From d4fa3bd9dd48f4d5e26850a23f5ba48a9c10ad64 Mon Sep 17 00:00:00 2001 From: Andrew Branson Date: Thu, 5 Jun 2014 15:02:07 +0200 Subject: LDAP refactored behind interfaces. All functions of LDAP now hidden behind interfaces: Authenticator, Lookup and NextKeyManager (LDAP property storage was already a ClusterStorage). Gateway holds additional objects, and Fixes #26 #191. Refs #27 (needs additional work for read perms and auth tokens) --- src/main/java/com/c2kernel/process/Bootstrap.java | 45 ++--- .../java/com/c2kernel/process/ClientShell.java | 4 +- src/main/java/com/c2kernel/process/Gateway.java | 192 +++++++-------------- .../java/com/c2kernel/process/UserCodeProcess.java | 8 +- .../com/c2kernel/process/auth/Authenticator.java | 14 +- .../com/c2kernel/process/auth/ConsoleAuth.java | 4 +- .../java/com/c2kernel/process/auth/ProxyLogin.java | 12 ++ .../java/com/c2kernel/process/module/Module.java | 13 +- .../com/c2kernel/process/module/ModuleManager.java | 12 +- .../com/c2kernel/process/module/ModuleScript.java | 11 +- 10 files changed, 128 insertions(+), 187 deletions(-) create mode 100644 src/main/java/com/c2kernel/process/auth/ProxyLogin.java (limited to 'src/main/java/com/c2kernel/process') diff --git a/src/main/java/com/c2kernel/process/Bootstrap.java b/src/main/java/com/c2kernel/process/Bootstrap.java index f273c5d..bcc5e68 100644 --- a/src/main/java/com/c2kernel/process/Bootstrap.java +++ b/src/main/java/com/c2kernel/process/Bootstrap.java @@ -1,8 +1,8 @@ package com.c2kernel.process; import java.net.InetAddress; -import java.util.Enumeration; import java.util.HashMap; +import java.util.Iterator; import java.util.Set; import java.util.StringTokenizer; @@ -10,6 +10,7 @@ import org.custommonkey.xmlunit.Diff; import org.custommonkey.xmlunit.XMLUnit; import com.c2kernel.common.ObjectNotFoundException; +import com.c2kernel.entity.proxy.AgentProxy; import com.c2kernel.entity.proxy.ItemProxy; import com.c2kernel.events.Event; import com.c2kernel.events.History; @@ -22,7 +23,7 @@ import com.c2kernel.lifecycle.instance.stateMachine.Transition; import com.c2kernel.lookup.AgentPath; import com.c2kernel.lookup.DomainPath; import com.c2kernel.lookup.ItemPath; -import com.c2kernel.lookup.LDAPLookup; +import com.c2kernel.lookup.Lookup; import com.c2kernel.lookup.Path; import com.c2kernel.lookup.RolePath; import com.c2kernel.persistency.ClusterStorage; @@ -47,6 +48,7 @@ public class Bootstrap { static DomainPath thisServerPath; static HashMap resHandlerCache = new HashMap(); + static HashMap systemAgents = new HashMap(); /** * Run everything without timing-out the service wrapper @@ -71,7 +73,7 @@ public class Bootstrap Logger.msg("Bootstrap.run() - Initialising Server Item Workflow"); initServerItemWf(); - // register modules + Gateway.getModuleManager().setUser(systemAgents.get("system")); Gateway.getModuleManager().registerModules(); Logger.msg("Bootstrap.run() - Bootstrapping complete"); @@ -120,13 +122,13 @@ public class Bootstrap // Find or create Item for Resource DomainPath modDomPath = typeImpHandler.getPath(itemName, ns); ItemProxy thisProxy; - Enumeration en = Gateway.getLDAPLookup().search(typeImpHandler.getTypeRoot(), itemName); - if (!en.hasMoreElements()) { + Iterator en = Gateway.getLookup().search(typeImpHandler.getTypeRoot(), itemName); + if (!en.hasNext()) { Logger.msg("Bootstrap.verifyResource() - "+typeImpHandler.getName()+" "+itemName+" not found. Creating new."); thisProxy = createResourceItem(typeImpHandler, itemName, layer, ns); } else { - DomainPath path = (DomainPath)en.nextElement(); + DomainPath path = (DomainPath)en.next(); thisProxy = Gateway.getProxyManager().getProxy(path); // Verify module property and location @@ -160,8 +162,8 @@ public class Bootstrap Logger.msg("Module item "+itemName+" found with path "+path.toString()+". Moving to "+modDomPath.toString()); modDomPath.setEntity(new ItemPath(thisProxy.getSystemKey())); if (!modDomPath.exists()) - Gateway.getLDAPLookup().add(modDomPath); - Gateway.getLDAPLookup().delete(path); + Gateway.getLookup().add(modDomPath); + Gateway.getLookup().delete(path); } } @@ -261,12 +263,12 @@ public class Bootstrap } - ItemPath entityPath = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey(); + ItemPath entityPath = Gateway.getNextKeyManager().generateNextEntityKey(); Gateway.getCorbaServer().createEntity(entityPath); - Gateway.getLDAPLookup().add(entityPath); + Gateway.getLookup().add(entityPath); DomainPath newDomPath = impHandler.getPath(itemName, ns); newDomPath.setEntity(entityPath); - Gateway.getLDAPLookup().add(newDomPath); + Gateway.getLookup().add(newDomPath); ItemProxy newItemProxy = Gateway.getProxyManager().getProxy(entityPath); newItemProxy.initialise( 1, props, ca, null); return newItemProxy; @@ -277,9 +279,9 @@ public class Bootstrap **************************************************************************/ private static void checkAgent(String name, String pass, String role, boolean joblist) throws Exception { Logger.msg(1, "Bootstrap.checkAgent() - Checking for existence of '"+name+"' user."); - LDAPLookup lookup = Gateway.getLDAPLookup(); + Lookup lookup = Gateway.getLookup(); try { - lookup.getRoleManager().getAgentPath(name); + systemAgents.put(name, Gateway.getProxyManager().getAgentProxy(lookup.getAgentPath(name))); Logger.msg(3, "Bootstrap.checkAgent() - User '"+name+"' found."); return; } catch (ObjectNotFoundException ex) { } @@ -287,23 +289,24 @@ public class Bootstrap RolePath rolePath; try { - rolePath = lookup.getRoleManager().getRolePath(role); + rolePath = lookup.getRolePath(role); } catch (ObjectNotFoundException ex) { - rolePath = lookup.getRoleManager().createRole(role, joblist); + rolePath = lookup.createRole(role, joblist); } try { - ItemPath entityPath = lookup.getNextKeyManager().generateNextEntityKey(); + ItemPath entityPath = Gateway.getNextKeyManager().generateNextEntityKey(); AgentPath agentPath = new AgentPath(entityPath.getSysKey(), name); agentPath.setPassword(pass); Gateway.getCorbaServer().createEntity(agentPath); - Gateway.getLDAPLookup().add(agentPath); + Gateway.getLookup().add(agentPath); // assign admin role Logger.msg("Bootstrap.checkAgent() - Assigning role '"+role+"'"); rolePath.addAgent(agentPath); Gateway.getStorage().put(agentPath.getSysKey(), new Property("Name", name, true), null); Gateway.getStorage().put(agentPath.getSysKey(), new Property("Type", "Agent", false), null); + systemAgents.put(name, Gateway.getProxyManager().getAgentProxy(agentPath)); Logger.msg("Bootstrap.checkAgent() - Done"); } catch (Exception ex) { Logger.error("Unable to create "+name+" user."); @@ -335,11 +338,11 @@ public class Bootstrap serverEntity = thisServerPath.getEntity(); } catch (ObjectNotFoundException ex) { Logger.msg("Creating server item "+thisServerPath); - serverEntity = Gateway.getLDAPLookup().getNextKeyManager().generateNextEntityKey(); + serverEntity = Gateway.getNextKeyManager().generateNextEntityKey(); Gateway.getCorbaServer().createEntity(serverEntity); - Gateway.getLDAPLookup().add(serverEntity); + Gateway.getLookup().add(serverEntity); thisServerPath.setEntity(serverEntity); - Gateway.getLDAPLookup().add(thisServerPath); + Gateway.getLookup().add(thisServerPath); } Gateway.getStorage().put(serverEntity.getSysKey(), new Property("Name", serverName, false), null); Gateway.getStorage().put(serverEntity.getSysKey(), new Property("Type", "Server", false), null); @@ -359,7 +362,7 @@ public class Bootstrap PredefinedStepContainer predef = (PredefinedStepContainer)wf.search("workflow/predefined"); wf.getChildGraphModel().removeVertex(predef); wf.addChild(new ServerPredefinedStepContainer(), predef.getCentrePoint()); - wf.initialise(thisServerPath.getSysKey(), Gateway.getLDAPLookup().getRoleManager().getAgentPath("system")); + wf.initialise(thisServerPath.getSysKey(), systemAgents.get("system").getPath()); Gateway.getStorage().put(thisServerPath.getSysKey(), wf, null); } } diff --git a/src/main/java/com/c2kernel/process/ClientShell.java b/src/main/java/com/c2kernel/process/ClientShell.java index 6a620d8..b6afb2c 100644 --- a/src/main/java/com/c2kernel/process/ClientShell.java +++ b/src/main/java/com/c2kernel/process/ClientShell.java @@ -3,7 +3,7 @@ package com.c2kernel.process; import java.util.Scanner; import com.c2kernel.entity.proxy.AgentProxy; -import com.c2kernel.process.auth.Authenticator; +import com.c2kernel.process.auth.ProxyLogin; import com.c2kernel.scripting.Script; public class ClientShell extends StandardClient { @@ -40,7 +40,7 @@ public class ClientShell extends StandardClient { Gateway.init(readC2KArgs(args)); String authClassName = Gateway.getProperties().getProperty("cli.auth"); Class authClass = Gateway.getResource().getClassForName(authClassName); - Authenticator auth = (Authenticator)authClass.newInstance(); + ProxyLogin auth = (ProxyLogin)authClass.newInstance(); AgentProxy user = auth.authenticate(Gateway.getProperties().getProperty("Name")); ClientShell shell = new ClientShell(user); shell.run(); diff --git a/src/main/java/com/c2kernel/process/Gateway.java b/src/main/java/com/c2kernel/process/Gateway.java index 01cc202..836b34b 100644 --- a/src/main/java/com/c2kernel/process/Gateway.java +++ b/src/main/java/com/c2kernel/process/Gateway.java @@ -16,10 +16,11 @@ import com.c2kernel.entity.proxy.AgentProxy; import com.c2kernel.entity.proxy.ProxyManager; import com.c2kernel.entity.proxy.ProxyServer; import com.c2kernel.lookup.AgentPath; -import com.c2kernel.lookup.LDAPLookup; -import com.c2kernel.lookup.LDAPProperties; +import com.c2kernel.lookup.Lookup; import com.c2kernel.persistency.ClusterStorageException; +import com.c2kernel.persistency.NextKeyManager; import com.c2kernel.persistency.TransactionManager; +import com.c2kernel.process.auth.Authenticator; import com.c2kernel.process.module.ModuleManager; import com.c2kernel.process.resource.Resource; import com.c2kernel.process.resource.ResourceLoader; @@ -37,7 +38,7 @@ import com.c2kernel.utils.ObjectProperties; * * Child objects: *
    - *
  • LDAPLookup - Provides access to the CRISTAL directory. Find or + *
  • Lookup - Provides access to the CRISTAL directory. Find or * search for Items or Agents. *
  • EntityProxyManager - Gives a local proxy object for Entities found * in LDAP. Execute activities in Items, query or subscribe to Entity data. @@ -56,13 +57,13 @@ public class Gateway static private ModuleManager mModules; static private org.omg.CORBA.ORB mORB; static private boolean orbDestroyed = false; - static private LDAPLookup mLDAPLookup; + static private Lookup mLookup; + static private NextKeyManager mNextKeyManager; static private TransactionManager mStorage; static private ProxyManager mProxyManager; static private ProxyServer mProxyServer; static private CorbaServer mCorbaServer; static private CastorXMLUtility mMarshaller; - static private AgentProxy mCurrentUser = null; static private ResourceLoader mResource; @@ -71,7 +72,7 @@ public class Gateway /** * Initialises the Gateway and all of the client objects it holds, with - * the exception of the LDAPLookup, which is initialised during connect() + * the exception of the Lookup, which is initialised during connect() * * @param props - java.util.Properties containing all application properties. * If null, the java system properties are used @@ -83,7 +84,7 @@ public class Gateway /** * Initialises the Gateway and all of the client objects it holds, with - * the exception of the LDAPLookup, which is initialised during connect() + * the exception of the Lookup, which is initialised during connect() * * @param props - java.util.Properties containing all application properties. * If null, the java system properties are used @@ -135,9 +136,6 @@ public class Gateway Language.isTranlated=true; Language.mTableOfTranslation = FileStringUtility.loadLanguageFile(languageFile); } - - // if client, run module startup scripts. Otherwise bootstrap will do it after all imports - if (!AbstractMain.runningAsWrapper) mModules.runScripts("startup"); } /** @@ -149,9 +147,12 @@ public class Gateway */ static public void startServer() throws InvalidDataException { try { - // check top level LDAP contexts - mLDAPLookup.install(); + // check top level directory contexts + mLookup.initializeDirectory(); + // init next key manager + mNextKeyManager = (NextKeyManager)mC2KProps.getInstance("NextKeyManager"); + // start entity proxy server mProxyServer = new ProxyServer(mC2KProps.getProperty("ItemServer.name")); @@ -199,140 +200,59 @@ public class Gateway throws InvalidDataException, ClusterStorageException { - LDAPProperties ldapProps = new LDAPProperties(); - - if( ldapProps.mHost != null && ldapProps.mPort != null && - ldapProps.mUser != null && ldapProps.mPassword != null ) - { - try - { - mLDAPLookup = new LDAPLookup(ldapProps); - } - catch (Exception ex) - { - Logger.error(ex); - throw new InvalidDataException("Cannot authenticate. Name and/or password invalid.", ""); - } - } - else - { - Logger.error("LDAP properties not set for server login."); - throw new InvalidDataException("Cannot authenticate with LDAP.", ""); - } - - setup(); - } - - /** - * Authenticates a user and returns and AgentProxy on them without overriding the system LDAP context. - * Useful for handling multiple users in one context e.g. on a web server - * - * @param agentName - username - * @param agentPassword - password - * @return AgentProxy on that user - * @throws InvalidDataException - * @throws ObjectNotFoundException - */ - static public AgentProxy login(String agentName, String agentPassword) throws InvalidDataException, ObjectNotFoundException { - LDAPProperties ldapProps = new LDAPProperties(); - AgentPath agentPath; - try { - agentPath = mLDAPLookup.getRoleManager().getAgentPath(agentName); - } catch (Exception ex) { + try { + Authenticator auth = (Authenticator)mC2KProps.getInstance("Authenticator"); + auth.authenticate("System"); + + mLookup = (Lookup)mC2KProps.getInstance("Lookup"); + mLookup.open(auth); + + mStorage = new TransactionManager(); + mProxyManager = new ProxyManager(); + + } catch (Exception ex) { Logger.error(ex); - throw new ObjectNotFoundException("Could not resolve agent", ""); + throw new InvalidDataException("Cannot connect server process. Please check config.", ""); } - String agentDN = agentPath.getFullDN(); - ldapProps.mUser = agentDN; - ldapProps.mPassword = agentPassword; - try { - LDAPLookup.createConnection(ldapProps); - return (AgentProxy)getProxyManager().getProxy(mLDAPLookup.getRoleManager().getAgentPath(agentName)); - } catch (Exception ex) { - Logger.error(ex); - throw new InvalidDataException("Could not log in", ""); - } - } + } /** - * Logs into the LDAP server with the given username and password, and initialises the lookup. + * Logs in with the given username and password, and initialises the lookup, storage and proxy manager. * * @param agentName - username * @param agentPassword - password * @return an AgentProxy on the requested user * @throws InvalidDataException + * @throws ClusterStorageException + * @throws ClassNotFoundException + * @throws IllegalAccessException + * @throws InstantiationException */ - static public AgentProxy connect(String agentName, String agentPassword) - throws InvalidDataException, ObjectNotFoundException - { - - LDAPProperties ldapProps = new LDAPProperties(); - if (ldapProps.mHost!=null && ldapProps.mPort!= null && ldapProps.mLocalPath!=null ) - { - try { - ldapProps.mUser = ""; - ldapProps.mPassword = ""; - mLDAPLookup = new LDAPLookup(ldapProps); - String agentDN = mLDAPLookup.getRoleManager().getAgentPath(agentName).getFullDN(); - - //found agentDN, try to log in with it - ldapProps.mUser = agentDN; - ldapProps.mPassword = agentPassword; - mLDAPLookup = new LDAPLookup(ldapProps); - - // find agent proxy - AgentPath agentPath = mLDAPLookup.getRoleManager().getAgentPath(agentName); - - if (agentPath!=null) - { - setup(); - mCurrentUser = (AgentProxy) mProxyManager.getProxy(agentPath); - return mCurrentUser; - } - else - { - throw new InvalidDataException("The agentDN " +agentDN+ " is invalid.", ""); - } - } catch (ClusterStorageException e) { - throw new InvalidDataException(Language.translate("Error initialising storage")+Language.translate(". See log."), ""); - } catch (ObjectNotFoundException e) { - throw new ObjectNotFoundException(Language.translate("Invalid username/password"), ""); - } catch (Exception e) { - throw new InvalidDataException(Language.translate("Could not log in")+": "+Language.translate(e.getMessage()), ""); - } - - } - else - { - throw new InvalidDataException("Cannot log in. Some connection properties are not set.", ""); - } - - } - - /** - * @return the mCurrentUser - */ - public static AgentProxy getCurrentUser() { - return mCurrentUser; - } - - /** - * Initializes the storage and proxy manager, called during connect. - * - * @throws InvalidDataException - * @throws ClusterStorageException - */ - static private void setup() - throws InvalidDataException, - ClusterStorageException + static public AgentProxy connect(String agentName, String agentPassword, String resource) + throws InvalidDataException, ObjectNotFoundException, ClusterStorageException, InstantiationException, IllegalAccessException, ClassNotFoundException { + Authenticator auth = (Authenticator)mC2KProps.getInstance("Authenticator"); + if (!auth.authenticate(agentName, agentPassword, resource)) + throw new InvalidDataException("Login failed", ""); + + mLookup = (Lookup)mC2KProps.getInstance("Lookup"); + mLookup.open(auth); - // Init storages mStorage = new TransactionManager(); mProxyManager = new ProxyManager(); + // find agent proxy + AgentPath agentPath = mLookup.getAgentPath(agentName); + AgentProxy userProxy = (AgentProxy) mProxyManager.getProxy(agentPath); + userProxy.setAuthObj(auth); + + // Run module startup scripts. Server does this during bootstrap + mModules.setUser(userProxy); + mModules.runScripts("startup"); + + return userProxy; } /** @@ -354,9 +274,9 @@ public class Gateway mStorage = null; // disconnect from ldap - if (mLDAPLookup != null) - mLDAPLookup.disconnect(); - mLDAPLookup = null; + if (mLookup != null) + mLookup.close(); + mLookup = null; // shut down proxy manager & server if (mProxyServer != null) @@ -384,9 +304,9 @@ public class Gateway return mORB; } - static public LDAPLookup getLDAPLookup() + static public Lookup getLookup() { - return mLDAPLookup; + return mLookup; } static public CorbaServer getCorbaServer() @@ -461,5 +381,9 @@ public class Gateway } } + + public static NextKeyManager getNextKeyManager() { + return mNextKeyManager; + } } diff --git a/src/main/java/com/c2kernel/process/UserCodeProcess.java b/src/main/java/com/c2kernel/process/UserCodeProcess.java index 47742aa..0d35025 100644 --- a/src/main/java/com/c2kernel/process/UserCodeProcess.java +++ b/src/main/java/com/c2kernel/process/UserCodeProcess.java @@ -9,8 +9,8 @@ import com.c2kernel.common.InvalidTransitionException; import com.c2kernel.entity.C2KLocalObject; import com.c2kernel.entity.agent.Job; import com.c2kernel.entity.proxy.AgentProxy; -import com.c2kernel.entity.proxy.ProxyObserver; import com.c2kernel.entity.proxy.MemberSubscription; +import com.c2kernel.entity.proxy.ProxyObserver; import com.c2kernel.persistency.ClusterStorage; import com.c2kernel.scripting.ErrorInfo; import com.c2kernel.scripting.ScriptErrorException; @@ -38,12 +38,12 @@ public class UserCodeProcess extends StandardClient implements ProxyObserver errors = new HashMap(); HashMap jobs; - public UserCodeProcess(String agentName, String agentPass) { + public UserCodeProcess(String agentName, String agentPass, String resource) { // login - try for a while in case server hasn't imported our user yet for (int i=1;i<6;i++) { try { Logger.msg("Login attempt "+i+" of 5"); - agent = Gateway.connect(agentName, agentPass); + agent = Gateway.connect(agentName, agentPass, resource); break; } catch (Exception ex) { Logger.error("Could not log in."); @@ -209,7 +209,7 @@ public class UserCodeProcess extends StandardClient implements ProxyObserver modules = new ArrayList(); HashMap modulesXML = new HashMap(); Properties props = new Properties(); + AgentProxy user; boolean isServer; OutcomeValidator moduleValidator; @@ -110,6 +112,10 @@ public class ModuleManager { if (!allDepsPresent) Logger.die("Unmet module dependencies. Cannot continue"); } + public void setUser(AgentProxy user) { + this.user = user; + } + public String getModuleVersions() { StringBuffer ver = new StringBuffer(); for (Module thisMod : modules) { @@ -127,7 +133,7 @@ public class ModuleManager { public void runScripts(String event) { for (Module thisMod : modules) { try { - thisMod.runScript(event, isServer); + thisMod.runScript(event, user, isServer); } catch (ScriptingEngineException e) { Logger.error(e); Logger.die(e.getMessage()); @@ -152,7 +158,7 @@ public class ModuleManager { try { String nsReset = Gateway.getProperties().getProperty("Module."+thisMod.ns+".reset"); boolean thisReset = nsReset == null?reset:nsReset.equals("true"); - thisMod.importAll(serverEntity, modulesXML.get(thisMod.ns), thisReset); + thisMod.importAll(serverEntity, user, modulesXML.get(thisMod.ns), thisReset); } catch (Exception e) { Logger.error(e); throw new ModuleException("Error importing items for module "+thisMod.getName()); @@ -160,7 +166,7 @@ public class ModuleManager { Logger.msg("Module "+thisMod.getName()+" registered"); try { - thisMod.runScript("startup", true); + thisMod.runScript("startup", user, true); } catch (ScriptingEngineException e) { Logger.error(e); throw new ModuleException("Error in startup script for module "+thisMod.getName()); diff --git a/src/main/java/com/c2kernel/process/module/ModuleScript.java b/src/main/java/com/c2kernel/process/module/ModuleScript.java index beed6f9..f16f390 100644 --- a/src/main/java/com/c2kernel/process/module/ModuleScript.java +++ b/src/main/java/com/c2kernel/process/module/ModuleScript.java @@ -1,7 +1,6 @@ package com.c2kernel.process.module; import com.c2kernel.entity.proxy.AgentProxy; -import com.c2kernel.process.Gateway; import com.c2kernel.scripting.Script; import com.c2kernel.scripting.ScriptingEngineException; @@ -23,16 +22,8 @@ public class ModuleScript { this.script = script; } - public Script getScript(String ns) throws ScriptingEngineException { - AgentProxy user = Gateway.getCurrentUser(); - try { - if (user == null) user = (AgentProxy)Gateway.getProxyManager().getProxy( - Gateway.getLDAPLookup().getRoleManager().getAgentPath("system")); - } catch (Exception ex) { - throw new ScriptingEngineException("System agent unavailable"); - } + public Script getScript(String ns, AgentProxy user) throws ScriptingEngineException { return new Script(lang, ns+" "+target+" "+event, script, user); - } public boolean shouldRun(String event, boolean isServer) { -- cgit v1.2.3