IDEMPIERE-4610 Remove obsolete LdapProcessor (#484)

* IDEMPIERE-4610 Remove obsolete LdapProcessor

* IDEMPIERE-4610 Remove obsolete LdapProcessor

Inactivate menu entry (AD_Menu_ID=594) and window (AD_Window_ID=389)

* IDEMPIERE-4610 Remove obsolete LdapProcessor

move migration script to i8.2z folder.
This commit is contained in:
hengsin 2020-12-28 18:09:17 +08:00 committed by GitHub
parent 7545dd6ee3
commit 45cfbe6804
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 28 additions and 1052 deletions

View File

@ -0,0 +1,14 @@
SET SQLBLANKLINES ON
SET DEFINE OFF
-- Dec 27, 2020, 1:10:12 AM MYT
UPDATE AD_Window SET IsActive='N',Updated=TO_DATE('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Window_ID=389
;
-- Dec 27, 2020, 1:10:12 AM MYT
UPDATE AD_Menu SET Name='LDAP Server', Description='LDAP Server to authenticate and authorize external systems based on iDempiere', IsActive='N',Updated=TO_DATE('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Menu_ID=594
;
SELECT register_migration_script('202012261710_IDEMPIERE-4610.sql') FROM dual
;

View File

@ -0,0 +1,11 @@
-- Dec 27, 2020, 1:10:12 AM MYT
UPDATE AD_Window SET IsActive='N',Updated=TO_TIMESTAMP('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Window_ID=389
;
-- Dec 27, 2020, 1:10:12 AM MYT
UPDATE AD_Menu SET Name='LDAP Server', Description='LDAP Server to authenticate and authorize external systems based on iDempiere', IsActive='N',Updated=TO_TIMESTAMP('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Menu_ID=594
;
SELECT register_migration_script('202012261710_IDEMPIERE-4610.sql') FROM dual
;

View File

@ -3,12 +3,11 @@
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
<attributes>
<attribute name="module" value="true"/>
<attribute name="add-exports" value="java.naming/com.sun.jndi.ldap=ALL-UNNAMED"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
<classpathentry kind="src" path="src/main/server/"/>
<classpathentry kind="src" path="src/main/servlet/"/>
<classpathentry kind="src" path="src/main/home/"/>
<classpathentry kind="src" path="src/main/server"/>
<classpathentry kind="src" path="src/main/servlet"/>
<classpathentry kind="src" path="src/main/home"/>
<classpathentry kind="output" path="target/classes"/>
</classpath>

View File

@ -26,7 +26,6 @@ Import-Package: javax.jms;version="1.1.0",
org.osgi.util.tracker;version="1.5.0",
org.w3c.dom
Export-Package: org.adempiere.server,
org.compiere.ldap,
org.compiere.server,
org.idempiere.server.cluster,
org.idempiere.server.cluster.callable,

View File

@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" name="org.idempiere.server.factory.DefaultLDAPProcessorFactory">
<implementation class="org.idempiere.server.factory.DefaultLDAPProcessorFactory"/>
<property name="service.ranking" type="Integer" value="0"/>
<service>
<provide interface="org.adempiere.server.IServerFactory"/>
</service>
</scr:component>

View File

@ -19,7 +19,6 @@ bin.includes = META-INF/,\
plugin.xml,\
OSGI-INF/acctprocessorfactory.xml,\
OSGI-INF/alertprocessorfactory.xml,\
OSGI-INF/ldapprocessorfactory.xml,\
OSGI-INF/requestprocessorfactory.xml,\
OSGI-INF/schedulerfactory.xml,\
OSGI-INF/workflowprocessorfactory.xml,\

View File

@ -1,205 +0,0 @@
/******************************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
* This program is free software; you can redistribute it and/or modify it
* under the terms version 2 of the GNU General Public License as published
* by the Free Software Foundation. This program is distributed in the hope
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
*****************************************************************************/
package org.compiere.ldap;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.util.Hashtable;
import java.util.logging.Level;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.ldap.InitialLdapContext;
import org.compiere.model.MLdapProcessor;
import org.compiere.model.MLdapUser;
import org.compiere.util.CLogger;
/**
* LDAP Connection Handler
*
* Only "simple" authentication and the following protocol are supported:
* bind
* unbind
* search
* The following distinguished name are supported:
* o - organization
* ou - organization unit
* cn - common name
* Due to some of the ldap client might not unbind and close the connection,
* whenever error occurs and authenticate done, we will close the connection.
*
* Basically, tested with two type of ldap authentication, java client and
* apache ldap support.
* For the apache support, here's the tested definition:
* AuthType Basic
* AuthLDAPAuthoritative on
* AuthLDAPEnabled on
* AuthLDAPURL ldap://<ip address>:<port no>/o=<organization>,ou=<organization unit>?uid?sub
* The protocol for the apache ldap:
* - bind to server
* - search for the object name with user input userid
* - bind again with returned object name and password
* The protocol for the java client, please refer to the sample code in main().
*
* @author Jorg Janke
* @version $Id: LdapConnectionHandler.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
*/
public class LdapConnectionHandler extends Thread
{
/**
* Ldap Connection Handler
* @param socket server socket
* @param model model
*/
public LdapConnectionHandler(Socket socket, MLdapProcessor model)
{
try
{
m_socket = socket;
m_socket.setTcpNoDelay(true); // should not be required
m_model = model;
}
catch (Exception e)
{
log.log(Level.SEVERE, "", e);
} // no timeout
} // LdapConnectionHandler
/** Socket */
private Socket m_socket = null;
/** Ldap Model */
private MLdapProcessor m_model = null;
/** Logger */
private static final CLogger log = CLogger.getCLogger (LdapConnectionHandler.class);
/**
* Do Work
*/
public void run()
{
try
{
if (m_socket == null || m_socket.isClosed())
return;
LdapMessage msg = new LdapMessage();
MLdapUser ldapUser = new MLdapUser();
LdapResult result = new LdapResult();
boolean activeSession = true;
while (activeSession)
{
InputStream in = m_socket.getInputStream();
BufferedOutputStream out = new BufferedOutputStream(m_socket.getOutputStream());
// Read
byte[] buffer = new byte[512];
int length = in.read(buffer, 0, 512);
// Decode the input message buffer
result.reset(msg, ldapUser);
msg.reset(result);
msg.decode(buffer, length);
if (msg.getOperation() == LdapMessage.UNBIND_REQUEST)
{
out.close();
break;
}
// Not unbind, so we can create a response
byte[] bytes = result.getResult(m_model);
// Send the response back
out.write(bytes);
out.flush();
// If there's error or successfully authenticated the user,
// close the connection to avoid too many open connection
if (result.getDone())
{
out.close();
break;
}
} // while(activeSession)
}
catch (IOException e)
{
log.log(Level.SEVERE, "", e);
}
try
{
m_socket.close();
}
catch (Exception e)
{
log.log(Level.WARNING, "Socket", e);
}
m_socket = null;
} // run
/**
* String Representation
* @return info
*/
public String toString()
{
StringBuilder sb = new StringBuilder ("LdapConnectionHandler[");
sb.append (hashCode()).append ("]");
return sb.toString ();
} // toString
/**
* Test using the java client.
* Ldap v3 won't need to do any bind, search, bind anymore.
* When new InitialLdapContext() is called, it will bind with the
* dn and password, the ldap server should be authenticate with it.
*
* @param args
*/
public static void main(String[] args)
{
Hashtable<String,String> env = new Hashtable<String,String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// ldap://dc.compiere.org
env.put(Context.PROVIDER_URL, "ldap://10.104.139.160:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
// Compiere server only support cn/o/ou, and cn should be the user id.
// Only one entry for cn.
env.put(Context.SECURITY_PRINCIPAL, "cn=cboss@compiere.org,o=GardenWorld,ou=LawnCare");
env.put(Context.SECURITY_CREDENTIALS, "carlboss");
try
{
// Create the initial context
new InitialLdapContext(env, null);
// If not successfully authenticated, exception should be thrown
System.out.println("Successfully authenticated ...");
}
catch (AuthenticationException e)
{
e.printStackTrace();
return;
}
catch (Exception e)
{
e.printStackTrace();
return;
}
} // main()
} // LdapConnectionHandler

View File

@ -1,332 +0,0 @@
/******************************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
* This program is free software; you can redistribute it and/or modify it
* under the terms version 2 of the GNU General Public License as published
* by the Free Software Foundation. This program is distributed in the hope
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
*****************************************************************************/
package org.compiere.ldap;
import java.util.logging.Level;
import org.compiere.util.CLogger;
import com.sun.jndi.ldap.BerDecoder;
/**
* Ldap Message
*
* @author Jorg Janke
* @version $Id: LdapMessage.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
*/
public class LdapMessage
{
static public final int BIND_REQUEST = 96;
static public final int BIND_RESPONSE = 97;
static public final int UNBIND_REQUEST = 98;
static public final int SEARCH_REQUEST = 99;
static public final int SEARCH_REP_ENTRY = 100;
static public final int SEARCH_RES_RESULT = 101;
static public final int SIMPLE_AUTHENTICATION = 128;
static public final int FILTER_AND = 160;
static public final int FILTER_OR = 161;
static public final int FILTER_NOT = 162;
static public final int FILTER_EQUALITYMATCH = 163;
static public final int SEQUENCE = 48;
/** Decoder */
private BerDecoder decoder = null;
/** Logger */
private static final CLogger log = CLogger.getCLogger (LdapMessage.class);
/** Protocol Operation */
private int m_protocolOp = -1;
/** Message Id needed for the reply message */
private int msgId;
/** Distinguished name */
private String dn = null;
/** Organization */
private String org = null;
/** Organization unit */
private String orgUnit = null;
/** User Id */
private String userId = null;
/** Password */
private String passwd = null;
/** base Object */
private String baseObj = null;
/** LdapResult object to hold if there's any error during parsing */
private LdapResult result = null;
/**
* Ldap Message
*/
public LdapMessage()
{
} // LdapMessage
/*
* Reset all the attributes
*/
public void reset(LdapResult result)
{
this.result = result;
decoder = null;
m_protocolOp = -1;
msgId = -1;
dn = null;
org = null;
orgUnit = null;
userId = null;
passwd = null;
baseObj = null;
} // reset()
/**
* Decode Message
* @param data input buffer
* @param length buffer size
*/
public void decode(byte[] data, int length)
{
try
{
// Create the decoder
decoder = new BerDecoder(data, 0, length);
}
catch (Exception e)
{
log.log(Level.SEVERE, data.toString(), e);
return;
}
try
{
// Parse the message envelope
decoder.parseSeq(null);
// Parse message Id
msgId = decoder.parseInt();
// Parse the operation protocol
m_protocolOp = decoder.parseSeq(null);
//
// Payload
if (m_protocolOp == BIND_REQUEST) {
handleBind();
} else if (m_protocolOp == UNBIND_REQUEST) {
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unbind");
} else if (m_protocolOp == SEARCH_REQUEST) {
handleSearch();
} else { // Only supoort BIND, UNBIND and SEARCH
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
result.setErrorString(": Unsupported Request");
log.warning("#" + msgId + ": Unknown Op + " + m_protocolOp);
}
}
catch (Exception ex)
{
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
log.log(Level.SEVERE, "", ex);
}
} // decode
/*
* Encode the search request message
*/
private void handleSearch()
{
try
{
// Parse the base Object
baseObj = decoder.parseString(true);
parseDN(baseObj);
decoder.parseEnumeration(); // scope
decoder.parseEnumeration(); // derefAliases
decoder.parseInt(); // sizeLimit
decoder.parseInt(); // timeLimit
decoder.parseBoolean(); // typeOnly
boolean equalityFilter = false;
while (true)
{
int filter = decoder.parseSeq(null); //Filter
if (filter == FILTER_EQUALITYMATCH)
{
decoder.parseString(true);
userId = decoder.parseString(true);
equalityFilter = true;
break;
}
else if (filter == FILTER_AND)
decoder.parseStringWithTag(135, true, null);
else if (filter == SEQUENCE)
break;
} // while true
if (!equalityFilter) // Didn't find the it
{
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
result.setErrorString("Can't can't Filter - EqualityMatch");
}
}
catch (Exception ex)
{
log.log(Level.SEVERE, "", ex);
}
} // handleSearch()
/*
* Encode the bind request message
*/
private void handleBind()
{
try
{
// Parse LDAP version; only support v3
int version = decoder.parseInt();
if (version != 3)
{
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
result.setErrorString("Unsupported LDAP version");
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unsupported LDAP version - " + version);
return;
}
// Parse DN
dn = decoder.parseString(true);
// Peek on AuthenticationChoice; only support simple authentication
int auth = decoder.peekByte();
if (auth != SIMPLE_AUTHENTICATION) // 0x80 - simple authentication
{
result.setErrorNo(LdapResult.LDAP_AUTH_METHOD_NOT_SUPPORTED);
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unsupported authentication method - " + auth);
return;
}
// It is simple authentication, get the authentication string
passwd = decoder.parseStringWithTag(SIMPLE_AUTHENTICATION, true, null);
if (passwd != null && passwd.length() > 0)
{
parseDN(dn);
if (userId == null || userId.length() <= 0)
{
result.setErrorNo(LdapResult.LDAP_NO_SUCH_OBJECT);
result.setErrorString(": \"cn\" not defined");
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": \"cn\" not defined");
return;
}
}
// Log the information
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": bind - version=" + version + ", userId=" + userId);
}
catch (Exception ex)
{
log.log(Level.SEVERE, "", ex);
}
} // handleBind()
/*
* Parse the DN to find user id, organization and organization unit
*/
private void parseDN(String dName)
{
String[] dnArray = dName.split(",");
for (int i = 0; i < dnArray.length; i++)
{
if (dnArray[i].startsWith("cn="))
userId = dnArray[i].split("=")[1];
else if (dnArray[i].startsWith("o="))
org = dnArray[i].split("=")[1];
else if (dnArray[i].startsWith("ou="))
orgUnit = dnArray[i].split("=")[1];
}
} // parseDN()
/**
* Get Operation Code
* @return protocolOp
*/
public int getOperation()
{
return m_protocolOp;
} // getOperation
/**
* Get message id
* @return msgId
*/
public int getMsgId()
{
return msgId;
} // getMsgId()
/**
* Get DN
* @return dn
*/
public String getDN()
{
return dn;
} // getDN()
/**
* Get User Id
* @return userId
*/
public String getUserId()
{
return userId;
} // getUserId()
/**
* Get User passwod
* @return passwd
*/
public String getUserPasswd()
{
return passwd;
} // getUserPasswd()
/**
* Get base object
* @return baseObj
*/
public String getBaseObj()
{
return baseObj;
} // getBaseObj()
/**
* Get organization
* @return org
*/
public String getOrg()
{
return org;
} // getOrg()
/**
* Get organization unit
* @return orgUnit
*/
public String getOrgUnit()
{
return orgUnit;
} // getOrgUnit()
} // LdapMessage

View File

@ -1,136 +0,0 @@
/******************************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
* This program is free software; you can redistribute it and/or modify it
* under the terms version 2 of the GNU General Public License as published
* by the Free Software Foundation. This program is distributed in the hope
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
*****************************************************************************/
package org.compiere.ldap;
import java.net.ServerSocket;
import java.net.Socket;
import java.sql.Timestamp;
import java.util.Properties;
import java.util.logging.Level;
import org.compiere.Adempiere;
import org.compiere.model.MLdapProcessor;
import org.compiere.model.MLdapProcessorLog;
import org.compiere.server.AdempiereServer;
import org.compiere.util.TimeUtil;
/**
* LDAP Server
*
* @author Jorg Janke
* @version $Id: LdapProcessor.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
*/
public class LdapProcessor extends AdempiereServer
{
/**
* Ldap Processor (Server)
* @param model Ldap Model
*/
public LdapProcessor (MLdapProcessor model)
{
super (model, 300);
m_model = model;
} // LdapProcessor
/** The Concrete Model */
protected MLdapProcessor m_model = null;
/** Last Summary */
protected StringBuffer m_summary = new StringBuffer();
/** Server Socket */
protected ServerSocket m_serverSocket = null;
/** Counter */
protected int m_counter = 0;
/**
* Do Work
*/
protected void doWork()
{
// Close Socket
if (m_serverSocket != null)
{
try
{
m_serverSocket.close();
}
catch (Exception e)
{
}
}
m_counter = 0;
//
m_summary = new StringBuffer(m_model.toString())
.append(" - ");
//
try
{
m_serverSocket = new ServerSocket(m_model.getLdapPort());
if (log.isLoggable(Level.INFO))log.log(Level.INFO, "Opened Port=" + m_model.getLdapPort());
while (!isInterrupted())
{
Socket socket = m_serverSocket.accept(); // waits for connection
if (log.isLoggable(Level.FINE))log.log(Level.FINE, "Connection on Port=" + m_model.getLdapPort());
LdapConnectionHandler handler =
new LdapConnectionHandler (socket, m_model);
handler.start();
m_counter++;
}
}
catch (Exception e)
{
log.log(Level.WARNING, "Port=" + m_model.getLdapPort(), e);
m_summary.append(e.toString());
}
m_summary.append ("; ")
.append (m_model.getInfo());
int no = m_model.deleteLog();
m_summary.append("; Logs deleted=").append(no);
//
MLdapProcessorLog pLog = new MLdapProcessorLog(m_model, m_summary.toString());
pLog.setReference("#" + String.valueOf(p_runCount)
+ " - " + TimeUtil.formatElapsed(new Timestamp(p_startWork)));
pLog.saveEx();
} // doWork
/**
* Get Server Info
* @return info
*/
public String getServerInfo()
{
return "#" + p_runCount + " - Last=" + m_summary.toString()
+ "; Counter=" + m_counter
+ "; " + m_model.getInfo();
} // getServerInfo
/**
* Test
* @param args
*/
public static void main(String[] args)
{
Adempiere.startup(true);
new LdapProcessor(new MLdapProcessor(new Properties(), 100, null)).doWork();
} // main
} // LdapProcessor

View File

@ -1,308 +0,0 @@
/******************************************************************************
* Product: Adempiere ERP & CRM Smart Business Solution
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
* This program is free software; you can redistribute it and/or modify it
* under the terms version 2 of the GNU General Public License as published
* by the Free Software Foundation. This program is distributed in the hope
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
*****************************************************************************/
package org.compiere.ldap;
import java.util.logging.Level;
import org.compiere.model.MLdapProcessor;
import org.compiere.model.MLdapUser;
import org.compiere.util.CLogger;
import com.sun.jndi.ldap.BerEncoder;
/**
* Ldap Wire Response
*
* @author Jorg Janke
* @version $Id: LdapResult.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
*/
public class LdapResult
{
/** LdapMesssage */
private LdapMessage ldapMsg = null;
/** Encoder */
private BerEncoder m_encoder = null;
/** Logger */
private static final CLogger log = CLogger.getCLogger (LdapResult.class);
/** Error number */
private int errNo = LDAP_SUCCESS;
/** Error String */
private String errStr = "";
/** LdapUser */
private MLdapUser ldapUser = null;
/** disconnect to client */
private boolean disconnect = false;
public LdapResult ()
{
} // LdapResult
/*
* Reset the attributes
*/
public void reset(LdapMessage ldapMsg, MLdapUser ldapUser)
{
this.ldapMsg = ldapMsg;
m_encoder = new BerEncoder();
errNo = LDAP_SUCCESS;
errStr = "";
this.ldapUser = ldapUser;
} // reset()
/**
* Get the response according to the request message
* @param model model
* @return reponse
*/
public byte[] getResult(MLdapProcessor model)
{
if (errNo != LDAP_SUCCESS)
{
generateResult("",
((ldapMsg.getOperation()==LdapMessage.BIND_REQUEST)?
LdapMessage.BIND_RESPONSE:LdapMessage.SEARCH_RES_RESULT),
errNo, ldapErrorMessage[errNo] + errStr);
m_encoder.getTrimmedBuf();
}
try
{
String usrId = ldapMsg.getUserId();
String o = ldapMsg.getOrg();
String ou = ldapMsg.getOrgUnit();
// Adding the Application 1 Sequence
if (ldapMsg.getOperation() == LdapMessage.BIND_REQUEST)
{
String pwd = ldapMsg.getUserPasswd();
if (pwd == null || pwd.length() <= 0)
{
// 1st anonymous bind
generateResult(ldapMsg.getDN(), LdapMessage.BIND_RESPONSE,
LDAP_SUCCESS, null);
log.info("Success");
return m_encoder.getTrimmedBuf();
}
// Authenticate with Compiere data
if (ldapUser.getUserId() == null)
{ // Try to authenticate on the 1st bind, must be java client
ldapUser.reset();
model.authenticate(ldapUser, usrId, o, ou);
if (ldapUser.getErrorMsg() != null)
{ // Failed to authenticated with compiere
errNo = LDAP_NO_SUCH_OBJECT;
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + ldapUser.getErrorMsg());
log.info("Failed");
return m_encoder.getTrimmedBuf();
}
}
// Check to see if the input passwd is match to the one
// in compiere database
if (usrId.compareTo(ldapUser.getUserId()) == 0 &&
pwd.compareTo(ldapUser.getPassword()) == 0)
{ // Successfully authenticated
generateResult("", LdapMessage.BIND_RESPONSE,
LDAP_SUCCESS, null);
// Close the connection to client since most of the client
// application might cache the connection but we can't afford
// to have too many such client connection
disconnect = true;
log.info("Success");
}
else
{ // Unsuccessfully authenticated
errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
generateResult("", LdapMessage.BIND_RESPONSE,
LDAP_INAPPROPRIATE_AUTHENTICATION,
ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
if (log.isLoggable(Level.INFO)) log.info("Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
}
}
else if (ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
{
// Authenticate with compiere database
ldapUser.reset();
model.authenticate(ldapUser, usrId, o, ou);
if (ldapUser.getErrorMsg() != null)
{
errNo = LDAP_NO_SUCH_OBJECT;
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
LDAP_NO_SUCH_OBJECT,
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + ldapUser.getErrorMsg());
log.info("Failed");
return m_encoder.getTrimmedBuf();
}
m_encoder.beginSeq(48); // Hard coded here for Envelope header
m_encoder.encodeInt(ldapMsg.getMsgId());
m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
m_encoder.encodeString("cn="+ldapMsg.getUserId(), true); // this should be object name
// not going to put in any attributes for this
m_encoder.beginSeq(48);
m_encoder.endSeq();
m_encoder.endSeq();
m_encoder.endSeq();
// SearchResultDone Application 5 for bind
// Result 0 = success
// No error message
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
LDAP_SUCCESS, null);
log.info("Success");
}
return m_encoder.getTrimmedBuf();
}
catch (Exception e)
{
log.log(Level.SEVERE, "", e);
}
return m_encoder.getTrimmedBuf();
} // bindResponse
/**
* Generate LDAPResult
* @param dn Distinguished Name
* @param resultProtocol Result protocol/operation code
* @param resultCode Result code
* @param errMsg Error Message
* @return reponse
*/
private void generateResult(String dn, int resultProtocol,
int resultCode, String errMsg)
{
try
{
m_encoder.beginSeq(48); // Hard coded here for Envelope header
m_encoder.encodeInt(ldapMsg.getMsgId());
m_encoder.beginSeq(resultProtocol);
m_encoder.encodeInt(resultCode, 10); // Enumeration - 10
// Adding LDAPDN
m_encoder.encodeString(dn, true);
// Adding error message
m_encoder.encodeString((errMsg == null)?"":errMsg, true);
m_encoder.endSeq();
m_encoder.endSeq();
}
catch (Exception ex)
{
log.log(Level.SEVERE, "", ex);
}
} // generateResult()
/*
* Should it be close the connection with client
*/
public boolean getDone()
{
if (errNo != LDAP_SUCCESS)
return true;
return disconnect;
} // getDone()
/**
* Set the error No
* @param errNo Error Number
*/
public void setErrorNo(int errNo)
{
this.errNo = errNo;
} // setErrorNo()
/**
* Get the error No
* @return errNo Error Number
*/
public int getErrorNo()
{
return errNo;
} // getErrorNo()
/**
* Set the error String
* @param errStr Error String
*/
public void setErrorString(String errStr)
{
this.errStr = errStr;
} // setErrorStr()
static final int LDAP_SUCCESS = 0;
static final int LDAP_OPERATIONS_ERROR = 1;
static final int LDAP_PROTOCOL_ERROR = 2;
static final int LDAP_TIME_LIMIT_EXCEEDED = 3;
static final int LDAP_SIZE_LIMIT_EXCEEDED = 4;
static final int LDAP_COMPARE_FALSE = 5;
static final int LDAP_COMPARE_TRUE = 6;
static final int LDAP_AUTH_METHOD_NOT_SUPPORTED = 7;
static final int LDAP_STRONG_AUTH_REQUIRED = 8;
static final int LDAP_PARTIAL_RESULTS = 9;
static final int LDAP_REFERRAL = 10;
static final int LDAP_ADMIN_LIMIT_EXCEEDED = 11;
static final int LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12;
static final int LDAP_CONFIDENTIALITY_REQUIRED = 13;
static final int LDAP_SASL_BIND_IN_PROGRESS = 14;
static final int LDAP_NO_SUCH_ATTRIBUTE = 16;
static final int LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17;
static final int LDAP_INAPPROPRIATE_MATCHING = 18;
static final int LDAP_CONSTRAINT_VIOLATION = 19;
static final int LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20;
static final int LDAP_INVALID_ATTRIBUTE_SYNTAX = 21;
static final int LDAP_NO_SUCH_OBJECT = 32;
static final int LDAP_ALIAS_PROBLEM = 33;
static final int LDAP_INVALID_DN_SYNTAX = 34;
static final int LDAP_IS_LEAF = 35;
static final int LDAP_ALIAS_DEREFERENCING_PROBLEM = 36;
static final int LDAP_INAPPROPRIATE_AUTHENTICATION = 48;
static final int LDAP_INVALID_CREDENTIALS = 49;
static final int LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50;
static final int LDAP_BUSY = 51;
static final int LDAP_UNAVAILABLE = 52;
static final int LDAP_UNWILLING_TO_PERFORM = 53;
static final int LDAP_LOOP_DETECT = 54;
static final int LDAP_NAMING_VIOLATION = 64;
static final int LDAP_OBJECT_CLASS_VIOLATION = 65;
static final int LDAP_NOT_ALLOWED_ON_NON_LEAF = 66;
static final int LDAP_NOT_ALLOWED_ON_RDN = 67;
static final int LDAP_ENTRY_ALREADY_EXISTS = 68;
static final int LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69;
static final int LDAP_AFFECTS_MULTIPLE_DSAS = 71;
static final int LDAP_OTHER = 80;
static final String ldapErrorMessage[] = {
"Success", "Operations Error", "Protocol Error", "Timelimit Exceeded",
"Sizelimit Exceeded", "Compare False", "Compare True",
"Authentication Method Not Supported", "Strong Authentication Required", null,
"Referral", "Administrative Limit Exceeded", "Unavailable Critical Extension",
"Confidentiality Required", "SASL Bind In Progress", null, "No Such Attribute",
"Undefined Attribute Type", "Inappropriate Matching", "Constraint Violation",
"Attribute Or Value Exists", "Invalid Attribute Syntax", null, null, null,
null, null, null, null, null,null, null, "No Such Object", "Alias Problem",
"Invalid DN Syntax", null, "Alias Dereferencing Problem", null, null, null,
null, null, null, null, null, null, null, null, "Inappropriate Authentication",
"Invalid Credentials", "Insufficient Access Rights", "Busy", "Unavailable",
"Unwilling To Perform", "Loop Detect", null, null, null, null, null,
null, null, null, null, "Naming Violation", "Object Class Violation",
"Not Allowed On Non-leaf", "Not Allowed On RDN", "Entry Already Exists",
"Object Class Modifications Prohibited", null, "Affects Multiple DSAs", null,
null, null, null, null, null, null, null,"Other", null, null, null, null,
null, null, null, null, null,null
};
} // LdapResult

View File

@ -1,57 +0,0 @@
/******************************************************************************
* Copyright (C) 2013 Heng Sin Low *
* Copyright (C) 2013 Trek Global *
* This program is free software; you can redistribute it and/or modify it *
* under the terms version 2 of the GNU General Public License as published *
* by the Free Software Foundation. This program is distributed in the hope *
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied *
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU General Public License for more details. *
* You should have received a copy of the GNU General Public License along *
* with this program; if not, write to the Free Software Foundation, Inc., *
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. *
*****************************************************************************/
package org.idempiere.server.factory;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.adempiere.server.IServerFactory;
import org.compiere.ldap.LdapProcessor;
import org.compiere.model.MLdapProcessor;
/**
* @author hengsin
*
*/
public class DefaultLDAPProcessorFactory implements IServerFactory<LdapProcessor, MLdapProcessor> {
/**
* default constructor
*/
public DefaultLDAPProcessorFactory() {
}
@Override
public LdapProcessor[] create(Properties ctx) {
MLdapProcessor[] ldapModels = MLdapProcessor.getActive(ctx);
List<LdapProcessor> list = new ArrayList<LdapProcessor>();
for (MLdapProcessor lp : ldapModels)
{
LdapProcessor server = create(ctx, lp);
list.add(server);
}
return list.toArray(new LdapProcessor[0]);
}
@Override
public Class<MLdapProcessor> getProcessorClass() {
return MLdapProcessor.class;
}
@Override
public LdapProcessor create(Properties ctx, MLdapProcessor serverModel) {
return new LdapProcessor(serverModel);
}
}