gbougeard/CertificateLM.java

## CertificateLM.java
public class CertificateLM extends AppservCertificateLoginModule {

    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateLM.class);

    @Override
    protected void authenticateUser() throws LoginException {

        LOGGER.debug("authenticateUser ");

        // Get the distinguished name from the X500Principal.
        String dname = super.getX500Principal().getName();
        LOGGER.debug("dname {}", dname);
//        Subject subject = getSubject();
//        X509Certificate[] certificates = getCerts();
        // On peut maintenant verifier la CA du certif donné pour voir si ca correspond  bien
        // à celui de l'appli
        // ex :
//        if (certificates.length != 1){
//            throw new LoginException("Certificate mismatch : too much or no enough");
//        }
//        for (X509Certificate certificate : certificates){
//            if (!certificate.getIssuerDN().getName().equals(ISSUER_DNAME)){
//                throw new LoginException("The certificate authority is not allowed");
//            }
//        }

        // get the CN
        String certName = Util.getCnFromPrincipal(getX500Principal());
        LOGGER.debug("certName {}", certName);

        //Get the Initial Context for the JNDI lookup for a local EJB
        InitialContext ic = null;
        UserEJB userEJB;
        try {
            ic = new InitialContext();
            userEJB = (UserEJB) ic.lookup("java:global/specify-it/UserEJB");
        } catch (NamingException e) {
            LOGGER.error(e.getMessage(), e);
            throw new LoginException("Cannot get UserEJB!");
        }
        User user = userEJB.findByName(certName);
        if (user == null) {
            // User not yet in DB => create it
            user = new User();
            user.setName(certName);
            LOGGER.info("Create new User for {}", user);
            try {
                userEJB.create(user);
            } catch (Exception e) {
                LOGGER.error("Cannot create User !");
                throw new LoginException("Cannot create new user !");
            }
        }

        StringTokenizer st = new StringTokenizer(dname, " \t\n\r\f,");
        while (st.hasMoreTokens()) {

            String next = st.nextToken();

            // Set the appname:OU as the group.
            // At this point, one has the application name and the DN of
            // the certificate. A suitable login decision can be made here.
            if (next.startsWith("OU=")) {
                String group = next.substring(3);
                LOGGER.debug("OU {}", group);
                List<String> groups = new ArrayList<String>();
                // Ajoute l'OU comme groupe
//                    groups.add(group);
                // Ajoute le groupe DEFAULT
                groups.add(Group.DEFAULT.name());
                for (Group g : user.getGroups()) {
                    groups.add(g.name());
                }
                String[] tabGroups = new String[groups.size()];
                groups.toArray(tabGroups);

                commitUserAuthentication(tabGroups);

                LOGGER.info("{} is logged", user);
                return;
            }
        }
        LOGGER.error("{} failed to log in", dname);
        throw new LoginException("No OU found.");
    }
}
	public class CertificateLM extends AppservCertificateLoginModule {

	private static final Logger LOGGER = LoggerFactory.getLogger(CertificateLM.class);

	@Override
	protected void authenticateUser() throws LoginException {

	LOGGER.debug("authenticateUser ");

	// Get the distinguished name from the X500Principal.
	String dname = super.getX500Principal().getName();
	LOGGER.debug("dname {}", dname);
	// Subject subject = getSubject();
	// X509Certificate[] certificates = getCerts();
	// On peut maintenant verifier la CA du certif donné pour voir si ca correspond bien
	// à celui de l'appli
	// ex :
	// if (certificates.length != 1){
	// throw new LoginException("Certificate mismatch : too much or no enough");
	// }
	// for (X509Certificate certificate : certificates){
	// if (!certificate.getIssuerDN().getName().equals(ISSUER_DNAME)){
	// throw new LoginException("The certificate authority is not allowed");
	// }
	// }

	// get the CN
	String certName = Util.getCnFromPrincipal(getX500Principal());
	LOGGER.debug("certName {}", certName);

	//Get the Initial Context for the JNDI lookup for a local EJB
	InitialContext ic = null;
	UserEJB userEJB;
	try {
	ic = new InitialContext();
	userEJB = (UserEJB) ic.lookup("java:global/specify-it/UserEJB");
	} catch (NamingException e) {
	LOGGER.error(e.getMessage(), e);
	throw new LoginException("Cannot get UserEJB!");
	}
	User user = userEJB.findByName(certName);
	if (user == null) {
	// User not yet in DB => create it
	user = new User();
	user.setName(certName);
	LOGGER.info("Create new User for {}", user);
	try {
	userEJB.create(user);
	} catch (Exception e) {
	LOGGER.error("Cannot create User !");
	throw new LoginException("Cannot create new user !");
	}
	}

	StringTokenizer st = new StringTokenizer(dname, " \t\n\r\f,");
	while (st.hasMoreTokens()) {

	String next = st.nextToken();

	// Set the appname:OU as the group.
	// At this point, one has the application name and the DN of
	// the certificate. A suitable login decision can be made here.
	if (next.startsWith("OU=")) {
	String group = next.substring(3);
	LOGGER.debug("OU {}", group);
	List<String> groups = new ArrayList<String>();
	// Ajoute l'OU comme groupe
	// groups.add(group);
	// Ajoute le groupe DEFAULT
	groups.add(Group.DEFAULT.name());
	for (Group g : user.getGroups()) {
	groups.add(g.name());
	}
	String[] tabGroups = new String[groups.size()];
	groups.toArray(tabGroups);

	commitUserAuthentication(tabGroups);

	LOGGER.info("{} is logged", user);
	return;
	}
	}
	LOGGER.error("{} failed to log in", dname);
	throw new LoginException("No OU found.");
	}
	}