Handled the error in case of user not enabled on LDAP

consiglionazionaledellericerche · Oct 26, 2023 · 2c9d3f4 · 2c9d3f4
1 parent cfc2830
commit 2c9d3f4
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/sigla-ejb/src/main/java/it/cnr/contab/utente00/nav/comp/GestioneLoginComponent.java b/sigla-ejb/src/main/java/it/cnr/contab/utente00/nav/comp/GestioneLoginComponent.java
@@ -894,7 +894,7 @@ public boolean isUtenteAbilitatoLdap(UserContext userContext, String uid, boolea
                     .map(s -> s.equalsIgnoreCase("si"))
                     .orElse(Boolean.FALSE);
         } catch (NoSuchBeanDefinitionException _ex){
-            return true;
+            return false;
         } catch (Throwable e) {
             throw handleException(e);
         }

diff --git a/sigla-web/src/main/java/it/cnr/contab/web/rest/model/AccountDTO.java b/sigla-web/src/main/java/it/cnr/contab/web/rest/model/AccountDTO.java
@@ -54,7 +54,7 @@ public class AccountDTO {
     private Map<String, List<String>> roles;
     private List<AccountDTO> users;
     private Boolean utenteMultiplo;
-
+    private Boolean abilitatoLdap;
     public AccountDTO(UtenteBulk currentUser) {
         super();
         this.roles = new HashMap<String, List<String>>();
@@ -280,4 +280,12 @@ public Boolean getUtenteMultiplo() {
     public void setUtenteMultiplo(Boolean utenteMultiplo) {
         this.utenteMultiplo = utenteMultiplo;
     }
+
+    public Boolean getAbilitatoLdap() {
+        return abilitatoLdap;
+    }
+
+    public void setAbilitatoLdap(Boolean abilitatoLdap) {
+        this.abilitatoLdap = abilitatoLdap;
+    }
 }
diff --git a/sigla-web/src/main/java/it/cnr/contab/web/rest/resource/config00/AccountResource.java b/sigla-web/src/main/java/it/cnr/contab/web/rest/resource/config00/AccountResource.java
@@ -18,6 +18,7 @@
 package it.cnr.contab.web.rest.resource.config00;
 
 import it.cnr.contab.security.auth.SIGLALDAPPrincipal;
+import it.cnr.contab.utente00.nav.ejb.GestioneLoginComponentSession;
 import it.cnr.contab.utenze00.bp.CNRUserContext;
 import it.cnr.contab.utenze00.bulk.UtenteBulk;
 import it.cnr.contab.web.rest.config.RESTSecurityInterceptor;
@@ -59,6 +60,8 @@ public class AccountResource implements AccountLocal {
 
     @EJB
     private CRUDComponentSession crudComponentSession;
+    @EJB
+    private GestioneLoginComponentSession gestioneLoginComponentSession;
 
     public AccountDTO getAccountDTO(HttpServletRequest request) throws Exception {
         CNRUserContext userContext = AbstractResource.getUserContext(securityContext, request);
@@ -88,6 +91,7 @@ public AccountDTO getAccountDTO(HttpServletRequest request) throws Exception {
                 accountDTO.setFirstName((String) siglaldapPrincipal.get().getAttribute("cnrnome"));
                 accountDTO.setLastName((String) siglaldapPrincipal.get().getAttribute("cnrcognome"));
                 accountDTO.setLdap(Boolean.TRUE);
+                accountDTO.setAbilitatoLdap(Boolean.TRUE);
                 accountDTO.setUtenteMultiplo(findUtenteByUID.size() > 1);
             } else {
                 LOGGER.warn("User {} not found!", securityContext.getUserPrincipal().getName());
@@ -97,16 +101,17 @@ public AccountDTO getAccountDTO(HttpServletRequest request) throws Exception {
         } else if (keycloakPrincipal.isPresent()) {
             final IDToken idToken = Optional.ofNullable(keycloakPrincipal.get().getKeycloakSecurityContext().getIdToken())
                     .orElse(keycloakPrincipal.get().getKeycloakSecurityContext().getToken());
+            final String uid = Optional.ofNullable(idToken.getOtherClaims())
+                    .flatMap(stringObjectMap -> Optional.ofNullable(stringObjectMap.get(RESTSecurityInterceptor.USERNAME_CNR)))
+                    .filter(String.class::isInstance)
+                    .map(String.class::cast)
+                    .orElse(idToken.getPreferredUsername());
             final List<UtenteBulk> findUtenteByUID = crudComponentSession.find(
                     userContext,
                     UtenteBulk.class,
                     FIND_UTENTE_BY_UID,
                     userContext,
-                    Optional.ofNullable(idToken.getOtherClaims())
-                            .flatMap(stringObjectMap -> Optional.ofNullable(stringObjectMap.get(RESTSecurityInterceptor.USERNAME_CNR)))
-                            .filter(String.class::isInstance)
-                            .map(String.class::cast)
-                            .orElse(idToken.getPreferredUsername())
+                    uid
             );
             final Optional<UtenteBulk> utenteBulk1 = findUtenteByUID.stream().findFirst();
             if (!utenteBulk1.isPresent()) {
@@ -118,8 +123,9 @@ public AccountDTO getAccountDTO(HttpServletRequest request) throws Exception {
             accountDTO.setEmail(idToken.getEmail());
             accountDTO.setFirstName(idToken.getGivenName());
             accountDTO.setLastName(idToken.getFamilyName());
-            accountDTO.setLdap(Boolean.TRUE);
             accountDTO.setUtenteMultiplo(findUtenteByUID.size() > 1);
+            accountDTO.setLdap(Boolean.TRUE);
+            accountDTO.setAbilitatoLdap(gestioneLoginComponentSession.isUtenteAbilitatoLdap(userContext, uid, Boolean.TRUE));
         } else {
             final UtenteBulk utenteBulk = (UtenteBulk) crudComponentSession.findByPrimaryKey(
                     userContext,
@@ -133,6 +139,7 @@ public AccountDTO getAccountDTO(HttpServletRequest request) throws Exception {
             accountDTO.setLogin(securityContext.getUserPrincipal().getName());
             accountDTO.setUsers(Arrays.asList(utenteBulk).stream().map(utente -> new AccountDTO(utente)).collect(Collectors.toList()));
             accountDTO.setLdap(Boolean.FALSE);
+            accountDTO.setAbilitatoLdap(Boolean.FALSE);
             accountDTO.setUtenteMultiplo(Boolean.FALSE);
         }
         accountDTO.setEsercizio(userContext.getEsercizio());