Source Code Cross Referenced for LDAPAuth.java in  » Portal » liferay-portal-4.4.2 » com » liferay » portal » security » auth » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » Portal » liferay portal 4.4.2 » com.liferay.portal.security.auth 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001:        /**
002:         * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
003:         *
004:         * Permission is hereby granted, free of charge, to any person obtaining a copy
005:         * of this software and associated documentation files (the "Software"), to deal
006:         * in the Software without restriction, including without limitation the rights
007:         * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
008:         * copies of the Software, and to permit persons to whom the Software is
009:         * furnished to do so, subject to the following conditions:
010:         *
011:         * The above copyright notice and this permission notice shall be included in
012:         * all copies or substantial portions of the Software.
013:         *
014:         * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
015:         * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
016:         * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
017:         * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
018:         * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
019:         * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
020:         * SOFTWARE.
021:         */package com.liferay.portal.security.auth;
022:
023:        import com.liferay.portal.NoSuchUserException;
024:        import com.liferay.portal.PasswordExpiredException;
025:        import com.liferay.portal.UserLockoutException;
026:        import com.liferay.portal.kernel.log.Log;
027:        import com.liferay.portal.kernel.log.LogFactoryUtil;
028:        import com.liferay.portal.kernel.util.StringPool;
029:        import com.liferay.portal.kernel.util.Validator;
030:        import com.liferay.portal.model.User;
031:        import com.liferay.portal.security.ldap.PortalLDAPUtil;
032:        import com.liferay.portal.security.pwd.PwdEncryptor;
033:        import com.liferay.portal.service.UserLocalServiceUtil;
034:        import com.liferay.portal.util.PrefsPropsUtil;
035:        import com.liferay.portal.util.PropsUtil;
036:        import com.liferay.portal.util.PropsValues;
037:        import com.liferay.portlet.admin.util.OmniadminUtil;
038:
039:        import java.util.Map;
040:        import java.util.Properties;
041:
042:        import javax.naming.Context;
043:        import javax.naming.NamingEnumeration;
044:        import javax.naming.directory.Attribute;
045:        import javax.naming.directory.Attributes;
046:        import javax.naming.directory.SearchControls;
047:        import javax.naming.directory.SearchResult;
048:        import javax.naming.ldap.Control;
049:        import javax.naming.ldap.InitialLdapContext;
050:        import javax.naming.ldap.LdapContext;
051:
052:        /**
053:         * <a href="LDAPAuth.java.html"><b><i>View Source</i></b></a>
054:         *
055:         * @author Brian Wing Shun Chan
056:         * @author Scott Lee
057:         *
058:         */
059:        public class LDAPAuth implements  Authenticator {
060:
061:            public static final String AUTH_METHOD_BIND = "bind";
062:
063:            public static final String AUTH_METHOD_PASSWORD_COMPARE = "password-compare";
064:
065:            public static final String RESULT_PASSWORD_RESET = "2.16.840.1.113730.3.4.4";
066:
067:            public static final String RESULT_PASSWORD_EXP_WARNING = "2.16.840.1.113730.3.4.5";
068:
069:            public int authenticateByEmailAddress(long companyId,
070:                    String emailAddress, String password, Map headerMap,
071:                    Map parameterMap) throws AuthException {
072:
073:                try {
074:                    return authenticate(companyId, emailAddress,
075:                            StringPool.BLANK, 0, password);
076:                } catch (Exception e) {
077:                    _log.error(e, e);
078:
079:                    throw new AuthException(e);
080:                }
081:            }
082:
083:            public int authenticateByScreenName(long companyId,
084:                    String screenName, String password, Map headerMap,
085:                    Map parameterMap) throws AuthException {
086:
087:                try {
088:                    return authenticate(companyId, StringPool.BLANK,
089:                            screenName, 0, password);
090:                } catch (Exception e) {
091:                    _log.error(e, e);
092:
093:                    throw new AuthException(e);
094:                }
095:            }
096:
097:            public int authenticateByUserId(long companyId, long userId,
098:                    String password, Map headerMap, Map parameterMap)
099:                    throws AuthException {
100:
101:                try {
102:                    return authenticate(companyId, StringPool.BLANK,
103:                            StringPool.BLANK, userId, password);
104:                } catch (Exception e) {
105:                    _log.error(e, e);
106:
107:                    throw new AuthException(e);
108:                }
109:            }
110:
111:            protected int authenticate(long companyId, String emailAddress,
112:                    String screenName, long userId, String password)
113:                    throws Exception {
114:
115:                if (!PortalLDAPUtil.isAuthEnabled(companyId)) {
116:                    if (_log.isDebugEnabled()) {
117:                        _log.debug("Authenticator is not enabled");
118:                    }
119:
120:                    return SUCCESS;
121:                }
122:
123:                if (_log.isDebugEnabled()) {
124:                    _log.debug("Authenticator is enabled");
125:                }
126:
127:                // Make exceptions for omniadmins so that if they break the LDAP
128:                // configuration, they can still login to fix the problem
129:
130:                if (authenticateOmniadmin(companyId, emailAddress, userId) == SUCCESS) {
131:                    return SUCCESS;
132:                }
133:
134:                String baseDN = PrefsPropsUtil.getString(companyId,
135:                        PropsUtil.LDAP_BASE_DN);
136:
137:                LdapContext ctx = PortalLDAPUtil.getContext(companyId);
138:
139:                if (ctx == null) {
140:                    return authenticateRequired(companyId, userId,
141:                            emailAddress, FAILURE);
142:                }
143:
144:                //  Process LDAP auth search filter
145:
146:                String filter = PortalLDAPUtil.getAuthSearchFilter(companyId,
147:                        emailAddress, screenName, String.valueOf(userId));
148:
149:                try {
150:                    SearchControls cons = new SearchControls(
151:                            SearchControls.SUBTREE_SCOPE, 1, 0, null, false,
152:                            false);
153:
154:                    NamingEnumeration enu = ctx.search(baseDN, filter, cons);
155:
156:                    if (enu.hasMore()) {
157:                        if (_log.isDebugEnabled()) {
158:                            _log
159:                                    .debug("Search filter returned at least one result");
160:                        }
161:
162:                        SearchResult result = (SearchResult) enu.next();
163:
164:                        String fullUserDN = PortalLDAPUtil.getNameInNamespace(
165:                                companyId, result);
166:
167:                        Attributes attrs = PortalLDAPUtil.getAttributes(ctx,
168:                                fullUserDN);
169:
170:                        LDAPAuthResult ldapAuthResult = authenticate(ctx,
171:                                companyId, attrs, fullUserDN, password);
172:
173:                        // Process LDAP failure codes
174:
175:                        String errorMessage = ldapAuthResult.getErrorMessage();
176:
177:                        if (errorMessage != null) {
178:                            if (errorMessage.indexOf(PrefsPropsUtil.getString(
179:                                    companyId,
180:                                    PropsUtil.LDAP_ERROR_USER_LOCKOUT)) != -1) {
181:
182:                                throw new UserLockoutException();
183:                            } else if (errorMessage
184:                                    .indexOf(PrefsPropsUtil
185:                                            .getString(
186:                                                    companyId,
187:                                                    PropsUtil.LDAP_ERROR_PASSWORD_EXPIRED)) != -1) {
188:
189:                                throw new PasswordExpiredException();
190:                            }
191:                        }
192:
193:                        if (!ldapAuthResult.isAuthenticated()) {
194:                            return authenticateRequired(companyId, userId,
195:                                    emailAddress, FAILURE);
196:                        }
197:
198:                        // Get user or create from LDAP
199:
200:                        User user = PortalLDAPUtil.importLDAPUser(companyId,
201:                                ctx, attrs, password, true);
202:
203:                        // Process LDAP success codes
204:
205:                        String resultCode = ldapAuthResult.getResponseControl();
206:
207:                        if (resultCode.equals(LDAPAuth.RESULT_PASSWORD_RESET)) {
208:                            UserLocalServiceUtil.updatePasswordReset(user
209:                                    .getUserId(), true);
210:                        } else if (resultCode
211:                                .equals(LDAPAuth.RESULT_PASSWORD_EXP_WARNING)) {
212:
213:                            UserLocalServiceUtil.updatePasswordReset(user
214:                                    .getUserId(), true);
215:                        }
216:                    } else {
217:                        if (_log.isDebugEnabled()) {
218:                            _log
219:                                    .debug("Search filter did not return any results");
220:                        }
221:
222:                        return authenticateRequired(companyId, userId,
223:                                emailAddress, DNE);
224:                    }
225:                } catch (Exception e) {
226:                    _log.error("Problem accessing LDAP server: "
227:                            + e.getMessage());
228:
229:                    if (authenticateRequired(companyId, userId, emailAddress,
230:                            FAILURE) == FAILURE) {
231:
232:                        throw e;
233:                    }
234:                } finally {
235:                    ctx.close();
236:                }
237:
238:                return SUCCESS;
239:            }
240:
241:            protected LDAPAuthResult authenticate(LdapContext ctx,
242:                    long companyId, Attributes attrs, String userDN,
243:                    String password) throws Exception {
244:
245:                LDAPAuthResult ldapAuthResult = new LDAPAuthResult();
246:
247:                // Check passwords by either doing a comparison between the passwords or
248:                // by binding to the LDAP server. If using LDAP password policies, bind
249:                // auth method must be used in order to get the result control codes.
250:
251:                String authMethod = PrefsPropsUtil.getString(companyId,
252:                        PropsUtil.LDAP_AUTH_METHOD);
253:
254:                if (authMethod.equals(AUTH_METHOD_BIND)) {
255:                    try {
256:                        Properties env = (Properties) ctx.getEnvironment();
257:
258:                        env.put(Context.SECURITY_PRINCIPAL, userDN);
259:                        env.put(Context.SECURITY_CREDENTIALS, password);
260:                        env.put(Context.REFERRAL, "follow");
261:
262:                        ctx = new InitialLdapContext(env, null);
263:
264:                        // Get LDAP bind results
265:
266:                        Control[] responseControls = ctx.getResponseControls();
267:
268:                        ldapAuthResult.setAuthenticated(true);
269:                        ldapAuthResult.setResponseControl(responseControls);
270:                    } catch (Exception e) {
271:                        _log
272:                                .error("Failed to bind to the LDAP server with userDN "
273:                                        + userDN
274:                                        + " and password "
275:                                        + password
276:                                        + ": " + e.getMessage());
277:
278:                        ldapAuthResult.setAuthenticated(false);
279:                        ldapAuthResult.setErrorMessage(e.getMessage());
280:                    }
281:                } else if (authMethod.equals(AUTH_METHOD_PASSWORD_COMPARE)) {
282:                    Attribute userPassword = attrs.get("userPassword");
283:
284:                    if (userPassword != null) {
285:                        String ldapPassword = new String((byte[]) userPassword
286:                                .get());
287:
288:                        String encryptedPassword = password;
289:
290:                        String algorithm = PrefsPropsUtil
291:                                .getString(
292:                                        companyId,
293:                                        PropsUtil.LDAP_AUTH_PASSWORD_ENCRYPTION_ALGORITHM);
294:
295:                        if (Validator.isNotNull(algorithm)) {
296:                            encryptedPassword = "{"
297:                                    + algorithm
298:                                    + "}"
299:                                    + PwdEncryptor.encrypt(algorithm, password,
300:                                            ldapPassword);
301:                        }
302:
303:                        if (ldapPassword.equals(encryptedPassword)) {
304:                            ldapAuthResult.setAuthenticated(true);
305:                        } else {
306:                            ldapAuthResult.setAuthenticated(false);
307:
308:                            _log.error("LDAP password " + ldapPassword
309:                                    + " does not match with given password "
310:                                    + encryptedPassword + " for userDN "
311:                                    + userDN);
312:                        }
313:                    }
314:                }
315:
316:                return ldapAuthResult;
317:            }
318:
319:            protected int authenticateOmniadmin(long companyId,
320:                    String emailAddress, long userId) throws Exception {
321:
322:                // Only allow omniadmin if Liferay password checking is enabled
323:
324:                if (PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK) {
325:                    if (userId > 0) {
326:                        if (OmniadminUtil.isOmniadmin(userId)) {
327:                            return SUCCESS;
328:                        }
329:                    } else if (Validator.isNotNull(emailAddress)) {
330:                        try {
331:                            User user = UserLocalServiceUtil
332:                                    .getUserByEmailAddress(companyId,
333:                                            emailAddress);
334:
335:                            if (OmniadminUtil.isOmniadmin(user.getUserId())) {
336:                                return SUCCESS;
337:                            }
338:                        } catch (NoSuchUserException nsue) {
339:                        }
340:                    }
341:                }
342:
343:                return FAILURE;
344:            }
345:
346:            protected int authenticateRequired(long companyId, long userId,
347:                    String emailAddress, int failureCode) throws Exception {
348:
349:                if (PrefsPropsUtil.getBoolean(companyId,
350:                        PropsUtil.LDAP_AUTH_REQUIRED)) {
351:
352:                    return failureCode;
353:                } else {
354:                    return SUCCESS;
355:                }
356:            }
357:
358:            private static Log _log = LogFactoryUtil.getLog(LDAPAuth.class);
359:
360:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.