#678: reopen ldap connection for each login

This commit is contained in:
bgamard 2023-06-29 21:33:05 +02:00
parent 39f96cbd28
commit 2bdb2dc34f
3 changed files with 22 additions and 47 deletions

View File

@ -13,10 +13,9 @@ import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value; import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.message.SearchScope; import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory; import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig; import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool; import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -35,32 +34,14 @@ public class LdapAuthenticationHandler implements AuthenticationHandler {
private static final Logger log = LoggerFactory.getLogger(LdapAuthenticationHandler.class); private static final Logger log = LoggerFactory.getLogger(LdapAuthenticationHandler.class);
/** /**
* LDAP connection pool. * Get a LDAP connection.
* @return LdapConnection
*/ */
private static LdapConnectionPool pool; private LdapConnection getConnection() {
/**
* Reset the LDAP pool.
*/
public static void reset() {
if (pool != null) {
try {
pool.close();
} catch (Exception e) {
// NOP
}
}
pool = null;
}
/**
* Initialize the LDAP pool.
*/
private static void init() {
ConfigDao configDao = new ConfigDao(); ConfigDao configDao = new ConfigDao();
Config ldapEnabled = configDao.getById(ConfigType.LDAP_ENABLED); Config ldapEnabled = configDao.getById(ConfigType.LDAP_ENABLED);
if (pool != null || ldapEnabled == null || !Boolean.parseBoolean(ldapEnabled.getValue())) { if (ldapEnabled == null || !Boolean.parseBoolean(ldapEnabled.getValue())) {
return; return null;
} }
LdapConnectionConfig config = new LdapConnectionConfig(); LdapConnectionConfig config = new LdapConnectionConfig();
@ -70,25 +51,23 @@ public class LdapAuthenticationHandler implements AuthenticationHandler {
config.setName(ConfigUtil.getConfigStringValue(ConfigType.LDAP_ADMIN_DN)); config.setName(ConfigUtil.getConfigStringValue(ConfigType.LDAP_ADMIN_DN));
config.setCredentials(ConfigUtil.getConfigStringValue(ConfigType.LDAP_ADMIN_PASSWORD)); config.setCredentials(ConfigUtil.getConfigStringValue(ConfigType.LDAP_ADMIN_PASSWORD));
DefaultLdapConnectionFactory factory = new DefaultLdapConnectionFactory(config); return new LdapNetworkConnection(config);
pool = new LdapConnectionPool(new ValidatingPoolableLdapConnectionFactory(factory), null);
} }
@Override @Override
public User authenticate(String username, String password) { public User authenticate(String username, String password) {
init();
if (pool == null) {
return null;
}
// Fetch and authenticate the user // Fetch and authenticate the user
Entry userEntry; Entry userEntry;
try { try (LdapConnection ldapConnection = getConnection()) {
EntryCursor cursor = pool.getConnection().search(ConfigUtil.getConfigStringValue(ConfigType.LDAP_BASE_DN), if (ldapConnection == null) {
return null;
}
EntryCursor cursor = ldapConnection.search(ConfigUtil.getConfigStringValue(ConfigType.LDAP_BASE_DN),
ConfigUtil.getConfigStringValue(ConfigType.LDAP_FILTER).replace("USERNAME", username), SearchScope.SUBTREE); ConfigUtil.getConfigStringValue(ConfigType.LDAP_FILTER).replace("USERNAME", username), SearchScope.SUBTREE);
if (cursor.next()) { if (cursor.next()) {
userEntry = cursor.get(); userEntry = cursor.get();
pool.getConnection().bind(userEntry.getDn(), password); ldapConnection.bind(userEntry.getDn(), password);
} else { } else {
// User not found // User not found
return null; return null;

View File

@ -14,7 +14,6 @@ import com.sismics.docs.core.model.jpa.File;
import com.sismics.docs.core.service.InboxService; import com.sismics.docs.core.service.InboxService;
import com.sismics.docs.core.util.ConfigUtil; import com.sismics.docs.core.util.ConfigUtil;
import com.sismics.docs.core.util.DirectoryUtil; import com.sismics.docs.core.util.DirectoryUtil;
import com.sismics.docs.core.util.authentication.LdapAuthenticationHandler;
import com.sismics.docs.core.util.jpa.PaginatedList; import com.sismics.docs.core.util.jpa.PaginatedList;
import com.sismics.docs.core.util.jpa.PaginatedLists; import com.sismics.docs.core.util.jpa.PaginatedLists;
import com.sismics.docs.rest.constant.BaseFunction; import com.sismics.docs.rest.constant.BaseFunction;
@ -27,12 +26,6 @@ import com.sismics.util.context.ThreadLocalContext;
import com.sismics.util.log4j.LogCriteria; import com.sismics.util.log4j.LogCriteria;
import com.sismics.util.log4j.LogEntry; import com.sismics.util.log4j.LogEntry;
import com.sismics.util.log4j.MemoryAppender; import com.sismics.util.log4j.MemoryAppender;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Appender;
import org.apache.log4j.Level;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import jakarta.json.Json; import jakarta.json.Json;
import jakarta.json.JsonArrayBuilder; import jakarta.json.JsonArrayBuilder;
import jakarta.json.JsonObjectBuilder; import jakarta.json.JsonObjectBuilder;
@ -40,6 +33,12 @@ import jakarta.persistence.EntityManager;
import jakarta.persistence.Query; import jakarta.persistence.Query;
import jakarta.ws.rs.*; import jakarta.ws.rs.*;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Appender;
import org.apache.log4j.Level;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException; import java.io.IOException;
import java.nio.file.DirectoryStream; import java.nio.file.DirectoryStream;
import java.nio.file.Files; import java.nio.file.Files;
@ -854,9 +853,6 @@ public class AppResource extends BaseResource {
configDao.update(ConfigType.LDAP_ENABLED, Boolean.FALSE.toString()); configDao.update(ConfigType.LDAP_ENABLED, Boolean.FALSE.toString());
} }
// Reset the LDAP pool to reconnect with the new configuration
LdapAuthenticationHandler.reset();
return Response.ok().build(); return Response.ok().build();
} }
} }

View File

@ -46,7 +46,7 @@
<com.icegreen.greenmail.version>1.6.14</com.icegreen.greenmail.version> <com.icegreen.greenmail.version>1.6.14</com.icegreen.greenmail.version>
<org.jsoup.jsoup.version>1.15.4</org.jsoup.jsoup.version> <org.jsoup.jsoup.version>1.15.4</org.jsoup.jsoup.version>
<com.squareup.okhttp3.okhttp.version>4.10.0</com.squareup.okhttp3.okhttp.version> <com.squareup.okhttp3.okhttp.version>4.10.0</com.squareup.okhttp3.okhttp.version>
<org.apache.directory.api.api-all.version>2.1.2</org.apache.directory.api.api-all.version> <org.apache.directory.api.api-all.version>2.1.3</org.apache.directory.api.api-all.version>
<org.glassfish.jersey.version>3.0.10</org.glassfish.jersey.version> <org.glassfish.jersey.version>3.0.10</org.glassfish.jersey.version>
<jakarta.servlet.jakarta.servlet-api.version>5.0.0</jakarta.servlet.jakarta.servlet-api.version> <jakarta.servlet.jakarta.servlet-api.version>5.0.0</jakarta.servlet.jakarta.servlet-api.version>