idok-commit AT lists.psi.ch
Subject: Commit emails of the iDok project
List archive
[idok-commit] idok commit r150 - in trunk/java/ch/idok: qtgui service/server/admin
Chronological Thread
- From: "Apache" <apache AT savannah.psi.ch>
- To: idok-commit AT lists.psi.ch
- Subject: [idok-commit] idok commit r150 - in trunk/java/ch/idok: qtgui service/server/admin
- Date: Thu, 24 Jul 2008 12:01:27 +0200
- List-archive: <https://lists.web.psi.ch/pipermail/idok-commit/>
- List-id: Commit emails of the iDok project <idok-commit.lists.psi.ch>
Author: huebner AT PSI.CH
Date: Thu Jul 24 12:01:27 2008
New Revision: 150
Log:
User name and password are now required to access the LDAP features for
user/group rights management.
Modified:
trunk/java/ch/idok/qtgui/AdminController.java
trunk/java/ch/idok/qtgui/AuthorizationController.java
trunk/java/ch/idok/qtgui/FolderTree.java
trunk/java/ch/idok/qtgui/Ldap.java
trunk/java/ch/idok/service/server/admin/Admin.java
Modified: trunk/java/ch/idok/qtgui/AdminController.java
==============================================================================
--- trunk/java/ch/idok/qtgui/AdminController.java (original)
+++ trunk/java/ch/idok/qtgui/AdminController.java Thu Jul 24 12:01:27
2008
@@ -914,6 +914,7 @@
auc.setRepository(project, repo);
auc.setFolderPath("/");
auc.defineAccessRights();
+ auc.setupLdap();
}
private String askFor(String prompt) {
Modified: trunk/java/ch/idok/qtgui/AuthorizationController.java
==============================================================================
--- trunk/java/ch/idok/qtgui/AuthorizationController.java (original)
+++ trunk/java/ch/idok/qtgui/AuthorizationController.java Thu Jul 24
12:01:27 2008
@@ -23,8 +23,12 @@
import java.util.Collections;
import java.util.List;
+import javax.security.auth.Subject;
+
import ch.idok.common.errorhandling.DmsException;
import ch.idok.common.util.AnybodyDmsCredentials;
+import ch.idok.common.util.DmsCredentials;
+import ch.idok.common.util.Krb5DmsCredentials;
import ch.idok.service.common.admin.AdminService;
import com.trolltech.qt.core.QObject;
@@ -46,6 +50,7 @@
import com.trolltech.qt.gui.QLineEdit;
import com.trolltech.qt.gui.QMenu;
import com.trolltech.qt.gui.QMessageBox;
+import com.trolltech.qt.gui.QPixmap;
import com.trolltech.qt.gui.QProgressDialog;
import com.trolltech.qt.gui.QPushButton;
import com.trolltech.qt.gui.QRadioButton;
@@ -121,6 +126,10 @@
private static QCursor BUSYCURSOR = new
QCursor(Qt.CursorShape.BusyCursor);
+ private static Krb5DmsCredentials krb5cred_;
+
+ private static Ldap ldap_;
+
public AuthorizationController() {
asd_ = new QDialog();
@@ -316,6 +325,34 @@
emptySpaceMenu_.addAction(actionH);
emptySpaceMenu_.addAction(actionI);
+ krb5cred_ = new Krb5DmsCredentials(null,null,null);
+ }
+
+ public final void setupLdap(){
+
+ GuiClientHandler handler = GuiClientHandler.getInstance();
+ DmsCredentials cred = handler.getCredentials();
+ if (cred.getPassword() != null) {
+ krb5cred_.setPassword(cred.getPassword());
+ }
+ if (krb5cred_.getPassword() == null){
+ QDialog d = new QDialog();
+ d.setModal(true);
+ Ui_PasswordDialog ui = new Ui_PasswordDialog();
+ ui.setupUi(d);
+ ui.passwordLineEdit.setEchoMode(QLineEdit.EchoMode.Password);
+ ui.headLineLabel.setText("Enter user name and password");
+ ui.logoLabel.setPixmap(new QPixmap(
+ "classpath:ch/idok/qtgui/images/folder_documents.png"));
+ ui.nameLineEdit.setFocus();
+ int ret = d.exec();
+ if (ret != 0) {
+ krb5cred_.setUsername(ui.nameLineEdit.text());
+
krb5cred_.setPassword(ui.passwordLineEdit.text().toCharArray());
+ }
+ }
+ ldap_ = new Ldap(krb5cred_);
+ asd_.raise();
}
public final void setRepository(String project, String repo) {
Modified: trunk/java/ch/idok/qtgui/FolderTree.java
==============================================================================
--- trunk/java/ch/idok/qtgui/FolderTree.java (original)
+++ trunk/java/ch/idok/qtgui/FolderTree.java Thu Jul 24 12:01:27 2008
@@ -183,7 +183,9 @@
"classpath:ch/idok/qtgui/images/file_locked.png"),
"Define Access Rights", ui.dmsDirWidget);
defineAccessRightAction_.triggered
- .connect(auc_, "defineAccessRights()");
+ .connect(auc_, "defineAccessRights()");
+ defineAccessRightAction_.triggered
+ .connect(auc_, "setupLdap()");
folderDropDownMenu_.addAction(defineAccessRightAction_);
// TODO: sort int data correctly
Modified: trunk/java/ch/idok/qtgui/Ldap.java
==============================================================================
--- trunk/java/ch/idok/qtgui/Ldap.java (original)
+++ trunk/java/ch/idok/qtgui/Ldap.java Thu Jul 24 12:01:27 2008
@@ -17,11 +17,30 @@
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
+import javax.security.auth.Subject;
+
+import org.tmatesoft.svn.core.auth.ISVNAuthenticationManager;
+
+import com.trolltech.qt.gui.QDialog;
+import com.trolltech.qt.gui.QLineEdit;
+import com.trolltech.qt.gui.QPixmap;
+
+import sun.security.krb5.KrbCred;
+
+import ch.idok.common.client.LocalClientHandler;
+import ch.idok.common.errorhandling.DmsException;
+import ch.idok.common.util.DmsCredentials;
+import ch.idok.common.util.Krb5DmsCredentials;
public class Ldap {
public static String ADS_GROUP_TYPE_SECURITY_GROUP = "-2147483646";
public static String ADS_GROUP_TYPE_DISTRIBUTIONLIST_GROUP =
"-2147483640";
+ private static Krb5DmsCredentials krb5cred;
+
+ public Ldap(Krb5DmsCredentials k){
+ krb5cred = k;
+ }
private static String getkey(){
String pass = new String();
@@ -41,21 +60,53 @@
}
private static NamingEnumeration<SearchResult> search(String
searchBase,String searchFilter,String[] returningattribute){
-
- String ldapHost = "d.psi.ch";
- String loginDN = "dmsadmin";
- String password = getkey();
+
+ GuiClientHandler handler = GuiClientHandler.getInstance();
+ DmsCredentials cred = handler.getCredentials();
+ Subject subject = cred.getSubject();
+
+ String ldapHost = "d.psi.ch";
String rootContext = "";
Properties env = new Properties();
-
env.put(
Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
- env.put( Context.PROVIDER_URL, "ldaps://" + ldapHost + "/" +
rootContext );
- env.put( Context.SECURITY_PRINCIPAL, loginDN );
- env.put( Context.SECURITY_CREDENTIALS, password );
-
+ env.put( Context.PROVIDER_URL, "ldaps://" + ldapHost + "/" +
rootContext );
+
NamingEnumeration<SearchResult> list = null;
+// if (subject != null) {
+// list = kerbAuth(subject,env, searchBase, searchFilter,
returningattribute);
+// }else{
+ list = simpleAuth(krb5cred,env, searchBase, searchFilter,
returningattribute);
+// }
+ return list;
+
+ }
+
+
+ private static NamingEnumeration<SearchResult>
simpleAuth(Krb5DmsCredentials cred, Properties env,String searchBase,String
searchFilter,String[] returningattribute){
+
+ String loginDN = cred.getUsername();
+ String password = String.valueOf(cred.getPassword());
+
+// String loginDN = "dmsadmin";
+// String password = getkey();
+
+ env.put( Context.SECURITY_PRINCIPAL, loginDN + "@D.PSI.CH");
+ env.put( Context.SECURITY_CREDENTIALS, password );
+
+ return getList(env, searchBase, searchFilter, returningattribute);
+ }
+
+ private static NamingEnumeration<SearchResult> kerbAuth(Subject
subject,Properties env,String searchBase,String searchFilter,String[]
returningattribute){
+
+ env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+ return (NamingEnumeration<SearchResult>) subject.doAs(subject, new
JndiAction(env, searchBase, searchFilter, returningattribute));
+// return getList(env, searchBase, searchFilter, returningattribute);
+ }
+
+ public static NamingEnumeration<SearchResult> getList(Properties
env,String searchBase,String searchFilter,String[] returningattribute){
+ NamingEnumeration<SearchResult> list = null;
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
@@ -74,12 +125,10 @@
ctx.close();
} catch (NamingException e) {
System.out.println("List failed: " + e);
+ e.printStackTrace();
}
return list;
-
}
-
-
public static ArrayList<String> getGroupMembers(String group){
String[] returningattribute = {"*"};
@@ -198,3 +247,22 @@
}
}
+
+class JndiAction implements java.security.PrivilegedAction {
+ private Properties env;
+ private String searchBase;
+ private String searchFilter;
+ private String[] returningattribute;
+
+ public JndiAction(Properties env,String searchBase,String
searchFilter,String[] returningattribute) {
+ this.env = (Properties)env.clone();
+ this.searchBase = (String)searchBase;
+ this.searchFilter = (String)searchFilter;
+ this.returningattribute = (String[])returningattribute.clone();
+
+ }
+
+ public Object run() {
+ return Ldap.getList(env, searchBase, searchFilter,
returningattribute);
+ }
+}
Modified: trunk/java/ch/idok/service/server/admin/Admin.java
==============================================================================
--- trunk/java/ch/idok/service/server/admin/Admin.java (original)
+++ trunk/java/ch/idok/service/server/admin/Admin.java Thu Jul 24 12:01:27
2008
@@ -60,11 +60,11 @@
.getProperty("ch.idok.server.httpdConfDir");
static private Pattern groupNamePattern = Pattern
- .compile("(?:[a-zA-Z]\\w*/)*@[a-zA-Z]\\w*|"
+
.compile("^@@([a-zA-Z]\\w*[-]?\\w*)|(?:[a-zA-Z]\\w*[-]?\\w*/)*@[a-zA-Z]\\w*[-]?\\w*|"
+ AnybodyDmsCredentials.anybodyGroup);
static private Pattern userOrGroupNamePattern = Pattern
- .compile("(?:[a-zA-Z]\\w*)|(?:[a-zA-Z]\\w*/){1,2}@[a-zA-Z]\\w*|"
+
.compile("^@@([a-zA-Z]\\w*[-]?\\w*)|(?:[a-zA-Z]\\w*[-]?\\w*)|(?:[a-zA-Z]\\w*[-]?\\w*/){0,2}@[a-zA-Z]\\w*[-]?\\w*|"
+ AnybodyDmsCredentials.anybodyGroup);
static private Pattern taskNamePattern = Pattern
- [idok-commit] idok commit r150 - in trunk/java/ch/idok: qtgui service/server/admin, Apache, 07/24/2008
Archive powered by MHonArc 2.6.19.