Hi Kurt. No, I don't have any documentation at the moment, but I can fix that. According to our IT operations department, this is an Active Directory 2000/LDAP server uddi v3 compliant. No modifications to the LDAP server where needed. But if you want to search for some juddi publisher group, I would imagine that it had to be created.
-Gunnlaugur On Sun, May 2, 2010 at 3:47 PM, Kurt T Stam <[email protected]> wrote: > Hi Gunnlaugur, > > Thanks for the example. We'd love to add it to the example codebase. Do you > have any documentation for this? Also which LDAP did you use this with and > did you have to add anything to the LDAP server to make it work? > > Thx! > > --Kurt > > Gunnlaugur Sigurðsson wrote: > >> Hi Jeff. >> >> Here is an example one can use to authenticate against LDAP. You might >> want to use this as an option for jUDDI users. >> >> +++++++++++++++++++++++++++++++++++++++++++++++++++ >> package org.apache.juddi.v3.auth; >> >> import javax.naming.ldap.Control; >> >> public class LdapFastBindConnectionControl implements Control { >> >> private static final long serialVersionUID = 7847083714026112317L; >> >> public byte[] getEncodedValue() { >> return null; >> } >> >> public String getID() { >> return "1.2.840.113556.1.4.1781"; >> } >> >> public boolean isCritical() { >> return true; >> } >> >> } >> >> +++++++++++++++++++++++++++++++++++++++++++++++++++ >> >> import java.util.Hashtable; >> >> import javax.naming.Context; >> import javax.naming.NamingEnumeration; >> import javax.naming.NamingException; >> import javax.naming.directory.Attribute; >> import javax.naming.directory.Attributes; >> import javax.naming.directory.SearchControls; >> import javax.naming.directory.SearchResult; >> import javax.naming.ldap.Control; >> import javax.naming.ldap.InitialLdapContext; >> import javax.naming.ldap.LdapContext; >> import javax.persistence.EntityManager; >> import javax.persistence.EntityTransaction; >> >> import org.apache.juddi.config.PersistenceManager; >> import org.apache.juddi.model.Publisher; >> import org.apache.juddi.model.UddiEntityPublisher; >> import org.apache.juddi.v3.error.AuthenticationException; >> import org.apache.juddi.v3.error.ErrorMessage; >> import org.apache.juddi.v3.error.FatalErrorException; >> import org.apache.juddi.v3.error.UnknownUserException; >> import org.apache.log4j.Logger; >> >> public class LdapFastBindAuthenticator implements Authenticator { >> >> private Logger log = Logger.getLogger(this.getClass()); >> >> private Hashtable<String, String> env = null; >> private LdapContext ctx = null; >> private Control[] connCtls = null; >> >> public LdapFastBindAuthenticator(String url) throws NamingException { >> env = new Hashtable<String, String>(); >> env.put(Context.INITIAL_CONTEXT_FACTORY, >> "com.sun.jndi.ldap.LdapCtxFactory"); >> env.put(Context.SECURITY_AUTHENTICATION, "simple"); >> env.put(Context.PROVIDER_URL, url); // organization ldap url, >> example ldap://localhost:389 >> >> connCtls = new Control[] { new LdapFastBindConnectionControl() }; >> >> try { >> ctx = new InitialLdapContext(env, connCtls); >> } catch (NamingException e) { >> log.error("Naming exception " + e); >> throw e; >> } >> } >> >> public String authenticate(String authorizedName, String cred) >> throws AuthenticationException, FatalErrorException { >> if (authorizedName == null || "".equals(authorizedName)) { >> throw new UnknownUserException(new >> ErrorMessage("errors.auth.NoPublisher", authorizedName)); >> } >> >> boolean isLdapUser = false; >> try { >> ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, >> authorizedName); >> ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, cred); >> ctx.reconnect(connCtls); >> log.info <http://log.info>(authorizedName + " is >> authenticated"); >> >> /* if we don't want search ldap any further we set >> isLdap as true, and skip the code between START HERE and END HERE */ >> /* Here is possible to make some more extensive >> search in ldap to see if the user is part of some group only allowed to >> access the registry. */ >> /* START HERE */ >> //Create the search controls >> SearchControls searchCtls = new SearchControls(); >> //Specify the search scope >> searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE); >> //specify the LDAP search filter >> String searchFilter = "(&(objectClass=user)(mail= >> [email protected] <mailto:[email protected]>)(department=foo))"; >> >> >> //Specify the Base for the search >> String searchBase = "DC=domain,DC=com"; >> >> //initialize counter to total the group members >> int totalResults = 0; >> >> //Specify the attributes to return >> String returnedAtts[]={"memberOf"}; >> searchCtls.setReturningAttributes(returnedAtts); >> >> //Search for objects using the filter >> NamingEnumeration<?> answer = ctx.search(searchBase, >> searchFilter, searchCtls); >> //Loop through the search results >> while (answer.hasMoreElements()) { >> SearchResult sr = (SearchResult)answer.next(); >> //Print out the groups >> Attributes attrs = sr.getAttributes(); >> if (attrs != null) { >> try { >> for (NamingEnumeration<?> ae = >> attrs.getAll();ae.hasMore();) { >> Attribute attr = (Attribute)ae.next(); >> for (NamingEnumeration<?> e = >> attr.getAll();e.hasMore();totalResults++) { >> //System.out.println(" " + totalResults + >> ". " + e.next()); >> >> String tmp = e.next().toString(); >> if >> (tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com")) { >> System.out.println(true); >> System.out.println("Authentication >> Success!"); >> isLdapUser = true; >> break; >> } else if >> (tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com")) { >> System.out.println(true); >> System.out.println("Authentication >> Success!"); >> isLdapUser = true; >> break; >> } else { >> continue; >> } >> } >> } >> } catch (NamingException e) { >> throw new UnknownUserException(new >> ErrorMessage("errors.auth.NoPublisher", authorizedName)); >> } >> } >> } >> /* END HERE */ >> } catch (NamingException e) { >> log.error(authorizedName + " is not authenticated"); >> throw new UnknownUserException(new >> ErrorMessage("errors.auth.NoPublisher", authorizedName)); >> } finally { >> try { >> ctx.close(); >> } catch (NamingException e) { >> log.error("Context close failure " + e); >> } >> } >> >> if (isLdapUser) { >> EntityManager em = PersistenceManager.getEntityManager(); >> EntityTransaction tx = em.getTransaction(); >> try { >> tx.begin(); >> Publisher publisher = em.find(Publisher.class, >> authorizedName); >> if (publisher == null) { >> log.warn("Publisher was not found, adding the publisher >> in on the fly."); >> publisher = new Publisher(); >> publisher.setAuthorizedName(authorizedName); >> publisher.setIsAdmin("false"); >> publisher.setIsEnabled("true"); >> publisher.setMaxBindingsPerService(199); >> publisher.setMaxBusinesses(100); >> publisher.setMaxServicesPerBusiness(100); >> publisher.setMaxTmodels(100); >> publisher.setPublisherName("Unknown"); >> em.persist(publisher); >> tx.commit(); >> } >> } finally { >> if (tx.isActive()) { >> tx.rollback(); >> } >> em.close(); >> } >> } else { >> throw new UnknownUserException(new >> ErrorMessage("errors.auth.NoPublisher", authorizedName)); >> } >> return authorizedName; >> } >> >> public UddiEntityPublisher identify(String authInfo, String >> authorizedName) throws AuthenticationException, FatalErrorException { >> EntityManager em = PersistenceManager.getEntityManager(); >> EntityTransaction tx = em.getTransaction(); >> try { >> tx.begin(); >> Publisher publisher = em.find(Publisher.class, authorizedName); >> if (publisher == null) >> throw new UnknownUserException(new >> ErrorMessage("errors.auth.NoPublisher", authorizedName)); >> return publisher; >> } finally { >> if (tx.isActive()) { >> tx.rollback(); >> } >> em.close(); >> } >> } >> } >> >> +++++++++++++++++++++++++++++++++++++++++++++++++++ >> >> >> Thanks. >> >> -Gunnlaugur >> >> >> >> >> >> On Wed, Apr 28, 2010 at 5:32 PM, Jeff Faath <[email protected] <mailto: >> [email protected]>> wrote: >> >> Is this a compiler error or a runtime error? Maybe if you tried >> to implement something in those methods where an exception was >> actually thrown? >> >> >> *From:* Gunnlaugur Sigurðsson [mailto:[email protected] >> <mailto:[email protected]>] >> *Sent:* Wednesday, April 28, 2010 10:05 AM >> >> *To:* [email protected] <mailto:[email protected]> >> >> *Subject:* Re: Authenticator implementation >> >> >> Hi Jeff. >> >> I have a project I created in eclipse where I have the core juddi >> jar on the jave build path. >> Is there a better way for me to create the authenticator, than in >> my own project? Like within the juddi code bundle and build it there? >> >> Thanks. >> >> -Gunnlaugur >> >> >> >> On Wed, Apr 28, 2010 at 2:51 PM, Jeff Faath <[email protected] >> <mailto:[email protected]>> wrote: >> >> Gunnlaugur, >> >> >> That error seems to be something to do with the environment. Is >> the core jUDDI jar in the classpath where the authenticator is >> being executed? >> >> >> -Jeff >> >> >> *From:* Gunnlaugur Sigurðsson [mailto:[email protected] >> <mailto:[email protected]>] >> *Sent:* Wednesday, April 28, 2010 5:12 AM >> *To:* [email protected] <mailto:[email protected]> >> >> *Subject:* Authenticator implementation >> >> >> Hello. >> >> I'm implementing the Authenticator interface to authenticate users >> against Active Directory in my workplace. >> >> But I keep getting errors on the exceptions classes thrown by >> authenticate and identify functions. >> >> The following error comes up. >> No exception of type AuthenticationException can be thrown; an >> exception type must be a subclass of Throwable >> >> Same error occurs whit the FatalErrorException class. >> >> >> Here is my unimplemented JUDDIActiveDirectoryAuthhenticaton class. >> >> public class JUDDIActiveDirectoryAuthhenticaton implements >> Authenticator { >> >> public String authenticate(String arg0, String arg1) throws >> AuthenticationException, FatalErrorException { >> // TODO Auto-generated method stub >> return null; >> } >> >> public UddiEntityPublisher identify(String arg0, String arg1) >> throws AuthenticationException, FatalErrorException { >> >> // TODO Auto-generated method stub >> return null; >> } >> } >> >> Any idea why I get this error? >> >> Thanks. >> >> -- >> Kveðja/Regards >> Gunnlaugur Sigurðsson >> [email protected] <mailto:[email protected]> >> >> Mobile: (+354) 896-7963 >> Home: (+354) 565-5229 >> >> >> >> >> -- >> Kveðja/Regards >> Gunnlaugur Sigurðsson >> [email protected] <mailto:[email protected]> >> >> Mobile: (+354) 896-7963 >> Home: (+354) 565-5229 >> >> >> >> >> -- >> >> Kveðja/Regards >> Gunnlaugur Sigurðsson >> [email protected] <mailto:[email protected]> >> >> Mobile: (+354) 896-7963 >> Home: (+354) 565-5229 >> > > -- Kveðja/Regards Gunnlaugur Sigurðsson [email protected] Mobile: (+354) 896-7963 Home: (+354) 565-5229
