001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi.impl;
018:
019: import java.sql.Date;
020: import java.util.HashSet;
021: import java.util.Set;
022:
023: import javax.naming.NamingException;
024:
025: import org.apache.commons.lang.StringUtils;
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028: import org.apache.jetspeed.security.PasswordCredential;
029: import org.apache.jetspeed.security.SecurityException;
030: import org.apache.jetspeed.security.spi.CredentialHandler;
031: import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao;
032: import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl;
033:
034: /**
035: * @see org.apache.jetspeed.security.spi.CredentialHandler
036: *
037: * @author <a href="mailto:mike.long@dataline.com">Mike Long</a>
038: */
039: public class LdapCredentialHandler implements CredentialHandler {
040: /** The logger. */
041: private static final Log LOG = LogFactory
042: .getLog(LdapCredentialHandler.class);
043:
044: /** The {@link LdapUserCredentialDao}. */
045: private LdapUserCredentialDao ldap;
046:
047: /**
048: * <p>
049: * Default constructor.
050: * </p>
051: */
052: public LdapCredentialHandler() throws NamingException,
053: SecurityException {
054: this (new LdapUserCredentialDaoImpl());
055: }
056:
057: /**
058: * <p>
059: * Constructor given a {@link LdapUserCredentialDao}.
060: * </p>
061: *
062: * @param ldap The {@link LdapUserCredentialDao}.
063: * @throws NamingException A {@link NamingException}.
064: * @throws SecurityException A {@link SecurityException}.
065: */
066: public LdapCredentialHandler(LdapUserCredentialDao ldap)
067: throws NamingException, SecurityException {
068: this .ldap = ldap;
069: }
070:
071: /**
072: * @see org.apache.jetspeed.security.spi.CredentialHandler#getPublicCredentials(java.lang.String)
073: */
074: public Set getPublicCredentials(String username) {
075: return new HashSet();
076: }
077:
078: /**
079: * @see org.apache.jetspeed.security.spi.CredentialHandler#getPrivateCredentials(java.lang.String)
080: */
081: public Set getPrivateCredentials(String uid) {
082: Set privateCredentials = new HashSet();
083:
084: try {
085: privateCredentials.add(new DefaultPasswordCredentialImpl(
086: uid, ldap.getPassword(uid)));
087: } catch (SecurityException e) {
088: logSecurityException(e, uid);
089: }
090:
091: return privateCredentials;
092: }
093:
094: private void logSecurityException(SecurityException e, String uid) {
095: if (LOG.isErrorEnabled()) {
096: LOG.error(
097: "Failure creating a PasswordCredential for InternalCredential uid:"
098: + uid, e);
099: }
100: }
101:
102: /**
103: * @see org.apache.jetspeed.security.spi.CredentialHandler#importPassword(java.lang.String,java.lang.String)
104: */
105: public void importPassword(String uid, String newPassword)
106: throws SecurityException {
107: ldap.changePassword(uid, newPassword);
108: }
109:
110: /**
111: * <p>
112: * Adds or updates a private password credential. <br>
113: * If <code>oldPassword</code> is not null, the oldPassword will first be
114: * checked (authenticated). <br>
115: * </p>
116: *
117: * @param uid The LDAP uid attribute.
118: * @param oldPassword The old {@link PasswordCredential}.
119: * @param newPassword The new {@link PasswordCredential}.
120: * @throws SecurityException when the lookup fails because the user does not
121: * exist or the non-null password is not correct. Throws a
122: * {@link SecurityException}.
123: */
124: public void setPassword(String uid, String oldPassword,
125: String newPassword) throws SecurityException {
126: validate(uid, newPassword);
127:
128: if (!StringUtils.isEmpty(oldPassword)) {
129: ldap.authenticate(uid, oldPassword);
130: }
131:
132: ldap.changePassword(uid, newPassword);
133: }
134:
135: /**
136: * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordEnabled(java.lang.String,
137: * boolean)
138: */
139: public void setPasswordEnabled(String userName, boolean enabled)
140: throws SecurityException {
141: // TODO Implement this.
142: }
143:
144: /**
145: * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordUpdateRequired(java.lang.String,
146: * boolean)
147: */
148: public void setPasswordUpdateRequired(String userName,
149: boolean updateRequired) throws SecurityException {
150: // TODO Implement this.
151: }
152:
153: /**
154: * @see org.apache.jetspeed.security.spi.CredentialHandler#setPasswordExpiration(java.lang.String, java.sql.Date)
155: */
156: public void setPasswordExpiration(String userName,
157: Date expirationDate) throws SecurityException {
158: // TODO Implement this
159:
160: }
161:
162: /**
163: * @see org.apache.jetspeed.security.spi.CredentialHandler#authenticate(java.lang.String, java.lang.String)
164: */
165: public boolean authenticate(String uid, String password)
166: throws SecurityException {
167: validate(uid, password);
168:
169: return ldap.authenticate(uid, password);
170: }
171:
172: /**
173: * <p>
174: * Validates the uid.
175: * </p>
176: *
177: * @param uid The uid.
178: * @param password The password.
179: * @throws SecurityException Throws a {@link SecurityException}.
180: */
181: private void validate(String uid, String password)
182: throws SecurityException {
183: if (StringUtils.isEmpty(password)) {
184: throw new SecurityException(
185: SecurityException.EMPTY_PARAMETER
186: .create("password"));
187: }
188:
189: if (StringUtils.isEmpty(uid)) {
190: throw new SecurityException(
191: SecurityException.EMPTY_PARAMETER.create("uid"));
192: }
193: }
194: }
|