Author: kwright
Date: Mon Sep 28 11:07:08 2015
New Revision: 1705656
URL: http://svn.apache.org/viewvc?rev=1705656&view=rev
Log:
Fix for CONNECTORS-1244.
Added:
manifoldcf/trunk/connectors/ldap/connector/src/main/resources/
- copied from r1705655,
manifoldcf/branches/CONNECTORS-1244/connectors/ldap/connector/src/main/resources/
Modified:
manifoldcf/trunk/ (props changed)
manifoldcf/trunk/CHANGES.txt
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties
Propchange: manifoldcf/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 28 11:07:08 2015
@@ -59,6 +59,7 @@
/manifoldcf/branches/CONNECTORS-1231:1703151-1703180
/manifoldcf/branches/CONNECTORS-1233:1697988-1701871
/manifoldcf/branches/CONNECTORS-1236:1702132-1702240
+/manifoldcf/branches/CONNECTORS-1244:1705272-1705655
/manifoldcf/branches/CONNECTORS-13:1525862-1527182,1539324-1541634
/manifoldcf/branches/CONNECTORS-470:1349741-1360750,1360808
/manifoldcf/branches/CONNECTORS-474:1349741-1353803
Modified: manifoldcf/trunk/CHANGES.txt
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/CHANGES.txt?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/CHANGES.txt (original)
+++ manifoldcf/trunk/CHANGES.txt Mon Sep 28 11:07:08 2015
@@ -3,6 +3,10 @@ $Id$
======================= 2.3-dev =====================
+CONNECTORS-1244: Add support for LDAPS and TLS to LDAP
+authority connector.
+(Karl Wright)
+
CONNECTORS-1234: Add use-mapper-attachments option
to Elasticsearch connector.
(Shinichiro Abe)
Modified:
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
---
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
(original)
+++
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
Mon Sep 28 11:07:08 2015
@@ -26,8 +26,11 @@ import javax.naming.directory.*;
import javax.naming.ldap.*;
import org.apache.manifoldcf.authorities.interfaces.*;
import org.apache.manifoldcf.authorities.system.ManifoldCF;
+import org.apache.manifoldcf.authorities.system.Logging;
import org.apache.manifoldcf.core.interfaces.*;
+import org.apache.manifoldcf.connectorcommon.interfaces.*;
import org.apache.manifoldcf.ui.util.Encoder;
+import org.apache.manifoldcf.core.common.LDAPSSLSocketFactory;
/**
* This is the Active Directory implementation of the IAuthorityConnector
@@ -44,35 +47,31 @@ public class LDAPAuthority extends org.a
* Session information for all DC's we talk with.
*/
private LdapContext session = null;
-
+ private StartTlsResponse tls = null;
+
private long sessionExpirationTime = -1L;
- private ConfigParams parameters;
+ //private ConfigParams parameters;
+ private String bindUser;
+ private String bindPass;
+ private String serverProtocol;
private String serverName;
-
private String serverPort;
-
private String serverBase;
-
private String userBase;
-
private String userSearch;
-
private String groupBase;
-
private String groupSearch;
-
private String groupNameAttr;
-
private boolean groupMemberDN;
-
private boolean addUserRecord;
-
private List<String> forcedTokens;
-
private String userNameAttr;
-
+ private String sslKeystoreData;
+
+ private IKeystoreManager sslKeystore;
+
private long responseLifetime = 60000L; //60sec
private int LRUsize = 1000;
@@ -106,13 +105,20 @@ public class LDAPAuthority extends org.a
@Override
public void connect(ConfigParams configParams) {
super.connect(configParams);
- parameters = configParams;
+ //parameters = configParams;
+
+ // Credentials
+ bindUser = configParams.getParameter("ldapBindUser");
+ bindPass = configParams.getObfuscatedParameter("ldapBindPass");
// We get the parameters here, so we can check them in case they are
missing
+ serverProtocol = configParams.getParameter("ldapProtocol");
serverName = configParams.getParameter("ldapServerName");
serverPort = configParams.getParameter("ldapServerPort");
serverBase = configParams.getParameter("ldapServerBase");
+ sslKeystoreData = configParams.getParameter("sslKeystore");
+
userBase = configParams.getParameter("ldapUserBase");
userSearch = configParams.getParameter("ldapUserSearch");
groupBase = configParams.getParameter("ldapGroupBase");
@@ -124,8 +130,8 @@ public class LDAPAuthority extends org.a
forcedTokens = new ArrayList<String>();
int i = 0;
- while (i < parameters.getChildCount()) {
- ConfigNode sn = parameters.getChild(i++);
+ while (i < configParams.getChildCount()) {
+ ConfigNode sn = configParams.getChild(i++);
if (sn.getType().equals("access")) {
String token = "" + sn.getAttributeValue("token");
forcedTokens.add(token);
@@ -141,58 +147,87 @@ public class LDAPAuthority extends org.a
*/
protected LdapContext getSession()
throws ManifoldCFException {
- if (serverName == null || serverName.length() == 0) {
- throw new ManifoldCFException("Server name parameter missing but
required");
- }
- if (serverPort == null || serverPort.length() == 0) {
- throw new ManifoldCFException("Server port parameter missing but
required");
- }
- if (serverBase == null) {
- throw new ManifoldCFException("Server base parameter missing but
required");
- }
- if (userBase == null) {
- throw new ManifoldCFException("User base parameter missing but
required");
- }
- if (userSearch == null || userSearch.length() == 0) {
- throw new ManifoldCFException("User search expression missing but
required");
- }
- if (groupBase == null) {
- throw new ManifoldCFException("Group base parameter missing but
required");
- }
- if (groupSearch == null || groupSearch.length() == 0) {
- throw new ManifoldCFException("Group search expression missing but
required");
- }
- if (groupNameAttr == null || groupNameAttr.length() == 0) {
- throw new ManifoldCFException("Group name attribute missing but
required");
- }
- if (userNameAttr == null || userNameAttr.length() == 0) {
- throw new ManifoldCFException("User name attribute missing but
required");
- }
-
- Hashtable env = new Hashtable();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.PROVIDER_URL, "ldap://"; + serverName + ":" + serverPort +
"/" + serverBase);
-
- //get bind credentials
- String bindUser = getParam(parameters, "ldapBindUser", "");
- String bindPass = "";
- try {
- bindPass = ManifoldCF.deobfuscate(getParam(parameters, "ldapBindPass",
""));
- } catch (ManifoldCFException ex) {
- if (!bindUser.isEmpty()) {
- Logger.getLogger(LDAPAuthority.class.getName()).log(Level.SEVERE,
"Deobfuscation error", ex);
- }
- }
- if (!bindUser.isEmpty()) {
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, bindUser);
- env.put(Context.SECURITY_CREDENTIALS, bindPass);
- }
try {
if (session == null) {
+ if (serverName == null || serverName.length() == 0) {
+ throw new ManifoldCFException("Server name parameter missing but
required");
+ }
+ if (serverPort == null || serverPort.length() == 0) {
+ throw new ManifoldCFException("Server port parameter missing but
required");
+ }
+ if (serverBase == null) {
+ throw new ManifoldCFException("Server base parameter missing but
required");
+ }
+ if (userBase == null) {
+ throw new ManifoldCFException("User base parameter missing but
required");
+ }
+ if (userSearch == null || userSearch.length() == 0) {
+ throw new ManifoldCFException("User search expression missing but
required");
+ }
+ if (groupBase == null) {
+ throw new ManifoldCFException("Group base parameter missing but
required");
+ }
+ if (groupSearch == null || groupSearch.length() == 0) {
+ throw new ManifoldCFException("Group search expression missing but
required");
+ }
+ if (groupNameAttr == null || groupNameAttr.length() == 0) {
+ throw new ManifoldCFException("Group name attribute missing but
required");
+ }
+ if (userNameAttr == null || userNameAttr.length() == 0) {
+ throw new ManifoldCFException("User name attribute missing but
required");
+ }
+
+ if (sslKeystoreData != null) {
+ sslKeystore = KeystoreManagerFactory.make("", sslKeystoreData);
+ } else {
+ sslKeystore = KeystoreManagerFactory.make("");
+ }
+
+ // Set thread local for keystore stuff
+ LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
+
+ final String protocolToUse;
+ final boolean useTls;
+ if (serverProtocol == null || serverProtocol.length() == 0) {
+ protocolToUse = "ldap";
+ useTls = false;
+ } else {
+ int plusIndex = serverProtocol.indexOf("+");
+ if (plusIndex == -1) {
+ plusIndex = serverProtocol.length();
+ useTls = false;
+ } else {
+ useTls = true;
+ }
+ protocolToUse = serverProtocol.substring(0,plusIndex);
+ }
+
+ final Hashtable env = new Hashtable();
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
+ env.put(Context.PROVIDER_URL, "ldap://"; + serverName + ":" +
serverPort + "/" + serverBase);
+ if (protocolToUse.equals("ldaps"))
+ env.put(Context.SECURITY_PROTOCOL, "ssl");
+
+ env.put("java.naming.ldap.factory.socket",
"org.apache.manifoldcf.core.common.LDAPSSLSocketFactory");
+
+ if (bindUser != null && !bindUser.isEmpty()) {
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, bindUser);
+ env.put(Context.SECURITY_CREDENTIALS, bindPass);
+ }
+
session = new InitialLdapContext(env, null);
+
+ if (useTls) {
+ // Start TLS
+ StartTlsResponse tls = (StartTlsResponse)
session.extendedOperation(new StartTlsRequest());
+ tls.negotiate(sslKeystore.getSecureSocketFactory());
+ }
+
} else {
+ // Set thread local for keystore stuff
+ LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
session.reconnect(null);
}
sessionExpirationTime = System.currentTimeMillis() + 300000L;
@@ -209,6 +244,14 @@ public class LDAPAuthority extends org.a
session = null;
sessionExpirationTime = -1L;
throw new ManifoldCFException("Naming error: " + e.getMessage(), e);
+ } catch (InterruptedIOException e) {
+ session = null;
+ sessionExpirationTime = -1L;
+ throw new ManifoldCFException(e.getMessage(),
ManifoldCFException.INTERRUPTED);
+ } catch (IOException e) {
+ session = null;
+ sessionExpirationTime = -1L;
+ throw new ManifoldCFException("IO error: " + e.getMessage(), e);
}
}
@@ -252,10 +295,15 @@ public class LDAPAuthority extends org.a
protected void disconnectSession() {
if (session != null) {
try {
+ if (tls != null)
+ tls.close();
session.close();
} catch (NamingException e) {
// Eat this error
+ } catch (IOException e) {
+ // Eat this error
}
+ tls = null;
session = null;
sessionExpirationTime = -1L;
}
@@ -280,6 +328,8 @@ public class LDAPAuthority extends org.a
groupNameAttr = null;
userNameAttr = null;
forcedTokens = null;
+ sslKeystoreData = null;
+ sslKeystore = null;
}
protected String createCacheConnectionString() {
@@ -443,117 +493,12 @@ public class LDAPAuthority extends org.a
@Override
public void outputConfigurationHeader(IThreadContext threadContext,
IHTTPOutput out, Locale locale, ConfigParams parameters, List<String> tabsArray)
throws ManifoldCFException, IOException {
- tabsArray.add(Messages.getString(locale, "LDAP.ForcedTokens"));
tabsArray.add(Messages.getString(locale, "LDAP.LDAP"));
- out.print(
- "<script type=\"text/javascript\">\n"
- + "<!--\n"
- + "function checkConfig() {\n"
- + " if (editconnection.ldapServerName.value.indexOf(\"/\") != -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerNameCannotIncludeSlash") + "\");\n"
- + " editconnection.ldapServerName.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerPort.value != \"\" &&
!isInteger(editconnection.ldapServerPort.value)) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerPortMustBeAnInteger") + "\");\n"
- + " editconnection.ldapServerPort.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerBase.value.indexOf(\"/\") != -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerBaseCannotIncludeSlash") + "\");\n"
- + " editconnection.ldapServerBase.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapUserSearch.value != \"\" &&
editconnection.ldapUserSearch.value.indexOf(\"{0}\") == -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.UserSearchMustIncludeSubstitution") + "\");\n"
- + " editconnection.ldapUserSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapGroupSearch.value != \"\" &&
editconnection.ldapGroupSearch.value.indexOf(\"{0}\") == -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.GroupSearchMustIncludeSubstitution") + "\");\n"
- + " editconnection.ldapGroupSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " return true;\n"
- + "}\n"
- + "\n"
- + "function checkConfigForSave() {\n"
- + " if (editconnection.ldapServerName.value == \"\") {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerNameCannotBeBlank") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapServerName.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerPort.value == \"\") {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerPortCannotBeBlank") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapServerPort.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapUserSearch.value == \"\") {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.UserSearchCannotBeBlank") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapUserSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapGroupSearch.value == \"\") {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.GroupSearchCannotBeBlank") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapGroupSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapGroupNameAttr.value == \"\") {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.GroupNameAttrCannotBeBlank") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapGroupNameAttr.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapUserSearch.value != \"\" &&
editconnection.ldapUserSearch.value.indexOf(\"{0}\") == -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.UserSearchMustIncludeSubstitution") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapUserSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapGroupSearch.value != \"\" &&
editconnection.ldapGroupSearch.value.indexOf(\"{0}\") == -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.GroupSearchMustIncludeSubstitution") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapGroupSearch.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerPort.value != \"\" &&
!isInteger(editconnection.ldapServerPort.value)) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerPortMustBeAnInteger") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapServerPort.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerName.value.indexOf(\"/\") != -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerNameCannotIncludeSlash") + "\");\n"
- + " SelectTab(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.LDAP") + "\");\n"
- + " editconnection.ldapServerName.focus();\n"
- + " return false;\n"
- + " }\n"
- + " if (editconnection.ldapServerBase.value.indexOf(\"/\") != -1) {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.ServerBaseCannotIncludeSlash") + "\");\n"
- + " editconnection.ldapServerBase.focus();\n"
- + " return false;\n"
- + " }\n"
- + " return true;\n"
- + "}\n"
- + "function SpecOp(n, opValue, anchorvalue) {\n"
- + " eval(\"editconnection.\"+n+\".value = \\\"\"+opValue+\"\\\"\");\n"
- + " postFormSetAnchor(anchorvalue);\n"
- + "}\n"
- + "function SpecAddToken(anchorvalue) {\n"
- + " if (editconnection.spectoken.value == \"\")\n"
- + " {\n"
- + " alert(\"" + Messages.getBodyJavascriptString(locale,
"LDAP.TypeInToken") + "\");\n"
- + " editconnection.spectoken.focus();\n"
- + " return;\n"
- + " }\n"
- + " SpecOp(\"accessop\",\"Add\",anchorvalue);\n"
- + "}\n"
- + "//-->\n"
- + "</script>\n");
+ tabsArray.add(Messages.getString(locale, "LDAP.ForcedTokens"));
+ final Map<String,Object> paramMap = new HashMap<String,Object>();
+ fillInLDAPTab(paramMap, out, parameters);
+ fillInForcedTokensTab(paramMap, out, parameters);
+ Messages.outputResourceWithVelocity(out, locale, "editConfiguration.js",
paramMap);
}
/**
@@ -572,182 +517,12 @@ public class LDAPAuthority extends org.a
@Override
public void outputConfigurationBody(IThreadContext threadContext,
IHTTPOutput out, Locale locale, ConfigParams parameters, String tabName)
throws ManifoldCFException, IOException {
- String fServerName = getParam(parameters, "ldapServerName", "");
- String fServerPort = getParam(parameters, "ldapServerPort", "389");
- String fServerBase = getParam(parameters, "ldapServerBase", "");
-
- String fUserBase = getParam(parameters, "ldapUserBase", "ou=People");
- String fUserSearch = getParam(parameters, "ldapUserSearch",
"(&(objectClass=inetOrgPerson)(uid={0}))");
- String fUserNameAttr = getParam(parameters, "ldapUserNameAttr", "uid");
- boolean fAddUserRecord = "1".equals(getParam(parameters,
"ldapAddUserRecord", ""));
-
- String fGroupBase = getParam(parameters, "ldapGroupBase", "ou=Groups");
- String fGroupSearch = getParam(parameters, "ldapGroupSearch",
"(&(objectClass=groupOfNames)(member={0}))");
- String fGroupNameAttr = getParam(parameters, "ldapGroupNameAttr", "cn");
- boolean fGroupMemberDN = "1".equals(getParam(parameters,
"ldapGroupMemberDn", ""));
-
- String fBindUser = getParam(parameters, "ldapBindUser", "");
- String fBindPass = "";
- try {
- fBindPass = ManifoldCF.deobfuscate(getParam(parameters, "ldapBindPass",
""));
- } catch (ManifoldCFException ex) {
- //ignore
- }
- fBindPass = out.mapPasswordToKey(fBindPass);
-
- if (tabName.equals(Messages.getString(locale, "LDAP.LDAP"))) {
- out.print(
- "<table class=\"displaytable\">\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.LDAPServerNameColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"32\"
name=\"ldapServerName\" value=\"" + Encoder.attributeEscape(fServerName) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.LDAPServerPortColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"5\"
name=\"ldapServerPort\" value=\"" + Encoder.attributeEscape(fServerPort) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.LDAPServerBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapServerBase\" value=\"" + Encoder.attributeEscape(fServerBase) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.LDAPBindUserColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapBindUser\" value=\"" + Encoder.attributeEscape(fBindUser) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.LDAPBindPasswordColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"password\" size=\"64\"
name=\"ldapBindPass\" value=\"" + Encoder.attributeEscape(fBindPass) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.UserSearchBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapUserBase\" value=\"" + Encoder.attributeEscape(fUserBase) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.UserSearchFilterColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapUserSearch\" value=\"" + Encoder.attributeEscape(fUserSearch) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.AddUserAuthColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"checkbox\" value=\"1\"
name=\"ldapAddUserRecord\" " + (fAddUserRecord ? "checked=\"true\"" : "") +
"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.UserNameAttrColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapUserNameAttr\" value=\"" + Encoder.attributeEscape(fUserNameAttr) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.GroupSearchBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapGroupBase\" value=\"" + Encoder.attributeEscape(fGroupBase) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.GroupSearchFilterColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapGroupSearch\" value=\"" + Encoder.attributeEscape(fGroupSearch) +
"\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.GroupNameAttributeColon") +
"</nobr></td>\n"
- + " <td class=\"value\"><input type=\"text\" size=\"64\"
name=\"ldapGroupNameAttr\" value=\"" + Encoder.attributeEscape(fGroupNameAttr)
+ "\"/></td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.GroupMemberDnColon") + "</nobr></td>\n"
- + " <td class=\"value\"><input type=\"checkbox\" value=\"1\"
name=\"ldapGroupMemberDn\" " + (fGroupMemberDN ? "checked=\"true\"" : "") +
"/></td>\n"
- + " </tr>\n"
- + "</table>\n");
- } else {
- out.print("<input type=\"hidden\" name=\"ldapServerName\" value=\"" +
Encoder.attributeEscape(fServerName) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapServerPort\" value=\"" +
Encoder.attributeEscape(fServerPort) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapServerBase\" value=\"" +
Encoder.attributeEscape(fServerBase) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapBindUser\" value=\"" +
Encoder.attributeEscape(fBindUser) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapBindPass\" value=\"" +
Encoder.attributeEscape(fBindPass) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapUserBase\" value=\"" +
Encoder.attributeEscape(fUserBase) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapUserSearch\" value=\"" +
Encoder.attributeEscape(fUserSearch) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapGroupBase\" value=\"" +
Encoder.attributeEscape(fGroupBase) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapGroupSearch\" value=\"" +
Encoder.attributeEscape(fGroupSearch) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapGroupNameAttr\" value=\"" +
Encoder.attributeEscape(fGroupNameAttr) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapUserNameAttr\" value=\"" +
Encoder.attributeEscape(fUserNameAttr) + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapAddUserRecord\" value=\"" +
(fAddUserRecord ? "1" : "0") + "\"/>\n");
- out.print("<input type=\"hidden\" name=\"ldapGroupMemberDn\" value=\"" +
(fGroupMemberDN ? "1" : "0") + "\"/>\n");
- }
-
- if (tabName.equals(Messages.getString(locale, "LDAP.ForcedTokens"))) {
- out.print(
- "<table class=\"displaytable\">\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr><td class=\"value\" colspan=\"2\">" +
Messages.getBodyString(locale, "LDAP.ForcedTokensDisclaimer") + "</td></tr>\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n");
-
- out.print(" <tr><td class=\"separator\"
colspan=\"2\"><hr/></td></tr>\n");
- // Go through forced ACL
- int i = 0;
- int k = 0;
- while (i < parameters.getChildCount()) {
- ConfigNode sn = parameters.getChild(i++);
- if (sn.getType().equals("access")) {
- String accessDescription = "_" + Integer.toString(k);
- String accessOpName = "accessop" + accessDescription;
- String token = sn.getAttributeValue("token");
- out.print(
- " <tr>\n"
- + " <td class=\"description\">\n"
- + " <input type=\"hidden\" name=\"" + accessOpName + "\"
value=\"\"/>\n"
- + " <input type=\"hidden\" name=\"" + "spectoken" +
accessDescription + "\" value=\"" + Encoder.attributeEscape(token) + "\"/>\n"
- + " <a name=\"" + "token_" + Integer.toString(k) + "\">\n"
- + " <input type=\"button\" value=\"" +
Messages.getAttributeString(locale, "LDAP.Delete") + "\"
onClick='Javascript:SpecOp(\"" + accessOpName + "\",\"Delete\",\"token_" +
Integer.toString(k) + "\")' alt=\"" + Messages.getAttributeString(locale,
"LDAP.DeleteToken") + Integer.toString(k) + "\"/>\n"
- + " </a> \n"
- + " </td>\n"
- + " <td class=\"value\">\n"
- + " " + Encoder.bodyEscape(token) + "\n"
- + " </td>\n"
- + " </tr>\n");
- k++;
- }
- }
- if (k == 0) {
- out.print(
- " <tr>\n"
- + " <td class=\"message\" colspan=\"2\">" +
Messages.getBodyString(locale, "LDAP.NoTokensPresent") + "</td>\n"
- + " </tr>\n");
- }
- out.print(
- " <tr><td class=\"lightseparator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr>\n"
- + " <td class=\"description\">\n"
- + " <input type=\"hidden\" name=\"tokencount\" value=\"" +
Integer.toString(k) + "\"/>\n"
- + " <input type=\"hidden\" name=\"accessop\" value=\"\"/>\n"
- + " <a name=\"" + "token_" + Integer.toString(k) + "\">\n"
- + " <input type=\"button\" value=\"" +
Messages.getAttributeString(locale, "LDAP.Add") + "\"
onClick='Javascript:SpecAddToken(\"token_" + Integer.toString(k + 1) + "\")'
alt=\"" + Messages.getAttributeString(locale, "LDAP.AddToken") + "\"/>\n"
- + " </a> \n"
- + " </td>\n"
- + " <td class=\"value\">\n"
- + " <input type=\"text\" size=\"30\" name=\"spectoken\"
value=\"\"/>\n"
- + " </td>\n"
- + " </tr>\n"
- + "</table>\n");
- } else {
- // Finally, go through forced ACL
- int i = 0;
- int k = 0;
- while (i < parameters.getChildCount()) {
- ConfigNode sn = parameters.getChild(i++);
- if (sn.getType().equals("access")) {
- String accessDescription = "_" + Integer.toString(k);
- String token = "" + sn.getAttributeValue("token");
- out.print(
- "<input type=\"hidden\" name=\"" + "spectoken" + accessDescription
+ "\" value=\"" + Encoder.attributeEscape(token) + "\"/>\n");
- k++;
- }
- }
- out.print("<input type=\"hidden\" name=\"tokencount\" value=\"" +
Integer.toString(k) + "\"/>\n");
- }
- }
-
- private String getParam(ConfigParams parameters, String name, String def) {
- return parameters.getParameter(name) != null ?
parameters.getParameter(name) : def;
- }
-
- private String getViewParam(ConfigParams parameters, String name) {
- return parameters.getParameter(name) != null ?
parameters.getParameter(name) : "";
+ final Map<String,Object> paramMap = new HashMap<String,Object>();
+ paramMap.put("TabName",tabName);
+ fillInLDAPTab(paramMap, out, parameters);
+ fillInForcedTokensTab(paramMap, out, parameters);
+ Messages.outputResourceWithVelocity(out, locale,
"editConfiguration_LDAP.html", paramMap);
+ Messages.outputResourceWithVelocity(out, locale,
"editConfiguration_ForcedTokens.html", paramMap);
}
private boolean copyParam(IPostParameters variableContext, ConfigParams
parameters, String name) {
@@ -759,13 +534,12 @@ public class LDAPAuthority extends org.a
return true;
}
- private boolean copyParam(IPostParameters variableContext, ConfigParams
parameters, String name, String def) {
+ private void copyParam(IPostParameters variableContext, ConfigParams
parameters, String name, String def) {
String val = variableContext.getParameter(name);
if (val == null) {
val = def;
}
parameters.setParameter(name, val);
- return true;
}
/**
@@ -787,6 +561,7 @@ public class LDAPAuthority extends org.a
@Override
public String processConfigurationPost(IThreadContext threadContext,
IPostParameters variableContext, Locale locale, ConfigParams parameters)
throws ManifoldCFException {
+ copyParam(variableContext, parameters, "ldapProtocol");
copyParam(variableContext, parameters, "ldapServerName");
copyParam(variableContext, parameters, "ldapServerPort");
copyParam(variableContext, parameters, "ldapServerBase");
@@ -801,12 +576,12 @@ public class LDAPAuthority extends org.a
copyParam(variableContext, parameters, "ldapAddUserRecord", "0");
//checkbox boolean value
copyParam(variableContext, parameters, "ldapBindUser");
- String bindPass = variableContext.getParameter("ldapBindPass");
+ final String bindPass = variableContext.getParameter("ldapBindPass");
if (bindPass != null) {
parameters.setObfuscatedParameter("ldapBindPass",
variableContext.mapKeyToPassword(bindPass));
}
- String xc = variableContext.getParameter("tokencount");
+ final String xc = variableContext.getParameter("tokencount");
if (xc != null) {
// Delete all tokens first
int i = 0;
@@ -819,13 +594,13 @@ public class LDAPAuthority extends org.a
}
}
- int accessCount = Integer.parseInt(xc);
+ final int accessCount = Integer.parseInt(xc);
i = 0;
while (i < accessCount) {
- String accessDescription = "_" + Integer.toString(i);
- String accessOpName = "accessop" + accessDescription;
- xc = variableContext.getParameter(accessOpName);
- if (xc != null && xc.equals("Delete")) {
+ final String accessDescription = "_" + Integer.toString(i);
+ final String accessOpName = "accessop" + accessDescription;
+ final String command = variableContext.getParameter(accessOpName);
+ if (command != null && command.equals("Delete")) {
// Next row
i++;
continue;
@@ -847,6 +622,62 @@ public class LDAPAuthority extends org.a
}
}
+ String sslKeystoreValue = variableContext.getParameter("sslkeystoredata");
+ final String sslConfigOp = variableContext.getParameter("sslconfigop");
+ if (sslConfigOp != null)
+ {
+ if (sslConfigOp.equals("Delete"))
+ {
+ final String alias = variableContext.getParameter("sslkeystorealias");
+ final IKeystoreManager mgr;
+ if (sslKeystoreValue != null)
+ mgr = KeystoreManagerFactory.make("",sslKeystoreValue);
+ else
+ mgr = KeystoreManagerFactory.make("");
+ mgr.remove(alias);
+ sslKeystoreValue = mgr.getString();
+ }
+ else if (sslConfigOp.equals("Add"))
+ {
+ String alias = IDFactory.make(threadContext);
+ byte[] certificateValue =
variableContext.getBinaryBytes("sslcertificate");
+ final IKeystoreManager mgr;
+ if (sslKeystoreValue != null)
+ mgr = KeystoreManagerFactory.make("",sslKeystoreValue);
+ else
+ mgr = KeystoreManagerFactory.make("");
+ java.io.InputStream is = new
java.io.ByteArrayInputStream(certificateValue);
+ String certError = null;
+ try
+ {
+ mgr.importCertificate(alias,is);
+ }
+ catch (Throwable e)
+ {
+ certError = e.getMessage();
+ }
+ finally
+ {
+ try
+ {
+ is.close();
+ }
+ catch (IOException e)
+ {
+ // Eat this exception
+ }
+ }
+
+ if (certError != null)
+ {
+ return "Illegal certificate: "+certError;
+ }
+ sslKeystoreValue = mgr.getString();
+ }
+ }
+ if (sslKeystoreValue != null)
+ parameters.setParameter("sslkeystore",sslKeystoreValue);
+
return null;
}
@@ -865,110 +696,92 @@ public class LDAPAuthority extends org.a
@Override
public void viewConfiguration(IThreadContext threadContext, IHTTPOutput out,
Locale locale, ConfigParams parameters)
throws ManifoldCFException, IOException {
- String f_serverName = getViewParam(parameters, "ldapServerName");
- String f_serverPort = getViewParam(parameters, "ldapServerPort");
- String f_serverBase = getViewParam(parameters, "ldapServerBase");
- String f_bindUser = getViewParam(parameters, "ldapBindUser");
-
- String f_userBase = getViewParam(parameters, "ldapUserBase");
- String f_userSearch = getViewParam(parameters, "ldapUserSearch");
- String f_groupBase = getViewParam(parameters, "ldapGroupBase");
- String f_groupSearch = getViewParam(parameters, "ldapGroupSearch");
- String f_groupNameAttr = getViewParam(parameters, "ldapGroupNameAttr");
-
- String f_userNameAttr = getViewParam(parameters, "ldapUserNameAttr");
- boolean f_groupMemberDN = "1".equals(getViewParam(parameters,
"ldapGroupMemberDn"));
- boolean f_addUserRecord = "1".equals(getViewParam(parameters,
"ldapAddUserRecord"));
-
- out.print(
- "<table class=\"displaytable\">\n"
- + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.LDAPServerNameColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_serverName) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.LDAPServerPortColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_serverPort) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.LDAPServerBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_serverBase) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.LDAPBindUserColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_bindUser) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.LDAPBindPasswordColon") + "</nobr></td>\n"
- + " <td class=\"value\">*******</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.UserSearchBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_userBase) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.UserSearchFilterColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_userSearch) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.AddUserAuthColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + (f_addUserRecord ? "Y" : "N") + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.UserNameAttrColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_userNameAttr) +
"</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.GroupSearchBaseColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_groupBase) + "</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.GroupSearchFilterColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_groupSearch) +
"</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.GroupNameAttributeColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + Encoder.bodyEscape(f_groupNameAttr) +
"</td>\n"
- + " </tr>\n"
- + " <tr>\n"
- + " <td class=\"description\"><nobr>" + Messages.getBodyString(locale,
"LDAP.GroupMemberDnColon") + "</nobr></td>\n"
- + " <td class=\"value\">" + (f_groupMemberDN ? "Y" : "N") + "</td>\n"
- + " </tr>\n");
-
- out.print(" <tr><td class=\"separator\" colspan=\"4\"><hr/></td></tr>\n");
- boolean seenAny = false;
- int i;
-
- // Go through looking for access tokens
- i = 0;
- while (i < parameters.getChildCount()) {
- ConfigNode sn = parameters.getChild(i++);
+ final Map<String,Object> paramMap = new HashMap<String,Object>();
+ fillInLDAPTab(paramMap, out, parameters);
+ fillInForcedTokensTab(paramMap, out, parameters);
+ Messages.outputResourceWithVelocity(out, locale, "viewConfiguration.html",
paramMap);
+ }
+
+ // Protected methods
+
+ private static String getParam(final ConfigParams parameters, final String
name, final String def) {
+ String rval = parameters.getParameter(name);
+ return rval != null ? rval : def;
+ }
+
+ /** Fill in ForcedTokens tab */
+ protected static void fillInForcedTokensTab(Map<String,Object>
velocityContext, IHTTPOutput out, ConfigParams parameters)
+ {
+ final List<String> forcedTokenList = new ArrayList<String>();
+ for (int i = 0; i < parameters.getChildCount(); i++) {
+ final ConfigNode sn = parameters.getChild(i);
if (sn.getType().equals("access")) {
- if (seenAny == false) {
- out.print(
- " <tr>\n"
- + " <td class=\"description\"><nobr>" +
Messages.getBodyString(locale, "LDAP.ForcedTokensColon") + "</nobr></td>\n"
- + " <td class=\"value\">\n");
- seenAny = true;
- }
- String token = sn.getAttributeValue("token");
- out.print(Encoder.bodyEscape(token) + "<br/>\n");
+ forcedTokenList.add(sn.getAttributeValue("token"));
}
}
+ velocityContext.put("FORCEDTOKENS", forcedTokenList);
+ }
+
+ /** Fill in LDAP tab */
+ protected static void fillInLDAPTab(Map<String,Object> velocityContext,
IHTTPOutput out, ConfigParams parameters)
+ {
+ velocityContext.put("FSERVERPROTOCOL", getParam(parameters,
"ldapProtocol", "ldap"));
+ velocityContext.put("FSERVERNAME", getParam(parameters, "ldapServerName",
""));
+ velocityContext.put("FSERVERPORT", getParam(parameters, "ldapServerPort",
"389"));
+ velocityContext.put("FSERVERBASE", getParam(parameters, "ldapServerBase",
""));
+ String sslKeystoreData = parameters.getParameter("sslkeystore");
+ if (sslKeystoreData != null)
+ velocityContext.put("SSLKEYSTOREDATA", sslKeystoreData);
+ velocityContext.put("FUSERBASE", getParam(parameters, "ldapUserBase",
"ou=People"));
+ velocityContext.put("FUSERSEARCH", getParam(parameters, "ldapUserSearch",
"(&(objectClass=inetOrgPerson)(uid={0}))"));
+ velocityContext.put("FUSERNAMEATTR", getParam(parameters,
"ldapUserNameAttr", "uid"));
+ velocityContext.put("FADDUSERRECORD", getParam(parameters,
"ldapAddUserRecord", ""));
+ velocityContext.put("FGROUPBASE", getParam(parameters, "ldapGroupBase",
"ou=Groups"));
+ velocityContext.put("FGROUPSEARCH", getParam(parameters,
"ldapGroupSearch", "(&(objectClass=groupOfNames)(member={0}))"));
+ velocityContext.put("FGROUPNAMEATTR", getParam(parameters,
"ldapGroupNameAttr", "cn"));
+ velocityContext.put("FGROUPMEMBERDN", getParam(parameters,
"ldapGroupMemberDn", ""));
+ velocityContext.put("FBINDUSER", getParam(parameters, "ldapBindUser", ""));
+ String fBindPass = parameters.getObfuscatedParameter("ldapBindPass");
+ if (fBindPass == null)
+ fBindPass = "";
+ else
+ fBindPass = out.mapPasswordToKey(fBindPass);
+ velocityContext.put("FBINDPASS", fBindPass);
+
+ Map<String,String> sslCertificatesMap = null;
+ String message = null;
- if (seenAny) {
- out.print(
- " </td>\n"
- + " </tr>\n");
- } else {
- out.print(
- " <tr><td class=\"message\" colspan=\"4\"><nobr>" +
Messages.getBodyString(locale, "LDAP.NoTokensSpecified") +
"</nobr></td></tr>\n");
+ try {
+ final IKeystoreManager localSslKeystore;
+ if (sslKeystoreData == null)
+ localSslKeystore = KeystoreManagerFactory.make("");
+ else
+ localSslKeystore = KeystoreManagerFactory.make("",sslKeystoreData);
+
+ // List the individual certificates in the store, with a delete button
for each
+ final String[] contents = localSslKeystore.getContents();
+ if (contents.length > 0)
+ {
+ sslCertificatesMap = new HashMap<>();
+ for (final String alias : contents)
+ {
+ String description = localSslKeystore.getDescription(alias);
+ if (description.length() > 128)
+ description = description.substring(0,125) + "...";
+ sslCertificatesMap.put(alias, description);
+ }
+ }
+ } catch (ManifoldCFException e) {
+ message = e.getMessage();
+
org.apache.manifoldcf.authorities.system.Logging.authorityConnectors.warn(e);
}
- out.print("</table>\n");
+
+ if(sslCertificatesMap != null)
+ velocityContext.put("SSLCERTIFICATESMAP", sslCertificatesMap);
+ if(message != null)
+ velocityContext.put("MESSAGE", message);
}
- // Protected methods
/**
* Obtain the user LDAP record for a given user logon name.
*
Modified:
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
---
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
(original)
+++
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
Mon Sep 28 11:07:08 2015
@@ -48,3 +48,14 @@ LDAP.GroupSearchMustIncludeSubstitution=
LDAP.ServerPortMustBeAnInteger=Server port must be an integer
LDAP.ServerNameCannotIncludeSlash=Server name cannot include "/" character
LDAP.ServerBaseCannotIncludeSlash=Server base cannot include "/" character
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:
+
Modified:
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
---
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
(original)
+++
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.TypeInToken=Token cannot be empty
LDAP.NoTokensSpecified=No tokens specified
LDAP.NoTokensPresent=No tokens specified
LDAP.ForcedTokensDisclaimer=Forced tokens are meant to enrich results with
common tokens explicitly handled by authorization center, like "Everyone". Use
with extreme attention as this mechanism can grant privileges to every user
outside authorization directory!
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:
Modified:
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
---
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
(original)
+++
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.GroupSearchMustIncludeSubstitution=
LDAP.ServerPortMustBeAnInteger=Port musi byÄ liczbÄ
caÅkowitÄ
LDAP.ServerNameCannotIncludeSlash=Nazwa serwera nie może zawieraÄ znaku "/"
LDAP.ServerBaseCannotIncludeSlash=Baza DN nie może zawieraÄ znaku "/"
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:
Modified:
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties
URL:
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
---
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties
(original)
+++
manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties
Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.TypeInToken=令çä¸è�
LDAP.NoTokensSpecified=令çæªæå®
LDAP.NoTokensPresent=令çä¸åå¨
LDAP.ForcedTokensDisclaimer=强å¶ä»¤çæ¯ä¸ºäºå
å®ç±ææä¸å¿æç¡®å¤ççé常令çå¦âEveryoneâçç»æã使ç¨æ¶è¦ç¹å«æ³¨æï¼å
为è¿ç§æºå¶å¯ä»¥æäºæéç»ææç®å½å¤çæ¯ä¸ä¸ªç¨æ·!
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:
