Created
October 1, 2012 21:42
-
-
Save gbougeard/3814649 to your computer and use it in GitHub Desktop.
CertificateLM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class CertificateLM extends AppservCertificateLoginModule { | |
private static final Logger LOGGER = LoggerFactory.getLogger(CertificateLM.class); | |
@Override | |
protected void authenticateUser() throws LoginException { | |
LOGGER.debug("authenticateUser "); | |
// Get the distinguished name from the X500Principal. | |
String dname = super.getX500Principal().getName(); | |
LOGGER.debug("dname {}", dname); | |
// Subject subject = getSubject(); | |
// X509Certificate[] certificates = getCerts(); | |
// On peut maintenant verifier la CA du certif donné pour voir si ca correspond bien | |
// à celui de l'appli | |
// ex : | |
// if (certificates.length != 1){ | |
// throw new LoginException("Certificate mismatch : too much or no enough"); | |
// } | |
// for (X509Certificate certificate : certificates){ | |
// if (!certificate.getIssuerDN().getName().equals(ISSUER_DNAME)){ | |
// throw new LoginException("The certificate authority is not allowed"); | |
// } | |
// } | |
// get the CN | |
String certName = Util.getCnFromPrincipal(getX500Principal()); | |
LOGGER.debug("certName {}", certName); | |
//Get the Initial Context for the JNDI lookup for a local EJB | |
InitialContext ic = null; | |
UserEJB userEJB; | |
try { | |
ic = new InitialContext(); | |
userEJB = (UserEJB) ic.lookup("java:global/specify-it/UserEJB"); | |
} catch (NamingException e) { | |
LOGGER.error(e.getMessage(), e); | |
throw new LoginException("Cannot get UserEJB!"); | |
} | |
User user = userEJB.findByName(certName); | |
if (user == null) { | |
// User not yet in DB => create it | |
user = new User(); | |
user.setName(certName); | |
LOGGER.info("Create new User for {}", user); | |
try { | |
userEJB.create(user); | |
} catch (Exception e) { | |
LOGGER.error("Cannot create User !"); | |
throw new LoginException("Cannot create new user !"); | |
} | |
} | |
StringTokenizer st = new StringTokenizer(dname, " \t\n\r\f,"); | |
while (st.hasMoreTokens()) { | |
String next = st.nextToken(); | |
// Set the appname:OU as the group. | |
// At this point, one has the application name and the DN of | |
// the certificate. A suitable login decision can be made here. | |
if (next.startsWith("OU=")) { | |
String group = next.substring(3); | |
LOGGER.debug("OU {}", group); | |
List<String> groups = new ArrayList<String>(); | |
// Ajoute l'OU comme groupe | |
// groups.add(group); | |
// Ajoute le groupe DEFAULT | |
groups.add(Group.DEFAULT.name()); | |
for (Group g : user.getGroups()) { | |
groups.add(g.name()); | |
} | |
String[] tabGroups = new String[groups.size()]; | |
groups.toArray(tabGroups); | |
commitUserAuthentication(tabGroups); | |
LOGGER.info("{} is logged", user); | |
return; | |
} | |
} | |
LOGGER.error("{} failed to log in", dname); | |
throw new LoginException("No OU found."); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment