inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Heinous merge from HEAD. Seems to basically work. Be on guard however.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@4137 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-10-18 02:24:36 +00:00
parent 6441f470f5
commit 111296d4dc
156 changed files with 18940 additions and 14167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

315
source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
View File

@@ -25,219 +25,359 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.springframework.dao.DataAccessException;
/**
* An authority DAO that has no implementation and should not be called.
* An authority DAO that has no implementation.
*
* By default it will throw an exception if any method is called.
*
* Any of the getter/setter methods can be enabled with a no action implementation.
*
* This can support deleting users via the UI for LDAP and NTLM. The Alfresco person object is deleted from the UI.
* The call to delete the user will return with no action.
*
* The following methods will always fail.
*
* getMD4HashedPassword(String userName)
* loadUserByUsername(String arg0)
* getSalt(UserDetails user)
*
* @author Andy Hind
*/
public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
{
private boolean allowCreateUser = false;
private boolean allowUpdateUser = false;
private boolean allowDeleteUser = false;
private boolean allowSetEnabled = false;
private boolean allowGetEnabled = false;
private boolean allowSetAccountExpires = false;
private boolean allowGetAccountHasExpired = false;
private boolean allowSetCredentialsExpire = false;
private boolean allowGetCredentialsExpire = false;
private boolean allowGetCredentialsHaveExpired = false;
private boolean allowSetAccountLocked = false;
private boolean allowGetAccountLocked = false;
private boolean allowSetAccountExpiryDate = false;
private boolean allowGetAccountExpiryDate = false;
private boolean allowSetCredentialsExpiryDate = false;
private boolean allowGetCredentialsExpiryDate = false;
/**
* Create a user with the given userName and password
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void createUser(String userName, char[] rawPassword) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowCreateUser)
{
throw new AlfrescoRuntimeException("Create User is not supported");
}
}
/**
* Update a user's password.
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowUpdateUser)
{
throw new AlfrescoRuntimeException("Update user is not supported");
}
}
/**
* Delete a user.
*
* If enabled does nothing.
*
* @param userName
* @throws AuthenticationException
*/
public void deleteUser(String userName) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowDeleteUser)
{
throw new AlfrescoRuntimeException("Delete user is not supported");
}
}
/**
* Check is a user exists.
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean userExists(String userName)
{
// All users may exist
return true;
}
/**
* Enable/disable a user.
*
* If enabled does nothing.
*
* @param userName
* @param enabled
*/
public void setEnabled(String userName, boolean enabled)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetEnabled)
{
throw new AlfrescoRuntimeException("Set enabled is not supported");
}
}
/**
* Getter for user enabled
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean getEnabled(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetEnabled)
{
throw new AlfrescoRuntimeException("Get enabled is not supported");
}
return true;
}
/**
* Set if the account should expire
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setAccountExpires(String userName, boolean expires)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Set account expires is not supported");
}
}
/**
* Does the account expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountExpires(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Get account expires is not supported");
}
return false;
}
/**
* Has the account expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountHasExpired(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountHasExpired)
{
throw new AlfrescoRuntimeException("Get account has expired is not supported");
}
return false;
}
/**
* Set if the password expires.
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setCredentialsExpire(String userName, boolean expires)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Set credentials expire is not supported");
}
}
/**
* Do the credentials for the user expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsExpire(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Get credentials expire is not supported");
}
return false;
}
/**
* Have the credentials for the user expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsHaveExpired(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsHaveExpired)
{
throw new AlfrescoRuntimeException("Get credentials have expired is not supported");
}
return false;
}
/**
* Set if the account is locked.
*
* If enabled does nothing.
*
* @param userName
* @param locked
*/
public void setLocked(String userName, boolean locked)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountLocked)
{
throw new AlfrescoRuntimeException("Set account locked is not supported");
}
}
/**
* Is the account locked?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountlocked(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountLocked)
{
throw new AlfrescoRuntimeException("Get account locked is not supported");
}
return false;
}
/**
* Set the date on which the account expires
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setAccountExpiryDate(String userName, Date exipryDate)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Set account expiry date is not supported");
}
}
/**
/**
* Get the date when this account expires.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getAccountExpiryDate(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Get account expiry date is not supported");
}
return null;
}
/**
* Set the date when credentials expire.
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setCredentialsExpiryDate(String userName, Date exipryDate)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Set credentials expiry date is not supported");
}
}
/**
* Get the date when the credentials/password expire.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getCredentialsExpiryDate(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Get credentials expiry date is not supported");
}
return null;
}
/**
* Get the MD4 password hash
*
* Always throws an exception.
*
* @param userName
* @return
*/
@@ -249,7 +389,10 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
/**
* Return the user details for the specified user
*
* @param user String
* Always throws an exception.
*
* @param user
* String
* @return UserDetails
* @exception UsernameNotFoundException
* @exception DataAccessException
@@ -262,11 +405,99 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
/**
* Return salt for user
*
* @param user UserDetails
* Always throws an exception.
*
* @param user
* UserDetails
* @return Object
*/
public Object getSalt(UserDetails user)
{
throw new AlfrescoRuntimeException("Not implemented");
}
// -------- //
// Bean IOC //
// -------- //
public void setAllowCreateUser(boolean allowCreateUser)
{
this.allowCreateUser = allowCreateUser;
}
public void setAllowDeleteUser(boolean allowDeleteUser)
{
this.allowDeleteUser = allowDeleteUser;
}
public void setAllowGetAccountExpiryDate(boolean allowGetAccountExpiryDate)
{
this.allowGetAccountExpiryDate = allowGetAccountExpiryDate;
}
public void setAllowGetAccountHasExpired(boolean allowGetAccountHasExpired)
{
this.allowGetAccountHasExpired = allowGetAccountHasExpired;
}
public void setAllowGetAccountLocked(boolean allowGetAccountLocked)
{
this.allowGetAccountLocked = allowGetAccountLocked;
}
public void setAllowGetCredentialsExpire(boolean allowGetCredentialsExpire)
{
this.allowGetCredentialsExpire = allowGetCredentialsExpire;
}
public void setAllowGetCredentialsExpiryDate(boolean allowGetCredentialsExpiryDate)
{
this.allowGetCredentialsExpiryDate = allowGetCredentialsExpiryDate;
}
public void setAllowGetCredentialsHaveExpired(boolean allowGetCredentialsHaveExpired)
{
this.allowGetCredentialsHaveExpired = allowGetCredentialsHaveExpired;
}
public void setAllowGetEnabled(boolean allowGetEnabled)
{
this.allowGetEnabled = allowGetEnabled;
}
public void setAllowSetAccountExpires(boolean allowSetAccountExpires)
{
this.allowSetAccountExpires = allowSetAccountExpires;
}
public void setAllowSetAccountExpiryDate(boolean allowSetAccountExpiryDate)
{
this.allowSetAccountExpiryDate = allowSetAccountExpiryDate;
}
public void setAllowSetAccountLocked(boolean allowSetAccountLocked)
{
this.allowSetAccountLocked = allowSetAccountLocked;
}
public void setAllowSetCredentialsExpire(boolean allowSetCredentialsExpire)
{
this.allowSetCredentialsExpire = allowSetCredentialsExpire;
}
public void setAllowSetCredentialsExpiryDate(boolean allowSetCredentialsExpiryDate)
{
this.allowSetCredentialsExpiryDate = allowSetCredentialsExpiryDate;
}
public void setAllowSetEnabled(boolean allowSetEnabled)
{
this.allowSetEnabled = allowSetEnabled;
}
public void setAllowUpdateUser(boolean allowUpdateUser)
{
this.allowUpdateUser = allowUpdateUser;
}
}

1532
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

File diff suppressed because it is too large Load Diff

124
source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java
View File

@@ -30,17 +30,22 @@ import javax.naming.directory.InitialDirContext;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory, InitializingBean
{
private static final Log logger = LogFactory.getLog(LDAPInitialDirContextFactoryImpl.class);
private Map<String, String> initialDirContextEnvironment = Collections.<String, String> emptyMap();
static
{
System.setProperty("javax.security.auth.useSubjectCredentialsOnly", "false");
}
public LDAPInitialDirContextFactoryImpl()
{
super();
@@ -87,11 +92,22 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
{
throw new AuthenticationException("Null user name provided.");
}
if (principal.length() == 0)
{
throw new AuthenticationException("Empty user name provided.");
}
if (credentials == null)
{
throw new AuthenticationException("No credentials provided.");
}
if (credentials.length() == 0)
{
throw new AuthenticationException("Empty credentials provided.");
}
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, principal);
@@ -187,4 +203,108 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
}
public void afterPropertiesSet() throws Exception
{
// Check Anonymous bind
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.remove(Context.SECURITY_PRINCIPAL);
env.remove(Context.SECURITY_CREDENTIALS);
try
{
new InitialDirContext(env);
logger.warn("LDAP server supports anonymous bind " + env.get(Context.PROVIDER_URL));
}
catch (javax.naming.AuthenticationException ax)
{
}
catch (NamingException nx)
{
throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", nx);
}
// Simple DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "daftAsABrush");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple string user ids and invalid credentials at "+ env.get(Context.PROVIDER_URL));
}
// DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "cn=daftAsABrush,dc=woof");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a simple dn and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple DN and invalid password at "+ env.get(Context.PROVIDER_URL));
}
// Check more if we have a real principal we expect to work
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
if(env.get(Context.SECURITY_PRINCIPAL) != null)
{
// Correct principal invalid password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
// already donw
}
}
}
}

676
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -1,334 +1,342 @@
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private String defaultHomeFolder;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setDefaultHomeFolder(String defaultHomeFolder)
{
this.defaultHomeFolder = defaultHomeFolder;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
// Default home folder
if (!(attributeMapping.keySet().contains(ContentModel.PROP_HOMEFOLDER.toString()) || attributeMapping
.keySet().contains(ContentModel.PROP_HOMEFOLDER.toPrefixString(namespaceService))))
{
// Only if we are creating the person for the first time
if (!personService.personExists(uid))
{
writer.startElement(ContentModel.PROP_HOMEFOLDER.getNamespaceURI(),
ContentModel.PROP_HOMEFOLDER.getLocalName(), ContentModel.PROP_HOMEFOLDER
.toPrefixString(namespaceService), new AttributesImpl());
if (defaultHomeFolder != null)
{
writer.characters(defaultHomeFolder.toCharArray(), 0, defaultHomeFolder.length());
}
writer.endElement(ContentModel.PROP_HOMEFOLDER.getNamespaceURI(),
ContentModel.PROP_HOMEFOLDER.getLocalName(), ContentModel.PROP_HOMEFOLDER
.toPrefixString(namespaceService));
}
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private Map<String, String> attributeDefaults;
private boolean errorOnMissingUID;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAttributeDefaults(Map<String, String> attributeDefaults)
{
this.attributeDefaults = attributeDefaults;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
if(errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
else
{
s_logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
continue;
}
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}

8
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
View File

@@ -531,6 +531,9 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
authSess = m_passthruServers.openSession();
if ( authSess == null)
throw new AuthenticationException("Failed to open session to passthru server");
// Authenticate using the credentials supplied
authenticateLocal(ntlmToken, authSess);
@@ -748,6 +751,11 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
authSess = m_passthruServers.openSession();
// Check if the session was opened to the passthru server
if ( authSess == null)
throw new AuthenticationServiceException("Failed to open passthru auth session");
ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
// Get the challenge from the initial session negotiate stage