The following is an LDAP (AD) Authentication Service that does not require
modifying the structure of Active Directory. It was written to be configured
as a turbine service and configurable via the attached
JetspeedSecurity.properties modifications and additions. The plan is to add
any additional SSL related code to work with secure LDAP. Work is ongoing and
documentation is thin.
Since, users typically do not know their DN and use their sAMAccountName to
authenticate, the service can be configured to authenticate the user via either
the use of browser user or by the use of post and prepending text to the
username. A browse user is used search and return the user's DN and
then bind with their provided password.
Note: The first time a user authenticates, their Jetspeed database entry is
created, but for some reason the user will have to re-authenticate again to
completely log in for the first time. Later authentications do not need this
additional step. I'm unsure why this occuring, and would welcome assitance to
correct this.
-Michael
#########################################
# Authentication Service #
#########################################
services.PortalAuthentication.classname=mil.jfcom.cie.jetspeed.security.LDAPAuthentication
#########################################
# LDAPAuthentication Additions #
#########################################
services.JetspeedSecurity.browse.user.dn=CN=Walsh\\, Michael\,OU=Admin
Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
services.JetspeedSecurity.browse.user.password=PASSWORD
#services.JetspeedSecurity.server.port=389
services.JetspeedSecurity.server.host=127.0.0.1
services.JetspeedSecurity.server.type=3
#services.JetspeedSecurity.user.search.base.dn=CN=Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
services.JetspeedSecurity.user.search.base.dn=DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
services.JetspeedSecurity.user.match.attribute=sAMAccountName
#services.JetspeedSecurity.user.dn.prefix=CN=
#services.JetspeedSecurity.user.dn.postfix=,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
package mil.jfcom.cie.jetspeed.security;
//2345678|012345678|012345678|012345678|012345678|012345678|012345678|012345678|
/*
* LDAPAuthentication.java
*
* Created on June 4, 2003, 3:12 PM
*/
// Java imports
import java.util.*;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.InitialLdapContext;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.services.security.turbine.TurbineAuthentication;
import org.apache.jetspeed.services.security.FailedLoginException;
import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.services.security.PortalAuthentication;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.security.UnknownUserException;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.security.JetspeedSecurityCache;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.resources.ResourceService;
import org.apache.turbine.services.TurbineServices;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
import org.apache.turbine.util.Log;
/**
* This class provides for LDAP authentication.<p>
*
*
*
[EMAIL PROTECTED] walsh <[EMAIL PROTECTED]>
[EMAIL PROTECTED] June 26, 2003
*/
public class LDAPAuthentication
extends TurbineAuthentication
implements PortalAuthentication {
private final static String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
private final static String CACHING_ENABLE = "caching.enable";
// If browseUserDN is set, then the LDAP directory is bound to
// using browseUserDN/browseUserPassword, a distinguished name
// matching the filter userMatchAttribute (Default is
// "sAMAccountName".) is searched for. Authentication fails, if one
// is not found. Otherwise, the distinguished name is used to
// to bind and authenticate the user.
//
// For example:
// services.JetspeedSecurity.browse.user.dn=CN=Walsh\\, Michael\,OU=Admin
Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
private final static String BROWSE_USER_DN = "browse.user.dn";
// The password to use to connect to the directory for the search.
private final static String BROWSE_USER_PASSWORD = "browse.user.password";
// The directory server port. Defaulted to port 389.
private final static String SERVER_PORT = "server.port";
// The directory server host address
private final static String SERVER_HOST = "server.host";
// The directory server type (1, 2, or 3). Default is 2.
private final static String SERVER_TYPE = "server.type";
// Toggle server connection security to SSL, if true.
// Otherwise, security is assumed to be simple.
private final static String SERVER_SSL_ENABLE = "server.ssl.enable";
// The base DN to search from.
//
// For example:
//
services.JetspeedSecurity.user.search.base.dn=CN=Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
private final static String USER_SEARCH_BASE_DN = "user.search.base.dn";
// The user attribute to search for. The default is "sAMAccountName".
private final static String USER_MATCH_ATTRIBUTE = "user.match.attribute";
// A prefix to add to the username when forming the user's distinguished
// name (DN).
private final static String USER_DN_PREFIX = "user.dn.prefix";
// A postfix to add to the username when forming the user's distinguished
// name (DN).
private final static String USER_DN_POSTFIX = "user.dn.postfix";
// The user LDAP attribute for distinguished name. The default is
// "distinguishedName".
private final static String USER_DISTINGUISHED_NAME_ATTRIBUTE
= "user.distinguished.name.attribute";
// The user LDAP attribute for firstname. The default is "givenName".
private final static String USER_FIRST_NAME_ATTRIBUTE
= "user.last.name.attribute";
// The user LDAP attribute for lastname. The default is "sn".
private final static String USER_LAST_NAME_ATTRIBUTE
= "user.first.name.attribute";
// The user LDAP attribute for display name. The default is "displayName".
private final static String USER_DISPLAY_NAME_ATTRIBUTE
= "user.display.name.attribute";
// The user LDAP attribute for email address. The default is "mail".
private final static String USER_EMAIL_ATTRIBUTE
= "user.email.attribute";
// The JetspeedRunData Service.
// private JetspeedRunDataService runDataService = null;
private boolean _cachingEnable = true;
private String _browseUserDN = null;
private String _browseUserPassword = null;
private int _serverPort = 389;
private String _serverHost;
private int _serverType = 2;
private boolean _serverSSLEnable = false;
private String _userSearchBaseDN = "/";
private String _userMatchAttribute = "sAMAccountName";
private String _userDNPrefix;
private String _userDNPostfix;
private String _userDistinguishedNameAttribute = "distinguishedName";
private String _userFirstNameAttribute = "givenName";
private String _userLastNameAttribute = "sn";
private String _userDisplayNameAttribute = "displayName";
private String _userEmailAttribute = "mail";
/**
* Log in a Jetspeed user.
*
[EMAIL PROTECTED] username The username.
[EMAIL PROTECTED] password The password.
[EMAIL PROTECTED] JetspeedUser account object.
[EMAIL PROTECTED] LoginException Thrown, if unable to log in.
*/
public JetspeedUser login(String username, String password)
throws LoginException {
if (username == null || username.equals("")) {
Log.info("Username is null or empty.");
throw new FailedLoginException("Username is null or empty.");
}
if (password == null || password.equals("")) {
Log.info("Password is null or empty.");
throw new FailedLoginException("Password is null or empty.");
}
username = JetspeedSecurity.convertUserName(username);
password = JetspeedSecurity.convertPassword(password);
if (username.equals("turbine") || username.equals("admin")) {
// These are special users, and therefore, don't exist in LDAP.
// We roll upward to use Turbine Authentication on them
return (super.login(username, password));
}
String userDN = _userDNPrefix + username + _userDNPostfix;
// If the browse user DN is set then we need to attach to the
// directory and find the userDN, overwriting the above.
if (_browseUserDN != null) {
Log.debug("LDAPAuthentication: Browsing for user <"
+ username
+ ">.");
try {
userDN = findUserDN(username);
Log.debug("LDAPAuthentication: Found dn = <" + userDN + ">");
} catch (NamingException ne) {
Log.debug("LDAPAuthentication: NamingException occured, using"
+ " dn = <" + userDN
+ "> instead in final attempt to"
+ " connect; " + ne.getMessage());
}
}
JetspeedUser jetspeedUser = null;
try {
jetspeedUser
= JetspeedSecurity.getUser(new UserNamePrincipal(username));
// The user exists. Try to bind the user and log 'em in.
if (bindUser(userDN, password) == false) {
Log.error("LDAPAuthentication: LDAP password error for <"
+ userDN + "> : <" + password + ">.");
throw new FailedLoginException("LDAP Password Error");
}
// The user has been authenticated
jetspeedUser.setHasLoggedIn(new Boolean(true));
} catch (JetspeedSecurityException e) {
if (e instanceof UnknownUserException) {
// The user does not exist in the Jetspeed database, therefore
// this is the first time the user has logged in.
jetspeedUser = bindFirstTimeUser(username, userDN, password);
if (jetspeedUser == null) {
throw new
FailedLoginException("LDAPAuthentication: "
+ "First time user bind failure.");
}
}
} catch(Exception e) {
throw new LoginException("Could not add a new LDAP"
+ " Jetspeed user", e);
}
// Set the last_login date in the database
try {
jetspeedUser.updateLastLogin();
putUserIntoContext(jetspeedUser);
if (_cachingEnable) {
JetspeedSecurityCache.load(username);
}
} catch (Exception ex) {
throw new LoginException("Failed To Update Last Login ", ex);
}
Log.debug("LDAPAuthentication: Leaving login method, returning <"
+ jetspeedUser.getUserName() + ">");
return(jetspeedUser);
}
/**
* Initialize the LDAP Authentication service
*
[EMAIL PROTECTED] conf Description of Parameter
[EMAIL PROTECTED] InitializationException Description of Exception
*/
public synchronized void init(ServletConfig conf)
throws InitializationException {
if (getInit()) {
return;
}
super.init(conf);
Log.info("LDAPAuthentication: Initializing...");
// get configuration parameters from Jetspeed Resources
ResourceService serviceConf
= ((TurbineServices) TurbineServices.getInstance())
.getResources(JetspeedSecurityService.SERVICE_NAME);
_cachingEnable = serviceConf.getBoolean(CACHING_ENABLE, _cachingEnable);
setBrowseUserDN(serviceConf.getString(BROWSE_USER_DN));
setBrowseUserPassword(serviceConf.getString(BROWSE_USER_PASSWORD));
setServerPort(serviceConf.getInt(SERVER_PORT, _serverPort));
setServerHost(serviceConf.getString(SERVER_HOST));
setServerType(serviceConf.getInt(SERVER_TYPE, _serverType));
setServerSSLEnable(
serviceConf.getBoolean(SERVER_SSL_ENABLE,
_serverSSLEnable));
setUserSearchBaseDN(
serviceConf.getString(USER_SEARCH_BASE_DN,
_userSearchBaseDN));
setUserMatchAttribute(
serviceConf.getString(USER_MATCH_ATTRIBUTE,
_userMatchAttribute));
setUserDNPrefix(serviceConf.getString(USER_DN_PREFIX));
setUserDNPostfix(serviceConf.getString(USER_DN_POSTFIX));
setUserDistinguishedNameAttribute(
serviceConf.getString(USER_DISTINGUISHED_NAME_ATTRIBUTE,
_userDistinguishedNameAttribute));
setUserFirstNameAttribute(
serviceConf.getString(USER_FIRST_NAME_ATTRIBUTE,
_userFirstNameAttribute));
setUserLastNameAttribute(
serviceConf.getString(USER_LAST_NAME_ATTRIBUTE,
_userLastNameAttribute));
setUserDisplayNameAttribute(
serviceConf.getString(USER_DISPLAY_NAME_ATTRIBUTE,
_userDisplayNameAttribute));
setUserEmailAttribute(
serviceConf.getString(USER_EMAIL_ATTRIBUTE,
_userEmailAttribute));
//this.runDataService
// = (JetspeedRunDataService) TurbineServices.getInstance()
// .getService(RunDataService.SERVICE_NAME);
setInit(true);
}
/**
* Sets the application user account DN *
*
[EMAIL PROTECTED] browseUserDN The new browseUserDN value
*/
protected void setBrowseUserDN(String browseUserDN) {
_browseUserDN = browseUserDN;
}
/**
* Sets the application user account password *
*
[EMAIL PROTECTED] browseUserPassword The new browseUserPassword value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setBrowseUserPassword(String browseUserPassword)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (browseUserPassword.length() < 1)) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_PASSWORD + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_DN + "is set.");
throw new IllegalArgumentException();
}
_browseUserPassword = browseUserPassword;
}
/**
* Sets whether or not the LDAP connection is SSL'ed *
*
[EMAIL PROTECTED] serverSSLEnable The new serverSSLEnable value
*/
protected void setServerSSLEnable(boolean serverSSLEnable) {
Boolean b = new Boolean(serverSSLEnable);
_serverSSLEnable = serverSSLEnable;
}
/**
* Sets the LDAP server port to connect to *
*
[EMAIL PROTECTED] port The new serverPort value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerPort(int port)
throws IllegalArgumentException {
// if the entered port is outside accepted
// port numbers, throw the exception
if (port > 65536 || port < 0) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_PORT
+ "value must be between 0 and 65536.");
throw new IllegalArgumentException();
} else {
_serverPort = port;
}
}
/**
* Sets the LDAP server Host to connect to *
*
[EMAIL PROTECTED] serverHost The new serverHost value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerHost(String serverHost)
throws IllegalArgumentException {
if (serverHost.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_HOST
+ "value must be set.");
throw new IllegalArgumentException();
}
_serverHost = serverHost;
}
/**
* Sets the LDAP server type *
*
[EMAIL PROTECTED] serverType The new serverType value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerType(int serverType)
throws IllegalArgumentException {
// if the entered server type is outside accepted
// range, throw the exception
if ((serverType < 0) || (serverType > 4)) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_TYPE
+ " value must be between 1 and 3.");
throw new IllegalArgumentException();
} else {
_serverType = serverType;
}
}
/**
* Sets the user search base DN *
*
[EMAIL PROTECTED] userSearchBaseDN The new userSearchBaseDN value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setUserSearchBaseDN(String userSearchBaseDN)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (userSearchBaseDN.length() < 1)) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_MATCH_ATTRIBUTE + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_SEARCH_BASE_DN + "is set.");
throw new IllegalArgumentException();
}
_userSearchBaseDN = userSearchBaseDN;
}
/**
* Sets the user match attribute value *
*
[EMAIL PROTECTED] userMatchAttribute The new userMatchAttribute value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setUserMatchAttribute(String userMatchAttribute)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (userMatchAttribute.length() < 1)) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_MATCH_ATTRIBUTE + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_DN + "is set.");
throw new IllegalArgumentException();
}
_userMatchAttribute = userMatchAttribute;
}
/**
* Sets the user DN prefix value *
*
[EMAIL PROTECTED] userDNPrefix The new userDNPrefix value
*/
protected void setUserDNPrefix(String userDNPrefix) {
if (userDNPrefix == null) {
userDNPrefix = "";
}
_userDNPrefix = userDNPrefix;
}
/**
* Sets the user DN prefix value *
*
[EMAIL PROTECTED] userDNPostfix The new userDNPostfix value
*/
protected void setUserDNPostfix(String userDNPostfix) {
if (userDNPostfix == null) {
userDNPostfix = "";
}
_userDNPostfix = userDNPostfix;
}
/**
* Sets the user distinguished name attribute value *
*
[EMAIL PROTECTED] userDistinguishedNameAttribute The new
userDistinguishedNameAttribute value
*/
protected void setUserDistinguishedNameAttribute(
String userDistinguishedNameAttribute)
throws IllegalArgumentException {
if (userDistinguishedNameAttribute.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_DISTINGUISHED_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userDistinguishedNameAttribute = userDistinguishedNameAttribute;
}
protected void setUserFirstNameAttribute(String userFirstNameAttribute)
throws IllegalArgumentException {
if (userFirstNameAttribute.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_FIRST_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userFirstNameAttribute = userFirstNameAttribute;
}
protected void setUserLastNameAttribute(String userLastNameAttribute)
throws IllegalArgumentException {
if (userLastNameAttribute.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_LAST_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userLastNameAttribute = userLastNameAttribute;
}
protected void setUserDisplayNameAttribute(String userDisplayNameAttribute)
throws IllegalArgumentException {
if (userDisplayNameAttribute.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_DISPLAY_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userDisplayNameAttribute = userDisplayNameAttribute;
}
protected void setUserEmailAttribute(String userEmailAttribute)
throws IllegalArgumentException {
if (userEmailAttribute.length() < 1) {
Log.error("LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_EMAIL_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userEmailAttribute = userEmailAttribute;
}
/**
* Find the user for a given username
*
[EMAIL PROTECTED] username The user submitted username
[EMAIL PROTECTED] The distinguished name String for the user
[EMAIL PROTECTED] NamingException Returned, if unable to bind.
*/
protected String findUserDN(String username)
throws NamingException {
String userDN = null;
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
env.put(Context.PROVIDER_URL, "ldap://"; + _serverHost + ":"
+ String.valueOf(_serverPort));
env.put("java.naming.ldap.version", String.valueOf(_serverType));
if (_serverSSLEnable) {
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, _browseUserDN);
env.put(Context.SECURITY_CREDENTIALS, _browseUserPassword);
InitialLdapContext ctx;
try {
Log.debug("LDAPAuthentication: Logging browse user"
+ " <" + _browseUserDN + "> into LDAP server, "
+ env);
ctx = new InitialLdapContext(env, null);
Log.debug("LDAPAuthentication: Logged browser user"
+ " <" + _browseUserDN + "> into LDAP server, "
+ ctx);
} catch (NamingException e) {
Log.error("LDAPAuthentication: Browse user <"
+ _browseUserDN
+ "> failed to connect to "
+ _serverHost
+ "; "
+ e.getMessage());
env.clear();
throw new NamingException();
}
// set up subtree scope
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
// only interested in distinguishedName attribute
String attrList[] = {"distinguishedName"};
constraints.setReturningAttributes(attrList);
constraints.setDerefLinkFlag(true);
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute(_userMatchAttribute, username));
String filter = "(" + _userMatchAttribute + "=" + username + ")";
Log.debug("LDAPAuthentication: Searching with filter = " + filter);
NamingEnumeration response
= ctx.search(_userSearchBaseDN, filter, constraints);
int numFound = 0;
// tromp through results. last match returned
if (response.hasMore()) {
SearchResult result = (SearchResult) response.next();
Attributes attributes = result.getAttributes();
if (attributes != null) {
Attribute dn = attributes.get("distinguishedName");
if (dn != null) {
userDN = (String) dn.get();
numFound++;
}
}
}
// close connection for browse user
ctx.close();
if (numFound > 1) {
Log.warn("LDAPAuthentication: Not an error, but we found "
+ numFound + " matches for "
+ username + ".");
env.clear();
throw new NamingException();
}
Log.debug("LDAPAuthentication: Returning user DN = <" + userDN + ">");
env.clear();
return (userDN);
}
/**
* Attempt to bind the user to verify password.
*
[EMAIL PROTECTED] dn The distinguished name to bind with.
[EMAIL PROTECTED] password The password to bind with.
[EMAIL PROTECTED] Returned, if unable to bind.
*/
protected boolean bindUser(String dn, String password) {
if (dn == null || password == null) {
return false;
}
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
env.put(Context.PROVIDER_URL, "ldap://"; + _serverHost + ":"
+ String.valueOf(_serverPort));
env.put("java.naming.ldap.version", String.valueOf(_serverType));
if (_serverSSLEnable) {
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
Log.debug("LDAPAuthentication: Logging <"
+ dn
+ "> into LDAP server, env = "
+ env);
DirContext ctx = new InitialDirContext(env);
ctx.close();
Log.debug("LDAPAuthentication: Logged <"
+ dn
+ "> into LDAP server");
} catch (NamingException ne) {
Log.error("LDAPAuthentication: <"
+ dn
+ "> failed to connect to "
+ _serverHost);
env.clear();
return (false);
}
return (true);
}
/**
* Returns the String value for the specified LDAP attribute ID.
*
[EMAIL PROTECTED] attributeID Ued for error reporting.
[EMAIL PROTECTED] attribute The Attribute of interest
[EMAIL PROTECTED] The String value of the attribute.
*/
protected String getAttributeString(String attributeID,
Attribute attribute) {
if (attribute != null) {
try {
if (attribute.get() != null) {
Log.debug("LDAPAuthentication: " + attribute.getID()
+ " = " + (String) attribute.get());
return ((String) attribute.get());
} else {
Log.debug("LDAPAuthentication: " + attribute.getID()
+ " = null, returning empty string.");
return ("EMPTY");
}
} catch (NamingException ne) {
Log.debug("LDAPAuthentication: Unable to access "
+ attribute.getID() + " attribute, returning"
+ " empty string.");
return ("EMPTY");
}
} else {
Log.debug("LDAPAuthentication: " + attributeID
+ " attribute does not exist for this user, returning"
+ " empty string.");
return ("EMPTY");
}
}
/**
* Bind the user, pull his LDAP attributes, and create his Jetspeed
* account data.
*
[EMAIL PROTECTED] username The Jetspeed username
[EMAIL PROTECTED] dn LDAP distinguished Name for this user
[EMAIL PROTECTED] password The LDAP password for this DN.
[EMAIL PROTECTED] The resulting created JetspeedUser for this user.
*/
protected JetspeedUser bindFirstTimeUser(String username,
String dn, String password) {
if (dn == null || password == null) {
return null;
}
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
env.put(Context.PROVIDER_URL, "ldap://"; + _serverHost + ":"
+ String.valueOf(_serverPort));
env.put("java.naming.ldap.version", String.valueOf(_serverType));
if (_serverSSLEnable) {
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
String email;
String displayName;
String firstName;
String lastName;
JetspeedUser jetspeedUser = null;
String confirmValue = null;
try {
Log.debug("LDAPAuthentication: Logging <"
+ dn
+ "> into LDAP server, env = "
+ env);
DirContext ctx = new InitialDirContext(env);
Log.debug("LDAPAuthentication: Logged <"
+ dn
+ "> into LDAP server");
// Generate a new JetspeedUser instance
jetspeedUser = JetspeedSecurity.getUserInstance();
String[] atrrIDs = new String[4];
atrrIDs[0] = _userFirstNameAttribute;
atrrIDs[1] = _userLastNameAttribute;
atrrIDs[2] = _userDisplayNameAttribute;
atrrIDs[3] = _userEmailAttribute;
Attributes attributes = null;
Log.debug("LDAPAuthentication: Pulling user attributes for <"
+ dn
+ "> from"
+ " LDAP server");
attributes = ctx.getAttributes(dn, atrrIDs);
jetspeedUser.setEmail(
getAttributeString(_userEmailAttribute,
attributes.get(_userEmailAttribute)));
jetspeedUser.setName(
getAttributeString(_userDisplayNameAttribute,
attributes.get(_userDisplayNameAttribute)));
jetspeedUser.setFirstName(
getAttributeString(_userFirstNameAttribute,
attributes.get(_userFirstNameAttribute)));
jetspeedUser.setLastName(
getAttributeString(_userLastNameAttribute,
attributes.get(_userLastNameAttribute)));
jetspeedUser.setConfirmed("CONFIRMED");
jetspeedUser.setDisabled(false);
jetspeedUser.setCreateDate(new Date());
jetspeedUser.setLastLogin(new Date());
jetspeedUser.setHasLoggedIn(new Boolean(true));
jetspeedUser.setAccessCounter(1);
jetspeedUser.setAccessCounterForSession(0);
jetspeedUser.setUserName(username);
//jetspeedUser.setPassword(password);
jetspeedUser.setPassword("N/A");
ctx.close();
env.clear();
JetspeedSecurity.addUser(jetspeedUser);
//jetspeedUser
// = JetspeedSecurity.getUser(new UserNamePrincipal(username));
putUserIntoContext(jetspeedUser);
if (_cachingEnable) {
JetspeedSecurityCache.load(username);
}
} catch(JetspeedSecurityException se) {
Log.error("Could not add a new LDAP Jetspeed user, "
+ se.getMessage());
return(null);
} catch(NamingException ne) {
Log.error("Could not add a new LDAP Jetspeed user, "
+ ne.getMessage());
return(null);
}
return (jetspeedUser);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
