/** * This work was created by participants in the DataONE project, and is * jointly copyrighted by participating institutions in DataONE. For * more information on DataONE, see our web site at http://dataone.org. * * Copyright ${year} * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * $Id$ */ package org.dataone.portal.servlets.ldap; import java.io.File; import java.io.IOException; import java.nio.charset.Charset; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.dataone.client.auth.CertificateManager; import org.dataone.client.v2.itk.D1Client; import org.dataone.configuration.Settings; import org.dataone.portal.session.SessionHelper; import org.dataone.service.exceptions.BaseException; import org.dataone.service.exceptions.NotFound; import org.dataone.service.types.v1.Person; import org.dataone.service.types.v1.Subject; import org.dataone.service.types.v1.SubjectInfo; /** * Simple servlet for handling ORCID auth */ public class LdapServlet extends HttpServlet { private static Log log = LogFactory.getLog(LdapServlet.class); private AuthLdap auth = null; private Base64 b64 = new Base64(); public void init(ServletConfig config) throws ServletException { // augment the properties with configured portal properties file String propertiesFile = config.getServletContext().getInitParameter("portal.properties.file"); if (propertiesFile != null) { try { Settings.augmentConfiguration(propertiesFile); } catch (ConfigurationException e) { // report the exception throw new ServletException(e); } } // initialize the auth ldap instance try { auth = new AuthLdap(); } catch (InstantiationException e) { throw new ServletException(e); } // initialize the session helper SessionHelper.getInstance().init(config); // set up certificate manager to act as CN String certificateLocation = Settings.getConfiguration().getString("D1Client.certificate.directory") + File.separator + Settings.getConfiguration().getString("D1Client.certificate.filename"); CertificateManager.getInstance().setCertificateLocation(certificateLocation); } @Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { handleRequest(request, response); } @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { handleRequest(request, response); } private void handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // where should we end up with after authentication? String target = request.getParameter("target"); // get session to save information to HttpSession session = request.getSession(); // get credentials from request - either header or parameters String username = null; String password = null; // authenticate from header String authorization = request.getHeader("Authorization"); if (authorization != null && authorization.startsWith("Basic")) { // Authorization: Basic base64credentials String base64Credentials = authorization.substring("Basic".length()).trim(); String credentials = new String(b64.decode(base64Credentials), Charset.forName("UTF-8")); // credentials = username:password String[] values = credentials.split(":", 2); username = values[0]; password = values[1]; } else { // or check the request parameters username = request.getParameter("username"); password = request.getParameter("password"); } boolean authenticated; if((username != null && !username.isEmpty()) && (password != null && !password.isEmpty())) { // test authentication against LDAP authenticated = auth.authenticate(username, password); } else { log.warn("Unable to authenticate LDAP user. Missing username or password."); //Go back to the target with an error URL parameter response.sendRedirect(target + "?error=Unable%20to%20authenticate%20LDAP%20user"); return; } if (authenticated) { SubjectInfo info = auth.getSubjectInfo(username); String fullName = info.getPerson(0).getGivenName(0) + " " + info.getPerson(0).getFamilyName(); session.setAttribute("userId", username); session.setAttribute("name", fullName); session.setAttribute("accessToken", "valueNotUsed"); // save session for later (token retrieval) SessionHelper.getInstance().saveSession(session); // register them with the CN? try { try { SubjectInfo registeredInfo = D1Client.getCN().getSubjectInfo(null, info.getPerson(0).getSubject()); } catch (NotFound nf) { // so register them D1Client.getCN().registerAccount(null, info.getPerson(0)); } } catch (BaseException be) { // oh well, didn't register it, or something went wrong log.warn(be.getMessage(), be); } // send to target location response.sendRedirect(target); return; } // Go back to the target with an error URL parameter log.warn("Unable to authenticate LDAP user: " + username); response.sendRedirect(target + "?error=Unable%20to%20authenticate%20LDAP%20user"); } }