|
@@ -1,4 +1,4 @@
|
|
|
-/* Copyright 2004 Acegi Technology Pty Limited
|
|
|
|
|
|
|
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
|
|
*
|
|
*
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
* you may not use this file except in compliance with the License.
|
|
* you may not use this file except in compliance with the License.
|
|
@@ -50,9 +50,23 @@ import javax.naming.directory.SearchResult;
|
|
|
/**
|
|
/**
|
|
|
* This is an example <code>PasswordAuthenticationDao</code> implementation
|
|
* This is an example <code>PasswordAuthenticationDao</code> implementation
|
|
|
* using LDAP service for user authentication.
|
|
* using LDAP service for user authentication.
|
|
|
|
|
+ *
|
|
|
|
|
+* <p>Example use: <br/>
|
|
|
|
|
+* <bean id="ldapDaoImpl" class="net.sf.acegisecurity.providers.dao.ldap.LdapPasswordAuthenticationDao"> <br/>
|
|
|
|
|
+* <property name="host"><value>sydney.ipov.info</value></property> <br/>
|
|
|
|
|
+* <property name="rootContext"><value>dc=ipov,dc=info</value></property> <br/>
|
|
|
|
|
+* <property name="userContext"><alue>ou=Users</value></property> <br/>
|
|
|
|
|
+* <property name="userAttribute"><value>uid</value></property> <br/>
|
|
|
|
|
+* </bean> <br/>
|
|
|
|
|
+* ...<br/>
|
|
|
|
|
+* <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider"> <br/>
|
|
|
|
|
+* <property name="passwordAuthenticationDao"><ref local="ldapDaoImpl"/></property> <br/>
|
|
|
|
|
+* </bean> <br/>
|
|
|
|
|
+* </p>
|
|
|
*
|
|
*
|
|
|
* @author Karel Miarka
|
|
* @author Karel Miarka
|
|
|
* @author Daniel Miller
|
|
* @author Daniel Miller
|
|
|
|
|
+ * @author Robert Sanders
|
|
|
*/
|
|
*/
|
|
|
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao {
|
|
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao {
|
|
|
//~ Static fields/initializers =============================================
|
|
//~ Static fields/initializers =============================================
|
|
@@ -63,7 +77,11 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
//~ Instance fields ========================================================
|
|
//~ Instance fields ========================================================
|
|
|
|
|
|
|
|
private String host;
|
|
private String host;
|
|
|
|
|
+
|
|
|
|
|
+ /** The INITIAL_CONTEXT_FACTORY for use with JNDI. */
|
|
|
|
|
+ private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
|
|
|
private String rootContext;
|
|
private String rootContext;
|
|
|
|
|
+ private String userAttribute = "CN"; // ??? is this the right code??
|
|
|
private String userContext = "CN=Users";
|
|
private String userContext = "CN=Users";
|
|
|
private String[] rolesAttributes = {"memberOf"};
|
|
private String[] rolesAttributes = {"memberOf"};
|
|
|
private int port = 389;
|
|
private int port = 389;
|
|
@@ -79,6 +97,33 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
this.host = hostname;
|
|
this.host = hostname;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @return Returns the host.
|
|
|
|
|
+ */
|
|
|
|
|
+ public String getHost() {
|
|
|
|
|
+ return host;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @param initialContextFactory The initialContextFactory to set.
|
|
|
|
|
+ */
|
|
|
|
|
+ public void setInitialContextFactory(String initialContextFactory) {
|
|
|
|
|
+ this.initialContextFactory = initialContextFactory;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @return Returns the initialContextFactory.
|
|
|
|
|
+ */
|
|
|
|
|
+ public String getInitialContextFactory() {
|
|
|
|
|
+ return initialContextFactory;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* Set the port on which is running the LDAP server. <br>Default value: 389
|
|
* Set the port on which is running the LDAP server. <br>Default value: 389
|
|
|
*
|
|
*
|
|
@@ -88,6 +133,27 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
this.port = port;
|
|
this.port = port;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @return Returns the port.
|
|
|
|
|
+ */
|
|
|
|
|
+ public int getPort() {
|
|
|
|
|
+ return port;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ public String getProviderURL() {
|
|
|
|
|
+ StringBuffer providerUrl = new StringBuffer();
|
|
|
|
|
+ providerUrl.append("ldap://");
|
|
|
|
|
+ providerUrl.append(this.host);
|
|
|
|
|
+ providerUrl.append(":");
|
|
|
|
|
+ providerUrl.append(this.port);
|
|
|
|
|
+ providerUrl.append("/");
|
|
|
|
|
+ providerUrl.append(this.rootContext);
|
|
|
|
|
+
|
|
|
|
|
+ return providerUrl.toString();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* Set the name of user object's attribute(s) which contains the list of
|
|
* Set the name of user object's attribute(s) which contains the list of
|
|
|
* user's role names. The role is converted to upper case and a "ROLE_"
|
|
* user's role names. The role is converted to upper case and a "ROLE_"
|
|
@@ -110,6 +176,24 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
this.rootContext = rootContext;
|
|
this.rootContext = rootContext;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @param userAttribute The userAttribute to set.
|
|
|
|
|
+ */
|
|
|
|
|
+ public void setUserAttribute(String userAttribute) {
|
|
|
|
|
+ this.userAttribute = userAttribute;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /**
|
|
|
|
|
+ * DOCUMENT ME!
|
|
|
|
|
+ *
|
|
|
|
|
+ * @return Returns the userAttribute.
|
|
|
|
|
+ */
|
|
|
|
|
+ public String getUserAttribute() {
|
|
|
|
|
+ return userAttribute;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* Set the context in which all users reside relative to the root context. <br>
|
|
* Set the context in which all users reside relative to the root context. <br>
|
|
|
* Defalut value: "CN=Users"
|
|
* Defalut value: "CN=Users"
|
|
@@ -130,23 +214,14 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
|
|
|
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
|
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
|
-
|
|
|
|
|
- StringBuffer providerUrl = new StringBuffer();
|
|
|
|
|
- providerUrl.append("ldap://");
|
|
|
|
|
- providerUrl.append(this.host);
|
|
|
|
|
- providerUrl.append(":");
|
|
|
|
|
- providerUrl.append(this.port);
|
|
|
|
|
- providerUrl.append("/");
|
|
|
|
|
- providerUrl.append(this.rootContext);
|
|
|
|
|
-
|
|
|
|
|
- env.put(Context.PROVIDER_URL, providerUrl.toString());
|
|
|
|
|
|
|
+ env.put(Context.PROVIDER_URL, getProviderURL());
|
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
|
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username));
|
|
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username));
|
|
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
|
|
|
|
|
|
try {
|
|
try {
|
|
|
if (log.isDebugEnabled()) {
|
|
if (log.isDebugEnabled()) {
|
|
|
- log.debug("Connecting to " + providerUrl + " as "
|
|
|
|
|
|
|
+ log.debug("Connecting to " + getProviderURL() + " as "
|
|
|
+ getUserPrincipal(username));
|
|
+ getUserPrincipal(username));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -293,17 +368,16 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|
|
|
|
|
|
|
/**
|
|
/**
|
|
|
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username
|
|
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username
|
|
|
- * string. This implementation returns a string composed of the following:
|
|
|
|
|
- * <usernamePrefix><username><usernameSufix. This function
|
|
|
|
|
- * may be overridden in a subclass.
|
|
|
|
|
|
|
+ * string. This implementation returns the userBase for JNDI / LDAP
|
|
|
|
|
+ * lookup.
|
|
|
*
|
|
*
|
|
|
* @param username DOCUMENT ME!
|
|
* @param username DOCUMENT ME!
|
|
|
*
|
|
*
|
|
|
* @return DOCUMENT ME!
|
|
* @return DOCUMENT ME!
|
|
|
*/
|
|
*/
|
|
|
protected String getUserPrincipal(String username) {
|
|
protected String getUserPrincipal(String username) {
|
|
|
- StringBuffer principal = new StringBuffer();
|
|
|
|
|
- principal.append("CN=");
|
|
|
|
|
|
|
+ StringBuffer principal = new StringBuffer(userAttribute);
|
|
|
|
|
+ principal.append("=");
|
|
|
principal.append(username);
|
|
principal.append(username);
|
|
|
principal.append(",");
|
|
principal.append(",");
|
|
|
principal.append(this.userContext);
|
|
principal.append(this.userContext);
|
Ben Alex