From 1b4a847d257d8d68dc901705d8ea8f471705a972 Mon Sep 17 00:00:00 2001 From: "David M. Carr" Date: Sun, 19 Dec 2010 18:49:51 -0500 Subject: [PATCH 1/3] Fix typo in DebugServlet --- scm-webapp/src/main/java/sonia/scm/util/DebugServlet.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scm-webapp/src/main/java/sonia/scm/util/DebugServlet.java b/scm-webapp/src/main/java/sonia/scm/util/DebugServlet.java index e1c4f7aa9a..86a329a04b 100644 --- a/scm-webapp/src/main/java/sonia/scm/util/DebugServlet.java +++ b/scm-webapp/src/main/java/sonia/scm/util/DebugServlet.java @@ -198,8 +198,8 @@ public class DebugServlet extends HttpServlet private void printHeader(PrintWriter writer) { writer.append(""); - writer.append("SCM Manaer :: Debugging"); - writer.append("

SCM Manaer :: Debugging

"); + writer.append("SCM Manager :: Debugging"); + writer.append("

SCM Manager :: Debugging

"); } /** From 39ee0af8c5b36280bdbdc12b8319c2a0c4a84a7b Mon Sep 17 00:00:00 2001 From: "David M. Carr" Date: Sun, 19 Dec 2010 18:52:12 -0500 Subject: [PATCH 2/3] Initial implementation of an authentication plugin for Active Directory. --- plugins/pom.xml | 1 + .../scm-activedirectory-auth-plugin/pom.xml | 56 +++ .../ActiveDirectoryAuthenticationHandler.java | 345 ++++++++++++++++++ .../auth/ActiveDirectoryConfig.java | 129 +++++++ .../auth/ActiveDirectoryConfigResource.java | 119 ++++++ .../main/resources/META-INF/scm/plugin.xml | 51 +++ .../auth/sonia.activedirectory-auth.js | 90 +++++ 7 files changed, 791 insertions(+) create mode 100644 plugins/scm-activedirectory-auth-plugin/pom.xml create mode 100644 plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java create mode 100644 plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java create mode 100644 plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java create mode 100644 plugins/scm-activedirectory-auth-plugin/src/main/resources/META-INF/scm/plugin.xml create mode 100644 plugins/scm-activedirectory-auth-plugin/src/main/resources/sonia/scm/activedirectory/auth/sonia.activedirectory-auth.js diff --git a/plugins/pom.xml b/plugins/pom.xml index 42e919298e..0e2e74923d 100644 --- a/plugins/pom.xml +++ b/plugins/pom.xml @@ -20,6 +20,7 @@ scm-svn-plugin scm-git-plugin scm-graph-plugin + scm-activedirectory-auth-plugin diff --git a/plugins/scm-activedirectory-auth-plugin/pom.xml b/plugins/scm-activedirectory-auth-plugin/pom.xml new file mode 100644 index 0000000000..4dc2a5c15d --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/pom.xml @@ -0,0 +1,56 @@ + + + + 4.0.0 + + + scm-plugins + sonia.scm.plugins + 1.0-M5-SNAPSHOT + + + sonia.scm.plugins + scm-activedirectory-auth-plugin + 1.0-M5-SNAPSHOT + scm-activedirectory-auth-plugin + https://bitbucket.org/sdorra/scm-manager + + Plugin for using Active Directory as an authentication handler. + Currently only supports running on Windows in a 32-bit JVM. + + + + + + javax.servlet + servlet-api + ${servlet.version} + provided + + + + sonia.scm + scm-core + 1.0-M5-SNAPSHOT + + + + org.jvnet.com4j.typelibs + ado20 + 1.0 + + + org.jvnet.com4j.typelibs + active-directory + 1.0 + + + org.jvnet.com4j + com4j + 20080107 + + + + + diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java new file mode 100644 index 0000000000..326652e6d1 --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java @@ -0,0 +1,345 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.activedirectory.auth; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Inject; +import com.google.inject.Singleton; +import com4j.COM4J; +import com4j.Com4jObject; +import com4j.ComException; +import com4j.ExecutionException; +import com4j.Variant; +import com4j.typelibs.activeDirectory.IADs; +import com4j.typelibs.activeDirectory.IADsGroup; +import com4j.typelibs.activeDirectory.IADsOpenDSObject; +import com4j.typelibs.activeDirectory.IADsUser; +import com4j.typelibs.ado20.ClassFactory; +import com4j.typelibs.ado20._Command; +import com4j.typelibs.ado20._Connection; +import com4j.typelibs.ado20._Recordset; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import sonia.scm.SCMContextProvider; +import sonia.scm.plugin.ext.Extension; +import sonia.scm.store.Store; +import sonia.scm.store.StoreFactory; +import sonia.scm.user.User; +import sonia.scm.util.AssertUtil; +import sonia.scm.web.security.AuthenticationHandler; +import sonia.scm.web.security.AuthenticationResult; + +//~--- JDK imports ------------------------------------------------------------ + +import java.io.File; +import java.io.IOException; + +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * An AuthenticationHandler that uses ADSI/COM to perform authentication against + * Active Directory with minimal configuration needed. Currently only supported + * on Windows with a 32-bit JVM. Based on the Hudson active-directory plugin + * by Kohsuke Kawaguchi. + * + * @author David M. Carr + */ +@Singleton +@Extension +public class ActiveDirectoryAuthenticationHandler implements AuthenticationHandler +{ + + /** Field description */ + public static final String STORE_NAME = "activedirectory-auth"; + + /** Field description */ + public static final String TYPE = "activedirectory"; + + /** the logger for ActiveDirectoryAuthenticationHandler */ + private static final Logger logger = + LoggerFactory.getLogger(ActiveDirectoryAuthenticationHandler.class); + + //~--- constructors --------------------------------------------------------- + + /** + * Constructs ... + * + * + * @param storeFactory + */ + @Inject + public ActiveDirectoryAuthenticationHandler(StoreFactory storeFactory) + { + store = storeFactory.getStore(ActiveDirectoryConfig.class, STORE_NAME); + } + + //~--- methods -------------------------------------------------------------- + + private static boolean isWindows() { + return File.pathSeparatorChar==';'; + } + + private static boolean is32bit() { + return "32".equals(System.getProperty("sun.arch.data.model")); + } + + /** + * If true, we can do ADSI/COM based look up. Otherwise, we would need an + * alternate approach, which has yet to be implemented. + */ + public boolean canDoNativeAuth() { + return isWindows() && is32bit(); + } + + /** + * Method description + * + * + * @param request + * @param response + * @param username + * @param password + * + * @return + */ + @Override + public AuthenticationResult authenticate(HttpServletRequest request, + HttpServletResponse response, String username, String password) + { + AssertUtil.assertIsNotEmpty(username); + AssertUtil.assertIsNotEmpty(password); + + return authenticate(username, password); + } + + /** + * Method description + * + * + * @throws IOException + */ + @Override + public void close() throws IOException + { + con.close(); + con.dispose(); + } + + /** + * Method description + * + * + * @param context + */ + @Override + public void init(SCMContextProvider context) + { + + config = store.get(); + + if (config == null) + { + config = new ActiveDirectoryConfig(); + } + + if(!canDoNativeAuth()) { + if(logger.isErrorEnabled()) { + logger.error("Currently, this plugin is only supported on Windows " + + "with a 32-bit JVM. Active Directory information will not be " + + "available."); + } + return; + } + + try { + IADs rootDSE = COM4J.getObject(IADs.class, "LDAP://RootDSE", null); + defaultNamingContext = (String)rootDSE.get("defaultNamingContext"); + logger.info("Active Directory domain is "+defaultNamingContext); + con = ClassFactory.createConnection(); + con.provider("ADsDSOObject"); + con.open("Active Directory Provider",""/*default*/,""/*default*/,-1/*default*/); + logger.debug("Connected to Active Directory"); + } catch(ExecutionException ex) { + logger.error("Failure initializing ADSI connection", ex); + } + } + + /** + * Method description + * + */ + public void storeConfig() + { + store.set(config); + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + public ActiveDirectoryConfig getConfig() + { + return config; + } + + /** + * Method description + * + * + * @return + */ + @Override + public String getType() + { + return TYPE; + } + + //~--- set methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param config + */ + public void setConfig(ActiveDirectoryConfig config) + { + this.config = config; + } + + //~--- methods -------------------------------------------------------------- + + /** + * Method description + * + * + * @param username + * @param password + * + * @return + */ + private AuthenticationResult authenticate(String username, String password) + { + if(!canDoNativeAuth()) { + return null; + } + if(con == null) { + return null; + } + + AuthenticationResult result; + String dn = getDnOfUserOrGroup(username); + // now we got the DN of the user + IADsOpenDSObject dso = COM4J.getObject(IADsOpenDSObject.class,"LDAP:",null); + try { + IADsUser usr = dso.openDSObject("LDAP://"+dn, dn, password, 0) + .queryInterface(IADsUser.class); + if (usr != null) { + User user = new User(username, usr.fullName(), usr.emailAddress()); + user.setType(TYPE); + user.setAdmin(isAdmin(usr)); + if(!usr.accountDisabled()) { + result = new AuthenticationResult(user); + } else { // Account disabled + result = AuthenticationResult.FAILED; + } + } else {// the user name was in fact a group + result = AuthenticationResult.NOT_FOUND; + } + } catch (ComException e) { + result = AuthenticationResult.FAILED; + } + return result; + } + + private boolean isAdmin(IADsUser usr) + { + boolean admin = false; + + Set adminGroups = config.getAdminGroupSet(); + if(!adminGroups.isEmpty()) { + for(Com4jObject g : usr.groups() ) { + IADsGroup grp = g.queryInterface(IADsGroup.class); + // cut "CN=" and make that the role name + String groupName = grp.name().substring(3); + if(adminGroups.contains(groupName)) { + admin = true; + } + } + } + + if(config.getAdminUserSet().contains(usr.name())) { + admin = true; + } + return admin; + } + + protected String getDnOfUserOrGroup(String userOrGroupname) { + String dn; + _Command cmd = ClassFactory.createCommand(); + cmd.activeConnection(con); + cmd.commandText(";(sAMAccountName="+userOrGroupname+");distinguishedName;subTree"); + _Recordset rs = cmd.execute(null, Variant.MISSING, -1/*default*/); + if(!rs.eof()) { + dn = rs.fields().item("distinguishedName").value().toString(); + } else { + dn = null; // No such user or group + } + return dn; + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private ActiveDirectoryConfig config; + + /** Field description */ + private Store store; + + /** Field description */ + private String defaultNamingContext; + + /** Field description */ + private _Connection con; +} diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java new file mode 100644 index 0000000000..717414d3f2 --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfig.java @@ -0,0 +1,129 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.activedirectory.auth; + +//~--- JDK imports ------------------------------------------------------------ + +import java.util.HashSet; +import java.util.Set; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; + +/** + * + * @author David M. Carr + */ +@XmlRootElement(name = "activedirectory-config") +@XmlAccessorType(XmlAccessType.FIELD) +public class ActiveDirectoryConfig +{ + + /** + * Method description + * + * + * @return + */ + public String getAdminGroups() + { + return adminGroups; + } + + /** + * Method description + * + * + * @return + */ + public String getAdminUsers() + { + return adminUsers; + } + + Set getAdminGroupSet() { + return split(adminGroups); + } + + Set getAdminUserSet() { + return split(adminUsers); + } + + private Set split(String rawString) { + Set tokens = new HashSet(); + for(String token : rawString.split(",")) { + if(token.trim().length() > 0) { + tokens.add(token); + } + } + return tokens; + } + + //~--- set methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param passwordSuffix + */ + public void setAdminGroups(String adminGroups) + { + this.adminGroups = adminGroups; + } + + /** + * Method description + * + * + * @param passwordSuffix + */ + public void setAdminUsers(String adminUsers) + { + this.adminUsers = adminUsers; + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + @XmlElement(name = "admin-groups") + private String adminGroups = ""; + + /** Field description */ + @XmlElement(name = "admin-users") + private String adminUsers = ""; + +} diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java new file mode 100644 index 0000000000..cd15785441 --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryConfigResource.java @@ -0,0 +1,119 @@ +/** + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.activedirectory.auth; + +//~--- non-JDK imports -------------------------------------------------------- + +import com.google.inject.Inject; +import com.google.inject.Singleton; + +//~--- JDK imports ------------------------------------------------------------ + +import java.io.IOException; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; + +/** + * + * @author David M. Carr + */ +@Singleton +@Path("config/auth/activedirectory") +public class ActiveDirectoryConfigResource +{ + + /** + * Constructs ... + * + * + * @param authenticationHandler + */ + @Inject + public ActiveDirectoryConfigResource(ActiveDirectoryAuthenticationHandler authenticationHandler) + { + this.authenticationHandler = authenticationHandler; + } + + //~--- get methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @return + */ + @GET + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public ActiveDirectoryConfig getConfig() + { + return authenticationHandler.getConfig(); + } + + //~--- set methods ---------------------------------------------------------- + + /** + * Method description + * + * + * @param uriInfo + * @param config + * + * @return + * + * @throws IOException + */ + @POST + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + public Response setConfig(@Context UriInfo uriInfo, ActiveDirectoryConfig config) + throws IOException + { + authenticationHandler.setConfig(config); + authenticationHandler.storeConfig(); + + return Response.created(uriInfo.getRequestUri()).build(); + } + + //~--- fields --------------------------------------------------------------- + + /** Field description */ + private ActiveDirectoryAuthenticationHandler authenticationHandler; +} diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/resources/META-INF/scm/plugin.xml b/plugins/scm-activedirectory-auth-plugin/src/main/resources/META-INF/scm/plugin.xml new file mode 100644 index 0000000000..2de6d88536 --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/src/main/resources/META-INF/scm/plugin.xml @@ -0,0 +1,51 @@ + + + + + + + ${project.groupId} + ${project.artifactId} + ${project.version} + ${project.name} + ${project.description} + David M. Carr + ${project.url} + + + + + + + diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/resources/sonia/scm/activedirectory/auth/sonia.activedirectory-auth.js b/plugins/scm-activedirectory-auth-plugin/src/main/resources/sonia/scm/activedirectory/auth/sonia.activedirectory-auth.js new file mode 100644 index 0000000000..58b3fe45a0 --- /dev/null +++ b/plugins/scm-activedirectory-auth-plugin/src/main/resources/sonia/scm/activedirectory/auth/sonia.activedirectory-auth.js @@ -0,0 +1,90 @@ +/* * + * Copyright (c) 2010, Sebastian Sdorra + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * 3. Neither the name of SCM-Manager; nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + +registerGeneralConfigPanel({ + xtype : 'configForm', + title : 'Active Directory Authentication', + items : [{ + xtype : 'textfield', + fieldLabel : 'Admin Groups', + name : 'admin-groups', + allowBlank : true + },{ + xtype : 'textfield', + fieldLabel : 'Admin Users', + name : 'admin-users', + allowBlank : true + }], + + onSubmit: function(values){ + this.el.mask('Submit ...'); + Ext.Ajax.request({ + url: restUrl + 'config/auth/activedirectory.json', + method: 'POST', + jsonData: values, + scope: this, + disableCaching: true, + success: function(response){ + this.el.unmask(); + }, + failure: function(){ + this.el.unmask(); + } + }); + }, + + onLoad: function(el){ + var tid = setTimeout( function(){ el.mask('Loading ...'); }, 100); + Ext.Ajax.request({ + url: restUrl + 'config/auth/activedirectory.json', + method: 'GET', + scope: this, + disableCaching: true, + success: function(response){ + var obj = Ext.decode(response.responseText); + this.load(obj); + clearTimeout(tid); + el.unmask(); + }, + failure: function(){ + el.unmask(); + clearTimeout(tid); + Ext.MessageBox.show({ + title: 'Error', + msg: 'Could not load Active Directory config.', + buttons: Ext.MessageBox.OK, + icon:Ext.MessageBox.ERROR + }); + } + }); + } +}); \ No newline at end of file From c9f7a30b1de584a43e5fd3b2e708b7d9c9451324 Mon Sep 17 00:00:00 2001 From: "David M. Carr" Date: Mon, 20 Dec 2010 12:16:45 -0500 Subject: [PATCH 3/3] Fix an issue with the Active Directory authentication where admin users weren't being properly recognized as admins. This plugin has now been tested, and appears to be working as intended. --- .../auth/ActiveDirectoryAuthenticationHandler.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java index 326652e6d1..554cce8c26 100644 --- a/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java +++ b/plugins/scm-activedirectory-auth-plugin/src/main/java/sonia/scm/activedirectory/auth/ActiveDirectoryAuthenticationHandler.java @@ -278,7 +278,7 @@ public class ActiveDirectoryAuthenticationHandler implements AuthenticationHandl if (usr != null) { User user = new User(username, usr.fullName(), usr.emailAddress()); user.setType(TYPE); - user.setAdmin(isAdmin(usr)); + user.setAdmin(isAdmin(usr, username)); if(!usr.accountDisabled()) { result = new AuthenticationResult(user); } else { // Account disabled @@ -293,7 +293,7 @@ public class ActiveDirectoryAuthenticationHandler implements AuthenticationHandl return result; } - private boolean isAdmin(IADsUser usr) + private boolean isAdmin(IADsUser usr, String username) { boolean admin = false; @@ -309,7 +309,7 @@ public class ActiveDirectoryAuthenticationHandler implements AuthenticationHandl } } - if(config.getAdminUserSet().contains(usr.name())) { + if(config.getAdminUserSet().contains(username)) { admin = true; } return admin;