0001: /**
0002: * JOnAS: Java(TM) Open Application Server
0003: * Copyright (C) 1999-2007 Bull S.A.S.
0004: * Contact: jonas-team@objectweb.org
0005: *
0006: * This library is free software; you can redistribute it and/or
0007: * modify it under the terms of the GNU Lesser General Public
0008: * License as published by the Free Software Foundation; either
0009: * version 2.1 of the License, or 1any later version.
0010: *
0011: * This library is distributed in the hope that it will be useful,
0012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
0013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0014: * Lesser General Public License for more details.
0015: *
0016: * You should have received a copy of the GNU Lesser General Public
0017: * License along with this library; if not, write to the Free Software
0018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
0019: * USA
0020: *
0021: * --------------------------------------------------------------------------
0022: * $Id: JResourceLDAP.java 10002 2007-02-13 10:51:22Z benoitf $
0023: * --------------------------------------------------------------------------
0024: */package org.objectweb.jonas.security.realm.factory;
0025:
0026: import java.security.NoSuchAlgorithmException;
0027: import java.text.MessageFormat;
0028: import java.util.ArrayList;
0029: import java.util.Enumeration;
0030: import java.util.Hashtable;
0031: import java.util.Iterator;
0032: import java.util.Vector;
0033:
0034: import javax.naming.AuthenticationException;
0035: import javax.naming.Context;
0036: import javax.naming.Name;
0037: import javax.naming.NameParser;
0038: import javax.naming.NamingEnumeration;
0039: import javax.naming.NamingException;
0040: import javax.naming.Reference;
0041: import javax.naming.StringRefAddr;
0042: import javax.naming.directory.Attribute;
0043: import javax.naming.directory.Attributes;
0044: import javax.naming.directory.DirContext;
0045: import javax.naming.directory.InitialDirContext;
0046: import javax.naming.directory.SearchControls;
0047: import javax.naming.directory.SearchResult;
0048:
0049: import org.objectweb.util.monolog.api.BasicLevel;
0050:
0051: import org.objectweb.jonas.security.realm.lib.HashHelper;
0052: import org.objectweb.jonas.security.realm.principals.LDAPUser;
0053: import org.objectweb.jonas.security.realm.principals.User;
0054:
0055: /**
0056: * This class extends the JResource class for the LDAP implementation.
0057: * @author Florent Benoit
0058: * @author Emmanuel Rias (12/03 some improvements)
0059: */
0060: public class JResourceLDAP extends JResource implements
0061: JResourceLDAPMBean {
0062:
0063: /**
0064: * Type of the factory
0065: */
0066: private static final String FACTORY_TYPE = "org.objectweb.jonas.security.realm.factory.JResourceLDAP";
0067:
0068: /**
0069: * Name of the factory
0070: */
0071: private static final String FACTORY_NAME = "org.objectweb.jonas.security.realm.factory.JResourceLDAPFactory";
0072:
0073: /**
0074: * Bind authentication mode. Bind to the ldap server with the l/p given by
0075: * the user by the servlet
0076: */
0077: private static final String BIND_AUTHENTICATION_MODE = "bind";
0078:
0079: /**
0080: * Compare authentication mode. Retrieve password from the ldap server with
0081: * the given login and compare the password retrived with the password given
0082: * by the user
0083: */
0084: private static final String COMPARE_AUTHENTICATION_MODE = "compare";
0085:
0086: /**
0087: * Initial context factory for the LDAp server
0088: */
0089: private String initialContextFactory = null;
0090:
0091: /**
0092: * Url of the ldap server
0093: */
0094: private String providerUrl = null;
0095:
0096: /**
0097: * Type of the authentication used during the authentication to the LDAP
0098: * server
0099: */
0100: private String securityAuthentication = null;
0101:
0102: /**
0103: * DN of the Principal(username). He can retrieve the information from the
0104: * user
0105: */
0106: private String securityPrincipal = null;
0107:
0108: /**
0109: * Credential(password) of the principal
0110: */
0111: private String securityCredentials = null;
0112:
0113: /**
0114: * Constant that holds the name of the environment property for specifying
0115: * the security protocol to use.
0116: */
0117: private String securityProtocol = null;
0118:
0119: /**
0120: * Constant that holds the name of the environment property for specifying
0121: * the preferred language to use with the service.
0122: */
0123: private String language = null;
0124:
0125: /**
0126: * Constant that holds the name of the environment property for specifying
0127: * how referrals encountered by the service provider are to be processed.
0128: */
0129: private String referral = null;
0130:
0131: /**
0132: * Constant that holds the name of the environment property for specifying
0133: * the list of state factories to use.
0134: */
0135: private String stateFactories = null;
0136:
0137: /**
0138: * Mode for validate the authentication (BIND_AUTHENTICATION_MODE or
0139: * COMPARE_AUTHENTICATION_MODE)
0140: */
0141: private String authenticationMode = null;
0142:
0143: /**
0144: * Attribute in order to get the password from the ldap server
0145: */
0146: private String userPasswordAttribute = null;
0147:
0148: /**
0149: * Attribute in order to get the user role from the ldap server
0150: */
0151: private String userRolesAttribute = null;
0152:
0153: /**
0154: * Attribute for the role name when performing a lookup on a role
0155: */
0156: private String roleNameAttribute = null;
0157:
0158: /**
0159: * DN used for the lookup
0160: */
0161: private String baseDN = null;
0162:
0163: /**
0164: * DN used when searching the user DN. Override the baseDN if it is defined
0165: */
0166: private String userDN = null;
0167:
0168: /**
0169: * Filter used when searching the user
0170: */
0171: private String userSearchFilter = null;
0172:
0173: /**
0174: * DN used when searching the role DN. Override the baseDN if it is defined
0175: */
0176: private String roleDN = null;
0177:
0178: /**
0179: * Filter used when searching the role
0180: */
0181: private String roleSearchFilter = null;
0182:
0183: /**
0184: * Leave role DN empty ?
0185: */
0186: private static final String ROLEDN_EMPTY = "EMPTY";
0187:
0188: /**
0189: * Default algorithm. If specified, the default is not 'clear' password
0190: */
0191: private String algorithm = null;
0192:
0193: /**
0194: * Constructor : use the super constructor
0195: * @throws Exception if the super constructor fail
0196: */
0197: public JResourceLDAP() throws Exception {
0198: super ();
0199: }
0200:
0201: /**
0202: * Check if a user is found and return it
0203: * @param username the wanted user name
0204: * @return the user found or null
0205: * @throws JResourceException if there is a NamingException
0206: */
0207: public User findUser(String username) throws JResourceException {
0208:
0209: // No username. failed
0210: if (username == null) {
0211: return null;
0212: }
0213:
0214: // User to return
0215: LDAPUser user = new LDAPUser();
0216: user.setName(username);
0217: try {
0218:
0219: // Attributes for performing the search
0220: DirContext dirContext = getDirContext();
0221: SearchControls sctls = new SearchControls();
0222:
0223: String[] attributes = null;
0224: if (authenticationMode.equals(COMPARE_AUTHENTICATION_MODE)) {
0225: attributes = new String[] { userPasswordAttribute,
0226: userRolesAttribute };
0227: } else {
0228: attributes = new String[0];
0229: }
0230: sctls.setReturningAttributes(attributes);
0231: sctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
0232:
0233: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0234: getLogger().log(BasicLevel.DEBUG,
0235: "userDN = '" + userDN + "'");
0236: getLogger().log(BasicLevel.DEBUG,
0237: "baseDN = '" + baseDN + "'");
0238: }
0239:
0240: String lookupUserDN = null;
0241: // DN of the user. If no specific user DN, use the baseDN
0242: if (userDN != null && !userDN.equals("")) {
0243: lookupUserDN = userDN.concat(",").concat(baseDN);
0244: } else {
0245: lookupUserDN = baseDN;
0246: }
0247: Object[] arguments = { username };
0248: lookupUserDN = MessageFormat
0249: .format(lookupUserDN, arguments);
0250: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0251: getLogger().log(BasicLevel.DEBUG,
0252: "lookupUserDN = '" + lookupUserDN + "'");
0253: }
0254:
0255: // Search the DN with the user filter with the specific argument and
0256: // specific search controls
0257: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0258: getLogger().log(
0259: BasicLevel.DEBUG,
0260: "search : lookupUserDN = '" + lookupUserDN
0261: + "', searchFilter = '"
0262: + userSearchFilter + "', username = '"
0263: + username + "'");
0264: }
0265: NamingEnumeration answer = dirContext.search(lookupUserDN,
0266: userSearchFilter, new Object[] { username }, sctls);
0267: // No answer
0268: if (answer == null || !answer.hasMore()) {
0269: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0270: if (answer == null) {
0271: getLogger().log(BasicLevel.DEBUG,
0272: "answer is null");
0273: } else {
0274: getLogger().log(BasicLevel.DEBUG, "no anwser");
0275: }
0276: }
0277: return null;
0278: }
0279:
0280: // Get first answer
0281: SearchResult firstAnswer = (SearchResult) answer.next();
0282: // More than one answer. Not so good.
0283: if (answer.hasMore()) {
0284: return null;
0285: }
0286:
0287: // Build full User DN
0288: NameParser nameParser = dirContext.getNameParser("");
0289: Name contextName = nameParser.parse(dirContext
0290: .getNameInNamespace());
0291:
0292: // Add the lookupUserDN to the context name -> baseDN
0293: Name baseDNName = contextName.addAll(nameParser
0294: .parse(lookupUserDN));
0295:
0296: // Add the uid retrieve from the search to the baseDN --> user DN
0297: Name userFullDN = baseDNName.addAll(nameParser
0298: .parse(firstAnswer.getName()));
0299: user.setDN(userFullDN.toString());
0300:
0301: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0302: getLogger().log(BasicLevel.DEBUG,
0303: "DN found : '" + userFullDN + "'");
0304: }
0305:
0306: // Get the user attributes
0307: Attributes userAttributes = firstAnswer.getAttributes();
0308: if (userAttributes == null) {
0309: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0310: getLogger().log(BasicLevel.DEBUG,
0311: "No user attributes found");
0312: }
0313: return null;
0314: }
0315:
0316: String password = null;
0317: // Retrieve password if in compare mode
0318: if (authenticationMode.equals(COMPARE_AUTHENTICATION_MODE)) {
0319: password = readValueFromAttribute(
0320: userPasswordAttribute, userAttributes);
0321: if (password != null) {
0322: user.setPassword(password);
0323: }
0324: }
0325:
0326: // Add the roles which are found from the user
0327: String roles = readValuesFromAttribute(userRolesAttribute,
0328: userAttributes);
0329: user.setRoles(roles);
0330:
0331: } catch (javax.naming.NamingException ne) {
0332: throw new JResourceException("Could not find user :"
0333: + ne.getMessage());
0334: }
0335: return user;
0336: }
0337:
0338: /**
0339: * Check if the given user with the given credential is a valid user
0340: * @param user the given user
0341: * @param credentials credential of the user
0342: * @return true if the user is valid
0343: */
0344: public boolean isValidUser(User user, String credentials) {
0345:
0346: // null password ... can't authenticate
0347: if (credentials == null || user == null) {
0348: return false;
0349: }
0350:
0351: // Choose the right method
0352: if (authenticationMode.equals(COMPARE_AUTHENTICATION_MODE)) {
0353: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0354: getLogger().log(BasicLevel.DEBUG, "Compare mode");
0355: }
0356: return isValidUserCompare(user, credentials);
0357: } else if (authenticationMode.equals(BIND_AUTHENTICATION_MODE)) {
0358: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0359: getLogger().log(BasicLevel.DEBUG, "Bind mode");
0360: }
0361: return isValidUserBind(user, credentials);
0362: } else {
0363: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0364: getLogger().log(BasicLevel.DEBUG,
0365: "No authentication mode found, return false");
0366: }
0367: return false;
0368: }
0369:
0370: }
0371:
0372: /**
0373: * Check if the given user with the given credential is a valid user. Check
0374: * is done by binding to the LDAP server with the specific
0375: * principal/credential.
0376: * @param user the given user
0377: * @param credentials credential of the user
0378: * @return true if the user is valid
0379: */
0380: public boolean isValidUserBind(User user, String credentials) {
0381:
0382: // Get the DN of the ldap user
0383: if (!(user instanceof LDAPUser)) {
0384: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0385: getLogger().log(BasicLevel.DEBUG,
0386: "Not instance of LDAPUser");
0387: }
0388: return false;
0389: }
0390:
0391: String dn = ((LDAPUser) user).getDN();
0392: if (dn == null) {
0393: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0394: getLogger()
0395: .log(BasicLevel.DEBUG, "No DN found in User");
0396: }
0397: return false;
0398: }
0399:
0400: //Make our env
0401: Hashtable env = getEnvInitialDirContext();
0402: env.put(Context.SECURITY_PRINCIPAL, dn);
0403: env.put(Context.SECURITY_CREDENTIALS, credentials);
0404:
0405: boolean validated = false;
0406: try {
0407: DirContext dirContext = new InitialDirContext(env);
0408: validated = true;
0409: dirContext.close();
0410: } catch (AuthenticationException e) {
0411: // not validated
0412: getLogger().log(
0413: BasicLevel.ERROR,
0414: "Can't make an initial dir context : "
0415: + e.getMessage());
0416: } catch (NamingException ne) {
0417: // not validated
0418: getLogger().log(BasicLevel.ERROR,
0419: "Naming exception " + ne.getMessage());
0420: }
0421: return validated;
0422: }
0423:
0424: /**
0425: * Check if the given user with the given credential is a valid user. Check
0426: * is done by comparing the given credential with the credential which is
0427: * retrieved from the LDAP server.
0428: * @param user the given user
0429: * @param credentials credential of the user
0430: * @return true if the user is valid
0431: */
0432: public boolean isValidUserCompare(User user, String credentials) {
0433:
0434: boolean validated = false;
0435:
0436: if (user != null && user.getHashPassword() == null) {
0437: // Don't use stringbuffer, error case
0438: String errMsg = "No password for the user so it cannot perform a check.";
0439: errMsg += " Check that you are using the correct mode ('compare' or 'bind').";
0440: errMsg += " By using compare mode, the anonymous user cannot retrieved password in many cases.";
0441: getLogger().log(BasicLevel.ERROR, errMsg);
0442: return validated;
0443: }
0444:
0445: //Get algorithm and hashpassword
0446: String pass = user.getHashPassword().getPassword();
0447: String algo = user.getHashPassword().getAlgorithm();
0448:
0449: // Crypt password ?
0450: if (algo != null && pass != null) {
0451: try {
0452: validated = HashHelper.hashPassword(credentials, algo)
0453: .equalsIgnoreCase(pass);
0454: } catch (NoSuchAlgorithmException nsae) {
0455: getLogger().log(
0456: BasicLevel.ERROR,
0457: "Can't make a password with the algorithm "
0458: + algo + ". " + nsae.getMessage());
0459: }
0460: } else if ((algorithm != null) && (!algorithm.equals(""))) {
0461: // Encode password with the specified algorithm (no clear)
0462: try {
0463: validated = HashHelper.hashPassword(credentials,
0464: algorithm).equalsIgnoreCase(pass);
0465: } catch (NoSuchAlgorithmException nsae) {
0466: getLogger().log(
0467: BasicLevel.ERROR,
0468: "Can't make a password with the algorithm "
0469: + algorithm + ". " + nsae.getMessage());
0470: }
0471: } else {
0472: // clear
0473: validated = credentials.equals(pass);
0474: }
0475: return validated;
0476: }
0477:
0478: /**
0479: * Get all the roles (from the roles and from the groups) of the given user
0480: * @param user the given user
0481: * @return the array list of all the roles for a given user
0482: * @throws JResourceException if there is a naming exception
0483: */
0484: public ArrayList getArrayListCombinedRoles(User user)
0485: throws JResourceException {
0486:
0487: ArrayList allCombinedRoles = new ArrayList();
0488: // Return empty array if user null
0489: if (user == null) {
0490: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0491: getLogger().log(BasicLevel.DEBUG,
0492: "User is empty, return empty array of roles");
0493: }
0494: return allCombinedRoles;
0495: }
0496:
0497: // Add all user roles found with the user ldap entry
0498: String[] userRoles = user.getArrayRoles();
0499: for (int r = 0; r < userRoles.length; r++) {
0500: String roleName = userRoles[r];
0501: if (!allCombinedRoles.contains(roleName)) {
0502: allCombinedRoles.add(roleName);
0503: }
0504: }
0505:
0506: // Add roles found in ldap
0507: if (!(user instanceof LDAPUser)) {
0508: return allCombinedRoles;
0509: }
0510: String dn = ((LDAPUser) user).getDN();
0511:
0512: // No valid info
0513: if (dn == null) {
0514: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0515: getLogger()
0516: .log(BasicLevel.DEBUG,
0517: "DN of user is empty, return empty array of roles");
0518: }
0519: return allCombinedRoles;
0520: }
0521:
0522: try {
0523: // Attributes for performing the search
0524: DirContext dirContext = getDirContext();
0525: SearchControls sctls = new SearchControls();
0526:
0527: String[] attributes = new String[] { roleNameAttribute };
0528: sctls.setReturningAttributes(attributes);
0529: sctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
0530: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0531: getLogger().log(BasicLevel.DEBUG,
0532: "roleDN = '" + roleDN + "'");
0533: getLogger().log(BasicLevel.DEBUG,
0534: "baseDN = '" + baseDN + "'");
0535: }
0536:
0537: // DN of the role. If no specific role DN, use the baseDN
0538: String lookupRoleDN = null;
0539: if ((roleDN != null) && (!roleDN.equals(""))) {
0540: if (ROLEDN_EMPTY.equals(roleDN)) {
0541: // No role DN for this case
0542: lookupRoleDN = "";
0543: } else {
0544: lookupRoleDN = roleDN.concat(",").concat(baseDN);
0545: }
0546: } else {
0547: lookupRoleDN = baseDN;
0548: }
0549:
0550: // Search the DN with the role filter with the specific argument and
0551: // specific search controls
0552: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0553: getLogger().log(
0554: BasicLevel.DEBUG,
0555: "search with lookupRoleDN = '" + lookupRoleDN
0556: + "', rolesearchFilter = '"
0557: + roleSearchFilter + "', dn = '" + dn
0558: + "'");
0559: }
0560:
0561: NamingEnumeration answers = dirContext.search(lookupRoleDN,
0562: roleSearchFilter, new Object[] { dn }, sctls);
0563:
0564: if (answers == null) {
0565: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0566: getLogger().log(BasicLevel.DEBUG, "answer is null");
0567: }
0568: return allCombinedRoles;
0569: }
0570:
0571: Vector vRoles = new Vector();
0572: while (answers.hasMore()) {
0573: SearchResult answer = (SearchResult) answers.next();
0574: Attributes roleAttributes = answer.getAttributes();
0575: if (roleAttributes == null) {
0576: continue;
0577: }
0578: addValueFromAttributeToVector(roleNameAttribute,
0579: roleAttributes, vRoles);
0580: }
0581:
0582: for (Enumeration e = vRoles.elements(); e.hasMoreElements();) {
0583: String roleName = (String) e.nextElement();
0584: if (!allCombinedRoles.contains(roleName)) {
0585: allCombinedRoles.add(roleName);
0586: }
0587: }
0588: } catch (javax.naming.NamingException ne) {
0589: throw new JResourceException(
0590: "Could not find roles from the user :"
0591: + ne.getMessage());
0592: }
0593: user.setCombinedRoles(allCombinedRoles);
0594: if (getLogger().isLoggable(BasicLevel.DEBUG)) {
0595: StringBuffer rolesStr = new StringBuffer();
0596: for (Iterator it = allCombinedRoles.iterator(); it
0597: .hasNext();) {
0598: rolesStr.append((String) it.next());
0599: rolesStr.append(",");
0600: }
0601: getLogger().log(
0602: BasicLevel.DEBUG,
0603: "Roles are : " + rolesStr + " for user '"
0604: + user.getName() + "'");
0605: }
0606:
0607: return allCombinedRoles;
0608: }
0609:
0610: /**
0611: * String representation of the LDAP realm
0612: * @return the xml representation of the LDAP realm
0613: */
0614: public String toXML() {
0615:
0616: // Required values
0617:
0618: StringBuffer xml = new StringBuffer(" <ldaprealm name=\"");
0619: xml.append(getName());
0620:
0621: xml.append("\"\n baseDN=\"");
0622: if (baseDN != null) {
0623: xml.append(baseDN);
0624: }
0625:
0626: if ((initialContextFactory != null)
0627: && (!initialContextFactory.equals(""))) {
0628: xml.append("\"\n initialContextFactory=\"");
0629: xml.append(initialContextFactory);
0630: }
0631:
0632: if ((providerUrl != null) && (!providerUrl.equals(""))) {
0633: xml.append("\"\n providerUrl=\"");
0634: xml.append(providerUrl);
0635: }
0636:
0637: if ((securityAuthentication != null)
0638: && (!securityAuthentication.equals(""))) {
0639: xml.append("\"\n securityAuthentication=\"");
0640: xml.append(securityAuthentication);
0641: }
0642:
0643: if ((securityPrincipal != null)
0644: && (!securityPrincipal.equals(""))) {
0645: xml.append("\"\n securityPrincipal=\"");
0646: xml.append(securityPrincipal);
0647: }
0648:
0649: if ((securityCredentials != null)
0650: && (!securityCredentials.equals(""))) {
0651: xml.append("\"\n securityCredentials=\"");
0652: xml.append(securityCredentials);
0653: }
0654:
0655: if ((authenticationMode != null)
0656: && (!authenticationMode.equals(""))) {
0657: xml.append("\"\n authenticationMode=\"");
0658: xml.append(authenticationMode);
0659: }
0660:
0661: if ((userPasswordAttribute != null)
0662: && (!userPasswordAttribute.equals(""))) {
0663: xml.append("\"\n userPasswordAttribute=\"");
0664: xml.append(userPasswordAttribute);
0665: }
0666:
0667: if ((userRolesAttribute != null)
0668: && (!userRolesAttribute.equals(""))) {
0669: xml.append("\"\n userRolesAttribute=\"");
0670: xml.append(userRolesAttribute);
0671: }
0672:
0673: if ((roleNameAttribute != null)
0674: && (!roleNameAttribute.equals(""))) {
0675: xml.append("\"\n roleNameAttribute=\"");
0676: xml.append(roleNameAttribute);
0677: }
0678:
0679: if ((userDN != null) && (!userDN.equals(""))) {
0680: xml.append("\"\n userDN=\"");
0681: xml.append(userDN);
0682: }
0683:
0684: if ((userSearchFilter != null)
0685: && (!userSearchFilter.equals(""))) {
0686: xml.append("\"\n userSearchFilter=\"");
0687: xml.append(userSearchFilter);
0688: }
0689:
0690: if ((roleDN != null) && (!roleDN.equals(""))) {
0691: xml.append("\"\n roleDN=\"");
0692: xml.append(roleDN);
0693: }
0694:
0695: if ((roleSearchFilter != null)
0696: && (!roleSearchFilter.equals(""))) {
0697: xml.append("\"\n roleSearchFilter=\"");
0698: xml.append(roleSearchFilter);
0699: }
0700:
0701: // Optional values
0702: if ((securityProtocol != null)
0703: && (!securityProtocol.equals(""))) {
0704: xml.append("\"\n securityProtocol=\"");
0705: xml.append(securityProtocol);
0706: }
0707:
0708: if ((language != null) && (!language.equals(""))) {
0709: xml.append("\"\n language=\"");
0710: xml.append(language);
0711: }
0712:
0713: if ((referral != null) && (!referral.equals(""))) {
0714: xml.append("\"\n referral=\"");
0715: xml.append(referral);
0716: }
0717:
0718: if ((stateFactories != null) && (!stateFactories.equals(""))) {
0719: xml.append("\"\n stateFactories=\"");
0720: xml.append(stateFactories);
0721: }
0722:
0723: if ((algorithm != null) && (!algorithm.equals(""))) {
0724: xml.append("\"\n algorithm=\"");
0725: xml.append(algorithm);
0726: }
0727:
0728: xml.append("\" />");
0729:
0730: return xml.toString();
0731: }
0732:
0733: /**
0734: * The string representation of this object is an XML value
0735: * @return the xml representation of this object
0736: */
0737: public String toString() {
0738: return this .toXML();
0739: }
0740:
0741: /**
0742: * Retrieves the Reference of the object. The Reference contains the factory
0743: * used to create this object and the optional parameters used to configure
0744: * the factory.
0745: * @return the non-null Reference of the object.
0746: * @throws NamingException if a naming exception was encountered while
0747: * retrieving the reference.
0748: */
0749: public Reference getReference() throws NamingException {
0750:
0751: // Build the reference to the factory FACTORY_TYPE
0752: Reference reference = new Reference(FACTORY_TYPE, FACTORY_NAME,
0753: null);
0754:
0755: // Add ref addr
0756: reference.add(new StringRefAddr("name", getName()));
0757: reference.add(new StringRefAddr("initialContextFactory",
0758: getInitialContextFactory()));
0759: reference
0760: .add(new StringRefAddr("providerUrl", getProviderUrl()));
0761: reference.add(new StringRefAddr("securityAuthentication",
0762: getSecurityAuthentication()));
0763: reference.add(new StringRefAddr("securityPrincipal",
0764: getSecurityPrincipal()));
0765: reference.add(new StringRefAddr("securityCredentials",
0766: getSecurityCredentials()));
0767: reference.add(new StringRefAddr("securityProtocol",
0768: getSecurityProtocol()));
0769: reference.add(new StringRefAddr("language", getLanguage()));
0770: reference.add(new StringRefAddr("referral", getReferral()));
0771: reference.add(new StringRefAddr("stateFactories",
0772: getStateFactories()));
0773: reference.add(new StringRefAddr("authenticationMode",
0774: getAuthenticationMode()));
0775: reference.add(new StringRefAddr("userPasswordAttribute",
0776: getUserPasswordAttribute()));
0777: reference.add(new StringRefAddr("userRolesAttribute",
0778: getUserRolesAttribute()));
0779: reference.add(new StringRefAddr("roleNameAttribute",
0780: getRoleNameAttribute()));
0781: reference.add(new StringRefAddr("baseDN", getBaseDN()));
0782: reference.add(new StringRefAddr("userDN", getUserDN()));
0783: reference.add(new StringRefAddr("userSearchFilter",
0784: getUserSearchFilter()));
0785: reference.add(new StringRefAddr("roleDN", getRoleDN()));
0786: reference.add(new StringRefAddr("roleSearchFilter",
0787: getRoleSearchFilter()));
0788: reference.add(new StringRefAddr("algorithm", algorithm));
0789:
0790: return reference;
0791: }
0792:
0793: /**
0794: * Set the initial context factory of this LDAP realm
0795: * @param initialContextFactory the initial context factory
0796: */
0797: public void setInitialContextFactory(String initialContextFactory) {
0798: this .initialContextFactory = initialContextFactory;
0799: }
0800:
0801: /**
0802: * Set the Url of the ldap server of this LDAP realm
0803: * @param providerUrl Url of the ldap server
0804: */
0805: public void setProviderUrl(String providerUrl) {
0806: this .providerUrl = providerUrl;
0807: }
0808:
0809: /**
0810: * Set the authentication used during the authentication to the LDAP server
0811: * of this LDAP realm
0812: * @param securityAuthentication authentication used during the
0813: * authentication to the LDAP server
0814: */
0815: public void setSecurityAuthentication(String securityAuthentication) {
0816: this .securityAuthentication = securityAuthentication;
0817: }
0818:
0819: /**
0820: * Set the DN of the Principal(username) of this LDAP realm
0821: * @param securityPrincipal DN of the Principal(username)
0822: */
0823: public void setSecurityPrincipal(String securityPrincipal) {
0824: this .securityPrincipal = securityPrincipal;
0825: }
0826:
0827: /**
0828: * Set the Credential(password) of the principal of this LDAP realm
0829: * @param securityCredentials Credential(password) of the principal
0830: */
0831: public void setSecurityCredentials(String securityCredentials) {
0832: this .securityCredentials = securityCredentials;
0833: }
0834:
0835: /**
0836: * Set the security protocol to use of this LDAP realm
0837: * @param securityProtocol security protocol to use
0838: */
0839: public void setSecurityProtocol(String securityProtocol) {
0840: this .securityProtocol = securityProtocol;
0841: }
0842:
0843: /**
0844: * Set the preferred language to use with the service of this LDAP realm
0845: * @param language preferred language to use with the service
0846: */
0847: public void setLanguage(String language) {
0848: this .language = language;
0849: }
0850:
0851: /**
0852: * Set how referrals encountered by the service provider are to be processed
0853: * @param referral how referrals encountered by the service provider are to
0854: * be processed
0855: */
0856: public void setReferral(String referral) {
0857: this .referral = referral;
0858: }
0859:
0860: /**
0861: * Set the the list of state factories of this LDAP realm
0862: * @param stateFactories list of state factories
0863: */
0864: public void setStateFactories(String stateFactories) {
0865: this .stateFactories = stateFactories;
0866: }
0867:
0868: /**
0869: * Set the mode for validate the authentication of this LDAP realm
0870: * @param authenticationMode BIND_AUTHENTICATION_MODE or
0871: * COMPARE_AUTHENTICATION_MODE
0872: */
0873: public void setAuthenticationMode(String authenticationMode) {
0874: this .authenticationMode = authenticationMode;
0875: }
0876:
0877: /**
0878: * Set the attribute in order to get the password of this LDAP realm
0879: * @param userPasswordAttribute attribute in order to get the password of
0880: * this LDAP realm
0881: */
0882: public void setUserPasswordAttribute(String userPasswordAttribute) {
0883: this .userPasswordAttribute = userPasswordAttribute;
0884: }
0885:
0886: /**
0887: * Set the attribute in order to get the user role from the ldap server
0888: * @param userRolesAttribute attribute in order to get the user role from
0889: * the ldap server
0890: */
0891: public void setUserRolesAttribute(String userRolesAttribute) {
0892: this .userRolesAttribute = userRolesAttribute;
0893: }
0894:
0895: /**
0896: * Set the role name when performing a lookup on a role
0897: * @param roleNameAttribute role name when performing a lookup on a role
0898: */
0899: public void setRoleNameAttribute(String roleNameAttribute) {
0900: this .roleNameAttribute = roleNameAttribute;
0901: }
0902:
0903: /**
0904: * Set the DN used for the lookup of this LDAP realm
0905: * @param baseDN DN used for the lookup
0906: */
0907: public void setBaseDN(String baseDN) {
0908: // empty value can't be set
0909: if ((baseDN != null) && (!baseDN.equals(""))) {
0910: this .baseDN = baseDN;
0911: }
0912: }
0913:
0914: /**
0915: * Set the DN used when searching the user DN. Override the baseDN if it is
0916: * defined
0917: * @param userDN DN used when searching the user DN
0918: */
0919: public void setUserDN(String userDN) {
0920: if ((userDN != null) && (!userDN.equals(""))) {
0921: this .userDN = userDN;
0922: }
0923: }
0924:
0925: /**
0926: * Set the filter used when searching the user
0927: * @param userSearchFilter filter used when searching the user
0928: */
0929: public void setUserSearchFilter(String userSearchFilter) {
0930: this .userSearchFilter = userSearchFilter;
0931: }
0932:
0933: /**
0934: * Set the DN used when searching the role DN. Override the baseDN if it is
0935: * defined
0936: * @param roleDN DN used when searching the role DN. Override the baseDN if
0937: * it is defined
0938: */
0939: public void setRoleDN(String roleDN) {
0940: this .roleDN = roleDN;
0941: }
0942:
0943: /**
0944: * Set the filter used when searching the role
0945: * @param roleSearchFilter filter used when searching the role
0946: */
0947: public void setRoleSearchFilter(String roleSearchFilter) {
0948: this .roleSearchFilter = roleSearchFilter;
0949: }
0950:
0951: /**
0952: * Set the default algorithm to use
0953: * @param algorithm algorithm to be used
0954: */
0955: public void setAlgorithm(String algorithm) {
0956: this .algorithm = algorithm;
0957: }
0958:
0959: /**
0960: * Return the initial context factory of this LDAP realm
0961: * @return the initial context factory
0962: */
0963: public String getInitialContextFactory() {
0964: return initialContextFactory;
0965: }
0966:
0967: /**
0968: * Get the Url of the ldap server of this LDAP realm
0969: * @return Url of the ldap server
0970: */
0971: public String getProviderUrl() {
0972: return providerUrl;
0973: }
0974:
0975: /**
0976: * Get the authentication used during the authentication to the LDAP server
0977: * of this LDAP realm
0978: * @return authentication used during the authentication to the LDAP server
0979: */
0980: public String getSecurityAuthentication() {
0981: return securityAuthentication;
0982: }
0983:
0984: /**
0985: * Get the DN of the Principal(username) of this LDAP realm
0986: * @return DN of the Principal(username)
0987: */
0988: public String getSecurityPrincipal() {
0989: return securityPrincipal;
0990: }
0991:
0992: /**
0993: * Get the Credential(password) of the principal of this LDAP realm
0994: * @return Credential(password) of the principal
0995: */
0996: public String getSecurityCredentials() {
0997: return securityCredentials;
0998: }
0999:
1000: /**
1001: * Get the security protocol to use of this LDAP realm
1002: * @return security protocol to use
1003: */
1004: public String getSecurityProtocol() {
1005: return securityProtocol;
1006: }
1007:
1008: /**
1009: * Get the preferred language to use with the service of this LDAP realm
1010: * @return language preferred language to use with the service
1011: */
1012: public String getLanguage() {
1013: return language;
1014: }
1015:
1016: /**
1017: * Get how referrals encountered by the service provider are to be processed
1018: * @return how referrals encountered by the service provider are to be
1019: * processed
1020: */
1021: public String getReferral() {
1022: return referral;
1023: }
1024:
1025: /**
1026: * Get the the list of state factories of this LDAP realm
1027: * @return list of state factories
1028: */
1029: public String getStateFactories() {
1030: return stateFactories;
1031: }
1032:
1033: /**
1034: * Get the mode for validate the authentication of this LDAP realm
1035: * @return BIND_AUTHENTICATION_MODE or COMPARE_AUTHENTICATION_MODE
1036: */
1037: public String getAuthenticationMode() {
1038: return authenticationMode;
1039: }
1040:
1041: /**
1042: * Get the attribute in order to get the password of this LDAP realm
1043: * @return attribute in order to get the password of this LDAP realm
1044: */
1045: public String getUserPasswordAttribute() {
1046: return userPasswordAttribute;
1047: }
1048:
1049: /**
1050: * Get the attribute in order to get the user role from the ldap server
1051: * @return attribute in order to get the user role from the ldap server
1052: */
1053: public String getUserRolesAttribute() {
1054: return userRolesAttribute;
1055: }
1056:
1057: /**
1058: * Get the role name when performing a lookup on a role
1059: * @return role name when performing a lookup on a role
1060: */
1061: public String getRoleNameAttribute() {
1062: return roleNameAttribute;
1063: }
1064:
1065: /**
1066: * Get the DN used for the lookup of this LDAP realm
1067: * @return baseDN DN used for the lookup
1068: */
1069: public String getBaseDN() {
1070: return baseDN;
1071: }
1072:
1073: /**
1074: * Get the DN used when searching the user DN. Override the baseDN if it is
1075: * defined
1076: * @return userDN DN used when searching the user DN
1077: */
1078: public String getUserDN() {
1079: return userDN;
1080: }
1081:
1082: /**
1083: * Get the filter used when searching the user
1084: * @return userSearchFilter filter used when searching the user
1085: */
1086: public String getUserSearchFilter() {
1087: return userSearchFilter;
1088: }
1089:
1090: /**
1091: * Get the DN used when searching the role DN. Override the baseDN if it is
1092: * defined
1093: * @return roleDN DN used when searching the role DN. Override the baseDN if
1094: * it is defined
1095: */
1096: public String getRoleDN() {
1097: return roleDN;
1098: }
1099:
1100: /**
1101: * Get the filter used when searching the role
1102: * @return roleSearchFilter filter used when searching the role
1103: */
1104: public String getRoleSearchFilter() {
1105: return roleSearchFilter;
1106: }
1107:
1108: /**
1109: * Get the default algorithm
1110: * @return the default algorithm
1111: */
1112: public String getAlgorithm() {
1113: return algorithm;
1114: }
1115:
1116: /**
1117: * Return a dircontext for this LDAP server
1118: * @return a dircontext for this LDAP server
1119: * @throws NamingException if we can't retrieve a DirContext
1120: */
1121: protected DirContext getDirContext() throws NamingException {
1122: DirContext dirContext = null;
1123: // Get the InitialDirContext with our env
1124: dirContext = new InitialDirContext(getEnvInitialDirContext());
1125:
1126: return dirContext;
1127: }
1128:
1129: /**
1130: * Return the environment used to build a DirContext
1131: * @return the environment used to build a DirContext
1132: */
1133: private Hashtable getEnvInitialDirContext() {
1134:
1135: // The environment is a hashtable
1136: Hashtable env = new Hashtable();
1137: env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
1138: env.put(Context.PROVIDER_URL, providerUrl);
1139: env
1140: .put(Context.SECURITY_AUTHENTICATION,
1141: securityAuthentication);
1142: if ((securityPrincipal != null)
1143: && (!securityPrincipal.equals(""))) {
1144: env.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
1145: }
1146: if ((securityCredentials != null)
1147: && (!securityCredentials.equals(""))) {
1148: env.put(Context.SECURITY_CREDENTIALS, securityCredentials);
1149: }
1150: if ((language != null) && (!language.equals(""))) {
1151: env.put(Context.LANGUAGE, language);
1152: }
1153: if ((referral != null) && (!referral.equals(""))) {
1154: env.put(Context.REFERRAL, referral);
1155: }
1156: if ((securityProtocol != null)
1157: && (!securityProtocol.equals(""))) {
1158: env.put(Context.SECURITY_PROTOCOL, securityProtocol);
1159: }
1160: if ((stateFactories != null) && (!stateFactories.equals(""))) {
1161: env.put(Context.STATE_FACTORIES, stateFactories);
1162: }
1163: return env;
1164: }
1165:
1166: /**
1167: * Return the string value read into the attributes attributes with the key
1168: * attrID
1169: * @param attrID the key that we are looking for
1170: * @param attributes all the attributes
1171: * @return the string value read into the attributes attributes with the key
1172: * attrID
1173: * @throws NamingException if the attrID can't be read from the attributes
1174: */
1175: private String readValueFromAttribute(String attrID,
1176: Attributes attributes) throws NamingException {
1177:
1178: // No attributes or the attrID is null (must be a non null attribute)
1179: if (attributes == null || attrID == null) {
1180: return null;
1181: }
1182:
1183: Attribute attribute = attributes.get(attrID);
1184:
1185: // Attribute not found
1186: if (attribute == null) {
1187: return null;
1188: }
1189:
1190: Object o = attribute.get();
1191: String value = null;
1192:
1193: if (o instanceof byte[]) {
1194: value = new String((byte[]) o);
1195: } else {
1196: value = o.toString();
1197: }
1198:
1199: return value;
1200: }
1201:
1202: /**
1203: * Return a comma separated string with the values read into the attributes
1204: * attributes with the key attrID
1205: * @param attrID the key that we are looking for
1206: * @param attributes all the attributes
1207: * @return comma separated string with the values read into the attributes
1208: * attributes with the key attrID
1209: * @throws NamingException if the attrID can't be read from the attributes
1210: */
1211: private String readValuesFromAttribute(String attrID,
1212: Attributes attributes) throws NamingException {
1213:
1214: // No attributes or the attrID is null (must be a non null attribute)
1215: if (attributes == null || attrID == null) {
1216: return null;
1217: }
1218:
1219: Attribute attribute = attributes.get(attrID);
1220:
1221: // Attribute not found
1222: if (attribute == null) {
1223: return null;
1224: }
1225:
1226: String value = null;
1227: NamingEnumeration e = attribute.getAll();
1228: while (e.hasMore()) {
1229: String s = (String) e.next();
1230: if (value == null) {
1231: value = s;
1232: } else {
1233: value = value + "," + s;
1234: }
1235: }
1236: return value;
1237: }
1238:
1239: /**
1240: * Add to a vector the values retrieved from the attributes with the
1241: * keyattrID
1242: * @param attrID the key that we are looking for
1243: * @param attributes all the attributes
1244: * @param v the vector on which the data are added
1245: * @throws NamingException if the attrID can't be read from the attributes
1246: */
1247: private void addValueFromAttributeToVector(String attrID,
1248: Attributes attributes, Vector v) throws NamingException {
1249:
1250: // No attributes or the attrID is null (must be a non null attribute)
1251: if (attributes == null || attrID == null) {
1252: return;
1253: }
1254:
1255: Attribute attribute = attributes.get(attrID);
1256:
1257: // Attribute not found
1258: if (attribute == null) {
1259: return;
1260: }
1261:
1262: NamingEnumeration e = attribute.getAll();
1263: while (e.hasMore()) {
1264: v.add(e.next());
1265: }
1266:
1267: }
1268:
1269: /**
1270: * Remove all the Mbeans used by this resource
1271: * @throws JResourceException if the MBeans can not be removed
1272: */
1273: public void removeMBeans() throws JResourceException {
1274: //no MBeans
1275: }
1276:
1277: }
|