• Home
• com.jaeksoft
• opensearchserver
• 1.5.10
• source code
• AuthPluginNtlm.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.jaeksoft.searchlib.renderer.plugin.AuthPluginNtlm Maven / Gradle / Ivy

/**   
 * License Agreement for OpenSearchServer
 *
 * Copyright (C) 2013-2014 Emmanuel Keller / Jaeksoft
 * 
 * http://www.open-search-server.com
 * 
 * This file is part of OpenSearchServer.
 *
 * OpenSearchServer is free software: you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 * OpenSearchServer is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with OpenSearchServer. 
 *  If not, see .
 **/

package com.jaeksoft.searchlib.renderer.plugin;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchResult;
import javax.servlet.http.HttpServletRequest;

import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SID;

import org.apache.commons.lang3.StringUtils;

import com.jaeksoft.searchlib.Logging;
import com.jaeksoft.searchlib.renderer.Renderer;
import com.jaeksoft.searchlib.renderer.RendererException.AuthException;
import com.jaeksoft.searchlib.util.ActiveDirectory;
import com.jaeksoft.searchlib.util.ActiveDirectory.ADGroup;
import com.jaeksoft.searchlib.util.IOUtils;

public class AuthPluginNtlm implements AuthPluginInterface {

	protected NtlmPasswordAuthentication getNtlmAuth(Renderer renderer,
			String username, String password) {
		return new NtlmPasswordAuthentication(renderer.getAuthDomain(),
				username == null ? renderer.getAuthUsername() : username,
				password == null ? renderer.getAuthPassword() : password);
	}

	protected String[] getGroups(SID[] sids, String authServer,
			NtlmPasswordAuthentication ntlmAuth) throws IOException {
		if (sids == null)
			return null;
		String[] groups = new String[sids.length];
		SID.resolveSids(authServer, ntlmAuth, sids);
		int i = 0;
		for (SID gsid : sids)
			groups[i++] = gsid.toDisplayString();
		return groups;
	}

	@Override
	public User getUser(Renderer renderer, HttpServletRequest request)
			throws IOException {

		String remoteUser = request.getRemoteUser();
		if (remoteUser == null)
			remoteUser = request.getHeader("X-OSS-REMOTE-USER");
		ActiveDirectory activeDirectory = null;
		if (StringUtils.isEmpty(remoteUser))
			throw new AuthException("No user");
		int i = remoteUser.indexOf('@');
		if (i != -1)
			remoteUser = remoteUser.substring(0, i);
		try {
			String domain = renderer.getAuthDomain();

			User user = AuthUserCache.INSTANCE.get(remoteUser, domain);
			if (user != null)
				return user;

			NtlmPasswordAuthentication ntlmAuth = getNtlmAuth(renderer, null,
					null);
			activeDirectory = new ActiveDirectory(ntlmAuth.getUsername(),
					ntlmAuth.getPassword(), ntlmAuth.getDomain());

			NamingEnumeration result = activeDirectory
					.findUser(remoteUser);
			Attributes attrs = ActiveDirectory.getAttributes(result);
			if (attrs == null)
				throw new AuthException("No user found: " + remoteUser);
			String userId = ActiveDirectory.getObjectSID(attrs);
			List groups = new ArrayList();
			activeDirectory.findUserGroups(attrs, groups);
			String dnUser = ActiveDirectory.getStringAttribute(attrs,
					"DistinguishedName");
			activeDirectory.findUserGroup(dnUser, groups);
			user = new User(userId, remoteUser, null,
					ActiveDirectory.toArray(groups),
					ActiveDirectory.getDisplayString(domain, remoteUser));

			Logging.info("USER authenticated: " + user + " DN=" + dnUser);

			AuthUserCache.INSTANCE.add(remoteUser, domain, user);
			return user;
		} catch (NamingException e) {
			Logging.warn(e);
			throw new AuthException("LDAP error (NamingException) : "
					+ e.getMessage());
		} finally {
			IOUtils.close(activeDirectory);
		}
	}
}