|
|
|
@ -1,4 +1,4 @@ |
|
|
|
/* Copyright 2004 Acegi Technology Pty Limited |
|
|
|
/* Copyright 2004, 2005 Acegi Technology Pty Limited |
|
|
|
* |
|
|
|
* |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
@ -51,8 +51,22 @@ import javax.naming.directory.SearchResult; |
|
|
|
* This is an example <code>PasswordAuthenticationDao</code> implementation |
|
|
|
* This is an example <code>PasswordAuthenticationDao</code> implementation |
|
|
|
* using LDAP service for user authentication. |
|
|
|
* using LDAP service for user authentication. |
|
|
|
* |
|
|
|
* |
|
|
|
|
|
|
|
* <p>Example use: <br/> |
|
|
|
|
|
|
|
* <bean id="ldapDaoImpl" class="net.sf.acegisecurity.providers.dao.ldap.LdapPasswordAuthenticationDao"> <br/> |
|
|
|
|
|
|
|
* <property name="host"><value>sydney.ipov.info</value></property> <br/> |
|
|
|
|
|
|
|
* <property name="rootContext"><value>dc=ipov,dc=info</value></property> <br/> |
|
|
|
|
|
|
|
* <property name="userContext"><alue>ou=Users</value></property> <br/> |
|
|
|
|
|
|
|
* <property name="userAttribute"><value>uid</value></property> <br/> |
|
|
|
|
|
|
|
* </bean> <br/> |
|
|
|
|
|
|
|
* ...<br/> |
|
|
|
|
|
|
|
* <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider"> <br/> |
|
|
|
|
|
|
|
* <property name="passwordAuthenticationDao"><ref local="ldapDaoImpl"/></property> <br/> |
|
|
|
|
|
|
|
* </bean> <br/> |
|
|
|
|
|
|
|
* </p> |
|
|
|
|
|
|
|
* |
|
|
|
* @author Karel Miarka |
|
|
|
* @author Karel Miarka |
|
|
|
* @author Daniel Miller |
|
|
|
* @author Daniel Miller |
|
|
|
|
|
|
|
* @author Robert Sanders |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao { |
|
|
|
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao { |
|
|
|
//~ Static fields/initializers =============================================
|
|
|
|
//~ Static fields/initializers =============================================
|
|
|
|
@ -63,7 +77,11 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
//~ Instance fields ========================================================
|
|
|
|
//~ Instance fields ========================================================
|
|
|
|
|
|
|
|
|
|
|
|
private String host; |
|
|
|
private String host; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** The INITIAL_CONTEXT_FACTORY for use with JNDI. */ |
|
|
|
|
|
|
|
private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory"; |
|
|
|
private String rootContext; |
|
|
|
private String rootContext; |
|
|
|
|
|
|
|
private String userAttribute = "CN"; // ??? is this the right code??
|
|
|
|
private String userContext = "CN=Users"; |
|
|
|
private String userContext = "CN=Users"; |
|
|
|
private String[] rolesAttributes = {"memberOf"}; |
|
|
|
private String[] rolesAttributes = {"memberOf"}; |
|
|
|
private int port = 389; |
|
|
|
private int port = 389; |
|
|
|
@ -79,6 +97,33 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
this.host = hostname; |
|
|
|
this.host = hostname; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @return Returns the host. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public String getHost() { |
|
|
|
|
|
|
|
return host; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @param initialContextFactory The initialContextFactory to set. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public void setInitialContextFactory(String initialContextFactory) { |
|
|
|
|
|
|
|
this.initialContextFactory = initialContextFactory; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @return Returns the initialContextFactory. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public String getInitialContextFactory() { |
|
|
|
|
|
|
|
return initialContextFactory; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Set the port on which is running the LDAP server. <br>Default value: 389 |
|
|
|
* Set the port on which is running the LDAP server. <br>Default value: 389 |
|
|
|
* |
|
|
|
* |
|
|
|
@ -88,6 +133,27 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
this.port = port; |
|
|
|
this.port = port; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @return Returns the port. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public int getPort() { |
|
|
|
|
|
|
|
return port; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public String getProviderURL() { |
|
|
|
|
|
|
|
StringBuffer providerUrl = new StringBuffer(); |
|
|
|
|
|
|
|
providerUrl.append("ldap://"); |
|
|
|
|
|
|
|
providerUrl.append(this.host); |
|
|
|
|
|
|
|
providerUrl.append(":"); |
|
|
|
|
|
|
|
providerUrl.append(this.port); |
|
|
|
|
|
|
|
providerUrl.append("/"); |
|
|
|
|
|
|
|
providerUrl.append(this.rootContext); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return providerUrl.toString(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Set the name of user object's attribute(s) which contains the list of |
|
|
|
* Set the name of user object's attribute(s) which contains the list of |
|
|
|
* user's role names. The role is converted to upper case and a "ROLE_" |
|
|
|
* user's role names. The role is converted to upper case and a "ROLE_" |
|
|
|
@ -110,6 +176,24 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
this.rootContext = rootContext; |
|
|
|
this.rootContext = rootContext; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @param userAttribute The userAttribute to set. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public void setUserAttribute(String userAttribute) { |
|
|
|
|
|
|
|
this.userAttribute = userAttribute; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* DOCUMENT ME! |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @return Returns the userAttribute. |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
public String getUserAttribute() { |
|
|
|
|
|
|
|
return userAttribute; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Set the context in which all users reside relative to the root context. <br> |
|
|
|
* Set the context in which all users reside relative to the root context. <br> |
|
|
|
* Defalut value: "CN=Users" |
|
|
|
* Defalut value: "CN=Users" |
|
|
|
@ -130,23 +214,14 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
|
|
|
|
|
|
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY, |
|
|
|
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
|
|
"com.sun.jndi.ldap.LdapCtxFactory"); |
|
|
|
|
|
|
|
env.put(Context.PROVIDER_URL, getProviderURL()); |
|
|
|
StringBuffer providerUrl = new StringBuffer(); |
|
|
|
|
|
|
|
providerUrl.append("ldap://"); |
|
|
|
|
|
|
|
providerUrl.append(this.host); |
|
|
|
|
|
|
|
providerUrl.append(":"); |
|
|
|
|
|
|
|
providerUrl.append(this.port); |
|
|
|
|
|
|
|
providerUrl.append("/"); |
|
|
|
|
|
|
|
providerUrl.append(this.rootContext); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
env.put(Context.PROVIDER_URL, providerUrl.toString()); |
|
|
|
|
|
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple"); |
|
|
|
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username)); |
|
|
|
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username)); |
|
|
|
env.put(Context.SECURITY_CREDENTIALS, password); |
|
|
|
env.put(Context.SECURITY_CREDENTIALS, password); |
|
|
|
|
|
|
|
|
|
|
|
try { |
|
|
|
try { |
|
|
|
if (log.isDebugEnabled()) { |
|
|
|
if (log.isDebugEnabled()) { |
|
|
|
log.debug("Connecting to " + providerUrl + " as " |
|
|
|
log.debug("Connecting to " + getProviderURL() + " as " |
|
|
|
+ getUserPrincipal(username)); |
|
|
|
+ getUserPrincipal(username)); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@ -293,17 +368,16 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username |
|
|
|
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username |
|
|
|
* string. This implementation returns a string composed of the following: |
|
|
|
* string. This implementation returns the userBase for JNDI / LDAP |
|
|
|
* <usernamePrefix><username><usernameSufix. This function |
|
|
|
* lookup. |
|
|
|
* may be overridden in a subclass. |
|
|
|
|
|
|
|
* |
|
|
|
* |
|
|
|
* @param username DOCUMENT ME! |
|
|
|
* @param username DOCUMENT ME! |
|
|
|
* |
|
|
|
* |
|
|
|
* @return DOCUMENT ME! |
|
|
|
* @return DOCUMENT ME! |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
protected String getUserPrincipal(String username) { |
|
|
|
protected String getUserPrincipal(String username) { |
|
|
|
StringBuffer principal = new StringBuffer(); |
|
|
|
StringBuffer principal = new StringBuffer(userAttribute); |
|
|
|
principal.append("CN="); |
|
|
|
principal.append("="); |
|
|
|
principal.append(username); |
|
|
|
principal.append(username); |
|
|
|
principal.append(","); |
|
|
|
principal.append(","); |
|
|
|
principal.append(this.userContext); |
|
|
|
principal.append(this.userContext); |
|
|
|
|
Ben Alex
21 years ago