📄 activedirectoryuserdatabase.java
字号:
}
}
}
}
}
return found;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.core.CoreListener#coreEvent(com.sslexplorer.core.CoreEvent)
*/
/*
* (non-Javadoc)
*
* @see com.sslexplorer.core.CoreListener#coreEvent(com.sslexplorer.core.CoreEvent)
*/
public void coreEvent(CoreEvent evt) {
// When in instaa mode, the wizard looks after re-initialising the user
// database
if (!ContextHolder.getContext().isSetupMode() && evt instanceof PropertyChangeEvent) {
PropertyChangeEvent pce = (PropertyChangeEvent) evt;
if (pce.getDefinition().getName().startsWith("activeDirectory.")) {
if (log.isInfoEnabled())
log.info("Active Directory configuration changed. Re-initialising");
try {
initialise();
} catch (Exception e) {
log.error("Failed to re-initialise Active Directory.", e);
}
}
}
}
private void addPropertyDefinitions() {
PropertyDatabase pdb = CoreServlet.getServlet().getPropertyDatabase();
pdb.addPropertyDefinitionCategory(1030, new DefaultPropertyDefinitionCategory(80, "properties",
"categories/active-directory.gif"));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_STRING,
"activeDirectory.controllerHost", "", 80, "localhost", 2, 5, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_INTEGER,
"activeDirectory.controllerPort", "", 80, "389", 2, 10, "properties", false));
/*
* pdb.registerPropertyDefinition(new DefaultPropertyDefinition(
* PropertyDefinition.TYPE_LIST, "ldap.protocol", "plain,ssl", 130,
* "plain", 2, 12, "ldap", false));
*/
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_STRING, "activeDirectory.domain", "",
80, "", 2, 15, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_STRING,
"activeDirectory.serviceAccountUsername", "", 80, "", 2, 20, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_PASSWORD,
"activeDirectory.serviceAccountPassword", "", 80, "", 2, 25, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_MULTI_ENTRY_LIST,
"activeDirectory.organizationalUnitFilter", "30x5", 80, "", 2, 30, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_INTEGER,
"activeDirectory.userCacheTTL", "", 80, "300000", 2, 35, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_INTEGER,
"activeDirectory.cacheMaxObjects", "", 80, "2000", 2, 35, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_INTEGER,
"activeDirectory.pageSize", "", 80, "500", 2, 35, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_BOOLEAN,
"activeDirectory.usernamesAreCaseSensitive", "", 80, "false", 2, 40, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_BOOLEAN,
"activeDirectory.includeBuiltInGroups", "", 80, "true", 2, 45, "properties", false));
pdb.registerPropertyDefinition(new DefaultPropertyDefinition(PropertyDefinition.TYPE_BOOLEAN,
"activeDirectory.includeStandardUsers", "", 80, "false", 2, 50, "properties", false));
}
private void removePropertyDefinitions() {
PropertyDatabase pdb = CoreServlet.getServlet().getPropertyDatabase();
pdb.removePropertyDefinitionCategory(1030, new DefaultPropertyDefinitionCategory(80, "properties",
"categories/active-directory.gif"));
pdb.deregisterPropertyDefinition("activeDirectory.controllerHost");
pdb.deregisterPropertyDefinition("activeDirectory.controllerPort");
pdb.deregisterPropertyDefinition("activeDirectory.domain");
pdb.deregisterPropertyDefinition("activeDirectory.serviceAccountUsername");
pdb.deregisterPropertyDefinition("activeDirectory.serviceAccountPassword");
pdb.deregisterPropertyDefinition("activeDirectory.organizationalUnitFilter");
pdb.deregisterPropertyDefinition("activeDirectory.userCacheTTL");
pdb.deregisterPropertyDefinition("activeDirectory.cacheMaxObjects");
pdb.deregisterPropertyDefinition("activeDirectory.usernamesAreCaseSensitive");
pdb.deregisterPropertyDefinition("activeDirectory.includeBuiltInGroups");
pdb.deregisterPropertyDefinition("activeDirectory.includeStandardUsers");
pdb.deregisterPropertyDefinition("activeDirectory.pageSize");
}
void initialise() throws Exception {
// Get the domain and active directory root
domain = CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null, "activeDirectory.domain").toUpperCase().trim();
if (domain.equals("")) {
throw new Exception("No active directory domain configured.");
}
activeDirectoryRoot = splitDomain(domain);
String controllerHost = CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.controllerHost").trim();
int controllerPort = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.controllerPort").trim());
if (controllerHost.equals("")) {
throw new Exception("No active directory controller host configured.");
}
URI url = new URI("ldap://" + controllerHost + ":" + controllerPort);
adURL = url.toString();
PropertyList tmp = new PropertyList(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.organizationalUnitFilter"));
includedOUBasesList = new PropertyList();
for (Iterator it = tmp.iterator(); it.hasNext();) {
String dn = (String) it.next();
if (!dn.trim().toLowerCase().endsWith(activeDirectoryRoot.trim().toLowerCase()))
dn = dn + "," + activeDirectoryRoot;
includedOUBasesList.add(dn);
}
excludedOUBasesList = new PropertyList();
hasFilteredOUs = !includedOUBasesList.isEmpty();
if (!hasFilteredOUs) {
includedOUBasesList.add(activeDirectoryRoot);
}
boolean includeStandardUsers = "true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.includeStandardUsers"));
boolean includeBuiltInGroups = "true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.includeBuiltInGroups"));
usernamesAreCaseSensitive = "true".equals(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.usernamesAreCaseSensitive"));
if (includeStandardUsers) {
if (hasFilteredOUs)
includedOUBasesList.add(0, "CN=Users," + splitDomain(domain));
} else {
excludedOUBasesList.add(0, "CN=Users," + splitDomain(domain));
}
if (includeBuiltInGroups) {
if (hasFilteredOUs)
includedOUBasesList.add(0, "CN=Builtin," + splitDomain(domain));
} else {
excludedOUBasesList.add(0, "CN=Builtin," + splitDomain(domain));
}
administrators = new PropertyList(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"security.administrators"));
System.setProperty("java.security.krb5.realm", domain);
System.setProperty("java.security.krb5.kdc", controllerHost);
if (log.isInfoEnabled()) {
log.info("Setting active directory domain to " + domain);
log.info("Setting active directory URL to " + adURL);
log.info("OU Bases:");
for (Iterator i = includedOUBasesList.iterator(); i.hasNext();) {
log.info(" " + i.next());
}
log.info("Administrators:");
for (Iterator i = administrators.iterator(); i.hasNext();) {
log.info(" " + i.next());
}
}
if (availablePrincipalsCache == null) {
availablePrincipalsCache = new SimpleCache(new MemoryStash(CoreServlet.getServlet().getPropertyDatabase()
.getPropertyInt(0, null, "activeDirectory.cacheMaxObjects")));
} else {
availablePrincipalsCache.clear();
}
try {
/**
* I have changed this to obtain the service account user account
* details. The previous code was not fully contacting the LDAP
* server, it actually only performed a kerberos login so some
* errors were not being detected.
*/
Map map = getUserMap("*");
if(map==null)
throw new UserDatabaseException("Could not logon using service account information.");
} catch (Exception e) {
log.error("Could not get the service account login context. All Active Directory features will be unavailable. You should check your Service Account Username and Password settings.",
e);
throw e;
}
}
LoginContext getServiceAccountLoginContext() throws Exception {
/*
* Only attempt to load the service account context if it has not been
* loaded, if the username has changed or if the password has changed
*/
try {
String newServiceAccountUsername = CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.serviceAccountUsername");
String newServiceAccountPassword = CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.serviceAccountPassword");
return createLoginContext(newServiceAccountUsername, newServiceAccountPassword);
} catch (LoginException le) {
// Check the class by name to allow non Sun Javas to compile
if (le.getCause() != null && le.getCause().getClass().getName().equals("sun.security.krb5.KrbException")) {
throw new Exception("Failed to logon. Please check your Active Directory configuration.", le);
} else {
throw le;
}
} catch (Exception e) {
throw e;
}
}
User[] mapToUserArray(Map map) {
return (User[]) map.values().toArray(new User[map.size()]);
}
Map getUserMap(String filter) throws UserDatabaseException {
String cacheKey = "USERS_" + (filter == null || filter.equals("") ? "*" : filter);
Map users = (Map) availablePrincipalsCache.retrieve(cacheKey);
if (users != null && users.size() != 0) {
if (log.isDebugEnabled())
log.debug("Got " + users.size() + " from the cache");
return users;
}
if (log.isDebugEnabled())
log.debug("No users in cache");
LoginContext lc = getEffectiveUser();
if (lc == null) {
log.warn("No effective user");
return null;
}
ListUsersAction lua = new ListUsersAction(filter);
Object result = Subject.doAs(lc.getSubject(), lua);
if (result instanceof Exception && !(result instanceof PartialResultException)) {
throw new UserDatabaseException("Failed to list users.", (Exception) result);
}
users = (Map) result;
if (log.isDebugEnabled())
log.debug("Caching " + users.size() + " users");
availablePrincipalsCache.store(cacheKey, (Serializable) users, new Long(getExpiryTime()), null);
return users;
}
long getExpiryTime() {
int ttl = 300000;
try {
ttl = Integer.parseInt(CoreServlet.getServlet().getPropertyDatabase().getProperty(0, null,
"activeDirectory.userCacheTTL"));
if (ttl < 30000) {
log
.warn("Active Directory cache TTL is less than 30 seconds. This would cause serious performance problems. The minimum value of 30 seconds will now be used");
ttl = 30000;
}
} catch (Exception e) {
}
return ttl + System.currentTimeMillis();
}
Role[] mapToRoleArray(RoleMap map) {
return (Role[]) map.values().toArray(new Role[map.size()]);
}
RoleMap getRoleMap(String filter) throws UserDatabaseException {
String cacheKey = "ROLES_" + (filter == null || filter.equals("") ? "*" : filter);
RoleMap roles = (RoleMap) availablePrincipalsCache.retrieve(cacheKey);
if (roles != null) {
log.debug("Got " + roles.size() + " from the cache");
return roles;
}
LoginContext lc = getEffectiveUser();
if (lc == null) {
throw new UserDatabaseException("No effective user");
}
ListRolesAction lra = new ListRolesAction(filter);
Object o = Subject.doAs(lc.getSubject(), lra);
if (o instanceof Exception) {
throw new UserDatabaseException("Failed to list roles.", (Exception) o);
}
roles = (RoleMap) o;
if (log.isDebugEnabled())
log.debug("Caching " + roles.size() + " roles");
availablePrincipalsCache.store(cacheKey, (Serializable) roles, new Long(getExpiryTime()), null);
return roles;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -