Changeset 339:f018669698a8

Timestamp:

09/16/11 20:35:43 (5 months ago)

Author:

xeraph

Branch:

default

Convert:

svn:7c3792e6-d75b-4784-96a6-b298f655ee64/trunk@2773

Message:

added admin login access control by remote ip.

Location:

kraken-dom

Files:

• pom.xml (modified) (1 diff)
• src/main/java/org/krakenapps/dom/api/impl/AdminApiImpl.java (modified) (5 diffs)
• src/main/java/org/krakenapps/dom/exception/AccessControlException.java (added)
• src/main/java/org/krakenapps/dom/exception/InvalidOtpPasswordException.java (modified) (1 diff)
• src/main/java/org/krakenapps/dom/exception/LoginFailedException.java (modified) (1 diff)
• src/main/java/org/krakenapps/dom/exception/MaxSessionException.java (modified) (1 diff)

kraken-dom/pom.xml

@@ -11 +11 @@
         <groupId>org.krakenapps</groupId>
         <artifactId>kraken-dom</artifactId>
-        <version>1.2.16</version>
+        <version>1.2.17</version>
         <packaging>bundle</packaging>
         <name>Kraken DOM</name>

kraken-dom/src/main/java/org/krakenapps/dom/api/impl/AdminApiImpl.java

@@ -37 +37 @@
 import org.krakenapps.dom.api.OtpApi;
 import org.krakenapps.dom.api.UserExtensionProvider;
+import org.krakenapps.dom.exception.AccessControlException;
 import org.krakenapps.dom.exception.AdminLockedException;
 import org.krakenapps.dom.exception.CannotRemoveRequestingAdminException;
@@ -79 +80 @@
         public Admin login(Session session, String nick, String hash, boolean force) throws LoginFailedException {
                 Admin admin = getAdmin(nick, session);
+
+                // check acl (trust host)
+                checkAcl(session, admin);
+
+                // check password
                 String password = null;
-
                 if (otpApi != null && admin.isUseOtp())
                         password = Sha1.hash(otpApi.getOtpValue(admin.getOtpSeed()));
@@ -87 +92 @@
 
                 if (hash.equals(Sha1.hash(password + session.getString("nonce")))) {
-                        OrganizationParameter param = orgParamApi.getOrganizationParameter(admin.getUser().getOrganization()
-                                        .getId(), "max_sessions");
+                        OrganizationParameter param = orgParamApi.getOrganizationParameter(admin.getUser().getOrganization().getId(),
+                                        "max_sessions");
                         if (param != null) {
                                 try {
@@ -111 +116 @@
                         for (LoginCallback callback : callbacks)
                                 callback.onLoginSuccess(admin, session);
-                        loggedIn.add(new LoggedInAdmin(admin.getRole().getLevel(), new Date(), session, admin.getUser()
-                                        .getLoginName()));
+                        loggedIn.add(new LoggedInAdmin(admin.getRole().getLevel(), new Date(), session, admin.getUser().getLoginName()));
                         return admin;
                 } else {
@@ -122 +126 @@
                         else
                                 throw new InvalidPasswordException();
+                }
+        }
+
+        private void checkAcl(Session session, Admin admin) {
+                if (admin.isUseAcl()) {
+                        boolean found = false;
+                        String remote = session.getRemoteAddress().getHostAddress();
+
+                        for (AdminTrustHost h : admin.getTrustHosts())
+                                if (h.getIp() != null && h.getIp().equals(remote))
+                                        found = true;
+
+                        if (!found) {
+                                updateLoginFailures(admin, false);
+                                throw new AccessControlException();
+                        }
                 }
         }

kraken-dom/src/main/java/org/krakenapps/dom/exception/InvalidOtpPasswordException.java

@@ +1 @@
+/*
+ * Copyright 2011 Future Systems, Inc.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.krakenapps.dom.exception;
 

kraken-dom/src/main/java/org/krakenapps/dom/exception/LoginFailedException.java

@@ +1 @@
+/*
+ * Copyright 2011 Future Systems, Inc.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.krakenapps.dom.exception;
 

kraken-dom/src/main/java/org/krakenapps/dom/exception/MaxSessionException.java

@@ +1 @@
+/*
+ * Copyright 2011 Future Systems, Inc.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.krakenapps.dom.exception;