153 lines
5.4 KiB
Java
153 lines
5.4 KiB
Java
|
package org.gcube.portal.removeaccount.thread;
|
||
|
|
||
|
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
||
|
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||
|
|
||
|
import java.util.List;
|
||
|
import java.util.Properties;
|
||
|
|
||
|
import javax.naming.Context;
|
||
|
import javax.naming.InitialContext;
|
||
|
import javax.naming.NameNotFoundException;
|
||
|
import javax.naming.NamingException;
|
||
|
|
||
|
import org.gcube.common.encryption.encrypter.StringEncrypter;
|
||
|
import org.gcube.common.portal.PortalContext;
|
||
|
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||
|
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||
|
import org.gcube.common.resources.gcore.ServiceEndpoint.Property;
|
||
|
import org.gcube.common.resources.gcore.utils.Group;
|
||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||
|
import org.gcube.resources.discovery.client.api.DiscoveryClient;
|
||
|
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
|
||
|
|
||
|
import com.liferay.portal.kernel.log.Log;
|
||
|
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||
|
|
||
|
/**
|
||
|
*
|
||
|
* @author Massimiliano Assante ISTI-CNR
|
||
|
*
|
||
|
*/
|
||
|
public class RemovedUserFromLDAPThread implements Runnable {
|
||
|
private static Log _log = LogFactoryUtil.getLog(RemovedUserFromLDAPThread.class);
|
||
|
private static final String LDAP_SERVER_NAME = "LDAPServer";
|
||
|
private static final String LDAP_SERVER_PRINCPAL_NAME = "ldapPrincipal";
|
||
|
private static final String USER_CONTEXT = ",ou=People,o=D4Science,ou=Organizations,dc=d4science,dc=org";
|
||
|
|
||
|
private String portalName;
|
||
|
private String ldapUrl;
|
||
|
private String principal;
|
||
|
private String ldapPassword;
|
||
|
|
||
|
private String username2Delete;
|
||
|
|
||
|
public RemovedUserFromLDAPThread(String username2Delete) {
|
||
|
this.username2Delete = username2Delete;
|
||
|
}
|
||
|
|
||
|
|
||
|
@SuppressWarnings("deprecation")
|
||
|
@Override
|
||
|
public void run() {
|
||
|
portalName = PortalContext.getPortalInstanceName();
|
||
|
|
||
|
PortalContext context = PortalContext.getConfiguration();
|
||
|
String scope = "/" + context.getInfrastructureName();
|
||
|
ScopeProvider.instance.set(scope);
|
||
|
|
||
|
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||
|
query.addCondition("$resource/Profile/Category/text() eq 'Portal'");
|
||
|
query.addCondition("$resource/Profile/Name/text() eq '" + portalName + "'");
|
||
|
|
||
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||
|
|
||
|
List<ServiceEndpoint> list = client.submit(query);
|
||
|
if (list == null || list.isEmpty()) {
|
||
|
_log.error("Could not find any Service endpoint registred in the infrastructure for this portal: " + portalName);
|
||
|
}
|
||
|
else if (list.size() > 1) {
|
||
|
_log.warn("Found more than one Service endpoint registred in the infrastructure for this portal: " + portalName);
|
||
|
}
|
||
|
else {
|
||
|
for (ServiceEndpoint res : list) {
|
||
|
Group<AccessPoint> apGroup = res.profile().accessPoints();
|
||
|
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
|
||
|
for (int i = 0; i < accessPoints.length; i++) {
|
||
|
if (accessPoints[i].name().compareTo(LDAP_SERVER_NAME) == 0) {
|
||
|
_log.info("Found credentials for " + LDAP_SERVER_NAME);
|
||
|
AccessPoint found = accessPoints[i];
|
||
|
ldapUrl = found.address();
|
||
|
String encrPassword = found.password();
|
||
|
try {
|
||
|
ldapPassword = StringEncrypter.getEncrypter().decrypt( encrPassword);
|
||
|
} catch (Exception e) {
|
||
|
_log.error("Something went wrong while decrypting password for " + LDAP_SERVER_NAME);
|
||
|
e.printStackTrace();
|
||
|
}
|
||
|
Group<Property> propGroup = found.properties();
|
||
|
Property[] props = (Property[]) propGroup.toArray(new Property[propGroup.size()]);
|
||
|
for (int j = 0; j < props.length; j++) {
|
||
|
if (props[j].name().compareTo(LDAP_SERVER_PRINCPAL_NAME) == 0) {
|
||
|
_log.info("\tFound properties of " + LDAP_SERVER_PRINCPAL_NAME);
|
||
|
String encrValue = props[j].value();
|
||
|
try {
|
||
|
principal = StringEncrypter.getEncrypter().decrypt(encrValue);
|
||
|
} catch (Exception e) {
|
||
|
_log.error("Something went wrong while decrypting value for " + LDAP_SERVER_PRINCPAL_NAME);
|
||
|
e.printStackTrace();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
_log.debug("Got LDAP connection info from IS Resource ...");
|
||
|
/*************** */
|
||
|
_log.debug("Initializing LDAP connection ...");
|
||
|
|
||
|
Properties env = new Properties();
|
||
|
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
|
||
|
env.put(Context.PROVIDER_URL, ldapUrl);
|
||
|
env.put(Context.SECURITY_PRINCIPAL, principal);
|
||
|
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
|
||
|
|
||
|
try {
|
||
|
Context ctx = new InitialContext(env);
|
||
|
String userCtx2Delete = getSubContext(username2Delete);
|
||
|
// Remove the binding
|
||
|
_log.debug("***** trying delete userCtx=" + userCtx2Delete);
|
||
|
ctx.unbind(userCtx2Delete);
|
||
|
// Check that it is gone
|
||
|
Object obj = null;
|
||
|
try {
|
||
|
obj = ctx.lookup(userCtx2Delete);
|
||
|
} catch (NameNotFoundException ne) {
|
||
|
_log.info("unbind successful for "+userCtx2Delete);
|
||
|
return;
|
||
|
}
|
||
|
_log.error("unbind failed; object still there: " + obj);
|
||
|
// Close the context when we're done
|
||
|
ctx.close();
|
||
|
} catch (NamingException e) {
|
||
|
_log.error("Something went Wrong during LDAP remove user");
|
||
|
e.printStackTrace();
|
||
|
} catch (Exception es) {
|
||
|
_log.error("Something went Wrong during LDAP remove user in retrieving Liferay Organization");
|
||
|
es.printStackTrace();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
*
|
||
|
* @param username
|
||
|
* @return the single user subContext
|
||
|
*/
|
||
|
private String getSubContext(String username) {
|
||
|
return "uid="+username+USER_CONTEXT;
|
||
|
}
|
||
|
|
||
|
}
|