According to our IT operations department, this is an Active Directory
2000/LDAP server uddi v3 compliant.
No modifications to the LDAP server where needed. But if you want to
search for some juddi publisher group, I would imagine that it had to
be created.
-Gunnlaugur
On Sun, May 2, 2010 at 3:47 PM, Kurt T Stam <[email protected]
<mailto:[email protected]>> wrote:
Hi Gunnlaugur,
Thanks for the example. We'd love to add it to the example
codebase. Do you have any documentation for this? Also which LDAP
did you use this with and did you have to add anything to the LDAP
server to make it work?
Thx!
--Kurt
Gunnlaugur Sigurðsson wrote:
Hi Jeff.
Here is an example one can use to authenticate against LDAP.
You might want to use this as an option for jUDDI users.
+++++++++++++++++++++++++++++++++++++++++++++++++++
package org.apache.juddi.v3.auth;
import javax.naming.ldap.Control;
public class LdapFastBindConnectionControl implements Control {
private static final long serialVersionUID =
7847083714026112317L;
public byte[] getEncodedValue() {
return null;
}
public String getID() {
return "1.2.840.113556.1.4.1781";
}
public boolean isCritical() {
return true;
}
}
+++++++++++++++++++++++++++++++++++++++++++++++++++
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
import org.apache.juddi.config.PersistenceManager;
import org.apache.juddi.model.Publisher;
import org.apache.juddi.model.UddiEntityPublisher;
import org.apache.juddi.v3.error.AuthenticationException;
import org.apache.juddi.v3.error.ErrorMessage;
import org.apache.juddi.v3.error.FatalErrorException;
import org.apache.juddi.v3.error.UnknownUserException;
import org.apache.log4j.Logger;
public class LdapFastBindAuthenticator implements Authenticator {
private Logger log = Logger.getLogger(this.getClass());
private Hashtable<String, String> env = null;
private LdapContext ctx = null;
private Control[] connCtls = null;
public LdapFastBindAuthenticator(String url) throws
NamingException {
env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.PROVIDER_URL, url); // organization
ldap url, example ldap://localhost:389
connCtls = new Control[] { new
LdapFastBindConnectionControl() };
try {
ctx = new InitialLdapContext(env, connCtls);
} catch (NamingException e) {
log.error("Naming exception " + e);
throw e;
}
}
public String authenticate(String authorizedName, String cred)
throws AuthenticationException, FatalErrorException {
if (authorizedName == null || "".equals(authorizedName)) {
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
}
boolean isLdapUser = false;
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,
authorizedName);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,
cred);
ctx.reconnect(connCtls);
log.info <http://log.info>
<http://log.info>(authorizedName + " is authenticated");
/* if we don't want search ldap any
further we set isLdap as true, and skip the code between START
HERE and END HERE */
/* Here is possible to make some more
extensive search in ldap to see if the user is part of some
group only allowed to access the registry. */
/* START HERE */
//Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter =
"(&(objectClass=user)([email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>)(department=foo))";
//Specify the Base for the search
String searchBase = "DC=domain,DC=com";
//initialize counter to total the group members
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"memberOf"};
searchCtls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration<?> answer =
ctx.search(searchBase, searchFilter, searchCtls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
//Print out the groups
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration<?> ae =
attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
for (NamingEnumeration<?> e =
attr.getAll();e.hasMore();totalResults++) {
//System.out.println(" " +
totalResults + ". " + e.next());
String tmp = e.next().toString();
if
(tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com"))
{
System.out.println(true);
System.out.println("Authentication Success!");
isLdapUser = true;
break;
} else if
(tmp.equalsIgnoreCase("CN=Foo,OU=Bar,OU=Bleh,OU=Doh,DC=domain,DC=com"))
{
System.out.println(true);
System.out.println("Authentication Success!");
isLdapUser = true;
break;
} else {
continue;
}
}
}
} catch (NamingException e) {
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
}
}
}
/* END HERE */
} catch (NamingException e) {
log.error(authorizedName + " is not authenticated");
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
} finally {
try {
ctx.close();
} catch (NamingException e) {
log.error("Context close failure " + e);
}
}
if (isLdapUser) {
EntityManager em =
PersistenceManager.getEntityManager();
EntityTransaction tx = em.getTransaction();
try {
tx.begin();
Publisher publisher = em.find(Publisher.class,
authorizedName);
if (publisher == null) {
log.warn("Publisher was not found, adding
the publisher in on the fly.");
publisher = new Publisher();
publisher.setAuthorizedName(authorizedName);
publisher.setIsAdmin("false");
publisher.setIsEnabled("true");
publisher.setMaxBindingsPerService(199);
publisher.setMaxBusinesses(100);
publisher.setMaxServicesPerBusiness(100);
publisher.setMaxTmodels(100);
publisher.setPublisherName("Unknown");
em.persist(publisher);
tx.commit();
}
} finally {
if (tx.isActive()) {
tx.rollback();
}
em.close();
}
} else {
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
}
return authorizedName;
}
public UddiEntityPublisher identify(String authInfo, String
authorizedName) throws AuthenticationException,
FatalErrorException {
EntityManager em = PersistenceManager.getEntityManager();
EntityTransaction tx = em.getTransaction();
try {
tx.begin();
Publisher publisher = em.find(Publisher.class,
authorizedName);
if (publisher == null)
throw new UnknownUserException(new
ErrorMessage("errors.auth.NoPublisher", authorizedName));
return publisher;
} finally {
if (tx.isActive()) {
tx.rollback();
}
em.close();
}
}
}
+++++++++++++++++++++++++++++++++++++++++++++++++++
Thanks.
-Gunnlaugur
On Wed, Apr 28, 2010 at 5:32 PM, Jeff Faath <[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>> wrote:
Is this a compiler error or a runtime error? Maybe if you
tried
to implement something in those methods where an exception was
actually thrown?
*From:* Gunnlaugur Sigurðsson
[mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>]
*Sent:* Wednesday, April 28, 2010 10:05 AM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* Re: Authenticator implementation
Hi Jeff.
I have a project I created in eclipse where I have the core
juddi
jar on the jave build path.
Is there a better way for me to create the authenticator,
than in
my own project? Like within the juddi code bundle and build
it there?
Thanks.
-Gunnlaugur
On Wed, Apr 28, 2010 at 2:51 PM, Jeff Faath
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Gunnlaugur,
That error seems to be something to do with the
environment. Is
the core jUDDI jar in the classpath where the authenticator is
being executed?
-Jeff
*From:* Gunnlaugur Sigurðsson
[mailto:[email protected] <mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>]
*Sent:* Wednesday, April 28, 2010 5:12 AM
*To:* [email protected]
<mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>
*Subject:* Authenticator implementation
Hello.
I'm implementing the Authenticator interface to
authenticate users
against Active Directory in my workplace.
But I keep getting errors on the exceptions classes thrown by
authenticate and identify functions.
The following error comes up.
No exception of type AuthenticationException can be thrown; an
exception type must be a subclass of Throwable
Same error occurs whit the FatalErrorException class.
Here is my unimplemented JUDDIActiveDirectoryAuthhenticaton
class.
public class JUDDIActiveDirectoryAuthhenticaton implements
Authenticator {
public String authenticate(String arg0, String arg1) throws
AuthenticationException, FatalErrorException {
// TODO Auto-generated method stub
return null;
}
public UddiEntityPublisher identify(String arg0, String
arg1)
throws AuthenticationException, FatalErrorException {
// TODO Auto-generated method stub
return null;
}
}
Any idea why I get this error?
Thanks.
--
Kveðja/Regards
Gunnlaugur Sigurðsson
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
Mobile: (+354) 896-7963
Home: (+354) 565-5229
--
Kveðja/Regards
Gunnlaugur Sigurðsson
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
Mobile: (+354) 896-7963
Home: (+354) 565-5229
--
Kveðja/Regards
Gunnlaugur Sigurðsson
[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
Mobile: (+354) 896-7963
Home: (+354) 565-5229
--
Kveðja/Regards
Gunnlaugur Sigurðsson
[email protected] <mailto:[email protected]>
Mobile: (+354) 896-7963
Home: (+354) 565-5229
