portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vku...@apache.org
Subject svn commit: r725322 - in /portals/jetspeed-2/portal/trunk: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/ components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/ jetspeed-portal-resources/sr...
Date Wed, 10 Dec 2008 16:20:43 GMT
Author: vkumar
Date: Wed Dec 10 08:20:41 2008
New Revision: 725322

URL: http://svn.apache.org/viewvc?rev=725322&view=rev
Log:
Fixing LdapAuthenticationProvider and adding user serach base for ldap

Modified:
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
    portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
    portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
Wed Dec 10 08:20:41 2008
@@ -34,6 +34,7 @@
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.User;
 import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.mapping.ldap.util.DnUtils;
 import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
 import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapContextProxy;
@@ -75,13 +76,12 @@
         {
             if (userName == null)
             {
-                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,userName));
+                throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName));
             }
             if (password == null)
             {
                 throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
             }
-
             authenticated = authenticateUser(userName, password);
             if (authenticated)
             {
@@ -91,10 +91,12 @@
         }
         catch (SecurityException authEx)
         {
-           if(authEx.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid
Credentials]"))
+            if (authEx.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid
Credentials]"))
+            {
+                throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
+            }
+            else
             {
-               throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
-            }else{
                 throw authEx;
             }
         }
@@ -115,12 +117,10 @@
         try
         {
             Hashtable env = context.getCtx().getEnvironment();
-            
             // String savedPassword = String.valueOf(getPassword(uid));
             String oldCredential = (String) env.get(Context.SECURITY_CREDENTIALS);
             String oldUsername = (String) env.get(Context.SECURITY_PRINCIPAL);
             String dn = lookupByUid(userName);
-            
             if (dn == null)
             {
                 throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName));
@@ -129,7 +129,12 @@
             // are/can be stored in a subtree (searchScope sub-tree)
             // The looked up dn though is/should always be correct, just need to append the
root context.
             if (!StringUtils.isEmpty(context.getRootContext()))
-                dn += "," + context.getRootContext();
+            {
+                if (DnUtils.encodeDn(dn).indexOf(DnUtils.encodeDn(context.getRootContext()))
< 0)
+                {
+                    dn += "," + DnUtils.encodeDn(context.getRootContext());
+                }
+            }
             env.put(Context.SECURITY_PRINCIPAL, dn);
             env.put(Context.SECURITY_CREDENTIALS, password);
             new InitialContext(env);
@@ -140,11 +145,10 @@
         catch (AuthenticationException aex)
         {
             throw new SecurityException(aex);
-
         }
         catch (NamingException nex)
         {
-            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(),"authenticateUser",
nex.getMessage()));
+            throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(),
"authenticateUser", nex.getMessage()));
         }
     }
 
@@ -161,6 +165,7 @@
             throw new SecurityException(e);
         }
     }
+
     protected SearchControls setSearchControls()
     {
         SearchControls controls = new SearchControls();
@@ -185,8 +190,8 @@
         // logger.debug("searchByWildCardedUid = " + query);
         cons.setSearchScope(Integer.parseInt(context.getMemberShipSearchScope()));
         // TODO: added this here for OpenLDAP (when users are stored in ou=People,o=evenSeas)
-        String searchBase = StringUtils.replace(getSearchDomain(), "," + context.getRootContext(),
"");
-        NamingEnumeration results = ((DirContext) context.getCtx()).search(searchBase, query,
cons);
+        // String searchBase = StringUtils.replace(getSearchDomain(), "," + context.getRootContext(),
"");
+        NamingEnumeration results = ((DirContext) context.getCtx()).search(getSearchDomain(),
query, cons);
         return results;
     }
 
@@ -218,6 +223,18 @@
 
     private String getSearchDomain()
     {
-        return "";
+        StringBuffer searchDomain = new StringBuffer();
+        if (!StringUtils.isEmpty(context.getUserSearchBase()))
+        {
+            searchDomain.append(context.getUserSearchBase());
+        }
+        if (searchDomain.length() == 0)
+        {
+            if (!StringUtils.isEmpty(context.getRootContext()))
+            {
+                searchDomain.append(context.getRootContext());
+            }
+        }
+        return searchDomain.toString();
     }
 }

Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
Wed Dec 10 08:20:41 2008
@@ -39,37 +39,38 @@
     private Properties env;
     private LdapContext ctx;
     private LdapContextSource springContext;
-    private String initialContextFactory;    
+    private String initialContextFactory;
     private String userFilter;
     private String memberShipSearchScope;
-    
-   
-    public LdapContextProxy(LdapContextSource context,String factory,String userFilter,String
memberShipSearchScope)    {
-        springContext = context; 
+    private String userSearchBase;
+
+    public LdapContextProxy(LdapContextSource context, String factory, String userFilter,
String memberShipSearchScope,String userSearchBase)
+    {
+        springContext = context;
         env = new Properties();
         env.put(Context.INITIAL_CONTEXT_FACTORY, factory);
-        env.put(Context.PROVIDER_URL,springContext.getUrls()[0]+"/" + springContext.getBaseLdapPath());
+        env.put(Context.PROVIDER_URL, springContext.getUrls()[0]);
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
         env.put(Context.SECURITY_CREDENTIALS, springContext.getAuthenticationSource().getCredentials());
         env.put(Context.SECURITY_PRINCIPAL, springContext.getAuthenticationSource().getPrincipal());
-        
         this.initialContextFactory = factory;
         this.userFilter = userFilter;
         this.memberShipSearchScope = memberShipSearchScope;
+        this.userSearchBase = userSearchBase;
     }
-    
+
     public LdapContext getCtx() throws NamingException
     {
-        if ( ctx == null )
+        if (ctx == null)
         {
             ctx = new InitialLdapContext(env, null);
         }
         return ctx;
     }
-    
+
     private void closeCtx()
     {
-        if ( ctx != null )
+        if (ctx != null)
         {
             try
             {
@@ -81,17 +82,16 @@
             ctx = null;
         }
     }
+
     /*
      * (non-Javadoc)
-     * 
-     * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object,
-     *      java.lang.reflect.Method, java.lang.Object[])
+     * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method,
java.lang.Object[])
      */
     public synchronized Object invoke(Object proxy, Method m, Object[] args) throws Throwable
     {
         Object result = null;
         boolean close = "close".equals(m.getName()) && args.length == 0;
-        if ( close && ctx == null )
+        if (close && ctx == null)
         {
             // don't need to do anything
             ;
@@ -99,11 +99,10 @@
         else
         {
             LdapContext ctx = getCtx();
-            
             try
             {
-                result = m.invoke(ctx,args);
-                if ( close )
+                result = m.invoke(ctx, args);
+                if (close)
                 {
                     closeCtx();
                 }
@@ -111,26 +110,24 @@
             catch (Throwable t)
             {
                 closeCtx();
-                
-                if ( t instanceof InvocationTargetException)
+                if (t instanceof InvocationTargetException)
                 {
-                    t = ((InvocationTargetException)t).getTargetException();
+                    t = ((InvocationTargetException) t).getTargetException();
                 }
                 if (t instanceof ServiceUnavailableException || t instanceof CommunicationException)
                 {
                     try
                     {
                         ctx = getCtx();
-                        result = m.invoke(ctx,args);
+                        result = m.invoke(ctx, args);
                     }
                     catch (Throwable t2)
                     {
                         closeCtx();
-                        if ( t2 instanceof InvocationTargetException)
+                        if (t2 instanceof InvocationTargetException)
                         {
-                            t2 = ((InvocationTargetException)t2).getTargetException();
+                            t2 = ((InvocationTargetException) t2).getTargetException();
                         }
-                        
                         throw t2;
                     }
                 }
@@ -139,6 +136,7 @@
         }
         return result;
     }
+
     public String getInitialContextFactory()
     {
         return initialContextFactory;
@@ -148,14 +146,23 @@
     {
         return userFilter;
     }
+    
+    public String getUserSearchBase()    
+    {
+        return this.userSearchBase;
+    }
 
     public String getRootContext()
     {
         return springContext.getBaseLdapPathAsString();
+        
+    }
+    public LdapContextSource getContextSource()
+    {
+        return this.springContext;
     }
     public String getMemberShipSearchScope()
     {
         return memberShipSearchScope;
     }
-
 }

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Wed Dec 10 08:20:41 2008
@@ -106,7 +106,7 @@
   <bean id="UserDaoConfiguration" class="org.apache.jetspeed.security.mapping.ldap.dao.LDAPEntityDAOConfiguration"
init-method="initialize">
     <meta key="j2:cat" value="ldapSecurity" />
     <property name="baseDN" value="${ldap.base}" />
-    <property name="searchDN" value="" />
+    <property name="searchDN" value="${ldap.user.searchBase}" />
     <property name="searchFilter">
       <bean class="org.apache.jetspeed.security.mapping.ldap.filter.SimpleFilter">
         <constructor-arg index="0" value="(objectClass=inetOrgPerson)" />
@@ -337,5 +337,8 @@
     <constructor-arg index="3">
        	<value>${ldap.search.scope}</value>
     </constructor-arg>
+    <constructor-arg index="4">
+       	<value>${ldap.user.searchBase}</value>
+    </constructor-arg>	    
   </bean>
 </beans>

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
Wed Dec 10 08:20:41 2008
@@ -22,7 +22,7 @@
   <!-- Security: Default Authentication Provider -->
   <bean id="org.apache.jetspeed.security.AuthenticationProvider"
     class="org.apache.jetspeed.security.impl.DefaultAuthenticationProvider">
-    <meta key="j2:cat" value="default,security" />
+    <meta key="j2:cat" value="dbSecurity" />
     <constructor-arg index="0">
       <value>DefaultAuthenticator</value>
     </constructor-arg>

Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Wed Dec 10 08:20:41 2008
@@ -330,6 +330,7 @@
 ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
 ldap.user.filter = (objectclass=person)
 ldap.search.scope = 2
+ldap.user.searchBase=
 ldap.role.searchBase=ou=Roles,o=Jetspeed
 ldap.group.searchBase=ou=Groups,o=Jetspeed
 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message