokens = null;
 		try {
 			String token = body.split("=")[1];
 			// oidcJson = oidcClient.requestUserInfo(token);
-			OIDCTokens tokens = oidcClient.requestTokens(token);
-			JWT jwt = tokens.getIDToken();
-			JWTClaimsSet claimsSet = jwt.getJWTClaimsSet();
-			log.debug(claimsSet.toJSONObject().toJSONString());
-
+			tokens = oidcClient.requestTokens(token);
 		} catch (ArrayIndexOutOfBoundsException e) {
+			log.error(e.getMessage());
 			throw new UnauthorizedException();
-		} catch (ParseException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
 		}
 
-		if (oidcJson != null && !oidcJson.isNull("error")) {
-			throw new UnauthorizedException(oidcJson.optString("error_description"));
+		String subject = null;
+		if (tokens != null) {
+			try {
+				JWT jwt = tokens.getIDToken();
+				JWTClaimsSet claimsSet = jwt.getJWTClaimsSet();
+				log.debug(claimsSet.toJSONObject().toJSONString());
+
+				AccessToken accessToken = tokens.getAccessToken();
+				oidcClient.requestUserInfo(accessToken.getValue());
+
+				subject = claimsSet.getSubject();
+				log.debug("OIDC authentication success");
+			} catch (ParseException e) {
+				log.error(e.getMessage());
+				throw new UnauthorizedException();
+			}
 		}
 
-		// SCIM
-		String name = oidcJson.optString("name");
-		JSONObject scimJson = scimClient.getUser(name);
+		UserDTO user = new UserDTO();
+		List<GroupDTO> groups = new ArrayList<GroupDTO>();
 
-		// we are looking for "roles" in the SCIM response and sync with LDAP
+		// SCIM
+		// we are looking for "roles" in the SCIM response, representing the
+		// user's groups, and the user information itself
+		log.debug("Try to get SCIM user information");
+		if (subject != null) {
+			JSONObject userJson = scimClient.getUser(subject);
+			if (userJson != null) {
+				try {
+					JSONArray resources = userJson.getJSONArray("Resources");
+					JSONObject userResource = resources.getJSONObject(0);
+
+					String userName = userResource.getString("userName");
+					user.setUid(userName);
+
+					JSONObject names = userResource.getJSONObject("name");
+					user.setCommonName(names.getString("givenName"));
+					user.setSurName(names.getString("familyName"));
+
+					user.setDescription(userResource.getString("id"));
+
+					log.debug(user.toString());
+
+					JSONArray roles = userResource.getJSONArray("groups");
+					for (int i = 0; i < roles.length(); i++) {
+						JSONObject role = roles.getJSONObject(i);
+
+						GroupDTO group = new GroupDTO();
+						group.setCommonName(role.getString("display"));
+						groups.add(group);
+
+						log.debug(group.toString());
+					}
+				} catch (JSONException e) {
+					// no additional user information
+					log.error(e.getMessage());
+				}
+			}
+			UserDTO ldapUser = ldapClient.getLdapUser(user.getUid());
+		}
 
-		// if nothing succeeded, fail
+		// if nothing succeeded, fail ... gracefully
 		throw new UnauthorizedException();
 	}
 

src/main/java/edu/kit/scc/dao/GroupDAO.java

@@ -15,7 +15,7 @@ import edu.kit.scc.dto.GroupDTO;
 public interface GroupDAO {
 	public List<GroupDTO> getAllGroups();
 
-	public List<GroupDTO> getGroupDetails(String commonName);
+	public List<GroupDTO> getGroupDetails(int gidNumber);
 
 	public void insertGroup(GroupDTO groupDTO);
 

src/main/java/edu/kit/scc/dto/UserDTO.java

@@ -10,10 +10,13 @@ package edu.kit.scc.dto;
 
 public class UserDTO {
 
+	String uid;
 	String commonName;
-	String lastName;
+	String surName;
+	String homeDirectory;
 	String description;
-	String uid;
+	int uidNumber;
+	int gidNumber;
 
 	public String getUid() {
 		return uid;
@@ -31,6 +34,22 @@ public class UserDTO {
 		this.commonName = commonName;
 	}
 
+	public String getSurName() {
+		return surName;
+	}
+
+	public void setSurName(String surName) {
+		this.surName = surName;
+	}
+
+	public String getHomeDirectory() {
+		return homeDirectory;
+	}
+
+	public void setHomeDirectory(String homeDirectory) {
+		this.homeDirectory = homeDirectory;
+	}
+
 	public String getDescription() {
 		return description;
 	}
@@ -39,19 +58,29 @@ public class UserDTO {
 		this.description = description;
 	}
 
-	public String getLastName() {
-		return lastName;
+	public int getUidNumber() {
+		return uidNumber;
+	}
+
+	public void setUidNumber(int uidNumber) {
+		this.uidNumber = uidNumber;
+	}
+
+	public int getGidNumber() {
+		return gidNumber;
 	}
 
-	public void setLastName(String lastName) {
-		this.lastName = lastName;
+	public void setGidNumber(int gidNumber) {
+		this.gidNumber = gidNumber;
 	}
 
 	@Override
 	public String toString() {
-		return "UserDTO [" + (commonName != null ? "commonName=" + commonName + ", " : "")
-				+ (lastName != null ? "lastName=" + lastName + ", " : "")
-				+ (description != null ? "description=" + description + ", " : "") + (uid != null ? "uid=" + uid : "")
-				+ "]";
+		return "UserDTO [" + (uid != null ? "uid=" + uid + ", " : "")
+				+ (commonName != null ? "commonName=" + commonName + ", " : "")
+				+ (surName != null ? "surName=" + surName + ", " : "")
+				+ (homeDirectory != null ? "homeDirectory=" + homeDirectory + ", " : "")
+				+ (description != null ? "description=" + description + ", " : "") + "uidNumber=" + uidNumber
+				+ ", gidNumber=" + gidNumber + "]";
 	}
 }
\ No newline at end of file

src/main/java/edu/kit/scc/ldap/GroupAttributeMapper.java

@@ -27,6 +27,7 @@ public class GroupAttributeMapper implements AttributesMapper<GroupDTO> {
 		Attribute gidNumber = attributes.get("gidNumber");
 		if (gidNumber != null)
 			groupDTO.setGidNumber(Integer.valueOf((String) gidNumber.get()));
+
 		return groupDTO;
 	}
 

src/main/java/edu/kit/scc/ldap/LdapClient.java

@@ -88,6 +88,25 @@ public class LdapClient {
 	@Autowired
 	private LdapGroupDAO ldapGroup;
 
+	/**
+	 * Gets the user specified from the LDAP server.
+	 * 
+	 * @param uid
+	 *            the user's uid
+	 * @return a {@link UserDTO} with the LDAP user information
+	 */
+	public UserDTO getLdapUser(String uid) {
+		List<UserDTO> userList = ldapUser.getUserDetails(uid);
+		UserDTO user = null;
+
+		if (!userList.isEmpty()) {
+			user = userList.get(0);
+			log.info(user.toString());
+		}
+
+		return user;
+	}
+
 	/**
 	 * Gets all users from the LDAP server.
 	 * 
@@ -123,15 +142,25 @@ public class LdapClient {
 	 *            the user's common name
 	 * @param sn
 	 *            the user's sure name
+	 * @param uidNumber
+	 *            the user's uid number
+	 * @param gidNumber
+	 *            the user's gid number
+	 * @param homeDirectory
+	 *            the user's home directory
 	 * @param description
 	 *            the user's description
 	 */
-	public void createUser(String uid, String cn, String sn, String description) {
+	public void createUser(String uid, String cn, String sn, int uidNumber, int gidNumber, String homeDirectory,
+			String description) {
 		UserDTO user = new UserDTO();
 		user.setCommonName(cn);
 		user.setDescription(description);
-		user.setLastName(sn);
+		user.setSurName(sn);
 		user.setUid(uid);
+		user.setGidNumber(gidNumber);
+		user.setUidNumber(uidNumber);
+		user.setHomeDirectory(homeDirectory);
 		ldapUser.insertUser(user);
 	}
 }

src/main/java/edu/kit/scc/ldap/LdapGroupDAO.java

@@ -48,9 +48,9 @@ public class LdapGroupDAO implements GroupDAO {
 	}
 
 	@Override
-	public List<GroupDTO> getGroupDetails(String commonName) {
+	public List<GroupDTO> getGroupDetails(int gidNumber) {
 		AndFilter andFilter = new AndFilter();
-		andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("cn", commonName));
+		andFilter.and(new EqualsFilter("objectclass", "posixGroup")).and(new EqualsFilter("gidNumber", gidNumber));
 		log.debug("LDAP query {}", andFilter.encode());
 
 		return ldapTemplate.search(groupBase, andFilter.encode(), new GroupAttributeMapper());

src/main/java/edu/kit/scc/ldap/LdapUserDAO.java

@@ -44,13 +44,13 @@ public class LdapUserDAO implements UserDAO {
 
 	@Override
 	public List<UserDTO> getAllUsers() {
-		return ldapTemplate.search(userBase, "(objectclass=inetOrgPerson)", new UserAttributeMapper());
+		return ldapTemplate.search(userBase, "(objectclass=posixAccount)", new UserAttributeMapper());
 	}
 
 	@Override
 	public List<UserDTO> getUserDetails(String uid) {
 		AndFilter andFilter = new AndFilter();
-		andFilter.and(new EqualsFilter("objectclass", "inetOrgPerson")).and(new EqualsFilter("uid", uid));
+		andFilter.and(new EqualsFilter("objectclass", "posixAccount")).and(new EqualsFilter("uid", uid));
 		log.debug("LDAP query {}", andFilter.encode());
 
 		return ldapTemplate.search("", andFilter.encode(), new UserAttributeMapper());
@@ -60,13 +60,17 @@ public class LdapUserDAO implements UserDAO {
 	public void insertUser(UserDTO userDTO) {
 		BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
 		personBasicAttribute.add("inetOrgPerson");
+		personBasicAttribute.add("posixAccount");
 
 		Attributes personAttributes = new BasicAttributes();
 		personAttributes.put(personBasicAttribute);
 		personAttributes.put("cn", userDTO.getCommonName());
-		personAttributes.put("sn", userDTO.getLastName());
+		personAttributes.put("sn", userDTO.getSurName());
 		personAttributes.put("description", userDTO.getDescription());
 		personAttributes.put("uid", userDTO.getUid());
+		personAttributes.put("uidNumber", String.valueOf(userDTO.getUidNumber()));
+		personAttributes.put("gidNumber", String.valueOf(userDTO.getGidNumber()));
+		personAttributes.put("homeDirectory", userDTO.getHomeDirectory());
 
 		LdapName newUserDN = LdapUtils.emptyLdapName();
 		try {
@@ -84,13 +88,16 @@ public class LdapUserDAO implements UserDAO {
 	public void updateUser(UserDTO userDTO) {
 		BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
 		personBasicAttribute.add("inetOrgPerson");
+		personBasicAttribute.add("posixAccount");
 
 		Attributes personAttributes = new BasicAttributes();
-		personAttributes.put(personBasicAttribute);
 		personAttributes.put("cn", userDTO.getCommonName());
-		personAttributes.put("sn", userDTO.getLastName());
+		personAttributes.put("sn", userDTO.getSurName());
 		personAttributes.put("description", userDTO.getDescription());
 		personAttributes.put("uid", userDTO.getUid());
+		personAttributes.put("uidNumber", String.valueOf(userDTO.getUidNumber()));
+		personAttributes.put("gidNumber", String.valueOf(userDTO.getGidNumber()));
+		personAttributes.put("homeDirectory", userDTO.getHomeDirectory());
 
 		LdapName newUserDN = LdapUtils.emptyLdapName();
 		try {

src/main/java/edu/kit/scc/ldap/UserAttributeMapper.java

@@ -27,12 +27,21 @@ public class UserAttributeMapper implements AttributesMapper<UserDTO> {
 		String commonName = (String) attributes.get("cn").get();
 		if (commonName != null)
 			userDTO.setCommonName(commonName);
-		String lastName = (String) attributes.get("sn").get();
-		if (lastName != null)
-			userDTO.setLastName(lastName);
+		String surName = (String) attributes.get("sn").get();
+		if (surName != null)
+			userDTO.setSurName(surName);
+		String homeDirectory = (String) attributes.get("homeDirectory").get();
+		if (homeDirectory != null)
+			userDTO.setHomeDirectory(homeDirectory);
 		Attribute description = attributes.get("description");
 		if (description != null)
 			userDTO.setDescription((String) description.get());
+		Attribute gidNumber = attributes.get("gidNumber");
+		if (gidNumber != null)
+			userDTO.setGidNumber(Integer.valueOf((String) gidNumber.get()));
+		Attribute uidNumber = attributes.get("uidNumber");
+		if (uidNumber != null)
+			userDTO.setUidNumber(Integer.valueOf((String) uidNumber.get()));
 		return userDTO;
 	}
 

src/main/java/edu/kit/scc/scim/ScimClient.java

@@ -52,7 +52,7 @@ public class ScimClient {
 	public JSONObject getUser(String name) {
 		JSONObject json = null;
 		HttpClient client = new HttpClient();
-		String url = userEndpoint + "?filter=userNameEq" + name;
+		String url = userEndpoint + "?userNameEq" + name;
 		HttpResponse response = client.makeHttpsGetRequest(user, password, url);
 
 		if (response != null) {

src/main/resources/templates/index.html

+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<title>OAuth2 Access</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+	<p th:text="'Your authorization code is ' + ${code}" />
+</body>
+</html>
\ No newline at end of file

src/test/java/edu/kit/scc/test/ldap/LdapClientTest.java

@@ -36,6 +36,14 @@ public class LdapClientTest {
 
 	@Test
 	public void createLdapUserTest() {
-		ldapClient.createUser("newUser", "newUser", "newUser", "newUser");
+		String cn = "newPosixUser1";
+		String sn = "newPosixUser1";
+		String description = "new posix user";
+		String homeDirectory = "/home/newPosixUser1";
+		String uid = "newPosixUser1";
+		int uidNumber = 6001;
+		int gidNumber = 2222;
+
+		ldapClient.createUser(uid, cn, sn, uidNumber, gidNumber, homeDirectory, description);
 	}
 }