Author: vkumar
Date: Wed Dec 10 08:20:41 2008
New Revision: 725322
URL: http://svn.apache.org/viewvc?rev=725322&view=rev
Log:
Fixing LdapAuthenticationProvider and adding user serach base for ldap
Modified:
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/impl/LdapAuthenticationProvider.java
Wed Dec 10 08:20:41 2008
@@ -34,6 +34,7 @@
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;
+import org.apache.jetspeed.security.mapping.ldap.util.DnUtils;
import org.apache.jetspeed.security.spi.JetspeedSecuritySynchronizer;
import org.apache.jetspeed.security.spi.UserPasswordCredentialManager;
import org.apache.jetspeed.security.spi.impl.ldap.LdapContextProxy;
@@ -75,13 +76,12 @@
{
if (userName == null)
{
- throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,userName));
+ throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName));
}
if (password == null)
{
throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
}
-
authenticated = authenticateUser(userName, password);
if (authenticated)
{
@@ -91,10 +91,12 @@
}
catch (SecurityException authEx)
{
- if(authEx.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid
Credentials]"))
+ if (authEx.getCause().getMessage().equalsIgnoreCase("[LDAP: error code 49 - Invalid
Credentials]"))
+ {
+ throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
+ }
+ else
{
- throw new SecurityException(SecurityException.INCORRECT_PASSWORD);
- }else{
throw authEx;
}
}
@@ -115,12 +117,10 @@
try
{
Hashtable env = context.getCtx().getEnvironment();
-
// String savedPassword = String.valueOf(getPassword(uid));
String oldCredential = (String) env.get(Context.SECURITY_CREDENTIALS);
String oldUsername = (String) env.get(Context.SECURITY_PRINCIPAL);
String dn = lookupByUid(userName);
-
if (dn == null)
{
throw new SecurityException(SecurityException.PRINCIPAL_DOES_NOT_EXIST.createScoped(JetspeedPrincipalType.USER,
userName));
@@ -129,7 +129,12 @@
// are/can be stored in a subtree (searchScope sub-tree)
// The looked up dn though is/should always be correct, just need to append the
root context.
if (!StringUtils.isEmpty(context.getRootContext()))
- dn += "," + context.getRootContext();
+ {
+ if (DnUtils.encodeDn(dn).indexOf(DnUtils.encodeDn(context.getRootContext()))
< 0)
+ {
+ dn += "," + DnUtils.encodeDn(context.getRootContext());
+ }
+ }
env.put(Context.SECURITY_PRINCIPAL, dn);
env.put(Context.SECURITY_CREDENTIALS, password);
new InitialContext(env);
@@ -140,11 +145,10 @@
catch (AuthenticationException aex)
{
throw new SecurityException(aex);
-
}
catch (NamingException nex)
{
- throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(),"authenticateUser",
nex.getMessage()));
+ throw new SecurityException(SecurityException.UNEXPECTED.create(getClass().getName(),
"authenticateUser", nex.getMessage()));
}
}
@@ -161,6 +165,7 @@
throw new SecurityException(e);
}
}
+
protected SearchControls setSearchControls()
{
SearchControls controls = new SearchControls();
@@ -185,8 +190,8 @@
// logger.debug("searchByWildCardedUid = " + query);
cons.setSearchScope(Integer.parseInt(context.getMemberShipSearchScope()));
// TODO: added this here for OpenLDAP (when users are stored in ou=People,o=evenSeas)
- String searchBase = StringUtils.replace(getSearchDomain(), "," + context.getRootContext(),
"");
- NamingEnumeration results = ((DirContext) context.getCtx()).search(searchBase, query,
cons);
+ // String searchBase = StringUtils.replace(getSearchDomain(), "," + context.getRootContext(),
"");
+ NamingEnumeration results = ((DirContext) context.getCtx()).search(getSearchDomain(),
query, cons);
return results;
}
@@ -218,6 +223,18 @@
private String getSearchDomain()
{
- return "";
+ StringBuffer searchDomain = new StringBuffer();
+ if (!StringUtils.isEmpty(context.getUserSearchBase()))
+ {
+ searchDomain.append(context.getUserSearchBase());
+ }
+ if (searchDomain.length() == 0)
+ {
+ if (!StringUtils.isEmpty(context.getRootContext()))
+ {
+ searchDomain.append(context.getRootContext());
+ }
+ }
+ return searchDomain.toString();
}
}
Modified: portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
(original)
+++ portals/jetspeed-2/portal/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ldap/LdapContextProxy.java
Wed Dec 10 08:20:41 2008
@@ -39,37 +39,38 @@
private Properties env;
private LdapContext ctx;
private LdapContextSource springContext;
- private String initialContextFactory;
+ private String initialContextFactory;
private String userFilter;
private String memberShipSearchScope;
-
-
- public LdapContextProxy(LdapContextSource context,String factory,String userFilter,String
memberShipSearchScope) {
- springContext = context;
+ private String userSearchBase;
+
+ public LdapContextProxy(LdapContextSource context, String factory, String userFilter,
String memberShipSearchScope,String userSearchBase)
+ {
+ springContext = context;
env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, factory);
- env.put(Context.PROVIDER_URL,springContext.getUrls()[0]+"/" + springContext.getBaseLdapPath());
+ env.put(Context.PROVIDER_URL, springContext.getUrls()[0]);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_CREDENTIALS, springContext.getAuthenticationSource().getCredentials());
env.put(Context.SECURITY_PRINCIPAL, springContext.getAuthenticationSource().getPrincipal());
-
this.initialContextFactory = factory;
this.userFilter = userFilter;
this.memberShipSearchScope = memberShipSearchScope;
+ this.userSearchBase = userSearchBase;
}
-
+
public LdapContext getCtx() throws NamingException
{
- if ( ctx == null )
+ if (ctx == null)
{
ctx = new InitialLdapContext(env, null);
}
return ctx;
}
-
+
private void closeCtx()
{
- if ( ctx != null )
+ if (ctx != null)
{
try
{
@@ -81,17 +82,16 @@
ctx = null;
}
}
+
/*
* (non-Javadoc)
- *
- * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object,
- * java.lang.reflect.Method, java.lang.Object[])
+ * @see java.lang.reflect.InvocationHandler#invoke(java.lang.Object, java.lang.reflect.Method,
java.lang.Object[])
*/
public synchronized Object invoke(Object proxy, Method m, Object[] args) throws Throwable
{
Object result = null;
boolean close = "close".equals(m.getName()) && args.length == 0;
- if ( close && ctx == null )
+ if (close && ctx == null)
{
// don't need to do anything
;
@@ -99,11 +99,10 @@
else
{
LdapContext ctx = getCtx();
-
try
{
- result = m.invoke(ctx,args);
- if ( close )
+ result = m.invoke(ctx, args);
+ if (close)
{
closeCtx();
}
@@ -111,26 +110,24 @@
catch (Throwable t)
{
closeCtx();
-
- if ( t instanceof InvocationTargetException)
+ if (t instanceof InvocationTargetException)
{
- t = ((InvocationTargetException)t).getTargetException();
+ t = ((InvocationTargetException) t).getTargetException();
}
if (t instanceof ServiceUnavailableException || t instanceof CommunicationException)
{
try
{
ctx = getCtx();
- result = m.invoke(ctx,args);
+ result = m.invoke(ctx, args);
}
catch (Throwable t2)
{
closeCtx();
- if ( t2 instanceof InvocationTargetException)
+ if (t2 instanceof InvocationTargetException)
{
- t2 = ((InvocationTargetException)t2).getTargetException();
+ t2 = ((InvocationTargetException) t2).getTargetException();
}
-
throw t2;
}
}
@@ -139,6 +136,7 @@
}
return result;
}
+
public String getInitialContextFactory()
{
return initialContextFactory;
@@ -148,14 +146,23 @@
{
return userFilter;
}
+
+ public String getUserSearchBase()
+ {
+ return this.userSearchBase;
+ }
public String getRootContext()
{
return springContext.getBaseLdapPathAsString();
+
+ }
+ public LdapContextSource getContextSource()
+ {
+ return this.springContext;
}
public String getMemberShipSearchScope()
{
return memberShipSearchScope;
}
-
}
Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-ldap.xml
Wed Dec 10 08:20:41 2008
@@ -106,7 +106,7 @@
<bean id="UserDaoConfiguration" class="org.apache.jetspeed.security.mapping.ldap.dao.LDAPEntityDAOConfiguration"
init-method="initialize">
<meta key="j2:cat" value="ldapSecurity" />
<property name="baseDN" value="${ldap.base}" />
- <property name="searchDN" value="" />
+ <property name="searchDN" value="${ldap.user.searchBase}" />
<property name="searchFilter">
<bean class="org.apache.jetspeed.security.mapping.ldap.filter.SimpleFilter">
<constructor-arg index="0" value="(objectClass=inetOrgPerson)" />
@@ -337,5 +337,8 @@
<constructor-arg index="3">
<value>${ldap.search.scope}</value>
</constructor-arg>
+ <constructor-arg index="4">
+ <value>${ldap.user.searchBase}</value>
+ </constructor-arg>
</bean>
</beans>
Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/assembly/security-providers.xml
Wed Dec 10 08:20:41 2008
@@ -22,7 +22,7 @@
<!-- Security: Default Authentication Provider -->
<bean id="org.apache.jetspeed.security.AuthenticationProvider"
class="org.apache.jetspeed.security.impl.DefaultAuthenticationProvider">
- <meta key="j2:cat" value="default,security" />
+ <meta key="j2:cat" value="dbSecurity" />
<constructor-arg index="0">
<value>DefaultAuthenticator</value>
</constructor-arg>
Modified: portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties?rev=725322&r1=725321&r2=725322&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
(original)
+++ portals/jetspeed-2/portal/trunk/jetspeed-portal-resources/src/main/resources/conf/jetspeed/jetspeed.properties
Wed Dec 10 08:20:41 2008
@@ -330,6 +330,7 @@
ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.user.filter = (objectclass=person)
ldap.search.scope = 2
+ldap.user.searchBase=
ldap.role.searchBase=ou=Roles,o=Jetspeed
ldap.group.searchBase=ou=Groups,o=Jetspeed
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
|