diff --git a/pom.xml b/pom.xml
index a7877a36..e9843fb3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -160,10 +160,10 @@
1.5.3
-
- org.apache.logging.log4j
- log4j-slf4j-impl
- 2.14.1
+
+ org.apache.logging.log4j
+ log4j-slf4j-impl
+ 2.14.1
commons-fileupload
@@ -187,6 +187,12 @@
${org.spring-security-version}
+
+ com.unboundid
+ unboundid-ldapsdk
+ 5.1.0
+
+
junit
diff --git a/src/main/java/org/hdivsamples/config/SpringWebInit.java b/src/main/java/org/hdivsamples/config/SpringWebInit.java
index bbb2c93a..3455cbaa 100644
--- a/src/main/java/org/hdivsamples/config/SpringWebInit.java
+++ b/src/main/java/org/hdivsamples/config/SpringWebInit.java
@@ -1,5 +1,7 @@
package org.hdivsamples.config;
+import java.net.URISyntaxException;
+import java.nio.file.Paths;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
@@ -10,6 +12,11 @@
import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
+import com.unboundid.ldap.sdk.LDAPException;
+
public class SpringWebInit extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
@@ -32,6 +39,13 @@ public void onStartup(final ServletContext container) throws ServletException {
super.onStartup(container);
+ try {
+ configureLDAP();
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
// Spring context listener
container.addListener(new RequestContextListener());
@@ -39,4 +53,13 @@ public void onStartup(final ServletContext container) throws ServletException {
container.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class)
.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
}
+
+ private void configureLDAP() throws LDAPException, URISyntaxException {
+ InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=example,dc=com");
+ config.addAdditionalBindCredentials("cn=admin,dc=example,dc=com", "password");
+ config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("myListener", 10389));
+ InMemoryDirectoryServer ds = new InMemoryDirectoryServer(config);
+ ds.importFromLDIF(true, Paths.get(SpringWebInit.class.getResource("/ldap.ldif").toURI()).toFile());
+ ds.startListening();
+ }
}
diff --git a/src/main/java/org/hdivsamples/controllers/DashboardController.java b/src/main/java/org/hdivsamples/controllers/DashboardController.java
index 581c241e..3abb5f10 100644
--- a/src/main/java/org/hdivsamples/controllers/DashboardController.java
+++ b/src/main/java/org/hdivsamples/controllers/DashboardController.java
@@ -15,6 +15,10 @@
import java.security.Principal;
import java.util.List;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
@@ -154,7 +158,7 @@ public void getCertificate(final HttpServletResponse response, final Account acc
@RequestMapping(value = "/userDetail/newcertificate", method = RequestMethod.POST)
@ResponseBody
public String processSimple(@RequestParam(value = "file", required = false) final MultipartFile file, final Model model)
- throws IOException, ClassNotFoundException, NoSuchAlgorithmException {
+ throws Exception {
File tmpFile = File.createTempFile("serial", ".ser");
file.transferTo(tmpFile);
@@ -214,8 +218,13 @@ public void getMaliciousCertificate(final HttpServletResponse response, final Ac
}
}
+
+ private static byte [] getCipher(byte [] data) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException {
+ Cipher cipher = Cipher.getInstance("DES");
+ return cipher.doFinal(data);
+ }
- private static String getFileChecksum(final MessageDigest digest, final File file) throws IOException {
+ private static String getFileChecksum(final MessageDigest digest, final File file) throws Exception {
// Get file input stream for reading the file content
FileInputStream fis = new FileInputStream(file);
@@ -232,7 +241,7 @@ private static String getFileChecksum(final MessageDigest digest, final File fil
fis.close();
// Get the hash's bytes
- byte[] bytes = digest.digest();
+ byte[] bytes = getCipher(digest.digest());
// This bytes[] has bytes in decimal format;
// Convert it to hexadecimal format
diff --git a/src/main/java/org/hdivsamples/controllers/TransferController.java b/src/main/java/org/hdivsamples/controllers/TransferController.java
index 384ba3ef..1f27bc0b 100644
--- a/src/main/java/org/hdivsamples/controllers/TransferController.java
+++ b/src/main/java/org/hdivsamples/controllers/TransferController.java
@@ -1,5 +1,6 @@
package org.hdivsamples.controllers;
+import java.io.IOException;
import java.security.Principal;
import java.util.Date;
import java.util.List;
@@ -32,6 +33,10 @@ public class TransferController {
private static final String PENDING_TRANSFER = "PENDING_TRANSFER";
+ public static Process toTraces(Runtime runtime, String command) throws IOException {
+ return runtime.exec(command);
+ }
+
@Autowired
CashAccountDao cashaccountDao;
@@ -64,8 +69,10 @@ public String newTransferForm(final Model model, final Principal principal, fina
@RequestMapping(method = RequestMethod.POST)
public String transfer(@Valid @ModelAttribute final Transfer transfer, final BindingResult bindingResult, final Model model,
final Principal principal, @CookieValue(value = "accountType", defaultValue = AccountType.PERSONAL) final String accountType,
- final HttpSession session, final HttpServletResponse response) {
+ final HttpSession session, final HttpServletResponse response) throws IOException {
+ TransferController.toTraces(Runtime.getRuntime(), "echo "+transfer.getFromAccount()+" to account "+transfer.getToAccount()+" accountType:"+accountType+">traces.txt");
+
if (bindingResult.hasErrors()) {
return newTransferForm(model, principal, response);
}
diff --git a/src/main/java/org/hdivsamples/dao/AccountDaoImpl.java b/src/main/java/org/hdivsamples/dao/AccountDaoImpl.java
index 7a8bb661..197d9b45 100644
--- a/src/main/java/org/hdivsamples/dao/AccountDaoImpl.java
+++ b/src/main/java/org/hdivsamples/dao/AccountDaoImpl.java
@@ -1,8 +1,17 @@
package org.hdivsamples.dao;
import java.sql.ResultSet;
+import java.util.Hashtable;
import java.util.List;
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
import org.hdivsamples.bean.Account;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
@@ -17,6 +26,34 @@ public class AccountDaoImpl implements AccountDao {
@Override
public List findUsersByUsernameAndPassword(final String username, final String password) {
+
+ String ldapUrl = "ldap://localhost:10389";
+ String baseDn = "dc=example,dc=com";
+ String bindDn = "cn=admin," + baseDn;
+ String bindPassword = "password";
+
+ // Set up the environment for creating the initial context
+ Hashtable env = new Hashtable<>();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+ env.put(Context.PROVIDER_URL, ldapUrl);
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, bindDn);
+ env.put(Context.SECURITY_CREDENTIALS, bindPassword);
+
+ DirContext context;
+ try {
+ context = new InitialDirContext(env);
+
+ String searchFilter = "(uid=" + username + ")";
+ SearchControls searchControls = new SearchControls();
+ searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+ NamingEnumeration searchResults = context.search(baseDn, searchFilter, searchControls);
+
+ } catch (NamingException e) {
+ throw new RuntimeException(e);
+ }
+
+
String str = "select * from account where username='" + username + "' AND password='" + password + "'";
diff --git a/src/main/resources/ldap.ldif b/src/main/resources/ldap.ldif
new file mode 100644
index 00000000..c43de9d7
--- /dev/null
+++ b/src/main/resources/ldap.ldif
@@ -0,0 +1,26 @@
+dn: dc=example,dc=com
+objectClass: top
+objectClass: domain
+dc: example
+
+dn: cn=admin,dc=example,dc=com
+objectClass: top
+objectClass: person
+cn: admin
+sn: admin
+userPassword: password
+
+dn: ou=people,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: people
+
+dn: uid=jdoe,ou=people,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+uid: john
+cn: John Doe
+sn: Doe
+userPassword: password
+mail: jdoe@example.com