Author: alexoree
Date: Thu May 30 23:05:16 2013
New Revision: 1488044
URL: http://svn.apache.org/r1488044
Log:
Adding an expanded LDAP Authenticator which uses a simple string formatter for
usage with Common Names, instead of DNs
Adding configuration items for the LdapSimpleAuthenticator, some values were
hard coded
This is for JUDDI-405
Added:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java
- copied, changed from r1487989,
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
juddi/trunk/juddi-core/src/test/resources/juddiv3.properties
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
(original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
Thu May 30 23:05:16 2013
@@ -1,15 +1,36 @@
package org.apache.juddi.config;
import org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator;
+import org.apache.juddi.v3.auth.LdapExpandedAuthenticator;
+import org.apache.juddi.v3.auth.LdapSimpleAuthenticator;
import org.apache.juddi.v3.auth.MD5XMLDocAuthenticator;
+/**
+ * This defines constants used for accessing information from jUDDI's
juddiv3.properties file
+ * @author various
+ */
public interface Property {
public final static String
JDDU_SUBSCRIPTION_MAXENTITIES="juddi.subscription.maxentities";
public final static String JUDDI_ROOT_PUBLISHER = "juddi.root.publisher";
public final static String JUDDI_LOAD_INSTALL_DATA =
"juddi.load.install.data";
public final static String JUDDI_PERSISTENCEUNIT_NAME =
"juddi.persistenceunit.name";
public final static String JUDDI_AUTHENTICATOR = "juddi.authenticator";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
public final static String JUDDI_AUTHENTICATOR_URL =
"juddi.authenticator.url";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_INITIAL_CONTEXT =
"juddi.authenticator.initialcontext";
+ /**
+ * @see LdapSimpleAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_STYLE =
"juddi.authenticator.style";
+ /**
+ * @see LdapExpandedAuthenticator
+ */
+ public final static String JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR=
"juddi.authenticator.ldapexp";
public final static String JUDDI_CONFIGURATION_RELOAD_DELAY =
"juddi.configuration.reload.delay";
public final static String JUDDI_LOCALE = "juddi.locale";
public final static String JUDDI_OPERATOR_EMAIL_ADDRESS =
"juddi.operatorEmailAddress";
Copied:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java
(from r1487989,
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java)
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java?p2=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java&p1=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java&r1=1487989&r2=1488044&rev=1488044&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapExpandedAuthenticator.java
Thu May 30 23:05:16 2013
@@ -15,7 +15,9 @@
*/
package org.apache.juddi.v3.auth;
+import java.util.HashMap;
import java.util.Hashtable;
+import java.util.Map;
import javax.naming.Context;
import javax.naming.NamingException;
@@ -24,7 +26,6 @@ import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -41,40 +42,41 @@ import org.apache.juddi.v3.error.Unknown
import org.apache.commons.configuration.ConfigurationException;
/**
- * This is a implementation of jUDDI's Authenticator interface, that uses the
- * LDAP.
+ * This is an expanded implementation of jUDDI's Authenticator interface, that
uses the
+ * LDAP with string formatting to enable users to sign in as a common name
instead of the full
+ * distinguished name.
*
* Usage:
*
* To use this class you must add the following properties to the
* juddiv3.properties file:
*
- * # The JBoss Authenticator
+ * # The LDAP Authenticator
* juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
*
* # LDAP authentication URL
* juddi.authenticator.url=ldap://localhost:389
*
- * This authenticator assumes that the publisher username is the same as the
LDAP
- * principal name, which may not be the case as the LDAP principal might be a
bind name.
- * This class could easily be extended so that the uid of the LDAP
authenticated user is
- * used, or to authenticate by group.
+ * juddi.authenticator.ldapexp=CN=%s, OU=Users,DC=Domain, etc
+ *
+ * This authenticator assumes that the publisher username can be reformatted
to a LDAP
+ * common name. This is common for Microsoft based LDAPs. The configuration
item juddi.authenticator.ldapexp
+ * should contain exactly one instance of "%s", which is replaced by the
requestor's username
*
- * This class was tested with OpenLDAP.
*
- * @author <a href="mailto:[email protected]";>Tom Cunningham</a>
- * @author <a href="mailto:[email protected]";>Gunnlaugur Sigurðsson</a>
+ * @author Alex O'Ree
*/
-public class LdapSimpleAuthenticator implements Authenticator {
+public class LdapExpandedAuthenticator implements Authenticator {
private Log logger = LogFactory.getLog(this.getClass());
private LdapContext ctx = null;
+ //this needs to be a Hashtable, HashMap won't work here
private Hashtable<String, String> env = null;
private String url = null;
private static final String DEFAULT_URL = "ldap://localhost:389";;
- public LdapSimpleAuthenticator() throws NamingException {
+ public LdapExpandedAuthenticator() throws NamingException,
ConfigurationException {
String authURL = null;
try {
authURL =
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_URL,
DEFAULT_URL);
@@ -85,14 +87,14 @@ public class LdapSimpleAuthenticator imp
init(authURL);
}
- public LdapSimpleAuthenticator(String url) throws NamingException {
+ public LdapExpandedAuthenticator(String url) throws NamingException,
ConfigurationException {
init(url);
}
- public void init(String url) throws NamingException {
+ public void init(String url) throws NamingException,
ConfigurationException {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT,
"com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE,
"simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url, example
ldap://localhost:389
this.url = url;
@@ -114,19 +116,26 @@ public class LdapSimpleAuthenticator imp
boolean isLdapUser = false;
try {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT,
"com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE,
"simple"));
+
env.put(Context.PROVIDER_URL, url); // organization ldap url,
example ldap://localhost:389
- env.put(Context.SECURITY_PRINCIPAL, authorizedName);
- env.put(Context.SECURITY_CREDENTIALS, cred);
+ String format =
String.format(AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_LDAP_EXPANDED_STR),
authorizedName);
+
+ env.put(Context.SECURITY_PRINCIPAL, format);
+ env.put(Context.SECURITY_CREDENTIALS, cred);
ctx = new InitialLdapContext(env, null);
isLdapUser = true;
logger.info(authorizedName + " is authenticated");
- } catch (NamingException e) {
+ } catch (ConfigurationException e) {
+ logger.error(authorizedName + " is not authenticated", e);
+ throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
+ }
+ catch (NamingException e) {
logger.error(authorizedName + " is not authenticated");
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
- } finally {
+ }finally {
try {
ctx.close();
} catch (NamingException e) {
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/LdapSimpleAuthenticator.java
Thu May 30 23:05:16 2013
@@ -24,7 +24,6 @@ import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
-import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -42,14 +41,14 @@ import org.apache.commons.configuration.
/**
* This is a implementation of jUDDI's Authenticator interface, that uses the
- * LDAP.
+ * LDAP. z
*
* Usage:
*
* To use this class you must add the following properties to the
* juddiv3.properties file:
*
- * # The JBoss Authenticator
+ * # The LDAP Authenticator
* juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
*
* # LDAP authentication URL
@@ -64,17 +63,23 @@ import org.apache.commons.configuration.
*
* @author <a href="mailto:[email protected]";>Tom Cunningham</a>
* @author <a href="mailto:[email protected]";>Gunnlaugur Sigurðsson</a>
+ * @author Alex O'Ree
+ *
+ *
+ * @since 3.2, all values are now configurable
+ * @see Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT, JUDDI_AUTHENTICATOR_STYLE
*/
public class LdapSimpleAuthenticator implements Authenticator {
private Log logger = LogFactory.getLog(this.getClass());
private LdapContext ctx = null;
+ //this needs to be a Hashtable, HashMap won't work here
private Hashtable<String, String> env = null;
private String url = null;
private static final String DEFAULT_URL = "ldap://localhost:389";;
- public LdapSimpleAuthenticator() throws NamingException {
+ public LdapSimpleAuthenticator() throws NamingException,
ConfigurationException {
String authURL = null;
try {
authURL =
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_URL,
DEFAULT_URL);
@@ -85,14 +90,14 @@ public class LdapSimpleAuthenticator imp
init(authURL);
}
- public LdapSimpleAuthenticator(String url) throws NamingException {
+ public LdapSimpleAuthenticator(String url) throws NamingException,
ConfigurationException {
init(url);
}
- public void init(String url) throws NamingException {
+ public void init(String url) throws NamingException,
ConfigurationException {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT,
"com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE,
"simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url, example
ldap://localhost:389
this.url = url;
@@ -114,19 +119,23 @@ public class LdapSimpleAuthenticator imp
boolean isLdapUser = false;
try {
env = new Hashtable<String, String>();
- env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.INITIAL_CONTEXT_FACTORY,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_INITIAL_CONTEXT,
"com.sun.jndi.ldap.LdapCtxFactory"));
+ env.put(Context.SECURITY_AUTHENTICATION,
AppConfig.getConfiguration().getString(Property.JUDDI_AUTHENTICATOR_STYLE,
"simple"));
env.put(Context.PROVIDER_URL, url); // organization ldap url,
example ldap://localhost:389
env.put(Context.SECURITY_PRINCIPAL, authorizedName);
- env.put(Context.SECURITY_CREDENTIALS, cred);
+ env.put(Context.SECURITY_CREDENTIALS, cred);
ctx = new InitialLdapContext(env, null);
isLdapUser = true;
logger.info(authorizedName + " is authenticated");
- } catch (NamingException e) {
+ } catch (ConfigurationException e) {
+ logger.error(authorizedName + " is not authenticated", e);
+ throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
+ }
+ catch (NamingException e) {
logger.error(authorizedName + " is not authenticated");
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
- } finally {
+ }finally {
try {
ctx.close();
} catch (NamingException e) {
Modified: juddi/trunk/juddi-core/src/test/resources/juddiv3.properties
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/test/resources/juddiv3.properties?rev=1488044&r1=1488043&r2=1488044&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/test/resources/juddiv3.properties (original)
+++ juddi/trunk/juddi-core/src/test/resources/juddiv3.properties Thu May 30
23:05:16 2013
@@ -57,7 +57,31 @@ juddi.subscription.expiration.days=30
juddi.subscription.chunkexpiration.minutes=5
#
# jUDDI Authentication module to use
+#option, the default one
juddi.authenticator = org.apache.juddi.v3.auth.JUDDIAuthenticator
+
+############################################################
+#option for AuthN, basic Ldap Authenticator
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
+#juddi.authenticator.initialcontext=com.sun.jndi.ldap.LdapCtxFactory
+#juddi.authenticator.url=ldap://localhost:389
+#or use this for SSL
+#juddi.authenticator.url=ldaps://localhost:636
+#juddi.authenticator.style=one of "none", "simple", sasl_mech (see below)
+ #sasl_mech is a comma separated list of items. the complete list is here:
http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html
+ #more info is
http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html
+
+###########################################################
+#option for AuthN, expanded Ldap Authenticator
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapExpandedAuthenticator
+#juddi.authenticator.ldapexp=CN=%s, OU=Users,DC=Domain, etc
+## Note, %s will be replaced with the requestors user name
+#juddi.authenticator=org.apache.juddi.v3.auth.LdapSimpleAuthenticator
+#juddi.authenticator.initialcontext=com.sun.jndi.ldap.LdapCtxFactory
+#juddi.authenticator.url=ldap://localhost:389
+#juddi.authenticator.style=one of "none", "simple", sasl_mech (see above)
+
+
#
# jUDDI Cryptor implementation to use
juddi.cryptor = org.apache.juddi.cryptor.DefaultCryptor
@@ -91,7 +115,7 @@ juddi.validation.enforceReferentialInteg
#As of 3.1.5 Email delivery options for subscription API functions
#uddi.mail.smtp.from
-##The Operatorâs Email address
+##The Operator\u00e2\u0080\u0099s Email address
#juddi.mail.smtp.host
##The hostname of the SMTP server
@@ -106,7 +130,7 @@ juddi.validation.enforceReferentialInteg
##If set to true, failure to create a socket using the specified socket
factory class will cause the socket to be created using the java.net.Socket
class. Defaults to true.
#juddi.mail.smtp.starttls.enable
-##if true, enables the use of the STARTTLS command (if supported by the
server) to switch the connection to a TLS-protected connection before issuing
any login commands. Note that an appropriate trust store must configured so
that the client will trust the serverâs certificate. Defaults to false.
+##if true, enables the use of the STARTTLS command (if supported by the
server) to switch the connection to a TLS-protected connection before issuing
any login commands. Note that an appropriate trust store must configured so
that the client will trust the server\u00e2\u0080\u0099s certificate. Defaults
to false.
#juddi.mail.smtp.socketFactory.port
##Specifies the port to connect to when using the specified socket factory. If
not set, the default port will be used.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
