001: /*
002: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
003: *
004: * This file is part of Resin(R) Open Source
005: *
006: * Each copy or derived work must preserve the copyright notice and this
007: * notice unmodified.
008: *
009: * Resin Open Source is free software; you can redistribute it and/or modify
010: * it under the terms of the GNU General Public License as published by
011: * the Free Software Foundation; either version 2 of the License, or
012: * (at your option) any later version.
013: *
014: * Resin Open Source is distributed in the hope that it will be useful,
015: * but WITHOUT ANY WARRANTY; without even the implied warranty of
016: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
017: * of NON-INFRINGEMENT. See the GNU General Public License for more
018: * details.
019: *
020: * You should have received a copy of the GNU General Public License
021: * along with Resin Open Source; if not, write to the
022: * Free SoftwareFoundation, Inc.
023: * 59 Temple Place, Suite 330
024: * Boston, MA 02111-1307 USA
025: *
026: * @author Scott Ferguson
027: */
028:
029: package com.caucho.server.security;
030:
031: import com.caucho.config.types.InitParam;
032: import com.caucho.security.BasicPrincipal;
033:
034: import javax.annotation.PostConstruct;
035: import javax.naming.Context;
036: import javax.naming.NamingException;
037: import javax.naming.directory.Attribute;
038: import javax.naming.directory.Attributes;
039: import javax.naming.directory.InitialDirContext;
040: import javax.servlet.ServletContext;
041: import javax.servlet.ServletException;
042: import javax.servlet.http.HttpServletRequest;
043: import javax.servlet.http.HttpServletResponse;
044: import java.security.Principal;
045: import java.util.Hashtable;
046: import java.util.logging.*;
047:
048: /**
049: * The LDAP authenticator uses the underlying LDAP services
050: * provided by the JDK.
051: *
052: * <code><pre>
053: * <authenticator url="ldap:url=ldap://localhost:389">
054: * </authenticator>
055: * </code></pre>
056: */
057: public class LdapAuthenticator extends AbstractPasswordAuthenticator {
058: private static final Logger log = Logger
059: .getLogger(LdapAuthenticator.class.getName());
060:
061: private String _host = "ldap://localhost:389";
062:
063: private String _userAttribute = "uid";
064: private String _passwordAttribute = "userPassword";
065: private String _baseDn;
066: private String _dnPrefix;
067: private String _dnSuffix;
068:
069: private Hashtable<String, String> _jndiEnv = new Hashtable<String, String>();
070:
071: public LdapAuthenticator() {
072: _jndiEnv.put(Context.INITIAL_CONTEXT_FACTORY,
073: "com.sun.jndi.ldap.LdapCtxFactory");
074: _jndiEnv.put(Context.PROVIDER_URL, "ldap://localhost:389");
075: }
076:
077: public void setDNPrefix(String prefix) {
078: _dnPrefix = prefix;
079: }
080:
081: public void setDNSuffix(String suffix) {
082: _dnSuffix = suffix;
083: }
084:
085: public void setBaseDn(String baseDn) {
086: _baseDn = baseDn;
087: }
088:
089: public void setHost(String host) {
090: if (!host.startsWith("ldap:"))
091: host = "ldap://" + host;
092:
093: setURL(host);
094: }
095:
096: public void addJNDIEnv(InitParam init) {
097: _jndiEnv.putAll(init.getParameters());
098: }
099:
100: public void setURL(String url) {
101: _jndiEnv.put(Context.PROVIDER_URL, url);
102: }
103:
104: public void setUserAttribute(String user) {
105: _userAttribute = user;
106: }
107:
108: public void setPasswordAttribute(String password) {
109: _passwordAttribute = password;
110: }
111:
112: /**
113: * Initialize the authenticator.
114: */
115: @PostConstruct
116: public void init() throws ServletException {
117: super .init();
118: }
119:
120: /**
121: * Authenticate (login) the user.
122: */
123: protected PasswordUser getUser(String userName) {
124: try {
125: Hashtable env = new Hashtable();
126:
127: env.putAll(_jndiEnv);
128:
129: InitialDirContext ic = new InitialDirContext(env);
130:
131: String query = _userAttribute + '=' + userName;
132:
133: if (_baseDn != null && !_baseDn.equals(""))
134: query = _baseDn + ',' + query;
135:
136: if (_dnPrefix != null && !_dnPrefix.equals(""))
137: query = _dnPrefix + ',' + query;
138:
139: if (_dnSuffix != null && !_dnSuffix.equals(""))
140: query = query + ',' + _dnSuffix;
141:
142: Attributes attributes = ic.getAttributes(query);
143:
144: if (log.isLoggable(Level.FINE))
145: log.fine("ldap-authenticator: " + query + "->"
146: + (attributes != null));
147:
148: if (attributes == null)
149: return null;
150:
151: Attribute passwordAttr = attributes.get(_passwordAttribute);
152:
153: if (passwordAttr == null)
154: return null;
155:
156: String ldapPassword = (String) passwordAttr.get();
157:
158: Principal principal = new BasicPrincipal(userName);
159:
160: boolean isDisabled = false;
161: boolean isAnonymous = false;
162:
163: return new PasswordUser(principal, ldapPassword
164: .toCharArray(), isDisabled, isAnonymous,
165: new String[] { "user" });
166: } catch (NamingException e) {
167: log.log(Level.FINE, e.toString(), e);
168:
169: return null;
170: }
171: }
172: }
|