Search in sources :

Example 1 with InMemoryDirectoryServerConfig

use of com.unboundid.ldap.listener.InMemoryDirectoryServerConfig in project gitblit by gitblit.

the class GitBlitServer method start.

/**
	 * Start Gitblit GO.
	 */
protected final void start(Params params) {
    final File baseFolder = getBaseFolder(params);
    FileSettings settings = params.FILESETTINGS;
    if (!StringUtils.isEmpty(params.settingsfile)) {
        if (new File(params.settingsfile).exists()) {
            settings = new FileSettings(params.settingsfile);
        }
    }
    if (params.dailyLogFile) {
        // Configure log4j for daily log file generation
        InputStream is = null;
        try {
            is = getClass().getResourceAsStream("/log4j.properties");
            Properties loggingProperties = new Properties();
            loggingProperties.load(is);
            loggingProperties.put("log4j.appender.R.File", new File(baseFolder, "logs/gitblit.log").getAbsolutePath());
            loggingProperties.put("log4j.rootCategory", "INFO, R");
            if (settings.getBoolean(Keys.web.debugMode, false)) {
                loggingProperties.put("log4j.logger.com.gitblit", "DEBUG");
            }
            PropertyConfigurator.configure(loggingProperties);
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                if (is != null) {
                    is.close();
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
    logger = LoggerFactory.getLogger(GitBlitServer.class);
    logger.info("\n" + Constants.getASCIIArt());
    System.setProperty("java.awt.headless", "true");
    String osname = System.getProperty("os.name");
    String osversion = System.getProperty("os.version");
    logger.info("Running on " + osname + " (" + osversion + ")");
    QueuedThreadPool threadPool = new QueuedThreadPool();
    int maxThreads = settings.getInteger(Keys.server.threadPoolSize, 50);
    if (maxThreads > 0) {
        threadPool.setMaxThreads(maxThreads);
    }
    Server server = new Server(threadPool);
    server.setStopAtShutdown(true);
    // conditionally configure the https connector
    if (params.securePort > 0) {
        File certificatesConf = new File(baseFolder, X509Utils.CA_CONFIG);
        File serverKeyStore = new File(baseFolder, X509Utils.SERVER_KEY_STORE);
        File serverTrustStore = new File(baseFolder, X509Utils.SERVER_TRUST_STORE);
        File caRevocationList = new File(baseFolder, X509Utils.CA_REVOCATION_LIST);
        // generate CA & web certificates, create certificate stores
        X509Metadata metadata = new X509Metadata("localhost", params.storePassword);
        // set default certificate values from config file
        if (certificatesConf.exists()) {
            FileBasedConfig config = new FileBasedConfig(certificatesConf, FS.detect());
            try {
                config.load();
            } catch (Exception e) {
                logger.error("Error parsing " + certificatesConf, e);
            }
            NewCertificateConfig certificateConfig = NewCertificateConfig.KEY.parse(config);
            certificateConfig.update(metadata);
        }
        metadata.notAfter = new Date(System.currentTimeMillis() + 10 * TimeUtils.ONEYEAR);
        X509Utils.prepareX509Infrastructure(metadata, baseFolder, new X509Log() {

            @Override
            public void log(String message) {
                BufferedWriter writer = null;
                try {
                    writer = new BufferedWriter(new FileWriter(new File(baseFolder, X509Utils.CERTS + File.separator + "log.txt"), true));
                    writer.write(MessageFormat.format("{0,date,yyyy-MM-dd HH:mm}: {1}", new Date(), message));
                    writer.newLine();
                    writer.flush();
                } catch (Exception e) {
                    LoggerFactory.getLogger(GitblitAuthority.class).error("Failed to append log entry!", e);
                } finally {
                    if (writer != null) {
                        try {
                            writer.close();
                        } catch (IOException e) {
                        }
                    }
                }
            }
        });
        if (serverKeyStore.exists()) {
            /*
				 * HTTPS
				 */
            logger.info("Setting up HTTPS transport on port " + params.securePort);
            GitblitSslContextFactory factory = new GitblitSslContextFactory(params.alias, serverKeyStore, serverTrustStore, params.storePassword, caRevocationList);
            if (params.requireClientCertificates) {
                factory.setNeedClientAuth(true);
            } else {
                factory.setWantClientAuth(true);
            }
            ServerConnector connector = new ServerConnector(server, factory);
            connector.setSoLingerTime(-1);
            connector.setIdleTimeout(30000);
            connector.setPort(params.securePort);
            String bindInterface = settings.getString(Keys.server.httpsBindInterface, null);
            if (!StringUtils.isEmpty(bindInterface)) {
                logger.warn(MessageFormat.format("Binding HTTPS transport on port {0,number,0} to {1}", params.securePort, bindInterface));
                connector.setHost(bindInterface);
            }
            if (params.securePort < 1024 && !isWindows()) {
                logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
            }
            server.addConnector(connector);
        } else {
            logger.warn("Failed to find or load Keystore?");
            logger.warn("HTTPS transport DISABLED.");
        }
    }
    // conditionally configure the http transport
    if (params.port > 0) {
        /*
			 * HTTP
			 */
        logger.info("Setting up HTTP transport on port " + params.port);
        HttpConfiguration httpConfig = new HttpConfiguration();
        if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
            httpConfig.setSecureScheme("https");
            httpConfig.setSecurePort(params.securePort);
        }
        httpConfig.setSendServerVersion(false);
        httpConfig.setSendDateHeader(false);
        ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
        connector.setSoLingerTime(-1);
        connector.setIdleTimeout(30000);
        connector.setPort(params.port);
        String bindInterface = settings.getString(Keys.server.httpBindInterface, null);
        if (!StringUtils.isEmpty(bindInterface)) {
            logger.warn(MessageFormat.format("Binding HTTP transport on port {0,number,0} to {1}", params.port, bindInterface));
            connector.setHost(bindInterface);
        }
        if (params.port < 1024 && !isWindows()) {
            logger.warn("Gitblit needs to run with ROOT permissions for ports < 1024!");
        }
        server.addConnector(connector);
    }
    // tempDir is where the embedded Gitblit web application is expanded and
    // where Jetty creates any necessary temporary files
    File tempDir = com.gitblit.utils.FileUtils.resolveParameter(Constants.baseFolder$, baseFolder, params.temp);
    if (tempDir.exists()) {
        try {
            FileUtils.delete(tempDir, FileUtils.RECURSIVE | FileUtils.RETRY);
        } catch (IOException x) {
            logger.warn("Failed to delete temp dir " + tempDir.getAbsolutePath(), x);
        }
    }
    if (!tempDir.mkdirs()) {
        logger.warn("Failed to create temp dir " + tempDir.getAbsolutePath());
    }
    // Get the execution path of this class
    // We use this to set the WAR path.
    ProtectionDomain protectionDomain = GitBlitServer.class.getProtectionDomain();
    URL location = protectionDomain.getCodeSource().getLocation();
    // Root WebApp Context
    WebAppContext rootContext = new WebAppContext();
    rootContext.setContextPath(settings.getString(Keys.server.contextPath, "/"));
    rootContext.setServer(server);
    rootContext.setWar(location.toExternalForm());
    rootContext.setTempDirectory(tempDir);
    // Set cookies HttpOnly so they are not accessible to JavaScript engines
    HashSessionManager sessionManager = new HashSessionManager();
    sessionManager.setHttpOnly(true);
    // Use secure cookies if only serving https
    sessionManager.setSecureRequestOnly((params.port <= 0 && params.securePort > 0) || (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)));
    rootContext.getSessionHandler().setSessionManager(sessionManager);
    // Ensure there is a defined User Service
    String realmUsers = params.userService;
    if (StringUtils.isEmpty(realmUsers)) {
        logger.error(MessageFormat.format("PLEASE SPECIFY {0}!!", Keys.realm.userService));
        return;
    }
    // Override settings from the command-line
    settings.overrideSetting(Keys.realm.userService, params.userService);
    settings.overrideSetting(Keys.git.repositoriesFolder, params.repositoriesFolder);
    settings.overrideSetting(Keys.git.daemonPort, params.gitPort);
    settings.overrideSetting(Keys.git.sshPort, params.sshPort);
    // Start up an in-memory LDAP server, if configured
    try {
        if (!StringUtils.isEmpty(params.ldapLdifFile)) {
            File ldifFile = new File(params.ldapLdifFile);
            if (ldifFile != null && ldifFile.exists()) {
                URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
                String firstLine = new Scanner(ldifFile).nextLine();
                String rootDN = firstLine.substring(4);
                String bindUserName = settings.getString(Keys.realm.ldap.username, "");
                String bindPassword = settings.getString(Keys.realm.ldap.password, "");
                // Get the port
                int port = ldapUrl.getPort();
                if (port == -1)
                    port = 389;
                InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(rootDN);
                config.addAdditionalBindCredentials(bindUserName, bindPassword);
                config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("default", port));
                config.setSchema(null);
                InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
                ds.importFromLDIF(true, new LDIFReader(ldifFile));
                ds.startListening();
                logger.info("LDAP Server started at ldap://localhost:" + port);
            }
        }
    } catch (Exception e) {
        // Completely optional, just show a warning
        logger.warn("Unable to start LDAP server", e);
    }
    // Set the server's contexts
    server.setHandler(rootContext);
    // redirect HTTP requests to HTTPS
    if (params.port > 0 && params.securePort > 0 && settings.getBoolean(Keys.server.redirectToHttpsPort, true)) {
        logger.info(String.format("Configuring automatic http(%1$s) -> https(%2$s) redirects", params.port, params.securePort));
        // Create the internal mechanisms to handle secure connections and redirects
        Constraint constraint = new Constraint();
        constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
        ConstraintMapping cm = new ConstraintMapping();
        cm.setConstraint(constraint);
        cm.setPathSpec("/*");
        ConstraintSecurityHandler sh = new ConstraintSecurityHandler();
        sh.setConstraintMappings(new ConstraintMapping[] { cm });
        // Configure this context to use the Security Handler defined before
        rootContext.setHandler(sh);
    }
    // Setup the Gitblit context
    GitblitContext gitblit = newGitblit(settings, baseFolder);
    rootContext.addEventListener(gitblit);
    try {
        // start the shutdown monitor
        if (params.shutdownPort > 0) {
            Thread shutdownMonitor = new ShutdownMonitorThread(server, params);
            shutdownMonitor.start();
        }
        // start Jetty
        server.start();
        server.join();
    } catch (Exception e) {
        e.printStackTrace();
        System.exit(100);
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) Scanner(java.util.Scanner) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) Server(org.eclipse.jetty.server.Server) HashSessionManager(org.eclipse.jetty.server.session.HashSessionManager) Constraint(org.eclipse.jetty.util.security.Constraint) X509Metadata(com.gitblit.utils.X509Utils.X509Metadata) FileWriter(java.io.FileWriter) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) Properties(java.util.Properties) URI(java.net.URI) URL(java.net.URL) BufferedWriter(java.io.BufferedWriter) ServerConnector(org.eclipse.jetty.server.ServerConnector) WebAppContext(org.eclipse.jetty.webapp.WebAppContext) QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool) ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler) GitblitContext(com.gitblit.servlet.GitblitContext) GitblitAuthority(com.gitblit.authority.GitblitAuthority) FileBasedConfig(org.eclipse.jgit.storage.file.FileBasedConfig) NewCertificateConfig(com.gitblit.authority.NewCertificateConfig) ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) InputStream(java.io.InputStream) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) X509Log(com.gitblit.utils.X509Utils.X509Log) IOException(java.io.IOException) CmdLineException(org.kohsuke.args4j.CmdLineException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) Constraint(org.eclipse.jetty.util.security.Constraint) Date(java.util.Date) LDIFReader(com.unboundid.ldif.LDIFReader) File(java.io.File)

Example 2 with InMemoryDirectoryServerConfig

use of com.unboundid.ldap.listener.InMemoryDirectoryServerConfig in project gitblit by gitblit.

the class LdapBasedUnitTest method ldapInit.

/**
	 * Create three different in memory DS.
	 *
	 * Each DS has a different configuration:
	 * The first allows anonymous binds.
	 * The second requires authentication for all operations. It will only allow the DIRECTORY_MANAGER account
	 * to search for users and groups.
	 * The third one is like the second, but it allows users to search for users and groups, and restricts the
	 * USER_MANAGER from searching for groups.
	 */
@BeforeClass
public static void ldapInit() throws Exception {
    InMemoryDirectoryServer ds;
    InMemoryDirectoryServerConfig config = createInMemoryLdapServerConfig(AuthMode.ANONYMOUS);
    config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("anonymous"));
    ds = createInMemoryLdapServer(config);
    AuthMode.ANONYMOUS.setDS(ds);
    AuthMode.ANONYMOUS.setLdapPort(ds.getListenPort("anonymous"));
    config = createInMemoryLdapServerConfig(AuthMode.DS_MANAGER);
    config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("ds_manager"));
    config.setAuthenticationRequiredOperationTypes(EnumSet.allOf(OperationType.class));
    ds = createInMemoryLdapServer(config);
    AuthMode.DS_MANAGER.setDS(ds);
    AuthMode.DS_MANAGER.setLdapPort(ds.getListenPort("ds_manager"));
    config = createInMemoryLdapServerConfig(AuthMode.USR_MANAGER);
    config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("usr_manager"));
    config.setAuthenticationRequiredOperationTypes(EnumSet.allOf(OperationType.class));
    ds = createInMemoryLdapServer(config);
    AuthMode.USR_MANAGER.setDS(ds);
    AuthMode.USR_MANAGER.setLdapPort(ds.getListenPort("usr_manager"));
}
Also used : InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) OperationType(com.unboundid.ldap.sdk.OperationType) BeforeClass(org.junit.BeforeClass)

Example 3 with InMemoryDirectoryServerConfig

use of com.unboundid.ldap.listener.InMemoryDirectoryServerConfig in project gocd by gocd.

the class InMemoryLdapServerForTests method startServer.

private InMemoryDirectoryServer startServer(int port, String baseDn, String bindDn, String bindPassword) throws LDAPException, BindException {
    InMemoryListenerConfig listenerConfig = InMemoryListenerConfig.createLDAPConfig("default", port);
    InMemoryDirectoryServerConfig serverConfig = new InMemoryDirectoryServerConfig(new DN(baseDn));
    /* Ignore schema so that it does not complain that some attributes (like sAMAccountName) are not valid. */
    serverConfig.setSchema(null);
    serverConfig.setListenerConfigs(listenerConfig);
    serverConfig.addAdditionalBindCredentials(bindDn, bindPassword);
    InMemoryDirectoryServer server = new InMemoryDirectoryServer(serverConfig);
    try {
        server.startListening();
    } catch (LDAPException e) {
        throw new RuntimeException(e);
    }
    new LDIFAddChangeRecord(baseDn, new Attribute("objectClass", "domain", "top")).processChange(server);
    return server;
}
Also used : LDAPException(com.unboundid.ldap.sdk.LDAPException) Attribute(com.unboundid.ldap.sdk.Attribute) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) LDIFAddChangeRecord(com.unboundid.ldif.LDIFAddChangeRecord) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) InMemoryListenerConfig(com.unboundid.ldap.listener.InMemoryListenerConfig) DN(com.unboundid.ldap.sdk.DN)

Example 4 with InMemoryDirectoryServerConfig

use of com.unboundid.ldap.listener.InMemoryDirectoryServerConfig in project gitblit by gitblit.

the class LdapBasedUnitTest method createInMemoryLdapServerConfig.

public static InMemoryDirectoryServerConfig createInMemoryLdapServerConfig(AuthMode authMode) throws Exception {
    InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=MyDomain");
    config.addAdditionalBindCredentials(DIRECTORY_MANAGER, "password");
    config.addAdditionalBindCredentials(USER_MANAGER, "passwd");
    config.setSchema(null);
    authMode.setBindTracker(new BindTracker());
    config.addInMemoryOperationInterceptor(authMode.getBindTracker());
    config.addInMemoryOperationInterceptor(new AccessInterceptor(authMode));
    return config;
}
Also used : InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)

Example 5 with InMemoryDirectoryServerConfig

use of com.unboundid.ldap.listener.InMemoryDirectoryServerConfig in project spring-boot by spring-projects.

the class EmbeddedLdapAutoConfiguration method directoryServer.

@Bean
public InMemoryDirectoryServer directoryServer() throws LDAPException {
    InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(this.embeddedProperties.getBaseDn());
    if (hasCredentials(this.embeddedProperties.getCredential())) {
        config.addAdditionalBindCredentials(this.embeddedProperties.getCredential().getUsername(), this.embeddedProperties.getCredential().getPassword());
    }
    setSchema(config);
    InMemoryListenerConfig listenerConfig = InMemoryListenerConfig.createLDAPConfig("LDAP", this.embeddedProperties.getPort());
    config.setListenerConfigs(listenerConfig);
    this.server = new InMemoryDirectoryServer(config);
    importLdif();
    this.server.startListening();
    setPortProperty(this.applicationContext, this.server.getListenPort());
    return this.server;
}
Also used : InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) InMemoryListenerConfig(com.unboundid.ldap.listener.InMemoryListenerConfig) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

InMemoryDirectoryServerConfig (com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)6 InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)5 InMemoryListenerConfig (com.unboundid.ldap.listener.InMemoryListenerConfig)2 GitblitAuthority (com.gitblit.authority.GitblitAuthority)1 NewCertificateConfig (com.gitblit.authority.NewCertificateConfig)1 GitblitContext (com.gitblit.servlet.GitblitContext)1 X509Log (com.gitblit.utils.X509Utils.X509Log)1 X509Metadata (com.gitblit.utils.X509Utils.X509Metadata)1 Attribute (com.unboundid.ldap.sdk.Attribute)1 DN (com.unboundid.ldap.sdk.DN)1 Entry (com.unboundid.ldap.sdk.Entry)1 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 OperationType (com.unboundid.ldap.sdk.OperationType)1 LDIFAddChangeRecord (com.unboundid.ldif.LDIFAddChangeRecord)1 LDIFReader (com.unboundid.ldif.LDIFReader)1 BufferedWriter (java.io.BufferedWriter)1 File (java.io.File)1 FileWriter (java.io.FileWriter)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1