Author: rgodfrey
Date: Mon Jul 21 18:44:22 2014
New Revision: 1612381
URL: http://svn.apache.org/r1612381
Log:
QPID-5768 : Allow authenticated LDAP search
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java?rev=1612381&r1=1612380&r2=1612381&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.java
Mon Jul 21 18:44:22 2014
@@ -51,4 +51,10 @@ public interface SimpleLDAPAuthenticatio
@ManagedAttribute( description = "Trust store name")
TrustStore getTrustStore();
+
+ @ManagedAttribute( description = "(Optional) username for authenticated
search")
+ String getSearchUsername();
+
+ @ManagedAttribute( description = "(Optional) password for authenticated
search", secure = true)
+ String getSearchPassword();
}
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java?rev=1612381&r1=1612380&r2=1612381&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManagerImpl.java
Mon Jul 21 18:44:22 2014
@@ -93,6 +93,11 @@ public class SimpleLDAPAuthenticationMan
@ManagedAttributeField
private boolean _bindWithoutSearch;
+ @ManagedAttributeField
+ private String _searchUsername;
+ @ManagedAttributeField
+ private String _searchPassword;
+
/**
* Dynamically created SSL Socket Factory implementation used in the case
where user has specified a trust store.
*/
@@ -149,6 +154,18 @@ public class SimpleLDAPAuthenticationMan
return _trustStore;
}
+ @Override
+ public String getSearchUsername()
+ {
+ return _searchUsername;
+ }
+
+ @Override
+ public String getSearchPassword()
+ {
+ return _searchPassword;
+ }
+
@Override
public String getMechanisms()
@@ -344,7 +361,8 @@ public class SimpleLDAPAuthenticationMan
private void validateInitialDirContext()
{
Hashtable<String,Object> env =
createInitialDirContextEnvironment(_providerUrl);
- env.put(Context.SECURITY_AUTHENTICATION, "none");
+
+ setupSearchContext(env);
InitialDirContext ctx = null;
try
@@ -361,6 +379,20 @@ public class SimpleLDAPAuthenticationMan
}
}
+ private void setupSearchContext(final Hashtable<String, Object> env)
+ {
+ if(_searchUsername != null && _searchUsername.trim().length()>0)
+ {
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, _searchUsername);
+ env.put(Context.SECURITY_CREDENTIALS, _searchPassword);
+ }
+ else
+ {
+ env.put(Context.SECURITY_AUTHENTICATION, "none");
+ }
+ }
+
private class SimpleLDAPPlainCallbackHandler implements CallbackHandler
{
@@ -418,7 +450,8 @@ public class SimpleLDAPAuthenticationMan
{
Hashtable<String, Object> env =
createInitialDirContextEnvironment(_providerUrl);
- env.put(Context.SECURITY_AUTHENTICATION, "none");
+ setupSearchContext(env);
+
InitialDirContext ctx = createInitialDirContext(env);
try
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
